Home Explore Help
Sign In
shanpin
/
chat-server
Watch 3
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bf846a7082
Branches Tags
chat-server
/
qq-imsvr
/
node_modules
/
http-signature
/
lib
/
util.js

util.js 6.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305 
  1. // Copyright 2012 Joyent, Inc.  All rights reserved.
    2. 

  2. 

  3. var assert = require('assert-plus');
    4. 

  4. var crypto = require('crypto');
    5. 

  5. 

  6. var asn1 = require('asn1');
    7. 

  7. var ctype = require('ctype');
    8. 

  8. 

  9. 

  10. 

  11. ///--- Helpers
    12. 

  12. 

  13. function readNext(buffer, offset) {
    14. 

  14.   var len = ctype.ruint32(buffer, 'big', offset);
    15. 

  15.   offset += 4;
    16. 

  16. 

  17.   var newOffset = offset + len;
    18. 

  18. 

  19.   return {
    20. 

  20.     data: buffer.slice(offset, newOffset),
    21. 

  21.     offset: newOffset
    22. 

  22.   };
    23. 

  23. }
    24. 

  24. 

  25. 

  26. function writeInt(writer, buffer) {
    27. 

  27.   writer.writeByte(0x02); // ASN1.Integer
    28. 

  28.   writer.writeLength(buffer.length);
    29. 

  29. 

  30.   for (var i = 0; i < buffer.length; i++)
    31. 

  31.     writer.writeByte(buffer[i]);
    32. 

  32. 

  33.   return writer;
    34. 

  34. }
    35. 

  35. 

  36. 

  37. function rsaToPEM(key) {
    38. 

  38.   var buffer;
    39. 

  39.   var der;
    40. 

  40.   var exponent;
    41. 

  41.   var i;
    42. 

  42.   var modulus;
    43. 

  43.   var newKey = '';
    44. 

  44.   var offset = 0;
    45. 

  45.   var type;
    46. 

  46.   var tmp;
    47. 

  47. 

  48.   try {
    49. 

  49.     buffer = new Buffer(key.split(' ')[1], 'base64');
    50. 

  50. 

  51.     tmp = readNext(buffer, offset);
    52. 

  52.     type = tmp.data.toString();
    53. 

  53.     offset = tmp.offset;
    54. 

  54. 

  55.     if (type !== 'ssh-rsa')
    56. 

  56.       throw new Error('Invalid ssh key type: ' + type);
    57. 

  57. 

  58.     tmp = readNext(buffer, offset);
    59. 

  59.     exponent = tmp.data;
    60. 

  60.     offset = tmp.offset;
    61. 

  61. 

  62.     tmp = readNext(buffer, offset);
    63. 

  63.     modulus = tmp.data;
    64. 

  64.   } catch (e) {
    65. 

  65.     throw new Error('Invalid ssh key: ' + key);
    66. 

  66.   }
    67. 

  67. 

  68.   // DER is a subset of BER
    69. 

  69.   der = new asn1.BerWriter();
    70. 

  70. 

  71.   der.startSequence();
    72. 

  72. 

  73.   der.startSequence();
    74. 

  74.   der.writeOID('1.2.840.113549.1.1.1');
    75. 

  75.   der.writeNull();
    76. 

  76.   der.endSequence();
    77. 

  77. 

  78.   der.startSequence(0x03); // bit string
    79. 

  79.   der.writeByte(0x00);
    80. 

  80. 

  81.   // Actual key
    82. 

  82.   der.startSequence();
    83. 

  83.   writeInt(der, modulus);
    84. 

  84.   writeInt(der, exponent);
    85. 

  85.   der.endSequence();
    86. 

  86. 

  87.   // bit string
    88. 

  88.   der.endSequence();
    89. 

  89. 

  90.   der.endSequence();
    91. 

  91. 

  92.   tmp = der.buffer.toString('base64');
    93. 

  93.   for (i = 0; i < tmp.length; i++) {
    94. 

  94.     if ((i % 64) === 0)
    95. 

  95.       newKey += '\n';
    96. 

  96.     newKey += tmp.charAt(i);
    97. 

  97.   }
    98. 

  98. 

  99.   if (!/\\n$/.test(newKey))
    100. 

  100.     newKey += '\n';
    101. 

  101. 

  102.   return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
    103. 

  103. }
    104. 

  104. 

  105. 

  106. function dsaToPEM(key) {
    107. 

  107.   var buffer;
    108. 

  108.   var offset = 0;
    109. 

  109.   var tmp;
    110. 

  110.   var der;
    111. 

  111.   var newKey = '';
    112. 

  112. 

  113.   var type;
    114. 

  114.   var p;
    115. 

  115.   var q;
    116. 

  116.   var g;
    117. 

  117.   var y;
    118. 

  118. 

  119.   try {
    120. 

  120.     buffer = new Buffer(key.split(' ')[1], 'base64');
    121. 

  121. 

  122.     tmp = readNext(buffer, offset);
    123. 

  123.     type = tmp.data.toString();
    124. 

  124.     offset = tmp.offset;
    125. 

  125. 

  126.     /* JSSTYLED */
    127. 

  127.     if (!/^ssh-ds[as].*/.test(type))
    128. 

  128.       throw new Error('Invalid ssh key type: ' + type);
    129. 

  129. 

  130.     tmp = readNext(buffer, offset);
    131. 

  131.     p = tmp.data;
    132. 

  132.     offset = tmp.offset;
    133. 

  133. 

  134.     tmp = readNext(buffer, offset);
    135. 

  135.     q = tmp.data;
    136. 

  136.     offset = tmp.offset;
    137. 

  137. 

  138.     tmp = readNext(buffer, offset);
    139. 

  139.     g = tmp.data;
    140. 

  140.     offset = tmp.offset;
    141. 

  141. 

  142.     tmp = readNext(buffer, offset);
    143. 

  143.     y = tmp.data;
    144. 

  144.   } catch (e) {
    145. 

  145.     console.log(e.stack);
    146. 

  146.     throw new Error('Invalid ssh key: ' + key);
    147. 

  147.   }
    148. 

  148. 

  149.   // DER is a subset of BER
    150. 

  150.   der = new asn1.BerWriter();
    151. 

  151. 

  152.   der.startSequence();
    153. 

  153. 

  154.   der.startSequence();
    155. 

  155.   der.writeOID('1.2.840.10040.4.1');
    156. 

  156. 

  157.   der.startSequence();
    158. 

  158.   writeInt(der, p);
    159. 

  159.   writeInt(der, q);
    160. 

  160.   writeInt(der, g);
    161. 

  161.   der.endSequence();
    162. 

  162. 

  163.   der.endSequence();
    164. 

  164. 

  165.   der.startSequence(0x03); // bit string
    166. 

  166.   der.writeByte(0x00);
    167. 

  167.   writeInt(der, y);
    168. 

  168.   der.endSequence();
    169. 

  169. 

  170.   der.endSequence();
    171. 

  171. 

  172.   tmp = der.buffer.toString('base64');
    173. 

  173.   for (var i = 0; i < tmp.length; i++) {
    174. 

  174.     if ((i % 64) === 0)
    175. 

  175.       newKey += '\n';
    176. 

  176.     newKey += tmp.charAt(i);
    177. 

  177.   }
    178. 

  178. 

  179.   if (!/\\n$/.test(newKey))
    180. 

  180.     newKey += '\n';
    181. 

  181. 

  182.   return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
    183. 

  183. }
    184. 

  184. 

  185. 

  186. ///--- API
    187. 

  187. 

  188. module.exports = {
    189. 

  189. 

  190.   /**
    191. 

  191.    * Converts an OpenSSH public key (rsa only) to a PKCS#8 PEM file.
    192. 

  192.    *
    193. 

  193.    * The intent of this module is to interoperate with OpenSSL only,
    194. 

  194.    * specifically the node crypto module's `verify` method.
    195. 

  195.    *
    196. 

  196.    * @param {String} key an OpenSSH public key.
    197. 

  197.    * @return {String} PEM encoded form of the RSA public key.
    198. 

  198.    * @throws {TypeError} on bad input.
    199. 

  199.    * @throws {Error} on invalid ssh key formatted data.
    200. 

  200.    */
    201. 

  201.   sshKeyToPEM: function sshKeyToPEM(key) {
    202. 

  202.     assert.string(key, 'ssh_key');
    203. 

  203. 

  204.     /* JSSTYLED */
    205. 

  205.     if (/^ssh-rsa.*/.test(key))
    206. 

  206.       return rsaToPEM(key);
    207. 

  207. 

  208.     /* JSSTYLED */
    209. 

  209.     if (/^ssh-ds[as].*/.test(key))
    210. 

  210.       return dsaToPEM(key);
    211. 

  211. 

  212.     throw new Error('Only RSA and DSA public keys are allowed');
    213. 

  213.   },
    214. 

  214. 

  215. 

  216.   /**
    217. 

  217.    * Generates an OpenSSH fingerprint from an ssh public key.
    218. 

  218.    *
    219. 

  219.    * @param {String} key an OpenSSH public key.
    220. 

  220.    * @return {String} key fingerprint.
    221. 

  221.    * @throws {TypeError} on bad input.
    222. 

  222.    * @throws {Error} if what you passed doesn't look like an ssh public key.
    223. 

  223.    */
    224. 

  224.   fingerprint: function fingerprint(key) {
    225. 

  225.     assert.string(key, 'ssh_key');
    226. 

  226. 

  227.     var pieces = key.split(' ');
    228. 

  228.     if (!pieces || !pieces.length || pieces.length < 2)
    229. 

  229.       throw new Error('invalid ssh key');
    230. 

  230. 

  231.     var data = new Buffer(pieces[1], 'base64');
    232. 

  232. 

  233.     var hash = crypto.createHash('md5');
    234. 

  234.     hash.update(data);
    235. 

  235.     var digest = hash.digest('hex');
    236. 

  236. 

  237.     var fp = '';
    238. 

  238.     for (var i = 0; i < digest.length; i++) {
    239. 

  239.       if (i && i % 2 === 0)
    240. 

  240.         fp += ':';
    241. 

  241. 

  242.       fp += digest[i];
    243. 

  243.     }
    244. 

  244. 

  245.     return fp;
    246. 

  246.   },
    247. 

  247. 

  248.   /**
    249. 

  249.   * Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
    250. 

  250.   *
    251. 

  251.   * The reverse of the above function.
    252. 

  252.   */
    253. 

  253.   pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
    254. 

  254.     assert.equal('string', typeof pem, 'typeof pem');
    255. 

  255. 

  256.     // chop off the BEGIN PUBLIC KEY and END PUBLIC KEY portion
    257. 

  257.     var cleaned = pem.split('\n').slice(1, -2).join('');
    258. 

  258. 

  259.     var buf = new Buffer(cleaned, 'base64');
    260. 

  260. 

  261.     var der = new asn1.BerReader(buf);
    262. 

  262. 

  263.     der.readSequence();
    264. 

  264.     der.readSequence();
    265. 

  265. 

  266.     var oid = der.readOID();
    267. 

  267.     assert.equal(oid, '1.2.840.113549.1.1.1', 'pem not in RSA format');
    268. 

  268. 

  269.     // Null -- XXX this probably isn't good practice
    270. 

  270.     der.readByte();
    271. 

  271.     der.readByte();
    272. 

  272. 

  273.     // bit string sequence
    274. 

  274.     der.readSequence(0x03);
    275. 

  275.     der.readByte();
    276. 

  276.     der.readSequence();
    277. 

  277. 

  278.     // modulus
    279. 

  279.     assert.equal(der.peek(), asn1.Ber.Integer, 'modulus not an integer');
    280. 

  280.     der._offset = der.readLength(der.offset + 1);
    281. 

  281.     var modulus = der._buf.slice(der.offset, der.offset + der.length);
    282. 

  282.     der._offset += der.length;
    283. 

  283. 

  284.     // exponent
    285. 

  285.     assert.equal(der.peek(), asn1.Ber.Integer, 'exponent not an integer');
    286. 

  286.     der._offset = der.readLength(der.offset + 1);
    287. 

  287.     var exponent = der._buf.slice(der.offset, der.offset + der.length);
    288. 

  288.     der._offset += der.length;
    289. 

  289. 

  290.     // now, make the key
    291. 

  291.     var type = new Buffer('ssh-rsa');
    292. 

  292.     var buffer = new Buffer(4 + type.length + 4 + modulus.length + 4 + exponent.length);
    293. 

  293.     var i = 0;
    294. 

  294.     buffer.writeUInt32BE(type.length, i);     i += 4;
    295. 

  295.     type.copy(buffer, i);                     i += type.length;
    296. 

  296.     buffer.writeUInt32BE(exponent.length, i); i += 4;
    297. 

  297.     exponent.copy(buffer, i);                 i += exponent.length;
    298. 

  298.     buffer.writeUInt32BE(modulus.length, i);  i += 4;
    299. 

  299.     modulus.copy(buffer, i);                  i += modulus.length;
    300. 

  300. 

  301.     var s = type.toString() + ' ' + buffer.toString('base64') + ' ' + (comment || '');
    302. 

  302.     return s;
    303. 

  303.   }
    304. 

  304. };
    305. 

  305.