dan/jose
1
0
Fork 0
mirror of https://github.com/danbulant/jose synced 2026-05-24 20:41:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: properly fail to import unsupported openssh keys

Browse source
This commit is contained in:
Filip Skokan 2019-12-10 17:02:42 +01:00
parent 94ec607d4c
commit bee574457f
2 changed files with 35 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/jwk/import.js
View file

@ -26,6 +26,8 @@ const mergedParameters = (target = {}, source = {}) => {
}
}
const openSSHpublicKey = /^[a-zA-Z0-9-]+ (?:[a-zA-Z0-9+/])*(?:==|=)?(?: .*)?$/
const asKey = (key, parameters, { calculateMissingRSAPrimes = false } = {}) => {
let privateKey, publicKey, secret
@ -98,7 +100,7 @@ const asKey = (key, parameters, { calculateMissingRSAPrimes = false } = {}) => {
try {
// this is to filter out invalid PEM keys and certs, i'll rather have them fail import then
// have them imported as symmetric "oct" keys
if (!key.includes('-----BEGIN')) {
if (!key.includes('-----BEGIN') && !openSSHpublicKey.test(key.toString('ascii').replace(/[\r\n]/g, ''))) {
secret = createSecretKey(Buffer.isBuffer(key) ? key : Buffer.from(key))
}
} catch (err) {}

32
test/jwk/oct.test.js
View file

@ -1,4 +1,5 @@
const test = require('ava')
const { EOL } = require('os')
const { createSecretKey } = require('../../lib/help/key_object')
const { hasProperty, hasNoProperties } = require('../macros')
@ -172,3 +173,34 @@ test('they may be imported so long as there was no k', t => {
})
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
})
;[
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ZsprTWFF+fOG0mrdIQ+HxXnb5pAazkvSff1d49tgc73VKkrStsNSq9ss3j65p6gn6un8DZht0zP58iMqgK9YjfTC1OOGKFCtXzJsY9XwhFoSvhaI0iC2NH+aGu8OFfYXiQs/UZGe9acvFgViTSa/qYvh3NYTVPPf4EaaUndMIVz6scwuPji4w/n5dYXk5PF58k0Dq52ID6yQVk2QBRf8JcL+dPy3YztPTB2kcu7e0N9VopC5Qq2TsCb2H9ooHlgMerJ0WjlCv1ADC/8I+Cj7K1dj/3dcrMK/YR+2Muey5aQufPWoxtFpUv/2ieIAi19hhLeUOZbOlkwD/k/DO9Ht panva@local',
'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJS61dYMKR7grCcg2wLzkQZs4ok5VVZ6Oc+TlOSrz6s5WLl4WdN2hPCpYs/PtbyGcW0a8CAEKik3guStuMGCN1I= panva@local',
'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5wJKRxgAdYUPm7gfP9eP4MKnWahgALTRDgMHt0VMj7 panva@local',
`-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW`
].forEach((openSSH, i, { length }) => {
test(`openssh keys do not fall through to oct keys ${i + 1}/${length}`, t => {
// strings
t.throws(() => {
asKey(openSSH)
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
t.throws(() => {
asKey(openSSH.replace(' panva@local', ''))
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
t.throws(() => {
asKey(openSSH.match(/.{1,64}/g).join(EOL))
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
// buffers
t.throws(() => {
asKey(Buffer.from(openSSH))
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
t.throws(() => {
asKey(Buffer.from(openSSH.replace(' panva@local', '')))
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
t.throws(() => {
asKey(Buffer.from(openSSH.match(/.{1,64}/g).join(EOL)))
}, { instanceOf: errors.JWKImportFailed, message: 'key import failed' })
})
})