-
Notifications
You must be signed in to change notification settings - Fork 61
/
ssh_key.go
51 lines (44 loc) · 1.66 KB
/
ssh_key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package validate
import (
"crypto/rsa"
"encoding/base64"
"fmt"
"strings"
"golang.org/x/crypto/ssh"
)
// SSHKey performs some basic validation on supplied SSH Keys - Encoded Signature and Key Size are evaluated
// Will require rework if/when other Key Types are supported
func SSHKey(i interface{}, k string) (warnings []string, errors []error) {
v, ok := i.(string)
if !ok {
return nil, []error{fmt.Errorf("expected type of %q to be string", k)}
}
if strings.TrimSpace(v) == "" {
return nil, []error{fmt.Errorf("expected %q to not be an empty string or whitespace", k)}
}
if keyParts := strings.Fields(v); len(keyParts) > 1 {
byteStr, err := base64.StdEncoding.DecodeString(keyParts[1])
if err != nil {
return nil, []error{fmt.Errorf("decoding %q for public key data", k)}
}
pubKey, err := ssh.ParsePublicKey(byteStr)
if err != nil {
return nil, []error{fmt.Errorf("parsing %q as a public key object", k)}
}
if pubKey.Type() != ssh.KeyAlgoRSA {
return nil, []error{fmt.Errorf("- the provided %s SSH key is not supported. Only RSA SSH keys are supported by Azure", pubKey.Type())}
} else {
rsaPubKey, ok := pubKey.(ssh.CryptoPublicKey).CryptoPublicKey().(*rsa.PublicKey)
if !ok {
return nil, []error{fmt.Errorf("- could not retrieve the RSA public key from the SSH public key")}
}
rsaPubKeyBits := rsaPubKey.Size() * 8
if rsaPubKeyBits < 2048 {
return nil, []error{fmt.Errorf("- the provided RSA SSH key has %d bits. Only ssh-rsa keys with 2048 bits or higher are supported by Azure", rsaPubKeyBits)}
}
}
} else {
return nil, []error{fmt.Errorf("%q is not a complete SSH2 Public Key", k)}
}
return warnings, errors
}