Re-encode Certificate in OpenSSH authorized_keys format by btoews · Pull Request #8 · github/ssh_data

btoews · 2019-02-21T23:28:29Z

Same as #7, but for Certificates. The changes are mostly about cleaning up the code in Encoding and abstracting tests a bit.

btoews · 2019-02-21T23:29:52Z

For context, the main motivation here is that the OpenSSH version running on Janky boxes doesn't allow for arbitrary certificate extensions. This should get https://github.com/github/github/pull/108335 passing and clean up the test fixtures on that branch.

btoews · 2019-02-21T23:58:37Z

I take that back. This isn't quite ready for review. I want to add the ability to sign a cert.

btoews · 2019-02-22T00:42:17Z

Okay. This is ready for 👀 now. For what it's worth, I'm not too concerned with this code, given that it is only going to be used in tests.

ptoomey3

To be frank, I've only given this a cursory review. There are a lot of additions here that I'm not terribly familiar with. If you think it is worth the time to set aside for a deeper review 👍, just let me know and I will. But, if you think it isn't terribly security-critical (as you noted, the main use case here is for test) and that the tests are good enough to have pretty strong confidence, then I'm ok with that as well.

lib/ssh_data.rb

lib/ssh_data/certificate.rb

btoews added 4 commits February 21, 2019 12:10

rename PublicKey::Base#raw to #rfc4253

ce06217

move some encoding logic out of the Certificate module

a2a17f9

add methods for encoding more types

7fdb72a

re-encode certificates back into openssh format

cfc5029

btoews requested a review from ptoomey3 February 21, 2019 23:28

btoews added 3 commits February 21, 2019 16:58

calculate signed_data from serialized cert

a921297

allow private keys to sign

e46b72a

allow certificates to be signed by private keys

689f9f9

ptoomey3 approved these changes Feb 22, 2019

View reviewed changes

lib/ssh_data.rb Outdated Show resolved Hide resolved

lib/ssh_data/certificate.rb Outdated Show resolved Hide resolved

lib/ssh_data/certificate.rb Outdated Show resolved Hide resolved

lib/ssh_data/certificate.rb Show resolved Hide resolved

btoews added 3 commits February 25, 2019 08:57

helpers for generating private keys

214e2cb

helper for issuing certificates using private keys

8ee17d2

address feedback from @ptoomey3

78dbb1b

btoews merged commit f07d827 into master Feb 25, 2019

btoews deleted the re-encode-certs branch February 25, 2019 16:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Re-encode Certificate in OpenSSH authorized_keys format#8

Re-encode Certificate in OpenSSH authorized_keys format#8
btoews merged 10 commits intomasterfrom
re-encode-certs

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 22, 2019

Uh oh!

ptoomey3 left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 21, 2019

Uh oh!

btoews commented Feb 22, 2019

Uh oh!

ptoomey3 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants