You've already forked step-ca-cli
mirror of
https://github.com/smallstep/cli.git
synced 2025-07-31 08:24:22 +03:00
171 lines
4.0 KiB
Go
171 lines
4.0 KiB
Go
package ssh
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/urfave/cli"
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
"github.com/smallstep/cli-utils/command"
|
|
"github.com/smallstep/cli-utils/errs"
|
|
|
|
"github.com/smallstep/cli/internal/sshutil"
|
|
"github.com/smallstep/cli/utils"
|
|
)
|
|
|
|
func inspectCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "inspect",
|
|
Action: command.ActionFunc(inspectAction),
|
|
Usage: "print the contents of an ssh certificate",
|
|
UsageText: `**step ssh inspect** <crt-file>`,
|
|
Description: `**step ssh inspect** command prints ssh certificate details in human readable
|
|
format.
|
|
|
|
## POSITIONAL ARGUMENTS
|
|
|
|
<crt-file>
|
|
: The path to an ssh certificate.
|
|
|
|
## EXAMPLES
|
|
|
|
Prints the contents of id_ecdsa-cert.pub:
|
|
'''
|
|
$ step ssh inspect id_ecdsa-cert.pub
|
|
'''`,
|
|
Flags: []cli.Flag{
|
|
cli.StringFlag{
|
|
Name: "format",
|
|
Value: "text",
|
|
Usage: `The output format for printing the introspection details.
|
|
|
|
: <format> is a string and must be one of:
|
|
|
|
**text**
|
|
: Print output in unstructured text suitable for a human to read.
|
|
|
|
**json**
|
|
: Print output in JSON format.`,
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func inspectAction(ctx *cli.Context) error {
|
|
if err := errs.MinMaxNumberOfArguments(ctx, 0, 1); err != nil {
|
|
return err
|
|
}
|
|
|
|
var name string
|
|
switch ctx.NArg() {
|
|
case 0:
|
|
name = "-"
|
|
case 1:
|
|
name = ctx.Args().First()
|
|
default:
|
|
return errs.TooManyArguments(ctx)
|
|
}
|
|
|
|
var (
|
|
format = ctx.String("format")
|
|
)
|
|
|
|
if format != "text" && format != "json" {
|
|
return errs.InvalidFlagValue(ctx, "format", format, "text, json")
|
|
}
|
|
|
|
b, err := utils.ReadFile(name)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
pub, _, _, _, err := ssh.ParseAuthorizedKey(b)
|
|
if err != nil {
|
|
// Attempt to parse the key without the type.
|
|
b = bytes.TrimSpace(b)
|
|
keyBytes := make([]byte, base64.StdEncoding.DecodedLen(len(b)))
|
|
n, err := base64.StdEncoding.Decode(keyBytes, b)
|
|
if err != nil {
|
|
return errors.Wrap(err, "error parsing ssh certificate")
|
|
}
|
|
if pub, err = ssh.ParsePublicKey(keyBytes[:n]); err != nil {
|
|
return errors.Wrap(err, "error parsing ssh certificate")
|
|
}
|
|
}
|
|
cert, ok := pub.(*ssh.Certificate)
|
|
if !ok {
|
|
return errors.Errorf("error decoding ssh certificate: %T is not an *ssh.Certificate", pub)
|
|
}
|
|
inspect, err := sshutil.InspectCertificate(cert)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
switch format {
|
|
case "text":
|
|
space := ""
|
|
fmt.Println(name + ":")
|
|
fmt.Printf("%8sType: %s %s certificate\n", space, inspect.KeyName, inspect.Type)
|
|
fmt.Printf("%8sPublic key: %s-CERT %s\n", space, inspect.KeyAlgo, inspect.KeyFingerprint)
|
|
fmt.Printf("%8sSigning CA: %s %s (using %s)\n", space, inspect.SigningKeyAlgo, inspect.SigningKeyFingerprint, inspect.Signature.Type)
|
|
fmt.Printf("%8sKey ID: \"%s\"\n", space, inspect.KeyID)
|
|
fmt.Printf("%8sSerial: %d\n", space, inspect.Serial)
|
|
fmt.Printf("%8sValid: %s\n", space, inspect.Validity())
|
|
fmt.Printf("%8sPrincipals: ", space)
|
|
if len(inspect.Principals) == 0 {
|
|
fmt.Println("(none)")
|
|
} else {
|
|
fmt.Println()
|
|
for _, p := range inspect.Principals {
|
|
fmt.Printf("%16s%s\n", space, p)
|
|
}
|
|
}
|
|
fmt.Printf("%8sCritical Options: ", space)
|
|
if len(inspect.CriticalOptions) == 0 {
|
|
fmt.Println("(none)")
|
|
} else {
|
|
fmt.Println()
|
|
for k, v := range inspect.CriticalOptions {
|
|
fmt.Printf("%16s%s %v\n", space, k, v)
|
|
}
|
|
}
|
|
fmt.Printf("%8sExtensions: ", space)
|
|
if len(inspect.Extensions) == 0 {
|
|
fmt.Println("(none)")
|
|
} else {
|
|
fmt.Println()
|
|
for k, v := range inspect.Extensions {
|
|
fmt.Printf("%16s%s %v\n", space, k, v)
|
|
}
|
|
}
|
|
fmt.Printf("%8sSignature:", space)
|
|
for i, b := range cert.Signature.Blob {
|
|
if (i % 16) == 0 {
|
|
fmt.Printf("\n%16s", space)
|
|
}
|
|
fmt.Printf("%02x", b)
|
|
if i != len(cert.Signature.Blob)-1 {
|
|
fmt.Print(":")
|
|
}
|
|
}
|
|
fmt.Println()
|
|
|
|
case "json":
|
|
enc := json.NewEncoder(os.Stdout)
|
|
enc.SetIndent("", " ")
|
|
err := enc.Encode(inspect)
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
default:
|
|
return errs.InvalidFlagValue(ctx, "format", format, "text, json")
|
|
}
|
|
|
|
return nil
|
|
}
|