public static bool ValidatePubKey(ICollection <tbl_PublicKey> userKeys, SshPublicKey loginKey)
{
var loginStream = new MemoryStream();
loginKey.SavePublicKey(loginStream, SshPublicKeyFormat.Pkcs8);
var loginValue = Encoding.ASCII.GetString(loginStream.ToArray());
foreach (var userKey in userKeys)
{
var pubKeyBytes = Encoding.ASCII.GetBytes(userKey.KeyValue);
var pubKeyInfo = new PublicKeyInfo();
pubKeyInfo.Load(new MemoryStream(pubKeyBytes));
var pubStream = new MemoryStream();
var pubKey = new SshPublicKey(pubKeyInfo);
pubKey.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8);
var pubKeyValue = Encoding.ASCII.GetString(pubStream.ToArray());
if (loginValue == pubKeyValue)
{
return(true);
}
}
return(false);
}
/*
* openssh uses base64 and special formatting for public keys like with "authorized_keys"
* https://man.openbsd.org/ssh-keygen
*/
public static StringBuilder ExportPubKeyBase64(tbl_User user, ICollection <tbl_PublicKey> keys)
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
var sb = new StringBuilder();
foreach (var key in keys)
{
var pubBytes = Encoding.ASCII.GetBytes(key.KeyValue);
var pubKeyInfo = new PublicKeyInfo();
pubKeyInfo.Load(new MemoryStream(pubBytes));
var pubStream = new MemoryStream();
var pubKey = new SshPublicKey(pubKeyInfo);
pubKey.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8);
var algo = string.Empty;
switch (pubKey.KeyAlgorithm)
{
case SshHostKeyAlgorithm.DSS:
algo = "ssh-dsa";
break;
case SshHostKeyAlgorithm.RSA:
algo = "ssh-rsa";
break;
//case SshHostKeyAlgorithm.ECDsaNistP256:
// algo = "ecdsa-sha2-nistp256";
// break;
//case SshHostKeyAlgorithm.ECDsaNistP384:
// algo = "ecdsa-sha2-nistp384";
// break;
//case SshHostKeyAlgorithm.ECDsaNistP521:
// algo = "ecdsa-sha2-nistp521";
// break;
//case SshHostKeyAlgorithm.ED25519:
// algo = "ssh-ed25519";
// break;
default:
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {pubKey.KeyAlgorithm} not supported");
continue;
}
}
sb.AppendLine($"{algo} {Convert.ToBase64String(pubKey.GetPublicKey())} {key.Comment}");
}
return(sb);
}
public static byte[] ExportPubKey(tbl_PublicKey key, SshPublicKeyFormat pubKeyFormat)
{
var pubBytes = Encoding.ASCII.GetBytes(key.KeyValue);
var pubKeyInfo = new PublicKeyInfo();
pubKeyInfo.Load(new MemoryStream(pubBytes));
var pubStream = new MemoryStream();
var pubKey = new SshPublicKey(pubKeyInfo);
pubKey.SavePublicKey(pubStream, pubKeyFormat);
return(pubStream.ToArray());
}
public static tbl_PublicKey ImportPubKey(IUnitOfWork uow, tbl_User user,
SignatureHashAlgorithm sigAlgo, string hostname, FileInfo inputFile)
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
tbl_PublicKey pubKeyEntity = null;
var pubKey = new SshPublicKey(inputFile.FullName);
var pubKeyStream = new MemoryStream();
pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8);
var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray());
var pubKeyFound = uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda());
if (pubKeyFound == null)
{
pubKeyEntity = uow.PublicKeys.Create(
new tbl_PublicKey
{
Id = Guid.NewGuid(),
IdentityId = user.IdentityId,
KeyValue = pubKeyValue,
KeyAlgo = pubKey.KeyAlgorithm.ToString(),
KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(),
SigValue = pubKey.Fingerprint.ToString(sigAlgo, false),
SigAlgo = sigAlgo.ToString(),
Comment = hostname,
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
else
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
uow.Commit();
return(pubKeyEntity);
}
/*
* openssh uses base64 and special formatting for public keys like with "authorized_keys"
* https://man.openbsd.org/ssh-keygen
*/
public static ICollection <tbl_PublicKey> ImportPubKeyBase64(IUnitOfWork uow, tbl_User user,
SignatureHashAlgorithm sigAlgo, FileInfo inputFile)
{
var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";
var pubKeyLines = File.ReadAllLines(inputFile.FullName);
var pubKeys = new List <tbl_PublicKey>();
foreach (var line in pubKeyLines)
{
var base64 = line.Split(' ');
switch (base64[0])
{
case "ssh-dsa":
break;
case "ssh-rsa":
break;
//case "ecdsa-sha2-nistp256":
// break;
//case "ecdsa-sha2-nistp384":
// break;
//case "ecdsa-sha2-nistp521":
// break;
//case "ssh-ed25519":
// break;
default:
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {base64[0]} not supported");
continue;
}
}
var pubKey = new SshPublicKey(Convert.FromBase64String(base64[1]));
var pubKeyStream = new MemoryStream();
pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8);
var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray());
if (!uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>()
.Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()).Any())
{
var newPubKey = uow.PublicKeys.Create(
new tbl_PublicKey
{
Id = Guid.NewGuid(),
IdentityId = user.IdentityId,
KeyValue = pubKeyValue,
KeyAlgo = pubKey.KeyAlgorithm.ToString(),
KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(),
SigValue = pubKey.Fingerprint.ToString(sigAlgo, false),
SigAlgo = sigAlgo.ToString(),
Comment = base64[2],
Enabled = true,
Deletable = true,
Created = DateTime.Now,
LastUpdated = null,
});
pubKeys.Add(newPubKey);
Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
else
{
Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" +
$"{Environment.NewLine}{pubKeyValue}");
}
}
uow.Commit();
return(pubKeys);
}
