public static bool ValidatePubKey(ICollection <tbl_PublicKey> userKeys, SshPublicKey loginKey) { var loginStream = new MemoryStream(); loginKey.SavePublicKey(loginStream, SshPublicKeyFormat.Pkcs8); var loginValue = Encoding.ASCII.GetString(loginStream.ToArray()); foreach (var userKey in userKeys) { var pubKeyBytes = Encoding.ASCII.GetBytes(userKey.KeyValue); var pubKeyInfo = new PublicKeyInfo(); pubKeyInfo.Load(new MemoryStream(pubKeyBytes)); var pubStream = new MemoryStream(); var pubKey = new SshPublicKey(pubKeyInfo); pubKey.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8); var pubKeyValue = Encoding.ASCII.GetString(pubStream.ToArray()); if (loginValue == pubKeyValue) { return(true); } } return(false); }
/* * openssh uses base64 and special formatting for public keys like with "authorized_keys" * https://man.openbsd.org/ssh-keygen */ public static StringBuilder ExportPubKeyBase64(tbl_User user, ICollection <tbl_PublicKey> keys) { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; var sb = new StringBuilder(); foreach (var key in keys) { var pubBytes = Encoding.ASCII.GetBytes(key.KeyValue); var pubKeyInfo = new PublicKeyInfo(); pubKeyInfo.Load(new MemoryStream(pubBytes)); var pubStream = new MemoryStream(); var pubKey = new SshPublicKey(pubKeyInfo); pubKey.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8); var algo = string.Empty; switch (pubKey.KeyAlgorithm) { case SshHostKeyAlgorithm.DSS: algo = "ssh-dsa"; break; case SshHostKeyAlgorithm.RSA: algo = "ssh-rsa"; break; //case SshHostKeyAlgorithm.ECDsaNistP256: // algo = "ecdsa-sha2-nistp256"; // break; //case SshHostKeyAlgorithm.ECDsaNistP384: // algo = "ecdsa-sha2-nistp384"; // break; //case SshHostKeyAlgorithm.ECDsaNistP521: // algo = "ecdsa-sha2-nistp521"; // break; //case SshHostKeyAlgorithm.ED25519: // algo = "ssh-ed25519"; // break; default: { Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {pubKey.KeyAlgorithm} not supported"); continue; } } sb.AppendLine($"{algo} {Convert.ToBase64String(pubKey.GetPublicKey())} {key.Comment}"); } return(sb); }
public static byte[] ExportPubKey(tbl_PublicKey key, SshPublicKeyFormat pubKeyFormat) { var pubBytes = Encoding.ASCII.GetBytes(key.KeyValue); var pubKeyInfo = new PublicKeyInfo(); pubKeyInfo.Load(new MemoryStream(pubBytes)); var pubStream = new MemoryStream(); var pubKey = new SshPublicKey(pubKeyInfo); pubKey.SavePublicKey(pubStream, pubKeyFormat); return(pubStream.ToArray()); }
public static tbl_PublicKey ImportPubKey(IUnitOfWork uow, tbl_User user, SignatureHashAlgorithm sigAlgo, string hostname, FileInfo inputFile) { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; tbl_PublicKey pubKeyEntity = null; var pubKey = new SshPublicKey(inputFile.FullName); var pubKeyStream = new MemoryStream(); pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8); var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray()); var pubKeyFound = uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()); if (pubKeyFound == null) { pubKeyEntity = uow.PublicKeys.Create( new tbl_PublicKey { Id = Guid.NewGuid(), IdentityId = user.IdentityId, KeyValue = pubKeyValue, KeyAlgo = pubKey.KeyAlgorithm.ToString(), KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(), SigValue = pubKey.Fingerprint.ToString(sigAlgo, false), SigAlgo = sigAlgo.ToString(), Comment = hostname, Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } else { Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } uow.Commit(); return(pubKeyEntity); }
/* * openssh uses base64 and special formatting for public keys like with "authorized_keys" * https://man.openbsd.org/ssh-keygen */ public static ICollection <tbl_PublicKey> ImportPubKeyBase64(IUnitOfWork uow, tbl_User user, SignatureHashAlgorithm sigAlgo, FileInfo inputFile) { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; var pubKeyLines = File.ReadAllLines(inputFile.FullName); var pubKeys = new List <tbl_PublicKey>(); foreach (var line in pubKeyLines) { var base64 = line.Split(' '); switch (base64[0]) { case "ssh-dsa": break; case "ssh-rsa": break; //case "ecdsa-sha2-nistp256": // break; //case "ecdsa-sha2-nistp384": // break; //case "ecdsa-sha2-nistp521": // break; //case "ssh-ed25519": // break; default: { Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {base64[0]} not supported"); continue; } } var pubKey = new SshPublicKey(Convert.FromBase64String(base64[1])); var pubKeyStream = new MemoryStream(); pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8); var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray()); if (!uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()).Any()) { var newPubKey = uow.PublicKeys.Create( new tbl_PublicKey { Id = Guid.NewGuid(), IdentityId = user.IdentityId, KeyValue = pubKeyValue, KeyAlgo = pubKey.KeyAlgorithm.ToString(), KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(), SigValue = pubKey.Fingerprint.ToString(sigAlgo, false), SigAlgo = sigAlgo.ToString(), Comment = base64[2], Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); pubKeys.Add(newPubKey); Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } else { Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } } uow.Commit(); return(pubKeys); }