// Copyright 2015 Joyent, Inc. module.exports = Fingerprint; var assert = require('assert-plus'); var algs = require('./algs'); var crypto = require('crypto'); var errs = require('./errors'); var Key = require('./key'); var Certificate = require('./certificate'); var utils = require('./utils'); var FingerprintFormatError = errs.FingerprintFormatError; var InvalidAlgorithmError = errs.InvalidAlgorithmError; function Fingerprint(opts) { assert.object(opts, 'options'); assert.string(opts.type, 'options.type'); assert.buffer(opts.hash, 'options.hash'); assert.string(opts.algorithm, 'options.algorithm'); this.algorithm = opts.algorithm.toLowerCase(); if (algs.hashAlgs[this.algorithm] !== true) throw (new InvalidAlgorithmError(this.algorithm)); this.hash = opts.hash; this.type = opts.type; } Fingerprint.prototype.toString = function (format) { if (format === undefined) { if (this.algorithm === 'md5') format = 'hex'; else format = 'base64'; } assert.string(format); switch (format) { case 'hex': return (addColons(this.hash.toString('hex'))); case 'base64': return (sshBase64Format(this.algorithm, this.hash.toString('base64'))); default: throw (new FingerprintFormatError(undefined, format)); } }; Fingerprint.prototype.matches = function (other) { assert.object(other, 'key or certificate'); if (this.type === 'key') { utils.assertCompatible(other, Key, [1, 0], 'key'); } else { utils.assertCompatible(other, Certificate, [1, 0], 'certificate'); } var theirHash = other.hash(this.algorithm); var theirHash2 = crypto.createHash(this.algorithm). update(theirHash).digest('base64'); if (this.hash2 === undefined) this.hash2 = crypto.createHash(this.algorithm). update(this.hash).digest('base64'); return (this.hash2 === theirHash2); }; Fingerprint.parse = function (fp, options) { assert.string(fp, 'fingerprint'); var alg, hash, enAlgs; if (Array.isArray(options)) { enAlgs = options; options = {}; } assert.optionalObject(options, 'options'); if (options === undefined) options = {}; if (options.enAlgs !== undefined) enAlgs = options.enAlgs; assert.optionalArrayOfString(enAlgs, 'algorithms'); var parts = fp.split(':'); if (parts.length == 2) { alg = parts[0].toLowerCase(); /*JSSTYLED*/ var base64RE = /^[A-Za-z0-9+\/=]+$/; if (!base64RE.test(parts[1])) throw (new FingerprintFormatError(fp)); try { hash = new Buffer(parts[1], 'base64'); } catch (e) { throw (new FingerprintFormatError(fp)); } } else if (parts.length > 2) { alg = 'md5'; if (parts[0].toLowerCase() === 'md5') parts = parts.slice(1); parts = parts.join(''); /*JSSTYLED*/ var md5RE = /^[a-fA-F0-9]+$/; if (!md5RE.test(parts)) throw (new FingerprintFormatError(fp)); try { hash = new Buffer(parts, 'hex'); } catch (e) { throw (new FingerprintFormatError(fp)); } } if (alg === undefined) throw (new FingerprintFormatError(fp)); if (algs.hashAlgs[alg] === undefined) throw (new InvalidAlgorithmError(alg)); if (enAlgs !== undefined) { enAlgs = enAlgs.map(function (a) { return a.toLowerCase(); }); if (enAlgs.indexOf(alg) === -1) throw (new InvalidAlgorithmError(alg)); } return (new Fingerprint({ algorithm: alg, hash: hash, type: options.type || 'key' })); }; function addColons(s) { /*JSSTYLED*/ return (s.replace(/(.{2})(?=.)/g, '$1:')); } function base64Strip(s) { /*JSSTYLED*/ return (s.replace(/=*$/, '')); } function sshBase64Format(alg, h) { return (alg.toUpperCase() + ':' + base64Strip(h)); } Fingerprint.isFingerprint = function (obj, ver) { return (utils.isCompatible(obj, Fingerprint, ver)); }; /* * API versions for Fingerprint: * [1,0] -- initial ver * [1,1] -- first tagged ver */ Fingerprint.prototype._sshpkApiVersion = [1, 1]; Fingerprint._oldVersionDetect = function (obj) { assert.func(obj.toString); assert.func(obj.matches); return ([1, 0]); };