Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F72599715
PassphraseSSHPrivateKeyTextCredentialType.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Tue, Jul 16, 02:20
Size
1 KB
Mime Type
text/x-php
Expires
Thu, Jul 18, 02:20 (1 d, 21 h)
Engine
blob
Format
Raw Data
Handle
19075929
Attached To
rPH Phabricator
PassphraseSSHPrivateKeyTextCredentialType.php
View Options
<?php
final
class
PassphraseSSHPrivateKeyTextCredentialType
extends
PassphraseSSHPrivateKeyCredentialType
{
const
CREDENTIAL_TYPE
=
'ssh-key-text'
;
public
function
getCredentialType
()
{
return
self
::
CREDENTIAL_TYPE
;
}
public
function
getCredentialTypeName
()
{
return
pht
(
'SSH Private Key'
);
}
public
function
getCredentialTypeDescription
()
{
return
pht
(
'Store the plaintext of an SSH private key.'
);
}
public
function
getSecretLabel
()
{
return
pht
(
'Private Key'
);
}
public
function
shouldShowPasswordField
()
{
return
true
;
}
public
function
getPasswordLabel
()
{
return
pht
(
'Password for Key'
);
}
public
function
requiresPassword
(
PhutilOpaqueEnvelope
$secret
)
{
// According to the internet, this is the canonical test for an SSH private
// key with a password.
return
preg_match
(
'/ENCRYPTED/'
,
$secret
->
openEnvelope
());
}
public
function
decryptSecret
(
PhutilOpaqueEnvelope
$secret
,
PhutilOpaqueEnvelope
$password
)
{
$tmp
=
new
TempFile
();
Filesystem
::
writeFile
(
$tmp
,
$secret
->
openEnvelope
());
if
(!
Filesystem
::
binaryExists
(
'ssh-keygen'
))
{
throw
new
Exception
(
pht
(
'Decrypting SSH keys requires the `%s` binary, but it '
.
'is not available in %s. Either make it available or strip the '
.
'password fromt his SSH key manually before uploading it.'
,
'ssh-keygen'
,
'$PATH'
));
}
list
(
$err
,
$stdout
,
$stderr
)
=
exec_manual
(
'ssh-keygen -p -P %P -N %s -f %s'
,
$password
,
''
,
(
string
)
$tmp
);
if
(
$err
)
{
return
null
;
}
else
{
return
new
PhutilOpaqueEnvelope
(
Filesystem
::
readFile
(
$tmp
));
}
}
}
Event Timeline
Log In to Comment