Implement other ssh keys and use ssh-keygen instead

2018-03-09 11:50:21 +00:00 · 2018-03-09 11:50:21 +00:00 · 211b2f390c
commit 211b2f390c
parent 9a538b9eeb
13 changed files with 114 additions and 19 deletions
--- a/qa/Gemfile
+++ b/qa/Gemfile
@ -6,5 +6,4 @@ gem 'capybara-screenshot', '~> 1.0.18'
 gem 'rake', '~> 12.3.0'
 gem 'rspec', '~> 3.7'
 gem 'selenium-webdriver', '~> 3.8.0'
-gem 'net-ssh', require: false
 gem 'airborne', '~> 0.2.13'
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@ -46,7 +46,6 @@ GEM
    mini_mime (1.0.0)
    mini_portile2 (2.3.0)
    minitest (5.11.1)
-    net-ssh (4.1.0)
    netrc (0.11.0)
    nokogiri (1.8.1)
      mini_portile2 (~> 2.3.0)
@ -98,7 +97,6 @@ DEPENDENCIES
  airborne (~> 0.2.13)
  capybara (~> 2.16.1)
  capybara-screenshot (~> 1.0.18)
-  net-ssh
  pry-byebug (~> 3.5.1)
  rake (~> 12.3.0)
  rspec (~> 3.7)
--- a/qa/qa.rb
+++ b/qa/qa.rb
@ -15,7 +15,11 @@ module QA
    autoload :API, 'qa/runtime/api'

    module Key
+      autoload :Base, 'qa/runtime/key/base'
      autoload :RSA, 'qa/runtime/key/rsa'
+      autoload :DSA, 'qa/runtime/key/dsa'
+      autoload :ECDSA, 'qa/runtime/key/ecdsa'
+      autoload :ED25519, 'qa/runtime/key/ed25519'
    end
  end

--- a/qa/qa/runtime/key/base.rb
+++ b/qa/qa/runtime/key/base.rb
@ -0,0 +1,38 @@
+module QA
+  module Runtime
+    module Key
+      class Base
+        attr_reader :private_key, :public_key, :fingerprint
+
+        def initialize(name, bits)
+          Dir.mktmpdir do |dir|
+            path = "#{dir}/id_#{name}"
+
+            ssh_keygen(name, bits, path)
+            populate_key_data(path)
+          end
+        end
+
+        private
+
+        def ssh_keygen(name, bits, path)
+          cmd = %W[ssh-keygen -t #{name} -b #{bits} -f #{path} -N] << ''
+
+          IO.popen([*cmd, err: %i[child out]]) do |io|
+            out = io.read
+            io.close
+
+            raise "ssh-keygen failed with output: #{out}" unless $?.success?
+          end
+        end
+
+        def populate_key_data(path)
+          @private_key = File.binread(path)
+          @public_key = File.binread("#{path}.pub")
+          @fingerprint =
+            `ssh-keygen -l -E md5 -f #{path} | cut -d' ' -f2 | cut -d: -f2-`.chomp
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/runtime/key/dsa.rb
+++ b/qa/qa/runtime/key/dsa.rb
@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class DSA < Base
+        def initialize
+          super('dsa', 1024)
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/runtime/key/ecdsa.rb
+++ b/qa/qa/runtime/key/ecdsa.rb
@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class ECDSA < Base
+        def initialize(bits = 521)
+          super('ecdsa', bits)
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/runtime/key/ed25519.rb
+++ b/qa/qa/runtime/key/ed25519.rb
@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class ED25519 < Base
+        def initialize
+          super('ed25519', 256)
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/runtime/key/rsa.rb
+++ b/qa/qa/runtime/key/rsa.rb
@ -1,21 +1,9 @@
-require 'net/ssh'
-require 'forwardable'
-
 module QA
  module Runtime
    module Key
-      class RSA
-        extend Forwardable
-
-        attr_reader :key
-        def_delegators :@key, :fingerprint, :to_pem
-
+      class RSA < Base
        def initialize(bits = 4096)
-          @key = OpenSSL::PKey::RSA.new(bits)
-        end
-
-        def public_key
-          @public_key ||= "#{key.ssh_type} #{[key.to_blob].pack('m0')}"
+          super('rsa', bits)
        end
      end
    end
--- a/qa/qa/specs/features/project/deploy_key_clone_spec.rb
+++ b/qa/qa/specs/features/project/deploy_key_clone_spec.rb
@ -35,7 +35,7 @@ module QA
      Factory::Resource::SecretVariable.fabricate! do |resource|
        resource.project = project
        resource.key = 'DEPLOY_KEY'
-        resource.value = key.to_pem
+        resource.value = key.private_key
      end

      project.visit!
--- a/qa/spec/runtime/key/dsa_spec.rb
+++ b/qa/spec/runtime/key/dsa_spec.rb
@ -0,0 +1,9 @@
+describe QA::Runtime::Key::DSA do
+  describe '#public_key' do
+    subject { described_class.new.public_key }
+
+    it 'generates a public DSA key' do
+      expect(subject).to match(%r{\Assh\-dss AAAA[0-9A-Za-z+/]+={0,3}})
+    end
+  end
+end
--- a/qa/spec/runtime/key/ecdsa_spec.rb
+++ b/qa/spec/runtime/key/ecdsa_spec.rb
@ -0,0 +1,17 @@
+describe QA::Runtime::Key::ECDSA do
+  describe '#public_key' do
+    [256, 384, 521].each do |bits|
+      it "generates a public #{bits}-bits ECDSA key" do
+        subject = described_class.new(bits).public_key
+
+        expect(subject).to match(%r{\Aecdsa\-sha2\-\w+ AAAA[0-9A-Za-z+/]+={0,3}})
+      end
+    end
+  end
+
+  describe '#new' do
+    it 'does not support arbitrary bits' do
+      expect { described_class.new(123) }.to raise_error(RuntimeError)
+    end
+  end
+end
--- a/qa/spec/runtime/key/ed25519_spec.rb
+++ b/qa/spec/runtime/key/ed25519_spec.rb
@ -0,0 +1,9 @@
+describe QA::Runtime::Key::ED25519 do
+  describe '#public_key' do
+    subject { described_class.new.public_key }
+
+    it 'generates a public ED25519 key' do
+      expect(subject).to match(%r{\Assh\-ed25519 AAAA[0-9A-Za-z+/]})
+    end
+  end
+end
--- a/qa/spec/runtime/key/rsa_spec.rb
+++ b/qa/spec/runtime/key/rsa_spec.rb
@ -3,7 +3,7 @@ describe QA::Runtime::Key::RSA do
    subject { described_class.new.public_key }

    it 'generates a public RSA key' do
-      expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}\z})
+      expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}})
    end
  end
 end