Sha256: 011b5bbe68ede93cac132770fd1e06e2178d44d638d973b0ceb76c5e45f58e3c
Contents?: true
Size: 1.93 KB
Versions: 4
Compression:
Stored size: 1.93 KB
Contents
require 'front_end_builds/utils/ssh_pubkey_convert'
require 'base64'
require 'openssl'
module FrontEndBuilds
class Pubkey < ActiveRecord::Base
if defined?(ProtectedAttributes) || ::ActiveRecord::VERSION::MAJOR < 4
attr_accessible :name,
:pubkey
end
validates :name, presence: true
validates :pubkey, presence: true
has_many :builds, class_name: "FrontEndBuilds::Build"
def fingerprint
content = pubkey.split(/\s/)[1]
if content
Digest::MD5.hexdigest(Base64.decode64(content))
.scan(/.{1,2}/)
.join(":")
else
'Unknown'
end
end
def ssh_pubkey?
(type, b64, _) = pubkey.split(/\s/)
%w{ssh-rsa ssh-dss}.include?(type) && b64.present?
end
# Public: In order to verify a signature we need the key to be an OpenSSL
# RSA PKey and not a string that you would find in an ssh pubkey key. Most
# people are going to be adding ssh public keys to their build system, this
# method will covert them to OpenSSL RSA if needed.
def to_rsa_pkey
FrontEndBuilds::Utils::SSHPubKeyConvert
.convert(pubkey)
end
# Public: Will verify that the sigurate has access to deploy the build
# object. The signature includes the endpoint and app name.
#
# Returns boolean
def verify(build)
# TODO might as well cache this and store in the db so we dont have to
# convert every time
pkey = to_rsa_pkey
signature = Base64.decode64(build.signature)
digest = OpenSSL::Digest::SHA256.new
expected = "#{build.app.name}-#{build.endpoint}"
pkey.verify(digest, signature, expected)
end
def last_build
builds
.order('created_at desc')
.limit(1)
.first
end
def serialize
{
id: id,
name: name,
fingerprint: fingerprint,
lastUsedAt: last_build.try(:created_at)
}
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems