sshpk-verify (3553B)
1 #!/usr/bin/env node 2 // -*- mode: js -*- 3 // vim: set filetype=javascript : 4 // Copyright 2015 Joyent, Inc. All rights reserved. 5 6 var dashdash = require('dashdash'); 7 var sshpk = require('../lib/index'); 8 var fs = require('fs'); 9 var path = require('path'); 10 var Buffer = require('safer-buffer').Buffer; 11 12 var options = [ 13 { 14 names: ['hash', 'H'], 15 type: 'string', 16 help: 'Hash algorithm (sha1, sha256, sha384, sha512)' 17 }, 18 { 19 names: ['verbose', 'v'], 20 type: 'bool', 21 help: 'Display verbose info about key and hash used' 22 }, 23 { 24 names: ['identity', 'i'], 25 type: 'string', 26 help: 'Path to (public) key to use' 27 }, 28 { 29 names: ['file', 'f'], 30 type: 'string', 31 help: 'Input filename' 32 }, 33 { 34 names: ['format', 't'], 35 type: 'string', 36 help: 'Signature format (asn1, ssh, raw)' 37 }, 38 { 39 names: ['signature', 's'], 40 type: 'string', 41 help: 'base64-encoded signature data' 42 }, 43 { 44 names: ['help', 'h'], 45 type: 'bool', 46 help: 'Shows this help text' 47 } 48 ]; 49 50 if (require.main === module) { 51 var parser = dashdash.createParser({ 52 options: options 53 }); 54 55 try { 56 var opts = parser.parse(process.argv); 57 } catch (e) { 58 console.error('sshpk-verify: error: %s', e.message); 59 process.exit(3); 60 } 61 62 if (opts.help || opts._args.length > 1) { 63 var help = parser.help({}).trimRight(); 64 console.error('sshpk-verify: sign data using an SSH key\n'); 65 console.error(help); 66 process.exit(3); 67 } 68 69 if (!opts.identity) { 70 var help = parser.help({}).trimRight(); 71 console.error('sshpk-verify: the -i or --identity option ' + 72 'is required\n'); 73 console.error(help); 74 process.exit(3); 75 } 76 77 if (!opts.signature) { 78 var help = parser.help({}).trimRight(); 79 console.error('sshpk-verify: the -s or --signature option ' + 80 'is required\n'); 81 console.error(help); 82 process.exit(3); 83 } 84 85 var keyData = fs.readFileSync(opts.identity); 86 87 var key; 88 try { 89 key = sshpk.parseKey(keyData); 90 } catch (e) { 91 console.error('sshpk-verify: error loading key "' + 92 opts.identity + '": ' + e.name + ': ' + e.message); 93 process.exit(2); 94 } 95 96 var fmt = opts.format || 'asn1'; 97 var sigData = Buffer.from(opts.signature, 'base64'); 98 99 var sig; 100 try { 101 sig = sshpk.parseSignature(sigData, key.type, fmt); 102 } catch (e) { 103 console.error('sshpk-verify: error parsing signature: ' + 104 e.name + ': ' + e.message); 105 process.exit(2); 106 } 107 108 var hash = opts.hash || key.defaultHashAlgorithm(); 109 110 var verifier; 111 try { 112 verifier = key.createVerify(hash); 113 } catch (e) { 114 console.error('sshpk-verify: error creating verifier: ' + 115 e.name + ': ' + e.message); 116 process.exit(2); 117 } 118 119 if (opts.verbose) { 120 console.error('sshpk-verify: using %s-%s with a %d bit key', 121 key.type, hash, key.size); 122 } 123 124 var inFile = process.stdin; 125 var inFileName = 'stdin'; 126 127 var inFilePath; 128 if (opts.file) { 129 inFilePath = opts.file; 130 } else if (opts._args.length === 1) { 131 inFilePath = opts._args[0]; 132 } 133 134 if (inFilePath) 135 inFileName = path.basename(inFilePath); 136 137 try { 138 if (inFilePath) { 139 fs.accessSync(inFilePath, fs.R_OK); 140 inFile = fs.createReadStream(inFilePath); 141 } 142 } catch (e) { 143 console.error('sshpk-verify: error opening input file' + 144 ': ' + e.name + ': ' + e.message); 145 process.exit(2); 146 } 147 148 inFile.pipe(verifier); 149 inFile.on('end', function () { 150 var ret; 151 try { 152 ret = verifier.verify(sig); 153 } catch (e) { 154 console.error('sshpk-verify: error verifying data: ' + 155 e.name + ': ' + e.message); 156 process.exit(1); 157 } 158 159 if (ret) { 160 console.error('OK'); 161 process.exit(0); 162 } 163 164 console.error('NOT OK'); 165 process.exit(1); 166 }); 167 }