Differential D20905 Diff 49825 src/applications/passphrase/credentialtype/PassphraseSSHPrivateKeyTextCredentialType.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/passphrase/credentialtype/PassphraseSSHPrivateKeyTextCredentialType.php
Show All 23 Lines | final class PassphraseSSHPrivateKeyTextCredentialType | ||||
public function shouldShowPasswordField() { | public function shouldShowPasswordField() { | ||||
return true; | return true; | ||||
} | } | ||||
public function getPasswordLabel() { | public function getPasswordLabel() { | ||||
return pht('Password for Key'); | return pht('Password for Key'); | ||||
} | } | ||||
public function requiresPassword(PhutilOpaqueEnvelope $secret) { | |||||
// According to the internet, this is the canonical test for an SSH private | |||||
// key with a password. | |||||
return preg_match('/ENCRYPTED/', $secret->openEnvelope()); | |||||
} | |||||
public function decryptSecret( | |||||
PhutilOpaqueEnvelope $secret, | |||||
PhutilOpaqueEnvelope $password) { | |||||
$tmp = new TempFile(); | |||||
Filesystem::writeFile($tmp, $secret->openEnvelope()); | |||||
if (!Filesystem::binaryExists('ssh-keygen')) { | |||||
throw new Exception( | |||||
pht( | |||||
'Decrypting SSH keys requires the `%s` binary, but it '. | |||||
'is not available in %s. Either make it available or strip the '. | |||||
'password from this SSH key manually before uploading it.', | |||||
'ssh-keygen', | |||||
'$PATH')); | |||||
} | |||||
list($err, $stdout, $stderr) = exec_manual( | |||||
'ssh-keygen -p -P %P -N %s -f %s', | |||||
$password, | |||||
'', | |||||
(string)$tmp); | |||||
if ($err) { | |||||
return null; | |||||
} else { | |||||
return new PhutilOpaqueEnvelope(Filesystem::readFile($tmp)); | |||||
} | |||||
} | |||||
} | } |