Differential D20905 Diff 49825 src/applications/passphrase/credentialtype/PassphraseSSHPrivateKeyTextCredentialType.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/passphrase/credentialtype/PassphraseSSHPrivateKeyTextCredentialType.php
| Show All 23 Lines | final class PassphraseSSHPrivateKeyTextCredentialType | ||||
| public function shouldShowPasswordField() { | public function shouldShowPasswordField() { | ||||
| return true; | return true; | ||||
| } | } | ||||
| public function getPasswordLabel() { | public function getPasswordLabel() { | ||||
| return pht('Password for Key'); | return pht('Password for Key'); | ||||
| } | } | ||||
| public function requiresPassword(PhutilOpaqueEnvelope $secret) { | |||||
| // According to the internet, this is the canonical test for an SSH private | |||||
| // key with a password. | |||||
| return preg_match('/ENCRYPTED/', $secret->openEnvelope()); | |||||
| } | |||||
| public function decryptSecret( | |||||
| PhutilOpaqueEnvelope $secret, | |||||
| PhutilOpaqueEnvelope $password) { | |||||
| $tmp = new TempFile(); | |||||
| Filesystem::writeFile($tmp, $secret->openEnvelope()); | |||||
| if (!Filesystem::binaryExists('ssh-keygen')) { | |||||
| throw new Exception( | |||||
| pht( | |||||
| 'Decrypting SSH keys requires the `%s` binary, but it '. | |||||
| 'is not available in %s. Either make it available or strip the '. | |||||
| 'password from this SSH key manually before uploading it.', | |||||
| 'ssh-keygen', | |||||
| '$PATH')); | |||||
| } | |||||
| list($err, $stdout, $stderr) = exec_manual( | |||||
| 'ssh-keygen -p -P %P -N %s -f %s', | |||||
| $password, | |||||
| '', | |||||
| (string)$tmp); | |||||
| if ($err) { | |||||
| return null; | |||||
| } else { | |||||
| return new PhutilOpaqueEnvelope(Filesystem::readFile($tmp)); | |||||
| } | |||||
| } | |||||
| } | } | ||||