sshpk-verify 3.47 KB
#!/usr/bin/env node
// -*- mode: js -*-
// vim: set filetype=javascript :
// Copyright 2015 Joyent, Inc.  All rights reserved.

var dashdash = require('dashdash');
var sshpk = require('../lib/index');
var fs = require('fs');
var path = require('path');
var Buffer = require('safer-buffer').Buffer;

var options = [
	{
		names: ['hash', 'H'],
		type: 'string',
		help: 'Hash algorithm (sha1, sha256, sha384, sha512)'
	},
	{
		names: ['verbose', 'v'],
		type: 'bool',
		help: 'Display verbose info about key and hash used'
	},
	{
		names: ['identity', 'i'],
		type: 'string',
		help: 'Path to (public) key to use'
	},
	{
		names: ['file', 'f'],
		type: 'string',
		help: 'Input filename'
	},
	{
		names: ['format', 't'],
		type: 'string',
		help: 'Signature format (asn1, ssh, raw)'
	},
	{
		names: ['signature', 's'],
		type: 'string',
		help: 'base64-encoded signature data'
	},
	{
		names: ['help', 'h'],
		type: 'bool',
		help: 'Shows this help text'
	}
];

if (require.main === module) {
	var parser = dashdash.createParser({
		options: options
	});

	try {
		var opts = parser.parse(process.argv);
	} catch (e) {
		console.error('sshpk-verify: error: %s', e.message);
		process.exit(3);
	}

	if (opts.help || opts._args.length > 1) {
		var help = parser.help({}).trimRight();
		console.error('sshpk-verify: sign data using an SSH key\n');
		console.error(help);
		process.exit(3);
	}

	if (!opts.identity) {
		var help = parser.help({}).trimRight();
		console.error('sshpk-verify: the -i or --identity option ' +
		    'is required\n');
		console.error(help);
		process.exit(3);
	}

	if (!opts.signature) {
		var help = parser.help({}).trimRight();
		console.error('sshpk-verify: the -s or --signature option ' +
		    'is required\n');
		console.error(help);
		process.exit(3);
	}

	var keyData = fs.readFileSync(opts.identity);

	var key;
	try {
		key = sshpk.parseKey(keyData);
	} catch (e) {
		console.error('sshpk-verify: error loading key "' +
		    opts.identity + '": ' + e.name + ': ' + e.message);
		process.exit(2);
	}

	var fmt = opts.format || 'asn1';
	var sigData = Buffer.from(opts.signature, 'base64');

	var sig;
	try {
		sig = sshpk.parseSignature(sigData, key.type, fmt);
	} catch (e) {
		console.error('sshpk-verify: error parsing signature: ' +
		    e.name + ': ' + e.message);
		process.exit(2);
	}

	var hash = opts.hash || key.defaultHashAlgorithm();

	var verifier;
	try {
		verifier = key.createVerify(hash);
	} catch (e) {
		console.error('sshpk-verify: error creating verifier: ' +
		    e.name + ': ' + e.message);
		process.exit(2);
	}

	if (opts.verbose) {
		console.error('sshpk-verify: using %s-%s with a %d bit key',
		    key.type, hash, key.size);
	}

	var inFile = process.stdin;
	var inFileName = 'stdin';

	var inFilePath;
	if (opts.file) {
		inFilePath = opts.file;
	} else if (opts._args.length === 1) {
		inFilePath = opts._args[0];
	}

	if (inFilePath)
		inFileName = path.basename(inFilePath);

	try {
		if (inFilePath) {
			fs.accessSync(inFilePath, fs.R_OK);
			inFile = fs.createReadStream(inFilePath);
		}
	} catch (e) {
		console.error('sshpk-verify: error opening input file' +
		     ': ' + e.name + ': ' + e.message);
		process.exit(2);
	}

	inFile.pipe(verifier);
	inFile.on('end', function () {
		var ret;
		try {
			ret = verifier.verify(sig);
		} catch (e) {
			console.error('sshpk-verify: error verifying data: ' +
			    e.name + ': ' + e.message);
			process.exit(1);
		}

		if (ret) {
			console.error('OK');
			process.exit(0);
		}

		console.error('NOT OK');
		process.exit(1);
	});
}