ref(pkg/controller/utils.go,pkg/sshd/sshd.go): send public key fingerprint to controller

Aaron Schlesinger · Aaron Schlesinger · commit 87f49a251f2a · 2016-02-09T14:46:38.000-08:00
Instead of encoded public key
diff --git a/pkg/controller/utils.go b/pkg/controller/utils.go
@@ -1,14 +1,16 @@
 package controller
 
 import (
-	"encoding/base64"
+	"crypto/md5"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"os"
 	"strings"
 
 	"github.com/deis/builder/pkg/conf"
+	"golang.org/x/crypto/ssh"
 )
 
 const (
@@ -39,9 +41,30 @@ func controllerURLStr(additionalPath ...string) (string, error) {
 	return fmt.Sprintf("http://%s:%s/%s", host, port, strings.Join(additionalPath, "/")), nil
 }
 
-func UserInfoFromKey(key string) (*UserInfo, error) {
-	keyB64 := base64.RawURLEncoding.EncodeToString([]byte(key))
-	url, err := controllerURLStr("v2", "hooks", "key", keyB64)
+// fingerprint generates a colon-separated fingerprint string from a public key.
+func fingerprint(key ssh.PublicKey) string {
+	hash := md5.Sum(key.Marshal())
+	buf := make([]byte, hex.EncodedLen(len(hash)))
+	hex.Encode(buf, hash[:])
+	// We need this in colon notation:
+	fp := make([]byte, len(buf)+15)
+
+	i, j := 0, 0
+	for ; i < len(buf); i++ {
+		if i > 0 && i%2 == 0 {
+			fp[j] = ':'
+			j++
+		}
+		fp[j] = buf[i]
+		j++
+	}
+	return string(fp)
+}
+
+// UserInfoFromKey makes a request to the controller to get the user info from they given key
+func UserInfoFromKey(key ssh.PublicKey) (*UserInfo, error) {
+	fp := fingerprint(key)
+	url, err := controllerURLStr("v2", "hooks", "key", fp)
 	if err != nil {
 		return nil, err
 	}
@@ -75,5 +98,6 @@ func UserInfoFromKey(key string) (*UserInfo, error) {
 	if err := json.NewDecoder(res.Body).Decode(ret); err != nil {
 		return nil, err
 	}
+	ret.FingerPrint = fp
 	return ret, nil
 }
diff --git a/pkg/sshd/sshd.go b/pkg/sshd/sshd.go
@@ -71,15 +71,12 @@ func ParseHostKeys(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Inte
 func AuthKey(c cookoo.Context, p *cookoo.Params) (interface{}, cookoo.Interrupt) {
 	log.Debugf(c, "Starting ssh authentication")
 	key := p.Get("key", nil).(ssh.PublicKey)
-
-	strKey := string(ssh.MarshalAuthorizedKey(key))
-	log.Debugf(c, "Checking auth for user key %v", strKey)
-	userInfo, err := controller.UserInfoFromKey(strKey)
+	userInfo, err := controller.UserInfoFromKey(key)
 	if err != nil {
 		return nil, err
 	}
 
-	userInfo.Key = strKey
+	userInfo.Key = string(ssh.MarshalAuthorizedKey(key))
 	c.Put("userinfo", userInfo)
 
 	log.Infof(c, "Key accepted for user %s.", userInfo.Username)
