blob: e09544152d740369414ed5a858ddc6e9933f8030 (
plain) (
tree)
|
|
<?php
class SSHKey
{
public static function getPrivateKey(?bool &$regen = false): ?string
{
$privKey = Property::get("rebootcontrol-private-key");
if (!$privKey) {
$rsaKey = openssl_pkey_new([
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA]);
if (!openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey)) {
$regen = false;
return null;
}
Property::set("rebootcontrol-private-key", $privKey);
if (Module::isAvailable('sysconfig')) {
ConfigTgz::rebuildAllConfigs();
}
$regen = true;
}
return $privKey;
}
public static function getPublicKey(): ?string
{
$pkImport = openssl_pkey_get_private(self::getPrivateKey());
if ($pkImport === false)
return null;
return self::sshEncodePublicKey($pkImport);
}
private static function sshEncodePublicKey($privKey): ?string
{
$keyInfo = openssl_pkey_get_details($privKey);
if ($keyInfo === false)
return null;
$buffer = pack("N", 7) . "ssh-rsa" .
self::sshEncodeBuffer($keyInfo['rsa']['e']) .
self::sshEncodeBuffer($keyInfo['rsa']['n']);
return "ssh-rsa " . base64_encode($buffer);
}
private static function sshEncodeBuffer(string $buffer): string
{
$len = strlen($buffer);
// Prefix with extra null byte if the MSB is set, to ensure
// nobody will ever interpret this as a negative number
if (ord($buffer[0]) & 0x80) {
$len++;
$buffer = "\x00" . $buffer;
}
return pack("Na*", $len, $buffer);
}
}
|