public function getPublicKey(PhabricatorUser $viewer, PassphraseCredential $credential)
 {
     $key = PassphraseSSHKey::loadFromPHID($credential->getPHID(), $viewer);
     $file = $key->getKeyfileEnvelope();
     list($stdout) = execx('ssh-keygen -y -f %P', $file);
     return $stdout;
 }
 private function loadCredential()
 {
     if ($this->credential === null) {
         $credential_phid = $this->getConfig('credentialPHID');
         $this->credential = PassphraseSSHKey::loadFromPHID($credential_phid, PhabricatorUser::getOmnipotentUser());
     }
     return $this->credential;
 }
 private function openCredentialsIfNotOpen()
 {
     if ($this->passphraseSSHKey !== null) {
         return;
     }
     $credential = id(new PassphraseCredentialQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withIDs(array($this->getConfig('credential')))->needSecrets(true)->executeOne();
     if ($credential->getProvidesType() !== PassphraseSSHPrivateKeyCredentialType::PROVIDES_TYPE) {
         throw new Exception(pht('Only private key credentials are supported.'));
     }
     $this->passphraseSSHKey = PassphraseSSHKey::loadFromPHID($credential->getPHID(), PhabricatorUser::getOmnipotentUser());
 }
示例#4
0
$pattern[] = '-o';
$pattern[] = 'UserKnownHostsFile=/dev/null';
$as_device = getenv('PHABRICATOR_AS_DEVICE');
$credential_phid = getenv('PHABRICATOR_CREDENTIAL');
if ($as_device) {
    $device = AlmanacKeys::getLiveDevice();
    if (!$device) {
        throw new Exception(pht('Attempting to create an SSH connection that authenticates with ' . 'the current device, but this host is not configured as a cluster ' . 'device.'));
    }
    if ($credential_phid) {
        throw new Exception(pht('Attempting to proxy an SSH connection that authenticates with ' . 'both the current device and a specific credential. These options ' . 'are mutually exclusive.'));
    }
}
if ($credential_phid) {
    $viewer = PhabricatorUser::getOmnipotentUser();
    $key = PassphraseSSHKey::loadFromPHID($credential_phid, $viewer);
    $pattern[] = '-l %P';
    $arguments[] = $key->getUsernameEnvelope();
    $pattern[] = '-i %P';
    $arguments[] = $key->getKeyfileEnvelope();
}
if ($as_device) {
    $pattern[] = '-l %R';
    $arguments[] = AlmanacKeys::getClusterSSHUser();
    $pattern[] = '-i %R';
    $arguments[] = AlmanacKeys::getKeyPath('device.key');
}
// Subversion passes us a host in the form "domain.com:port", which is not
// valid for normal SSH but which we can parse into a valid "-p" flag.
$passthru_args = $unconsumed_argv;
$host = array_shift($passthru_args);
示例#5
0
 public static function loadFromPHID($phid, PhabricatorUser $viewer)
 {
     $key = new PassphraseSSHKey();
     return $key->loadAndValidateFromPHID($phid, $viewer, PassphraseCredentialTypeSSHPrivateKey::PROVIDES_TYPE);
 }