public function getPublicKey(PhabricatorUser $viewer, PassphraseCredential $credential) { $key = PassphraseSSHKey::loadFromPHID($credential->getPHID(), $viewer); $file = $key->getKeyfileEnvelope(); list($stdout) = execx('ssh-keygen -y -f %P', $file); return $stdout; }
private function loadCredential() { if ($this->credential === null) { $credential_phid = $this->getConfig('credentialPHID'); $this->credential = PassphraseSSHKey::loadFromPHID($credential_phid, PhabricatorUser::getOmnipotentUser()); } return $this->credential; }
private function openCredentialsIfNotOpen() { if ($this->passphraseSSHKey !== null) { return; } $credential = id(new PassphraseCredentialQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withIDs(array($this->getConfig('credential')))->needSecrets(true)->executeOne(); if ($credential->getProvidesType() !== PassphraseSSHPrivateKeyCredentialType::PROVIDES_TYPE) { throw new Exception(pht('Only private key credentials are supported.')); } $this->passphraseSSHKey = PassphraseSSHKey::loadFromPHID($credential->getPHID(), PhabricatorUser::getOmnipotentUser()); }
$pattern[] = '-o'; $pattern[] = 'UserKnownHostsFile=/dev/null'; $as_device = getenv('PHABRICATOR_AS_DEVICE'); $credential_phid = getenv('PHABRICATOR_CREDENTIAL'); if ($as_device) { $device = AlmanacKeys::getLiveDevice(); if (!$device) { throw new Exception(pht('Attempting to create an SSH connection that authenticates with ' . 'the current device, but this host is not configured as a cluster ' . 'device.')); } if ($credential_phid) { throw new Exception(pht('Attempting to proxy an SSH connection that authenticates with ' . 'both the current device and a specific credential. These options ' . 'are mutually exclusive.')); } } if ($credential_phid) { $viewer = PhabricatorUser::getOmnipotentUser(); $key = PassphraseSSHKey::loadFromPHID($credential_phid, $viewer); $pattern[] = '-l %P'; $arguments[] = $key->getUsernameEnvelope(); $pattern[] = '-i %P'; $arguments[] = $key->getKeyfileEnvelope(); } if ($as_device) { $pattern[] = '-l %R'; $arguments[] = AlmanacKeys::getClusterSSHUser(); $pattern[] = '-i %R'; $arguments[] = AlmanacKeys::getKeyPath('device.key'); } // Subversion passes us a host in the form "domain.com:port", which is not // valid for normal SSH but which we can parse into a valid "-p" flag. $passthru_args = $unconsumed_argv; $host = array_shift($passthru_args);
public static function loadFromPHID($phid, PhabricatorUser $viewer) { $key = new PassphraseSSHKey(); return $key->loadAndValidateFromPHID($phid, $viewer, PassphraseCredentialTypeSSHPrivateKey::PROVIDES_TYPE); }