46 throw new \InvalidArgumentException();
49 if ($message->getSignature() !== null) {
50 return self::CHECK_OK;
54 if ($algos->getClass(
'Key', $message->getAlgorithm()) !== null &&
55 $this->store->exists($message->getUserName(), $message->getKey())) {
56 $response = new \fpoirotte\Pssht\Messages\USERAUTH\PK\OK(
57 $message->getAlgorithm(),
60 $transport->writeMessage($response);
61 return self::CHECK_IGNORE;
63 return self::CHECK_REJECT;
72 throw new \InvalidArgumentException();
76 if ($message->getSignature() === null) {
77 return self::AUTH_REJECT;
80 $logging = \Plop\Plop::getInstance();
81 $reverse = gethostbyaddr($transport->getAddress());
83 $cls = $algos->getClass(
'Key', $message->getAlgorithm());
84 if ($cls === null || !$this->store->exists($message->getUserName(), $message->getKey())) {
86 'Rejected public key connection from remote host ' .
87 '"%(reverse)s" (%(address)s) to "%(luser)s": ' .
90 'luser' => escape($message->getUserName()),
91 'reverse' => $reverse,
92 'address' => $transport->getAddress(),
95 return self::AUTH_REJECT;
98 $decoder = new \fpoirotte\Pssht\Wire\Decoder();
99 $decoder->getBuffer()->push($message->getKey());
100 if ($decoder->decodeString() !== $message->getAlgorithm()) {
102 return self::AUTH_REJECT;
104 $key = $cls::unserialize($decoder);
106 $encoder = new \fpoirotte\Pssht\Wire\Encoder();
107 $encoder->encodeString($context[
'DH']->getExchangeHash());
109 $encoder->encodeString($message->getUserName());
110 $encoder->encodeString($message->getServiceName());
111 $encoder->encodeString(static::getName());
112 $encoder->encodeBoolean(
true);
113 $encoder->encodeString($message->getAlgorithm());
114 $encoder->encodeString($message->getKey());
116 if ($key->check($encoder->getBuffer()->get(0), $message->getSignature())) {
118 'Accepted public key connection from remote host '.
119 '"%(reverse)s" (%(address)s) to "%(luser)s" ' .
120 '(using "%(algorithm)s" algorithm)',
122 'luser' => escape($message->getUserName()),
123 'reverse' => $reverse,
124 'algorithm' => escape($message->getAlgorithm()),
125 'address' => $transport->getAddress(),
128 return self::AUTH_ACCEPT;
132 'Rejected public key connection from remote host ' .
133 '"%(reverse)s" (%(address)s) to "%(luser)s": '.
136 'luser' => escape($message->getUserName()),
137 'reverse' => $reverse,
138 'address' => $transport->getAddress(),
141 return self::AUTH_REJECT;
__construct(\fpoirotte\Pssht\KeyStore $store)
static getName()
Return the name of the algorithm.
check(\fpoirotte\Pssht\Messages\USERAUTH\REQUEST\Base $message,\fpoirotte\Pssht\Transport $transport, array &$context)
authenticate(\fpoirotte\Pssht\Messages\USERAUTH\REQUEST\Base $message,\fpoirotte\Pssht\Transport $transport, array &$context)
$store
Store for the public keys.