Expose the ssh.PublicKey into the CertificateCheckCallback (#818)

lhchavez · web-flow · commit dcc9331226b5 · 2021-09-05T19:00:59.000-07:00
This change exposes the raw SSH hostkey and the ssh.PublicKey into the
CertificateCheckCallback, so that callers can do better validations.
diff --git a/remote.go b/remote.go
@@ -252,7 +252,7 @@ const (
 // Certificate represents the two possible certificates which libgit2
 // knows it might find. If Kind is CertficateX509 then the X509 field
 // will be filled. If Kind is CertificateHostkey then the Hostkey
-// field will be fille.d
+// field will be filled.
 type Certificate struct {
 	Kind    CertificateKind
 	X509    *x509.Certificate
@@ -266,7 +266,7 @@ const (
 	HostkeyMD5    HostkeyKind = C.GIT_CERT_SSH_MD5
 	HostkeySHA1   HostkeyKind = C.GIT_CERT_SSH_SHA1
 	HostkeySHA256 HostkeyKind = C.GIT_CERT_SSH_SHA256
-	HostkeyRaw    HostkeyKind = 1 << 3
+	HostkeyRaw    HostkeyKind = C.GIT_CERT_SSH_RAW
 )
 
 // Server host key information. A bitmask containing the available fields.
@@ -476,6 +476,17 @@ func certificateCheckCallback(
 		C.memcpy(unsafe.Pointer(&cert.Hostkey.HashMD5[0]), unsafe.Pointer(&ccert.hash_md5[0]), C.size_t(len(cert.Hostkey.HashMD5)))
 		C.memcpy(unsafe.Pointer(&cert.Hostkey.HashSHA1[0]), unsafe.Pointer(&ccert.hash_sha1[0]), C.size_t(len(cert.Hostkey.HashSHA1)))
 		C.memcpy(unsafe.Pointer(&cert.Hostkey.HashSHA256[0]), unsafe.Pointer(&ccert.hash_sha256[0]), C.size_t(len(cert.Hostkey.HashSHA256)))
+		if (cert.Hostkey.Kind & HostkeyRaw) == HostkeyRaw {
+			cert.Hostkey.Hostkey = C.GoBytes(unsafe.Pointer(ccert.hostkey), C.int(ccert.hostkey_len))
+			var err error
+			cert.Hostkey.SSHPublicKey, err = ssh.ParsePublicKey(cert.Hostkey.Hostkey)
+			if err != nil {
+				if data.errorTarget != nil {
+					*data.errorTarget = err
+				}
+				return setCallbackError(errorMessage, err)
+			}
+		}
 	} else {
 		err := errors.New("unsupported certificate type")
 		if data.errorTarget != nil {
diff --git a/transport.go b/transport.go
@@ -128,11 +128,21 @@ func (t *Transport) SmartCertificateCheck(cert *Certificate, valid bool, hostnam
 			parent: C.git_cert{
 				cert_type: C.GIT_CERT_HOSTKEY_LIBSSH2,
 			},
-			_type: C.git_cert_ssh_t(cert.Kind),
+			_type:       C.git_cert_ssh_t(cert.Kind),
+			hostkey:     (*C.char)(C.CBytes(cert.Hostkey.Hostkey)),
+			hostkey_len: C.size_t(len(cert.Hostkey.Hostkey)),
 		}
+		defer C.free(unsafe.Pointer(chostkeyCert.hostkey))
 		C.memcpy(unsafe.Pointer(&chostkeyCert.hash_md5[0]), unsafe.Pointer(&cert.Hostkey.HashMD5[0]), C.size_t(len(cert.Hostkey.HashMD5)))
 		C.memcpy(unsafe.Pointer(&chostkeyCert.hash_sha1[0]), unsafe.Pointer(&cert.Hostkey.HashSHA1[0]), C.size_t(len(cert.Hostkey.HashSHA1)))
 		C.memcpy(unsafe.Pointer(&chostkeyCert.hash_sha256[0]), unsafe.Pointer(&cert.Hostkey.HashSHA256[0]), C.size_t(len(cert.Hostkey.HashSHA256)))
+		if cert.Hostkey.SSHPublicKey.Type() == "ssh-rsa" {
+			chostkeyCert.raw_type = C.GIT_CERT_SSH_RAW_TYPE_RSA
+		} else if cert.Hostkey.SSHPublicKey.Type() == "ssh-dss" {
+			chostkeyCert.raw_type = C.GIT_CERT_SSH_RAW_TYPE_DSS
+		} else {
+			chostkeyCert.raw_type = C.GIT_CERT_SSH_RAW_TYPE_UNKNOWN
+		}
 		ccert = (*C.git_cert)(unsafe.Pointer(&chostkeyCert))
 
 	case CertificateX509:
