reorganize key validation and fingerprint detection

40d916cd · Scott Duckworth · 0617f190 · 40d916cd · 40d916cd
Commit 40d916cd authored Aug 28, 2013 by Scott Duckworth
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 21 deletions

sshkey/models.py
+17 -7

sshkey/util.py
+0 -14

No files found.
--- a/sshkey/models.py
+++ b/sshkey/models.py
 from django.db import models
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
-from sshkey.util import sshkey_fingerprint, sshkey_re
+import base64
+import hashlib
+import re
+
+sshkey_re = re.compile(r'(?P<type>[\w-]+)\s+(?P<b64key>\S+)(?:\s+(?P<comment>\S+))?$')
+
+def sshkey_fingerprint(b64key):
+  key = base64.b64decode(b64key)
+  fp_plain = hashlib.md5(key).hexdigest()
+  return ':'.join(a+b for a,b in zip(fp_plain[::2], fp_plain[1::2]))

 class UserKey(models.Model):
  user = models.ForeignKey(User, db_index=True)
@@ -20,16 +29,17 @@ class UserKey(models.Model):
  def clean_fields(self, exclude=None):
    if not exclude or 'key' not in exclude:
      self.key = self.key.strip()
-      if len(self.key.splitlines()) > 1:
-        raise ValidationError({'key': ['Only one line is allowed']})

  def clean(self):
+    m = sshkey_re.match(self.key)
+    errmsg = 'Key is not a valid SSH protocol 2 base64-encoded key'
+    if not m:
+      raise ValidationError(errmsg)
    try:
-      self.fingerprint = sshkey_fingerprint(self.key)
-    except Exception, e:
-      raise ValidationError('Not a valid SSH key: ' + str(e))
+      self.fingerprint = sshkey_fingerprint(m.group('b64key'))
+    except TypeError:
+      raise ValidationError(errmsg)
    if not self.name:
-      m = sshkey_re.match(self.key)
      comment = m.group('comment')
      if not comment:
        raise ValidationError('Name or key comment required')

--- a/sshkey/util.py
+++ b/sshkey/util.py
-import base64
-import hashlib
-import re
-
-sshkey_re = re.compile(r'\s*(?P<type>ssh-\w+)\s+(?P<key>\S+)(?:\s+(?P<comment>\S+))?\s*$')
-
-def sshkey_fingerprint(key_line):
-  match = sshkey_re.match(key_line)
-  if not match:
-    raise Exception('Key is not in OpenSSH authorized_keys format')
-  key = base64.b64decode(match.group('key'))
-  fp_plain = hashlib.md5(key).hexdigest()
-  return ':'.join(a+b for a,b in zip(fp_plain[::2], fp_plain[1::2]))
-
 def lookup_command(args):
  import sys
  import urllib