X-Git-Url: https://git.openstreetmap.org./dns.git/blobdiff_plain/6a5910323d3c563d57865c58fa5db2b66c85fba7..701876ec5ff6e6341779cd9738d6de53c9e17f3a:/bin/mksshfp diff --git a/bin/mksshfp b/bin/mksshfp index ef8dda0..f3b6d1a 100755 --- a/bin/mksshfp +++ b/bin/mksshfp @@ -1,57 +1,39 @@ #!/usr/bin/perl +use strict; +use warnings; + +use Digest::SHA qw(sha256_hex); +use MIME::Base64; + my %hosts; if (-f "/etc/ssh/ssh_known_hosts") { - open(SSHFP, "-|","sshfp -k /etc/ssh/ssh_known_hosts 2>&1") || die $!; + open(HOSTS, "<", "/etc/ssh/ssh_known_hosts") || die $!; - while (my $line = ) + while (my $line = ) { - if ($line =~ /^(\S+)\.openstreetmap\.org IN SSHFP (\d+) (\d+) ([0-9A-F]+)$/) + last if $line =~ /^# Manually maintained records$/; + + if ($line =~ /^([^, ]+)\S* (\S+) (\S+)$/) { my $host = $1; my $algorithm = $2; - my $type = $3; - my $value = $4; + my $value = uc(sha256_hex(decode_base64($3))); - if ($type == 2 && $algorithm != 2) + $host =~ s/\.openstreetmap\.org$//; + + if ($algorithm ne "2") { - my $wanted = 0; - - if (exists($hosts{$host})) - { - if ($algorithm == 3) - { - $wanted = 1; - } - elsif ($algorithm == 4 && $hosts{$host}->{algorithm} != 3) - { - $wanted = 1; - } - } - else - { - $wanted = 1; - } - - if ($wanted) - { - $hosts{$host} = { - algorithm => $algorithm, - type => $type, - value => $value - }; - } + $hosts{$host} ||= {}; + + $hosts{$host}->{$algorithm} = $value; } } - elsif ($line !~ /^WARNING: Assuming /) - { - warn $line; - } } - close(SSHFP); + close(HOSTS); } open(SSHFP_JS, ">", "include/sshfp.js") || die $!; @@ -60,11 +42,22 @@ print SSHFP_JS qq|var SSHFP_RECORDS = [\n|; foreach my $host (sort keys %hosts) { - my $algorithm = $hosts{$host}->{algorithm}; - my $type = $hosts{$host}->{type}; - my $value = $hosts{$host}->{value}; + if ($hosts{$host}->{"ecdsa-sha2-nistp256"} || $hosts{$host}->{"ssh-ed25519"}) + { + if ($hosts{$host}->{"ecdsa-sha2-nistp256"}) + { + print SSHFP_JS sshfp_record($host, "3", $hosts{$host}->{"ecdsa-sha2-nistp256"}); + } - print SSHFP_JS qq| SSHFP("${host}", ${algorithm}, ${type}, "${value}"),\n|; + if ($hosts{$host}->{"ssh-ed25519"}) + { + print SSHFP_JS sshfp_record($host, "4", $hosts{$host}->{"ssh-ed25519"}); + } + } + elsif ($hosts{$host}->{"ssh-rsa"}) + { + print SSHFP_JS sshfp_record($host, "1", $hosts{$host}->{"ssh-rsa"}); + } } print SSHFP_JS qq|];\n|; @@ -72,3 +65,12 @@ print SSHFP_JS qq|];\n|; close(SSHFP_JS); exit 0; + +sub sshfp_record +{ + my $host = shift; + my $algorithm = shift; + my $value = shift; + + return qq| SSHFP("${host}", ${algorithm}, 2, "${value}"),\n|; +}