fix: fill read ssh host key pub keys

Fixes #404 Signed-off-by: Boris Glimcher <[email protected]>
opiproject · Jun 19, 2024 · f969315 · f969315
1 parent 4071520
commit f969315
Show file tree

Hide file tree

Showing 6 changed files with 112 additions and 12 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -198,6 +198,7 @@ services:
       - client-certs:/certs
       - dhcp-leases-folder:/var/lib/dhclient/
       - /etc/os-release:/etc/os-release
+      - /etc/ssh:/etc/ssh
     networks:
       - opi
     command: ['/opi-sztp-agent', 'daemon',

diff --git a/scripts/run_agent.sh b/scripts/run_agent.sh
@@ -18,6 +18,7 @@ ls -l /mnt/
 # run docker (not compose) in host network
 DHCLIENT_LEASE_FILE=/var/lib/NetworkManager/dhclient-eth0.lease
 docker run --rm -it --network=host -v /mnt/:/mnt \
+    --mount type=bind,source=/etc/ssh,target=/etc/ssh,readonly \
     --mount type=bind,source=/etc/os-release,target=/etc/os-release \
     --mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases \
     ${DOCKER_SZTP_IMAGE} \

diff --git a/sztp-agent/pkg/secureagent/daemon.go b/sztp-agent/pkg/secureagent/daemon.go
@@ -100,17 +100,17 @@ func (a *Agent) doReportProgress(s ProgressType) error {
 	p.IetfSztpBootstrapServerInput.ProgressType = s.String()
 	p.IetfSztpBootstrapServerInput.Message = "message sent via JSON"
 	if s == ProgressTypeBootstrapComplete {
-		// TODO: generate real key here
+		// TODO: use/generate real TA cert here
 		encodedKey := base64.StdEncoding.EncodeToString([]byte("mysshpass"))
 		p.IetfSztpBootstrapServerInput.TrustAnchorCerts.TrustAnchorCert = []string{encodedKey}
-		p.IetfSztpBootstrapServerInput.SSHHostKeys.SSHHostKey = []struct {
-			Algorithm string `json:"algorithm"`
-			KeyData   string `json:"key-data"`
-		}{
-			{
-				Algorithm: "ssh-rsa",
-				KeyData:   encodedKey,
-			},
+		for _, key := range readSSHHostKeyPublicFiles("/etc/ssh/ssh_host_*key.pub") {
+			p.IetfSztpBootstrapServerInput.SSHHostKeys.SSHHostKey = append(p.IetfSztpBootstrapServerInput.SSHHostKeys.SSHHostKey, struct {
+				Algorithm string `json:"algorithm"`
+				KeyData   string `json:"key-data"`
+			}{
+				Algorithm: key.Algorithm,
+				KeyData:   key.KeyData,
+			})
 		}
 	}
 	a.SetProgressJSON(p)

diff --git a/sztp-agent/pkg/secureagent/daemon_test.go b/sztp-agent/pkg/secureagent/daemon_test.go
@@ -17,7 +17,7 @@ import (
 //nolint:funlen
 func TestAgent_getBootstrapURL(t *testing.T) {
 	dhcpTestFileOK := "/tmp/test.dhcp"
-	createTempTestFile(dhcpTestFileOK, true)
+	createTempTestFile(dhcpTestFileOK, "", true)
 
 	type fields struct {
 		BootstrapURL             string
@@ -87,7 +87,8 @@ func TestAgent_getBootstrapURL(t *testing.T) {
 	deleteTempTestFile(dhcpTestFileOK)
 }
 
-func createTempTestFile(file string, _ bool) {
+func createTempTestFile(file string, content string, _ bool) {
+	log.Println("Creating file " + file)
 	// nolint:gosec
 	f, err := os.Create(file)
 	if err != nil {
@@ -109,6 +110,9 @@ func createTempTestFile(file string, _ bool) {
   expire 1 2022/08/15 19:22:05;
 }`
 
+	if content != "" {
+		mydhcpresponse = content
+	}
 	_, err2 := f.WriteString(mydhcpresponse)
 
 	if err2 != nil {
@@ -117,6 +121,7 @@ func createTempTestFile(file string, _ bool) {
 }
 
 func deleteTempTestFile(file string) {
+	log.Println("Deleting file " + file)
 	err := os.RemoveAll(file)
 
 	if err != nil {

diff --git a/sztp-agent/pkg/secureagent/utils.go b/sztp-agent/pkg/secureagent/utils.go
@@ -19,6 +19,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@@ -156,6 +157,34 @@ func generateInputJSONContent() string {
 	return string(inputJSON)
 }
 
+type publicKey struct {
+	Algorithm string
+	KeyData   string
+	Comment   string
+}
+
+func readSSHHostKeyPublicFiles(pattern string) []publicKey {
+	results := []publicKey{}
+	files, err := filepath.Glob(pattern)
+	if err != nil {
+		log.Printf("[ERROR] Error getting ssh host public keys file list : %v", err)
+		return results
+	}
+	for _, f := range files {
+		// nolint:gosec
+		data, _ := os.ReadFile(f)
+		parts := strings.Fields(string(data))
+		// [type-name] [base64-encoded-ssh-public-key] [comment]
+		if len(parts) < 2 {
+			log.Printf("[ERROR] Error parsing pub key, should contain at least 2 parts with spaces : %v", f)
+			continue
+		}
+		// ignore comment for now
+		results = append(results, publicKey{Algorithm: parts[0], KeyData: parts[1]})
+	}
+	return results
+}
+
 func replaceQuotes(input string) string {
 	return strings.ReplaceAll(input, "\"", "")
 }
diff --git a/sztp-agent/pkg/secureagent/utils_test.go b/sztp-agent/pkg/secureagent/utils_test.go
@@ -96,7 +96,7 @@ func Test_extractfromLine(t *testing.T) {
 
 func Test_linesInFileContains(t *testing.T) {
 	dhcpTestFileOK := "/tmp/test.dhcp"
-	createTempTestFile(dhcpTestFileOK, true)
+	createTempTestFile(dhcpTestFileOK, "", true)
 	type args struct {
 		file   string
 		substr string
@@ -125,6 +125,70 @@ func Test_linesInFileContains(t *testing.T) {
 	deleteTempTestFile(dhcpTestFileOK)
 }
 
+func Test_readSSHHostKeyPublicFiles(t *testing.T) {
+	type args struct {
+		file string
+		line string
+	}
+	tests := []struct {
+		name string
+		args args
+		want []publicKey
+	}{
+		{
+			name: "Test OK line in files no comment",
+			args: args{
+				file: "/tmp/test.pub",
+				line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR",
+			},
+			want: []publicKey{{Algorithm: "ssh-ed25519", KeyData: "AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR"}},
+		},
+		{
+			name: "Test OK line in files with comment",
+			args: args{
+				file: "/tmp/test.pub",
+				line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR comment",
+			},
+			want: []publicKey{{Algorithm: "ssh-ed25519", KeyData: "AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR"}},
+		},
+		{
+			name: "Test too many parts in file",
+			args: args{
+				file: "/tmp/test.pub",
+				line: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR comment error",
+			},
+			want: []publicKey{{Algorithm: "ssh-ed25519", KeyData: "AAAAC3NzaC1lZDI1NTE5AAAAID0mjQXlOvkM2HO5vTrSOdHOl3BGOqDiHrx8yYdbP8xR"}},
+		},
+		{
+			name: "Test not enough parts in file",
+			args: args{
+				file: "/tmp/test.pub",
+				line: "ssh-ed25519",
+			},
+			want: []publicKey{},
+		},
+		{
+			name: "Test file doesn't exist",
+			args: args{
+				file: "/tmp/test.pub",
+				line: "",
+			},
+			want: []publicKey{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.line != "" {
+				createTempTestFile(tt.args.file, tt.args.line, true)
+			}
+			if got := readSSHHostKeyPublicFiles(tt.args.file); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("readSSHHostKeyPublicFiles() = %v, want %v", got, tt.want)
+			}
+			deleteTempTestFile(tt.args.file)
+		})
+	}
+}
+
 func Test_replaceQuotes(t *testing.T) {
 	type args struct {
 		input string