xref: /third_party/node/deps/npm/node_modules/sshpk/bin/sshpk-sign

#!/usr/bin/env node
// -*- mode: js -*-
// vim: set filetype=javascript :
// Copyright 2015 Joyent, Inc.  All rights reserved.

var dashdash = require('dashdash');
var sshpk = require('../lib/index');
var fs = require('fs');
var path = require('path');
var getPassword = require('getpass').getPass;

var options = [
	{
		names: ['hash', 'H'],
		type: 'string',
		help: 'Hash algorithm (sha1, sha256, sha384, sha512)'
	},
	{
		names: ['verbose', 'v'],
		type: 'bool',
		help: 'Display verbose info about key and hash used'
	},
	{
		names: ['identity', 'i'],
		type: 'string',
		help: 'Path to key to use'
	},
	{
		names: ['file', 'f'],
		type: 'string',
		help: 'Input filename'
	},
	{
		names: ['out', 'o'],
		type: 'string',
		help: 'Output filename'
	},
	{
		names: ['format', 't'],
		type: 'string',
		help: 'Signature format (asn1, ssh, raw)'
	},
	{
		names: ['binary', 'b'],
		type: 'bool',
		help: 'Output raw binary instead of base64'
	},
	{
		names: ['help', 'h'],
		type: 'bool',
		help: 'Shows this help text'
	}
];

var parseOpts = {};

if (require.main === module) {
	var parser = dashdash.createParser({
		options: options
	});

	try {
		var opts = parser.parse(process.argv);
	} catch (e) {
		console.error('sshpk-sign: error: %s', e.message);
		process.exit(1);
	}

	if (opts.help || opts._args.length > 1) {
		var help = parser.help({}).trimRight();
		console.error('sshpk-sign: sign data using an SSH key\n');
		console.error(help);
		process.exit(1);
	}

	if (!opts.identity) {
		var help = parser.help({}).trimRight();
		console.error('sshpk-sign: the -i or --identity option ' +
		    'is required\n');
		console.error(help);
		process.exit(1);
	}

	var keyData = fs.readFileSync(opts.identity);
	parseOpts.filename = opts.identity;

	run();
}

function run() {
	var key;
	try {
		key = sshpk.parsePrivateKey(keyData, 'auto', parseOpts);
	} catch (e) {
		if (e.name === 'KeyEncryptedError') {
			getPassword(function (err, pw) {
				parseOpts.passphrase = pw;
				run();
			});
			return;
		}
		console.error('sshpk-sign: error loading private key "' +
		    opts.identity + '": ' + e.name + ': ' + e.message);
		process.exit(1);
	}

	var hash = opts.hash || key.defaultHashAlgorithm();

	var signer;
	try {
		signer = key.createSign(hash);
	} catch (e) {
		console.error('sshpk-sign: error creating signer: ' +
		    e.name + ': ' + e.message);
		process.exit(1);
	}

	if (opts.verbose) {
		console.error('sshpk-sign: using %s-%s with a %d bit key',
		    key.type, hash, key.size);
	}

	var inFile = process.stdin;
	var inFileName = 'stdin';

	var inFilePath;
	if (opts.file) {
		inFilePath = opts.file;
	} else if (opts._args.length === 1) {
		inFilePath = opts._args[0];
	}

	if (inFilePath)
		inFileName = path.basename(inFilePath);

	try {
		if (inFilePath) {
			fs.accessSync(inFilePath, fs.R_OK);
			inFile = fs.createReadStream(inFilePath);
		}
	} catch (e) {
		console.error('sshpk-sign: error opening input file' +
		     ': ' + e.name + ': ' + e.message);
		process.exit(1);
	}

	var outFile = process.stdout;

	try {
		if (opts.out && !opts.identify) {
			fs.accessSync(path.dirname(opts.out), fs.W_OK);
			outFile = fs.createWriteStream(opts.out);
		}
	} catch (e) {
		console.error('sshpk-sign: error opening output file' +
		    ': ' + e.name + ': ' + e.message);
		process.exit(1);
	}

	inFile.pipe(signer);
	inFile.on('end', function () {
		var sig;
		try {
			sig = signer.sign();
		} catch (e) {
			console.error('sshpk-sign: error signing data: ' +
			    e.name + ': ' + e.message);
			process.exit(1);
		}

		var fmt = opts.format || 'asn1';
		var output;
		try {
			output = sig.toBuffer(fmt);
			if (!opts.binary)
				output = output.toString('base64');
		} catch (e) {
			console.error('sshpk-sign: error converting signature' +
			    ' to ' + fmt + ' format: ' + e.name + ': ' +
			    e.message);
			process.exit(1);
		}

		outFile.write(output);
		if (!opts.binary)
			outFile.write('\n');
		outFile.once('drain', function () {
			process.exit(0);
		});
	});
}