CA config: permit pasting a whole OpenSSH public key.

Now, we try putting the contents of the public-key edit box through ppk_load_s if it isn't a plain base64-encoded string.
2025-04-14 09:38:07 -05:00 · 2022-05-01 11:27:46 +01:00 · 2022-05-01 11:27:46 +01:00 · 6472b5ded7
commit 6472b5ded7
parent d06ae2f5c3
1 changed files with 33 additions and 1 deletions
--- a/ssh/ca-config.c
+++ b/ssh/ca-config.c
@ -164,15 +164,47 @@ static void ca_load_handler(dlgcontrol *ctrl, dlgparam *dp,
    }
 }

+static strbuf *decode_pubkey(ptrlen data, const char **error)
+{
+    /*
+     * See if we have a plain base64-encoded public key blob.
+     */
+    if (base64_valid(data))
+        return base64_decode_sb(data);
+
+    /*
+     * Otherwise, try to decode as if it was a public key _file_.
+     */
+    BinarySource src[1];
+    BinarySource_BARE_INIT_PL(src, data);
+    strbuf *blob = strbuf_new();
+    if (ppk_loadpub_s(src, NULL, BinarySink_UPCAST(blob), NULL, error))
+        return blob;
+
+    return NULL;
+}
+
 static void ca_save_handler(dlgcontrol *ctrl, dlgparam *dp,
                            void *data, int event)
 {
    struct ca_state *st = (struct ca_state *)ctrl->context.p;
    if (event == EVENT_ACTION) {
+        strbuf *pubkey;
+        {
+            const char *error;
+            pubkey = decode_pubkey(ptrlen_from_asciz(st->pubkey), &error);
+            if (!pubkey) {
+                char *msg = dupprintf("CA public key invalid: %s", error);
+                dlg_error_msg(dp, msg);
+                sfree(msg);
+                return;
+            }
+        }
+
        host_ca *hca = snew(host_ca);
        memset(hca, 0, sizeof(*hca));
        hca->name = dupstr(st->name);
-        hca->ca_public_key = base64_decode_sb(ptrlen_from_asciz(st->pubkey));
+        hca->ca_public_key = pubkey;
        hca->n_hostname_wildcards = count234(st->host_wcs);
        hca->hostname_wildcards = snewn(hca->n_hostname_wildcards, char *);
        for (size_t i = 0; i < hca->n_hostname_wildcards; i++)