-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathentry.go
64 lines (55 loc) · 1.37 KB
/
entry.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package sshfp
import (
"bytes"
"crypto/sha256"
"fmt"
"math"
"time"
"github.com/miekg/dns"
"golang.org/x/crypto/ssh"
)
// Entry wraps a DNS SSHFP entry used for caching
type Entry struct {
*dns.SSHFP
ExpiresAt time.Time
Hostname string
Fingerprint []byte
}
// Entries for a single Hostname
type Entries []*Entry
// Validate checks if the SSH public key is valid
func (e *Entry) Validate(pubKey ssh.PublicKey) bool {
if e.Fingerprint == nil {
return false
}
fp := sha256.Sum256(pubKey.Marshal())
return bytes.Equal(e.Fingerprint, fp[:])
}
// TTL calculates the remaining seconds the entry is valid. When ExpiresAt field is zero then it
// never expires and returns math.MaxUint32.
func (e *Entry) TTL() uint32 {
if e.ExpiresAt.IsZero() {
return math.MaxUint32
}
ttl := time.Until(e.ExpiresAt)
if ttl < 1 {
return 0
}
return uint32(ttl / time.Second)
}
// IsExpired checks if the entry is expired
func (e *Entry) IsExpired() bool {
if e.ExpiresAt.IsZero() {
return false
}
return time.Now().After(e.ExpiresAt)
}
// IsValid checks if the entry is valid
func (e *Entry) IsValid() bool {
return true
}
// String creates a human readable presentation of the SSHFP entry
// <hostname> <algorithm string> <fingerprint type string>
func (e *Entry) String() string {
return fmt.Sprintf("%s %s %s", e.Hostname, Algorithm(e.SSHFP.Algorithm), Type(e.SSHFP.Type))
}