diff options
Diffstat (limited to 'paramiko/rsakey.py')
-rw-r--r-- | paramiko/rsakey.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 7abcfa28..3f28689a 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -54,8 +54,26 @@ class RSAKey(PKey): else: if msg is None: raise SSHException('Key object may not be empty') - if msg.get_text() != 'ssh-rsa': + type_ = msg.get_text() + nonce = None + # Regular public key - nothing special to do besides the implicit + # type check. + if type_ == 'ssh-rsa': + pass + # OpenSSH-compatible certificate - store full copy as .public_blob + # (so signing works correctly) and then fast-forward past the + # nonce. + elif type_ == 'ssh-rsa-cert-v01@openssh.com': + # This seems the cleanest way to 'clone' an already-being-read + # message? + self.load_certificate(Message(msg.asbytes())) + # Read out nonce as it comes before the public numbers. + # TODO: usefully interpret it & other non-public-number fields + nonce = msg.get_string() + else: raise SSHException('Invalid key') + # Now that we've read type and (possibly) nonce, public numbers are + # next in either case. self.key = rsa.RSAPublicNumbers( e=msg.get_mpint(), n=msg.get_mpint() ).public_key(default_backend()) |