#!/usr/bin/env node // -*- mode: js -*- // vim: set filetype=javascript : // Copyright 2015 Joyent, Inc. All rights reserved.

var dashdash = require('dashdash'); var sshpk = require('../lib/index'); var fs = require('fs'); var path = require('path'); var Buffer = require('safer-buffer').Buffer;

var options = [

{
        names: ['hash', 'H'],
        type: 'string',
        help: 'Hash algorithm (sha1, sha256, sha384, sha512)'
},
{
        names: ['verbose', 'v'],
        type: 'bool',
        help: 'Display verbose info about key and hash used'
},
{
        names: ['identity', 'i'],
        type: 'string',
        help: 'Path to (public) key to use'
},
{
        names: ['file', 'f'],
        type: 'string',
        help: 'Input filename'
},
{
        names: ['format', 't'],
        type: 'string',
        help: 'Signature format (asn1, ssh, raw)'
},
{
        names: ['signature', 's'],
        type: 'string',
        help: 'base64-encoded signature data'
},
{
        names: ['help', 'h'],
        type: 'bool',
        help: 'Shows this help text'
}

];

if (require.main === module) {

var parser = dashdash.createParser({
        options: options
});

try {
        var opts = parser.parse(process.argv);
} catch (e) {
        console.error('sshpk-verify: error: %s', e.message);
        process.exit(3);
}

if (opts.help || opts._args.length > 1) {
        var help = parser.help({}).trimRight();
        console.error('sshpk-verify: sign data using an SSH key\n');
        console.error(help);
        process.exit(3);
}

if (!opts.identity) {
        var help = parser.help({}).trimRight();
        console.error('sshpk-verify: the -i or --identity option ' +
            'is required\n');
        console.error(help);
        process.exit(3);
}

if (!opts.signature) {
        var help = parser.help({}).trimRight();
        console.error('sshpk-verify: the -s or --signature option ' +
            'is required\n');
        console.error(help);
        process.exit(3);
}

var keyData = fs.readFileSync(opts.identity);

var key;
try {
        key = sshpk.parseKey(keyData);
} catch (e) {
        console.error('sshpk-verify: error loading key "' +
            opts.identity + '": ' + e.name + ': ' + e.message);
        process.exit(2);
}

var fmt = opts.format || 'asn1';
var sigData = Buffer.from(opts.signature, 'base64');

var sig;
try {
        sig = sshpk.parseSignature(sigData, key.type, fmt);
} catch (e) {
        console.error('sshpk-verify: error parsing signature: ' +
            e.name + ': ' + e.message);
        process.exit(2);
}

var hash = opts.hash || key.defaultHashAlgorithm();

var verifier;
try {
        verifier = key.createVerify(hash);
} catch (e) {
        console.error('sshpk-verify: error creating verifier: ' +
            e.name + ': ' + e.message);
        process.exit(2);
}

if (opts.verbose) {
        console.error('sshpk-verify: using %s-%s with a %d bit key',
            key.type, hash, key.size);
}

var inFile = process.stdin;
var inFileName = 'stdin';

var inFilePath;
if (opts.file) {
        inFilePath = opts.file;
} else if (opts._args.length === 1) {
        inFilePath = opts._args[0];
}

if (inFilePath)
        inFileName = path.basename(inFilePath);

try {
        if (inFilePath) {
                fs.accessSync(inFilePath, fs.R_OK);
                inFile = fs.createReadStream(inFilePath);
        }
} catch (e) {
        console.error('sshpk-verify: error opening input file' +
             ': ' + e.name + ': ' + e.message);
        process.exit(2);
}

inFile.pipe(verifier);
inFile.on('end', function () {
        var ret;
        try {
                ret = verifier.verify(sig);
        } catch (e) {
                console.error('sshpk-verify: error verifying data: ' +
                    e.name + ': ' + e.message);
                process.exit(1);
        }

        if (ret) {
                console.error('OK');
                process.exit(0);
        }

        console.error('NOT OK');
        process.exit(1);
});

}