check_key.py

1. #!/usr/bin/env python3
2.  
3. # http://sonelli.freshdesk.com/support/solutions/articles/139632-juicessh-supported-private-key-formats-openssh-pem-
4. # don't use this program
5. # use: ssh-keygen -t rsa -b 4096 -f you_key_file -m pem
6.  
7. """
8. Retval   0: File is ok
9. Retval -10: File is too big
10. Retval -20: Header not found
11. """
12. import sys
13. import logging
14. from pathlib import Path
15. from argparse import ArgumentParser
16.  
17.  
18. def check_key(file, log):
19.     """
20.    Returns  0 if the file is ok.
21.    Returns 10 if the file is too big.
22.    Returns 20 if the header was not found.
23.    """
24.     headers = [
25.         "-----{} RSA PRIVATE KEY-----",
26.         "-----{} DSA PRIVATE KEY-----",
27.         "-----{} PRIVATE KEY-----",
28.         "-----{} ENCRYPTED PRIVATE KEY-----",
29.     ]
30.     headers.sort(key=len)
31.     fsize = file.stat().st_size
32.     if fsize < 8 * 1024 ** 1:
33.         with file.open() as fd:
34.             header, *content, footer = fd.read().strip().splitlines()
35.         header_ok = any(header.startswith(h.format('BEGIN')) for h in headers)
36.         footer_ok = any(footer.startswith(h.format('END')) for h in headers)
37.         hf_err = False
38.         if header_ok and footer_ok:
39.             log.info('File is ok.')
40.             return 0
41.         if not header_ok:
42.             log.info('Header is not ok')
43.             log.debug(header)
44.             hf_err = True
45.         if not footer_ok:
46.             log.info('Footer is not ok')
47.             log.debug(footer)
48.             hf_err = True
49.         if hf_err:
50.             return 20
51.     log.info('File is too big')
52.     log.debug(f'File {file.name} has a size of {fsize // 1024**1:.2f} kiB.')
53.     return 10
54.  
55.  
56. def fix(file):
57.     """
58.    Dumb function to replace header and footer of the file
59.    and replaces it with the correct header
60.    """
61.     content = file.read_bytes().strip().splitlines()[1:-1]
62.     header = b"-----BEGIN RSA PRIVATE KEY-----"
63.     footer = b"-----END RSA PRIVATE KEY-----"
64.     new_content = [header, *content, footer]
65.     file.write_bytes(b'\n'.join(new_content))
66.  
67.  
68. def main():
69.     parser = ArgumentParser(description=__doc__)
70.     parser.add_argument('file', type=Path, help='SSH Private Keyfile')
71.     parser.add_argument('-i', action='store_true', help='Info')
72.     parser.add_argument('-v', action='store_true', help='Verbose')
73.     parser.add_argument('-f', action='store_true', help='Fix file inplace, expecting RSA')
74.     args = parser.parse_args()
75.     logging.basicConfig()
76.     log = logging.getLogger(sys.argv[0])
77.     if args.i:
78.         log.setLevel(logging.INFO)
79.     if args.v:
80.         log.setLevel(logging.DEBUG)
81.     retval = check_key(args.file, log)
82.     if args.f and retval != 0:
83.         log.info('Fixing file')
84.         fix(args.file)
85.     sys.exit(retval)
86.  
87.  
88. if __name__ == '__main__':
89.     main()