ACU/process/ldap/check_ssh_key.pl

#! /usr/bin/env perl

use v5.10.1;
use strict;
use warnings;
use File::Temp qw/ tempfile /;
use Pod::Usage;

BEGIN {
    push @INC, "../../";
}

use ACU::Process;
use ACU::API::Base;
use ACU::Log;

sub check_key($)
{
    my $filename = shift;
    # Call ssh-keygen
    if (`ssh-keygen -l -f $filename 2> /dev/null` =~ /^([0-9]+) [0-9a-f:]+ [a-zA-Z0-9\/_-]+ \(([A-Z]+)\)$/)
    {
	log INFO, "Receive valid key: type $2, size $1";
	if ($2 eq "RSA") {
	    if ($1 >= 4096) {
		return API::Base::make_response("0", "Clef RSA valide.");
	    }
	    else {
		return API::Base::make_response("2", "Clef RSA trop petite, utilisez ssh-keygen -t rsa -b 4096.");
	    }
	}
	elsif ($2 eq "ECDSA") {
	    return API::Base::make_response("0", "Clef ECDSA valide.");
	}
	elsif ($2 eq "DSA") {
	    return API::Base::make_response("3", "Veuillez utiliser ssh-keygen -t rsa ou ssh-keygen -t ecdsa");
	}
	else {
	    do_warn("Unknown type: $2");
	    return API::Base::make_response("3", "Veuillez utiliser ssh-keygen -t rsa ou ssh-keygen -t ecdsa");
	}
    }
    else {
	return API::Base::make_response("4", "Veuillez utiliser ssh-keygen -t rsa ou ssh-keygen -t ecdsa");
    }
}

sub process
{
    my ($given_args, $args) = @_;

    my ($fh, $filename) = tempfile();
    # Write key to file
    print $fh $args->{param}{key};
    close $fh;

    my $msg = check_key $filename;

    unlink $filename;

    return $msg;
}

if (@ARGV) {
    check_key shift;
}
else {
    Process::register("check_ssh_key", \&process);
}