Calculate SSHFP records directly instead of using sshfp

[dns.git] / bin / mksshfp

#!/usr/bin/perl

use strict;
use warnings;

use Digest::SHA qw(sha256_hex);
use MIME::Base64;

my %algorithms = (
    "ssh-rsa" => "1",
    "ssh-dss" => "2",
    "ecdsa-sha2-nistp256" => "3",
    "ssh-ed25519" => "4"
);

my %hosts;

if (-f "/etc/ssh/ssh_known_hosts")
{
    open(HOSTS, "<", "/etc/ssh/ssh_known_hosts") || die $!;

    while (my $line = <HOSTS>)
    {
        if ($line =~ /^([^, ]+)\S* (\S+) (\S+)$/)
        {
            my $host = $1;
            my $algorithm = $algorithms{$2};
            my $value = uc(sha256_hex(decode_base64($3)));

            $host =~ s/\.openstreetmap\.org$//;
        
            if ($algorithm ne "2")
            {
                my $wanted = 0;

                if (exists($hosts{$host}))
                {
                    if ($algorithm eq "3")
                    {
                        $wanted = 1;
                    }
                    elsif ($algorithm eq "4" && $hosts{$host}->{algorithm} ne "3")
                    {
                        $wanted = 1;
                    }
                }
                else
                {
                    $wanted = 1;
                }

                if ($wanted)
                {
                    $hosts{$host} = {
                        algorithm => $algorithm,
                        type => "2",
                        value => $value
                    };
                }
            }
        }
    }

    close(HOSTS);
}

open(SSHFP_JS, ">", "include/sshfp.js") || die $!;

print SSHFP_JS qq|var SSHFP_RECORDS = [\n|;

foreach my $host (sort keys %hosts)
{
    my $algorithm = $hosts{$host}->{algorithm};
    my $type = $hosts{$host}->{type};
    my $value = $hosts{$host}->{value};

    print SSHFP_JS qq|  SSHFP("${host}", ${algorithm}, ${type}, "${value}"),\n|;
}

print SSHFP_JS qq|];\n|;

close(SSHFP_JS);

exit 0;