--- a/refresh-auth	Thu Apr 24 08:27:30 2008 +0100
+++ b/refresh-auth	Fri May 02 17:33:39 2008 +0100
@@ -8,7 +8,8 @@
 import sys
 import os
 import os.path
-import re
+import ruleset
+import subprocess
 
 if len(sys.argv) != 2:
     sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
@@ -17,24 +18,32 @@
 wrappercommand = sys.argv[1]
 akeyfile = os.path.expanduser("~/.ssh/authorized_keys")
 
-allowedchars = "A-Za-z0-9_.-"
-goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
 akeys = open(akeyfile + "_new", "w")
 for root, dirs, files in os.walk("keys"):
     for fn in files:
         ffn = os.path.join(root, fn)
-        if goodpathre.match(ffn) is None:
+        if not ruleset.goodpath(ffn):
             # ignore any path that contains dodgy characters
             continue
         keyname = ffn[5:]
         prefix=('command="%s",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
             % ('%s %s' % (wrappercommand, keyname)))
-        kf = open(ffn)
-        try:
-            for l in kf:
-                akeys.write("%s %s\n" % (prefix, l.strip()))
-        finally:
-            kf.close()
+        p = subprocess.Popen(("ssh-keygen", "-i", "-f", ffn), 
+            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        newkey = p.communicate()[0]
+        if p.wait() == 0:
+            klines = [l.strip() for l in newkey.split("\n")]
+        else:
+            # Conversion failed, read it directly.
+            kf = open(ffn)
+            try:
+                klines = [l.strip() for l in kf]
+            finally:
+                kf.close()
+        for l in klines:
+            if len(l):
+                akeys.write("%s %s\n" % (prefix, l))
+
 akeys.close()
 
 os.rename(akeyfile + "_new", akeyfile)