IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2024-12-28 18:01:01 -06:00
Code Issues Packages Projects Releases Wiki Activity
a0568e544f
opentofu/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go
James Nugent a0568e544f provider/triton: Move to joyent/triton-go (#13225) 
* provider/triton: Move to joyent/triton-go

This commit moves the Triton provider to the new joyent/triton-go
library from gosdc. This has a number of advantages - not least that
requests can be signed using an SSH agent without having to keep
unencrypted key material in memory.

Schema has been maintained for all resources, and several tests have
been added and acceptance tests repaired - in some cases by fixing bugs
in the underlying resources.

After applying this patch, all acceptance tests pass:

```
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/30 13:48:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/triton -v  -timeout 120m
=== RUN   TestProvider
--- PASS: TestProvider (0.00s)
=== RUN   TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN   TestAccTritonFabric_basic
--- PASS: TestAccTritonFabric_basic (15.11s)
=== RUN   TestAccTritonFirewallRule_basic
--- PASS: TestAccTritonFirewallRule_basic (1.48s)
=== RUN   TestAccTritonFirewallRule_update
--- PASS: TestAccTritonFirewallRule_update (1.55s)
=== RUN   TestAccTritonFirewallRule_enable
--- PASS: TestAccTritonFirewallRule_enable (1.52s)
=== RUN   TestAccTritonKey_basic
--- PASS: TestAccTritonKey_basic (11.76s)
=== RUN   TestAccTritonKey_noKeyName
--- PASS: TestAccTritonKey_noKeyName (11.20s)
=== RUN   TestAccTritonMachine_basic
--- PASS: TestAccTritonMachine_basic (82.19s)
=== RUN   TestAccTritonMachine_dns
--- PASS: TestAccTritonMachine_dns (173.36s)
=== RUN   TestAccTritonMachine_nic
--- PASS: TestAccTritonMachine_nic (167.82s)
=== RUN   TestAccTritonMachine_addNIC
--- PASS: TestAccTritonMachine_addNIC (192.11s)
=== RUN   TestAccTritonMachine_firewall
--- PASS: TestAccTritonMachine_firewall (188.53s)
=== RUN   TestAccTritonMachine_metadata
--- PASS: TestAccTritonMachine_metadata (614.57s)
=== RUN   TestAccTritonVLAN_basic
--- PASS: TestAccTritonVLAN_basic (0.93s)
=== RUN   TestAccTritonVLAN_update
--- PASS: TestAccTritonVLAN_update (1.50s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/triton	1463.621s
```

* provider/triton: Update docs for provider config

* deps: Vendor github.com/joyent/triton-go/...

* deps: Remove github.com/joyent/gosdc
2017-03-31 01:25:27 +03:00

74 lines
2.1 KiB
Go
Raw Blame History

package authentication
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"github.com/hashicorp/errwrap"
"golang.org/x/crypto/ssh"
"strings"
)
type PrivateKeySigner struct {
formattedKeyFingerprint string
keyFingerprint string
accountName string
hashFunc crypto.Hash
privateKey *rsa.PrivateKey
}
func NewPrivateKeySigner(keyFingerprint string, privateKeyMaterial []byte, accountName string) (*PrivateKeySigner, error) {
keyFingerprintMD5 := strings.Replace(keyFingerprint, ":", "", -1)
block, _ := pem.Decode(privateKeyMaterial)
if block == nil {
return nil, fmt.Errorf("Error PEM-decoding private key material: nil block received")
}
rsakey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, errwrap.Wrapf("Error parsing private key: %s", err)
}
sshPublicKey, err := ssh.NewPublicKey(rsakey.Public())
if err != nil {
return nil, errwrap.Wrapf("Error parsing SSH key from private key: %s", err)
}
matchKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, false)
displayKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, true)
if matchKeyFingerprint != keyFingerprintMD5 {
return nil, fmt.Errorf("Private key file does not match public key fingerprint")
}
return &PrivateKeySigner{
formattedKeyFingerprint: displayKeyFingerprint,
keyFingerprint: keyFingerprint,
accountName: accountName,
hashFunc: crypto.SHA1,
privateKey: rsakey,
}, nil
}
func (s *PrivateKeySigner) Sign(dateHeader string) (string, error) {
const headerName = "date"
hash := s.hashFunc.New()
hash.Write([]byte(fmt.Sprintf("%s: %s", headerName, dateHeader)))
digest := hash.Sum(nil)
signed, err := rsa.SignPKCS1v15(rand.Reader, s.privateKey, s.hashFunc, digest)
if err != nil {
return "", errwrap.Wrapf("Error signing date header: {{err}}", err)
}
signedBase64 := base64.StdEncoding.EncodeToString(signed)
return fmt.Sprintf(authorizationHeaderFormat, s.formattedKeyFingerprint, "rsa-sha1", headerName, signedBase64), nil
}
Reference in New Issue View Git Blame Copy Permalink