github.com/kubernetes-incubator/kube-aws@v0.16.4/credential/pki.go (about) 1 package credential 2 3 import ( 4 "fmt" 5 "io/ioutil" 6 "os" 7 8 "github.com/kubernetes-incubator/kube-aws/logger" 9 "github.com/kubernetes-incubator/kube-aws/pkg/api" 10 "github.com/kubernetes-incubator/kube-aws/pki" 11 ) 12 13 type ProtectedPKI struct { 14 Encryptor 15 *pki.PKI 16 } 17 18 func NewProtectedPKI(enc Encryptor) *ProtectedPKI { 19 return &ProtectedPKI{ 20 Encryptor: enc, 21 PKI: pki.NewPKI(), 22 } 23 } 24 25 func (ppki *ProtectedPKI) CreateKeyaPair(spec api.KeyPairSpec) error { 26 var signer *pki.KeyPair 27 if spec.Signer != "" { 28 signerCert, err := ioutil.ReadFile(spec.SignerCertPath()) 29 if err != nil { 30 return fmt.Errorf("failed to read signer certificate %s for creating %s: %v", spec.SignerCertPath(), spec.Name, err) 31 } 32 signerKey, err := ioutil.ReadFile(spec.SignerKeyPath()) 33 if err != nil { 34 return fmt.Errorf("failed to read signer key %s for creating %s: %v", spec.SignerKeyPath(), spec.Name, err) 35 } 36 signer, err = pki.KeyPairFromPEMs(spec.Signer, signerCert, signerKey) 37 } 38 keypair, err := ppki.GenerateKeyPair(spec, signer) 39 if err != nil { 40 return err 41 } 42 43 keypath := spec.KeyPath() 44 keypem := keypair.KeyInPEM() 45 logger.Infof("Writing key pem file %s", keypath) 46 if err := ioutil.WriteFile(keypath, keypem, 0644); err != nil { 47 return err 48 } 49 50 crtpath := spec.CertPath() 51 crtpem := keypair.CertInPEM() 52 logger.Infof("Writing certificate pem file %s", crtpath) 53 if err := ioutil.WriteFile(crtpath, crtpem, 0644); err != nil { 54 return err 55 } 56 57 return nil 58 } 59 60 func (ppki *ProtectedPKI) EnsureKeyPairsCreated(specs []api.KeyPairSpec) error { 61 for _, spec := range specs { 62 keypath := spec.KeyPath() 63 shapath := spec.KeyPath() + ".fingerprint" 64 encpath := spec.EncryptedKeyPath() 65 crtpath := spec.CertPath() 66 if !fileExists(keypath) && !fileExists(encpath) && !fileExists(shapath) && !fileExists(crtpath) { 67 if err := ppki.CreateKeyaPair(spec); err != nil { 68 return err 69 } 70 } 71 } 72 return nil 73 } 74 75 func fileExists(path string) bool { 76 info, err := os.Stat(path) 77 if os.IsNotExist(err) { 78 return false 79 } 80 return !info.IsDir() 81 }