github.com/kubernetes-incubator/kube-aws@v0.16.4/credential/pki.go (about)

     1  package credential
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"os"
     7  
     8  	"github.com/kubernetes-incubator/kube-aws/logger"
     9  	"github.com/kubernetes-incubator/kube-aws/pkg/api"
    10  	"github.com/kubernetes-incubator/kube-aws/pki"
    11  )
    12  
    13  type ProtectedPKI struct {
    14  	Encryptor
    15  	*pki.PKI
    16  }
    17  
    18  func NewProtectedPKI(enc Encryptor) *ProtectedPKI {
    19  	return &ProtectedPKI{
    20  		Encryptor: enc,
    21  		PKI:       pki.NewPKI(),
    22  	}
    23  }
    24  
    25  func (ppki *ProtectedPKI) CreateKeyaPair(spec api.KeyPairSpec) error {
    26  	var signer *pki.KeyPair
    27  	if spec.Signer != "" {
    28  		signerCert, err := ioutil.ReadFile(spec.SignerCertPath())
    29  		if err != nil {
    30  			return fmt.Errorf("failed to read signer certificate %s for creating %s: %v", spec.SignerCertPath(), spec.Name, err)
    31  		}
    32  		signerKey, err := ioutil.ReadFile(spec.SignerKeyPath())
    33  		if err != nil {
    34  			return fmt.Errorf("failed to read signer key %s for creating %s: %v", spec.SignerKeyPath(), spec.Name, err)
    35  		}
    36  		signer, err = pki.KeyPairFromPEMs(spec.Signer, signerCert, signerKey)
    37  	}
    38  	keypair, err := ppki.GenerateKeyPair(spec, signer)
    39  	if err != nil {
    40  		return err
    41  	}
    42  
    43  	keypath := spec.KeyPath()
    44  	keypem := keypair.KeyInPEM()
    45  	logger.Infof("Writing key pem file %s", keypath)
    46  	if err := ioutil.WriteFile(keypath, keypem, 0644); err != nil {
    47  		return err
    48  	}
    49  
    50  	crtpath := spec.CertPath()
    51  	crtpem := keypair.CertInPEM()
    52  	logger.Infof("Writing certificate pem file %s", crtpath)
    53  	if err := ioutil.WriteFile(crtpath, crtpem, 0644); err != nil {
    54  		return err
    55  	}
    56  
    57  	return nil
    58  }
    59  
    60  func (ppki *ProtectedPKI) EnsureKeyPairsCreated(specs []api.KeyPairSpec) error {
    61  	for _, spec := range specs {
    62  		keypath := spec.KeyPath()
    63  		shapath := spec.KeyPath() + ".fingerprint"
    64  		encpath := spec.EncryptedKeyPath()
    65  		crtpath := spec.CertPath()
    66  		if !fileExists(keypath) && !fileExists(encpath) && !fileExists(shapath) && !fileExists(crtpath) {
    67  			if err := ppki.CreateKeyaPair(spec); err != nil {
    68  				return err
    69  			}
    70  		}
    71  	}
    72  	return nil
    73  }
    74  
    75  func fileExists(path string) bool {
    76  	info, err := os.Stat(path)
    77  	if os.IsNotExist(err) {
    78  		return false
    79  	}
    80  	return !info.IsDir()
    81  }