Add Azure PFX certificate support

Azure typically uses pfx files for service principal authentication. These are PKCS#12 files so just try and read a cert file as such if we can't already read it as PEM.
2020-10-20 22:09:17 +02:00 · 2020-10-20 22:09:17 +02:00 · 1082bffddd
parent 6d4fae0f2d
commit 1082bffddd
1 changed files with 13 additions and 2 deletions
--- a/builder/azure/common/client/tokenprovider_cert.go
+++ b/builder/azure/common/client/tokenprovider_cert.go
@ -15,6 +15,7 @@ import (

 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/hashicorp/packer/builder/azure/pkcs12"
 )

 func NewCertOAuthTokenProvider(env azure.Environment, clientID, clientCertPath, tenantID string) (oAuthTokenProvider, error) {
@ -124,7 +125,17 @@ func readCert(file string) (cert *x509.Certificate, key interface{}, err error)
 	}

 	if key == nil {
-		return nil, nil, fmt.Errorf("Did not find private key in pem file")
+		key, cert, err = pkcs12.Decode(d, "")
+		certs = append(certs, cert)
+
+		if err != nil {
+			return nil, nil, fmt.Errorf(
+				"Did not find private key in file, tried to read as PKCS#12 and failed: %v", err)
+		}
+	}
+
+	if key == nil {
+		return nil, nil, fmt.Errorf("Did not find private key in file")
 	}

 	// find the certificate that belongs to the private key by comparing the public keys
@ -148,7 +159,7 @@ func readCert(file string) (cert *x509.Certificate, key interface{}, err error)
 	}

 	if cert == nil {
-		return nil, nil, fmt.Errorf("Did not find certificate belonging to private key in pem file")
+		return nil, nil, fmt.Errorf("Did not find certificate belonging to private key in file")
 	}

 	return cert, key, nil