builder/googlecompute: private key tests
This commit is contained in:
Mitchell Hashimoto
parent
3fad2421c5
commit
6507afd3ad
|
|
@ -8,29 +8,35 @@ import (
|
|||
"io/ioutil"
|
||||
)
|
||||
|
||||
// processPrivateKeyFile.
|
||||
// processPrivateKeyFile takes a private key file and an optional passphrase
|
||||
// and decodes it to a byte slice.
|
||||
func processPrivateKeyFile(privateKeyFile, passphrase string) ([]byte, error) {
|
||||
rawPrivateKeyBytes, err := ioutil.ReadFile(privateKeyFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed loading private key file: %s", err)
|
||||
}
|
||||
|
||||
PEMBlock, _ := pem.Decode(rawPrivateKeyBytes)
|
||||
if PEMBlock == nil {
|
||||
return nil, fmt.Errorf("%s does not contain a vaild private key", privateKeyFile)
|
||||
}
|
||||
|
||||
if x509.IsEncryptedPEMBlock(PEMBlock) {
|
||||
if passphrase == "" {
|
||||
return nil, errors.New("a passphrase must be specified when using an encrypted private key")
|
||||
}
|
||||
|
||||
decryptedPrivateKeyBytes, err := x509.DecryptPEMBlock(PEMBlock, []byte(passphrase))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Failed decrypting private key: %s", err)
|
||||
}
|
||||
|
||||
b := &pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: decryptedPrivateKeyBytes,
|
||||
}
|
||||
return pem.EncodeToMemory(b), nil
|
||||
}
|
||||
|
||||
return rawPrivateKeyBytes, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,78 @@
|
|||
package googlecompute
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func testPrivateKeyFile(t *testing.T) string {
|
||||
tf, err := ioutil.TempFile("", "packer")
|
||||
if err != nil {
|
||||
t.Fatalf("bad: %s", err)
|
||||
}
|
||||
defer tf.Close()
|
||||
|
||||
b := &pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: []byte("what"),
|
||||
}
|
||||
|
||||
if err := pem.Encode(tf, b); err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
return tf.Name()
|
||||
}
|
||||
|
||||
func TestProcesssPrivateKeyFile(t *testing.T) {
|
||||
path := testPrivateKeyFile(t)
|
||||
defer os.Remove(path)
|
||||
|
||||
data, err := processPrivateKeyFile(path, "")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
if len(data) <= 0 {
|
||||
t.Fatalf("bad: %#v", data)
|
||||
}
|
||||
}
|
||||
|
||||
func TestProcessPrivateKeyFile_encrypted(t *testing.T) {
|
||||
// Encrypt the file
|
||||
b, err := x509.EncryptPEMBlock(rand.Reader,
|
||||
"RSA PRIVATE KEY",
|
||||
[]byte("what"),
|
||||
[]byte("password"),
|
||||
x509.PEMCipherAES128)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
tf, err := ioutil.TempFile("", "packer")
|
||||
if err != nil {
|
||||
t.Fatalf("bad: %s", err)
|
||||
}
|
||||
defer os.Remove(tf.Name())
|
||||
|
||||
err = pem.Encode(tf, b)
|
||||
tf.Close()
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
path := tf.Name()
|
||||
|
||||
// Should have an error with a bad password
|
||||
if _, err := processPrivateKeyFile(path, "bad"); err == nil {
|
||||
t.Fatal("should error")
|
||||
}
|
||||
|
||||
if _, err := processPrivateKeyFile(path, "password"); err != nil {
|
||||
t.Fatalf("bad: %s", err)
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue