Add function to generate SSH KeyPair via templater

This commit adds functionality to generate SSH keypair via templater
plugins. ssh keypairs can be generated via generate-secrets phase.

Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I83720df5f934caf65dab201a1d0894ed3fee6cb5
This commit is contained in:
Sreejith Punnapuzha 2021-03-29 11:55:31 -05:00
parent 310bc282f5
commit ab85f2236f
4 changed files with 46 additions and 0 deletions

1
go.mod
View File

@ -31,6 +31,7 @@ require (
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.0.0 github.com/spf13/cobra v1.0.0
github.com/stretchr/testify v1.6.1 github.com/stretchr/testify v1.6.1
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 // indirect golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 // indirect
k8s.io/api v0.17.9 k8s.io/api v0.17.9

View File

@ -29,6 +29,8 @@ import (
"encoding/pem" "encoding/pem"
"math/big" "math/big"
"time" "time"
"golang.org/x/crypto/ssh"
) )
func toUint32(i int) uint32 { return uint32(i) } func toUint32(i int) uint32 { return uint32(i) }
@ -41,6 +43,11 @@ type dnParser struct {
dn []string dn []string
} }
type sshKey struct {
Private string
Public string
}
func (p *dnParser) startOver() { func (p *dnParser) startOver() {
p.dn = append(p.dn, p.cur.String()) p.dn = append(p.dn, p.cur.String())
p.cur = bytes.Buffer{} p.cur = bytes.Buffer{}
@ -218,6 +225,34 @@ func generateCertificateAuthorityEx(
return generateCertificateAuthorityWithKeyInternalEx(subj, daysValid, priv) return generateCertificateAuthorityWithKeyInternalEx(subj, daysValid, priv)
} }
// genSSHKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded
func genSSHKeyPair(encryptionBit int) (sshKey, error) {
key := sshKey{}
privateKey, err := rsa.GenerateKey(rand.Reader, encryptionBit)
if err != nil {
return key, err
}
privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
var private bytes.Buffer
if err = pem.Encode(&private, privateKeyPEM); err != nil {
return key, err
}
// generate public key
pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
if err != nil {
return key, err
}
public := ssh.MarshalAuthorizedKey(pub)
key.Public = string(public)
key.Private = private.String()
return key, nil
}
func generateCertificateAuthorityWithPEMKeyEx( func generateCertificateAuthorityWithPEMKeyEx(
subj string, subj string,
daysValid int, daysValid int,

View File

@ -168,3 +168,12 @@ func TestNameFromString(t *testing.T) {
assert.Equal(t, tc.expectedOut, *r) assert.Equal(t, tc.expectedOut, *r)
} }
} }
func TestGenSSHKeyPair(t *testing.T) {
key, err := genSSHKeyPair(2048)
assert.Nil(t, err)
assert.NotNil(t, key.Private)
assert.NotNil(t, key.Public)
assert.Contains(t, key.Private, "RSA PRIVATE KEY")
assert.Contains(t, key.Public, "ssh-rsa")
}

View File

@ -32,6 +32,7 @@ var genericMap = map[string]interface{}{
"genCAWithKeyEx": generateCertificateAuthorityWithPEMKeyEx, "genCAWithKeyEx": generateCertificateAuthorityWithPEMKeyEx,
"genSignedCertEx": generateSignedCertificateEx, "genSignedCertEx": generateSignedCertificateEx,
"genSignedCertWithKeyEx": generateSignedCertificateWithPEMKeyEx, "genSignedCertWithKeyEx": generateSignedCertificateWithPEMKeyEx,
"genSSHKeyPair": genSSHKeyPair,
"regexGen": regexGen, "regexGen": regexGen,
"toYaml": toYaml, "toYaml": toYaml,
"toUint32": toUint32, "toUint32": toUint32,