danderson/ofborg
0
0
Fork 0
forked from the-distro/ofborg
Code Pull requests Activity

config: convert PEM to DER format on the fly

Browse source 
hubcaps requires a DER formatted key, but their instructions for
converting PEM to DER didn't work for me. So, we rely on rustls-pemfile
to parse the PEM key into DER bytes and hand that to hubcaps.
This commit is contained in:
Cole Helbling 2023-02-13 14:19:05 -08:00
parent 2beea85aed
commit cf2c6712bd
3 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Cargo.lock generated
View file

@ -258,6 +258,12 @@ version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]]
name = "base64"
version = "0.21.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a"
[[package]]
name = "bitflags"
version = "1.3.2"
@ -1297,6 +1303,7 @@ dependencies = [
"md5",
"nom 4.2.3",
"regex",
"rustls-pemfile",
"separator",
"serde",
"serde_derive",
@ -1678,11 +1685,11 @@ dependencies = [
[[package]]
name = "rustls-pemfile"
version = "1.0.1"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55"
checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b"
dependencies = [
"base64 0.13.1",
"base64 0.21.0",
]
[[package]]

1
ofborg/Cargo.toml
View file

@ -32,3 +32,4 @@ tempfile = "3.3.0"
tracing = "0.1.37"
tracing-subscriber = { version = "0.3.16", features = ["json", "env-filter"] }
uuid = { version = "1.2", features = ["v4"] }
rustls-pemfile = "1.0.2"

13
ofborg/src/config.rs
View file

@ -4,7 +4,7 @@ use crate::nix::Nix;
use std::collections::HashMap;
use std::fmt;
use std::fs::File;
use std::io::Read;
use std::io::{BufReader, Read};
use std::marker::PhantomData;
use std::path::{Path, PathBuf};
@ -183,8 +183,15 @@ impl GithubAppVendingMachine {
}
fn jwt(&self) -> JWTCredentials {
let key = std::fs::read(self.conf.private_key.clone()).expect("Unable to read private_key");
JWTCredentials::new(self.conf.app_id, key).expect("Unable to create JWTCredentials")
let private_key_file =
File::open(self.conf.private_key.clone()).expect("Unable to read private_key");
let mut private_key_reader = BufReader::new(private_key_file);
let private_keys = rustls_pemfile::rsa_private_keys(&mut private_key_reader)
.expect("Unable to convert private_key to DER format");
// We can be reasonably certain that there will only be one private key in this file
let private_key = &private_keys[0];
JWTCredentials::new(self.conf.app_id, private_key.to_vec())
.expect("Unable to create JWTCredentials")
}
fn install_id_for_repo(&mut self, owner: &str, repo: &str) -> Option<u64> {