@@ -2,9 +2,9 @@ package aws_signing_helper
22
33import (
44 "crypto/tls"
5- "crypto/x509"
65 "encoding/base64"
76 "errors"
7+ "log"
88 "net/http"
99 "runtime"
1010
@@ -19,6 +19,7 @@ type CredentialsOpts struct {
1919 PrivateKeyId string
2020 CertificateId string
2121 CertificateBundleId string
22+ CertIdentifier CertIdentifier
2223 RoleArn string
2324 ProfileArnStr string
2425 TrustAnchorArnStr string
@@ -51,30 +52,22 @@ func GenerateCredentials(opts *CredentialsOpts) (CredentialProcessOutput, error)
5152 opts .Region = trustAnchorArn .Region
5253 }
5354
54- privateKey , err := ReadPrivateKeyData (opts .PrivateKeyId )
55- if err != nil {
56- return CredentialProcessOutput {}, err
57- }
58- certificateData , err := ReadCertificateData (opts .CertificateId )
59- if err != nil {
60- return CredentialProcessOutput {}, err
61- }
62- certificateDerData , err := base64 .StdEncoding .DecodeString (certificateData .CertificateData )
63- if err != nil {
64- return CredentialProcessOutput {}, err
65- }
66- certificate , err := x509 .ParseCertificate ([]byte (certificateDerData ))
67- if err != nil {
68- return CredentialProcessOutput {}, err
69- }
70- var certificateChain []x509.Certificate
71- if opts .CertificateBundleId != "" {
72- certificateChainPointers , err := ReadCertificateBundleData (opts .CertificateBundleId )
55+ var signer Signer
56+ var signingAlgorithm string
57+ if opts .PrivateKeyId != "" {
58+ privateKey , err := ReadPrivateKeyData (opts .PrivateKeyId )
7359 if err != nil {
7460 return CredentialProcessOutput {}, err
7561 }
76- for _ , certificate := range certificateChainPointers {
77- certificateChain = append (certificateChain , * certificate )
62+ signer , signingAlgorithm , err = GetFileSystemSigner (privateKey , opts .CertificateId , opts .CertificateBundleId )
63+ if err != nil {
64+ return CredentialProcessOutput {}, errors .New ("unable to create request signer" )
65+ }
66+ } else {
67+ signer , signingAlgorithm , err = GetDarwinCertStoreSigner (opts .CertIdentifier )
68+ if err != nil {
69+ log .Println (err )
70+ return CredentialProcessOutput {}, errors .New ("unable to create request signer" )
7871 }
7972 }
8073
@@ -107,11 +100,20 @@ func GenerateCredentials(opts *CredentialsOpts) (CredentialProcessOutput, error)
107100 rolesAnywhereClient .Handlers .Build .RemoveByName ("core.SDKVersionUserAgentHandler" )
108101 rolesAnywhereClient .Handlers .Build .PushBackNamed (request.NamedHandler {Name : "v4x509.CredHelperUserAgentHandler" , Fn : request .MakeAddToUserAgentHandler ("CredHelper" , opts .Version , runtime .Version (), runtime .GOOS , runtime .GOARCH )})
109102 rolesAnywhereClient .Handlers .Sign .Clear ()
110- rolesAnywhereClient .Handlers .Sign .PushBackNamed (request.NamedHandler {Name : "v4x509.SignRequestHandler" , Fn : CreateSignFunction (privateKey , * certificate , certificateChain )})
103+ certificate , err := signer .Certificate ()
104+ if err != nil {
105+ return CredentialProcessOutput {}, errors .New ("unable to find certificate" )
106+ }
107+ certificateChain , err := signer .CertificateChain ()
108+ if err != nil {
109+ return CredentialProcessOutput {}, errors .New ("unable to find certificate chain" )
110+ }
111+ rolesAnywhereClient .Handlers .Sign .PushBackNamed (request.NamedHandler {Name : "v4x509.SignRequestHandler" , Fn : CreateRequestSignFunction (signer , signingAlgorithm , certificate , certificateChain )})
111112
113+ certificateStr := base64 .StdEncoding .EncodeToString (certificate .Raw )
112114 durationSeconds := int64 (opts .SessionDuration )
113115 createSessionRequest := rolesanywhere.CreateSessionInput {
114- Cert : & certificateData . CertificateData ,
116+ Cert : & certificateStr ,
115117 ProfileArn : & opts .ProfileArnStr ,
116118 TrustAnchorArn : & opts .TrustAnchorArnStr ,
117119 DurationSeconds : & (durationSeconds ),
0 commit comments