package integration
import (
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"log"
"math/big"
"net/http"
"time"
"github.com/fullsailor/pkcs7"
)
const instanceDocument = `{
"devpayProductCodes" : null,
"availabilityZone" : "xx-test-1b",
"privateIp" : "10.1.2.3",
"version" : "2010-08-31",
"instanceId" : "i-00000000000000000",
"billingProducts" : null,
"instanceType" : "t2.micro",
"accountId" : "1",
"imageId" : "ami-00000000",
"pendingTime" : "2000-00-01T0:00:00Z",
"architecture" : "x86_64",
"kernelId" : null,
"ramdiskId" : null,
"region" : "xx-test-1"
}`
func instanceDocumentHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
_, err := w.Write([]byte(instanceDocument))
if err != nil {
w.WriteHeader(500)
}
}
func certificateGenerate() (priv *rsa.PrivateKey, derBytes []byte, err error) {
priv, err = rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("failed to generate private key: %s", err)
}
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
}
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Test"},
},
NotBefore: time.Now().Add(-24 * time.Hour),
NotAfter: time.Now().Add(365 * 24 * time.Hour),
}
derBytes, err = x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
return priv, derBytes, err
}
func pkcsHandler(priv *rsa.PrivateKey, derBytes []byte) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
cert, err := x509.ParseCertificate(derBytes)
if err != nil {
log.Fatalf("Cannot decode certificate: %s", err)
}
// Initialize a SignedData struct with content to be signed
signedData, err := pkcs7.NewSignedData([]byte(instanceDocument))
if err != nil {
log.Fatalf("Cannot initialize signed data: %s", err)
}
// Add the signing cert and private key
if err = signedData.AddSigner(cert, priv, pkcs7.SignerInfoConfig{}); err != nil {
log.Fatalf("Cannot add signer: %s", err)
}
// Finish() to obtain the signature bytes
detachedSignature, err := signedData.Finish()
if err != nil {
log.Fatalf("Cannot finish signing data: %s", err)
}
encoded := pem.EncodeToMemory(&pem.Block{Type: "PKCS7", Bytes: detachedSignature})
encoded = bytes.TrimPrefix(encoded, []byte("-----BEGIN PKCS7-----\n"))
encoded = bytes.TrimSuffix(encoded, []byte("\n-----END PKCS7-----\n"))
w.Header().Set("Content-Type", "text/plain")
_, err = w.Write(encoded)
if err != nil {
w.WriteHeader(500)
}
}
}
func stsHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/xml")
_, err := w.Write([]byte(`
arn:aws:iam::1:user/Test
AKIAI44QH8DHBEXAMPLE
1
01234567-89ab-cdef-0123-456789abcdef
`))
if err != nil {
w.WriteHeader(500)
}
}
func ec2Handler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/xml")
_, err := w.Write([]byte(`
8f7724cf-496f-496e-8fe3-example
-
r-1234567890abcdef0
123456789012
-
i-00000000000000000
ami-00000000
16
running
ip-192-168-1-88.eu-west-1.compute.internal
ec2-54-194-252-215.eu-west-1.compute.amazonaws.com
my_keypair
0
t2.micro
2015-12-22T10:44:05.000Z
eu-west-1c
default
disabled
subnet-56f5f633
vpc-11112222
192.168.1.88
54.194.252.215
true
-
sg-e4076980
SecurityGroup1
x86_64
ebs
/dev/xvda
-
/dev/xvda
vol-1234567890abcdef0
attached
2015-12-22T10:44:09.000Z
true
hvm
xMcwG14507example
-
Name
Server_1
xen
-
eni-551ba033
subnet-56f5f633
vpc-11112222
Primary network interface
123456789012
in-use
02:dd:2c:5e:01:69
192.168.1.88
ip-192-168-1-88.eu-west-1.compute.internal
true
-
sg-e4076980
SecurityGroup1
eni-attach-39697adc
0
attached
2015-12-22T10:44:05.000Z
true
54.194.252.215
ec2-54-194-252-215.eu-west-1.compute.amazonaws.com
amazon
-
192.168.1.88
ip-192-168-1-88.eu-west-1.compute.internal
true
54.194.252.215
ec2-54-194-252-215.eu-west-1.compute.amazonaws.com
amazon
-
2001:db8:1234:1a2b::123
false
`))
if err != nil {
w.WriteHeader(500)
}
}