lordwelch/sshrimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sshrimp/internal/signer/aws.go
Timmy Welch 4de02548c1
Add pre-commit
2023-05-24 17:40:52 -07:00

68 lines
1.4 KiB
Go
Raw Blame History

package signer
import (
"crypto"
"crypto/x509"
"io"
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
)
// KMSSigner an AWS asymetric crypto signer
type AWSSigner struct {
crypto.Signer
client kmsiface.KMSAPI
key string
}
// NewKMSSigner return a new instsance of AWSSigner
func NewAWSSigner(key string) *AWSSigner {
sess := session.Must(session.NewSession())
return &AWSSigner{
key: key,
client: kms.New(sess),
}
}
// Public returns the public key from KMS
func (s *AWSSigner) Public() crypto.PublicKey {
response, err := s.client.GetPublicKey(&kms.GetPublicKeyInput{
KeyId: &s.key,
})
if err != nil {
log.Print(err.Error())
return nil
}
publicKey, err := x509.ParsePKIXPublicKey(response.PublicKey)
if err != nil {
log.Print(err.Error())
return nil
}
return publicKey
}
// Sign a digest with the private key in KMS
func (s *AWSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
response, err := s.client.Sign(&kms.SignInput{
KeyId: &s.key,
Message: digest,
MessageType: aws.String(kms.MessageTypeDigest),
SigningAlgorithm: aws.String(kms.SigningAlgorithmSpecRsassaPkcs1V15Sha256),
})
if err != nil {
return nil, err
}
return response.Signature, nil
}
Reference in New Issue View Git Blame Copy Permalink