Skip to content

Commit

Permalink
setup_sshkey: drop a dep on Crypto (#2004) (#2005)
Browse files Browse the repository at this point in the history
[PR #2004/42c0475d backport][stable-7] setup_sshkey: drop a dep on Crypto

This is a backport of PR #2004 as merged into main (42c0475).
SUMMARY
Adjust ec2-fingerprint.py so it use cryptography instead of the deprecated Crypto library.
(originally written by Gonéri)
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py
ADDITIONAL INFORMATION
Original PR (amazon.aws)
ansible-collections/amazon.aws#799

Reviewed-by: Mark Chappell
  • Loading branch information
patchback[bot] authored Nov 16, 2023
1 parent 3145cc7 commit 8aef2be
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 18 deletions.
5 changes: 1 addition & 4 deletions test-requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,5 @@ git+https://github.com/ansible-community/pytest-ansible-units.git ; python_versi
netaddr
# Sometimes needed where we don't have features we need in modules
awscli
# Used for comparing SSH Public keys to the Amazon fingerprints
# pycrypto is EoL using pycryptodome for now
pycryptodome
# Used by ec2_win_password
# Used for comparing SSH Public keys to the Amazon fingerprints and ec2_win_password
cryptography
3 changes: 1 addition & 2 deletions tests/integration/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ virtualenv
# Sometimes needed where we don't have features we need in modules
awscli
# Used for comparing SSH Public keys to the Amazon fingerprints
# pycrypto is EoL using pycryptodome for now
pycryptodome
cryptography
# Used by ec2_asg_scheduled_action
python-dateutil
22 changes: 10 additions & 12 deletions tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,28 +8,26 @@
(but without needing the OpenSSL CLI)
"""

from __future__ import absolute_import
from __future__ import division
from __future__ import print_function

__metaclass__ = type

import hashlib
import sys

from Crypto.PublicKey import RSA
from cryptography.hazmat.primitives import serialization

if len(sys.argv) == 0:
ssh_public_key = "id_rsa.pub"
else:
ssh_public_key = sys.argv[1]

with open(ssh_public_key, "r") as key_fh:
data = key_fh.read()

# Convert from SSH format to DER format
public_key = RSA.importKey(data).exportKey("DER")
md5digest = hashlib.md5(public_key).hexdigest()
with open(ssh_public_key, "rb") as key_file:
public_key = serialization.load_ssh_public_key(
key_file.read(),
)
pub_der = public_key.public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
md5digest = hashlib.md5(pub_der).hexdigest()
# Format the md5sum into the normal format
pairs = zip(md5digest[::2], md5digest[1::2])
md5string = ":".join(["".join(pair) for pair in pairs])
Expand Down

0 comments on commit 8aef2be

Please sign in to comment.