Add support for SHA256 fingerprint for diego-ssh

Add a new property sha256_fingerprint that diego can use to avoid incompatibilities when updating from sha1 to sha256

Author: nookala

lib/cloud_controller/diego/app_recipe_builder.rb

@@ -60,7 +60,8 @@ def app_lrp_arguments
           routes[SSH_ROUTES_KEY] = Oj.dump({
                                              container_port: DEFAULT_SSH_PORT,
                                              private_key: ssh_key.private_key,
-                                             host_fingerprint: ssh_key.fingerprint
+                                             host_fingerprint: ssh_key.fingerprint,
+                                             host_256_fingerprint: ssh_key.sha256_fingerprint
                                            })
         end
 

lib/cloud_controller/diego/ssh_key.rb

@@ -26,6 +26,10 @@ def fingerprint
           @fingerprint ||= ::SSHKey.new(key.to_der).sha1_fingerprint
         end
 
+        def sha256_fingerprint
+          @sha256_fingerprint ||= ::SSHKey.new(key.to_der).sha256_fingerprint
+        end
+
         private
 
         def key

spec/unit/lib/cloud_controller/diego/app_recipe_builder_spec.rb

@@ -901,7 +901,8 @@ module Diego
               expect(lrp.routes.routes['diego-ssh']).to eq(Oj.dump({
                                                                      container_port: 2222,
                                                                      private_key: ssh_key.private_key,
-                                                                     host_fingerprint: ssh_key.fingerprint
+                                                                     host_fingerprint: ssh_key.fingerprint,
+                                                                     host_256_fingerprint: ssh_key.sha256_fingerprint
                                                                    }))
             end
           end
@@ -1001,7 +1002,8 @@ module Diego
               expect(lrp.routes.routes['diego-ssh']).to eq(Oj.dump({
                                                                      container_port: 2222,
                                                                      private_key: ssh_key.private_key,
-                                                                     host_fingerprint: ssh_key.fingerprint
+                                                                     host_fingerprint: ssh_key.fingerprint,
+                                                                     host_256_fingerprint: ssh_key.sha256_fingerprint
                                                                    }))
             end
           end
@@ -1344,7 +1346,8 @@ module Diego
               expect(lrp.routes.routes['diego-ssh']).to eq(Oj.dump({
                                                                      container_port: 2222,
                                                                      private_key: ssh_key.private_key,
-                                                                     host_fingerprint: ssh_key.fingerprint
+                                                                     host_fingerprint: ssh_key.fingerprint,
+                                                                     host_256_fingerprint: ssh_key.sha256_fingerprint
                                                                    }))
             end
           end

spec/unit/lib/cloud_controller/diego/ssh_key_spec.rb

@@ -39,6 +39,13 @@ module Diego
           expect(ssh_key.fingerprint).to match(/([0-9a-f]{2}:){19}[0-9a-f]{2}/)
         end
       end
+
+      describe '#fingerprint 256' do
+        it 'returns an sha256 fingerprint' do
+          ssh_key = SSHKey.new(1024)
+          expect(ssh_key.sha256_fingerprint).to match(/[a-zA-Z0-9+\/=]{44}/)
+        end
+      end
     end
   end
 end