github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move Private Key parsing to k8s.io/client-go/util/cert

pull/6/head
Christoph Blecker 2017-02-03 17:41:34 -08:00
parent 7028abc5fc
commit 89d1b09fdf
No known key found for this signature in database
GPG Key ID: B34A59A9D39F838B
3 changed files with 6 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/serviceaccount/BUILD
View File

@ -23,6 +23,7 @@ go_library(
"//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
"//vendor:k8s.io/apiserver/pkg/authentication/serviceaccount",
"//vendor:k8s.io/apiserver/pkg/authentication/user",
"//vendor:k8s.io/client-go/util/cert",
],
)
@ -38,6 +39,7 @@ go_test(
"//pkg/serviceaccount:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apiserver/pkg/authentication/serviceaccount",
"//vendor:k8s.io/client-go/util/cert",
],
)

28
pkg/serviceaccount/jwt.go
View File

@ -29,6 +29,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator"
apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/client-go/util/cert"
"k8s.io/kubernetes/pkg/api/v1"
jwt "github.com/dgrijalva/jwt-go"
@ -64,38 +65,13 @@ func ReadPrivateKey(file string) (interface{}, error) {
if err != nil {
return nil, err
}
key, err := ReadPrivateKeyFromPEM(data)
key, err := cert.ParsePrivateKeyPEM(data)
if err != nil {
return nil, fmt.Errorf("error reading private key file %s: %v", file, err)
}
return key, nil
}
// ReadPrivateKeyFromPEM is a helper function for reading a private key from a PEM-encoded file
func ReadPrivateKeyFromPEM(data []byte) (interface{}, error) {
var block *pem.Block
for {
// read the next block
block, data = pem.Decode(data)
if block == nil {
break
}
// get PEM bytes for just this block
blockData := pem.EncodeToMemory(block)
if key, err := jwt.ParseRSAPrivateKeyFromPEM(blockData); err == nil {
return key, nil
}
if key, err := jwt.ParseECPrivateKeyFromPEM(blockData); err == nil {
return key, nil
}
// tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks
// originally, only the first PEM block was parsed and expected to be a key block
}
return nil, fmt.Errorf("data does not contain a valid RSA or ECDSA private key")
}
// ReadPublicKeys is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded file.
// Reads public keys from both public and private key files.
func ReadPublicKeys(file string) ([]interface{}, error) {

3
pkg/serviceaccount/jwt_test.go
View File

@ -24,6 +24,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
"k8s.io/client-go/util/cert"
"k8s.io/kubernetes/pkg/api/v1"
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
"k8s.io/kubernetes/pkg/client/clientset_generated/clientset/fake"
@ -106,7 +107,7 @@ X2i8uIp/C/ASqiIGUeeKQtX0/IR3qCXyThP/dbCiHrF3v1cuhBOHY8CLVg==
-----END PUBLIC KEY-----`
func getPrivateKey(data string) interface{} {
key, _ := serviceaccount.ReadPrivateKeyFromPEM([]byte(data))
key, _ := cert.ParsePrivateKeyPEM([]byte(data))
return key
}