Merge pull request #70970 from awly/unexport-csr-parsecsr

Unexport csr.ParseCSR
2018-11-12 18:31:45 -08:00 · 2018-11-12 18:31:45 -08:00 · efd19d3c94
parent 27cf50d85e 41334cfdd3
commit efd19d3c94
1 changed files with 10 additions and 15 deletions
--- a/staging/src/k8s.io/client-go/util/certificate/csr/csr.go
+++ b/staging/src/k8s.io/client-go/util/certificate/csr/csr.go
@ -202,23 +202,23 @@ func digestedName(privateKeyData []byte, subject *pkix.Name, usages []certificat

 // ensureCompatible ensures that a CSR object is compatible with an original CSR
 func ensureCompatible(new, orig *certificates.CertificateSigningRequest, privateKey interface{}) error {
-	newCsr, err := ParseCSR(new)
+	newCSR, err := parseCSR(new)
 	if err != nil {
 		return fmt.Errorf("unable to parse new csr: %v", err)
 	}
-	origCsr, err := ParseCSR(orig)
+	origCSR, err := parseCSR(orig)
 	if err != nil {
 		return fmt.Errorf("unable to parse original csr: %v", err)
 	}
-	if !reflect.DeepEqual(newCsr.Subject, origCsr.Subject) {
-		return fmt.Errorf("csr subjects differ: new: %#v, orig: %#v", newCsr.Subject, origCsr.Subject)
+	if !reflect.DeepEqual(newCSR.Subject, origCSR.Subject) {
+		return fmt.Errorf("csr subjects differ: new: %#v, orig: %#v", newCSR.Subject, origCSR.Subject)
 	}
 	signer, ok := privateKey.(crypto.Signer)
 	if !ok {
 		return fmt.Errorf("privateKey is not a signer")
 	}
-	newCsr.PublicKey = signer.Public()
-	if err := newCsr.CheckSignature(); err != nil {
+	newCSR.PublicKey = signer.Public()
+	if err := newCSR.CheckSignature(); err != nil {
 		return fmt.Errorf("error validating signature new CSR against old key: %v", err)
 	}
 	if len(new.Status.Certificate) > 0 {
@ -247,17 +247,12 @@ func formatError(format string, err error) error {
 	return fmt.Errorf(format, err)
 }

-// ParseCSR extracts the CSR from the API object and decodes it.
-func ParseCSR(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) {
+// parseCSR extracts the CSR from the API object and decodes it.
+func parseCSR(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) {
 	// extract PEM from request object
-	pemBytes := obj.Spec.Request
-	block, _ := pem.Decode(pemBytes)
+	block, _ := pem.Decode(obj.Spec.Request)
 	if block == nil || block.Type != "CERTIFICATE REQUEST" {
 		return nil, fmt.Errorf("PEM block type must be CERTIFICATE REQUEST")
 	}
-	csr, err := x509.ParseCertificateRequest(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	return csr, nil
+	return x509.ParseCertificateRequest(block.Bytes)
 }