github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2025-06-25 14:41:53 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #70970 from awly/unexport-csr-parsecsr

Browse Source 
Unexport csr.ParseCSR

Kubernetes-commit: efd19d3c9419b60f8a75cb1bd45b2c31c88cfb51
This commit is contained in:
Kubernetes Publisher 2018-11-12 18:31:45 -08:00
commit b5f2e1aa4f
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
util/certificate/csr/csr.go
View File

@ -202,23 +202,23 @@ func digestedName(privateKeyData []byte, subject *pkix.Name, usages []certificat
// ensureCompatible ensures that a CSR object is compatible with an original CSR // ensureCompatible ensures that a CSR object is compatible with an original CSR
func ensureCompatible(new, orig *certificates.CertificateSigningRequest, privateKey interface{}) error { func ensureCompatible(new, orig *certificates.CertificateSigningRequest, privateKey interface{}) error {
newCsr, err := ParseCSR(new) newCSR, err := parseCSR(new)
if err != nil { if err != nil {
return fmt.Errorf("unable to parse new csr: %v", err) return fmt.Errorf("unable to parse new csr: %v", err)
} }
origCsr, err := ParseCSR(orig) origCSR, err := parseCSR(orig)
if err != nil { if err != nil {
return fmt.Errorf("unable to parse original csr: %v", err) return fmt.Errorf("unable to parse original csr: %v", err)
} }
if !reflect.DeepEqual(newCsr.Subject, origCsr.Subject) { if !reflect.DeepEqual(newCSR.Subject, origCSR.Subject) {
return fmt.Errorf("csr subjects differ: new: %#v, orig: %#v", newCsr.Subject, origCsr.Subject) return fmt.Errorf("csr subjects differ: new: %#v, orig: %#v", newCSR.Subject, origCSR.Subject)
} }
signer, ok := privateKey.(crypto.Signer) signer, ok := privateKey.(crypto.Signer)
if !ok { if !ok {
return fmt.Errorf("privateKey is not a signer") return fmt.Errorf("privateKey is not a signer")
} }
newCsr.PublicKey = signer.Public() newCSR.PublicKey = signer.Public()
if err := newCsr.CheckSignature(); err != nil { if err := newCSR.CheckSignature(); err != nil {
return fmt.Errorf("error validating signature new CSR against old key: %v", err) return fmt.Errorf("error validating signature new CSR against old key: %v", err)
} }
if len(new.Status.Certificate) > 0 { if len(new.Status.Certificate) > 0 {
@ -247,17 +247,12 @@ func formatError(format string, err error) error {
return fmt.Errorf(format, err) return fmt.Errorf(format, err)
} }
// ParseCSR extracts the CSR from the API object and decodes it. // parseCSR extracts the CSR from the API object and decodes it.
func ParseCSR(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) { func parseCSR(obj *certificates.CertificateSigningRequest) (*x509.CertificateRequest, error) {
// extract PEM from request object // extract PEM from request object
pemBytes := obj.Spec.Request block, _ := pem.Decode(obj.Spec.Request)
block, _ := pem.Decode(pemBytes)
if block == nil || block.Type != "CERTIFICATE REQUEST" { if block == nil || block.Type != "CERTIFICATE REQUEST" {
return nil, fmt.Errorf("PEM block type must be CERTIFICATE REQUEST") return nil, fmt.Errorf("PEM block type must be CERTIFICATE REQUEST")
} }
csr, err := x509.ParseCertificateRequest(block.Bytes) return x509.ParseCertificateRequest(block.Bytes)
if err != nil {
return nil, err
}
return csr, nil
} }