diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index a0fbb11f..d1dccdb9 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -1,7 +1,7 @@ { "ImportPath": "k8s.io/client-go", "GoVersion": "go1.11", - "GodepVersion": "v80", + "GodepVersion": "v80-k8s-r1", "Packages": [ "./..." ], @@ -272,339 +272,339 @@ }, { "ImportPath": "k8s.io/api/admissionregistration/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/apps/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/apps/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/apps/v1beta2", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/auditregistration/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/authentication/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/authentication/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/authorization/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/authorization/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/autoscaling/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/autoscaling/v2beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/autoscaling/v2beta2", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/batch/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/batch/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/batch/v2alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/certificates/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/coordination/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/coordination/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/core/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/events/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/extensions/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/imagepolicy/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/networking/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/policy/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/rbac/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/rbac/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/rbac/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/scheduling/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/scheduling/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/settings/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/storage/v1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/storage/v1alpha1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/api/storage/v1beta1", - "Rev": "ae57edb710cd3eb509bd3ee3a3284f61d3deb1f1" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/apitesting", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/fuzzer", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/roundtrip", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/equality", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/errors", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/meta", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/api/resource", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/conversion", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/fields", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/labels", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/schema", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/selection", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/types", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/cache", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/clock", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/diff", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/errors", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/framer", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/intstr", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/json", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/naming", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/net", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/runtime", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/sets", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/validation", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/validation/field", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/wait", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/util/yaml", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/version", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/pkg/watch", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect", - "Rev": "0e6dcdd1b5ce54a78820c9bad24e2dd32b3b2e79" + "Rev": "ccdd560a045f0efbefca88bf7ebe2692844055dd" }, { "ImportPath": "k8s.io/klog", diff --git a/util/cert/cert.go b/util/cert/cert.go index 3429c82c..7652fcc3 100644 --- a/util/cert/cert.go +++ b/util/cert/cert.go @@ -21,16 +21,13 @@ import ( "crypto" "crypto/ecdsa" "crypto/elliptic" - "crypto/rand" cryptorand "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" - "errors" "fmt" "io/ioutil" - "math" "math/big" "net" "path" @@ -39,7 +36,6 @@ import ( ) const ( - rsaKeySize = 2048 duration365d = time.Hour * 24 * 365 ) @@ -59,11 +55,6 @@ type AltNames struct { IPs []net.IP } -// NewPrivateKey creates an RSA private key -func NewPrivateKey() (*rsa.PrivateKey, error) { - return rsa.GenerateKey(cryptorand.Reader, rsaKeySize) -} - // NewSelfSignedCACert creates a CA certificate func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) { now := time.Now() @@ -87,39 +78,6 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro return x509.ParseCertificate(certDERBytes) } -// NewSignedCert creates a signed certificate using the given CA certificate and key -func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) { - serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64)) - if err != nil { - return nil, err - } - if len(cfg.CommonName) == 0 { - return nil, errors.New("must specify a CommonName") - } - if len(cfg.Usages) == 0 { - return nil, errors.New("must specify at least one ExtKeyUsage") - } - - certTmpl := x509.Certificate{ - Subject: pkix.Name{ - CommonName: cfg.CommonName, - Organization: cfg.Organization, - }, - DNSNames: cfg.AltNames.DNSNames, - IPAddresses: cfg.AltNames.IPs, - SerialNumber: serial, - NotBefore: caCert.NotBefore, - NotAfter: time.Now().Add(duration365d).UTC(), - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: cfg.Usages, - } - certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey) - if err != nil { - return nil, err - } - return x509.ParseCertificate(certDERBytes) -} - // MakeEllipticPrivateKeyPEM creates an ECDSA private key func MakeEllipticPrivateKeyPEM() ([]byte, error) { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) diff --git a/util/cert/pem.go b/util/cert/pem.go index b99e3665..4c5b7c18 100644 --- a/util/cert/pem.go +++ b/util/cert/pem.go @@ -26,51 +26,19 @@ import ( ) const ( + // ECPrivateKeyBlockType is a possible value for pem.Block.Type. ECPrivateKeyBlockType = "EC PRIVATE KEY" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" - // PrivateKeyBlockType is a possible value for pem.Block.Type. - PrivateKeyBlockType = "PRIVATE KEY" - // PublicKeyBlockType is a possible value for pem.Block.Type. - PublicKeyBlockType = "PUBLIC KEY" - // CertificateBlockType is a possible value for pem.Block.Type. - CertificateBlockType = "CERTIFICATE" // CertificateRequestBlockType is a possible value for pem.Block.Type. CertificateRequestBlockType = "CERTIFICATE REQUEST" + // CertificateBlockType is a possible value for pem.Block.Type. + CertificateBlockType = "CERTIFICATE" + // PrivateKeyBlockType is a possible value for pem.Block.Type. + PrivateKeyBlockType = "PRIVATE KEY" ) -// EncodePublicKeyPEM returns PEM-encoded public data -func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) { - der, err := x509.MarshalPKIXPublicKey(key) - if err != nil { - return []byte{}, err - } - block := pem.Block{ - Type: PublicKeyBlockType, - Bytes: der, - } - return pem.EncodeToMemory(&block), nil -} - -// EncodePrivateKeyPEM returns PEM-encoded private key data -func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte { - block := pem.Block{ - Type: RSAPrivateKeyBlockType, - Bytes: x509.MarshalPKCS1PrivateKey(key), - } - return pem.EncodeToMemory(&block) -} - -// EncodeCertPEM returns PEM-endcoded certificate data -func EncodeCertPEM(cert *x509.Certificate) []byte { - block := pem.Block{ - Type: CertificateBlockType, - Bytes: cert.Raw, - } - return pem.EncodeToMemory(&block) -} - // ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. // Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY" func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) { @@ -147,6 +115,15 @@ func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error) { return keys, nil } +// EncodePrivateKeyPEM returns PEM-encoded private key data +func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte { + block := pem.Block{ + Type: RSAPrivateKeyBlockType, + Bytes: x509.MarshalPKCS1PrivateKey(key), + } + return pem.EncodeToMemory(&block) +} + // ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array // Returns an error if a certificate could not be parsed, or if the data does not contain any certificates func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) {