diff --git a/cmd/kubeadm/app/cmd/certs_test.go b/cmd/kubeadm/app/cmd/certs_test.go index b4c4c418ce1..1b824c48e80 100644 --- a/cmd/kubeadm/app/cmd/certs_test.go +++ b/cmd/kubeadm/app/cmd/certs_test.go @@ -359,18 +359,12 @@ func TestRunGenCSR(t *testing.T) { for _, name := range expectedCertificates { _, err = pkiutil.TryLoadKeyFromDisk(certDir, name) assert.NoErrorf(t, err, "failed to load key file: %s", name) - - _, err = pkiutil.TryLoadCSRFromDisk(certDir, name) - assert.NoError(t, err, "failed to load CSR file: %s", name) } t.Log("The command generates kubeconfig files in the configured --kubeconfig-dir") for _, name := range expectedKubeConfigs { _, err = clientcmd.LoadFromFile(kubeConfigDir + "/" + name + ".conf") assert.NoErrorf(t, err, "failed to load kubeconfig file: %s", name) - - _, err = pkiutil.TryLoadCSRFromDisk(kubeConfigDir, name+".conf") - assert.NoError(t, err, "failed to load kubeconfig CSR file: %s", name) } } diff --git a/cmd/kubeadm/app/util/pkiutil/pki_helpers.go b/cmd/kubeadm/app/util/pkiutil/pki_helpers.go index dbbd139f739..3113bfff861 100644 --- a/cmd/kubeadm/app/util/pkiutil/pki_helpers.go +++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers.go @@ -355,18 +355,6 @@ func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (crypto.PrivateKey, c } } -// TryLoadCSRFromDisk tries to load the CSR from the disk -func TryLoadCSRFromDisk(pkiPath, name string) (*x509.CertificateRequest, error) { - csrPath := pathForCSR(pkiPath, name) - - csr, err := CertificateRequestFromFile(csrPath) - if err != nil { - return nil, errors.Wrapf(err, "could not load the CSR %s", csrPath) - } - - return csr, nil -} - // PathsForCertAndKey returns the paths for the certificate and key given the path and basename. func PathsForCertAndKey(pkiPath, name string) (string, string) { return pathForCert(pkiPath, name), pathForKey(pkiPath, name) @@ -507,34 +495,6 @@ func EncodeCSRPEM(csr *x509.CertificateRequest) []byte { return pem.EncodeToMemory(&block) } -func parseCSRPEM(pemCSR []byte) (*x509.CertificateRequest, error) { - block, _ := pem.Decode(pemCSR) - if block == nil { - return nil, errors.New("data doesn't contain a valid certificate request") - } - - if block.Type != certutil.CertificateRequestBlockType { - return nil, errors.Errorf("expected block type %q, but PEM had type %q", certutil.CertificateRequestBlockType, block.Type) - } - - return x509.ParseCertificateRequest(block.Bytes) -} - -// CertificateRequestFromFile returns the CertificateRequest from a given PEM-encoded file. -// Returns an error if the file could not be read or if the CSR could not be parsed. -func CertificateRequestFromFile(file string) (*x509.CertificateRequest, error) { - pemBlock, err := os.ReadFile(file) - if err != nil { - return nil, errors.Wrap(err, "failed to read file") - } - - csr, err := parseCSRPEM(pemBlock) - if err != nil { - return nil, errors.Wrapf(err, "error reading certificate request file %s", file) - } - return csr, nil -} - // NewCSR creates a new CSR func NewCSR(cfg CertConfig, key crypto.Signer) (*x509.CertificateRequest, error) { RemoveDuplicateAltNames(&cfg.AltNames)