Merge pull request #40612 from jcbsmpsn/share-certificate-loading-function

Automatic merge from submit-queue

Move certificate loading function where it can be shared.
This commit is contained in:
Kubernetes Submit Queue 2017-02-01 14:43:31 -08:00 committed by GitHub
commit e75aafd0de
2 changed files with 22 additions and 21 deletions

View File

@ -18,7 +18,6 @@ package app
import (
"fmt"
"io/ioutil"
_ "net/http/pprof"
"os"
"path/filepath"
@ -74,7 +73,7 @@ func bootstrapClientCert(kubeconfigPath string, bootstrapPath string, certDir st
if err != nil {
return fmt.Errorf("unable to build bootstrap key path: %v", err)
}
keyData, generatedKeyFile, err := loadOrGenerateKeyFile(keyPath)
keyData, generatedKeyFile, err := certutil.LoadOrGenerateKeyFile(keyPath)
if err != nil {
return err
}
@ -161,22 +160,3 @@ func loadRESTClientConfig(kubeconfig string) (*restclient.Config, error) {
loader,
).ClientConfig()
}
func loadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
loadedData, err := ioutil.ReadFile(keyPath)
if err == nil {
return loadedData, false, err
}
if !os.IsNotExist(err) {
return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
}
generatedData, err := certutil.MakeEllipticPrivateKeyPEM()
if err != nil {
return nil, false, fmt.Errorf("error generating key: %v", err)
}
if err := certutil.WriteKey(keyPath, generatedData); err != nil {
return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
}
return generatedData, true, nil
}

View File

@ -86,6 +86,27 @@ func WriteKey(keyPath string, data []byte) error {
return nil
}
// LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
// can't find one, it will generate a new key and store it there.
func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
loadedData, err := ioutil.ReadFile(keyPath)
if err == nil {
return loadedData, false, err
}
if !os.IsNotExist(err) {
return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
}
generatedData, err := MakeEllipticPrivateKeyPEM()
if err != nil {
return nil, false, fmt.Errorf("error generating key: %v", err)
}
if err := WriteKey(keyPath, generatedData); err != nil {
return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
}
return generatedData, true, nil
}
// NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func NewPool(filename string) (*x509.CertPool, error) {