Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
ff124c4a
Unverified
Commit
ff124c4a
authored
Jan 27, 2017
by
Jordan Liggitt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow reading ECDSA key files containing parameter blocks
parent
96cfe7b9
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
45 additions
and
5 deletions
+45
-5
jwt.go
pkg/serviceaccount/jwt.go
+19
-5
jwt_test.go
pkg/serviceaccount/jwt_test.go
+26
-0
No files found.
pkg/serviceaccount/jwt.go
View file @
ff124c4a
...
@@ -73,11 +73,25 @@ func ReadPrivateKey(file string) (interface{}, error) {
...
@@ -73,11 +73,25 @@ func ReadPrivateKey(file string) (interface{}, error) {
// ReadPrivateKeyFromPEM is a helper function for reading a private key from a PEM-encoded file
// ReadPrivateKeyFromPEM is a helper function for reading a private key from a PEM-encoded file
func
ReadPrivateKeyFromPEM
(
data
[]
byte
)
(
interface
{},
error
)
{
func
ReadPrivateKeyFromPEM
(
data
[]
byte
)
(
interface
{},
error
)
{
if
key
,
err
:=
jwt
.
ParseRSAPrivateKeyFromPEM
(
data
);
err
==
nil
{
var
block
*
pem
.
Block
return
key
,
nil
for
{
}
// read the next block
if
key
,
err
:=
jwt
.
ParseECPrivateKeyFromPEM
(
data
);
err
==
nil
{
block
,
data
=
pem
.
Decode
(
data
)
return
key
,
nil
if
block
==
nil
{
break
}
// get PEM bytes for just this block
blockData
:=
pem
.
EncodeToMemory
(
block
)
if
key
,
err
:=
jwt
.
ParseRSAPrivateKeyFromPEM
(
blockData
);
err
==
nil
{
return
key
,
nil
}
if
key
,
err
:=
jwt
.
ParseECPrivateKeyFromPEM
(
blockData
);
err
==
nil
{
return
key
,
nil
}
// tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks
// originally, only the first PEM block was parsed and expected to be a key block
}
}
return
nil
,
fmt
.
Errorf
(
"data does not contain a valid RSA or ECDSA private key"
)
return
nil
,
fmt
.
Errorf
(
"data does not contain a valid RSA or ECDSA private key"
)
}
}
...
...
pkg/serviceaccount/jwt_test.go
View file @
ff124c4a
...
@@ -81,6 +81,17 @@ X024wzbiw1q07jFCyfQmODzURAx1VNT7QVUMdz/N8vy47/H40AZJ
...
@@ -81,6 +81,17 @@ X024wzbiw1q07jFCyfQmODzURAx1VNT7QVUMdz/N8vy47/H40AZJ
-----END RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
`
`
// openssl ecparam -name prime256v1 -genkey -out ecdsa256params.pem
const
ecdsaPrivateKeyWithParams
=
`-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJ9LWDj3ZWe9CksPV7mZjD2dYXG9icfzxadCRwd3vr1toAoGCCqGSM49
AwEHoUQDQgAEaLNEpzbaaNTCkKjBVj7sxpfJ1ifJQGNvcck4nrzcwFRuujwVDDJh
95iIGwKCQeSg+yhdN6Q/p2XaxNIZlYmUhg==
-----END EC PRIVATE KEY-----
`
// openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem
// openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem
const
ecdsaPrivateKey
=
`-----BEGIN EC PRIVATE KEY-----
const
ecdsaPrivateKey
=
`-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEZmTmUhuanLjPA2CLquXivuwBDHTt5XYwgIr/kA1LtRoAoGCCqGSM49
MHcCAQEEIEZmTmUhuanLjPA2CLquXivuwBDHTt5XYwgIr/kA1LtRoAoGCCqGSM49
...
@@ -110,6 +121,10 @@ func TestReadPrivateKey(t *testing.T) {
...
@@ -110,6 +121,10 @@ func TestReadPrivateKey(t *testing.T) {
}
}
defer
os
.
Remove
(
f
.
Name
())
defer
os
.
Remove
(
f
.
Name
())
if
_
,
err
:=
serviceaccount
.
ReadPrivateKey
(
f
.
Name
());
err
==
nil
{
t
.
Fatalf
(
"Expected error reading key from empty file, got none"
)
}
if
err
:=
ioutil
.
WriteFile
(
f
.
Name
(),
[]
byte
(
rsaPrivateKey
),
os
.
FileMode
(
0600
));
err
!=
nil
{
if
err
:=
ioutil
.
WriteFile
(
f
.
Name
(),
[]
byte
(
rsaPrivateKey
),
os
.
FileMode
(
0600
));
err
!=
nil
{
t
.
Fatalf
(
"error writing private key to tmpfile: %v"
,
err
)
t
.
Fatalf
(
"error writing private key to tmpfile: %v"
,
err
)
}
}
...
@@ -123,6 +138,13 @@ func TestReadPrivateKey(t *testing.T) {
...
@@ -123,6 +138,13 @@ func TestReadPrivateKey(t *testing.T) {
if
_
,
err
:=
serviceaccount
.
ReadPrivateKey
(
f
.
Name
());
err
!=
nil
{
if
_
,
err
:=
serviceaccount
.
ReadPrivateKey
(
f
.
Name
());
err
!=
nil
{
t
.
Fatalf
(
"error reading private ECDSA key: %v"
,
err
)
t
.
Fatalf
(
"error reading private ECDSA key: %v"
,
err
)
}
}
if
err
:=
ioutil
.
WriteFile
(
f
.
Name
(),
[]
byte
(
ecdsaPrivateKeyWithParams
),
os
.
FileMode
(
0600
));
err
!=
nil
{
t
.
Fatalf
(
"error writing private key to tmpfile: %v"
,
err
)
}
if
_
,
err
:=
serviceaccount
.
ReadPrivateKey
(
f
.
Name
());
err
!=
nil
{
t
.
Fatalf
(
"error reading private ECDSA key with params: %v"
,
err
)
}
}
}
func
TestReadPublicKeys
(
t
*
testing
.
T
)
{
func
TestReadPublicKeys
(
t
*
testing
.
T
)
{
...
@@ -132,6 +154,10 @@ func TestReadPublicKeys(t *testing.T) {
...
@@ -132,6 +154,10 @@ func TestReadPublicKeys(t *testing.T) {
}
}
defer
os
.
Remove
(
f
.
Name
())
defer
os
.
Remove
(
f
.
Name
())
if
_
,
err
:=
serviceaccount
.
ReadPublicKeys
(
f
.
Name
());
err
==
nil
{
t
.
Fatalf
(
"Expected error reading keys from empty file, got none"
)
}
if
err
:=
ioutil
.
WriteFile
(
f
.
Name
(),
[]
byte
(
rsaPublicKey
),
os
.
FileMode
(
0600
));
err
!=
nil
{
if
err
:=
ioutil
.
WriteFile
(
f
.
Name
(),
[]
byte
(
rsaPublicKey
),
os
.
FileMode
(
0600
));
err
!=
nil
{
t
.
Fatalf
(
"error writing public key to tmpfile: %v"
,
err
)
t
.
Fatalf
(
"error writing public key to tmpfile: %v"
,
err
)
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment