kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11837 from johngmyers/weaken-signer 

Weaken some interfaces
This commit is contained in:
Kubernetes Prow Robot 2021-06-23 09:46:11 -07:00 committed by GitHub
parent 82c050c382 5687b0d5dc
commit 698a187a80
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/awsmodel/oidc_provider.go
View File

@ -25,7 +25,7 @@ import (
// OIDCProviderBuilder configures IAM OIDC Provider // OIDCProviderBuilder configures IAM OIDC Provider
type OIDCProviderBuilder struct { type OIDCProviderBuilder struct {
*AWSModelContext *AWSModelContext
KeyStore fi.CAStore KeyStore fi.Keystore
Lifecycle fi.Lifecycle Lifecycle fi.Lifecycle
} }

3
pkg/pki/certificate_test.go
View File

@ -18,7 +18,6 @@ package pki
import ( import (
"bytes" "bytes"
"crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/pem" "encoding/pem"
@ -42,7 +41,7 @@ func TestGenerateCertificate(t *testing.T) {
{ {
var b bytes.Buffer var b bytes.Buffer
pkData, err := x509.MarshalPKIXPublicKey(key.Key.(*rsa.PrivateKey).Public()) pkData, err := x509.MarshalPKIXPublicKey(key.Key.Public())
require.NoError(t, err, "MarshalPKIXPublicKey") require.NoError(t, err, "MarshalPKIXPublicKey")
err = pem.Encode(&b, &pem.Block{Type: "RSA PUBLIC KEY", Bytes: pkData}) err = pem.Encode(&b, &pem.Block{Type: "RSA PUBLIC KEY", Bytes: pkData})

6
pkg/pki/csr.go
View File

@ -18,7 +18,6 @@ package pki
import ( import (
crypto_rand "crypto/rand" crypto_rand "crypto/rand"
"crypto/rsa"
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"math/big" "math/big"
@ -47,10 +46,7 @@ func BuildPKISerial(timestamp int64) *big.Int {
func signNewCertificate(privateKey *PrivateKey, template *x509.Certificate, signer *x509.Certificate, signerPrivateKey *PrivateKey) (*Certificate, error) { func signNewCertificate(privateKey *PrivateKey, template *x509.Certificate, signer *x509.Certificate, signerPrivateKey *PrivateKey) (*Certificate, error) {
if template.PublicKey == nil { if template.PublicKey == nil {
rsaPrivateKey, ok := privateKey.Key.(*rsa.PrivateKey) template.PublicKey = privateKey.Key.Public()
if ok {
template.PublicKey = rsaPrivateKey.Public()
}
} }
if template.PublicKey == nil { if template.PublicKey == nil {

6
pkg/pki/privatekey.go
View File

@ -72,7 +72,7 @@ func GeneratePrivateKey() (*PrivateKey, error) {
} }
type PrivateKey struct { type PrivateKey struct {
Key crypto.PrivateKey Key crypto.Signer
} }
func (k *PrivateKey) AsString() (string, error) { func (k *PrivateKey) AsString() (string, error) {
@ -177,7 +177,7 @@ func (k *PrivateKey) WriteToFile(filename string, perm os.FileMode) error {
return err return err
} }
func parsePEMPrivateKey(pemData []byte) (crypto.PrivateKey, error) { func parsePEMPrivateKey(pemData []byte) (crypto.Signer, error) {
for { for {
block, rest := pem.Decode(pemData) block, rest := pem.Decode(pemData)
if block == nil { if block == nil {
@ -193,7 +193,7 @@ func parsePEMPrivateKey(pemData []byte) (crypto.PrivateKey, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
return k.(crypto.PrivateKey), nil return k.(crypto.Signer), nil
} else { } else {
klog.Infof("Ignoring unexpected PEM block: %q", block.Type) klog.Infof("Ignoring unexpected PEM block: %q", block.Type)
} }

3
upup/pkg/fi/nodeup/nodetasks/bootstrap_client.go
View File

@ -20,7 +20,6 @@ import (
"bufio" "bufio"
"bytes" "bytes"
"context" "context"
"crypto/rsa"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/json" "encoding/json"
@ -103,7 +102,7 @@ func (b *BootstrapClientTask) Run(c *fi.Context) error {
b.keys[name] = key b.keys[name] = key
} }
pkData, err := x509.MarshalPKIXPublicKey(key.Key.(*rsa.PrivateKey).Public()) pkData, err := x509.MarshalPKIXPublicKey(key.Key.Public())
if err != nil { if err != nil {
return fmt.Errorf("marshalling public key: %v", err) return fmt.Errorf("marshalling public key: %v", err)
} }