From c54ef2773db747bd1f28f45ff0d42a5b887d3801 Mon Sep 17 00:00:00 2001
From: Justin Santa Barbara <justin@fathomdb.com>
Date: Fri, 10 Jun 2016 13:35:40 -0400
Subject: [PATCH] upup: support Base64 and raw-string JSON encoding of
 certs/keys

For compatability reasons, we write the certificate & keys as base64
encoded strings.  I don't think we have to any more, but we have to be
able to parse it.
---
 upup/pkg/fi/ca.go | 52 +++++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 15 deletions(-)

diff --git a/upup/pkg/fi/ca.go b/upup/pkg/fi/ca.go
index 4332e8682a..c06a02e6c5 100644
--- a/upup/pkg/fi/ca.go
+++ b/upup/pkg/fi/ca.go
@@ -30,14 +30,24 @@ type Certificate struct {
 func (c *Certificate) UnmarshalJSON(b []byte) error {
 	s := ""
 	if err := json.Unmarshal(b, &s); err == nil {
-		d, err := base64.StdEncoding.DecodeString(s)
+		r, err := LoadPEMCertificate([]byte(s))
 		if err != nil {
-			return fmt.Errorf("error decoding certificate base64 data: %q", string(b))
-		}
-		r, err := LoadPEMCertificate(d)
-		if err != nil {
-			glog.Infof("Invalid certificate data: %q", string(b))
-			return fmt.Errorf("error parsing certificate: %v", err)
+			// Alternative form: Check if base64 encoded
+			// TODO: Do we need this?  I think we need this only on nodeup, but maybe we could just not base64-it?
+			d, err2 := base64.StdEncoding.DecodeString(s)
+			if err2 == nil {
+				r2, err2 := LoadPEMCertificate(d)
+				if err2 == nil {
+					glog.Warningf("used base64 decode of certificate")
+					r = r2
+					err = nil
+				}
+			}
+
+			if err != nil {
+				glog.Infof("Invalid certificate data: %q", string(b))
+				return fmt.Errorf("error parsing certificate: %v", err)
+			}
 		}
 		*c = *r
 		return nil
@@ -101,18 +111,30 @@ func (c *PrivateKey) AsString() (string, error) {
 
 func (k *PrivateKey) UnmarshalJSON(b []byte) (err error) {
 	s := ""
-	if err = json.Unmarshal(b, &s); err == nil {
-		d, err := base64.StdEncoding.DecodeString(s)
+	if err := json.Unmarshal(b, &s); err == nil {
+		r, err := parsePEMPrivateKey([]byte(s))
 		if err != nil {
-			return fmt.Errorf("error decoding private key base64 data: %q", string(b))
+			// Alternative form: Check if base64 encoded
+			// TODO: Do we need this?  I think we need this only on nodeup, but maybe we could just not base64-it?
+			d, err2 := base64.StdEncoding.DecodeString(s)
+			if err2 == nil {
+				r2, err2 := parsePEMPrivateKey(d)
+				if err2 == nil {
+					glog.Warningf("used base64 decode of PrivateKey")
+					r = r2
+					err = nil
+				}
+			}
+
+			if err != nil {
+				return fmt.Errorf("error parsing private key: %v", err)
+			}
 		}
-		key, err := parsePEMPrivateKey(d)
-		if err != nil {
-			return fmt.Errorf("error parsing private key: %v", err)
-		}
-		k.Key = key
+		k.Key = r
 		return nil
 	}
+
+
 	return fmt.Errorf("unknown format for private key: %q", string(b))
 }