MCPcopy
hub / github.com/cert-manager/cert-manager / DecodePrivateKeyBytes

Function DecodePrivateKeyBytes

pkg/util/pki/parse.go:30–70  ·  view source on GitHub ↗

DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer. It supports ECDSA, RSA and EdDSA private keys only. All other types will return err.

(keyBytes []byte)

Source from the content-addressed store, hash-verified

28// DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer.
29// It supports ECDSA, RSA and EdDSA private keys only. All other types will return err.
30func DecodePrivateKeyBytes(keyBytes []byte) (crypto.Signer, error) {
31 // decode the private key pem
32 block, _, err := pem.SafeDecodePrivateKey(keyBytes)
33 if err != nil {
34 return nil, errors.NewInvalidData("error decoding private key PEM block: %s", err.Error())
35 }
36
37 switch block.Type {
38 case "PRIVATE KEY":
39 key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
40 if err != nil {
41 return nil, errors.NewInvalidData("error parsing pkcs#8 private key: %s", err.Error())
42 }
43
44 signer, ok := key.(crypto.Signer)
45 if !ok {
46 return nil, errors.NewInvalidData("error parsing pkcs#8 private key: invalid key type")
47 }
48 return signer, nil
49 case "EC PRIVATE KEY":
50 key, err := x509.ParseECPrivateKey(block.Bytes)
51 if err != nil {
52 return nil, errors.NewInvalidData("error parsing ecdsa private key: %s", err.Error())
53 }
54
55 return key, nil
56 case "RSA PRIVATE KEY":
57 key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
58 if err != nil {
59 return nil, errors.NewInvalidData("error parsing rsa private key: %s", err.Error())
60 }
61
62 err = key.Validate()
63 if err != nil {
64 return nil, errors.NewInvalidData("rsa private key failed validation: %s", err.Error())
65 }
66 return key, nil
67 default:
68 return nil, errors.NewInvalidData("unknown private key type: %s", block.Type)
69 }
70}
71
72func decodeMultipleCerts(certBytes []byte, decodeFn func([]byte) (*stdpem.Block, []byte, error)) ([]*x509.Certificate, error) {
73 certs := []*x509.Certificate{}

Callers 15

createSignedCertificateFunction · 0.92
ProcessItemMethod · 0.92
mustSelfSignCertificateFunction · 0.92
encodePKCS12KeystoreFunction · 0.92
encodeJKSKeystoreFunction · 0.92
ProcessItemMethod · 0.92
SignMethod · 0.92
ParseTLSKeyFromSecretFunction · 0.92
SecretTLSKeyPairFunction · 0.92
generateCSRImplFunction · 0.92

Calls 4

SafeDecodePrivateKeyFunction · 0.92
NewInvalidDataFunction · 0.92
ValidateMethod · 0.65
ErrorMethod · 0.45

Tested by 5

createSignedCertificateFunction · 0.74
mustSelfSignCertificateFunction · 0.74
TestPublicKeysEqualRSAFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…