fix: set key type to rsa or ec

Author: aramase

pkg/util/secretutil/secret.go

@@ -35,8 +35,10 @@ import (
 )
 
 const (
-	certType       = "CERTIFICATE"
-	privateKeyType = "RSA PRIVATE KEY"
+	certType          = "CERTIFICATE"
+	privateKeyType    = "PRIVATE KEY"
+	privateKeyTypeRSA = "RSA PRIVATE KEY"
+	privateKeyTypeEC  = "EC PRIVATE KEY"
 )
 
 // getCertPart returns the certificate or the private key part of the cert
@@ -69,8 +71,9 @@ func getCert(data []byte) ([]byte, error) {
 
 // getPrivateKey returns the private key part of a cert
 func getPrivateKey(data []byte) ([]byte, error) {
-	var der []byte
-	var derKey []byte
+	var der, derKey []byte
+	privKeyType := privateKeyType
+
 	for {
 		pemBlock, rest := pem.Decode(data)
 		if pemBlock == nil {
@@ -82,31 +85,36 @@ func getPrivateKey(data []byte) ([]byte, error) {
 		data = rest
 	}
 
+	// parses an RSA private key in PKCS #1, ASN.1 DER form
 	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
 		derKey = x509.MarshalPKCS1PrivateKey(key)
 	}
-
+	// parses an unencrypted private key in PKCS #8, ASN.1 DER form
 	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
 		switch key := key.(type) {
 		case *rsa.PrivateKey:
 			derKey = x509.MarshalPKCS1PrivateKey(key)
+			privKeyType = privateKeyTypeRSA
 		case *ecdsa.PrivateKey:
 			derKey, err = x509.MarshalECPrivateKey(key)
+			privKeyType = privateKeyTypeEC
 			if err != nil {
 				return nil, err
 			}
 		default:
 			return nil, fmt.Errorf("unknown private key type found while getting key. Only rsa and ecdsa are supported")
 		}
 	}
+	// parses an EC private key in SEC 1, ASN.1 DER form
 	if key, err := x509.ParseECPrivateKey(der); err == nil {
 		derKey, err = x509.MarshalECPrivateKey(key)
 		if err != nil {
 			return nil, err
 		}
+		privKeyType = privateKeyTypeEC
 	}
 	block := &pem.Block{
-		Type:  privateKeyType,
+		Type:  privKeyType,
 		Bytes: derKey,
 	}
 

pkg/util/secretutil/secret_test.go

@@ -385,3 +385,127 @@ func TestGenerateSHAFromSecret(t *testing.T) {
 		})
 	}
 }
+
+func TestGetPrivateKey(t *testing.T) {
+	tests := []struct {
+		name        string
+		actualPEM   string
+		expectedKey string
+		expectedErr bool
+	}{
+		{
+			name: "RSA Key",
+			actualPEM: `
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcwCCQClrnRsmeWS4TANBgkqhkiG9w0BAQsFADA0MRYwFAYDVQQDDA1k
+ZW1vLnRlc3QuY29tMRowGAYDVQQKDBFpbmdyZXNzLXRscy1jZXJ0MTAeFw0yMDEw
+MDgxOTAwMDJaFw0yMTEwMDgxOTAwMDJaMDQxFjAUBgNVBAMMDWRlbW8udGVzdC5j
+b20xGjAYBgNVBAoMEWluZ3Jlc3MtdGxzLWNlcnQxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA0AWQCdeukwkzIKKJNp3DaRe9azBZ8J/NFb2Nczq3Y8xc
+MDB/eT7lfMMNYluLQPDzkRN9QHKiz8ei9ynxRiEC/Al2OsdZPdPqNxnBVDsFcD72
+9nofroBUXRch5dP5amXu5gP628Yu7l8pBoV+lOyyDGkRVHPecegxiVbxtjqhlrwl
+hRRFzFGat1CiDq03Gtz1xH/pgaFQzKbTZ1rQE8JcTryZaTYfo5PrUDwhv8PfVHoH
+MEqpN54onSoA2JLBeZz7xJvL6pBg0c6OhNCnUYEZBDnyHDBBJJ6FUijKQp6mZNbe
+di6Ih4QGJYeLP4HaJdPf9aXlChnbbwEaeBeedXzPjwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQC3NVwO2MxISN9dwXlUUPnGpI2EIEmleDaN1hE28RN+GwYqUZvfg8FQ
+HV+qYtc3gHoFdcVeQjTQHNJ7u+4U6PGNQj/UoKd6RY7AEMly4kQq2LtfMZDQYlvt
+/xtDDxw1esEgv5P+uXb2ICRnO3p7cOt6/EAK83uYBmpy/FwgNIjJATcm6GmKMRZ6
+y0UsfOws9yCOgSdtmp8tWduZL56e8yZ/+gCUMiGDr1f/m0th/zgEvxyIYY3kVh6c
+z96TlWVQU9TCYIMg0rBRsPuJcJF7fedQbIRUP5t+cghu7OpbiDDzlBBjAPVhrC2M
+FMtqlqaKfhLwz3SzIu8Wcj//cbm6KXLZ
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQBZAJ166TCTMg
+ook2ncNpF71rMFnwn80VvY1zOrdjzFwwMH95PuV8ww1iW4tA8PORE31AcqLPx6L3
+KfFGIQL8CXY6x1k90+o3GcFUOwVwPvb2eh+ugFRdFyHl0/lqZe7mA/rbxi7uXykG
+hX6U7LIMaRFUc95x6DGJVvG2OqGWvCWFFEXMUZq3UKIOrTca3PXEf+mBoVDMptNn
+WtATwlxOvJlpNh+jk+tQPCG/w99UegcwSqk3niidKgDYksF5nPvEm8vqkGDRzo6E
+0KdRgRkEOfIcMEEknoVSKMpCnqZk1t52LoiHhAYlh4s/gdol09/1peUKGdtvARp4
+F551fM+PAgMBAAECggEBAMxTunDAhvxsO+khXa/k9M1kgS0pOB7PiE2De84kbYA8
+eoznBj8c1aNfn+Tt0HGAe24T+6JzN5LqIBuw+goNYPYZgSUpLHI7lkJ7LNfEhYoE
+fuYJfNcVvEgX8bbjKIknCKqsXBrFptGDbTO3qmczu4vPJDOVAHlYPlgNq6x4GMKJ
+05v1GL3as2db6D8fphm0jdt4QCD+BMP+s/nm5xGOnquZvBn3RUDw7x+tilXuh9fG
+l6S8PVDxWuTdfAG5urTW2DtrxSBqXjgClo5ft79frHDpvAhJ7XMIKbVgo+M0quGp
+wTi6McCCFVtJP6xv1eI2TRO8xvWoX92H7PHuIJqWrFkCgYEA+M015rLmECmahB2L
+LJ8/BH9HMAf15JqbxafmknNDPacsUZujOad87mO8jToAK6aBLwtmIgaYGVs+spC0
+v3VnV+3AqAEYKCoj0GmyQcM/Thn9A0OVE0CDPeq0A1OYqXr1G8G/zZDIvOxbBwsm
+FXGAxOw0+d3hnuIH2ygHaYbSIU0CgYEA1gpPMO/AzqgKa1GffzOCtf7qNzam0IC5
+Bh4vumfnVNuWNw/ReQnwuQVoEreXMbU1SEsOA5wRsUS1mnCliANiVtXDK3ebdBRA
+Oqb3cnzql/UnWNYXzU9iBQlpLv/yUHMNSIr49nhdXrNgEXFQLLbKHmvGzKEGjEtX
+ShEP7BsaRksCgYEAzSLNhVgNjlfvGW0Oeg0WtUuH01dM6156fv6PgkJct3GlfefY
+LcolnJxJMxwWVecj7jj0zasoLwfnau0ayh0vxvS1ew/j7gHIo6byHXyxLmEJFm7b
+dBMl4qAoKfH8FgjWHTujPAdbK0GpT+ZmURnTdQnYKAhEZW6x0YVwjxZlHKUCgYBI
+zETW7hRztS+mBKLszoY8hDEBCnN+IunLLOUqz0Ac2nqiy5yBQGJBa5dUFmE0JN+0
+cOKZU7GoyyfBGWMTeaMuyZGR7SJQPrsBt9wdcmMPv+/cBSUfTUqXT/YYaDDwL9Fq
+xOmcWp/XH8ci55lPO/ROmHWLD5F8kftkU51IvocXNQKBgGmh32aF2WOHhWzKxmp4
+V9uWIRJv657s9Vlv/5f2UnsMBMirj99quGL1iSSdEComYoRyyiaflvfkqPRAHCIN
+0QTu0hJ2SPfqOChrPqnLK6P3KzUGUI3R8EfZAkYWkndMEqoijaIaY8ctdlUVqM8X
+8o1UNU2Vz0RQitpWCZbAO5nu
+-----END PRIVATE KEY-----
+`,
+			expectedKey: `-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0AWQCdeukwkzIKKJNp3DaRe9azBZ8J/NFb2Nczq3Y8xcMDB/
+eT7lfMMNYluLQPDzkRN9QHKiz8ei9ynxRiEC/Al2OsdZPdPqNxnBVDsFcD729nof
+roBUXRch5dP5amXu5gP628Yu7l8pBoV+lOyyDGkRVHPecegxiVbxtjqhlrwlhRRF
+zFGat1CiDq03Gtz1xH/pgaFQzKbTZ1rQE8JcTryZaTYfo5PrUDwhv8PfVHoHMEqp
+N54onSoA2JLBeZz7xJvL6pBg0c6OhNCnUYEZBDnyHDBBJJ6FUijKQp6mZNbedi6I
+h4QGJYeLP4HaJdPf9aXlChnbbwEaeBeedXzPjwIDAQABAoIBAQDMU7pwwIb8bDvp
+IV2v5PTNZIEtKTgez4hNg3vOJG2APHqM5wY/HNWjX5/k7dBxgHtuE/uiczeS6iAb
+sPoKDWD2GYElKSxyO5ZCeyzXxIWKBH7mCXzXFbxIF/G24yiJJwiqrFwaxabRg20z
+t6pnM7uLzyQzlQB5WD5YDauseBjCidOb9Ri92rNnW+g/H6YZtI3beEAg/gTD/rP5
+5ucRjp6rmbwZ90VA8O8frYpV7ofXxpekvD1Q8Vrk3XwBubq01tg7a8Ugal44ApaO
+X7e/X6xw6bwISe1zCCm1YKPjNKrhqcE4ujHAghVbST+sb9XiNk0TvMb1qF/dh+zx
+7iCalqxZAoGBAPjNNeay5hApmoQdiyyfPwR/RzAH9eSam8Wn5pJzQz2nLFGbozmn
+fO5jvI06ACumgS8LZiIGmBlbPrKQtL91Z1ftwKgBGCgqI9BpskHDP04Z/QNDlRNA
+gz3qtANTmKl69RvBv82QyLzsWwcLJhVxgMTsNPnd4Z7iB9soB2mG0iFNAoGBANYK
+TzDvwM6oCmtRn38zgrX+6jc2ptCAuQYeL7pn51TbljcP0XkJ8LkFaBK3lzG1NUhL
+DgOcEbFEtZpwpYgDYlbVwyt3m3QUQDqm93J86pf1J1jWF81PYgUJaS7/8lBzDUiK
++PZ4XV6zYBFxUCy2yh5rxsyhBoxLV0oRD+wbGkZLAoGBAM0izYVYDY5X7xltDnoN
+FrVLh9NXTOteen7+j4JCXLdxpX3n2C3KJZycSTMcFlXnI+449M2rKC8H52rtGsod
+L8b0tXsP4+4ByKOm8h18sS5hCRZu23QTJeKgKCnx/BYI1h07ozwHWytBqU/mZlEZ
+03UJ2CgIRGVusdGFcI8WZRylAoGASMxE1u4Uc7UvpgSi7M6GPIQxAQpzfiLpyyzl
+Ks9AHNp6osucgUBiQWuXVBZhNCTftHDimVOxqMsnwRljE3mjLsmRke0iUD67Abfc
+HXJjD7/v3AUlH01Kl0/2GGgw8C/RasTpnFqf1x/HIueZTzv0Tph1iw+RfJH7ZFOd
+SL6HFzUCgYBpod9mhdljh4VsysZqeFfbliESb+ue7PVZb/+X9lJ7DATIq4/farhi
+9YkknRAqJmKEcsomn5b35Kj0QBwiDdEE7tISdkj36jgoaz6pyyuj9ys1BlCN0fBH
+2QJGFpJ3TBKqIo2iGmPHLXZVFajPF/KNVDVNlc9EUIraVgmWwDuZ7g==
+-----END RSA PRIVATE KEY-----
+`,
+		},
+		{
+			name: "EC Key",
+			actualPEM: `
+-----BEGIN CERTIFICATE-----
+MIIBeTCCAR4CCQCTj/tsh3SrEzAKBggqhkjOPQQDAjBEMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCV0ExEDAOBgNVBAcMB1JlZG1vbmQxFjAUBgNVBAMMDWRlbW8udGVz
+dC5jb20wHhcNMjAxMTI0MTgzOTU1WhcNMjExMTI0MTgzOTU1WjBEMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1JlZG1vbmQxFjAUBgNVBAMMDWRl
+bW8udGVzdC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ75g7UgxCQYmWx
+fn2jf6qlqaEfE45UpRsXybr1dtijtGkjE+v8I7A/GtSxfJe3LsREynlA3LGMxZL7
+TD3cWsAjMAoGCCqGSM49BAMCA0kAMEYCIQDqhYQtz8uGibcOV1GCCj9emuvQqW81
+DIOhxyf+tmC65gIhALNDklWc0uxg7yJQD/n1JJkkSoNdDzw9dwNGuVMHwJOY
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgHv1nWow0ijr1+B4S
+Vs6otqpmkzv2VRSjSPuH2zBRqQShRANCAAQ75g7UgxCQYmWxfn2jf6qlqaEfE45U
+pRsXybr1dtijtGkjE+v8I7A/GtSxfJe3LsREynlA3LGMxZL7TD3cWsAj
+-----END PRIVATE KEY-----
+`,
+			expectedKey: `-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIB79Z1qMNIo69fgeElbOqLaqZpM79lUUo0j7h9swUakEoAoGCCqGSM49
+AwEHoUQDQgAEO+YO1IMQkGJlsX59o3+qpamhHxOOVKUbF8m69XbYo7RpIxPr/COw
+PxrUsXyXty7ERMp5QNyxjMWS+0w93FrAIw==
+-----END EC PRIVATE KEY-----
+`,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			privateKey, err := getPrivateKey([]byte(test.actualPEM))
+			fmt.Println(string(privateKey))
+			assert.Equal(t, test.expectedErr, err != nil)
+			assert.Equal(t, test.expectedKey, string(privateKey))
+		})
+	}
+}