From 18458392ca24c85c688e655aace1afd04f864cbd Mon Sep 17 00:00:00 2001
From: Andrew Lytvynov <awly@google.com>
Date: Sun, 9 Dec 2018 16:24:38 -0800
Subject: [PATCH] Extract new keyutil package from client-go/util/cert
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.
Future PRs will actually refactor the libraries.
Updates #71004
---
diff -up kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
--- kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go 2019-05-21 09:24:07.256958952 +0200
@@ -29,6 +29,7 @@ import (
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
"k8s.io/klog"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@@ -205,13 +206,17 @@ func buildKubeConfigFromSpec(spec *kubeC
return nil, errors.Wrapf(err, "failure while creating %s client certificate", spec.ClientName)
}
+ encodedClientKey, err := keyutil.MarshalPrivateKeyToPEM(clientKey)
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed to marshal private key to PEM")
+ }
// create a kubeconfig with the client certs
return kubeconfigutil.CreateWithCerts(
spec.APIServer,
clustername,
spec.ClientName,
certutil.EncodeCertPEM(spec.CACert),
- certutil.EncodePrivateKeyPEM(clientKey),
+ encodedClientKey,
certutil.EncodeCertPEM(clientCert),
), nil
}
diff -up kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
--- kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go 2019-05-21 09:21:29.248165205 +0200
@@ -34,6 +34,7 @@ import (
"k8s.io/apimachinery/pkg/util/validation"
certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
@@ -125,7 +126,11 @@ func WriteKey(pkiPath, name string, key
}
privateKeyPath := pathForKey(pkiPath, name)
- if err := certutil.WriteKey(privateKeyPath, certutil.EncodePrivateKeyPEM(key)); err != nil {
+ encoded, err := keyutil.MarshalPrivateKeyToPEM(key)
+ if err != nil {
+ return errors.Wrapf(err, "unable to marshal private key to PEM")
+ }
+ if err := keyutil.WriteKey(privateKeyPath, encoded); err != nil {
return errors.Wrapf(err, "unable to write private key to file %s", privateKeyPath)
}
@@ -164,7 +169,7 @@ func WritePublicKey(pkiPath, name string
return err
}
publicKeyPath := pathForPublicKey(pkiPath, name)
- if err := certutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
+ if err := keyutil.WriteKey(publicKeyPath, publicKeyBytes); err != nil {
return errors.Wrapf(err, "unable to write public key to file %s", publicKeyPath)
}
@@ -242,7 +247,7 @@ func TryLoadKeyFromDisk(pkiPath, name st
privateKeyPath := pathForKey(pkiPath, name)
// Parse the private key from a file
- privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
+ privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
if err != nil {
return nil, errors.Wrapf(err, "couldn't load the private key file %s", privateKeyPath)
}
@@ -281,7 +286,7 @@ func TryLoadPrivatePublicKeyFromDisk(pki
privateKeyPath := pathForKey(pkiPath, name)
// Parse the private key from a file
- privKey, err := certutil.PrivateKeyFromFile(privateKeyPath)
+ privKey, err := keyutil.PrivateKeyFromFile(privateKeyPath)
if err != nil {
return nil, nil, errors.Wrapf(err, "couldn't load the private key file %s", privateKeyPath)
}
@@ -289,7 +294,7 @@ func TryLoadPrivatePublicKeyFromDisk(pki
publicKeyPath := pathForPublicKey(pkiPath, name)
// Parse the public key from a file
- pubKeys, err := certutil.PublicKeysFromFile(publicKeyPath)
+ pubKeys, err := keyutil.PublicKeysFromFile(publicKeyPath)
if err != nil {
return nil, nil, errors.Wrapf(err, "couldn't load the public key file %s", publicKeyPath)
}
diff -up kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go.keyutil kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go
--- kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kube-apiserver/app/server.go 2019-05-21 09:19:37.160312456 +0200
@@ -54,7 +54,7 @@ import (
"k8s.io/apiserver/pkg/util/webhook"
clientgoinformers "k8s.io/client-go/informers"
clientgoclientset "k8s.io/client-go/kubernetes"
- certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
cloudprovider "k8s.io/cloud-provider"
"k8s.io/klog"
aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver"
@@ -576,7 +576,7 @@ func Complete(s *options.ServerRunOption
}
if s.ServiceAccountSigningKeyFile != "" && s.Authentication.ServiceAccounts.Issuer != "" {
- sk, err := certutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
+ sk, err := keyutil.PrivateKeyFromFile(s.ServiceAccountSigningKeyFile)
if err != nil {
return options, fmt.Errorf("failed to parse service-account-issuer-key-file: %v", err)
}
diff -up kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go.keyutil kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go
--- kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kube-controller-manager/app/controllermanager.go 2019-05-21 09:19:37.163312452 +0200
@@ -48,6 +48,7 @@ import (
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
cloudprovider "k8s.io/cloud-provider"
"k8s.io/klog"
genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
@@ -536,7 +537,7 @@ func (c serviceAccountTokenControllerSta
klog.Warningf("%q is disabled because there is no private key", saTokenControllerName)
return nil, false, nil
}
- privateKey, err := certutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
+ privateKey, err := keyutil.PrivateKeyFromFile(ctx.ComponentConfig.SAController.ServiceAccountKeyFile)
if err != nil {
return nil, true, fmt.Errorf("error reading key for service account token controller: %v", err)
}
diff -up kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go.keyutil kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go
--- kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/cmd/kubelet/app/server.go 2019-05-21 09:21:29.252165199 +0200
@@ -56,6 +56,7 @@ import (
"k8s.io/client-go/tools/record"
certutil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/certificate"
+ "k8s.io/client-go/util/keyutil"
cloudprovider "k8s.io/cloud-provider"
csiclientset "k8s.io/csi-api/pkg/client/clientset/versioned"
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
@@ -818,7 +819,7 @@ func InitializeTLS(kf *options.KubeletFl
return nil, err
}
- if err := certutil.WriteKey(kc.TLSPrivateKeyFile, key); err != nil {
+ if err := keyutil.WriteKey(kc.TLSPrivateKeyFile, key); err != nil {
return nil, err
}
diff -up kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go
--- kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubeapiserver/authenticator/config.go 2019-05-21 09:21:29.254165197 +0200
@@ -38,9 +38,11 @@ import (
"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
+
// Initialize all known client auth plugins.
_ "k8s.io/client-go/plugin/pkg/client/auth"
certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
"k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/serviceaccount"
)
@@ -226,7 +228,7 @@ func (config Config) New() (authenticato
// IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file
func IsValidServiceAccountKeyFile(file string) bool {
- _, err := certutil.PublicKeysFromFile(file)
+ _, err := keyutil.PublicKeysFromFile(file)
return err == nil
}
@@ -279,7 +281,7 @@ func newAuthenticatorFromOIDCIssuerURL(o
func newLegacyServiceAccountAuthenticator(keyfiles []string, lookup bool, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) {
allPublicKeys := []interface{}{}
for _, keyfile := range keyfiles {
- publicKeys, err := certutil.PublicKeysFromFile(keyfile)
+ publicKeys, err := keyutil.PublicKeysFromFile(keyfile)
if err != nil {
return nil, err
}
@@ -294,7 +296,7 @@ func newLegacyServiceAccountAuthenticato
func newServiceAccountAuthenticator(iss string, keyfiles []string, apiAudiences authenticator.Audiences, serviceAccountGetter serviceaccount.ServiceAccountTokenGetter) (authenticator.Token, error) {
allPublicKeys := []interface{}{}
for _, keyfile := range keyfiles {
- publicKeys, err := certutil.PublicKeysFromFile(keyfile)
+ publicKeys, err := keyutil.PublicKeysFromFile(keyfile)
if err != nil {
return nil, err
}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap.go 2019-05-21 09:21:29.257165193 +0200
@@ -43,6 +43,7 @@ import (
certutil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/certificate"
"k8s.io/client-go/util/certificate/csr"
+ "k8s.io/client-go/util/keyutil"
)
const tmpPrivateKeyFile = "kubelet-client.key.tmp"
@@ -82,7 +83,7 @@ func LoadClientCert(kubeconfigPath strin
var keyData []byte
if cert, err := store.Current(); err == nil {
if cert.PrivateKey != nil {
- keyData, err = certutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
+ keyData, err = keyutil.MarshalPrivateKeyToPEM(cert.PrivateKey)
if err != nil {
keyData = nil
}
@@ -96,7 +97,7 @@ func LoadClientCert(kubeconfigPath strin
klog.V(2).Infof("No valid private key and/or certificate found, reusing existing private key or creating a new one")
// Note: always call LoadOrGenerateKeyFile so that private key is
// reused on next startup if CSR request fails.
- keyData, _, err = certutil.LoadOrGenerateKeyFile(privKeyPath)
+ keyData, _, err = keyutil.LoadOrGenerateKeyFile(privKeyPath)
if err != nil {
return err
}
@@ -218,7 +219,7 @@ func verifyKeyData(data []byte) bool {
if len(data) == 0 {
return false
}
- _, err := certutil.ParsePrivateKeyPEM(data)
+ _, err := keyutil.ParsePrivateKeyPEM(data)
return err == nil
}
@@ -262,7 +263,7 @@ func requestNodeCertificate(client certi
CommonName: "system:node:" + string(nodeName),
}
- privateKey, err := certutil.ParsePrivateKeyPEM(privateKeyData)
+ privateKey, err := keyutil.ParsePrivateKeyPEM(privateKeyData)
if err != nil {
return nil, fmt.Errorf("invalid private key for certificate request: %v", err)
}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/bootstrap_test.go 2019-05-21 09:21:29.258165191 +0200
@@ -29,7 +29,7 @@ import (
"k8s.io/apimachinery/pkg/watch"
certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
restclient "k8s.io/client-go/rest"
- certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
)
func TestLoadRESTClientConfig(t *testing.T) {
@@ -104,7 +104,7 @@ func TestRequestNodeCertificateErrorCrea
client := &fakeClient{
failureType: createError,
}
- privateKeyData, err := certutil.MakeEllipticPrivateKeyPEM()
+ privateKeyData, err := keyutil.MakeEllipticPrivateKeyPEM()
if err != nil {
t.Fatalf("Unable to generate a new private key: %v", err)
}
@@ -119,7 +119,7 @@ func TestRequestNodeCertificateErrorCrea
}
func TestRequestNodeCertificate(t *testing.T) {
- privateKeyData, err := certutil.MakeEllipticPrivateKeyPEM()
+ privateKeyData, err := keyutil.MakeEllipticPrivateKeyPEM()
if err != nil {
t.Fatalf("Unable to generate a new private key: %v", err)
}
diff -up kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD.keyutil kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD
--- kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/kubelet/certificate/bootstrap/BUILD 2019-05-21 09:21:29.256165194 +0200
@@ -17,7 +17,7 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
- "//staging/src/k8s.io/client-go/util/cert:go_default_library",
+ "//staging/src/k8s.io/client-go/util/keyutil:go_default_library",
],
)
@@ -40,6 +40,7 @@ go_library(
"//staging/src/k8s.io/client-go/util/cert:go_default_library",
"//staging/src/k8s.io/client-go/util/certificate:go_default_library",
"//staging/src/k8s.io/client-go/util/certificate/csr:go_default_library",
+ "//staging/src/k8s.io/client-go/util/keyutil:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)
diff -up kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go.keyutil kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go
--- kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/pkg/serviceaccount/jwt_test.go 2019-05-21 09:25:20.167863782 +0200
@@ -21,12 +21,12 @@ import (
"reflect"
"testing"
- "k8s.io/api/core/v1"
+ v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/authentication/authenticator"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/fake"
- certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
serviceaccountcontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
"k8s.io/kubernetes/pkg/serviceaccount"
)
@@ -95,12 +95,12 @@ X2i8uIp/C/ASqiIGUeeKQtX0/IR3qCXyThP/dbCi
-----END PUBLIC KEY-----`
func getPrivateKey(data string) interface{} {
- key, _ := certutil.ParsePrivateKeyPEM([]byte(data))
+ key, _ := keyutil.ParsePrivateKeyPEM([]byte(data))
return key
}
func getPublicKey(data string) interface{} {
- keys, _ := certutil.ParsePublicKeysPEM([]byte(data))
+ keys, _ := keyutil.ParsePublicKeysPEM([]byte(data))
return keys[0]
}
func TestTokenGenerateAndValidate(t *testing.T) {
diff -up kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go.keyutil kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go
--- kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go.keyutil 2019-05-21 09:21:29.265165182 +0200
+++ kubernetes-1.13.7-beta.0/test/e2e/apimachinery/certs.go 2019-05-21 09:30:18.346474554 +0200
@@ -22,6 +22,7 @@ import (
"os"
"k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
"k8s.io/kubernetes/test/e2e/framework"
)
@@ -79,12 +80,16 @@ func setupServerCert(namespaceName, serv
if err = ioutil.WriteFile(certFile.Name(), cert.EncodeCertPEM(signedCert), 0600); err != nil {
framework.Failf("Failed to write cert file %v", err)
}
- if err = ioutil.WriteFile(keyFile.Name(), cert.EncodePrivateKeyPEM(key), 0644); err != nil {
+ privateKeyPEM, err := keyutil.MarshalPrivateKeyToPEM(key)
+ if err != nil {
+ framework.Failf("Failed to marshal key %v", err)
+ }
+ if err = ioutil.WriteFile(keyFile.Name(), privateKeyPEM, 0644); err != nil {
framework.Failf("Failed to write key file %v", err)
}
return &certContext{
cert: cert.EncodeCertPEM(signedCert),
- key: cert.EncodePrivateKeyPEM(key),
+ key: privateKeyPEM,
signingCert: cert.EncodeCertPEM(signingCert),
}
}
diff -up kubernetes-1.13.7-beta.0/test/e2e/auth/certificates.go.keyutil kubernetes-1.13.7-beta.0/test/e2e/auth/certificates.go
diff -up kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go.keyutil kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go
--- kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go.keyutil 2019-05-08 15:45:41.000000000 +0200
+++ kubernetes-1.13.7-beta.0/test/integration/auth/svcaccttoken_test.go 2019-05-21 09:32:44.894283241 +0200
@@ -39,7 +39,7 @@ import (
utilfeature "k8s.io/apiserver/pkg/util/feature"
utilfeaturetesting "k8s.io/apiserver/pkg/util/feature/testing"
clientset "k8s.io/client-go/kubernetes"
- certutil "k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
"k8s.io/kubernetes/pkg/apis/core"
serviceaccountgetter "k8s.io/kubernetes/pkg/controller/serviceaccount"
"k8s.io/kubernetes/pkg/features"
@@ -57,7 +57,7 @@ func TestServiceAccountTokenCreate(t *te
defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.TokenRequest, true)()
// Build client config, clientset, and informers
- sk, err := certutil.ParsePrivateKeyPEM([]byte(ecdsaPrivateKey))
+ sk, err := keyutil.ParsePrivateKeyPEM([]byte(ecdsaPrivateKey))
if err != nil {
t.Fatalf("err: %v", err)
}
diff -up kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go.keyutil kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go
--- kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go.keyutil 2019-05-21 09:21:29.272165173 +0200
+++ kubernetes-1.13.7-beta.0/test/integration/examples/apiserver_test.go 2019-05-21 09:35:51.578039553 +0200
@@ -43,6 +43,7 @@ import (
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/client-go/util/cert"
+ "k8s.io/client-go/util/keyutil"
apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
kubeaggregatorserver "k8s.io/kube-aggregator/pkg/cmd/server"
@@ -250,7 +251,11 @@ func TestAggregatedAPIServer(t *testing.
if err := ioutil.WriteFile(proxyClientCertFile.Name(), cert.EncodeCertPEM(proxyClientCert), 0600); err != nil {
t.Fatal(err)
}
- if err := ioutil.WriteFile(proxyClientKeyFile.Name(), cert.EncodePrivateKeyPEM(proxyClientKey), 0644); err != nil {
+ proxyClientKeyPEM, err := keyutil.MarshalPrivateKeyToPEM(proxyClientKey)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if err := ioutil.WriteFile(proxyClientKeyFile.Name(), proxyClientKeyPEM, 0644); err != nil {
t.Fatal(err)
}
aggregatorPort := new(int32)