Packages
k8s
1.1.8
2.8.0
2.7.0
2.6.2
2.6.1
2.6.0
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-rc.6
2.0.0-rc.5
2.0.0-rc.4
2.0.0-rc.3
2.0.0-rc.2
2.0.0-rc.1
2.0.0-rc.0
1.2.1
1.2.0
1.1.10
1.1.9
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.0
1.0.0-rc1
0.5.2
0.5.1
0.5.0
0.5.0-rc.2
0.5.0-rc.1
0.4.0
0.3.2
0.3.1
0.3.0
0.2.13
0.2.12
0.2.11
0.2.10
0.2.9
0.2.8
0.2.7
retired
0.2.6
0.2.5
0.2.4
0.2.3
0.2.2
0.2.1
0.2.0
0.1.3
Kubernetes API Client for Elixir
Current section
Files
Jump to
Current section
Files
lib/k8s/conn/pki.ex
defmodule K8s.Conn.PKI do
@moduledoc """
Retrieves information from certificates
"""
alias K8s.Conn
alias K8s.Conn.PKI
@private_key_atoms [
:RSAPrivateKey,
:DSAPrivateKey,
:ECPrivateKey,
:PrivateKeyInfo
]
@type private_key_data_t :: {atom, binary}
@doc """
Reads the certificate from PEM file or base64 encoding
"""
@spec cert_from_map(map, binary) ::
{:error, :enoent | K8s.Conn.Error.t()} | {:ok, binary() | nil}
def cert_from_map(%{"certificate-authority-data" => data}, _) when not is_nil(data),
do: PKI.cert_from_base64(data)
def cert_from_map(%{"certificate-authority" => file_name}, base_path)
when not is_nil(file_name) do
file_name
|> Conn.resolve_file_path(base_path)
|> PKI.cert_from_pem()
end
def cert_from_map(%{"insecure-skip-tls-verify" => true}, _), do: {:ok, nil}
@doc """
Reads the certificate from a PEM file
"""
@spec cert_from_pem(String.t()) :: {:ok, binary} | {:error, :enoent | K8s.Conn.Error.t()}
def cert_from_pem(file) do
with {:ok, data} <- File.read(file), do: decode_cert_data(data)
end
@doc """
Decodes the certificate from a base64 encoded string
"""
@spec cert_from_base64(binary) :: {:ok, binary} | {:enoent | K8s.Conn.Error.t()}
def cert_from_base64(data) do
with {:ok, data} <- decode64(data) do
decode_cert_data(data)
end
end
@doc """
Reads private key from a PEM file
"""
@spec private_key_from_pem(String.t()) ::
{:ok, private_key_data_t} | {:error, :enoent | K8s.Conn.Error.t()}
def private_key_from_pem(file) do
with {:ok, data} <- File.read(file) do
decode_private_key_data(data)
end
end
@doc """
Decodes private key from a base64 encoded string
"""
@spec private_key_from_base64(String.t()) ::
{:ok, private_key_data_t} | {:error, K8s.Conn.Error.t()}
def private_key_from_base64(encoded_key) do
with {:ok, data} <- decode64(encoded_key) do
case decode_private_key_data(data) do
{:ok, private_key_data} -> {:ok, private_key_data}
error -> error
end
end
end
@spec decode64(binary) :: {:ok, binary} | {:error, K8s.Conn.Error.t()}
defp decode64(data) do
case Base.decode64(data) do
{:ok, data} -> {:ok, data}
:error -> {:error, %K8s.Conn.Error{message: "Invalid Base64"}}
end
end
@spec decode_cert_data(binary) :: {:ok, binary} | {:error, K8s.Conn.Error.t()}
defp decode_cert_data(cert_data) do
cert_data
|> :public_key.pem_decode()
|> Enum.find_value(fn
{:Certificate, data, _} ->
{:ok, data}
_ ->
{:error, %K8s.Conn.Error{message: "No cert data."}}
end)
end
@spec decode_private_key_data(binary) ::
{:ok, private_key_data_t} | {:error, K8s.Conn.Error.t()}
defp decode_private_key_data(private_key_data) do
private_key_data
|> :public_key.pem_decode()
|> Enum.find_value(fn
{type, data, _} when type in @private_key_atoms ->
{:ok, {type, data}}
_ ->
{:error,
%K8s.Conn.Error{
message: "Unsupported PEM data. Supported types #{inspect(@private_key_atoms)}"
}}
end)
end
end