From 3866fe46f261d7206f4784a756bce91d632da796 Mon Sep 17 00:00:00 2001
From: Angelos Kolaitis <angelos.kolaitis@canonical.com>
Date: Mon, 8 Apr 2024 14:16:00 +0300
Subject: [PATCH] pki: handle both RSA PRIVATE KEY and PRIVATE KEY (#293)

---
 src/k8s/pkg/k8sd/pki/load.go | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/k8s/pkg/k8sd/pki/load.go b/src/k8s/pkg/k8sd/pki/load.go
index 243406f3a..06c3878b5 100644
--- a/src/k8s/pkg/k8sd/pki/load.go
+++ b/src/k8s/pkg/k8sd/pki/load.go
@@ -23,9 +23,24 @@ func loadCertificate(certPEM string, keyPEM string) (*x509.Certificate, *rsa.Pri
 	var key *rsa.PrivateKey
 	if keyPEM != "" {
 		pb, _ := pem.Decode([]byte(keyPEM))
-		key, err = x509.ParsePKCS1PrivateKey(pb.Bytes)
-		if err != nil {
-			return nil, nil, fmt.Errorf("failed to parse private key: %w", err)
+		switch pb.Type {
+		case "RSA PRIVATE KEY":
+			key, err = x509.ParsePKCS1PrivateKey(pb.Bytes)
+			if err != nil {
+				return nil, nil, fmt.Errorf("failed to parse RSA private key: %w", err)
+			}
+		case "PRIVATE KEY":
+			parsed, err := x509.ParsePKCS8PrivateKey(pb.Bytes)
+			if err != nil {
+				return nil, nil, fmt.Errorf("failed to parse private key: %w", err)
+			}
+			v, ok := parsed.(*rsa.PrivateKey)
+			if !ok {
+				return nil, nil, fmt.Errorf("not an RSA private key")
+			}
+			key = v
+		default:
+			return nil, nil, fmt.Errorf("unknown private key block type %q", pb.Type)
 		}
 	}
 	return cert, key, nil