Fixing circular import.

server/mdm/scep/cryptoutil/cryptoutil.go

@@ -1,7 +1,6 @@
 package cryptoutil
 
 import (
-	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@@ -12,8 +11,7 @@ import (
 	"encoding/asn1"
 	"encoding/pem"
 	"errors"
-
-	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
+	"fmt"
 )
 
 // GenerateSubjectKeyID generates Subject Key Identifier (SKI) using SHA-256
@@ -41,10 +39,10 @@ func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
 	return hash[:20], nil
 }
 
-func ParsePrivateKey(ctx context.Context, privKeyPEM []byte, keyName string) (crypto.PrivateKey, error) {
+func ParsePrivateKey(privKeyPEM []byte, keyName string) (crypto.PrivateKey, error) {
 	block, _ := pem.Decode(privKeyPEM)
 	if block == nil {
-		return nil, ctxerr.Errorf(ctx, "failed to decode %s", keyName)
+		return nil, fmt.Errorf("failed to decode %s", keyName)
 	}
 
 	// The code below is based on tls.parsePrivateKey
@@ -57,12 +55,12 @@ func ParsePrivateKey(ctx context.Context, privKeyPEM []byte, keyName string) (cr
 		case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey:
 			return key, nil
 		default:
-			return nil, ctxerr.Errorf(ctx, "unmarshaled PKCS8 %s is not an RSA, ECDSA, or Ed25519 private key", keyName)
+			return nil, fmt.Errorf("unmarshaled PKCS8 %s is not an RSA, ECDSA, or Ed25519 private key", keyName)
 		}
 	}
 	if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil {
 		return key, nil
 	}
 
-	return nil, ctxerr.Errorf(ctx, "failed to parse %s of type %s", keyName, block.Type)
+	return nil, fmt.Errorf("failed to parse %s of type %s", keyName, block.Type)
 }

server/mdm/scep/cryptoutil/cryptoutil_test.go

@@ -1,7 +1,6 @@
 package cryptoutil
 
 import (
-	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -65,31 +64,30 @@ func testSKIEq(a, b []byte) bool {
 func TestParsePrivateKey(t *testing.T) {
 	t.Parallel()
 	// nil block not allowed
-	ctx := context.Background()
-	_, err := ParsePrivateKey(ctx, nil, "APNS private key")
+	_, err := ParsePrivateKey(nil, "APNS private key")
 	assert.ErrorContains(t, err, "failed to decode")
 
 	// encrypted pkcs8 not supported
 	pkcs8Encrypted, err := os.ReadFile("testdata/pkcs8-encrypted.key")
 	require.NoError(t, err)
-	_, err = ParsePrivateKey(ctx, pkcs8Encrypted, "APNS private key")
+	_, err = ParsePrivateKey(pkcs8Encrypted, "APNS private key")
 	assert.ErrorContains(t, err, "failed to parse APNS private key of type ENCRYPTED PRIVATE KEY")
 
 	// X25519 pkcs8 not supported
 	pkcs8Encrypted, err = os.ReadFile("testdata/pkcs8-x25519.key")
 	require.NoError(t, err)
-	_, err = ParsePrivateKey(ctx, pkcs8Encrypted, "APNS private key")
+	_, err = ParsePrivateKey(pkcs8Encrypted, "APNS private key")
 	assert.ErrorContains(t, err, "unmarshaled PKCS8 APNS private key is not")
 
 	// In this test, the pkcs1 key and pkcs8 keys are the same key, just different formats
 	pkcs1, err := os.ReadFile("testdata/pkcs1.key")
 	require.NoError(t, err)
-	pkcs1Key, err := ParsePrivateKey(ctx, pkcs1, "APNS private key")
+	pkcs1Key, err := ParsePrivateKey(pkcs1, "APNS private key")
 	require.NoError(t, err)
 
 	pkcs8, err := os.ReadFile("testdata/pkcs8-rsa.key")
 	require.NoError(t, err)
-	pkcs8Key, err := ParsePrivateKey(ctx, pkcs8, "APNS private key")
+	pkcs8Key, err := ParsePrivateKey(pkcs8, "APNS private key")
 	require.NoError(t, err)
 
 	assert.Equal(t, pkcs1Key, pkcs8Key)

server/service/mdm.go

@@ -2497,9 +2497,9 @@ func (svc *Service) GetMDMAppleCSR(ctx context.Context) ([]byte, error) {
 		}
 	} else {
 		rawApnsKey := savedAssets[fleet.MDMAssetAPNSKey]
-		apnsKey, err = cryptoutil.ParsePrivateKey(ctx, rawApnsKey.Value, "APNS private key")
+		apnsKey, err = cryptoutil.ParsePrivateKey(rawApnsKey.Value, "APNS private key")
 		if err != nil {
-			return nil, err
+			return nil, ctxerr.Wrap(ctx, err, "parse APNS private key")
 		}
 	}