From 3a146c253c1b8b1bbe3b84814c56e55b7c8139f0 Mon Sep 17 00:00:00 2001
From: Victor Lyuboslavsky <victor@fleetdm.com>
Date: Fri, 3 Jan 2025 17:35:34 -0600
Subject: [PATCH] Fixing circular import.

---
 server/mdm/scep/cryptoutil/cryptoutil.go      | 12 +++++-------
 server/mdm/scep/cryptoutil/cryptoutil_test.go | 12 +++++-------
 server/service/mdm.go                         |  4 ++--
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/server/mdm/scep/cryptoutil/cryptoutil.go b/server/mdm/scep/cryptoutil/cryptoutil.go
index 6b0dae05a6bd..4a39ae83e3d2 100644
--- a/server/mdm/scep/cryptoutil/cryptoutil.go
+++ b/server/mdm/scep/cryptoutil/cryptoutil.go
@@ -1,7 +1,6 @@
 package cryptoutil
 
 import (
-	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@@ -12,8 +11,7 @@ import (
 	"encoding/asn1"
 	"encoding/pem"
 	"errors"
-
-	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
+	"fmt"
 )
 
 // GenerateSubjectKeyID generates Subject Key Identifier (SKI) using SHA-256
@@ -41,10 +39,10 @@ func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
 	return hash[:20], nil
 }
 
-func ParsePrivateKey(ctx context.Context, privKeyPEM []byte, keyName string) (crypto.PrivateKey, error) {
+func ParsePrivateKey(privKeyPEM []byte, keyName string) (crypto.PrivateKey, error) {
 	block, _ := pem.Decode(privKeyPEM)
 	if block == nil {
-		return nil, ctxerr.Errorf(ctx, "failed to decode %s", keyName)
+		return nil, fmt.Errorf("failed to decode %s", keyName)
 	}
 
 	// The code below is based on tls.parsePrivateKey
@@ -57,12 +55,12 @@ func ParsePrivateKey(ctx context.Context, privKeyPEM []byte, keyName string) (cr
 		case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey:
 			return key, nil
 		default:
-			return nil, ctxerr.Errorf(ctx, "unmarshaled PKCS8 %s is not an RSA, ECDSA, or Ed25519 private key", keyName)
+			return nil, fmt.Errorf("unmarshaled PKCS8 %s is not an RSA, ECDSA, or Ed25519 private key", keyName)
 		}
 	}
 	if key, err := x509.ParseECPrivateKey(block.Bytes); err == nil {
 		return key, nil
 	}
 
-	return nil, ctxerr.Errorf(ctx, "failed to parse %s of type %s", keyName, block.Type)
+	return nil, fmt.Errorf("failed to parse %s of type %s", keyName, block.Type)
 }
diff --git a/server/mdm/scep/cryptoutil/cryptoutil_test.go b/server/mdm/scep/cryptoutil/cryptoutil_test.go
index bd8859056524..0224c7e7906f 100644
--- a/server/mdm/scep/cryptoutil/cryptoutil_test.go
+++ b/server/mdm/scep/cryptoutil/cryptoutil_test.go
@@ -1,7 +1,6 @@
 package cryptoutil
 
 import (
-	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -65,31 +64,30 @@ func testSKIEq(a, b []byte) bool {
 func TestParsePrivateKey(t *testing.T) {
 	t.Parallel()
 	// nil block not allowed
-	ctx := context.Background()
-	_, err := ParsePrivateKey(ctx, nil, "APNS private key")
+	_, err := ParsePrivateKey(nil, "APNS private key")
 	assert.ErrorContains(t, err, "failed to decode")
 
 	// encrypted pkcs8 not supported
 	pkcs8Encrypted, err := os.ReadFile("testdata/pkcs8-encrypted.key")
 	require.NoError(t, err)
-	_, err = ParsePrivateKey(ctx, pkcs8Encrypted, "APNS private key")
+	_, err = ParsePrivateKey(pkcs8Encrypted, "APNS private key")
 	assert.ErrorContains(t, err, "failed to parse APNS private key of type ENCRYPTED PRIVATE KEY")
 
 	// X25519 pkcs8 not supported
 	pkcs8Encrypted, err = os.ReadFile("testdata/pkcs8-x25519.key")
 	require.NoError(t, err)
-	_, err = ParsePrivateKey(ctx, pkcs8Encrypted, "APNS private key")
+	_, err = ParsePrivateKey(pkcs8Encrypted, "APNS private key")
 	assert.ErrorContains(t, err, "unmarshaled PKCS8 APNS private key is not")
 
 	// In this test, the pkcs1 key and pkcs8 keys are the same key, just different formats
 	pkcs1, err := os.ReadFile("testdata/pkcs1.key")
 	require.NoError(t, err)
-	pkcs1Key, err := ParsePrivateKey(ctx, pkcs1, "APNS private key")
+	pkcs1Key, err := ParsePrivateKey(pkcs1, "APNS private key")
 	require.NoError(t, err)
 
 	pkcs8, err := os.ReadFile("testdata/pkcs8-rsa.key")
 	require.NoError(t, err)
-	pkcs8Key, err := ParsePrivateKey(ctx, pkcs8, "APNS private key")
+	pkcs8Key, err := ParsePrivateKey(pkcs8, "APNS private key")
 	require.NoError(t, err)
 
 	assert.Equal(t, pkcs1Key, pkcs8Key)
diff --git a/server/service/mdm.go b/server/service/mdm.go
index ceb7e6c3da23..531a03eb6bfd 100644
--- a/server/service/mdm.go
+++ b/server/service/mdm.go
@@ -2497,9 +2497,9 @@ func (svc *Service) GetMDMAppleCSR(ctx context.Context) ([]byte, error) {
 		}
 	} else {
 		rawApnsKey := savedAssets[fleet.MDMAssetAPNSKey]
-		apnsKey, err = cryptoutil.ParsePrivateKey(ctx, rawApnsKey.Value, "APNS private key")
+		apnsKey, err = cryptoutil.ParsePrivateKey(rawApnsKey.Value, "APNS private key")
 		if err != nil {
-			return nil, err
+			return nil, ctxerr.Wrap(ctx, err, "parse APNS private key")
 		}
 	}