Use local paths when possible, some AI cleanup

internal/pki/certs.go

@@ -1,15 +1,11 @@
 package pki
 
 import (
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"net"
 	"os"
-	"time"
 )
 
 // ParseCSRFromBytes parses a PEM-encoded CSR from bytes

internal/pki/certs_test.go

@@ -87,7 +87,7 @@ func TestSignCertificateRequest(t *testing.T) {
 
 	// Sign CSR
 	certPath := filepath.Join(tempDir, "node.crt")
-	err = SignCertificateRequest(caKeyPath, caCertPath, csrData, certPath, 30) // 30 days validity
+	err = SignCertificateRequest(caKeyPath, caCertPath, string(csrData), certPath, 30) // 30 days validity
 	if err != nil {
 		t.Fatalf("SignCertificateRequest failed: %v", err)
 	}