Use always go.step.sm/crypto/x509util

This commit is contained in:
Mariano Cano 2020-08-11 17:59:33 -07:00
parent 8c2d5425e7
commit 533ad0ca20
6 changed files with 26 additions and 31 deletions

View file

@ -27,9 +27,9 @@ import (
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/crypto/x509util"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/randutil"
"go.step.sm/crypto/x509util"
jose "gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
@ -93,13 +93,9 @@ func TestCASign(t *testing.T) {
config.AuthorityConfig.Template = asn1dn
ca, err := New(config)
assert.FatalError(t, err)
intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt",
"testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt")
assert.FatalError(t, err)
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk",
stepJOSE.WithPassword([]byte("pass")))
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", stepJOSE.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: clijwk.Key},
(&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", clijwk.KeyID))
@ -321,9 +317,9 @@ ZEp7knvU2psWRw==
assert.FatalError(t, err)
assert.Equals(t, leaf.SubjectKeyId, subjectKeyID)
assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId)
assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId)
realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw)
realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw)
assert.FatalError(t, err)
assert.Equals(t, intermediate, realIntermediate)
} else {
@ -555,7 +551,7 @@ func TestCAHealth(t *testing.T) {
}
func TestCARenew(t *testing.T) {
pub, _, err := keys.GenerateDefaultKeyPair()
pub, priv, err := keys.GenerateDefaultKeyPair()
assert.FatalError(t, err)
asn1dn := &authority.ASN1DN{
@ -574,8 +570,9 @@ func TestCARenew(t *testing.T) {
assert.FatalError(t, err)
assert.FatalError(t, err)
intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt",
"testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt")
assert.FatalError(t, err)
intermediateKey, err := pemutil.Read("testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
assert.FatalError(t, err)
now := time.Now().UTC()
@ -605,15 +602,15 @@ func TestCARenew(t *testing.T) {
}
},
"success": func(t *testing.T) *renewTest {
profile, err := x509util.NewLeafProfile("test", intermediateIdentity.Crt,
intermediateIdentity.Key, x509util.WithPublicKey(pub),
x509util.WithNotBeforeAfterDuration(now, leafExpiry, 0), x509util.WithHosts("funk"))
cr, err := x509util.CreateCertificateRequest("test", []string{"funk"}, priv.(crypto.Signer))
assert.FatalError(t, err)
crtBytes, err := profile.CreateCertificate()
cert, err := x509util.NewCertificate(cr)
assert.FatalError(t, err)
crt, err := x509.ParseCertificate(crtBytes)
crt := cert.GetCertificate()
crt.NotBefore = time.Now()
crt.NotAfter = leafExpiry
crt, err = x509util.CreateCertificate(crt, intermediateCert, pub, intermediateKey.(crypto.Signer))
assert.FatalError(t, err)
return &renewTest{
ca: ca,
tlsConnState: &tls.ConnectionState{
@ -661,9 +658,9 @@ func TestCARenew(t *testing.T) {
subjectKeyID, err := generateSubjectKeyID(pub)
assert.FatalError(t, err)
assert.Equals(t, leaf.SubjectKeyId, subjectKeyID)
assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId)
assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId)
realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw)
realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw)
assert.FatalError(t, err)
assert.Equals(t, intermediate, realIntermediate)

View file

@ -30,7 +30,7 @@ import (
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/crypto/keys"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/crypto/x509util"
"go.step.sm/crypto/x509util"
"golang.org/x/net/http2"
"gopkg.in/square/go-jose.v2/jwt"
)

View file

@ -22,7 +22,7 @@ import (
"github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/crypto/x509util"
"go.step.sm/crypto/x509util"
"golang.org/x/crypto/ssh"
)

View file

@ -8,8 +8,8 @@ import (
"time"
"github.com/smallstep/cli/crypto/pemutil"
"github.com/smallstep/cli/crypto/x509util"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/x509util"
)
func getTestProvisioner(t *testing.T, caURL string) *Provisioner {

7
go.mod
View file

@ -17,7 +17,7 @@ require (
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95
github.com/smallstep/nosql v0.3.0
github.com/urfave/cli v1.22.2
go.step.sm/crypto v0.1.0
go.step.sm/crypto v0.1.1
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
golang.org/x/net v0.0.0-20200202094626-16171245cfb2
google.golang.org/api v0.15.0
@ -26,5 +26,6 @@ require (
gopkg.in/square/go-jose.v2 v2.4.0
)
//replace github.com/smallstep/cli => ../cli
//replace github.com/smallstep/nosql => ../nosql
// replace github.com/smallstep/cli => ../cli
// replace github.com/smallstep/nosql => ../nosql
// replace go.step.sm/crypto => ../crypto

7
go.sum
View file

@ -479,7 +479,6 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P
github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8=
github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU=
github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8=
github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk=
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8=
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg=
github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U=
@ -578,10 +577,8 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0 h1:FymMl8TrXGxFf80BWpO0CnkSfLnw0BkDdRrhbMGf5zE=
go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U=
go.step.sm/crypto v0.1.0 h1:SLo25kNU3C6u8Ne5BnavI9bhtA+PBrMnnNZKYIWhKFU=
go.step.sm/crypto v0.1.0/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8=
go.step.sm/crypto v0.1.1 h1:xg3kUS30hEnwgbxtKwq9a4MJaeiU616HSug60LU9B2E=
go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM=