diff --git a/ca/ca_test.go b/ca/ca_test.go index 43733a82..197e4cfe 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -27,9 +27,9 @@ import ( "github.com/smallstep/certificates/errs" "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/x509util" stepJOSE "github.com/smallstep/cli/jose" "go.step.sm/crypto/randutil" + "go.step.sm/crypto/x509util" jose "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) @@ -93,13 +93,9 @@ func TestCASign(t *testing.T) { config.AuthorityConfig.Template = asn1dn ca, err := New(config) assert.FatalError(t, err) - - intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt", - "testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password"))) + intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt") assert.FatalError(t, err) - - clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", - stepJOSE.WithPassword([]byte("pass"))) + clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", stepJOSE.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: clijwk.Key}, (&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", clijwk.KeyID)) @@ -321,9 +317,9 @@ ZEp7knvU2psWRw== assert.FatalError(t, err) assert.Equals(t, leaf.SubjectKeyId, subjectKeyID) - assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId) + assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId) - realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw) + realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw) assert.FatalError(t, err) assert.Equals(t, intermediate, realIntermediate) } else { @@ -555,7 +551,7 @@ func TestCAHealth(t *testing.T) { } func TestCARenew(t *testing.T) { - pub, _, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keys.GenerateDefaultKeyPair() assert.FatalError(t, err) asn1dn := &authority.ASN1DN{ @@ -574,8 +570,9 @@ func TestCARenew(t *testing.T) { assert.FatalError(t, err) assert.FatalError(t, err) - intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt", - "testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password"))) + intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt") + assert.FatalError(t, err) + intermediateKey, err := pemutil.Read("testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password"))) assert.FatalError(t, err) now := time.Now().UTC() @@ -605,15 +602,15 @@ func TestCARenew(t *testing.T) { } }, "success": func(t *testing.T) *renewTest { - profile, err := x509util.NewLeafProfile("test", intermediateIdentity.Crt, - intermediateIdentity.Key, x509util.WithPublicKey(pub), - x509util.WithNotBeforeAfterDuration(now, leafExpiry, 0), x509util.WithHosts("funk")) + cr, err := x509util.CreateCertificateRequest("test", []string{"funk"}, priv.(crypto.Signer)) assert.FatalError(t, err) - crtBytes, err := profile.CreateCertificate() + cert, err := x509util.NewCertificate(cr) assert.FatalError(t, err) - crt, err := x509.ParseCertificate(crtBytes) + crt := cert.GetCertificate() + crt.NotBefore = time.Now() + crt.NotAfter = leafExpiry + crt, err = x509util.CreateCertificate(crt, intermediateCert, pub, intermediateKey.(crypto.Signer)) assert.FatalError(t, err) - return &renewTest{ ca: ca, tlsConnState: &tls.ConnectionState{ @@ -661,9 +658,9 @@ func TestCARenew(t *testing.T) { subjectKeyID, err := generateSubjectKeyID(pub) assert.FatalError(t, err) assert.Equals(t, leaf.SubjectKeyId, subjectKeyID) - assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId) + assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId) - realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw) + realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw) assert.FatalError(t, err) assert.Equals(t, intermediate, realIntermediate) diff --git a/ca/client.go b/ca/client.go index 370126d6..7edc1dc6 100644 --- a/ca/client.go +++ b/ca/client.go @@ -30,7 +30,7 @@ import ( "github.com/smallstep/cli/config" "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/x509util" + "go.step.sm/crypto/x509util" "golang.org/x/net/http2" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/ca/client_test.go b/ca/client_test.go index f880c876..dbba4d4c 100644 --- a/ca/client_test.go +++ b/ca/client_test.go @@ -22,7 +22,7 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/x509util" + "go.step.sm/crypto/x509util" "golang.org/x/crypto/ssh" ) diff --git a/ca/provisioner_test.go b/ca/provisioner_test.go index 1d20eff6..b3fe1346 100644 --- a/ca/provisioner_test.go +++ b/ca/provisioner_test.go @@ -8,8 +8,8 @@ import ( "time" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/x509util" ) func getTestProvisioner(t *testing.T, caURL string) *Provisioner { diff --git a/go.mod b/go.mod index 757cc8fc..6d602db1 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 github.com/smallstep/nosql v0.3.0 github.com/urfave/cli v1.22.2 - go.step.sm/crypto v0.1.0 + go.step.sm/crypto v0.1.1 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 golang.org/x/net v0.0.0-20200202094626-16171245cfb2 google.golang.org/api v0.15.0 @@ -26,5 +26,6 @@ require ( gopkg.in/square/go-jose.v2 v2.4.0 ) -//replace github.com/smallstep/cli => ../cli -//replace github.com/smallstep/nosql => ../nosql +// replace github.com/smallstep/cli => ../cli +// replace github.com/smallstep/nosql => ../nosql +// replace go.step.sm/crypto => ../crypto diff --git a/go.sum b/go.sum index 520d0577..917e90c0 100644 --- a/go.sum +++ b/go.sum @@ -479,7 +479,6 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= -github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= @@ -578,10 +577,8 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0 h1:FymMl8TrXGxFf80BWpO0CnkSfLnw0BkDdRrhbMGf5zE= -go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= -go.step.sm/crypto v0.1.0 h1:SLo25kNU3C6u8Ne5BnavI9bhtA+PBrMnnNZKYIWhKFU= -go.step.sm/crypto v0.1.0/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= +go.step.sm/crypto v0.1.1 h1:xg3kUS30hEnwgbxtKwq9a4MJaeiU616HSug60LU9B2E= +go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM=