Use always go.step.sm/crypto/x509util

ca/ca_test.go

@@ -27,9 +27,9 @@ import (
 	"github.com/smallstep/certificates/errs"
 	"github.com/smallstep/cli/crypto/keys"
 	"github.com/smallstep/cli/crypto/pemutil"
-	"github.com/smallstep/cli/crypto/x509util"
 	stepJOSE "github.com/smallstep/cli/jose"
 	"go.step.sm/crypto/randutil"
+	"go.step.sm/crypto/x509util"
 	jose "gopkg.in/square/go-jose.v2"
 	"gopkg.in/square/go-jose.v2/jwt"
 )
@@ -93,13 +93,9 @@ func TestCASign(t *testing.T) {
 	config.AuthorityConfig.Template = asn1dn
 	ca, err := New(config)
 	assert.FatalError(t, err)
-
+	intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt")
-	intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt",
-		"testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
 	assert.FatalError(t, err)
-
+	clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", stepJOSE.WithPassword([]byte("pass")))
-	clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk",
-		stepJOSE.WithPassword([]byte("pass")))
 	assert.FatalError(t, err)
 	sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: clijwk.Key},
 		(&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", clijwk.KeyID))
@@ -321,9 +317,9 @@ ZEp7knvU2psWRw==
 					assert.FatalError(t, err)
 					assert.Equals(t, leaf.SubjectKeyId, subjectKeyID)
 
-					assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId)
+					assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId)
 
-					realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw)
+					realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw)
 					assert.FatalError(t, err)
 					assert.Equals(t, intermediate, realIntermediate)
 				} else {
@@ -555,7 +551,7 @@ func TestCAHealth(t *testing.T) {
 }
 
 func TestCARenew(t *testing.T) {
-	pub, _, err := keys.GenerateDefaultKeyPair()
+	pub, priv, err := keys.GenerateDefaultKeyPair()
 	assert.FatalError(t, err)
 
 	asn1dn := &authority.ASN1DN{
@@ -574,8 +570,9 @@ func TestCARenew(t *testing.T) {
 	assert.FatalError(t, err)
 	assert.FatalError(t, err)
 
-	intermediateIdentity, err := x509util.LoadIdentityFromDisk("testdata/secrets/intermediate_ca.crt",
+	intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt")
-		"testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
+	assert.FatalError(t, err)
+	intermediateKey, err := pemutil.Read("testdata/secrets/intermediate_ca_key", pemutil.WithPassword([]byte("password")))
 	assert.FatalError(t, err)
 
 	now := time.Now().UTC()
@@ -605,15 +602,15 @@ func TestCARenew(t *testing.T) {
 			}
 		},
 		"success": func(t *testing.T) *renewTest {
-			profile, err := x509util.NewLeafProfile("test", intermediateIdentity.Crt,
+			cr, err := x509util.CreateCertificateRequest("test", []string{"funk"}, priv.(crypto.Signer))
-				intermediateIdentity.Key, x509util.WithPublicKey(pub),
-				x509util.WithNotBeforeAfterDuration(now, leafExpiry, 0), x509util.WithHosts("funk"))
 			assert.FatalError(t, err)
-			crtBytes, err := profile.CreateCertificate()
+			cert, err := x509util.NewCertificate(cr)
 			assert.FatalError(t, err)
-			crt, err := x509.ParseCertificate(crtBytes)
+			crt := cert.GetCertificate()
+			crt.NotBefore = time.Now()
+			crt.NotAfter = leafExpiry
+			crt, err = x509util.CreateCertificate(crt, intermediateCert, pub, intermediateKey.(crypto.Signer))
 			assert.FatalError(t, err)
-
 			return &renewTest{
 				ca: ca,
 				tlsConnState: &tls.ConnectionState{
@@ -661,9 +658,9 @@ func TestCARenew(t *testing.T) {
 					subjectKeyID, err := generateSubjectKeyID(pub)
 					assert.FatalError(t, err)
 					assert.Equals(t, leaf.SubjectKeyId, subjectKeyID)
-					assert.Equals(t, leaf.AuthorityKeyId, intermediateIdentity.Crt.SubjectKeyId)
+					assert.Equals(t, leaf.AuthorityKeyId, intermediateCert.SubjectKeyId)
 
-					realIntermediate, err := x509.ParseCertificate(intermediateIdentity.Crt.Raw)
+					realIntermediate, err := x509.ParseCertificate(intermediateCert.Raw)
 					assert.FatalError(t, err)
 					assert.Equals(t, intermediate, realIntermediate)
 

ca/client.go

@@ -30,7 +30,7 @@ import (
 	"github.com/smallstep/cli/config"
 	"github.com/smallstep/cli/crypto/keys"
 	"github.com/smallstep/cli/crypto/pemutil"
-	"github.com/smallstep/cli/crypto/x509util"
+	"go.step.sm/crypto/x509util"
 	"golang.org/x/net/http2"
 	"gopkg.in/square/go-jose.v2/jwt"
 )

ca/client_test.go

@@ -22,7 +22,7 @@ import (
 	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/errs"
-	"github.com/smallstep/cli/crypto/x509util"
+	"go.step.sm/crypto/x509util"
 	"golang.org/x/crypto/ssh"
 )
 

ca/provisioner_test.go

@@ -8,8 +8,8 @@ import (
 	"time"
 
 	"github.com/smallstep/cli/crypto/pemutil"
-	"github.com/smallstep/cli/crypto/x509util"
 	"github.com/smallstep/cli/jose"
+	"go.step.sm/crypto/x509util"
 )
 
 func getTestProvisioner(t *testing.T, caURL string) *Provisioner {

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95
 	github.com/smallstep/nosql v0.3.0
 	github.com/urfave/cli v1.22.2
-	go.step.sm/crypto v0.1.0
+	go.step.sm/crypto v0.1.1
 	golang.org/x/crypto v0.0.0-20200414173820-0848c9571904
 	golang.org/x/net v0.0.0-20200202094626-16171245cfb2
 	google.golang.org/api v0.15.0
@@ -26,5 +26,6 @@ require (
 	gopkg.in/square/go-jose.v2 v2.4.0
 )
 
-//replace github.com/smallstep/cli => ../cli
+// replace github.com/smallstep/cli => ../cli
-//replace github.com/smallstep/nosql => ../nosql
+// replace github.com/smallstep/nosql => ../nosql
+// replace go.step.sm/crypto => ../crypto

go.sum

@@ -479,7 +479,6 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P
 github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8=
 github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU=
 github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8=
-github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk=
 github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8=
 github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg=
 github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U=
@@ -578,10 +577,8 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0 h1:FymMl8TrXGxFf80BWpO0CnkSfLnw0BkDdRrhbMGf5zE=
+go.step.sm/crypto v0.1.1 h1:xg3kUS30hEnwgbxtKwq9a4MJaeiU616HSug60LU9B2E=
-go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U=
+go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8=
-go.step.sm/crypto v0.1.0 h1:SLo25kNU3C6u8Ne5BnavI9bhtA+PBrMnnNZKYIWhKFU=
-go.step.sm/crypto v0.1.0/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM=