Use go.step.sm/crypto/jose

Replace use of github.com/smallstep/cli/crypto with the new package
go.step.sm/crypto/jose.
This commit is contained in:
Mariano Cano 2020-08-24 14:44:11 -07:00
parent 32ba80f446
commit ba918100d0
53 changed files with 183 additions and 187 deletions

View file

@ -6,8 +6,8 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"go.step.sm/crypto/jose"
)
// Account is a subset of the internal account type containing only those

View file

@ -12,9 +12,9 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
var (

View file

@ -16,7 +16,7 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/acme"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
var (

View file

@ -19,7 +19,7 @@ import (
"github.com/smallstep/certificates/acme"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
)

View file

@ -14,8 +14,8 @@ import (
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/logging"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/keyutil"
)

View file

@ -18,8 +18,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/acme"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
var testBody = []byte("foo")

View file

@ -14,8 +14,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/authority/provisioner"
database "github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"go.step.sm/crypto/jose"
)
// Interface is the acme authority interface.

View file

@ -11,8 +11,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
func TestAuthorityGetLink(t *testing.T) {

View file

@ -18,8 +18,8 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"go.step.sm/crypto/jose"
)
// Challenge is a subset of the challenge type containing only those attributes

View file

@ -28,9 +28,9 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/jose"
"github.com/smallstep/nosql"
"github.com/smallstep/nosql/database"
"go.step.sm/crypto/jose"
)
var testOps = ChallengeOptions{

View file

@ -8,7 +8,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/randutil"
)

View file

@ -32,7 +32,7 @@ import (
"github.com/smallstep/certificates/errs"
"github.com/smallstep/certificates/logging"
"github.com/smallstep/certificates/templates"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"golang.org/x/crypto/ssh"
)

View file

@ -15,14 +15,14 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
)
func testAuthority(t *testing.T, opts ...Option) *Authority {
maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk")
maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk")
assert.FatalError(t, err)
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk")
clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk")
assert.FatalError(t, err)
disableRenewal := true
enableSSHCA := true

View file

@ -8,7 +8,7 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"golang.org/x/crypto/ssh"
)

View file

@ -17,11 +17,10 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"golang.org/x/crypto/ssh"
"gopkg.in/square/go-jose.v2/jwt"
)
var testAudiences = provisioner.Audiences{
@ -84,7 +83,7 @@ func generateToken(sub, iss, aud string, sans []string, iat time.Time, jwk *jose
func TestAuthority_authorizeToken(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -112,16 +111,16 @@ func TestAuthority_authorizeToken(t *testing.T) {
}
},
"fail/prehistoric-token": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
IssuedAt: jwt.NewNumericDate(now.Add(-time.Hour)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
IssuedAt: jose.NewNumericDate(now.Add(-time.Hour)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -131,11 +130,11 @@ func TestAuthority_authorizeToken(t *testing.T) {
}
},
"fail/provisioner-not-found": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "44",
}
@ -143,7 +142,7 @@ func TestAuthority_authorizeToken(t *testing.T) {
(&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", "foo"))
assert.FatalError(t, err)
raw, err := jwt.Signed(_sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(_sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -153,15 +152,15 @@ func TestAuthority_authorizeToken(t *testing.T) {
}
},
"ok/simpledb": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -170,15 +169,15 @@ func TestAuthority_authorizeToken(t *testing.T) {
},
"fail/simpledb/token-already-used": func(t *testing.T) *authorizeTest {
_a := testAuthority(t)
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
_, err = _a.authorizeToken(context.Background(), raw)
assert.FatalError(t, err)
@ -197,15 +196,15 @@ func TestAuthority_authorizeToken(t *testing.T) {
},
}
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: _a,
@ -220,15 +219,15 @@ func TestAuthority_authorizeToken(t *testing.T) {
},
}
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: _a,
@ -245,15 +244,15 @@ func TestAuthority_authorizeToken(t *testing.T) {
},
}
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: _a,
@ -288,7 +287,7 @@ func TestAuthority_authorizeToken(t *testing.T) {
func TestAuthority_authorizeRevoke(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -316,15 +315,15 @@ func TestAuthority_authorizeRevoke(t *testing.T) {
}
},
"fail/token/invalid-subject": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -334,15 +333,15 @@ func TestAuthority_authorizeRevoke(t *testing.T) {
}
},
"ok/token": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "44",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -372,7 +371,7 @@ func TestAuthority_authorizeRevoke(t *testing.T) {
func TestAuthority_authorizeSign(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -400,15 +399,15 @@ func TestAuthority_authorizeSign(t *testing.T) {
}
},
"fail/invalid-subject": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -418,15 +417,15 @@ func TestAuthority_authorizeSign(t *testing.T) {
}
},
"ok": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "44",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -459,7 +458,7 @@ func TestAuthority_authorizeSign(t *testing.T) {
func TestAuthority_Authorize(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -496,15 +495,15 @@ func TestAuthority_Authorize(t *testing.T) {
}
},
"ok/sign": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.Sign,
ID: "1",
}
token, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
token, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -522,15 +521,15 @@ func TestAuthority_Authorize(t *testing.T) {
}
},
"ok/revoke": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.Revoke,
ID: "2",
}
token, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
token, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -622,15 +621,15 @@ func TestAuthority_Authorize(t *testing.T) {
}
},
"ok/sshRevoke": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "test.smallstep.com",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.SSHRevoke,
ID: "3",
}
token, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
token, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -892,7 +891,7 @@ func createSSHCert(cert *ssh.Certificate, signer ssh.Signer) (*ssh.Certificate,
func TestAuthority_authorizeSSHSign(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -920,15 +919,15 @@ func TestAuthority_authorizeSSHSign(t *testing.T) {
}
},
"fail/invalid-subject": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAudience,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -971,7 +970,7 @@ func TestAuthority_authorizeSSHSign(t *testing.T) {
func TestAuthority_authorizeSSHRenew(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -999,15 +998,15 @@ func TestAuthority_authorizeSSHRenew(t *testing.T) {
}
},
"fail/sshRenew-unimplemented-jwk-provisioner": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.SSHRenew,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -1073,7 +1072,7 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) {
},
})}...)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -1100,15 +1099,15 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) {
}
},
"fail/invalid-subject": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.SSHRevoke,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,
@ -1164,7 +1163,7 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) {
func TestAuthority_authorizeSSHRekey(t *testing.T) {
a := testAuthority(t)
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -1192,15 +1191,15 @@ func TestAuthority_authorizeSSHRekey(t *testing.T) {
}
},
"fail/sshRekey-unimplemented-jwk-provisioner": func(t *testing.T) *authorizeTest {
cl := jwt.Claims{
cl := jose.Claims{
Subject: "",
Issuer: validIssuer,
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: testAudiences.SSHRekey,
ID: "43",
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
return &authorizeTest{
auth: a,

View file

@ -7,13 +7,13 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/authority/provisioner"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestConfigValidate(t *testing.T) {
maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk")
maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk")
assert.FatalError(t, err)
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk")
clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk")
assert.FatalError(t, err)
ac := &AuthConfig{
Provisioners: provisioner.List{
@ -224,9 +224,9 @@ func TestAuthConfigValidate(t *testing.T) {
CommonName: "test",
}
maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk")
maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk")
assert.FatalError(t, err)
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk")
clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk")
assert.FatalError(t, err)
p := provisioner.List{
&provisioner.JWK{

View file

@ -17,7 +17,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -20,7 +20,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestAWS_Getters(t *testing.T) {

View file

@ -14,7 +14,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -18,7 +18,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestAzure_Getters(t *testing.T) {

View file

@ -13,7 +13,7 @@ import (
"sync"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
// DefaultProvisionersLimit is the default limit for listing provisioners.

View file

@ -9,7 +9,7 @@ import (
"testing"
"github.com/smallstep/assert"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestCollection_Load(t *testing.T) {

View file

@ -15,7 +15,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -19,7 +19,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestGCP_Getters(t *testing.T) {

View file

@ -8,7 +8,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -14,7 +14,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestJWK_Getters(t *testing.T) {

View file

@ -11,7 +11,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"

View file

@ -10,7 +10,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func TestK8sSA_Getters(t *testing.T) {

View file

@ -10,7 +10,7 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
const (

View file

@ -8,7 +8,7 @@ import (
"time"
"github.com/smallstep/assert"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func Test_newKeyStore(t *testing.T) {

View file

@ -13,7 +13,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -15,7 +15,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
func Test_openIDConfiguration_Validate(t *testing.T) {

View file

@ -5,7 +5,7 @@ import (
"strings"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/x509util"
)

View file

@ -10,7 +10,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"golang.org/x/crypto/ssh"
)

View file

@ -13,7 +13,7 @@ import (
"github.com/smallstep/assert"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"golang.org/x/crypto/ssh"
)

View file

@ -16,7 +16,7 @@ import (
"time"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"golang.org/x/crypto/ssh"

View file

@ -9,7 +9,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"go.step.sm/crypto/x509util"
)

View file

@ -9,7 +9,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/assert"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
)
@ -154,7 +154,7 @@ M46l92gdOozT
func TestX5C_authorizeToken(t *testing.T) {
x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt")
assert.FatalError(t, err)
x5cJWK, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key")
x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key")
assert.FatalError(t, err)
type test struct {
@ -402,7 +402,7 @@ lgsqsR63is+0YQ==
func TestX5C_AuthorizeSign(t *testing.T) {
certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt")
assert.FatalError(t, err)
jwk, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key")
jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key")
assert.FatalError(t, err)
type test struct {
@ -518,7 +518,7 @@ func TestX5C_AuthorizeRevoke(t *testing.T) {
"ok": func(t *testing.T) test {
certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt")
assert.FatalError(t, err)
jwk, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key")
jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key")
assert.FatalError(t, err)
p, err := generateX5C(nil)
@ -599,7 +599,7 @@ func TestX5C_AuthorizeRenew(t *testing.T) {
func TestX5C_AuthorizeSSHSign(t *testing.T) {
x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt")
assert.FatalError(t, err)
x5cJWK, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key")
x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key")
assert.FatalError(t, err)
_, fn := mockNow()

View file

@ -14,7 +14,7 @@ import (
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/certificates/templates"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/randutil"
"go.step.sm/crypto/sshutil"
"golang.org/x/crypto/ssh"

View file

@ -19,7 +19,7 @@ import (
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/certificates/templates"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/sshutil"
"golang.org/x/crypto/ssh"
)

View file

@ -15,7 +15,7 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
@ -281,7 +281,7 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error
errs.WithKeyVal("reason", revokeOpts.Reason),
errs.WithKeyVal("passiveOnly", revokeOpts.PassiveOnly),
errs.WithKeyVal("MTLS", revokeOpts.MTLS),
errs.WithKeyVal("context", string(provisioner.MethodFromContext(ctx))),
errs.WithKeyVal("context", provisioner.MethodFromContext(ctx).String()),
}
if revokeOpts.MTLS {
opts = append(opts, errs.WithKeyVal("certificate", base64.StdEncoding.EncodeToString(revokeOpts.Crt.Raw)))

View file

@ -22,7 +22,7 @@ import (
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/db"
"github.com/smallstep/certificates/errs"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
@ -219,7 +219,7 @@ func TestAuthority_Sign(t *testing.T) {
// Create a token to get test extra opts.
p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK)
key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
key, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
token, err := generateToken("smallstep test", "step-cli", testAudiences.Sign[0], []string{"test.smallstep.com"}, time.Now(), key)
assert.FatalError(t, err)
@ -1000,7 +1000,7 @@ func TestAuthority_Revoke(t *testing.T) {
validAudience := testAudiences.Revoke
now := time.Now().UTC()
jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key},
@ -1193,7 +1193,7 @@ func TestAuthority_Revoke(t *testing.T) {
assert.Equals(t, ctxErr.Details["reasonCode"], tc.opts.ReasonCode)
assert.Equals(t, ctxErr.Details["reason"], tc.opts.Reason)
assert.Equals(t, ctxErr.Details["MTLS"], tc.opts.MTLS)
assert.Equals(t, ctxErr.Details["context"], string(provisioner.RevokeMethod))
assert.Equals(t, ctxErr.Details["context"], provisioner.RevokeMethod.String())
if tc.checkErrDetails != nil {
tc.checkErrDetails(ctxErr)

View file

@ -14,7 +14,7 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/acme"
acmeAPI "github.com/smallstep/certificates/acme/api"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
)
// ACMEClient implements an HTTP client to an ACME API.

View file

@ -16,7 +16,7 @@ import (
"github.com/smallstep/certificates/acme"
acmeAPI "github.com/smallstep/certificates/acme/api"
"github.com/smallstep/certificates/api"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
)

View file

@ -8,8 +8,7 @@ import (
"strings"
"github.com/pkg/errors"
"github.com/smallstep/cli/jose"
"gopkg.in/square/go-jose.v2/jwt"
"go.step.sm/crypto/jose"
)
type tokenClaims struct {
@ -20,7 +19,7 @@ type tokenClaims struct {
// Bootstrap is a helper function that initializes a client with the
// configuration in the bootstrap token.
func Bootstrap(token string) (*Client, error) {
tok, err := jwt.ParseSigned(token)
tok, err := jose.ParseSigned(token)
if err != nil {
return nil, errors.Wrap(err, "error parsing token")
}

View file

@ -15,10 +15,8 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/randutil"
jose "gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
func newLocalListener() net.Listener {
@ -78,7 +76,7 @@ func startCAServer(configFile string) (*CA, string, error) {
func generateBootstrapToken(ca, subject, sha string) string {
now := time.Now()
jwk, err := stepJOSE.ParseKey("testdata/secrets/ott_mariano_priv.jwk", stepJOSE.WithPassword([]byte("password")))
jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password")))
if err != nil {
panic(err)
}
@ -93,21 +91,21 @@ func generateBootstrapToken(ca, subject, sha string) string {
}
cl := struct {
SHA string `json:"sha"`
jwt.Claims
jose.Claims
SANS []string `json:"sans"`
}{
SHA: sha,
Claims: jwt.Claims{
Claims: jose.Claims{
ID: id,
Subject: subject,
Issuer: "mariano",
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: []string{ca + "/sign"},
},
SANS: []string{subject},
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
if err != nil {
panic(err)
}

View file

@ -25,13 +25,11 @@ import (
"github.com/smallstep/certificates/authority"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/errs"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/randutil"
"go.step.sm/crypto/x509util"
jose "gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
type ClosingBuffer struct {
@ -95,7 +93,7 @@ func TestCASign(t *testing.T) {
assert.FatalError(t, err)
intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt")
assert.FatalError(t, err)
clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", stepJOSE.WithPassword([]byte("pass")))
clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass")))
assert.FatalError(t, err)
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: clijwk.Key},
(&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", clijwk.KeyID))
@ -177,20 +175,20 @@ ZEp7knvU2psWRw==
jti, err := randutil.ASCII(32)
assert.FatalError(t, err)
cl := struct {
jwt.Claims
jose.Claims
SANS []string `json:"sans"`
}{
Claims: jwt.Claims{
Claims: jose.Claims{
Subject: "invalid",
Issuer: "step-cli",
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAud,
ID: jti,
},
SANS: []string{"invalid"},
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
csr, err := getCSR(priv)
assert.FatalError(t, err)
@ -210,20 +208,20 @@ ZEp7knvU2psWRw==
jti, err := randutil.ASCII(32)
assert.FatalError(t, err)
cl := struct {
jwt.Claims
jose.Claims
SANS []string `json:"sans"`
}{
Claims: jwt.Claims{
Claims: jose.Claims{
Subject: "test.smallstep.com",
Issuer: "step-cli",
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAud,
ID: jti,
},
SANS: []string{"test.smallstep.com"},
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
csr, err := getCSR(priv)
assert.FatalError(t, err)
@ -244,19 +242,19 @@ ZEp7knvU2psWRw==
jti, err := randutil.ASCII(32)
assert.FatalError(t, err)
cl := struct {
jwt.Claims
jose.Claims
SANS []string `json:"sans"`
}{
Claims: jwt.Claims{
Claims: jose.Claims{
Subject: "test.smallstep.com",
Issuer: "step-cli",
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: validAud,
ID: jti,
},
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
assert.FatalError(t, err)
csr, err := getCSR(priv)
assert.FatalError(t, err)

View file

@ -7,9 +7,9 @@ import (
"github.com/pkg/errors"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/cli/jose"
"github.com/smallstep/cli/token"
"github.com/smallstep/cli/token/provision"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/randutil"
)

View file

@ -7,13 +7,13 @@ import (
"testing"
"time"
"github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"
)
func getTestProvisioner(t *testing.T, caURL string) *Provisioner {
jwk, err := jose.ParseKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password")))
jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password")))
if err != nil {
t.Fatal(err)
}

View file

@ -18,15 +18,13 @@ import (
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority"
stepJOSE "github.com/smallstep/cli/jose"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/randutil"
jose "gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
func generateOTT(subject string) string {
now := time.Now()
jwk, err := stepJOSE.ParseKey("testdata/secrets/ott_mariano_priv.jwk", stepJOSE.WithPassword([]byte("password")))
jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password")))
if err != nil {
panic(err)
}
@ -40,20 +38,20 @@ func generateOTT(subject string) string {
panic(err)
}
cl := struct {
jwt.Claims
jose.Claims
SANS []string `json:"sans"`
}{
Claims: jwt.Claims{
Claims: jose.Claims{
ID: id,
Subject: subject,
Issuer: "mariano",
NotBefore: jwt.NewNumericDate(now),
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
NotBefore: jose.NewNumericDate(now),
Expiry: jose.NewNumericDate(now.Add(time.Minute)),
Audience: []string{"https://127.0.0.1:0/sign"},
},
SANS: []string{subject},
}
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
raw, err := jose.Signed(sig).Claims(cl).CompactSerialize()
if err != nil {
panic(err)
}

6
go.mod
View file

@ -13,7 +13,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/rs/xid v1.2.1
github.com/sirupsen/logrus v1.4.2
github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95
github.com/smallstep/nosql v0.3.0
github.com/urfave/cli v1.22.2
@ -23,9 +23,9 @@ require (
google.golang.org/api v0.15.0
google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb
google.golang.org/grpc v1.26.0
gopkg.in/square/go-jose.v2 v2.4.0
gopkg.in/square/go-jose.v2 v2.5.1
)
// replace github.com/smallstep/cli => ../cli
// replace github.com/smallstep/nosql => ../nosql
// replace go.step.sm/crypto => ../crypto
replace go.step.sm/crypto => ../crypto

4
go.sum
View file

@ -476,6 +476,8 @@ github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5 h1:lX6ybsQW9Agn3q
github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE=
github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg=
github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8=
github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU=
github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8=
@ -804,6 +806,8 @@ gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A=
gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

View file

@ -23,9 +23,9 @@ import (
"github.com/smallstep/certificates/db"
"github.com/smallstep/cli/config"
"github.com/smallstep/cli/errs"
"github.com/smallstep/cli/jose"
"github.com/smallstep/cli/ui"
"github.com/smallstep/cli/utils"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/keyutil"
"go.step.sm/crypto/pemutil"
"go.step.sm/crypto/x509util"