From ccc705cdcdd3b63b1eb0fa0e4b4176a8ece1c36f Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 20 Jul 2020 17:25:53 -0700 Subject: [PATCH] Use alias x509legacy to cli x509util in tls.go. --- authority/tls.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/authority/tls.go b/authority/tls.go index 280e45b6..cd0593dc 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -16,10 +16,10 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - x509cert "github.com/smallstep/certificates/x509util" + "github.com/smallstep/certificates/x509util" "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/crypto/tlsutil" - "github.com/smallstep/cli/crypto/x509util" + x509legacy "github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/jose" ) @@ -31,7 +31,7 @@ func (a *Authority) GetTLSOptions() *tlsutil.TLSOptions { var oidAuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35} var oidSubjectKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 14} -func withDefaultASN1DN(def *x509util.ASN1DN) provisioner.CertificateModifierFunc { +func withDefaultASN1DN(def *x509legacy.ASN1DN) provisioner.CertificateModifierFunc { return func(crt *x509.Certificate, opts provisioner.Options) error { if def == nil { return errors.New("default ASN1DN template cannot be nil") @@ -63,7 +63,7 @@ func withDefaultASN1DN(def *x509util.ASN1DN) provisioner.CertificateModifierFunc // Sign creates a signed certificate from a certificate signing request. func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) { var ( - certOptions []x509cert.Option + certOptions []x509util.Option certValidators []provisioner.CertificateValidator certModifiers []provisioner.CertificateModifier certEnforcers []provisioner.CertificateEnforcer @@ -106,9 +106,9 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti } } - cert, err := x509cert.NewCertificate(csr, certOptions...) + cert, err := x509util.NewCertificate(csr, certOptions...) if err != nil { - if _, ok := err.(*x509cert.TemplateError); ok { + if _, ok := err.(*x509util.TemplateError); ok { return nil, errs.NewErr(http.StatusBadRequest, err, errs.WithMessage(err.Error())) } return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Sign", opts...) @@ -142,7 +142,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti } } - serverCert, err := x509cert.CreateCertificate(leaf, a.x509Issuer, csr.PublicKey, a.x509Signer) + serverCert, err := x509util.CreateCertificate(leaf, a.x509Issuer, csr.PublicKey, a.x509Signer) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Sign; error creating certificate", opts...) @@ -241,7 +241,7 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5 newCert.ExtraExtensions = append(newCert.ExtraExtensions, ext) } - leaf, err := x509util.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer) + leaf, err := x509legacy.NewLeafProfileWithTemplate(newCert, a.x509Issuer, a.x509Signer) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey", opts...) } @@ -367,8 +367,8 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error // GetTLSCertificate creates a new leaf certificate to be used by the CA HTTPS server. func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) { - profile, err := x509util.NewLeafProfile("Step Online CA", a.x509Issuer, a.x509Signer, - x509util.WithHosts(strings.Join(a.config.DNSNames, ","))) + profile, err := x509legacy.NewLeafProfile("Step Online CA", a.x509Issuer, a.x509Signer, + x509legacy.WithHosts(strings.Join(a.config.DNSNames, ","))) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.GetTLSCertificate") }