Bump dependencies

cloudfoundry · Jul 15, 2024 · ba3aa93 · ba3aa93
1 parent 3466b43
commit ba3aa93
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 117 deletions.
diff --git a/src/go.mod b/src/go.mod
@@ -9,7 +9,7 @@ require (
 	code.cloudfoundry.org/go-diodes v0.0.0-20240604201846-c756bfed2ed3
 	code.cloudfoundry.org/go-envstruct v1.7.0
 	code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a
-	code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88
+	code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8
 	github.com/cloudfoundry/dropsonde v1.1.0
 	github.com/cloudfoundry/sonde-go v0.0.0-20240620221854-09ef53324489
 	github.com/onsi/gomega v1.33.1
@@ -50,14 +50,14 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/square/certstrap v1.3.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	go.step.sm/crypto v0.49.0 // indirect
+	go.step.sm/crypto v0.50.0 // indirect
 	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/src/go.sum b/src/go.sum
@@ -9,8 +9,8 @@ code.cloudfoundry.org/go-loggregator/v9 v9.2.1 h1:S6Lgg5UJbhh2bt2TGQxs6R00CF8PrU
 code.cloudfoundry.org/go-loggregator/v9 v9.2.1/go.mod h1:FTFFruqGeOhVCDFvyLgl8EV8YW63NNwRzLhxJcporu8=
 code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a h1:XpebbxgIBBy7SrwIGW+gREZuAtnJ9PHWC4Y+k7yje2I=
 code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a/go.mod h1:/Be8VtLiCeMUoYdUzFtmW8GGkk89HAy3zD79KUXzbhs=
-code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88 h1:JxjCPf3ECmPGP1FEfHhfQ/OuJ1QmCqo9iHz2mT9mny4=
-code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88/go.mod h1:n7UurXnHf6MFMvzfLN1VGT9W7hwL8Pm5EMrURWs6Yig=
+code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8 h1:YWUbqlyYX4nf+mfbacMAgYxM/C9jWcFCurWssGmJJXI=
+code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8/go.mod h1:NBHWa9Nc4D4F67/xur/iZrELZ36+1l7JYzNht0g6naI=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 git.sr.ht/~nelsam/hel/v3 v3.0.4 h1:ElleA4q9XHTskFod5T7cC4oXOULo41jKRjYijTIlJgw=
@@ -183,8 +183,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
-go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U=
-go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8=
+go.step.sm/crypto v0.50.0 h1:BqI9sEgocoHDLLHiZnFqdqXl5FjdMvOWKMm/fKL/lrw=
+go.step.sm/crypto v0.50.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
@@ -251,10 +251,10 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 h1:a/Z0jgw03aJ2rQnp5PlPpznJqJft0HyvyrcUcxgzPwY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 h1:SbSDUWW1PAO24TNpLdeheoYPd7kllICcLU52x6eD4kQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=

diff --git a/src/vendor/go.step.sm/crypto/pemutil/pem.go b/src/vendor/go.step.sm/crypto/pemutil/pem.go
@@ -231,52 +231,93 @@ func ParseCertificate(pemData []byte) (*x509.Certificate, error) {
 	return nil, errors.New("error parsing certificate: no certificate found")
 }
 
-// ParseCertificateBundle extracts all the certificates in the given data.
-func ParseCertificateBundle(pemData []byte) ([]*x509.Certificate, error) {
-	var block *pem.Block
-	var certs []*x509.Certificate
-	for len(pemData) > 0 {
-		block, pemData = pem.Decode(pemData)
-		if block == nil {
-			return nil, errors.New("error decoding pem block")
+// ParseCertificateBundle returns a list of *x509.Certificate parsed from
+// the given bytes.
+//
+// - supports PEM and DER certificate formats
+//   - If a DER-formatted file is given only one certificate will be returned.
+func ParseCertificateBundle(data []byte) ([]*x509.Certificate, error) {
+	var err error
+
+	// PEM format
+	if bytes.Contains(data, PEMBlockHeader) {
+		var block *pem.Block
+		var bundle []*x509.Certificate
+		for len(data) > 0 {
+			block, data = pem.Decode(data)
+			if block == nil {
+				break
+			}
+			if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
+				continue
+			}
+			var crt *x509.Certificate
+			crt, err = x509.ParseCertificate(block.Bytes)
+			if err != nil {
+				return nil, &InvalidPEMError{
+					Err:  err,
+					Type: PEMTypeCertificate,
+				}
+			}
+			bundle = append(bundle, crt)
 		}
-		if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
-			continue
+		if len(bundle) == 0 {
+			return nil, &InvalidPEMError{
+				Type: PEMTypeCertificate,
+			}
 		}
+		return bundle, nil
+	}
 
-		cert, err := x509.ParseCertificate(block.Bytes)
-		if err != nil {
-			return nil, errors.Wrap(err, "error parsing certificate")
+	// DER format (binary)
+	crt, err := x509.ParseCertificate(data)
+	if err != nil {
+		return nil, &InvalidPEMError{
+			Message: fmt.Sprintf("error parsing certificate as DER format: %v", err),
+			Type:    PEMTypeCertificate,
 		}
-		certs = append(certs, cert)
-	}
-	if len(certs) == 0 {
-		return nil, errors.New("error parsing certificate: no certificate found")
 	}
-	return certs, nil
+	return []*x509.Certificate{crt}, nil
 }
 
-// ParseCertificateRequest extracts the first certificate from the given pem.
-func ParseCertificateRequest(pemData []byte) (*x509.CertificateRequest, error) {
-	var block *pem.Block
-	for len(pemData) > 0 {
-		block, pemData = pem.Decode(pemData)
-		if block == nil {
-			return nil, errors.New("error decoding pem block")
-		}
-		if (block.Type != "CERTIFICATE REQUEST" && block.Type != "NEW CERTIFICATE REQUEST") ||
-			len(block.Headers) != 0 {
-			continue
-		}
+// ParseCertificateRequest extracts the first *x509.CertificateRequest
+// from the given data.
+//
+// - supports PEM and DER certificate formats
+//   - If a DER-formatted file is given only one certificate will be returned.
+func ParseCertificateRequest(data []byte) (*x509.CertificateRequest, error) {
+	// PEM format
+	if bytes.Contains(data, PEMBlockHeader) {
+		var block *pem.Block
+		for len(data) > 0 {
+			block, data = pem.Decode(data)
+			if block == nil {
+				break
+			}
+			if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") {
+				continue
+			}
+			csr, err := x509.ParseCertificateRequest(block.Bytes)
+			if err != nil {
+				return nil, &InvalidPEMError{
+					Type: PEMTypeCertificateRequest,
+					Err:  err,
+				}
+			}
 
-		csr, err := x509.ParseCertificateRequest(block.Bytes)
-		if err != nil {
-			return nil, errors.Wrap(err, "error parsing certificate request")
+			return csr, nil
 		}
-		return csr, nil
 	}
 
-	return nil, errors.New("error parsing certificate request: no certificate found")
+	// DER format (binary)
+	csr, err := x509.ParseCertificateRequest(data)
+	if err != nil {
+		return nil, &InvalidPEMError{
+			Message: fmt.Sprintf("error parsing certificate request as DER format: %v", err),
+			Type:    PEMTypeCertificateRequest,
+		}
+	}
+	return csr, nil
 }
 
 // PEMType represents a PEM block type. (e.g., CERTIFICATE, CERTIFICATE REQUEST, etc.)
@@ -318,14 +359,10 @@ func (e *InvalidPEMError) Error() string {
 	case e.Err != nil:
 		return fmt.Sprintf("error decoding PEM data: %v", e.Err)
 	default:
-		var prefix = "input"
-		if e.File != "" {
-			prefix = fmt.Sprintf("file %s", e.File)
-		}
 		if e.Type == PEMTypeUndefined {
-			return fmt.Sprintf("%s does not contain valid PEM encoded data", prefix)
+			return "does not contain valid PEM encoded data"
 		}
-		return fmt.Sprintf("%s does not contain a valid PEM encoded %s", prefix, e.Type)
+		return fmt.Sprintf("does not contain a valid PEM encoded %s", e.Type)
 	}
 }
 
@@ -355,83 +392,40 @@ func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error
 	}
 }
 
-// ReadCertificateBundle returns a list of *x509.Certificate from the given
-// filename. It supports certificates formats PEM and DER. If a DER-formatted
-// file is given only one certificate will be returned.
+// ReadCertificateBundle reads the given filename and returns a list of
+// *x509.Certificate.
+//
+// - supports PEM and DER certificate formats
+//   - If a DER-formatted file is given only one certificate will be returned.
 func ReadCertificateBundle(filename string) ([]*x509.Certificate, error) {
 	b, err := utils.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
 
-	// PEM format
-	if bytes.Contains(b, PEMBlockHeader) {
-		var block *pem.Block
-		var bundle []*x509.Certificate
-		for len(b) > 0 {
-			block, b = pem.Decode(b)
-			if block == nil {
-				break
-			}
-			if block.Type != "CERTIFICATE" {
-				continue
-			}
-			var crt *x509.Certificate
-			crt, err = x509.ParseCertificate(block.Bytes)
-			if err != nil {
-				return nil, errors.Wrapf(err, "error parsing %s", filename)
-			}
-			bundle = append(bundle, crt)
-		}
-		if len(bundle) == 0 {
-			return nil, &InvalidPEMError{File: filename, Type: PEMTypeCertificate}
-		}
-		return bundle, nil
-	}
-
-	// DER format (binary)
-	crt, err := x509.ParseCertificate(b)
+	bundle, err := ParseCertificateBundle(b)
 	if err != nil {
-		return nil, errors.Wrapf(err, "error parsing %s", filename)
+		return nil, fmt.Errorf("error parsing %s: %w", filename, err)
 	}
-	return []*x509.Certificate{crt}, nil
+	return bundle, nil
 }
 
-// ReadCertificateRequest returns a *x509.CertificateRequest from the given
-// filename. It supports certificates formats PEM and DER.
+// ReadCertificateRequest reads the given filename and returns a
+// *x509.CertificateRequest.
+//
+// - supports PEM and DER Certificate formats.
+// - supports reading from STDIN with filename `-`.
 func ReadCertificateRequest(filename string) (*x509.CertificateRequest, error) {
 	b, err := utils.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
 
-	// PEM format
-	if bytes.Contains(b, PEMBlockHeader) {
-		var block *pem.Block
-		for len(b) > 0 {
-			block, b = pem.Decode(b)
-			if block == nil {
-				break
-			}
-			if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") {
-				continue
-			}
-			csr, err := x509.ParseCertificateRequest(block.Bytes)
-			if err != nil {
-				return nil, &InvalidPEMError{
-					File: filename, Type: PEMTypeCertificateRequest,
-					Message: fmt.Sprintf("error parsing %s: CSR PEM block is invalid: %v", filename, err),
-					Err:     err,
-				}
-			}
-
-			return csr, nil
-		}
+	cr, err := ParseCertificateRequest(b)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing %s: %w", filename, err)
 	}
-
-	// DER format (binary)
-	csr, err := x509.ParseCertificateRequest(b)
-	return csr, errors.Wrapf(err, "error parsing %s", filename)
+	return cr, nil
 }
 
 // Parse returns the key or certificate PEM-encoded in the given bytes.

diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
@@ -17,7 +17,7 @@ code.cloudfoundry.org/go-loggregator/v9/rpc/loggregator_v2
 ## explicit; go 1.21
 code.cloudfoundry.org/go-metric-registry
 code.cloudfoundry.org/go-metric-registry/testhelpers
-# code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88
+# code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8
 ## explicit; go 1.21
 code.cloudfoundry.org/tlsconfig
 code.cloudfoundry.org/tlsconfig/certtest
@@ -173,7 +173,7 @@ go.opentelemetry.io/proto/otlp/common/v1
 go.opentelemetry.io/proto/otlp/metrics/v1
 go.opentelemetry.io/proto/otlp/resource/v1
 go.opentelemetry.io/proto/otlp/trace/v1
-# go.step.sm/crypto v0.49.0
+# go.step.sm/crypto v0.50.0
 ## explicit; go 1.21
 go.step.sm/crypto/fingerprint
 go.step.sm/crypto/internal/bcrypt_pbkdf
@@ -263,10 +263,10 @@ golang.org/x/tools/internal/stdlib
 golang.org/x/tools/internal/tokeninternal
 golang.org/x/tools/internal/typesinternal
 golang.org/x/tools/internal/versions
-# google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5
+# google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d
 ## explicit; go 1.20
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d
 ## explicit; go 1.20
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.65.0