From ba3aa9335b45a077ae68b9bd269323ec44676218 Mon Sep 17 00:00:00 2001 From: CF Logging And Metrics CI Bot Date: Mon, 15 Jul 2024 08:31:20 +0000 Subject: [PATCH] Bump dependencies --- src/go.mod | 8 +- src/go.sum | 16 +- src/vendor/go.step.sm/crypto/pemutil/pem.go | 196 ++++++++++---------- src/vendor/modules.txt | 8 +- 4 files changed, 111 insertions(+), 117 deletions(-) diff --git a/src/go.mod b/src/go.mod index 85d740d01..d4ae35a75 100644 --- a/src/go.mod +++ b/src/go.mod @@ -9,7 +9,7 @@ require ( code.cloudfoundry.org/go-diodes v0.0.0-20240604201846-c756bfed2ed3 code.cloudfoundry.org/go-envstruct v1.7.0 code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a - code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88 + code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8 github.com/cloudfoundry/dropsonde v1.1.0 github.com/cloudfoundry/sonde-go v0.0.0-20240620221854-09ef53324489 github.com/onsi/gomega v1.33.1 @@ -50,14 +50,14 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/square/certstrap v1.3.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect - go.step.sm/crypto v0.49.0 // indirect + go.step.sm/crypto v0.50.0 // indirect golang.org/x/crypto v0.25.0 // indirect golang.org/x/mod v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/tools v0.23.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/src/go.sum b/src/go.sum index f17e8be03..c7f786ff6 100644 --- a/src/go.sum +++ b/src/go.sum @@ -9,8 +9,8 @@ code.cloudfoundry.org/go-loggregator/v9 v9.2.1 h1:S6Lgg5UJbhh2bt2TGQxs6R00CF8PrU code.cloudfoundry.org/go-loggregator/v9 v9.2.1/go.mod h1:FTFFruqGeOhVCDFvyLgl8EV8YW63NNwRzLhxJcporu8= code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a h1:XpebbxgIBBy7SrwIGW+gREZuAtnJ9PHWC4Y+k7yje2I= code.cloudfoundry.org/go-metric-registry v0.0.0-20240604201903-7cef498efb7a/go.mod h1:/Be8VtLiCeMUoYdUzFtmW8GGkk89HAy3zD79KUXzbhs= -code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88 h1:JxjCPf3ECmPGP1FEfHhfQ/OuJ1QmCqo9iHz2mT9mny4= -code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88/go.mod h1:n7UurXnHf6MFMvzfLN1VGT9W7hwL8Pm5EMrURWs6Yig= +code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8 h1:YWUbqlyYX4nf+mfbacMAgYxM/C9jWcFCurWssGmJJXI= +code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8/go.mod h1:NBHWa9Nc4D4F67/xur/iZrELZ36+1l7JYzNht0g6naI= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= git.sr.ht/~nelsam/hel/v3 v3.0.4 h1:ElleA4q9XHTskFod5T7cC4oXOULo41jKRjYijTIlJgw= @@ -183,8 +183,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= -go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U= -go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= +go.step.sm/crypto v0.50.0 h1:BqI9sEgocoHDLLHiZnFqdqXl5FjdMvOWKMm/fKL/lrw= +go.step.sm/crypto v0.50.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -251,10 +251,10 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 h1:a/Z0jgw03aJ2rQnp5PlPpznJqJft0HyvyrcUcxgzPwY= -google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 h1:SbSDUWW1PAO24TNpLdeheoYPd7kllICcLU52x6eD4kQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= diff --git a/src/vendor/go.step.sm/crypto/pemutil/pem.go b/src/vendor/go.step.sm/crypto/pemutil/pem.go index 2ad4ce703..d40b622a4 100644 --- a/src/vendor/go.step.sm/crypto/pemutil/pem.go +++ b/src/vendor/go.step.sm/crypto/pemutil/pem.go @@ -231,52 +231,93 @@ func ParseCertificate(pemData []byte) (*x509.Certificate, error) { return nil, errors.New("error parsing certificate: no certificate found") } -// ParseCertificateBundle extracts all the certificates in the given data. -func ParseCertificateBundle(pemData []byte) ([]*x509.Certificate, error) { - var block *pem.Block - var certs []*x509.Certificate - for len(pemData) > 0 { - block, pemData = pem.Decode(pemData) - if block == nil { - return nil, errors.New("error decoding pem block") +// ParseCertificateBundle returns a list of *x509.Certificate parsed from +// the given bytes. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. +func ParseCertificateBundle(data []byte) ([]*x509.Certificate, error) { + var err error + + // PEM format + if bytes.Contains(data, PEMBlockHeader) { + var block *pem.Block + var bundle []*x509.Certificate + for len(data) > 0 { + block, data = pem.Decode(data) + if block == nil { + break + } + if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { + continue + } + var crt *x509.Certificate + crt, err = x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, &InvalidPEMError{ + Err: err, + Type: PEMTypeCertificate, + } + } + bundle = append(bundle, crt) } - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue + if len(bundle) == 0 { + return nil, &InvalidPEMError{ + Type: PEMTypeCertificate, + } } + return bundle, nil + } - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, errors.Wrap(err, "error parsing certificate") + // DER format (binary) + crt, err := x509.ParseCertificate(data) + if err != nil { + return nil, &InvalidPEMError{ + Message: fmt.Sprintf("error parsing certificate as DER format: %v", err), + Type: PEMTypeCertificate, } - certs = append(certs, cert) - } - if len(certs) == 0 { - return nil, errors.New("error parsing certificate: no certificate found") } - return certs, nil + return []*x509.Certificate{crt}, nil } -// ParseCertificateRequest extracts the first certificate from the given pem. -func ParseCertificateRequest(pemData []byte) (*x509.CertificateRequest, error) { - var block *pem.Block - for len(pemData) > 0 { - block, pemData = pem.Decode(pemData) - if block == nil { - return nil, errors.New("error decoding pem block") - } - if (block.Type != "CERTIFICATE REQUEST" && block.Type != "NEW CERTIFICATE REQUEST") || - len(block.Headers) != 0 { - continue - } +// ParseCertificateRequest extracts the first *x509.CertificateRequest +// from the given data. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. +func ParseCertificateRequest(data []byte) (*x509.CertificateRequest, error) { + // PEM format + if bytes.Contains(data, PEMBlockHeader) { + var block *pem.Block + for len(data) > 0 { + block, data = pem.Decode(data) + if block == nil { + break + } + if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") { + continue + } + csr, err := x509.ParseCertificateRequest(block.Bytes) + if err != nil { + return nil, &InvalidPEMError{ + Type: PEMTypeCertificateRequest, + Err: err, + } + } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, errors.Wrap(err, "error parsing certificate request") + return csr, nil } - return csr, nil } - return nil, errors.New("error parsing certificate request: no certificate found") + // DER format (binary) + csr, err := x509.ParseCertificateRequest(data) + if err != nil { + return nil, &InvalidPEMError{ + Message: fmt.Sprintf("error parsing certificate request as DER format: %v", err), + Type: PEMTypeCertificateRequest, + } + } + return csr, nil } // PEMType represents a PEM block type. (e.g., CERTIFICATE, CERTIFICATE REQUEST, etc.) @@ -318,14 +359,10 @@ func (e *InvalidPEMError) Error() string { case e.Err != nil: return fmt.Sprintf("error decoding PEM data: %v", e.Err) default: - var prefix = "input" - if e.File != "" { - prefix = fmt.Sprintf("file %s", e.File) - } if e.Type == PEMTypeUndefined { - return fmt.Sprintf("%s does not contain valid PEM encoded data", prefix) + return "does not contain valid PEM encoded data" } - return fmt.Sprintf("%s does not contain a valid PEM encoded %s", prefix, e.Type) + return fmt.Sprintf("does not contain a valid PEM encoded %s", e.Type) } } @@ -355,83 +392,40 @@ func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error } } -// ReadCertificateBundle returns a list of *x509.Certificate from the given -// filename. It supports certificates formats PEM and DER. If a DER-formatted -// file is given only one certificate will be returned. +// ReadCertificateBundle reads the given filename and returns a list of +// *x509.Certificate. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. func ReadCertificateBundle(filename string) ([]*x509.Certificate, error) { b, err := utils.ReadFile(filename) if err != nil { return nil, err } - // PEM format - if bytes.Contains(b, PEMBlockHeader) { - var block *pem.Block - var bundle []*x509.Certificate - for len(b) > 0 { - block, b = pem.Decode(b) - if block == nil { - break - } - if block.Type != "CERTIFICATE" { - continue - } - var crt *x509.Certificate - crt, err = x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, errors.Wrapf(err, "error parsing %s", filename) - } - bundle = append(bundle, crt) - } - if len(bundle) == 0 { - return nil, &InvalidPEMError{File: filename, Type: PEMTypeCertificate} - } - return bundle, nil - } - - // DER format (binary) - crt, err := x509.ParseCertificate(b) + bundle, err := ParseCertificateBundle(b) if err != nil { - return nil, errors.Wrapf(err, "error parsing %s", filename) + return nil, fmt.Errorf("error parsing %s: %w", filename, err) } - return []*x509.Certificate{crt}, nil + return bundle, nil } -// ReadCertificateRequest returns a *x509.CertificateRequest from the given -// filename. It supports certificates formats PEM and DER. +// ReadCertificateRequest reads the given filename and returns a +// *x509.CertificateRequest. +// +// - supports PEM and DER Certificate formats. +// - supports reading from STDIN with filename `-`. func ReadCertificateRequest(filename string) (*x509.CertificateRequest, error) { b, err := utils.ReadFile(filename) if err != nil { return nil, err } - // PEM format - if bytes.Contains(b, PEMBlockHeader) { - var block *pem.Block - for len(b) > 0 { - block, b = pem.Decode(b) - if block == nil { - break - } - if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") { - continue - } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, &InvalidPEMError{ - File: filename, Type: PEMTypeCertificateRequest, - Message: fmt.Sprintf("error parsing %s: CSR PEM block is invalid: %v", filename, err), - Err: err, - } - } - - return csr, nil - } + cr, err := ParseCertificateRequest(b) + if err != nil { + return nil, fmt.Errorf("error parsing %s: %w", filename, err) } - - // DER format (binary) - csr, err := x509.ParseCertificateRequest(b) - return csr, errors.Wrapf(err, "error parsing %s", filename) + return cr, nil } // Parse returns the key or certificate PEM-encoded in the given bytes. diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index 89d2b74f8..fc5be86da 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -17,7 +17,7 @@ code.cloudfoundry.org/go-loggregator/v9/rpc/loggregator_v2 ## explicit; go 1.21 code.cloudfoundry.org/go-metric-registry code.cloudfoundry.org/go-metric-registry/testhelpers -# code.cloudfoundry.org/tlsconfig v0.0.0-20240710175717-1267031d8b88 +# code.cloudfoundry.org/tlsconfig v0.0.0-20240712175922-ffce9516cec8 ## explicit; go 1.21 code.cloudfoundry.org/tlsconfig code.cloudfoundry.org/tlsconfig/certtest @@ -173,7 +173,7 @@ go.opentelemetry.io/proto/otlp/common/v1 go.opentelemetry.io/proto/otlp/metrics/v1 go.opentelemetry.io/proto/otlp/resource/v1 go.opentelemetry.io/proto/otlp/trace/v1 -# go.step.sm/crypto v0.49.0 +# go.step.sm/crypto v0.50.0 ## explicit; go 1.21 go.step.sm/crypto/fingerprint go.step.sm/crypto/internal/bcrypt_pbkdf @@ -263,10 +263,10 @@ golang.org/x/tools/internal/stdlib golang.org/x/tools/internal/tokeninternal golang.org/x/tools/internal/typesinternal golang.org/x/tools/internal/versions -# google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 +# google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d ## explicit; go 1.20 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d ## explicit; go 1.20 google.golang.org/genproto/googleapis/rpc/status # google.golang.org/grpc v1.65.0