diff --git a/src/go.mod b/src/go.mod index 254bf0b71..29b6bccfa 100644 --- a/src/go.mod +++ b/src/go.mod @@ -30,10 +30,10 @@ require ( github.com/elazarl/goproxy v0.0.0-20230731152917-f99041a5c027 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - go.step.sm/crypto v0.49.0 // indirect + go.step.sm/crypto v0.50.0 // indirect golang.org/x/crypto v0.25.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect ) require ( diff --git a/src/go.sum b/src/go.sum index 713c0895a..20dd75488 100644 --- a/src/go.sum +++ b/src/go.sum @@ -332,8 +332,8 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U= -go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= +go.step.sm/crypto v0.50.0 h1:BqI9sEgocoHDLLHiZnFqdqXl5FjdMvOWKMm/fKL/lrw= +go.step.sm/crypto v0.50.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8= golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -745,10 +745,10 @@ google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljW google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= google.golang.org/genproto v0.0.0-20220808204814-fd01256a5276/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 h1:a/Z0jgw03aJ2rQnp5PlPpznJqJft0HyvyrcUcxgzPwY= -google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 h1:SbSDUWW1PAO24TNpLdeheoYPd7kllICcLU52x6eD4kQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= diff --git a/src/vendor/go.step.sm/crypto/pemutil/pem.go b/src/vendor/go.step.sm/crypto/pemutil/pem.go index 2ad4ce703..d40b622a4 100644 --- a/src/vendor/go.step.sm/crypto/pemutil/pem.go +++ b/src/vendor/go.step.sm/crypto/pemutil/pem.go @@ -231,52 +231,93 @@ func ParseCertificate(pemData []byte) (*x509.Certificate, error) { return nil, errors.New("error parsing certificate: no certificate found") } -// ParseCertificateBundle extracts all the certificates in the given data. -func ParseCertificateBundle(pemData []byte) ([]*x509.Certificate, error) { - var block *pem.Block - var certs []*x509.Certificate - for len(pemData) > 0 { - block, pemData = pem.Decode(pemData) - if block == nil { - return nil, errors.New("error decoding pem block") +// ParseCertificateBundle returns a list of *x509.Certificate parsed from +// the given bytes. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. +func ParseCertificateBundle(data []byte) ([]*x509.Certificate, error) { + var err error + + // PEM format + if bytes.Contains(data, PEMBlockHeader) { + var block *pem.Block + var bundle []*x509.Certificate + for len(data) > 0 { + block, data = pem.Decode(data) + if block == nil { + break + } + if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { + continue + } + var crt *x509.Certificate + crt, err = x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, &InvalidPEMError{ + Err: err, + Type: PEMTypeCertificate, + } + } + bundle = append(bundle, crt) } - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue + if len(bundle) == 0 { + return nil, &InvalidPEMError{ + Type: PEMTypeCertificate, + } } + return bundle, nil + } - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, errors.Wrap(err, "error parsing certificate") + // DER format (binary) + crt, err := x509.ParseCertificate(data) + if err != nil { + return nil, &InvalidPEMError{ + Message: fmt.Sprintf("error parsing certificate as DER format: %v", err), + Type: PEMTypeCertificate, } - certs = append(certs, cert) - } - if len(certs) == 0 { - return nil, errors.New("error parsing certificate: no certificate found") } - return certs, nil + return []*x509.Certificate{crt}, nil } -// ParseCertificateRequest extracts the first certificate from the given pem. -func ParseCertificateRequest(pemData []byte) (*x509.CertificateRequest, error) { - var block *pem.Block - for len(pemData) > 0 { - block, pemData = pem.Decode(pemData) - if block == nil { - return nil, errors.New("error decoding pem block") - } - if (block.Type != "CERTIFICATE REQUEST" && block.Type != "NEW CERTIFICATE REQUEST") || - len(block.Headers) != 0 { - continue - } +// ParseCertificateRequest extracts the first *x509.CertificateRequest +// from the given data. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. +func ParseCertificateRequest(data []byte) (*x509.CertificateRequest, error) { + // PEM format + if bytes.Contains(data, PEMBlockHeader) { + var block *pem.Block + for len(data) > 0 { + block, data = pem.Decode(data) + if block == nil { + break + } + if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") { + continue + } + csr, err := x509.ParseCertificateRequest(block.Bytes) + if err != nil { + return nil, &InvalidPEMError{ + Type: PEMTypeCertificateRequest, + Err: err, + } + } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, errors.Wrap(err, "error parsing certificate request") + return csr, nil } - return csr, nil } - return nil, errors.New("error parsing certificate request: no certificate found") + // DER format (binary) + csr, err := x509.ParseCertificateRequest(data) + if err != nil { + return nil, &InvalidPEMError{ + Message: fmt.Sprintf("error parsing certificate request as DER format: %v", err), + Type: PEMTypeCertificateRequest, + } + } + return csr, nil } // PEMType represents a PEM block type. (e.g., CERTIFICATE, CERTIFICATE REQUEST, etc.) @@ -318,14 +359,10 @@ func (e *InvalidPEMError) Error() string { case e.Err != nil: return fmt.Sprintf("error decoding PEM data: %v", e.Err) default: - var prefix = "input" - if e.File != "" { - prefix = fmt.Sprintf("file %s", e.File) - } if e.Type == PEMTypeUndefined { - return fmt.Sprintf("%s does not contain valid PEM encoded data", prefix) + return "does not contain valid PEM encoded data" } - return fmt.Sprintf("%s does not contain a valid PEM encoded %s", prefix, e.Type) + return fmt.Sprintf("does not contain a valid PEM encoded %s", e.Type) } } @@ -355,83 +392,40 @@ func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error } } -// ReadCertificateBundle returns a list of *x509.Certificate from the given -// filename. It supports certificates formats PEM and DER. If a DER-formatted -// file is given only one certificate will be returned. +// ReadCertificateBundle reads the given filename and returns a list of +// *x509.Certificate. +// +// - supports PEM and DER certificate formats +// - If a DER-formatted file is given only one certificate will be returned. func ReadCertificateBundle(filename string) ([]*x509.Certificate, error) { b, err := utils.ReadFile(filename) if err != nil { return nil, err } - // PEM format - if bytes.Contains(b, PEMBlockHeader) { - var block *pem.Block - var bundle []*x509.Certificate - for len(b) > 0 { - block, b = pem.Decode(b) - if block == nil { - break - } - if block.Type != "CERTIFICATE" { - continue - } - var crt *x509.Certificate - crt, err = x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, errors.Wrapf(err, "error parsing %s", filename) - } - bundle = append(bundle, crt) - } - if len(bundle) == 0 { - return nil, &InvalidPEMError{File: filename, Type: PEMTypeCertificate} - } - return bundle, nil - } - - // DER format (binary) - crt, err := x509.ParseCertificate(b) + bundle, err := ParseCertificateBundle(b) if err != nil { - return nil, errors.Wrapf(err, "error parsing %s", filename) + return nil, fmt.Errorf("error parsing %s: %w", filename, err) } - return []*x509.Certificate{crt}, nil + return bundle, nil } -// ReadCertificateRequest returns a *x509.CertificateRequest from the given -// filename. It supports certificates formats PEM and DER. +// ReadCertificateRequest reads the given filename and returns a +// *x509.CertificateRequest. +// +// - supports PEM and DER Certificate formats. +// - supports reading from STDIN with filename `-`. func ReadCertificateRequest(filename string) (*x509.CertificateRequest, error) { b, err := utils.ReadFile(filename) if err != nil { return nil, err } - // PEM format - if bytes.Contains(b, PEMBlockHeader) { - var block *pem.Block - for len(b) > 0 { - block, b = pem.Decode(b) - if block == nil { - break - } - if !strings.HasSuffix(block.Type, "CERTIFICATE REQUEST") { - continue - } - csr, err := x509.ParseCertificateRequest(block.Bytes) - if err != nil { - return nil, &InvalidPEMError{ - File: filename, Type: PEMTypeCertificateRequest, - Message: fmt.Sprintf("error parsing %s: CSR PEM block is invalid: %v", filename, err), - Err: err, - } - } - - return csr, nil - } + cr, err := ParseCertificateRequest(b) + if err != nil { + return nil, fmt.Errorf("error parsing %s: %w", filename, err) } - - // DER format (binary) - csr, err := x509.ParseCertificateRequest(b) - return csr, errors.Wrapf(err, "error parsing %s", filename) + return cr, nil } // Parse returns the key or certificate PEM-encoded in the given bytes. diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index 0a6f936c5..1bf96cb9c 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -161,7 +161,7 @@ github.com/prometheus/procfs/internal/util # github.com/square/certstrap v1.3.0 ## explicit; go 1.18 github.com/square/certstrap/pkix -# go.step.sm/crypto v0.49.0 +# go.step.sm/crypto v0.50.0 ## explicit; go 1.21 go.step.sm/crypto/fingerprint go.step.sm/crypto/internal/bcrypt_pbkdf @@ -228,12 +228,12 @@ golang.org/x/text/unicode/norm # golang.org/x/tools v0.23.0 ## explicit; go 1.19 golang.org/x/tools/go/ast/inspector -# google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 +# google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d ## explicit; go 1.20 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d ## explicit; go 1.20 google.golang.org/genproto/googleapis/rpc/status # google.golang.org/grpc v1.65.0