Merge pull request #1190 from smallstep/dependabot/go_modules/github.…

…com/slackhq/nebula-1.9.3

Bump github.com/slackhq/nebula from 1.8.2 to 1.9.3

command/ca/renew.go

@@ -472,7 +472,7 @@ func (r *renewer) Renew(outFile string) (resp *api.SignResponse, err error) {
  return nil, errors.Wrap(err, "error renewing certificate")
  }
 
- if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+ if len(resp.CertChainPEM) == 0 {
  resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
  }
  var data []byte
@@ -503,7 +503,7 @@ func (r *renewer) Rekey(priv interface{}, outCert, outKey string, writePrivateKe
  if err != nil {
  return nil, errors.Wrap(err, "error rekeying certificate")
  }
- if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+ if len(resp.CertChainPEM) == 0 {
  resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
  }
  var data []byte

go.mod

@@ -1,6 +1,6 @@
 module github.com/smallstep/cli
 
-go 1.21
+go 1.22.0
 
 require (
  github.com/Microsoft/go-winio v0.6.2
@@ -14,7 +14,7 @@ require (
  github.com/manifoldco/promptui v0.9.0
  github.com/pkg/errors v0.9.1
  github.com/pquerna/otp v1.4.0
- github.com/slackhq/nebula v1.8.2
+ github.com/slackhq/nebula v1.9.3
  github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
  github.com/smallstep/certificates v0.27.2
  github.com/smallstep/certinfo v1.12.2

go.sum

@@ -320,8 +320,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/slackhq/nebula v1.8.2 h1:9lpJlivzjBPWxs9Y2tQqmJ1cP6hq+3kIodw021t3LrQ=
-github.com/slackhq/nebula v1.8.2/go.mod h1:SVVwnlGdmLg387U0XQMOSHRrD3VlJeXqd2/x/w/vxPs=
+github.com/slackhq/nebula v1.9.3 h1:WK5Oipy4NsVfNm41pywGmdy048F8RRkfSRG+lPHxcJQ=
+github.com/slackhq/nebula v1.9.3/go.mod h1:PMJer5rZe0H/O+kUiKOL9AJ/pL9+ryzNXtSN7ABfjfM=
 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
 github.com/smallstep/certificates v0.27.2 h1:MrSJvJviS9pCUtGYYguYyB1VQzZBmkL6ngLQZfVwRqU=

internal/crlutil/crl_extensions.go

@@ -85,106 +85,110 @@ func (d distributionPoint) FullNames() []string {
 type Extension struct {
  Name string `json:"-"`
  Details []string `json:"-"`
- json map[string]interface{}
+ json map[string]any
 }
 
 func (e *Extension) MarshalJSON() ([]byte, error) {
  return json.Marshal(e.json)
 }
 
-func (e *Extension) AddDetailf(format string, args ...interface{}) {
+func (e *Extension) AddDetailf(format string, args ...any) {
  e.Details = append(e.Details, fmt.Sprintf(format, args...))
 }
 
+func (e *Extension) AddDetail(detail string) {
+ e.Details = append(e.Details, detail)
+}
+
 func newExtension(e pkix.Extension) Extension {
  var ext Extension
  switch {
  case e.Id.Equal(oidExtensionReasonCode):
  ext.Name = "X509v3 CRL Reason Code:"
  value := parseReasonCode(e.Value)
- ext.AddDetailf(value)
- ext.json = map[string]interface{}{
+ ext.AddDetail(value)
+ ext.json = map[string]any{
  "crl_reason_code": value,
  }
 
  case e.Id.Equal(oidExtensionCRLNumber):
  ext.Name = "X509v3 CRL Number:"
  var n *big.Int
  if _, err := asn1.Unmarshal(e.Value, &n); err == nil {
- ext.AddDetailf(n.String())
- ext.json = map[string]interface{}{
+ ext.AddDetail(n.String())
+ ext.json = map[string]any{
  "crl_number": n.String(),
  }
  } else {
- ext.AddDetailf(sanitizeBytes(e.Value))
- ext.json = map[string]interface{}{
+ ext.AddDetail(sanitizeBytes(e.Value))
+ ext.json = map[string]any{
  "crl_number": e.Value,
  }
  }
 
  case e.Id.Equal(oidExtensionAuthorityKeyID):
  var v authorityKeyID
  ext.Name = "X509v3 Authority Key Identifier:"
- ext.json = map[string]interface{}{
+ ext.json = map[string]any{
  "authority_key_id": hex.EncodeToString(e.Value),
  }
  if _, err := asn1.Unmarshal(e.Value, &v); err == nil {
  var s string
  for _, b := range v.ID {
  s += fmt.Sprintf(":%02X", b)
  }
- ext.AddDetailf("keyid" + s)
+ ext.AddDetail("keyid" + s)
  } else {
- ext.AddDetailf(sanitizeBytes(e.Value))
+ ext.AddDetail(sanitizeBytes(e.Value))
  }
  case e.Id.Equal(oidExtensionIssuingDistributionPoint):
  ext.Name = "X509v3 Issuing Distribution Point:"
 
  var v distributionPoint
  if _, err := asn1.Unmarshal(e.Value, &v); err != nil {
- ext.AddDetailf(sanitizeBytes(e.Value))
- ext.json = map[string]interface{}{
+ ext.AddDetail(sanitizeBytes(e.Value))
+ ext.json = map[string]any{
  "issuing_distribution_point": e.Value,
  }
  } else {
  names := v.FullNames()
  if len(names) > 0 {
- ext.AddDetailf("Full Name:")
+ ext.AddDetail("Full Name:")
  for _, n := range names {
- ext.AddDetailf(" " + n)
+ ext.AddDetail(" " + n)
  }
  }
- js := map[string]interface{}{
+ js := map[string]any{
  "full_names": names,
  }
 
  // Only one of this should be set to true. But for inspect we
  // will allow more than one.
  if v.OnlyContainsUserCerts {
- ext.AddDetailf("Only User Certificates")
+ ext.AddDetail("Only User Certificates")
  js["only_user_certificates"] = true
  }
  if v.OnlyContainsCACerts {
- ext.AddDetailf("Only CA Certificates")
+ ext.AddDetail("Only CA Certificates")
  js["only_ca_certificates"] = true
  }
  if v.OnlyContainsAttributeCerts {
- ext.AddDetailf("Only Attribute Certificates")
+ ext.AddDetail("Only Attribute Certificates")
  js["only_attribute_certificates"] = true
  }
  if len(v.OnlySomeReasons.Bytes) > 0 {
  ext.AddDetailf("Reasons: %x", v.OnlySomeReasons.Bytes)
  js["only_some_reasons"] = v.OnlySomeReasons.Bytes
  }
 
- ext.json = map[string]interface{}{
+ ext.json = map[string]any{
  "issuing_distribution_point": js,
  }
  }
  default:
  ext.Name = e.Id.String()
- ext.AddDetailf(sanitizeBytes(e.Value))
- ext.json = map[string]interface{}{
+ ext.AddDetail(sanitizeBytes(e.Value))
+ ext.json = map[string]any{
  ext.Name: e.Value,
  }
  }

internal/sshutil/sshutil.go

@@ -2,8 +2,7 @@ package sshutil
 
 import (
  "crypto"
- //nolint:staticcheck // Maintain support for deprecated algorithms.
- "crypto/dsa"
+ "crypto/dsa" // Maintain support for deprecated algorithms.
  "crypto/ecdsa"
  "crypto/ed25519"
  "crypto/elliptic"
@@ -202,7 +201,6 @@ func parseECDSA(in []byte) (*ecdsa.PublicKey, error) {
  return nil, errors.Errorf("unsupported curve %s", w.Curve)
  }
 
- //nolint:staticcheck // ignore this deprecation warning - golang will fix
  key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
  if key.X == nil || key.Y == nil {
  return nil, errors.New("invalid curve point")

utils/cautils/certificate_flow.go

@@ -262,7 +262,7 @@ func (f *CertificateFlow) Sign(ctx *cli.Context, tok string, csr api.Certificate
  return err
  }
 
- if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+ if len(resp.CertChainPEM) == 0 {
  resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
  }
  var data []byte

utils/cautils/client.go

@@ -184,7 +184,7 @@ func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient,
  if err != nil {
  return nil, err
  }
- if signResponse.CertChainPEM == nil || len(signResponse.CertChainPEM) == 0 {
+ if len(signResponse.CertChainPEM) == 0 {
  signResponse.CertChainPEM = []api.Certificate{signResponse.ServerPEM, signResponse.CaPEM}
  }
  adminCert = make([]*x509.Certificate, len(signResponse.CertChainPEM))