From ba918100d037a691367e14df853a450ade96df13 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 24 Aug 2020 14:44:11 -0700 Subject: [PATCH] Use go.step.sm/crypto/jose Replace use of github.com/smallstep/cli/crypto with the new package go.step.sm/crypto/jose. --- acme/account.go | 2 +- acme/account_test.go | 2 +- acme/api/account_test.go | 2 +- acme/api/handler_test.go | 2 +- acme/api/middleware.go | 2 +- acme/api/middleware_test.go | 2 +- acme/authority.go | 2 +- acme/authority_test.go | 2 +- acme/challenge.go | 2 +- acme/challenge_test.go | 2 +- acme/common.go | 2 +- api/api_test.go | 2 +- authority/authority_test.go | 6 +- authority/authorize.go | 2 +- authority/authorize_test.go | 165 +++++++++++------------ authority/config_test.go | 10 +- authority/provisioner/aws.go | 2 +- authority/provisioner/aws_test.go | 2 +- authority/provisioner/azure.go | 2 +- authority/provisioner/azure_test.go | 2 +- authority/provisioner/collection.go | 2 +- authority/provisioner/collection_test.go | 2 +- authority/provisioner/gcp.go | 2 +- authority/provisioner/gcp_test.go | 2 +- authority/provisioner/jwk.go | 2 +- authority/provisioner/jwk_test.go | 2 +- authority/provisioner/k8sSA.go | 2 +- authority/provisioner/k8sSA_test.go | 2 +- authority/provisioner/keystore.go | 2 +- authority/provisioner/keystore_test.go | 2 +- authority/provisioner/oidc.go | 2 +- authority/provisioner/oidc_test.go | 2 +- authority/provisioner/options.go | 2 +- authority/provisioner/sshpop.go | 2 +- authority/provisioner/sshpop_test.go | 2 +- authority/provisioner/utils_test.go | 2 +- authority/provisioner/x5c.go | 2 +- authority/provisioner/x5c_test.go | 10 +- authority/ssh.go | 2 +- authority/ssh_test.go | 2 +- authority/tls.go | 4 +- authority/tls_test.go | 8 +- ca/acmeClient.go | 2 +- ca/acmeClient_test.go | 2 +- ca/bootstrap.go | 5 +- ca/bootstrap_test.go | 16 +-- ca/ca_test.go | 36 +++-- ca/provisioner.go | 2 +- ca/provisioner_test.go | 4 +- ca/tls_test.go | 16 +-- go.mod | 6 +- go.sum | 4 + pki/pki.go | 2 +- 53 files changed, 183 insertions(+), 187 deletions(-) diff --git a/acme/account.go b/acme/account.go index eeac09b9..ea0e7fdc 100644 --- a/acme/account.go +++ b/acme/account.go @@ -6,8 +6,8 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" + "go.step.sm/crypto/jose" ) // Account is a subset of the internal account type containing only those diff --git a/acme/account_test.go b/acme/account_test.go index ea63550f..0008551a 100644 --- a/acme/account_test.go +++ b/acme/account_test.go @@ -12,9 +12,9 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" "github.com/smallstep/nosql/database" + "go.step.sm/crypto/jose" ) var ( diff --git a/acme/api/account_test.go b/acme/api/account_test.go index 0e34f980..bdd61c59 100644 --- a/acme/api/account_test.go +++ b/acme/api/account_test.go @@ -16,7 +16,7 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/acme" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) var ( diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go index 34493357..ee602da6 100644 --- a/acme/api/handler_test.go +++ b/acme/api/handler_test.go @@ -19,7 +19,7 @@ import ( "github.com/smallstep/certificates/acme" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" ) diff --git a/acme/api/middleware.go b/acme/api/middleware.go index a847db64..3bf5f89a 100644 --- a/acme/api/middleware.go +++ b/acme/api/middleware.go @@ -14,8 +14,8 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/logging" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" + "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" ) diff --git a/acme/api/middleware_test.go b/acme/api/middleware_test.go index 916d84f0..d2a9cdc0 100644 --- a/acme/api/middleware_test.go +++ b/acme/api/middleware_test.go @@ -18,8 +18,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/acme" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql/database" + "go.step.sm/crypto/jose" ) var testBody = []byte("foo") diff --git a/acme/authority.go b/acme/authority.go index e37835f6..959dc9c4 100644 --- a/acme/authority.go +++ b/acme/authority.go @@ -14,8 +14,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" database "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" + "go.step.sm/crypto/jose" ) // Interface is the acme authority interface. diff --git a/acme/authority_test.go b/acme/authority_test.go index 19b42cb6..d411ca06 100644 --- a/acme/authority_test.go +++ b/acme/authority_test.go @@ -11,8 +11,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql/database" + "go.step.sm/crypto/jose" ) func TestAuthorityGetLink(t *testing.T) { diff --git a/acme/challenge.go b/acme/challenge.go index 82fa9327..a032bc00 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -18,8 +18,8 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" + "go.step.sm/crypto/jose" ) // Challenge is a subset of the challenge type containing only those attributes diff --git a/acme/challenge_test.go b/acme/challenge_test.go index 39b33e8c..c3d97f9f 100644 --- a/acme/challenge_test.go +++ b/acme/challenge_test.go @@ -28,9 +28,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" "github.com/smallstep/nosql/database" + "go.step.sm/crypto/jose" ) var testOps = ChallengeOptions{ diff --git a/acme/common.go b/acme/common.go index 45b2e476..fec47b94 100644 --- a/acme/common.go +++ b/acme/common.go @@ -8,7 +8,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/randutil" ) diff --git a/api/api_test.go b/api/api_test.go index 31d45f5d..190e5a2a 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -32,7 +32,7 @@ import ( "github.com/smallstep/certificates/errs" "github.com/smallstep/certificates/logging" "github.com/smallstep/certificates/templates" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "golang.org/x/crypto/ssh" ) diff --git a/authority/authority_test.go b/authority/authority_test.go index fe451245..54de0040 100644 --- a/authority/authority_test.go +++ b/authority/authority_test.go @@ -15,14 +15,14 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" - stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" ) func testAuthority(t *testing.T, opts ...Option) *Authority { - maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk") + maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk") assert.FatalError(t, err) - clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk") + clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk") assert.FatalError(t, err) disableRenewal := true enableSSHCA := true diff --git a/authority/authorize.go b/authority/authorize.go index 2bf7223b..0d3b767f 100644 --- a/authority/authorize.go +++ b/authority/authorize.go @@ -8,7 +8,7 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "golang.org/x/crypto/ssh" ) diff --git a/authority/authorize_test.go b/authority/authorize_test.go index f0c359c0..90eb8e46 100644 --- a/authority/authorize_test.go +++ b/authority/authorize_test.go @@ -17,11 +17,10 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" - "gopkg.in/square/go-jose.v2/jwt" ) var testAudiences = provisioner.Audiences{ @@ -84,7 +83,7 @@ func generateToken(sub, iss, aud string, sans []string, iat time.Time, jwk *jose func TestAuthority_authorizeToken(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -112,16 +111,16 @@ func TestAuthority_authorizeToken(t *testing.T) { } }, "fail/prehistoric-token": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), - IssuedAt: jwt.NewNumericDate(now.Add(-time.Hour)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), + IssuedAt: jose.NewNumericDate(now.Add(-time.Hour)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -131,11 +130,11 @@ func TestAuthority_authorizeToken(t *testing.T) { } }, "fail/provisioner-not-found": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "44", } @@ -143,7 +142,7 @@ func TestAuthority_authorizeToken(t *testing.T) { (&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", "foo")) assert.FatalError(t, err) - raw, err := jwt.Signed(_sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(_sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -153,15 +152,15 @@ func TestAuthority_authorizeToken(t *testing.T) { } }, "ok/simpledb": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -170,15 +169,15 @@ func TestAuthority_authorizeToken(t *testing.T) { }, "fail/simpledb/token-already-used": func(t *testing.T) *authorizeTest { _a := testAuthority(t) - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) _, err = _a.authorizeToken(context.Background(), raw) assert.FatalError(t, err) @@ -197,15 +196,15 @@ func TestAuthority_authorizeToken(t *testing.T) { }, } - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: _a, @@ -220,15 +219,15 @@ func TestAuthority_authorizeToken(t *testing.T) { }, } - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: _a, @@ -245,15 +244,15 @@ func TestAuthority_authorizeToken(t *testing.T) { }, } - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: _a, @@ -288,7 +287,7 @@ func TestAuthority_authorizeToken(t *testing.T) { func TestAuthority_authorizeRevoke(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -316,15 +315,15 @@ func TestAuthority_authorizeRevoke(t *testing.T) { } }, "fail/token/invalid-subject": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -334,15 +333,15 @@ func TestAuthority_authorizeRevoke(t *testing.T) { } }, "ok/token": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "44", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -372,7 +371,7 @@ func TestAuthority_authorizeRevoke(t *testing.T) { func TestAuthority_authorizeSign(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -400,15 +399,15 @@ func TestAuthority_authorizeSign(t *testing.T) { } }, "fail/invalid-subject": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -418,15 +417,15 @@ func TestAuthority_authorizeSign(t *testing.T) { } }, "ok": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "44", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -459,7 +458,7 @@ func TestAuthority_authorizeSign(t *testing.T) { func TestAuthority_Authorize(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -496,15 +495,15 @@ func TestAuthority_Authorize(t *testing.T) { } }, "ok/sign": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.Sign, ID: "1", } - token, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + token, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -522,15 +521,15 @@ func TestAuthority_Authorize(t *testing.T) { } }, "ok/revoke": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.Revoke, ID: "2", } - token, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + token, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -622,15 +621,15 @@ func TestAuthority_Authorize(t *testing.T) { } }, "ok/sshRevoke": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "test.smallstep.com", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.SSHRevoke, ID: "3", } - token, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + token, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -892,7 +891,7 @@ func createSSHCert(cert *ssh.Certificate, signer ssh.Signer) (*ssh.Certificate, func TestAuthority_authorizeSSHSign(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -920,15 +919,15 @@ func TestAuthority_authorizeSSHSign(t *testing.T) { } }, "fail/invalid-subject": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAudience, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -971,7 +970,7 @@ func TestAuthority_authorizeSSHSign(t *testing.T) { func TestAuthority_authorizeSSHRenew(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -999,15 +998,15 @@ func TestAuthority_authorizeSSHRenew(t *testing.T) { } }, "fail/sshRenew-unimplemented-jwk-provisioner": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.SSHRenew, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -1073,7 +1072,7 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) { }, })}...) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -1100,15 +1099,15 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) { } }, "fail/invalid-subject": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.SSHRevoke, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, @@ -1164,7 +1163,7 @@ func TestAuthority_authorizeSSHRevoke(t *testing.T) { func TestAuthority_authorizeSSHRekey(t *testing.T) { a := testAuthority(t) - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -1192,15 +1191,15 @@ func TestAuthority_authorizeSSHRekey(t *testing.T) { } }, "fail/sshRekey-unimplemented-jwk-provisioner": func(t *testing.T) *authorizeTest { - cl := jwt.Claims{ + cl := jose.Claims{ Subject: "", Issuer: validIssuer, - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: testAudiences.SSHRekey, ID: "43", } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) return &authorizeTest{ auth: a, diff --git a/authority/config_test.go b/authority/config_test.go index 22bfd6c8..87cd3fba 100644 --- a/authority/config_test.go +++ b/authority/config_test.go @@ -7,13 +7,13 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/authority/provisioner" - stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestConfigValidate(t *testing.T) { - maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk") + maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk") assert.FatalError(t, err) - clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk") + clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk") assert.FatalError(t, err) ac := &AuthConfig{ Provisioners: provisioner.List{ @@ -224,9 +224,9 @@ func TestAuthConfigValidate(t *testing.T) { CommonName: "test", } - maxjwk, err := stepJOSE.ParseKey("testdata/secrets/max_pub.jwk") + maxjwk, err := jose.ReadKey("testdata/secrets/max_pub.jwk") assert.FatalError(t, err) - clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_pub.jwk") + clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_pub.jwk") assert.FatalError(t, err) p := provisioner.List{ &provisioner.JWK{ diff --git a/authority/provisioner/aws.go b/authority/provisioner/aws.go index d25b5743..31cf340b 100644 --- a/authority/provisioner/aws.go +++ b/authority/provisioner/aws.go @@ -17,7 +17,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/aws_test.go b/authority/provisioner/aws_test.go index 94365982..3da945c1 100644 --- a/authority/provisioner/aws_test.go +++ b/authority/provisioner/aws_test.go @@ -20,7 +20,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestAWS_Getters(t *testing.T) { diff --git a/authority/provisioner/azure.go b/authority/provisioner/azure.go index 9934f56b..ea8b08ec 100644 --- a/authority/provisioner/azure.go +++ b/authority/provisioner/azure.go @@ -14,7 +14,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/azure_test.go b/authority/provisioner/azure_test.go index e919a5cd..f21a5676 100644 --- a/authority/provisioner/azure_test.go +++ b/authority/provisioner/azure_test.go @@ -18,7 +18,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestAzure_Getters(t *testing.T) { diff --git a/authority/provisioner/collection.go b/authority/provisioner/collection.go index a1d11740..16716698 100644 --- a/authority/provisioner/collection.go +++ b/authority/provisioner/collection.go @@ -13,7 +13,7 @@ import ( "sync" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) // DefaultProvisionersLimit is the default limit for listing provisioners. diff --git a/authority/provisioner/collection_test.go b/authority/provisioner/collection_test.go index cd15c18c..a0a79e92 100644 --- a/authority/provisioner/collection_test.go +++ b/authority/provisioner/collection_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/smallstep/assert" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestCollection_Load(t *testing.T) { diff --git a/authority/provisioner/gcp.go b/authority/provisioner/gcp.go index 42585124..830e7965 100644 --- a/authority/provisioner/gcp.go +++ b/authority/provisioner/gcp.go @@ -15,7 +15,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/gcp_test.go b/authority/provisioner/gcp_test.go index 23e306f4..d6c4054c 100644 --- a/authority/provisioner/gcp_test.go +++ b/authority/provisioner/gcp_test.go @@ -19,7 +19,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestGCP_Getters(t *testing.T) { diff --git a/authority/provisioner/jwk.go b/authority/provisioner/jwk.go index a42cc1ce..d6a97e2b 100644 --- a/authority/provisioner/jwk.go +++ b/authority/provisioner/jwk.go @@ -8,7 +8,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/jwk_test.go b/authority/provisioner/jwk_test.go index 61f66953..9198ff69 100644 --- a/authority/provisioner/jwk_test.go +++ b/authority/provisioner/jwk_test.go @@ -14,7 +14,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestJWK_Getters(t *testing.T) { diff --git a/authority/provisioner/k8sSA.go b/authority/provisioner/k8sSA.go index 10309ced..d64c1dfd 100644 --- a/authority/provisioner/k8sSA.go +++ b/authority/provisioner/k8sSA.go @@ -11,7 +11,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" diff --git a/authority/provisioner/k8sSA_test.go b/authority/provisioner/k8sSA_test.go index 9c731ae4..03ae7eff 100644 --- a/authority/provisioner/k8sSA_test.go +++ b/authority/provisioner/k8sSA_test.go @@ -10,7 +10,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func TestK8sSA_Getters(t *testing.T) { diff --git a/authority/provisioner/keystore.go b/authority/provisioner/keystore.go index c672c40c..f775e150 100644 --- a/authority/provisioner/keystore.go +++ b/authority/provisioner/keystore.go @@ -10,7 +10,7 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) const ( diff --git a/authority/provisioner/keystore_test.go b/authority/provisioner/keystore_test.go index 63c29a3b..9b0746ac 100644 --- a/authority/provisioner/keystore_test.go +++ b/authority/provisioner/keystore_test.go @@ -8,7 +8,7 @@ import ( "time" "github.com/smallstep/assert" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func Test_newKeyStore(t *testing.T) { diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go index 5fb4f449..64e16052 100644 --- a/authority/provisioner/oidc.go +++ b/authority/provisioner/oidc.go @@ -13,7 +13,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/oidc_test.go b/authority/provisioner/oidc_test.go index cb830246..b0e2f2f4 100644 --- a/authority/provisioner/oidc_test.go +++ b/authority/provisioner/oidc_test.go @@ -15,7 +15,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) func Test_openIDConfiguration_Validate(t *testing.T) { diff --git a/authority/provisioner/options.go b/authority/provisioner/options.go index 189cdfbf..593a38d9 100644 --- a/authority/provisioner/options.go +++ b/authority/provisioner/options.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/sshpop.go b/authority/provisioner/sshpop.go index db1c5a89..223f0b9e 100644 --- a/authority/provisioner/sshpop.go +++ b/authority/provisioner/sshpop.go @@ -10,7 +10,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/sshpop_test.go b/authority/provisioner/sshpop_test.go index b35601d4..5d51b90e 100644 --- a/authority/provisioner/sshpop_test.go +++ b/authority/provisioner/sshpop_test.go @@ -13,7 +13,7 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/utils_test.go b/authority/provisioner/utils_test.go index 62efe8e2..9a4f4a09 100644 --- a/authority/provisioner/utils_test.go +++ b/authority/provisioner/utils_test.go @@ -16,7 +16,7 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" diff --git a/authority/provisioner/x5c.go b/authority/provisioner/x5c.go index 1f6b0891..2b05f4c8 100644 --- a/authority/provisioner/x5c.go +++ b/authority/provisioner/x5c.go @@ -9,7 +9,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/x5c_test.go b/authority/provisioner/x5c_test.go index c1f9bf66..5d288de5 100644 --- a/authority/provisioner/x5c_test.go +++ b/authority/provisioner/x5c_test.go @@ -9,7 +9,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" ) @@ -154,7 +154,7 @@ M46l92gdOozT func TestX5C_authorizeToken(t *testing.T) { x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") assert.FatalError(t, err) - x5cJWK, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key") + x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") assert.FatalError(t, err) type test struct { @@ -402,7 +402,7 @@ lgsqsR63is+0YQ== func TestX5C_AuthorizeSign(t *testing.T) { certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") assert.FatalError(t, err) - jwk, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key") + jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") assert.FatalError(t, err) type test struct { @@ -518,7 +518,7 @@ func TestX5C_AuthorizeRevoke(t *testing.T) { "ok": func(t *testing.T) test { certs, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") assert.FatalError(t, err) - jwk, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key") + jwk, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") assert.FatalError(t, err) p, err := generateX5C(nil) @@ -599,7 +599,7 @@ func TestX5C_AuthorizeRenew(t *testing.T) { func TestX5C_AuthorizeSSHSign(t *testing.T) { x5cCerts, err := pemutil.ReadCertificateBundle("./testdata/certs/x5c-leaf.crt") assert.FatalError(t, err) - x5cJWK, err := jose.ParseKey("./testdata/secrets/x5c-leaf.key") + x5cJWK, err := jose.ReadKey("./testdata/secrets/x5c-leaf.key") assert.FatalError(t, err) _, fn := mockNow() diff --git a/authority/ssh.go b/authority/ssh.go index c7d144b2..14798dc2 100644 --- a/authority/ssh.go +++ b/authority/ssh.go @@ -14,7 +14,7 @@ import ( "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" "github.com/smallstep/certificates/templates" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/randutil" "go.step.sm/crypto/sshutil" "golang.org/x/crypto/ssh" diff --git a/authority/ssh_test.go b/authority/ssh_test.go index 3b21a85f..b5cce1fd 100644 --- a/authority/ssh_test.go +++ b/authority/ssh_test.go @@ -19,7 +19,7 @@ import ( "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" "github.com/smallstep/certificates/templates" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/sshutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/tls.go b/authority/tls.go index 08741972..efd02887 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -15,7 +15,7 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" @@ -281,7 +281,7 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error errs.WithKeyVal("reason", revokeOpts.Reason), errs.WithKeyVal("passiveOnly", revokeOpts.PassiveOnly), errs.WithKeyVal("MTLS", revokeOpts.MTLS), - errs.WithKeyVal("context", string(provisioner.MethodFromContext(ctx))), + errs.WithKeyVal("context", provisioner.MethodFromContext(ctx).String()), } if revokeOpts.MTLS { opts = append(opts, errs.WithKeyVal("certificate", base64.StdEncoding.EncodeToString(revokeOpts.Crt.Raw))) diff --git a/authority/tls_test.go b/authority/tls_test.go index e749e51e..234caaf8 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -22,7 +22,7 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" @@ -219,7 +219,7 @@ func TestAuthority_Sign(t *testing.T) { // Create a token to get test extra opts. p := a.config.AuthorityConfig.Provisioners[1].(*provisioner.JWK) - key, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + key, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) token, err := generateToken("smallstep test", "step-cli", testAudiences.Sign[0], []string{"test.smallstep.com"}, time.Now(), key) assert.FatalError(t, err) @@ -1000,7 +1000,7 @@ func TestAuthority_Revoke(t *testing.T) { validAudience := testAudiences.Revoke now := time.Now().UTC() - jwk, err := jose.ParseKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) + jwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: jwk.Key}, @@ -1193,7 +1193,7 @@ func TestAuthority_Revoke(t *testing.T) { assert.Equals(t, ctxErr.Details["reasonCode"], tc.opts.ReasonCode) assert.Equals(t, ctxErr.Details["reason"], tc.opts.Reason) assert.Equals(t, ctxErr.Details["MTLS"], tc.opts.MTLS) - assert.Equals(t, ctxErr.Details["context"], string(provisioner.RevokeMethod)) + assert.Equals(t, ctxErr.Details["context"], provisioner.RevokeMethod.String()) if tc.checkErrDetails != nil { tc.checkErrDetails(ctxErr) diff --git a/ca/acmeClient.go b/ca/acmeClient.go index 3895381f..deb8a3a2 100644 --- a/ca/acmeClient.go +++ b/ca/acmeClient.go @@ -14,7 +14,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/acme" acmeAPI "github.com/smallstep/certificates/acme/api" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" ) // ACMEClient implements an HTTP client to an ACME API. diff --git a/ca/acmeClient_test.go b/ca/acmeClient_test.go index 68990203..25d74b9d 100644 --- a/ca/acmeClient_test.go +++ b/ca/acmeClient_test.go @@ -16,7 +16,7 @@ import ( "github.com/smallstep/certificates/acme" acmeAPI "github.com/smallstep/certificates/acme/api" "github.com/smallstep/certificates/api" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" ) diff --git a/ca/bootstrap.go b/ca/bootstrap.go index 6c532d5c..c9e859bf 100644 --- a/ca/bootstrap.go +++ b/ca/bootstrap.go @@ -8,8 +8,7 @@ import ( "strings" "github.com/pkg/errors" - "github.com/smallstep/cli/jose" - "gopkg.in/square/go-jose.v2/jwt" + "go.step.sm/crypto/jose" ) type tokenClaims struct { @@ -20,7 +19,7 @@ type tokenClaims struct { // Bootstrap is a helper function that initializes a client with the // configuration in the bootstrap token. func Bootstrap(token string) (*Client, error) { - tok, err := jwt.ParseSigned(token) + tok, err := jose.ParseSigned(token) if err != nil { return nil, errors.Wrap(err, "error parsing token") } diff --git a/ca/bootstrap_test.go b/ca/bootstrap_test.go index 49c20dc0..d93de892 100644 --- a/ca/bootstrap_test.go +++ b/ca/bootstrap_test.go @@ -15,10 +15,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority" - stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/randutil" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) func newLocalListener() net.Listener { @@ -78,7 +76,7 @@ func startCAServer(configFile string) (*CA, string, error) { func generateBootstrapToken(ca, subject, sha string) string { now := time.Now() - jwk, err := stepJOSE.ParseKey("testdata/secrets/ott_mariano_priv.jwk", stepJOSE.WithPassword([]byte("password"))) + jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password"))) if err != nil { panic(err) } @@ -93,21 +91,21 @@ func generateBootstrapToken(ca, subject, sha string) string { } cl := struct { SHA string `json:"sha"` - jwt.Claims + jose.Claims SANS []string `json:"sans"` }{ SHA: sha, - Claims: jwt.Claims{ + Claims: jose.Claims{ ID: id, Subject: subject, Issuer: "mariano", - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: []string{ca + "/sign"}, }, SANS: []string{subject}, } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() if err != nil { panic(err) } diff --git a/ca/ca_test.go b/ca/ca_test.go index aae5b729..6e297733 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -25,13 +25,11 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" - stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "go.step.sm/crypto/x509util" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) type ClosingBuffer struct { @@ -95,7 +93,7 @@ func TestCASign(t *testing.T) { assert.FatalError(t, err) intermediateCert, err := pemutil.ReadCertificate("testdata/secrets/intermediate_ca.crt") assert.FatalError(t, err) - clijwk, err := stepJOSE.ParseKey("testdata/secrets/step_cli_key_priv.jwk", stepJOSE.WithPassword([]byte("pass"))) + clijwk, err := jose.ReadKey("testdata/secrets/step_cli_key_priv.jwk", jose.WithPassword([]byte("pass"))) assert.FatalError(t, err) sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: clijwk.Key}, (&jose.SignerOptions{}).WithType("JWT").WithHeader("kid", clijwk.KeyID)) @@ -177,20 +175,20 @@ ZEp7knvU2psWRw== jti, err := randutil.ASCII(32) assert.FatalError(t, err) cl := struct { - jwt.Claims + jose.Claims SANS []string `json:"sans"` }{ - Claims: jwt.Claims{ + Claims: jose.Claims{ Subject: "invalid", Issuer: "step-cli", - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAud, ID: jti, }, SANS: []string{"invalid"}, } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) csr, err := getCSR(priv) assert.FatalError(t, err) @@ -210,20 +208,20 @@ ZEp7knvU2psWRw== jti, err := randutil.ASCII(32) assert.FatalError(t, err) cl := struct { - jwt.Claims + jose.Claims SANS []string `json:"sans"` }{ - Claims: jwt.Claims{ + Claims: jose.Claims{ Subject: "test.smallstep.com", Issuer: "step-cli", - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAud, ID: jti, }, SANS: []string{"test.smallstep.com"}, } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) csr, err := getCSR(priv) assert.FatalError(t, err) @@ -244,19 +242,19 @@ ZEp7knvU2psWRw== jti, err := randutil.ASCII(32) assert.FatalError(t, err) cl := struct { - jwt.Claims + jose.Claims SANS []string `json:"sans"` }{ - Claims: jwt.Claims{ + Claims: jose.Claims{ Subject: "test.smallstep.com", Issuer: "step-cli", - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: validAud, ID: jti, }, } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() assert.FatalError(t, err) csr, err := getCSR(priv) assert.FatalError(t, err) diff --git a/ca/provisioner.go b/ca/provisioner.go index 28975fa4..80dd600a 100644 --- a/ca/provisioner.go +++ b/ca/provisioner.go @@ -7,9 +7,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/jose" "github.com/smallstep/cli/token" "github.com/smallstep/cli/token/provision" + "go.step.sm/crypto/jose" "go.step.sm/crypto/randutil" ) diff --git a/ca/provisioner_test.go b/ca/provisioner_test.go index c9910a04..ea0ca51e 100644 --- a/ca/provisioner_test.go +++ b/ca/provisioner_test.go @@ -7,13 +7,13 @@ import ( "testing" "time" - "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" ) func getTestProvisioner(t *testing.T, caURL string) *Provisioner { - jwk, err := jose.ParseKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password"))) + jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password"))) if err != nil { t.Fatal(err) } diff --git a/ca/tls_test.go b/ca/tls_test.go index 8dee0a6f..5513e06d 100644 --- a/ca/tls_test.go +++ b/ca/tls_test.go @@ -18,15 +18,13 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority" - stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/jose" "go.step.sm/crypto/randutil" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) func generateOTT(subject string) string { now := time.Now() - jwk, err := stepJOSE.ParseKey("testdata/secrets/ott_mariano_priv.jwk", stepJOSE.WithPassword([]byte("password"))) + jwk, err := jose.ReadKey("testdata/secrets/ott_mariano_priv.jwk", jose.WithPassword([]byte("password"))) if err != nil { panic(err) } @@ -40,20 +38,20 @@ func generateOTT(subject string) string { panic(err) } cl := struct { - jwt.Claims + jose.Claims SANS []string `json:"sans"` }{ - Claims: jwt.Claims{ + Claims: jose.Claims{ ID: id, Subject: subject, Issuer: "mariano", - NotBefore: jwt.NewNumericDate(now), - Expiry: jwt.NewNumericDate(now.Add(time.Minute)), + NotBefore: jose.NewNumericDate(now), + Expiry: jose.NewNumericDate(now.Add(time.Minute)), Audience: []string{"https://127.0.0.1:0/sign"}, }, SANS: []string{subject}, } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jose.Signed(sig).Claims(cl).CompactSerialize() if err != nil { panic(err) } diff --git a/go.mod b/go.mod index b964b368..086ba27a 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/rs/xid v1.2.1 github.com/sirupsen/logrus v1.4.2 - github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 + github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 github.com/smallstep/nosql v0.3.0 github.com/urfave/cli v1.22.2 @@ -23,9 +23,9 @@ require ( google.golang.org/api v0.15.0 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb google.golang.org/grpc v1.26.0 - gopkg.in/square/go-jose.v2 v2.4.0 + gopkg.in/square/go-jose.v2 v2.5.1 ) // replace github.com/smallstep/cli => ../cli // replace github.com/smallstep/nosql => ../nosql -// replace go.step.sm/crypto => ../crypto +replace go.step.sm/crypto => ../crypto diff --git a/go.sum b/go.sum index 737899ce..b6858bd4 100644 --- a/go.sum +++ b/go.sum @@ -476,6 +476,8 @@ github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5 h1:lX6ybsQW9Agn3q github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= @@ -804,6 +806,8 @@ gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= +gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/pki/pki.go b/pki/pki.go index 6ee5a110..e6df2c69 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -23,9 +23,9 @@ import ( "github.com/smallstep/certificates/db" "github.com/smallstep/cli/config" "github.com/smallstep/cli/errs" - "github.com/smallstep/cli/jose" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util"