From e83e47a91ebebe1b9426ac08f66b4c50e21a36bf Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 10 Aug 2020 11:26:51 -0700 Subject: [PATCH] Use sshutil and randutil from go.step.sm/crypto. --- acme/common.go | 2 +- api/api_test.go | 7 +++---- api/ssh.go | 5 ++--- api/ssh_test.go | 13 ++++++------- authority/authority.go | 3 +-- authority/authorize_test.go | 2 +- authority/options.go | 3 +-- authority/provisioner/aws.go | 4 ++-- authority/provisioner/azure.go | 4 ++-- authority/provisioner/gcp.go | 4 ++-- authority/provisioner/jwk.go | 2 +- authority/provisioner/k8sSA.go | 2 +- authority/provisioner/oidc.go | 6 +++--- authority/provisioner/ssh_options.go | 6 +++--- authority/provisioner/ssh_test.go | 2 +- authority/provisioner/utils_test.go | 2 +- authority/provisioner/x5c.go | 2 +- authority/provisioner/x5c_test.go | 2 +- authority/ssh.go | 25 ++++++++++++++++++++----- authority/ssh_test.go | 18 +++++++++--------- ca/bootstrap_test.go | 2 +- ca/ca_test.go | 2 +- ca/provisioner.go | 2 +- ca/tls_test.go | 2 +- commands/onboard.go | 2 +- go.mod | 2 +- go.sum | 3 +++ sshutil/certificate.go | 2 +- 28 files changed, 72 insertions(+), 59 deletions(-) diff --git a/acme/common.go b/acme/common.go index d2d710cc..45b2e476 100644 --- a/acme/common.go +++ b/acme/common.go @@ -8,8 +8,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" ) // Provisioner is an interface that implements a subset of the provisioner.Interface -- diff --git a/api/api_test.go b/api/api_test.go index aab47e53..7df021cc 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -31,7 +31,6 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" "github.com/smallstep/certificates/logging" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "github.com/smallstep/cli/crypto/tlsutil" "github.com/smallstep/cli/jose" @@ -564,7 +563,7 @@ type mockAuthority struct { signSSHAddUser func(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error) renewSSH func(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error) rekeySSH func(ctx context.Context, cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) - getSSHHosts func(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) + getSSHHosts func(ctx context.Context, cert *x509.Certificate) ([]authority.Host, error) getSSHRoots func(ctx context.Context) (*authority.SSHKeys, error) getSSHFederation func(ctx context.Context) (*authority.SSHKeys, error) getSSHConfig func(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error) @@ -697,11 +696,11 @@ func (m *mockAuthority) RekeySSH(ctx context.Context, cert *ssh.Certificate, key return m.ret1.(*ssh.Certificate), m.err } -func (m *mockAuthority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) { +func (m *mockAuthority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]authority.Host, error) { if m.getSSHHosts != nil { return m.getSSHHosts(ctx, cert) } - return m.ret1.([]sshutil.Host), m.err + return m.ret1.([]authority.Host), m.err } func (m *mockAuthority) GetSSHRoots(ctx context.Context) (*authority.SSHKeys, error) { diff --git a/api/ssh.go b/api/ssh.go index 7e3cb3db..9962ad4f 100644 --- a/api/ssh.go +++ b/api/ssh.go @@ -12,7 +12,6 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "golang.org/x/crypto/ssh" ) @@ -27,7 +26,7 @@ type SSHAuthority interface { GetSSHFederation(ctx context.Context) (*authority.SSHKeys, error) GetSSHConfig(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error) CheckSSHHost(ctx context.Context, principal string, token string) (bool, error) - GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) + GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]authority.Host, error) GetSSHBastion(ctx context.Context, user string, hostname string) (*authority.Bastion, error) } @@ -87,7 +86,7 @@ type SSHCertificate struct { // SSHGetHostsResponse is the response object that returns the list of valid // hosts for SSH. type SSHGetHostsResponse struct { - Hosts []sshutil.Host `json:"hosts"` + Hosts []authority.Host `json:"hosts"` } // MarshalJSON implements the json.Marshaler interface. Returns a quoted, diff --git a/api/ssh_test.go b/api/ssh_test.go index 7561709a..1873a96d 100644 --- a/api/ssh_test.go +++ b/api/ssh_test.go @@ -22,7 +22,6 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/logging" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "golang.org/x/crypto/ssh" ) @@ -569,29 +568,29 @@ func Test_caHandler_SSHCheckHost(t *testing.T) { } func Test_caHandler_SSHGetHosts(t *testing.T) { - hosts := []sshutil.Host{ - {HostID: "1", HostTags: []sshutil.HostTag{{ID: "1", Name: "group", Value: "1"}}, Hostname: "host1"}, - {HostID: "2", HostTags: []sshutil.HostTag{{ID: "1", Name: "group", Value: "1"}, {ID: "2", Name: "group", Value: "2"}}, Hostname: "host2"}, + hosts := []authority.Host{ + {HostID: "1", HostTags: []authority.HostTag{{ID: "1", Name: "group", Value: "1"}}, Hostname: "host1"}, + {HostID: "2", HostTags: []authority.HostTag{{ID: "1", Name: "group", Value: "1"}, {ID: "2", Name: "group", Value: "2"}}, Hostname: "host2"}, } hostsJSON, err := json.Marshal(hosts) assert.FatalError(t, err) tests := []struct { name string - hosts []sshutil.Host + hosts []authority.Host err error body []byte statusCode int }{ {"ok", hosts, nil, []byte(fmt.Sprintf(`{"hosts":%s}`, hostsJSON)), http.StatusOK}, - {"empty (array)", []sshutil.Host{}, nil, []byte(`{"hosts":[]}`), http.StatusOK}, + {"empty (array)", []authority.Host{}, nil, []byte(`{"hosts":[]}`), http.StatusOK}, {"empty (nil)", nil, nil, []byte(`{"hosts":null}`), http.StatusOK}, {"error", nil, fmt.Errorf("an error"), nil, http.StatusInternalServerError}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { h := New(&mockAuthority{ - getSSHHosts: func(context.Context, *x509.Certificate) ([]sshutil.Host, error) { + getSSHHosts: func(context.Context, *x509.Certificate) ([]authority.Host, error) { return tt.hosts, tt.err }, }).(*caHandler) diff --git a/authority/authority.go b/authority/authority.go index 78cfa608..36bfe334 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -15,7 +15,6 @@ import ( "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/kms" kmsapi "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "github.com/smallstep/cli/crypto/pemutil" "golang.org/x/crypto/ssh" @@ -55,7 +54,7 @@ type Authority struct { // Custom functions sshBastionFunc func(ctx context.Context, user, hostname string) (*Bastion, error) sshCheckHostFunc func(ctx context.Context, principal string, tok string, roots []*x509.Certificate) (bool, error) - sshGetHostsFunc func(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) + sshGetHostsFunc func(ctx context.Context, cert *x509.Certificate) ([]Host, error) getIdentityFunc provisioner.GetIdentityFunc } diff --git a/authority/authorize_test.go b/authority/authorize_test.go index a251dab9..167f11d0 100644 --- a/authority/authorize_test.go +++ b/authority/authorize_test.go @@ -18,8 +18,8 @@ import ( "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/authority/options.go b/authority/options.go index 59566822..9457f276 100644 --- a/authority/options.go +++ b/authority/options.go @@ -10,7 +10,6 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/kms" - "github.com/smallstep/certificates/sshutil" "golang.org/x/crypto/ssh" ) @@ -64,7 +63,7 @@ func WithSSHBastionFunc(fn func(ctx context.Context, user, host string) (*Bastio // WithSSHGetHosts sets a custom function to get the bastion for a // given user-host pair. -func WithSSHGetHosts(fn func(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error)) Option { +func WithSSHGetHosts(fn func(ctx context.Context, cert *x509.Certificate) ([]Host, error)) Option { return func(a *Authority) error { a.sshGetHostsFunc = fn return nil diff --git a/authority/provisioner/aws.go b/authority/provisioner/aws.go index 4a05a2bf..d25b5743 100644 --- a/authority/provisioner/aws.go +++ b/authority/provisioner/aws.go @@ -17,8 +17,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) @@ -497,7 +497,7 @@ func (p *AWS) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, data.SetToken(v) } - templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDCertificate) + templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDTemplate) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "aws.AuthorizeSSHSign") } diff --git a/authority/provisioner/azure.go b/authority/provisioner/azure.go index cccb4ceb..9934f56b 100644 --- a/authority/provisioner/azure.go +++ b/authority/provisioner/azure.go @@ -14,8 +14,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) @@ -366,7 +366,7 @@ func (p *Azure) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOptio data.SetToken(v) } - templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDCertificate) + templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDTemplate) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "azure.AuthorizeSSHSign") } diff --git a/authority/provisioner/gcp.go b/authority/provisioner/gcp.go index 4cacca12..42585124 100644 --- a/authority/provisioner/gcp.go +++ b/authority/provisioner/gcp.go @@ -15,8 +15,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) @@ -408,7 +408,7 @@ func (p *GCP) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption, data.SetToken(v) } - templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDCertificate) + templateOptions, err := CustomSSHTemplateOptions(p.Options, data, sshutil.DefaultIIDTemplate) if err != nil { return nil, errs.Wrap(http.StatusInternalServerError, err, "gcp.AuthorizeSSHSign") } diff --git a/authority/provisioner/jwk.go b/authority/provisioner/jwk.go index df1a9e67..a42cc1ce 100644 --- a/authority/provisioner/jwk.go +++ b/authority/provisioner/jwk.go @@ -8,8 +8,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/k8sSA.go b/authority/provisioner/k8sSA.go index a69b91e0..ee48d283 100644 --- a/authority/provisioner/k8sSA.go +++ b/authority/provisioner/k8sSA.go @@ -11,9 +11,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go index d2ec3290..5fb4f449 100644 --- a/authority/provisioner/oidc.go +++ b/authority/provisioner/oidc.go @@ -13,8 +13,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) @@ -395,9 +395,9 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption // Use the default template unless no-templates are configured and email is // an admin, in that case we will use the parameters in the request. isAdmin := o.IsAdmin(claims.Email) - defaultTemplate := sshutil.DefaultCertificate + defaultTemplate := sshutil.DefaultTemplate if isAdmin && !o.Options.GetSSHOptions().HasTemplate() { - defaultTemplate = sshutil.DefaultAdminCertificate + defaultTemplate = sshutil.DefaultAdminTemplate } templateOptions, err := CustomSSHTemplateOptions(o.Options, data, defaultTemplate) diff --git a/authority/provisioner/ssh_options.go b/authority/provisioner/ssh_options.go index 0a9c31dc..81c4371b 100644 --- a/authority/provisioner/ssh_options.go +++ b/authority/provisioner/ssh_options.go @@ -5,10 +5,10 @@ import ( "strings" "github.com/pkg/errors" - "github.com/smallstep/certificates/sshutil" + "go.step.sm/crypto/sshutil" ) -// CertificateOptions is an interface that returns a list of options passed when +// SSHCertificateOptions is an interface that returns a list of options passed when // creating a new certificate. type SSHCertificateOptions interface { Options(SignSSHOptions) []sshutil.Option @@ -45,7 +45,7 @@ func (o *SSHOptions) HasTemplate() bool { // user data provided in the request. If no template has been provided, // x509util.DefaultLeafTemplate will be used. func TemplateSSHOptions(o *Options, data sshutil.TemplateData) (SSHCertificateOptions, error) { - return CustomSSHTemplateOptions(o, data, sshutil.DefaultCertificate) + return CustomSSHTemplateOptions(o, data, sshutil.DefaultTemplate) } // CustomTemplateOptions generates a CertificateOptions with the template, data diff --git a/authority/provisioner/ssh_test.go b/authority/provisioner/ssh_test.go index 3c8f7118..c530cd3c 100644 --- a/authority/provisioner/ssh_test.go +++ b/authority/provisioner/ssh_test.go @@ -8,7 +8,7 @@ import ( "time" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" + "go.step.sm/crypto/sshutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/utils_test.go b/authority/provisioner/utils_test.go index ec02a5dc..19c6436d 100644 --- a/authority/provisioner/utils_test.go +++ b/authority/provisioner/utils_test.go @@ -17,8 +17,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/x5c.go b/authority/provisioner/x5c.go index 649ad178..1f6b0891 100644 --- a/authority/provisioner/x5c.go +++ b/authority/provisioner/x5c.go @@ -9,8 +9,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/x5c_test.go b/authority/provisioner/x5c_test.go index fac8e60e..58130413 100644 --- a/authority/provisioner/x5c_test.go +++ b/authority/provisioner/x5c_test.go @@ -10,8 +10,8 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" ) func TestX5C_Getters(t *testing.T) { diff --git a/authority/ssh.go b/authority/ssh.go index 6534b772..c7d144b2 100644 --- a/authority/ssh.go +++ b/authority/ssh.go @@ -13,10 +13,10 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" + "go.step.sm/crypto/sshutil" "golang.org/x/crypto/ssh" ) @@ -51,6 +51,21 @@ type Bastion struct { Flags string `json:"flags,omitempty"` } +// HostTag are tagged with k,v pairs. These tags are how a user is ultimately +// associated with a host. +type HostTag struct { + ID string + Name string + Value string +} + +// Host defines expected attributes for an ssh host. +type Host struct { + HostID string `json:"hid"` + HostTags []HostTag `json:"host_tags"` + Hostname string `json:"hostname"` +} + // Validate checks the fields in SSHConfig. func (c *SSHConfig) Validate() error { if c == nil { @@ -554,7 +569,7 @@ func (a *Authority) CheckSSHHost(ctx context.Context, principal string, token st } // GetSSHHosts returns a list of valid host principals. -func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) { +func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]Host, error) { if a.sshGetHostsFunc != nil { hosts, err := a.sshGetHostsFunc(ctx, cert) return hosts, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts") @@ -564,9 +579,9 @@ func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([] return nil, errs.Wrap(http.StatusInternalServerError, err, "getSSHHosts") } - hosts := make([]sshutil.Host, len(hostnames)) + hosts := make([]Host, len(hostnames)) for i, hn := range hostnames { - hosts[i] = sshutil.Host{Hostname: hn} + hosts[i] = Host{Hostname: hn} } return hosts, nil } diff --git a/authority/ssh_test.go b/authority/ssh_test.go index 1a23acad..3b21a85f 100644 --- a/authority/ssh_test.go +++ b/authority/ssh_test.go @@ -18,9 +18,9 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/certificates/sshutil" "github.com/smallstep/certificates/templates" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/sshutil" "golang.org/x/crypto/ssh" ) @@ -706,17 +706,17 @@ func TestAuthority_GetSSHHosts(t *testing.T) { a := testAuthority(t) type test struct { - getHostsFunc func(context.Context, *x509.Certificate) ([]sshutil.Host, error) + getHostsFunc func(context.Context, *x509.Certificate) ([]Host, error) auth *Authority cert *x509.Certificate - cmp func(got []sshutil.Host) + cmp func(got []Host) err error code int } tests := map[string]func(t *testing.T) *test{ "fail/getHostsFunc-fail": func(t *testing.T) *test { return &test{ - getHostsFunc: func(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) { + getHostsFunc: func(ctx context.Context, cert *x509.Certificate) ([]Host, error) { return nil, errors.New("force") }, cert: &x509.Certificate{}, @@ -725,17 +725,17 @@ func TestAuthority_GetSSHHosts(t *testing.T) { } }, "ok/getHostsFunc-defined": func(t *testing.T) *test { - hosts := []sshutil.Host{ + hosts := []Host{ {HostID: "1", Hostname: "foo"}, {HostID: "2", Hostname: "bar"}, } return &test{ - getHostsFunc: func(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) { + getHostsFunc: func(ctx context.Context, cert *x509.Certificate) ([]Host, error) { return hosts, nil }, cert: &x509.Certificate{}, - cmp: func(got []sshutil.Host) { + cmp: func(got []Host) { assert.Equals(t, got, hosts) }, } @@ -760,8 +760,8 @@ func TestAuthority_GetSSHHosts(t *testing.T) { }, })), cert: &x509.Certificate{}, - cmp: func(got []sshutil.Host) { - assert.Equals(t, got, []sshutil.Host{ + cmp: func(got []Host) { + assert.Equals(t, got, []Host{ {Hostname: "foo"}, {Hostname: "bar"}, }) diff --git a/ca/bootstrap_test.go b/ca/bootstrap_test.go index 9b78d0ee..49c20dc0 100644 --- a/ca/bootstrap_test.go +++ b/ca/bootstrap_test.go @@ -15,8 +15,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority" - "github.com/smallstep/cli/crypto/randutil" stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" jose "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/ca/ca_test.go b/ca/ca_test.go index 15e4d42a..08e40728 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -27,9 +27,9 @@ import ( "github.com/smallstep/certificates/errs" "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/crypto/x509util" stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" jose "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/ca/provisioner.go b/ca/provisioner.go index d5dfd648..28975fa4 100644 --- a/ca/provisioner.go +++ b/ca/provisioner.go @@ -7,10 +7,10 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" "github.com/smallstep/cli/token" "github.com/smallstep/cli/token/provision" + "go.step.sm/crypto/randutil" ) const tokenLifetime = 5 * time.Minute diff --git a/ca/tls_test.go b/ca/tls_test.go index bf29e9a6..8dee0a6f 100644 --- a/ca/tls_test.go +++ b/ca/tls_test.go @@ -18,8 +18,8 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority" - "github.com/smallstep/cli/crypto/randutil" stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/randutil" jose "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) diff --git a/commands/onboard.go b/commands/onboard.go index 9f35c993..3494a3f2 100644 --- a/commands/onboard.go +++ b/commands/onboard.go @@ -13,11 +13,11 @@ import ( "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/pki" "github.com/smallstep/cli/command" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/errs" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" "github.com/urfave/cli" + "go.step.sm/crypto/randutil" ) // defaultOnboardingURL is the production onboarding url, to use a development diff --git a/go.mod b/go.mod index d30e78d0..c163eaa3 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 github.com/smallstep/nosql v0.3.0 github.com/urfave/cli v1.22.2 - go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0 + go.step.sm/crypto v0.1.0 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 golang.org/x/net v0.0.0-20200202094626-16171245cfb2 google.golang.org/api v0.15.0 diff --git a/go.sum b/go.sum index d2907d00..520d0577 100644 --- a/go.sum +++ b/go.sum @@ -479,6 +479,7 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= +github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= @@ -579,6 +580,8 @@ go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0 h1:FymMl8TrXGxFf80BWpO0CnkSfLnw0BkDdRrhbMGf5zE= go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= +go.step.sm/crypto v0.1.0 h1:SLo25kNU3C6u8Ne5BnavI9bhtA+PBrMnnNZKYIWhKFU= +go.step.sm/crypto v0.1.0/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM= diff --git a/sshutil/certificate.go b/sshutil/certificate.go index 1b58882c..f1f68292 100644 --- a/sshutil/certificate.go +++ b/sshutil/certificate.go @@ -6,7 +6,7 @@ import ( "encoding/json" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/randutil" + "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" )