From f89eeab1c563d83b1074491877f03dc85ad81431 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 10:39:54 +0000 Subject: [PATCH 1/3] Bump github.com/slackhq/nebula from 1.8.2 to 1.9.3 Bumps [github.com/slackhq/nebula](https://github.com/slackhq/nebula) from 1.8.2 to 1.9.3. - [Release notes](https://github.com/slackhq/nebula/releases) - [Changelog](https://github.com/slackhq/nebula/blob/master/CHANGELOG.md) - [Commits](https://github.com/slackhq/nebula/compare/v1.8.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/slackhq/nebula dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 ++- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0e19c1f05..b64f28ec7 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,7 @@ module github.com/smallstep/cli go 1.21 +toolchain go1.22.5 require ( github.com/Microsoft/go-winio v0.6.2 @@ -14,7 +15,7 @@ require ( github.com/manifoldco/promptui v0.9.0 github.com/pkg/errors v0.9.1 github.com/pquerna/otp v1.4.0 - github.com/slackhq/nebula v1.8.2 + github.com/slackhq/nebula v1.9.3 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 github.com/smallstep/certificates v0.27.2 github.com/smallstep/certinfo v1.12.2 diff --git a/go.sum b/go.sum index cf65eee1d..556637207 100644 --- a/go.sum +++ b/go.sum @@ -320,8 +320,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/slackhq/nebula v1.8.2 h1:9lpJlivzjBPWxs9Y2tQqmJ1cP6hq+3kIodw021t3LrQ= -github.com/slackhq/nebula v1.8.2/go.mod h1:SVVwnlGdmLg387U0XQMOSHRrD3VlJeXqd2/x/w/vxPs= +github.com/slackhq/nebula v1.9.3 h1:WK5Oipy4NsVfNm41pywGmdy048F8RRkfSRG+lPHxcJQ= +github.com/slackhq/nebula v1.9.3/go.mod h1:PMJer5rZe0H/O+kUiKOL9AJ/pL9+ryzNXtSN7ABfjfM= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.27.2 h1:MrSJvJviS9pCUtGYYguYyB1VQzZBmkL6ngLQZfVwRqU= From 1e8f43b3ba7fda089d2fa28f3a2e87c45491f9b0 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 21 Aug 2024 12:43:29 +0200 Subject: [PATCH 2/3] Run `go mod tidy` --- go.mod | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/go.mod b/go.mod index b64f28ec7..fb8ccda00 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,6 @@ module github.com/smallstep/cli -go 1.21 -toolchain go1.22.5 +go 1.22.0 require ( github.com/Microsoft/go-winio v0.6.2 From a6a421459f43059d36401b42224c9f4c1781b900 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 21 Aug 2024 12:55:59 +0200 Subject: [PATCH 3/3] Fix linter issues --- command/ca/renew.go | 4 +-- internal/crlutil/crl_extensions.go | 48 ++++++++++++++++-------------- internal/sshutil/sshutil.go | 4 +-- utils/cautils/certificate_flow.go | 2 +- utils/cautils/client.go | 2 +- 5 files changed, 31 insertions(+), 29 deletions(-) diff --git a/command/ca/renew.go b/command/ca/renew.go index 952526e38..d37de7cd7 100644 --- a/command/ca/renew.go +++ b/command/ca/renew.go @@ -472,7 +472,7 @@ func (r *renewer) Renew(outFile string) (resp *api.SignResponse, err error) { return nil, errors.Wrap(err, "error renewing certificate") } - if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 { + if len(resp.CertChainPEM) == 0 { resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM} } var data []byte @@ -503,7 +503,7 @@ func (r *renewer) Rekey(priv interface{}, outCert, outKey string, writePrivateKe if err != nil { return nil, errors.Wrap(err, "error rekeying certificate") } - if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 { + if len(resp.CertChainPEM) == 0 { resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM} } var data []byte diff --git a/internal/crlutil/crl_extensions.go b/internal/crlutil/crl_extensions.go index c03b0d266..f871ed2ad 100644 --- a/internal/crlutil/crl_extensions.go +++ b/internal/crlutil/crl_extensions.go @@ -85,25 +85,29 @@ func (d distributionPoint) FullNames() []string { type Extension struct { Name string `json:"-"` Details []string `json:"-"` - json map[string]interface{} + json map[string]any } func (e *Extension) MarshalJSON() ([]byte, error) { return json.Marshal(e.json) } -func (e *Extension) AddDetailf(format string, args ...interface{}) { +func (e *Extension) AddDetailf(format string, args ...any) { e.Details = append(e.Details, fmt.Sprintf(format, args...)) } +func (e *Extension) AddDetail(detail string) { + e.Details = append(e.Details, detail) +} + func newExtension(e pkix.Extension) Extension { var ext Extension switch { case e.Id.Equal(oidExtensionReasonCode): ext.Name = "X509v3 CRL Reason Code:" value := parseReasonCode(e.Value) - ext.AddDetailf(value) - ext.json = map[string]interface{}{ + ext.AddDetail(value) + ext.json = map[string]any{ "crl_reason_code": value, } @@ -111,13 +115,13 @@ func newExtension(e pkix.Extension) Extension { ext.Name = "X509v3 CRL Number:" var n *big.Int if _, err := asn1.Unmarshal(e.Value, &n); err == nil { - ext.AddDetailf(n.String()) - ext.json = map[string]interface{}{ + ext.AddDetail(n.String()) + ext.json = map[string]any{ "crl_number": n.String(), } } else { - ext.AddDetailf(sanitizeBytes(e.Value)) - ext.json = map[string]interface{}{ + ext.AddDetail(sanitizeBytes(e.Value)) + ext.json = map[string]any{ "crl_number": e.Value, } } @@ -125,7 +129,7 @@ func newExtension(e pkix.Extension) Extension { case e.Id.Equal(oidExtensionAuthorityKeyID): var v authorityKeyID ext.Name = "X509v3 Authority Key Identifier:" - ext.json = map[string]interface{}{ + ext.json = map[string]any{ "authority_key_id": hex.EncodeToString(e.Value), } if _, err := asn1.Unmarshal(e.Value, &v); err == nil { @@ -133,43 +137,43 @@ func newExtension(e pkix.Extension) Extension { for _, b := range v.ID { s += fmt.Sprintf(":%02X", b) } - ext.AddDetailf("keyid" + s) + ext.AddDetail("keyid" + s) } else { - ext.AddDetailf(sanitizeBytes(e.Value)) + ext.AddDetail(sanitizeBytes(e.Value)) } case e.Id.Equal(oidExtensionIssuingDistributionPoint): ext.Name = "X509v3 Issuing Distribution Point:" var v distributionPoint if _, err := asn1.Unmarshal(e.Value, &v); err != nil { - ext.AddDetailf(sanitizeBytes(e.Value)) - ext.json = map[string]interface{}{ + ext.AddDetail(sanitizeBytes(e.Value)) + ext.json = map[string]any{ "issuing_distribution_point": e.Value, } } else { names := v.FullNames() if len(names) > 0 { - ext.AddDetailf("Full Name:") + ext.AddDetail("Full Name:") for _, n := range names { - ext.AddDetailf(" " + n) + ext.AddDetail(" " + n) } } - js := map[string]interface{}{ + js := map[string]any{ "full_names": names, } // Only one of this should be set to true. But for inspect we // will allow more than one. if v.OnlyContainsUserCerts { - ext.AddDetailf("Only User Certificates") + ext.AddDetail("Only User Certificates") js["only_user_certificates"] = true } if v.OnlyContainsCACerts { - ext.AddDetailf("Only CA Certificates") + ext.AddDetail("Only CA Certificates") js["only_ca_certificates"] = true } if v.OnlyContainsAttributeCerts { - ext.AddDetailf("Only Attribute Certificates") + ext.AddDetail("Only Attribute Certificates") js["only_attribute_certificates"] = true } if len(v.OnlySomeReasons.Bytes) > 0 { @@ -177,14 +181,14 @@ func newExtension(e pkix.Extension) Extension { js["only_some_reasons"] = v.OnlySomeReasons.Bytes } - ext.json = map[string]interface{}{ + ext.json = map[string]any{ "issuing_distribution_point": js, } } default: ext.Name = e.Id.String() - ext.AddDetailf(sanitizeBytes(e.Value)) - ext.json = map[string]interface{}{ + ext.AddDetail(sanitizeBytes(e.Value)) + ext.json = map[string]any{ ext.Name: e.Value, } } diff --git a/internal/sshutil/sshutil.go b/internal/sshutil/sshutil.go index e4e168f9b..0b8ed8289 100644 --- a/internal/sshutil/sshutil.go +++ b/internal/sshutil/sshutil.go @@ -2,8 +2,7 @@ package sshutil import ( "crypto" - //nolint:staticcheck // Maintain support for deprecated algorithms. - "crypto/dsa" + "crypto/dsa" // Maintain support for deprecated algorithms. "crypto/ecdsa" "crypto/ed25519" "crypto/elliptic" @@ -202,7 +201,6 @@ func parseECDSA(in []byte) (*ecdsa.PublicKey, error) { return nil, errors.Errorf("unsupported curve %s", w.Curve) } - //nolint:staticcheck // ignore this deprecation warning - golang will fix key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes) if key.X == nil || key.Y == nil { return nil, errors.New("invalid curve point") diff --git a/utils/cautils/certificate_flow.go b/utils/cautils/certificate_flow.go index 9b4f5000b..8199e2edc 100644 --- a/utils/cautils/certificate_flow.go +++ b/utils/cautils/certificate_flow.go @@ -262,7 +262,7 @@ func (f *CertificateFlow) Sign(ctx *cli.Context, tok string, csr api.Certificate return err } - if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 { + if len(resp.CertChainPEM) == 0 { resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM} } var data []byte diff --git a/utils/cautils/client.go b/utils/cautils/client.go index 1d2ce4975..8569e8e1c 100644 --- a/utils/cautils/client.go +++ b/utils/cautils/client.go @@ -184,7 +184,7 @@ func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient, if err != nil { return nil, err } - if signResponse.CertChainPEM == nil || len(signResponse.CertChainPEM) == 0 { + if len(signResponse.CertChainPEM) == 0 { signResponse.CertChainPEM = []api.Certificate{signResponse.ServerPEM, signResponse.CaPEM} } adminCert = make([]*x509.Certificate, len(signResponse.CertChainPEM))