From 3b343a9f2b9c9773fa5d5dfbd6c943f7ebaad45d Mon Sep 17 00:00:00 2001 From: Gustavo Bazan Date: Fri, 22 Mar 2024 15:12:18 +0000 Subject: [PATCH] task: remove kmip leftovers from the CLI split (#2797) --- build/ci/library_owners.json | 2 - go.mod | 6 +- go.sum | 74 ------ internal/decryption/kmip/client.go | 396 ---------------------------- internal/decryption/pem/pem.go | 123 --------- internal/decryption/pem/pem_test.go | 314 ---------------------- internal/decryption/pem/pkcs8.go | 181 ------------- 7 files changed, 1 insertion(+), 1095 deletions(-) delete mode 100644 internal/decryption/kmip/client.go delete mode 100644 internal/decryption/pem/pem.go delete mode 100644 internal/decryption/pem/pem_test.go delete mode 100644 internal/decryption/pem/pkcs8.go diff --git a/build/ci/library_owners.json b/build/ci/library_owners.json index 43b6349ee2..72b0ffae4b 100644 --- a/build/ci/library_owners.json +++ b/build/ci/library_owners.json @@ -12,7 +12,6 @@ "github.com/aws/aws-sdk-go-v2/service/kms": "mongocli", "github.com/briandowns/spinner": "mongocli", "github.com/evergreen-ci/shrub": "mongocli", - "github.com/gemalto/kmip-go": "mongocli", "github.com/go-test/deep": "mongocli", "github.com/golang-jwt/jwt/v4": "mongocli", "github.com/golang/mock": "mongocli", @@ -36,7 +35,6 @@ "go.mongodb.org/atlas": "mongocli", "go.mongodb.org/atlas-sdk/v20231115008": "mongocli", "go.mongodb.org/mongo-driver": "mongocli", - "golang.org/x/crypto": "mongocli", "golang.org/x/tools": "mongocli", "google.golang.org/api": "mongocli", "google.golang.org/protobuf": "mongocli", diff --git a/go.mod b/go.mod index 359e79ed33..98cc167887 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,6 @@ require ( github.com/creack/pty v1.1.21 github.com/denisbrodbeck/machineid v1.0.1 github.com/evergreen-ci/shrub v0.0.0-20240215220116-3f233ddeff2a - github.com/gemalto/kmip-go v0.0.10 github.com/go-test/deep v1.1.0 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/mock v1.6.0 @@ -45,7 +44,6 @@ require ( go.mongodb.org/atlas v0.36.0 go.mongodb.org/atlas-sdk/v20231115008 v20231115008.0.0 go.mongodb.org/mongo-driver v1.14.0 - golang.org/x/crypto v0.21.0 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 golang.org/x/mod v0.16.0 golang.org/x/tools v0.19.0 @@ -73,8 +71,6 @@ require ( github.com/PaesslerAG/gval v1.0.0 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/alessio/shellescape v1.4.1 // indirect - github.com/ansel1/merry v1.6.2 // indirect - github.com/ansel1/merry/v2 v2.0.1 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect @@ -92,7 +88,6 @@ require ( github.com/fatih/color v1.15.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gemalto/flume v0.13.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -155,6 +150,7 @@ require ( go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/net v0.22.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect diff --git a/go.sum b/go.sum index 256dac0ffe..b9fe8ad49f 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,4 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= @@ -41,16 +40,6 @@ github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwF github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= -github.com/ansel1/merry v1.5.0/go.mod h1:wUy/yW0JX0ix9GYvUbciq+bi3jW/vlKPlbpI7qdZpOw= -github.com/ansel1/merry v1.5.1/go.mod h1:wUy/yW0JX0ix9GYvUbciq+bi3jW/vlKPlbpI7qdZpOw= -github.com/ansel1/merry v1.6.1/go.mod h1:ioJjPJ/IsjxH+cC0lpf5TmbKnbcGa9qTk0fDbeRfnGQ= -github.com/ansel1/merry v1.6.2 h1:0xr40haRrfVzmOH/JVOu7KOKGEI1c/7q5EmgTEbn+Ng= -github.com/ansel1/merry v1.6.2/go.mod h1:pAcMW+2uxIgpzEON021vMtFsrymREY6faJWiiz1QGVQ= -github.com/ansel1/merry/v2 v2.0.0-beta.10/go.mod h1:OUvUYh4KLVhf3+sR9Hk8QxCukijznkpheEd837b7vLg= -github.com/ansel1/merry/v2 v2.0.1 h1:WeiKZdslHPAPFYxTtgX7clC2Vh75NCoWs5OjCZbIA0A= -github.com/ansel1/merry/v2 v2.0.1/go.mod h1:dD5OhpiPrVkvgseRYd+xgYlx7s6ytU3v9BTTJlDA7FM= -github.com/ansel1/vespucci/v4 v4.1.1/go.mod h1:zzdrO4IgBfgcGMbGTk/qNGL8JPslmW3nPpcBHKReFYY= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA= github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= github.com/aws/aws-sdk-go-v2/config v1.27.8 h1:0r8epOsiJ7YJz65MGcb8i91ehFp4kvvFe2qkq5oYeRI= @@ -79,22 +68,15 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3Fajf github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0= github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -114,8 +96,6 @@ github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -132,14 +112,6 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gemalto/flume v0.13.0 h1:EEeQvAxyFys3BH8IxEU7ZpM6Kr1sYn20HuZq6dgyMR8= -github.com/gemalto/flume v0.13.0/go.mod h1:3iOEZiK/HD8SnFTqHCQoOHQKaHlBY0b6z55P8SLaOzk= -github.com/gemalto/kmip-go v0.0.10 h1:jAAZejUdRrspKigLoA62MTmIj0T7DDDOzdxHi1cDjoU= -github.com/gemalto/kmip-go v0.0.10/go.mod h1:7XtwjeX7tNQt/FoDZDWXjYOkyV26ZQF1fKFBeR3mCwY= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-errors/errors v1.1.1 h1:ljK/pL5ltg3qoN+OtN6yCv9HWSfMwxSx90GJCZQxYNg= -github.com/go-errors/errors v1.1.1/go.mod h1:psDX2osz5VnTOnFWbDeWwS7yejl+uV3FEWEp4lssFEs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= @@ -176,14 +148,12 @@ github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= @@ -225,7 +195,6 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68= @@ -241,15 +210,12 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= -github.com/k0kubun/pp v2.3.0+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg= github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -265,15 +231,10 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -319,7 +280,6 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -349,12 +309,8 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= @@ -405,17 +361,10 @@ go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZ go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -431,7 +380,6 @@ golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCR golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -440,13 +388,11 @@ golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -455,12 +401,10 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -473,9 +417,6 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -500,7 +441,6 @@ golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -513,7 +453,6 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -521,7 +460,6 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= -golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -534,10 +472,7 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20210224155714-063164c882e6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20220208230804-65c12eb4c068/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= @@ -548,10 +483,7 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -562,15 +494,12 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -578,14 +507,11 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/decryption/kmip/client.go b/internal/decryption/kmip/client.go deleted file mode 100644 index b70cc6c037..0000000000 --- a/internal/decryption/kmip/client.go +++ /dev/null @@ -1,396 +0,0 @@ -// Copyright 2022 MongoDB Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package kmip - -import ( - "bufio" - "crypto/tls" - "crypto/x509" - "errors" - "fmt" - - "github.com/gemalto/kmip-go" - "github.com/gemalto/kmip-go/kmip14" - "github.com/gemalto/kmip-go/kmip20" - "github.com/gemalto/kmip-go/ttlv" -) - -// Attributes key attributes required by Create request operation. -type Attributes struct { - CryptographicAlgorithm kmip14.CryptographicAlgorithm - CryptographicLength int32 - CryptographicUsageMask kmip14.CryptographicUsageMask -} - -// CreateRequestV20 used to Create symmetric key operation for KMIP 2.0+ servers. -type CreateRequestV20 struct { - ObjectType kmip20.ObjectType - Attributes Attributes -} - -// CreateResponse response message for create operation. -type CreateResponse struct { - UniqueIdentifier string -} - -// GetRequest used for Get request operation. -type GetRequest struct { - UniqueIdentifier kmip20.UniqueIdentifierValue -} - -// GetResponse response of Get operation. -type GetResponse struct { - ObjectType kmip14.ObjectType - UniqueIdentifier string - SymmetricKey kmip.SymmetricKey - PrivateKey kmip.PrivateKey -} - -// EncryptRequest used for Encrypt request operation. -type EncryptRequest struct { - UniqueIdentifier kmip20.UniqueIdentifierValue - Data []byte -} - -// EncryptResponse response of Encrypt operation. -type EncryptResponse struct { - UniqueIdentifier string - Data []byte - IVCounterNonce []byte -} - -// DecryptRequest used for Decrypt request operation. -type DecryptRequest struct { - UniqueIdentifier kmip20.UniqueIdentifierValue - Data []byte - IVCounterNonce []byte -} - -// DecryptResponse response of Decrypt operation. -type DecryptResponse struct { - UniqueIdentifier string - Data []byte -} - -// Version of the KMIP protocol. -type Version struct { - Major int - Minor int -} - -var V10 = Version{Major: 1, Minor: 0} // first KMIP version -var V12 = Version{Major: 1, Minor: 2} //nolint:gomnd // KMIP version that implemented encrypt / decrypt -var V20 = Version{Major: 2, Minor: 0} //nolint:gomnd // KMIP major version change (create operation signature changed) - -var versions = map[Version]bool{V10: true, V12: true, V20: true} - -// cipherSuites is a list of enabled TLS 1.0–1.2 cipher suites. -var cipherSuites = []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_RSA_WITH_AES_128_CBC_SHA256, -} - -// Client is used to communicate with a KMIP speaking server. -type Client struct { - version Version - tlsConfig tls.Config - requestHeader kmip.RequestHeader - ip string - port int -} - -// Config structure used to configure a KMIP client. -type Config struct { - Version Version - IP string - Port int - Hostname string - Username string - Password string - ClientPrivateKey []byte - ClientCertificate []byte - RootCertificate []byte -} - -var ( - ErrCertificateLoad = errors.New("failed to load certificate") - ErrCertificateLoadRoot = fmt.Errorf("%w: %s", ErrCertificateLoad, "root certificate") - ErrCertificateLoadClient = fmt.Errorf("%w: %s", ErrCertificateLoad, "client certificate") - ErrKMIPVersionInvalid = errors.New("invalid KMIP version") - ErrServerHostnameIPMissing = errors.New("both server hostname and IP are not provided") - ErrServerPortMissing = errors.New("server port is not provided") - ErrRootCertMissing = errors.New("root certificate is not provided") - ErrClientCertMissing = errors.New("client certificate is not provided") - ErrClientKeyMissing = errors.New("client private key is not provided") - ErrKMIPReqFailure = errors.New("kmip request failure") - ErrKMIPGetOpFailure = errors.New("failed to perform get operation") - ErrKMIPDecodeFailure = errors.New("failed to decode") - ErrKMIPPerformCreateSymmetricKey = errors.New("failed to perform KMIP create symmetric key operation") - ErrKMIPDecodeCreateSymmetricKey = errors.New("failed to decode KMIP create symmetric key response") - ErrKMIPPerformEncrypt = errors.New("failed to perform KMIP encrypt operation") - ErrKMIPDecodeEncrypt = errors.New("failed to decode KMIP encrypt response") - ErrKMIPPerformDecrypt = errors.New("failed to perform KMIP decrypt operation") - ErrKMIPDecodeDecrypt = errors.New("failed to decode KMIP decrypt response") -) - -// NewClient creates a new KMIP client and initializes all the values required for establishing connection. -func NewClient(config *Config) (*Client, error) { - if err := validate(config); err != nil { - return nil, err - } - - rootCAs := x509.NewCertPool() - if !rootCAs.AppendCertsFromPEM(config.RootCertificate) { - return nil, ErrCertificateLoadRoot - } - - certificate, err := tls.X509KeyPair(config.ClientCertificate, config.ClientPrivateKey) - if err != nil { - return nil, ErrCertificateLoadClient - } - - hostname := config.Hostname - if hostname == "" { - hostname = config.IP - } - - kc := &Client{ - version: config.Version, - ip: config.IP, - port: config.Port, - requestHeader: kmip.RequestHeader{ - ProtocolVersion: kmip.ProtocolVersion{ - ProtocolVersionMajor: config.Version.Major, - ProtocolVersionMinor: config.Version.Minor, - }, - BatchCount: 1, - }, - tlsConfig: tls.Config{ - ServerName: hostname, - CipherSuites: cipherSuites, - RootCAs: rootCAs, - Certificates: []tls.Certificate{certificate}, - MinVersion: tls.VersionTLS12, - InsecureSkipVerify: false, - }, - } - - if config.Username != "" && config.Password != "" { - kc.requestHeader.Authentication = &kmip.Authentication{ - Credential: []kmip.Credential{ - { - CredentialType: kmip14.CredentialTypeUsernameAndPassword, - CredentialValue: kmip.UsernameAndPasswordCredentialValue{ - Username: config.Username, - Password: config.Password, - }, - }, - }, - } - } - - return kc, nil -} - -func validate(config *Config) error { - if _, found := versions[config.Version]; !found { - return fmt.Errorf("%w: %+v", ErrKMIPVersionInvalid, config.Version) - } - - if config.Hostname == "" && config.IP == "" { - return ErrServerHostnameIPMissing - } - - if config.Port == 0 { - return ErrServerPortMissing - } - - if config.RootCertificate == nil { - return ErrRootCertMissing - } - - if config.ClientCertificate == nil { - return ErrClientCertMissing - } - - if config.ClientPrivateKey == nil { - return ErrClientKeyMissing - } - - return nil -} - -// sendRequest sends a request message to KMIP server. -func (kc *Client) sendRequest(payload interface{}, operation kmip14.Operation) (*kmip.ResponseBatchItem, *ttlv.Decoder, error) { - conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", kc.ip, kc.port), &kc.tlsConfig) - if err != nil { - return nil, nil, err - } - defer conn.Close() - - if _, certErr := conn.ConnectionState().PeerCertificates[0].Verify(x509.VerifyOptions{Roots: kc.tlsConfig.RootCAs}); certErr != nil { - return nil, nil, certErr - } - - requestMessage, err := ttlv.Marshal(kmip.RequestMessage{ - RequestHeader: kc.requestHeader, - BatchItem: []kmip.RequestBatchItem{ - { - Operation: operation, - RequestPayload: payload, - }, - }, - }) - if err != nil { - return nil, nil, err - } - - _, err = conn.Write(requestMessage) - if err != nil { - return nil, nil, err - } - - ttlvDecoder := ttlv.NewDecoder(bufio.NewReader(conn)) - response, err := ttlvDecoder.NextTTLV() - if err != nil { - return nil, nil, err - } - - var decodedResponse kmip.ResponseMessage - err = ttlvDecoder.DecodeValue(&decodedResponse, response) - if err != nil { - return nil, nil, err - } - - if decodedResponse.BatchItem[0].ResultStatus != kmip14.ResultStatusSuccess { - return nil, nil, fmt.Errorf("%w: %s", ErrKMIPReqFailure, decodedResponse.BatchItem[0].ResultMessage) - } - - return &decodedResponse.BatchItem[0], ttlvDecoder, nil -} - -// GetSymmetricKey retrieves a symmetric key from KMIP server. -func (kc *Client) GetSymmetricKey(keyID string) ([]byte, error) { - payload := GetRequest{ - UniqueIdentifier: kmip20.UniqueIdentifierValue{Text: keyID}, - } - - batchItem, decoder, err := kc.sendRequest(payload, kmip14.OperationGet) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPGetOpFailure, err) - } - - var response GetResponse - err = decoder.DecodeValue(&response, batchItem.ResponsePayload.(ttlv.TTLV)) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPDecodeFailure, err) - } - keyValue := response.SymmetricKey.KeyBlock.KeyValue - return keyValue.KeyMaterial.([]byte), nil -} - -// CreateSymmetricKey creates a symmetric key on KMIP server. -func (kc *Client) CreateSymmetricKey(length int32) (*string, error) { - var payload interface{} - if kc.version.Major >= V20.Major { - payload = CreateRequestV20{ - ObjectType: kmip20.ObjectTypeSymmetricKey, - Attributes: Attributes{ - CryptographicAlgorithm: kmip14.CryptographicAlgorithmAES, - CryptographicLength: length, - CryptographicUsageMask: kmip14.CryptographicUsageMaskEncrypt | kmip14.CryptographicUsageMaskDecrypt, - }, - } - } else { - payload = kmip.CreateRequestPayload{ - ObjectType: kmip14.ObjectTypeSymmetricKey, - TemplateAttribute: kmip.TemplateAttribute{ - Attribute: []kmip.Attribute{ - { - AttributeName: "Cryptographic Algorithm", - AttributeValue: kmip14.CryptographicAlgorithmAES, - }, - { - AttributeName: "Cryptographic Length", - AttributeValue: length, - }, - { - AttributeName: "Cryptographic Usage Mask", - AttributeValue: kmip14.CryptographicUsageMaskEncrypt | kmip14.CryptographicUsageMaskDecrypt, - }, - }, - }, - } - } - - batchItem, decoder, err := kc.sendRequest(payload, kmip14.OperationCreate) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPPerformCreateSymmetricKey, err) - } - - var response CreateResponse - err = decoder.DecodeValue(&response, batchItem.ResponsePayload.(ttlv.TTLV)) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPDecodeCreateSymmetricKey, err) - } - - return &response.UniqueIdentifier, nil -} - -// Encrypt encrypts data with an existing managed object stored by the KMIP server. -func (kc *Client) Encrypt(keyID string, data []byte) (*EncryptResponse, error) { - payload := EncryptRequest{ - UniqueIdentifier: kmip20.UniqueIdentifierValue{Text: keyID}, - Data: data, - } - - batchItem, decoder, err := kc.sendRequest(payload, kmip14.OperationEncrypt) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPPerformEncrypt, err) - } - - var response EncryptResponse - err = decoder.DecodeValue(&response, batchItem.ResponsePayload.(ttlv.TTLV)) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPDecodeEncrypt, err) - } - - return &response, nil -} - -// Decrypt decrypts data with an existing managed object stored by the KMIP server. -func (kc *Client) Decrypt(keyID string, data, iv []byte) (*DecryptResponse, error) { - payLoad := DecryptRequest{ - UniqueIdentifier: kmip20.UniqueIdentifierValue{Text: keyID}, - Data: data, - IVCounterNonce: iv, - } - - batchItem, decoder, err := kc.sendRequest(payLoad, kmip14.OperationDecrypt) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPPerformDecrypt, err) - } - - var response DecryptResponse - err = decoder.DecodeValue(&response, batchItem.ResponsePayload.(ttlv.TTLV)) - if err != nil { - return nil, fmt.Errorf("%w: %w", ErrKMIPDecodeDecrypt, err) - } - - return &response, nil -} diff --git a/internal/decryption/pem/pem.go b/internal/decryption/pem/pem.go deleted file mode 100644 index 3fc7a0c217..0000000000 --- a/internal/decryption/pem/pem.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2022 MongoDB Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package pem - -import ( - "encoding/pem" - "errors" - - "github.com/spf13/afero" -) - -type BlockType string - -const ( - CertificateBlock BlockType = "CERTIFICATE" - RSAPrivateKeyBlock BlockType = "RSA PRIVATE KEY" - EncryptedPrivateKeyBlock BlockType = "ENCRYPTED PRIVATE KEY" -) - -var defaultPem = &pemDecoderValidator{ - fs: afero.NewOsFs(), -} - -type pemDecoderValidator struct { - fs afero.Fs -} - -func Default() DecoderValidator { - return defaultPem -} - -type DecoderValidator interface { - Decode(filename, password string) (cert, privateKey []byte, err error) - ValidateBlocks(filename string) (isEncrypted bool, err error) -} - -var ( - errKMIPCertificateBlock = errors.New("file does not contain a certificate block") - errKMIPMissingPrivateKeyBlock = errors.New("file does not contain a private key block") -) - -func (p *pemDecoderValidator) load(filename string) (map[BlockType]*pem.Block, error) { - clientCertAndKey, err := afero.ReadFile(p.fs, filename) - if err != nil { - return nil, err - } - - pemBlocks := map[BlockType]*pem.Block{} - for { - var pemBlock *pem.Block - pemBlock, clientCertAndKey = pem.Decode(clientCertAndKey) - if pemBlock == nil { - break - } - pemBlocks[BlockType(pemBlock.Type)] = pemBlock - } - - return pemBlocks, nil -} - -func Decode(filename, password string) (cert, privateKey []byte, err error) { - return defaultPem.Decode(filename, password) -} - -func (p *pemDecoderValidator) Decode(filename, password string) (cert, privateKey []byte, err error) { - pemBlocks, err := p.load(filename) - if err != nil { - return nil, nil, err - } - - for blockType, pemBlock := range pemBlocks { - switch blockType { - case CertificateBlock: - cert = pem.EncodeToMemory(pemBlock) - case RSAPrivateKeyBlock: - privateKey = pem.EncodeToMemory(pemBlock) - case EncryptedPrivateKeyBlock: - privateKeyBytes, err := DecryptPKCS8PrivateKey(pemBlock.Bytes, []byte(password)) - if err != nil { - return nil, nil, err - } - pemBlock = &pem.Block{Type: string(RSAPrivateKeyBlock), Bytes: privateKeyBytes} - privateKey = pem.EncodeToMemory(pemBlock) - } - } - - return cert, privateKey, nil -} - -func ValidateBlocks(filename string) (isEncrypted bool, err error) { - return defaultPem.ValidateBlocks(filename) -} - -func (p *pemDecoderValidator) ValidateBlocks(filename string) (isEncrypted bool, err error) { - pemBlocks, err := p.load(filename) - if err != nil { - return false, err - } - - _, hasPrivateKey := pemBlocks[RSAPrivateKeyBlock] - _, hasEncryptedPrivateKey := pemBlocks[EncryptedPrivateKeyBlock] - if !hasPrivateKey && !hasEncryptedPrivateKey { - return false, errKMIPMissingPrivateKeyBlock - } - - if _, hasCertBlock := pemBlocks[CertificateBlock]; !hasCertBlock { - return hasEncryptedPrivateKey, errKMIPCertificateBlock - } - - return hasEncryptedPrivateKey, nil -} diff --git a/internal/decryption/pem/pem_test.go b/internal/decryption/pem/pem_test.go deleted file mode 100644 index 3e98636f91..0000000000 --- a/internal/decryption/pem/pem_test.go +++ /dev/null @@ -1,314 +0,0 @@ -// Copyright 2022 MongoDB Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -//go:build unit - -package pem - -import ( - "strings" - "testing" - - "github.com/spf13/afero" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -const dummyCA = `-----BEGIN CERTIFICATE----- -MIIDVDCCAjwCCQDYPsYgBDwJyDANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJJ -RTEKMAgGA1UECAwBRDEPMA0GA1UEBwwGRHVibGluMRUwEwYDVQQKDAxETyBOT1Qg -VFJVU1QxFTATBgNVBAsMDERPIE5PVCBUUlVTVDESMBAGA1UEAwwJbG9jYWxob3N0 -MB4XDTIyMDQxODIyMzgyOFoXDTIzMDQxODIyMzgyOFowbDELMAkGA1UEBhMCSUUx -CjAIBgNVBAgMAUQxDzANBgNVBAcMBkR1YmxpbjEVMBMGA1UECgwMRE8gTk9UIFRS -VVNUMRUwEwYDVQQLDAxETyBOT1QgVFJVU1QxEjAQBgNVBAMMCWxvY2FsaG9zdDCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpZmIdbDcPzeZsY1u22rRPm -5Mlub0R2rIg3edyXZqFolRRSYCW8BVqCLHztLtSLCkXWkhW36vIVNvX4qSo9BNRS -Nf+JqCRG0+nFjhNm6G6IQuv6rtlzOkIusUnFvKRIigwFytCKWezbMMNBVZP3wq7R -xO0uT7LjHzalDa1MXM1BJQPUWWwlP9YuLY7vvzFS7urKUcoMV4xrHx655VZLEz27 -TH6lh7OmIsrtK3nCSqtkrXdqFxRebZvkeWqoW/BH6ixFhUpo2YYO+UsKUIJw3eFi -m+s7QvKoahG0R4gfSUuZJXYkhRBHlRpmQNP4XBaGK+Bb2EYOt2R9O8k8If7e1tsC -AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAmb/xEYiwBvQYqsMl8vtST9kJfgnkzmhm -MwcAhBN1NDmWI43XH0hgD5O/VRGZa77dbUiSuw9QdLl2gByV0FjIJC8k+UgpGFe3 -3tQtocNU8+Rn/NnjRTpCrNediAQ3IsCfmBfNBA951QbZozhMqg/keZSGKMu4qPNW -mrpzi/Q+bJWVGXThcPbqrNIN1Pve9QEzwGl9zfdyV306VmMUy/zTt/HJ9YbQhNcj -DRNzqy7EhCPgJmOR3GTiOPKTA+WkbW2XjG9SnZlAlfpR9e30hzVeuEIlHqBldCLU -MKL8BfxVw2hLoaxdJFMZG9oxX228aVRKjx26Id93xmkzvoMOm3RYSQ== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAulmYh1sNw/N5mxjW7batE+bkyW5vRHasiDd53JdmoWiVFFJg -JbwFWoIsfO0u1IsKRdaSFbfq8hU29fipKj0E1FI1/4moJEbT6cWOE2bobohC6/qu -2XM6Qi6xScW8pEiKDAXK0IpZ7Nsww0FVk/fCrtHE7S5PsuMfNqUNrUxczUElA9RZ -bCU/1i4tju+/MVLu6spRygxXjGsfHrnlVksTPbtMfqWHs6Yiyu0recJKq2Std2oX -FF5tm+R5aqhb8EfqLEWFSmjZhg75SwpQgnDd4WKb6ztC8qhqEbRHiB9JS5kldiSF -EEeVGmZA0/hcFoYr4FvYRg63ZH07yTwh/t7W2wIDAQABAoIBAHvuVBtIufnkda5p -MZ88CxUeTG+OC1+r0QhyZJAI/I9B30t5kUnnJmRQCEg48RkXMwjJL7RT8WN4Kmoh -KlfV5t1Ro2nD4dfmZs6kvN04ZkIESwVnXVtuX4NeTDe00sUrHOvr+jsAl9eG2oIw -dDqI3qenCGF4mDZvB/YuhM8I5vr1QpVeCLJLQOwgXcqq1rngqG+iRuTtsj1bbE4D -y/4qpryExNMdn42kY650B9zrEoPcdoV6XcXF0m5xxkgGas/7lnSzA2P0LZU8BVS6 -hcPpJZykSmOB4NtF0hDd4VCguCsDzud6SZ7t2Aot43tU79uCC9zIUSVL494PYDef -81QbE1ECgYEA3vuYUQjiDqUOlGpVcmZYvMGcJaUvGg4x08H5mQJVTUyS5OOWoDBR -4tbGULLBjFGwRtl/2exo9hDrzrr9XReB6G2gUu3XAZCUUBNay4w2APnz1Geo8LmX -VhjVgCcgnTOZSivf/gUNhwAZlj+I8oXJ3Y3Et0XIO3f6JG3WiPuMbCkCgYEA1fFk -9yKWuZYAH0cZtpbn4Vm1pjslJkNCy0BGg+pueFDXY24lbPQMoB9uFOcRMWKG5V57 -If1uPoPDZR1k4i5s7/Cw+oWL3HMkDr/slwhEqbAKISbfhvqA06cELkNu0VV0cRgW -rAFJNAc++hzYvf7Xny3ophTAG3rf3mIfAmD5S2MCgYAkiPCyBlSTtbOn2axabC6J -7ucYu/H1wPGlEplE2r8DRVKkMi4R3Rjto+cmfcN8rD3HvgdWu4ePGcKpQrYUtK9S -V/P24oVh+kByxlkQFM8cZdfvq3RgzOfg8Xy53K9ZUoUBRCMVSdqnjfqjRZG4uvcS -WBItPT/LjqLrqRuHoj+l0QKBgQCioCkodsFt9yjGncxc8B75PLEI2CKoEC7Aw24W -rmgkywa/DSYjyOuj9+A8wVxfVs7FoeklcDiSCqTHwu1BxRqH1UUiWctz2o5JK/jS -4bUX67n3c04sk1TEDkvuQtIFC9lEcpQhUaTsiKmFg9H5srMCy+nx/Qn+mYt8xsdd -jotRkwKBgQCJfuUc0NS0DVMoS0Ln/7NhICwktjynVDRYDFNtx8Me1aTI92zAcneN -Jtil9C2r7AWekZKiQUhlO4xfFjGex0hU7yF55YzPiQmQFptJm0gGT6t0jcP91ajk -oZRRTayjJmMafVvzNTGF5F3GX6zjnI9Ryyzxo7pJ3+PNwmwsH/rqtg== ------END RSA PRIVATE KEY----- -` - -const DummyCert = `-----BEGIN CERTIFICATE----- -MIIENTCCAx2gAwIBAgIJAPWNjXbYMr7lMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV -BAYTAklFMQowCAYDVQQIDAFEMQ8wDQYDVQQHDAZEdWJsaW4xFTATBgNVBAoMDERP -IE5PVCBUUlVTVDEVMBMGA1UECwwMRE8gTk9UIFRSVVNUMRIwEAYDVQQDDAlsb2Nh -bGhvc3QwHhcNMjIwNDE5MTYxNDI5WhcNMjMwOTAxMTYxNDI5WjBsMQswCQYDVQQG -EwJJRTEKMAgGA1UECAwBRDEPMA0GA1UEBwwGRHVibGluMRUwEwYDVQQKDAxETyBO -T1QgVFJVU1QxFTATBgNVBAsMDERPIE5PVCBUUlVTVDESMBAGA1UEAwwJbG9jYWxo -b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6tWJkTr99TuxWN2 -ih7uXVIbjRCd1pLTvmoZxHee4TYbs7zwHCzanbTeqQ2LOZlrqHLwmJ9E+xrkDSsB -mlDfI3J9f5dIBeEZAZDP9GcZ64KCLq4PgdQV0YLPiuwYyEuIPZrDkNY7weVqBpk9 -oEf4HLktxHx+zbsp6/SxAMKCYBTcy8wioccdLI8lBLJeVOl/KsuxfkGILoH+ryl5 -qBdYGeZzGnOjU4cJVFOCvJ7zJDn2ASGghO7JbmKPotr/NeY0MXEKJR4zHIHyYvRh -Kit5V5bq3DJw5kp0TFkVpjhRaMaLkaP8w97bEvaOthV5fJB94WG44eEuYhuO/xyY -h2SLEwIDAQABo4HZMIHWMIGGBgNVHSMEfzB9oXCkbjBsMQswCQYDVQQGEwJJRTEK -MAgGA1UECAwBRDEPMA0GA1UEBwwGRHVibGluMRUwEwYDVQQKDAxETyBOT1QgVFJV -U1QxFTATBgNVBAsMDERPIE5PVCBUUlVTVDESMBAGA1UEAwwJbG9jYWxob3N0ggkA -2D7GIAQ8CcgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0B -AQsFAAOCAQEAgKINT8ASLnG/k/+H68iqoPfb49melXKtRiVG5jYlCN8P7v3Yj/AT -m3Wbq/cGayd2sewh4UgvkmUWEuw6OCBsORT/E9+teq7G/XbWK6YGpc7WCzJT0kJD -8sOK2LuRegPM7gEoIZ5KBycVBxB3mLkIyiOeFpCK+ZoW8gd9Ug2ZNK4YAyMDFfW9 -yJ7hJThLZmckaMZBY83yrSD3BTevLN22cWphj9Sna7BW+7c5Pqw3W9i4YO4wSmwU -J1FPS2VF0Pz5ORDNp5fgz2JVS4b3k2IQ0dEIXQW3OeBO1i7p+frUOroQFu8ZXLac -romOggcaq3uWOek9yP+3XusUjXWJ3ZPPsA== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAv6tWJkTr99TuxWN2ih7uXVIbjRCd1pLTvmoZxHee4TYbs7zw -HCzanbTeqQ2LOZlrqHLwmJ9E+xrkDSsBmlDfI3J9f5dIBeEZAZDP9GcZ64KCLq4P -gdQV0YLPiuwYyEuIPZrDkNY7weVqBpk9oEf4HLktxHx+zbsp6/SxAMKCYBTcy8wi -occdLI8lBLJeVOl/KsuxfkGILoH+ryl5qBdYGeZzGnOjU4cJVFOCvJ7zJDn2ASGg -hO7JbmKPotr/NeY0MXEKJR4zHIHyYvRhKit5V5bq3DJw5kp0TFkVpjhRaMaLkaP8 -w97bEvaOthV5fJB94WG44eEuYhuO/xyYh2SLEwIDAQABAoIBAG+aRD9kQkG8Kouk -rpEeEY0lEgXBdyZJuCFXhklvnYNlDhxKF0VQmLrbZgrpZ/fR7W3X/1/e3TuZHNDO -CdDg5gytzYVNgRJrTzQqLewRXHZVN5gWodDmvQ2RLWemsYdu85VrWBQtqf3spx/Q -eqGpRj7zVELkerEwGejaQXY/y8pFV2tPc/oz2l6v/dV4PNL2USvArvtJIXoVuvk/ -W3Ee84YKNOM4H/L9gYQGhTwRJraeqa2vmR7RT49sT/jHoeFR7g99QNY13dZiRvXd -N9wsZXHf8RXaB8flX6MLMc/o0Ojnj19ZgjA5/t09T3LPjA9WDt+nGbDkVzR1Xy0X -jqGXTQECgYEA/By6jM198AQFA+bNUGhAxxOHBP3r+ivLB3cUZQNPU+j9yIAxMx4S -N5O644udkVnPRP99tRIWHCVkZBuH80dUNQrKjYW2Ao/fFDS1eGzrJREUsBzKmVNu -0MKHDi7OYFuPzaKExgxptx9meQ21zsS+mgmgoQ3E6qCxPfKuouyXrQkCgYEAwp/+ -zlTS3Bn6v/COvViemgXCgjzDtGp2NQ1maTjx2MsPjn9WfTq7ocMeTWIEC/nS6gbx -6I+mdC04Wd1AMOc+6+2UBcbcuyWy4QYuSX6lG7hbkXACNZaiRSHYVFpchNgGYm+n -F7z1F8YTz1nPMrjhCV9jihbjNtDlFhqNi5nm2jsCgYEAhQpEB3mJM9drLhvlzMC3 -LlbHsYKtvF7PzSixwnx0qDsTcXL0g50iz+FNhjZu9/0Eu8x3cc4RjNjOmWVN4LuL -XFJNgVFGMyPo/Kiz+tC/ZdgVqroGz9KPb+q3imx4y7CFumZA2qJCRzhywv7RKkP4 -sSDTeyng+E/EOISQU7m2cMECgYEAh96aTAD7k5yvaP/PJnCPiIcs2y8AkRshmrfY -Hu0aKXbZTWmoP5SZGLzWkr8yhAnMLITcrLZcRg6roFDNV1aYnqwlAkNqJVyUHHPs -LHK1YTy68DV51V9ruUd/dqP+ot8M1fuMcw3/LLGjcsYH2CkpMRneq7B+vu3mgB/Z -YPP4LbECgYEAzg2ZEbuI907Y100oXb/UUZGlGBw8DeMXFpvWKL/Jb/iJrpLcIa/e -vHgO9rgkXKNvGIr+cRlsPPc9W/hAtjwQ39YBe/GjTXAfjbLfpOjOOwDKEhq1OwZ9 -U7dWGIYfntsGNMmigGYyUY8+RtrhyaUURJJ9OlJ68w1wEh/BRdCFFSQ= ------END RSA PRIVATE KEY----- -` - -/* #nosec */ -const dummyPwd = "njs5Ndl1HllX1I2" -const dummyEncryptedCert = `-----BEGIN CERTIFICATE----- -MIIFNTCCBB2gAwIBAgIJAPWNjXbYMr7kMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV -BAYTAklFMQowCAYDVQQIDAFEMQ8wDQYDVQQHDAZEdWJsaW4xFTATBgNVBAoMDERP -IE5PVCBUUlVTVDEVMBMGA1UECwwMRE8gTk9UIFRSVVNUMRIwEAYDVQQDDAlsb2Nh -bGhvc3QwHhcNMjIwNDE4MjIzODMwWhcNMjMwODMxMjIzODMwWjBsMQswCQYDVQQG -EwJJRTEKMAgGA1UECAwBRDEPMA0GA1UEBwwGRHVibGluMRUwEwYDVQQKDAxETyBO -T1QgVFJVU1QxFTATBgNVBAsMDERPIE5PVCBUUlVTVDESMBAGA1UEAwwJbG9jYWxo -b3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Gj8zsC1WmpoO98K -YzL4ivYVu3uO4HV8TsMy1wGj6GjPyFdh6f8/FIyiZCencS0qyG6ftz7ib30V4jqx -ex02CtoAdpsbu4HmBczPtURlb6+o/C+SOcrfJuOJ2zB8hcBjGEJvtZ6GzoczAK27 -5Fu5B4DbKDD/IZzoXj/GB+NTN4nIWjLS9Sg9gFgFCgbVpHVYh9VZ1zlFrY4dVKEC -tFWKC7+ntjtq0Pek63CsZAetd6QvLa05AQKDnolM/hky216yZWWu+GnN9abhdy+9 -BDfFiqNSJc/3IsI4SytNNvtjnZFuRIbYX/B3EMWhrEurnyIoaMSMFKgJuuSbALcF -dj01pGpJEqChAadHh6YqZM2Utex/nP/04vllun8ebM0qIjg9XdJLzckjgX6GP4Ro -FxbJwkd5cx/5iVqqkDgOYTYztIeJE3IYXGPCHlclAPVEw6x6A3bpJMZ1jeNXBocd -NWmxYmpQEEcfoelc+WppfRr7CqJ7SVmP+MzGIrS+/egI5dPTqUUBV025cb059L3j -zUL+7UtYtHGEAZFy+Xr/NeQimkOnkIlUdqn6RCPgkiHyHraRjO8Ni2JGkFEVoA2p -X6LceabBglR8scIjhJehI7djUaEhRZ0wYHlzNApv4q4HB02VUsMKRtDNgl+TyvRK -M6FaAiZ+DAhDGsPMvZdL5u8aXB8CAwEAAaOB2TCB1jCBhgYDVR0jBH8wfaFwpG4w -bDELMAkGA1UEBhMCSUUxCjAIBgNVBAgMAUQxDzANBgNVBAcMBkR1YmxpbjEVMBMG -A1UECgwMRE8gTk9UIFRSVVNUMRUwEwYDVQQLDAxETyBOT1QgVFJVU1QxEjAQBgNV -BAMMCWxvY2FsaG9zdIIJANg+xiAEPAnIMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWg -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAUBgNVHREEDTALgglsb2Nh -bGhvc3QwDQYJKoZIhvcNAQELBQADggEBAFrrP7RWF+IU/nzFmZJLU6x7zLCGBDuA -+w66OO14NSqpuk4BF5fR+BDudfV9oeAoEUHHD4vIJ77nbqWVdGPUlJkSqXJBFMVA -Pd0+RCMjsMYreH92O9uaJH3/BJzn9teAR0ueoejbDu5UA5Q5qaqP98qV8O8ZBrFC -efSA36jUDVJRK+F7Kt8QQ4BkIAusLzzVa28qY2TZ8KY3bDgqam08gLZ1spJflxrp -MC8HsX53iOH+Fk3khF2VJDkTl9dUnlL4jxzuH+lTK3vKwtzpDPWiQCxu0QJuJhJc -t7xyRO0lwwnpe5w8+qqTlirrR4dT3VYZFe4goMynZeqEgSSM9i5Fjb8= ------END CERTIFICATE----- ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIz3FLx8mhdCcCAggA -MB0GCWCGSAFlAwQBKgQQNrhOuyE6BKPH0Io/Wy0p+wSCCVCJugHfMWXq4j7aGem+ -s4pp1sVqvwkCH/nt4VpY8aCI1dShmLTwDt3FVEnkOXhR3dg6S1ygqs9mghnFWqUp -NwYlsbWQAALixEE4JyL2K6tH62uJcLL83EaFyL58MV6JX8unAxeo9JgaTfoTMS0l -MqtIF4AJdbdAbyQ4aahGusMauD7MdLFdn6lgNaCZt1Rf4DFAhLIKoQSlMAY6dzMD -gABiGklwfEE/XLX6Am4qIM4HWigR3gx116784yOVIhBeFhbgL35/RjgjuVzTEMdO -brRT0YGDYglSRq9jx/kEm3WWW7ky6vIj9J5mLSaMKViCRs09O8JZ0HVgA6iwwnS2 -1me1iVrOTsxxz5rrlvrn4MbN2Cw7sz2MpnlpqBytULOHWwm3kHIPe1EyFSnHYR01 -G+JYSxgdgJB/f4j4roRe+0UhyCI7aK1LDQc538oagbMXMUOanfqDvKJvUtzrecKE -/5tw+sjGpt40rs3FkDxkt8YTBhinWjUSiuyiTRbpUAcWmUeABRPLnhHLy2UYdEYk -K1NrbPSsxdO6O4qXz+sKMmivkvg0UHFobJ301S/t7eELiFuM6jhimdS15SSHJcNV -e+vhTpvlPTbjjI5MSE0vRC+8CnnzTAhpMvq+yTXk6DgxRBCzsQTcIemAPfHwIm+G -TgM+Vd+sYj6lpx7cAFOVFS7OdY4MuD+ByYsLCDNQMK6rqqVWOH/hdeRlXZSOAPkc -4NoFaSbLjEYFRNFD/jhtELJevCyk0B4eM/92nCslmwWOnZg7O4pUmpOzi870ctmH -GxvsQxlj3f2hwHFWh8XR99XzlOA+cb29WkE9IRPyt2YNYk3eYi2yA0Hfetj80ZzM -J1muxPibjuzExENZxjgYck2Ml67CL5y3ZVHvf9Ur0BSGn8egzD1DjgbcbDQKzbd9 -oD3vhdsJFR+Eq2vMPNLw79MzGxggyDGhMEoq1oRr4D86HNcSWCZkuGyW5P7pegX4 -13SL1gzYyzY0E8dqQ4zU0e6qYsE8rIMIDwQYDdmine6yYgeknkkDukP2NxCJ6FV3 -zvkz1h4jdjlC3nIyuCIAqdM0VkcbanlBYX3Q7/NyQ8Zzkfg7BBHcrZRsPtNBKf4r -zjaYaKIY9njAZyGVJ/HpuTA+5w8BHouWIvHQtxUrRBFjHow4/YKQAsldTdBYF3Ve -LkqZPtMo37W9+WDbWxW2Cpa6Pm+wpgRwArdGD9VR7KjljthFbSXmXgJ1w/tEoJpn -6Mt4G7uQGdubP+V0KkNB3ogz0tiWNyL5VNdGtyJlOgJIO+x7nVokAnSOFxyvNTlL -ZmCSeBfhrVpj1d5oD16Rtk7ch+EKp4nFG6vhA2tKE6Tvy0NtbFzZnhAKkQN3E6W1 -lnsDnerAEbK6MNNU4hlUE5dHC8IYwGB4vQX0w03UGgo1S9Yd2J/mWXN8Egws3cmY -va8l9/cbt5OpaIs2+mBwdsWISQ1w3cG4s3JG2iLwYKUm0Hk03sTZE/PV3NPHcvWg -s5T8XDsh+DR4BlSZogJXg5IsPOoRSr8TvWfeohxVAM40HGwFTlTJ0RL+t1IM2N0s -YmSWF8GbLrcMkAW+IAUT+7nnPp9YmBTw4HAE2RghRraa3WJIFH1IxalfQU64iBm1 -9CsUby2Xjeh05t1CSYAJQ5tjIMZCxfpkTyaKLvKy/k2+CyedNBPAKP0NmmGcbooG -jVjdf99PGFH3ATn1o69xmmH1Pul6FQS/g25jvuemcA855K02FfEcn+fdiGWLGQBc -qVvkzhpJXIa1pHWnTf4sJf32ps3QxP7D8FcR2XvlVSBJeQftjPArG1HKvpNNGYkN -kRzr6w7eJYM8eFtq4e2yDInqyKwocdSAquZ3kz4rDC8hE6ImejqS5URVZrv8iJky -qRLoq/ujbYX8DJVv33MYTs+gI+a8livUh4GOjkDsqVU4tRaH7A/+Sy8y2nnCdgOa -jY53KwRCSpAWi+Ymxbx7YcptzgKITMf1KB0tS/07GiF4v+aBOv51Nxe+7XVEuY2B -QO9x3uep35ucSZCh8azaJH/WEvdfAN3vEoj6UtzWz0pLwCWg1k8AqVscm3naMQSq -j1sH10FjtAv+nrOt82MZUaP5hjKeLRxR82d2YrRa5krpRg5qzJUXDDhmGNe6/CuR -BCJt89aoSNJX/0gm1VV5as0WZ1F1WlkYX5ICZsqasLrGxxXhsYT8ZjIEZVa50RK0 -uF4nh+AsfPA5edF3HRYUKmnEUTpeyI7zmR0MtspkUJrMd2zlpsSnMJti9lyVON3w -s0vZX/XV7HiwvUpflCtzrarTnjh/nR+sla+lQWerhNBJ2XHL7xyys68QlBEeyrA+ -Ec0nHrb/MkaWf7nL3gxY2bx8jIsSZSIkCM6RO5iEae40Edk/yrUxpKpWrJKkEV4Q -fGZ41PWvNnYtUjdEg6gfiWLOSCQPGX4VI40emT1SVbXAO7uTHFUFL+WP2w0UE7WS -BhoJo4oqQktu+VnxcXXG6+iDoZJsppolDUpQeQtztfFLwTlU9oJBGEzMR/Ka/0gB -SG8GN7pi9IizmMKKm1e1WKbBEa1hw8fatJ7Yk1iydveGBgtHj8Zp7n4jth45V+Pu -Xogt625+6T/HlGKdKLx1m6mBmMLWcKbgNYRA07zydvvPyUMi1T1fT9EKg2DG9Ios -YnZlIxRVa1ia1SBg/IIg65cRtmZFJJBD6ePSVSS0KRjI0CIV/txnx+TeqevMqkoL -+mycXvzfjn7bIVdwtMqhvvil2I9ziEIeuQhZq7Vw/oe6g81CXQvAFNKfCJSPvlhl -GGGaCTVIDwuHQOeUDsBwdfjGtyHKTI2JlngcxAtDua/QRcqf2ksVhwQS1CbnvQP9 -TsqMk1IO9FLE1kh/4ezAE6qOVUpOsym0aXZNtvsBei+cgmXVuhAJdJaQ6ExSQG6P -kQOXs7L4Nu3/GccZ4vW97VXx6GCtsPW0a9aR57ObPqLZFe0ddWs1UFVDJEjgSbFX -YsySGHAboDRu9EZ9vMSCaHJ4Vw98ap60B9l+leRtasECctOVe9pGO0AxVOBM8pkN -8xCgDfD7Md3o2JoSqXTQApQdbwkNRx46UrxSl6fvwmurpBh4a3p28F8uQP6b3oyZ -ixmNiLoE3xXvB258LEmTzgmZVZqKj5RCjxrWympbcU4NDPWLLumiw/uDc8jNVqsj -IXbLbUL9NcvLyZnehDa7vPWIoQ== ------END ENCRYPTED PRIVATE KEY----- -` - -func TestValidateBlocks(t *testing.T) { - t.Run("CA with private key and cert blocks is valid", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(dummyCA), 0600) - pem := &pemDecoderValidator{fs: fs} - - isEncrypted, err := pem.ValidateBlocks("pemfile") - - require.NoError(t, err) - assert.False(t, isEncrypted) - }) - - t.Run("client cert with private key and cert blocks is valid", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(DummyCert), 0600) - pem := &pemDecoderValidator{fs: fs} - - isEncrypted, err := pem.ValidateBlocks("pemfile") - - require.NoError(t, err) - assert.False(t, isEncrypted) - }) - - t.Run("client cert with encrypted private key and cert blocks is valid", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(dummyEncryptedCert), 0600) - pem := &pemDecoderValidator{fs: fs} - - isEncrypted, err := pem.ValidateBlocks("pemfile") - - require.NoError(t, err) - assert.True(t, isEncrypted) - }) - - t.Run("client cert without cert block is not valid", func(t *testing.T) { - fs := afero.NewMemMapFs() - certContent := strings.ReplaceAll(DummyCert, string(CertificateBlock), "DUMMY PEM BLOCK TYPE") - _ = afero.WriteFile(fs, "pemfile", []byte(certContent), 0600) - pem := &pemDecoderValidator{fs: fs} - - isEncrypted, err := pem.ValidateBlocks("pemfile") - - require.Error(t, err) - assert.False(t, isEncrypted) - }) - - t.Run("client cert without private key block is not valid", func(t *testing.T) { - fs := afero.NewMemMapFs() - certContent := strings.ReplaceAll(DummyCert, string(RSAPrivateKeyBlock), "DUMMY PEM BLOCK TYPE") - _ = afero.WriteFile(fs, "pemfile", []byte(certContent), 0600) - pem := &pemDecoderValidator{fs: fs} - - isEncrypted, err := pem.ValidateBlocks("pemfile") - - require.Error(t, err) - assert.False(t, isEncrypted) - }) -} - -func TestDecode(t *testing.T) { - t.Run("decode CA", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(dummyCA), 0600) - pem := &pemDecoderValidator{fs: fs} - - cert, privateKey, err := pem.Decode("pemfile", "") - - require.NoError(t, err) - assert.Contains(t, string(cert), CertificateBlock) - assert.Contains(t, string(privateKey), RSAPrivateKeyBlock) - }) - - t.Run("decode client cert with encrypted private key using wrong password returns error", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(dummyEncryptedCert), 0600) - pem := &pemDecoderValidator{fs: fs} - - cert, privateKey, err := pem.Decode("pemfile", "wrong pwd") - - require.Error(t, err) - assert.Nil(t, cert) - assert.Nil(t, privateKey) - }) - - t.Run("decode client cert with encrypted private key using correct password is successful", func(t *testing.T) { - fs := afero.NewMemMapFs() - _ = afero.WriteFile(fs, "pemfile", []byte(dummyEncryptedCert), 0600) - pem := &pemDecoderValidator{fs: fs} - - cert, privateKey, err := pem.Decode("pemfile", dummyPwd) - - require.NoError(t, err) - assert.Contains(t, string(cert), CertificateBlock) - assert.Contains(t, string(privateKey), RSAPrivateKeyBlock) - }) -} diff --git a/internal/decryption/pem/pkcs8.go b/internal/decryption/pem/pkcs8.go deleted file mode 100644 index 75e3770dc7..0000000000 --- a/internal/decryption/pem/pkcs8.go +++ /dev/null @@ -1,181 +0,0 @@ -// Copyright 2022 MongoDB Inc -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package pem - -// adapted from: https://github.com/smallstep/crypto/blob/master/pemutil/pkcs8.go -// Apache License 2.0 - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/des" //nolint // used as part of the des cbc standard - "crypto/sha1" //nolint:gosec // used as part of the sha1 standard - "crypto/sha256" - "crypto/x509" - "encoding/asn1" - "errors" - "fmt" - - "golang.org/x/crypto/pbkdf2" -) - -type prfParam struct { - Algo asn1.ObjectIdentifier - NullParam asn1.RawValue -} - -type pbkdf2Params struct { - Salt []byte - IterationCount int - PrfParam prfParam `asn1:"optional"` -} - -type pbkdf2Algorithms struct { - Algo asn1.ObjectIdentifier - PBKDF2Params pbkdf2Params -} - -type pbkdf2Encs struct { - EncryAlgo asn1.ObjectIdentifier - IV []byte -} - -type pbes2Params struct { - KeyDerivationFunc pbkdf2Algorithms - EncryptionScheme pbkdf2Encs -} - -type encryptedlAlgorithmIdentifier struct { - Algorithm asn1.ObjectIdentifier - Parameters pbes2Params -} - -type encryptedPrivateKeyInfo struct { - Algo encryptedlAlgorithmIdentifier - PrivateKey []byte -} - -var ( - oidPKCS5PBKDF2 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 12} - oidPBES2 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 13} - oidHMACWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 9} - oidAES128CBC = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 1, 2} - oidAES196CBC = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 1, 22} - oidAES256CBC = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 1, 42} - oidDESCBC = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 7} - oidD3DESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 3, 7} -) - -const ( - oidAES128CBCKeyLen = 16 - oidAES196CBCKeyLen = 24 - oidAES256CBCKeyLen = 32 - oidDESCBCKeyLen = 8 - oidD3DESCBCKeyLen = 24 -) - -var ErrUnsupportedPEM = errors.New("unsupported encrypted PEM") - -// DecryptPKCS8PrivateKey -// -//nolint:gocyclo -func DecryptPKCS8PrivateKey(data, password []byte) ([]byte, error) { - var pki encryptedPrivateKeyInfo - if _, err := asn1.Unmarshal(data, &pki); err != nil { - return nil, fmt.Errorf("failed to unmarshal private key %w", err) - } - - if !pki.Algo.Algorithm.Equal(oidPBES2) { - return nil, errors.New("unsupported encrypted PEM: only PBES2 is supported") - } - - if !pki.Algo.Parameters.KeyDerivationFunc.Algo.Equal(oidPKCS5PBKDF2) { - return nil, errors.New("unsupported encrypted PEM: only PBKDF2 is supported") - } - - encParam := pki.Algo.Parameters.EncryptionScheme - kdfParam := pki.Algo.Parameters.KeyDerivationFunc.PBKDF2Params - - iv := encParam.IV - salt := kdfParam.Salt - iter := kdfParam.IterationCount - - // pbkdf2 hash function - keyHash := sha1.New - if kdfParam.PrfParam.Algo.Equal(oidHMACWithSHA256) { - keyHash = sha256.New - } - - var ( - symkey []byte - block cipher.Block - err error - ) - switch { - // AES-128-CBC, AES-192-CBC, AES-256-CBC - case encParam.EncryAlgo.Equal(oidAES128CBC): - symkey = pbkdf2.Key(password, salt, iter, oidAES128CBCKeyLen, keyHash) - block, err = aes.NewCipher(symkey) - case encParam.EncryAlgo.Equal(oidAES196CBC): - symkey = pbkdf2.Key(password, salt, iter, oidAES196CBCKeyLen, keyHash) - block, err = aes.NewCipher(symkey) - case encParam.EncryAlgo.Equal(oidAES256CBC): - symkey = pbkdf2.Key(password, salt, iter, oidAES256CBCKeyLen, keyHash) - block, err = aes.NewCipher(symkey) - // DES, TripleDES - case encParam.EncryAlgo.Equal(oidDESCBC): - symkey = pbkdf2.Key(password, salt, iter, oidDESCBCKeyLen, keyHash) - block, err = des.NewCipher(symkey) //nolint:gosec - case encParam.EncryAlgo.Equal(oidD3DESCBC): - symkey = pbkdf2.Key(password, salt, iter, oidD3DESCBCKeyLen, keyHash) - block, err = des.NewTripleDESCipher(symkey) //nolint:gosec - default: - return nil, fmt.Errorf("%w: unknown algorithm %v", ErrUnsupportedPEM, encParam.EncryAlgo) - } - if err != nil { - return nil, err - } - - data = pki.PrivateKey - mode := cipher.NewCBCDecrypter(block, iv) - mode.CryptBlocks(data, data) - - // Blocks are padded using a scheme where the last n bytes of padding are all - // equal to n. It can pad from 1 to blocksize bytes inclusive. See RFC 1423. - // For example: - // [x y z 2 2] - // [x y 7 7 7 7 7 7 7] - // If we detect a bad padding, we assume it is an invalid password. - blockSize := block.BlockSize() - dlen := len(data) - if dlen == 0 || dlen%blockSize != 0 { - return nil, errors.New("error decrypting PEM: invalid padding") - } - - last := int(data[dlen-1]) - if dlen < last { - return nil, x509.IncorrectPasswordError - } - if last == 0 || last > blockSize { - return nil, x509.IncorrectPasswordError - } - for _, val := range data[dlen-last:] { - if int(val) != last { - return nil, x509.IncorrectPasswordError - } - } - - return data[:dlen-last], nil -}