diff --git a/.travis.yml b/.travis.yml index 60249e75..b6ebb7b5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ language: go env: - GO111MODULE=on go: -- 1.12.x +- 1.13 - tip script: - go vet ./... diff --git a/README.md b/README.md index 3bdfcfdb..10608440 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ You should be able to run crypki server on any linux platform as long as you hav Prerequisites: -- Go >= 1.12.1 +- Go >= 1.13 Run: diff --git a/api/blob.go b/api/blob.go index 52ea1635..ddfe4ab5 100644 --- a/api/blob.go +++ b/api/blob.go @@ -74,6 +74,7 @@ func (s *SigningService) GetBlobSigningKey(ctx context.Context, keyMeta *proto.K // PostSignBlob signs the digest using the specified key. func (s *SigningService) PostSignBlob(ctx context.Context, request *proto.BlobSigningRequest) (*proto.Signature, error) { const methodName = "PostSignBlob" + const maxDigestLen = 256 statusCode := http.StatusCreated start := time.Now() var err error @@ -100,6 +101,10 @@ func (s *SigningService) PostSignBlob(ctx context.Context, request *proto.BlobSi statusCode = http.StatusBadRequest return nil, status.Errorf(codes.InvalidArgument, "Bad request: %v", err) } + if len(digest) > maxDigestLen { + statusCode = http.StatusBadRequest + return nil, status.Error(codes.InvalidArgument, "Bad request: digest length too long") + } signerOpts := getSignerOpts(request.HashAlgorithm.String()) signature, err := s.SignBlob(digest, signerOpts, request.KeyMeta.Identifier) diff --git a/api/blob_test.go b/api/blob_test.go index 1ca26cfd..e08ade3a 100644 --- a/api/blob_test.go +++ b/api/blob_test.go @@ -5,6 +5,8 @@ package api import ( "context" "encoding/base64" + "io/ioutil" + "log" "reflect" "sort" "testing" @@ -13,6 +15,10 @@ import ( "github.com/yahoo/crypki/proto" ) +func init() { + log.SetOutput(ioutil.Discard) +} + func TestGetBlobAvailableSigningKeys(t *testing.T) { t.Parallel() var expectedEmptyKey []*proto.KeyMeta @@ -156,6 +162,7 @@ func TestGetBlobSigningKey(t *testing.T) { func TestPostSignBlob(t *testing.T) { t.Parallel() + tooLongDigest := "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==" testcases := map[string]struct { KeyUsages map[string]map[string]bool KeyMeta *proto.KeyMeta @@ -180,6 +187,12 @@ func TestPostSignBlob(t *testing.T) { KeyMeta: &proto.KeyMeta{Identifier: "blobid"}, expectedSignature: &proto.Signature{Signature: base64.StdEncoding.EncodeToString([]byte("good blob signature"))}, }, + "tooLongDigest": { + KeyUsages: blobkeyUsage, + KeyMeta: &proto.KeyMeta{Identifier: "blobid"}, + Digest: tooLongDigest, + expectedSignature: nil, + }, "blobUsagesBadDigest": { KeyUsages: blobkeyUsage, KeyMeta: &proto.KeyMeta{Identifier: "blobid"}, diff --git a/api/sign_test.go b/api/sign_test.go index a6d5ce64..90f952c1 100644 --- a/api/sign_test.go +++ b/api/sign_test.go @@ -42,6 +42,12 @@ C/PUGbEx6UqtEACiR28dz/7YQAqfyVv4GXaFuacIZZj8JDwyL0lL1sg7WA8RSYMA iAJCAf+ezR8UoGvQ0X+OX1rONp0WFtHC6pbE03jVvcOHHKnOKRW1ivU2IpKvXbz8 UDqinTa6CHKDSjI7RweJHczdBus1AkIB376Ba4qvP5IAp+3JYHA4PDLtSJoTLxrJ jfOwXe2T9BIwzSu8EH9adQhFt1tH/yy5KTK3H5556OFOTSzxh2zfLa4= +-----END CERTIFICATE REQUEST-----` + testGoodcsrED25519 = `-----BEGIN CERTIFICATE REQUEST----- +MIGbME8CAQAwHDEaMBgGA1UEAxMRZm9vLmJhci55YWhvby5jb20wKjAFBgMrZXAD +IQAPCN2lUJcxG5UYvuwnxZQJkS6MmRDfaLgqcUPfgx6LtKAAMAUGAytlcANBAFMD +njJnZ795o9DbEhiHuUVEu2WUBXd32vPd+Ij55lHdTcCb9hQcAMAP3K0xdyH8V8E2 +6b9a0A8/oKsiOAU9mgA= -----END CERTIFICATE REQUEST-----` testGoodRsaPubKey = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3qVQkPbXzYzykUomIP9q/ZYyIyKFyYZt/7qZ5fIsnfFBmJAbRMiQCXxKUcM8EkY4MO4d7ujePdLZRwPz+IakOhpvldIXJGgURMNiVbGpXFNS9HHOFnvFdiss6piu7oG9J1cMaR3XqnV5waiYSEQ+w1e/ZGcGFmq4Bc/ubeFU/kPG110pXCT+Ka6nSUI2p7zg7tEH9hOx8oWB1RoVFlPzGr1pO+pwNT6SyPK/pSCTlR3iiv84C70DSh/uKe0Hl3R0i/ebJrHNy5HaIL4hcB7bUXgyko6tU+zOaL0kVjHVNninq/wu9YIG5Q3CL6Or6+RbWkI5b3Rfxh1cuCxHv//RV XX@XX` testGoodDsaPubKey = `ssh-dss AAAAB3NzaC1kc3MAAACBAJO2OS5J02GNCTRdHkkCKnrAM6ZJkyHsvlixWN+16ahzqZD7ijdQwiIofchTpqAsKgXPLH3OhCMvItDrvsJ56SNbP1RlW9qcPix94Ar4xaiW5kqngf0AallzVO1yjyVA0vtjzGBiM0ShzMGYogj1+jOsjgu2/B/FvGb2gIAc/l1lAAAAFQCZdAPNrWBZ92WeSmgL42iQZqKiwwAAAIAyMcUFJYzB+CDZ5aifPYzWPyrHfi/DhHmiY4pDAjFnZUWB6N+Heo1ovITVPLL7coFwLcv1PCvAJ7H+2BPtx7OMzicfAB2OustgzMfznOeUXVtFvA4jaaBP1x/BTrH4THz3gTg/lr6kBpsb/nHzBCLRXjGxsXV/GLQfVvBqVGQruAAAAIAhD56FQ9iNOMHiK+Lin1tF5f/kHFdUMIO1DRodv2ueBTTgXjcZ28i5KVCEuifQ8e9QFy7Za1NePAc1R0MwDoytyirK4IWFZCn0X1nHd1DRuw+0yxUOwwk/HyjC5myo7wf3ZNcjzBu5Hd56POc6XtIHY88PX8dsGyzKGv5J3ops1A== XXX@X2VD2JLHTDD` diff --git a/api/x509cert_test.go b/api/x509cert_test.go index a01e918f..aa016894 100644 --- a/api/x509cert_test.go +++ b/api/x509cert_test.go @@ -193,6 +193,14 @@ func TestPostX509Certificate(t *testing.T) { expectedCert: &proto.X509Certificate{Cert: "good x509 cert"}, CSR: testGoodcsrEc, }, + "x509KeyUsagesWithRightIdAndED25519Csr": { + KeyUsages: x509keyUsage, + maxValidity: defaultMaxValidity, + validity: 3600, + KeyMeta: &proto.KeyMeta{Identifier: "x509id"}, + expectedCert: &proto.X509Certificate{Cert: "good x509 cert"}, + CSR: testGoodcsrED25519, + }, "sshKeyUsages": { KeyUsages: sshkeyUsage, maxValidity: defaultMaxValidity, diff --git a/docker-softhsm/Dockerfile b/docker-softhsm/Dockerfile index 9760ad8d..1ed7f747 100644 --- a/docker-softhsm/Dockerfile +++ b/docker-softhsm/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.12.6 +FROM golang:1.13 ENV CRYPKI_DIR /go/src/github.com/yahoo/crypki COPY . ${CRYPKI_DIR} WORKDIR ${CRYPKI_DIR} diff --git a/go.mod b/go.mod index 62280a2d..2dcefa50 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,16 @@ module github.com/yahoo/crypki -go 1.12 +go 1.13 require ( github.com/golang/mock v1.3.1 github.com/golang/protobuf v1.3.2 - github.com/grpc-ecosystem/grpc-gateway v1.9.5 + github.com/grpc-ecosystem/grpc-gateway v1.11.1 github.com/miekg/pkcs11 v1.0.2 - golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 - golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 // indirect - golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a // indirect + golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739 + golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 // indirect + golang.org/x/sys v0.0.0-20190907184412-d223b2b6db03 // indirect golang.org/x/text v0.3.2 // indirect - google.golang.org/appengine v1.4.0 // indirect - google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 + google.golang.org/genproto v0.0.0-20190905072037-92dd089d5514 google.golang.org/grpc v1.23.0 ) diff --git a/go.sum b/go.sum index e10d1f83..b436f2bc 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,10 @@ +cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -11,20 +15,23 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/grpc-ecosystem/grpc-gateway v1.9.5 h1:UImYN5qQ8tuGpGE16ZmjvcTtTw24zw1QAp/SlnNrZhI= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.11.1 h1:/dBYI+n4xIL+Y9SKXQrjlKTmJJDwCSlNLRwZ5nBhIek= +github.com/grpc-ecosystem/grpc-gateway v1.11.1/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/miekg/pkcs11 v1.0.2 h1:CIBkOawOtzJNE0B+EpRiUBzuVW7JEQAwdwhSS6YhIeg= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af h1:gu+uRPtBe88sKxUCEXRoeCvVG90TJmwhiqRpvdhQFng= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739 h1:Gc7JIyxvWgD6m+QmVryY0MstDORNYididDGxgZ6Tnpk= +golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4 h1:c2HOrn5iMezYjSlGPncknSEr/8x5LELb/ilJbXi9DEA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 h1:XQyxROzUlZH+WIQwySDgnISgOivlhjIEwaQaJEJrrN0= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -32,8 +39,9 @@ golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -43,8 +51,8 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a h1:aYOabOQFp6Vj6W1F80affTUvO9UxmJRx8K0gsfABByQ= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190907184412-d223b2b6db03 h1:b3JiLYVaG9kHjTcOQIoUh978YMCO7oVTQQBLudU47zY= +golang.org/x/sys v0.0.0-20190907184412-d223b2b6db03/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= @@ -55,18 +63,22 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262 h1:qsl9y/CJx34tuA7QCPNp86JNJe4spst6Ff8MjvPUdPg= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 h1:5Beo0mZN8dRzgrMMkDp0jc8YXQKx9DiJ2k1dkvGsn5A= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190905072037-92dd089d5514 h1:oFSK4421fpCKRrpzIpybyBVWyht05NegY9+L/3TLAZs= +google.golang.org/genproto v0.0.0-20190905072037-92dd089d5514/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0 h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7 h1:+t9dhfO+GNOIGJof6kPOAenx7YgrZMTdRPV+EsnPabk= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc h1:/hemPrYIhOhy8zYrNj+069zDB68us2sMGsfkFJO0iZs= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/proto/protogen.go b/proto/protogen.go index fba4556e..e1f50869 100644 --- a/proto/protogen.go +++ b/proto/protogen.go @@ -6,7 +6,7 @@ package proto //go:generate protoc -I. -I$GOPATH/src -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis --go_out=plugins=grpc:. sign.proto //go:generate protoc -I. -I$GOPATH/src -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis --grpc-gateway_out=logtostderr=true:./ sign.proto -// use protoc 3.7.1 +// use protoc 3.9.1 // run the following command after generating proto files to generate mock //go:generate $GOPATH/bin/mockgen -source=./sign.pb.go -destination=./mock/mock.go -package=mock diff --git a/proto/sign.pb.go b/proto/sign.pb.go index 006e05a2..c513120c 100644 --- a/proto/sign.pb.go +++ b/proto/sign.pb.go @@ -10,6 +10,8 @@ import ( empty "github.com/golang/protobuf/ptypes/empty" _ "google.golang.org/genproto/googleapis/api/annotations" grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" math "math" ) @@ -794,6 +796,47 @@ type SigningServer interface { PostSignBlob(context.Context, *BlobSigningRequest) (*Signature, error) } +// UnimplementedSigningServer can be embedded to have forward compatible implementations. +type UnimplementedSigningServer struct { +} + +func (*UnimplementedSigningServer) GetX509CertificateAvailableSigningKeys(ctx context.Context, req *empty.Empty) (*KeyMetas, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetX509CertificateAvailableSigningKeys not implemented") +} +func (*UnimplementedSigningServer) GetX509CACertificate(ctx context.Context, req *KeyMeta) (*X509Certificate, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetX509CACertificate not implemented") +} +func (*UnimplementedSigningServer) PostX509Certificate(ctx context.Context, req *X509CertificateSigningRequest) (*X509Certificate, error) { + return nil, status.Errorf(codes.Unimplemented, "method PostX509Certificate not implemented") +} +func (*UnimplementedSigningServer) GetUserSSHCertificateAvailableSigningKeys(ctx context.Context, req *empty.Empty) (*KeyMetas, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetUserSSHCertificateAvailableSigningKeys not implemented") +} +func (*UnimplementedSigningServer) GetUserSSHCertificateSigningKey(ctx context.Context, req *KeyMeta) (*SSHKey, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetUserSSHCertificateSigningKey not implemented") +} +func (*UnimplementedSigningServer) PostUserSSHCertificate(ctx context.Context, req *SSHCertificateSigningRequest) (*SSHKey, error) { + return nil, status.Errorf(codes.Unimplemented, "method PostUserSSHCertificate not implemented") +} +func (*UnimplementedSigningServer) GetHostSSHCertificateAvailableSigningKeys(ctx context.Context, req *empty.Empty) (*KeyMetas, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetHostSSHCertificateAvailableSigningKeys not implemented") +} +func (*UnimplementedSigningServer) GetHostSSHCertificateSigningKey(ctx context.Context, req *KeyMeta) (*SSHKey, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetHostSSHCertificateSigningKey not implemented") +} +func (*UnimplementedSigningServer) PostHostSSHCertificate(ctx context.Context, req *SSHCertificateSigningRequest) (*SSHKey, error) { + return nil, status.Errorf(codes.Unimplemented, "method PostHostSSHCertificate not implemented") +} +func (*UnimplementedSigningServer) GetBlobAvailableSigningKeys(ctx context.Context, req *empty.Empty) (*KeyMetas, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetBlobAvailableSigningKeys not implemented") +} +func (*UnimplementedSigningServer) GetBlobSigningKey(ctx context.Context, req *KeyMeta) (*PublicKey, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetBlobSigningKey not implemented") +} +func (*UnimplementedSigningServer) PostSignBlob(ctx context.Context, req *BlobSigningRequest) (*Signature, error) { + return nil, status.Errorf(codes.Unimplemented, "method PostSignBlob not implemented") +} + func RegisterSigningServer(s *grpc.Server, srv SigningServer) { s.RegisterService(&_Signing_serviceDesc, srv) } diff --git a/proto/sign.pb.gw.go b/proto/sign.pb.gw.go index 775730d4..a928eaf2 100644 --- a/proto/sign.pb.gw.go +++ b/proto/sign.pb.gw.go @@ -38,6 +38,15 @@ func request_Signing_GetX509CertificateAvailableSigningKeys_0(ctx context.Contex } +func local_request_Signing_GetX509CertificateAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq empty.Empty + var metadata runtime.ServerMetadata + + msg, err := server.GetX509CertificateAvailableSigningKeys(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetX509CACertificate_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq KeyMeta var metadata runtime.ServerMetadata @@ -65,6 +74,33 @@ func request_Signing_GetX509CACertificate_0(ctx context.Context, marshaler runti } +func local_request_Signing_GetX509CACertificate_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq KeyMeta + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "identifier") + } + + protoReq.Identifier, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "identifier", err) + } + + msg, err := server.GetX509CACertificate(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_PostX509Certificate_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq X509CertificateSigningRequest var metadata runtime.ServerMetadata @@ -100,6 +136,41 @@ func request_Signing_PostX509Certificate_0(ctx context.Context, marshaler runtim } +func local_request_Signing_PostX509Certificate_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq X509CertificateSigningRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["key_meta.identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "key_meta.identifier") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "key_meta.identifier", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "key_meta.identifier", err) + } + + msg, err := server.PostX509Certificate(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetUserSSHCertificateAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq empty.Empty var metadata runtime.ServerMetadata @@ -109,6 +180,15 @@ func request_Signing_GetUserSSHCertificateAvailableSigningKeys_0(ctx context.Con } +func local_request_Signing_GetUserSSHCertificateAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq empty.Empty + var metadata runtime.ServerMetadata + + msg, err := server.GetUserSSHCertificateAvailableSigningKeys(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetUserSSHCertificateSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq KeyMeta var metadata runtime.ServerMetadata @@ -136,6 +216,33 @@ func request_Signing_GetUserSSHCertificateSigningKey_0(ctx context.Context, mars } +func local_request_Signing_GetUserSSHCertificateSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq KeyMeta + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "identifier") + } + + protoReq.Identifier, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "identifier", err) + } + + msg, err := server.GetUserSSHCertificateSigningKey(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_PostUserSSHCertificate_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq SSHCertificateSigningRequest var metadata runtime.ServerMetadata @@ -171,6 +278,41 @@ func request_Signing_PostUserSSHCertificate_0(ctx context.Context, marshaler run } +func local_request_Signing_PostUserSSHCertificate_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq SSHCertificateSigningRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["key_meta.identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "key_meta.identifier") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "key_meta.identifier", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "key_meta.identifier", err) + } + + msg, err := server.PostUserSSHCertificate(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetHostSSHCertificateAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq empty.Empty var metadata runtime.ServerMetadata @@ -180,6 +322,15 @@ func request_Signing_GetHostSSHCertificateAvailableSigningKeys_0(ctx context.Con } +func local_request_Signing_GetHostSSHCertificateAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq empty.Empty + var metadata runtime.ServerMetadata + + msg, err := server.GetHostSSHCertificateAvailableSigningKeys(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetHostSSHCertificateSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq KeyMeta var metadata runtime.ServerMetadata @@ -207,6 +358,33 @@ func request_Signing_GetHostSSHCertificateSigningKey_0(ctx context.Context, mars } +func local_request_Signing_GetHostSSHCertificateSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq KeyMeta + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "identifier") + } + + protoReq.Identifier, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "identifier", err) + } + + msg, err := server.GetHostSSHCertificateSigningKey(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_PostHostSSHCertificate_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq SSHCertificateSigningRequest var metadata runtime.ServerMetadata @@ -242,6 +420,41 @@ func request_Signing_PostHostSSHCertificate_0(ctx context.Context, marshaler run } +func local_request_Signing_PostHostSSHCertificate_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq SSHCertificateSigningRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["key_meta.identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "key_meta.identifier") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "key_meta.identifier", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "key_meta.identifier", err) + } + + msg, err := server.PostHostSSHCertificate(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetBlobAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq empty.Empty var metadata runtime.ServerMetadata @@ -251,6 +464,15 @@ func request_Signing_GetBlobAvailableSigningKeys_0(ctx context.Context, marshale } +func local_request_Signing_GetBlobAvailableSigningKeys_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq empty.Empty + var metadata runtime.ServerMetadata + + msg, err := server.GetBlobAvailableSigningKeys(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_GetBlobSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq KeyMeta var metadata runtime.ServerMetadata @@ -278,6 +500,33 @@ func request_Signing_GetBlobSigningKey_0(ctx context.Context, marshaler runtime. } +func local_request_Signing_GetBlobSigningKey_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq KeyMeta + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "identifier") + } + + protoReq.Identifier, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "identifier", err) + } + + msg, err := server.GetBlobSigningKey(ctx, &protoReq) + return msg, metadata, err + +} + func request_Signing_PostSignBlob_0(ctx context.Context, marshaler runtime.Marshaler, client SigningClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq BlobSigningRequest var metadata runtime.ServerMetadata @@ -313,6 +562,289 @@ func request_Signing_PostSignBlob_0(ctx context.Context, marshaler runtime.Marsh } +func local_request_Signing_PostSignBlob_0(ctx context.Context, marshaler runtime.Marshaler, server SigningServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq BlobSigningRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["key_meta.identifier"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "key_meta.identifier") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "key_meta.identifier", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "key_meta.identifier", err) + } + + msg, err := server.PostSignBlob(ctx, &protoReq) + return msg, metadata, err + +} + +// RegisterSigningHandlerServer registers the http handlers for service Signing to "mux". +// UnaryRPC :call SigningServer directly. +// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. +func RegisterSigningHandlerServer(ctx context.Context, mux *runtime.ServeMux, server SigningServer) error { + + mux.Handle("GET", pattern_Signing_GetX509CertificateAvailableSigningKeys_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetX509CertificateAvailableSigningKeys_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetX509CertificateAvailableSigningKeys_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetX509CACertificate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetX509CACertificate_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetX509CACertificate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_Signing_PostX509Certificate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_PostX509Certificate_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_PostX509Certificate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetUserSSHCertificateAvailableSigningKeys_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetUserSSHCertificateAvailableSigningKeys_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetUserSSHCertificateAvailableSigningKeys_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetUserSSHCertificateSigningKey_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetUserSSHCertificateSigningKey_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetUserSSHCertificateSigningKey_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_Signing_PostUserSSHCertificate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_PostUserSSHCertificate_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_PostUserSSHCertificate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetHostSSHCertificateAvailableSigningKeys_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetHostSSHCertificateAvailableSigningKeys_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetHostSSHCertificateAvailableSigningKeys_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetHostSSHCertificateSigningKey_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetHostSSHCertificateSigningKey_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetHostSSHCertificateSigningKey_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_Signing_PostHostSSHCertificate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_PostHostSSHCertificate_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_PostHostSSHCertificate_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetBlobAvailableSigningKeys_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetBlobAvailableSigningKeys_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetBlobAvailableSigningKeys_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Signing_GetBlobSigningKey_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_GetBlobSigningKey_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_GetBlobSigningKey_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("POST", pattern_Signing_PostSignBlob_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Signing_PostSignBlob_0(rctx, inboundMarshaler, server, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Signing_PostSignBlob_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + // RegisterSigningHandlerFromEndpoint is same as RegisterSigningHandler but // automatically dials to "endpoint" and closes the connection when "ctx" gets done. func RegisterSigningHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { @@ -595,29 +1127,29 @@ func RegisterSigningHandlerClient(ctx context.Context, mux *runtime.ServeMux, cl } var ( - pattern_Signing_GetX509CertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "x509-cert", "keys"}, "")) + pattern_Signing_GetX509CertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "x509-cert", "keys"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetX509CACertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "x509-cert", "keys", "identifier"}, "")) + pattern_Signing_GetX509CACertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "x509-cert", "keys", "identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_PostX509Certificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "x509-cert", "keys", "key_meta.identifier"}, "")) + pattern_Signing_PostX509Certificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "x509-cert", "keys", "key_meta.identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetUserSSHCertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "ssh-user-cert", "keys"}, "")) + pattern_Signing_GetUserSSHCertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "ssh-user-cert", "keys"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetUserSSHCertificateSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-user-cert", "keys", "identifier"}, "")) + pattern_Signing_GetUserSSHCertificateSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-user-cert", "keys", "identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_PostUserSSHCertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-user-cert", "keys", "key_meta.identifier"}, "")) + pattern_Signing_PostUserSSHCertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-user-cert", "keys", "key_meta.identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetHostSSHCertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "ssh-host-cert", "keys"}, "")) + pattern_Signing_GetHostSSHCertificateAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "ssh-host-cert", "keys"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetHostSSHCertificateSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-host-cert", "keys", "identifier"}, "")) + pattern_Signing_GetHostSSHCertificateSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-host-cert", "keys", "identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_PostHostSSHCertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-host-cert", "keys", "key_meta.identifier"}, "")) + pattern_Signing_PostHostSSHCertificate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "ssh-host-cert", "keys", "key_meta.identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetBlobAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "blob", "keys"}, "")) + pattern_Signing_GetBlobAvailableSigningKeys_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"v3", "sig", "blob", "keys"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_GetBlobSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "blob", "keys", "identifier"}, "")) + pattern_Signing_GetBlobSigningKey_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "blob", "keys", "identifier"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Signing_PostSignBlob_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "blob", "keys", "key_meta.identifier"}, "")) + pattern_Signing_PostSignBlob_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4}, []string{"v3", "sig", "blob", "keys", "key_meta.identifier"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( diff --git a/server/server.go b/server/server.go index bb0725bc..2178efd4 100644 --- a/server/server.go +++ b/server/server.go @@ -227,17 +227,16 @@ func tlsConfiguration(caCertPath string, certPath, keyPath string, clientAuthMod // Use only modern ciphers. cfg.CipherSuites = []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_AES_128_GCM_SHA256, + tls.TLS_AES_256_GCM_SHA384, + tls.TLS_CHACHA20_POLY1305_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_RSA_WITH_AES_128_CBC_SHA256, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, } // Use TLS v1.2 and higher.