From 679906a40627555ec10621980e3585722fd6ff75 Mon Sep 17 00:00:00 2001 From: Jay Date: Tue, 7 Nov 2023 12:58:47 +0000 Subject: [PATCH] Use KMS keys to sign and verify. --- experimental/gcp-log/function.go | 168 +++++++++++++++++++++---------- experimental/gcp-log/go.mod | 33 +++--- experimental/gcp-log/go.sum | 67 ++++++------ 3 files changed, 166 insertions(+), 102 deletions(-) diff --git a/experimental/gcp-log/function.go b/experimental/gcp-log/function.go index 93082dd..5aba82b 100644 --- a/experimental/gcp-log/function.go +++ b/experimental/gcp-log/function.go @@ -23,53 +23,89 @@ import ( "fmt" "net/http" "os" - - "github.com/transparency-dev/merkle/rfc6962" - "golang.org/x/mod/sumdb/note" - "google.golang.org/api/iterator" + "path/filepath" "github.com/gcp_serverless_module/internal/storage" - "github.com/transparency-dev/serverless-log/pkg/log" + "cloud.google.com/go/kms/apiv1" + "github.com/transparency-dev/armored-witness/pkg/kmssigner" fmtlog "github.com/transparency-dev/formats/log" + "github.com/transparency-dev/merkle/rfc6962" + "github.com/transparency-dev/serverless-log/pkg/log" + "golang.org/x/mod/sumdb/note" + "google.golang.org/api/iterator" ) -func validateCommonArgs(w http.ResponseWriter, origin string) (ok bool, pubKey string) { - if len(origin) == 0 { +type requestData struct { + // Common args. + Origin string `json:"origin"` + Bucket string `json:"bucket"` + NoteKeyName string `json:"noteKeyName"` + KMSKeyRing string `json:"kmsKeyRing"` + KMSKeyName string `json:"kmsKeyName"` + KMSKeyLocation string `json:"kmsKeyLocation"` + KMSKeyVersion uint `json:"kmsKeyVersion"` + + // For Sequence requests. + EntriesDir string `json:"entriesDir"` + + // For Integrate requests. + Initialise bool `json:"initialise"` +} + +func validateCommonArgs(w http.ResponseWriter, d requestData) (ok bool) { + if len(d.Origin) == 0 { http.Error(w, "Please set `origin` in HTTP body to log identifier.", http.StatusBadRequest) - return false, "" + return false } - - pubKey = os.Getenv("SERVERLESS_LOG_PUBLIC_KEY") - if len(pubKey) == 0 { - http.Error(w, - "Please set SERVERLESS_LOG_PUBLIC_KEY environment variable", + if len(d.KMSKeyRing) == 0 { + http.Error(w, "Please set `kmsKeyRing` in HTTP body to the signing key's key ring.", + http.StatusBadRequest) + return false + } + if len(d.KMSKeyName) == 0 { + http.Error(w, "Please set `kmsKeyName` in HTTP body to the signing key's name.", http.StatusBadRequest) - return false, "" + return false + } + if len(d.KMSKeyLocation) == 0 { + http.Error(w, "Please set `kmsKeyLocation` in HTTP body to the signing key's location.", + http.StatusBadRequest) + return false + } + if d.KMSKeyVersion == 0 { + http.Error(w, "Please set `kmsKeyVersion` in HTTP body to the signing key's version as an integer.", + http.StatusBadRequest) + return false + } + if len(d.NoteKeyName) == 0 { + http.Error(w, "Please set `noteKeyName` in HTTP body to the key name for the note.", + http.StatusBadRequest) + return false } - return true, pubKey + return true } // Sequence is the entrypoint of the `sequence` GCF function. func Sequence(w http.ResponseWriter, r *http.Request) { // TODO(jayhou): validate that EntriesDir is only touching the log path. - var d struct { - Bucket string `json:"bucket"` - EntriesDir string `json:"entriesDir"` - Origin string `json:"origin"` - } + // process request args + d := requestData{} if err := json.NewDecoder(r.Body).Decode(&d); err != nil { - code := http.StatusBadRequest fmt.Printf("json.NewDecoder: %v", err) - http.Error(w, http.StatusText(code), code) + http.Error(w, fmt.Sprintf("Failed to decode JSON: %q", err), http.StatusBadRequest) return } - ok, pubKey := validateCommonArgs(w, d.Origin) - if !ok { + if ok := validateCommonArgs(w, d); !ok { + return + } + if len(d.EntriesDir) == 0 { + http.Error(w, "Please set `entriesDir` in HTTP body to the key name for the note.", + http.StatusBadRequest) return } @@ -84,19 +120,36 @@ func Sequence(w http.ResponseWriter, r *http.Request) { // Read the current log checkpoint to retrieve next sequence number. - cpRaw, err := client.ReadCheckpoint(ctx) + cpBytes, err := client.ReadCheckpoint(ctx) if err != nil { http.Error(w, fmt.Sprintf("Failed to read log checkpoint: %q", err), http.StatusInternalServerError) return } // Check signatures - v, err := note.NewVerifier(pubKey) + kmsKeyName := fmt.Sprintf(kmssigner.KeyVersionNameFormat, + os.Getenv("GCP_PROJECT"), d.KMSKeyLocation, d.KMSKeyRing, d.KMSKeyName, d.KMSKeyVersion) + + kmClient, err := kms.NewKeyManagementClient(ctx) if err != nil { - http.Error(w, fmt.Sprintf("Failed to instantiate Verifier: %q", err), http.StatusInternalServerError) - return + http.Error(w, fmt.Sprintf("Failed to create KeyManagementClient: %q", err), http.StatusInternalServerError) } - cp, _, _, err := fmtlog.ParseCheckpoint(cpRaw, d.Origin, v) + defer kmClient.Close() + + vkey, err := kmssigner.VerifierKeyString(ctx, kmClient, kmsKeyName, d.NoteKeyName) + if err != nil { + http.Error(w, + fmt.Sprintf("Failed to create verifier key string: %q", err), + http.StatusInternalServerError) + } + noteVerifier, err := note.NewVerifier(vkey) + if err != nil { + http.Error(w, + fmt.Sprintf("Failed to instantiate verifier: %q", err), + http.StatusInternalServerError) + } + + cp, _, _, err := fmtlog.ParseCheckpoint(cpBytes, d.Origin, noteVerifier) if err != nil { http.Error(w, fmt.Sprintf("Failed to parse Checkpoint: %q", err), http.StatusInternalServerError) return @@ -119,11 +172,12 @@ func Sequence(w http.ResponseWriter, r *http.Request) { return } // Skip this directory - only add files under it. - if attrs.Name == d.EntriesDir { + if filepath.Clean(attrs.Name) == filepath.Clean(d.EntriesDir) { continue } bytes, err := client.GetObjectData(ctx, attrs.Name) + fmt.Printf("Sequencing object %q with content %q\n", attrs.Name, string(bytes)) if err != nil { http.Error(w, fmt.Sprintf("Failed to get data of object %q: %q", attrs.Name, err), @@ -156,37 +210,49 @@ func Sequence(w http.ResponseWriter, r *http.Request) { // Integrate is the entrypoint of the `integrate` GCF function. func Integrate(w http.ResponseWriter, r *http.Request) { - var d struct { - Origin string `json:"origin"` - Initialise bool `json:"initialise"` - Bucket string `json:"bucket"` - } + // process request args + d := requestData{} if err := json.NewDecoder(r.Body).Decode(&d); err != nil { fmt.Printf("json.NewDecoder: %v", err) - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + http.Error(w, fmt.Sprintf("Failed to decode JSON: %q", err), http.StatusBadRequest) return } - ok, pubKey := validateCommonArgs(w, d.Origin) - if !ok { + if ok := validateCommonArgs(w, d); !ok { return } - privKey := os.Getenv("SERVERLESS_LOG_PRIVATE_KEY") - if len(privKey) == 0 { - http.Error(w, - "Please set SERVERLESS_LOG_PUBLIC_KEY environment variable", - http.StatusBadRequest) + kmsKeyName := fmt.Sprintf(kmssigner.KeyVersionNameFormat, + os.Getenv("GCP_PROJECT"), d.KMSKeyLocation, d.KMSKeyRing, d.KMSKeyName, d.KMSKeyVersion) + + ctx := context.Background() + kmClient, err := kms.NewKeyManagementClient(ctx) + if err != nil { + http.Error(w, fmt.Sprintf("Failed to create KeyManagementClient: %q", err), http.StatusInternalServerError) } + defer kmClient.Close() - s, err := note.NewSigner(privKey) + noteSigner, err := kmssigner.New(ctx, kmClient, kmsKeyName, d.NoteKeyName) if err != nil { http.Error(w, fmt.Sprintf("Failed to instantiate signer: %q", err), http.StatusInternalServerError) return } - ctx := context.Background() + vkey, err := kmssigner.VerifierKeyString(ctx, kmClient, kmsKeyName, noteSigner.Name()) + if err != nil { + http.Error(w, + fmt.Sprintf("Failed to create verifier key string: %q", err), + http.StatusInternalServerError) + } + + noteVerifier, err := note.NewVerifier(vkey) + if err != nil { + http.Error(w, + fmt.Sprintf("Failed to instantiate verifier: %q", err), + http.StatusInternalServerError) + } + client, err := storage.NewClient(ctx, os.Getenv("GCP_PROJECT"), d.Bucket) if err != nil { http.Error(w, fmt.Sprintf("Failed to create GCS client: %v", err), http.StatusBadRequest) @@ -204,7 +270,7 @@ func Integrate(w http.ResponseWriter, r *http.Request) { cp := fmtlog.Checkpoint{ Hash: h.EmptyRoot(), } - if err := signAndWrite(ctx, &cp, cpNote, s, client, d.Origin); err != nil { + if err := signAndWrite(ctx, &cp, cpNote, noteSigner, client, d.Origin); err != nil { http.Error(w, fmt.Sprintf("Failed to sign: %q", err), http.StatusInternalServerError) } fmt.Fprintf(w, fmt.Sprintf("Initialised log at %s.", d.Bucket)) @@ -220,13 +286,7 @@ func Integrate(w http.ResponseWriter, r *http.Request) { } // Check signatures - v, err := note.NewVerifier(pubKey) - if err != nil { - http.Error(w, - fmt.Sprintf("Failed to instantiate Verifier: %q", err), - http.StatusInternalServerError) - } - cp, _, _, err := fmtlog.ParseCheckpoint(cpRaw, d.Origin, v) + cp, _, _, err := fmtlog.ParseCheckpoint(cpRaw, d.Origin, noteVerifier) if err != nil { http.Error(w, fmt.Sprintf("Failed to open Checkpoint: %q", err), @@ -245,7 +305,7 @@ func Integrate(w http.ResponseWriter, r *http.Request) { http.Error(w, "Nothing to integrate", http.StatusInternalServerError) } - err = signAndWrite(ctx, newCp, cpNote, s, client, d.Origin) + err = signAndWrite(ctx, newCp, cpNote, noteSigner, client, d.Origin) if err != nil { http.Error(w, fmt.Sprintf("Failed to sign: %q", err), diff --git a/experimental/gcp-log/go.mod b/experimental/gcp-log/go.mod index 3aa36fc..271f3e0 100644 --- a/experimental/gcp-log/go.mod +++ b/experimental/gcp-log/go.mod @@ -3,40 +3,41 @@ module github.com/gcp_serverless_module go 1.20 require ( + cloud.google.com/go/kms v1.15.5 cloud.google.com/go/storage v1.33.0 + github.com/transparency-dev/armored-witness v0.0.0-20231106114509-3d1fed57e76e github.com/transparency-dev/formats v0.0.0-20230928092353-f8ed364213f7 github.com/transparency-dev/merkle v0.0.2 github.com/transparency-dev/serverless-log v0.0.0-20231001212932-d1a42e72eef9 - golang.org/x/mod v0.12.0 - google.golang.org/api v0.143.0 - k8s.io/klog/v2 v2.100.1 + golang.org/x/mod v0.14.0 + google.golang.org/api v0.149.0 + k8s.io/klog/v2 v2.110.1 ) require ( - cloud.google.com/go v0.110.7 // indirect - cloud.google.com/go/compute v1.23.0 // indirect + cloud.google.com/go v0.110.8 // indirect + cloud.google.com/go/compute v1.23.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.1 // indirect - github.com/go-logr/logr v1.2.0 // indirect + cloud.google.com/go/iam v1.1.3 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-cmp v0.5.9 // indirect github.com/google/s2a-go v0.1.7 // indirect - github.com/google/uuid v1.3.1 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect + github.com/google/uuid v1.4.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect go.opencensus.io v0.24.0 // indirect golang.org/x/crypto v0.14.0 // indirect golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sync v0.3.0 // indirect + golang.org/x/oauth2 v0.13.0 // indirect + golang.org/x/sync v0.4.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect - google.golang.org/grpc v1.57.1 // indirect + google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/grpc v1.59.0 // indirect google.golang.org/protobuf v1.31.0 // indirect ) diff --git a/experimental/gcp-log/go.sum b/experimental/gcp-log/go.sum index 79c4ade..e1b2dd8 100644 --- a/experimental/gcp-log/go.sum +++ b/experimental/gcp-log/go.sum @@ -1,12 +1,14 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o= -cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= -cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= -cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= +cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= +cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0= +cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= -cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc= +cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= +cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM= +cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI= cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M= cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -19,8 +21,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -46,16 +48,15 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ= -github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -66,6 +67,8 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/transparency-dev/armored-witness v0.0.0-20231106114509-3d1fed57e76e h1:PqboHUaNpKbeX8YiXBaSuruCiNt59FnZm5lIXSmJ268= +github.com/transparency-dev/armored-witness v0.0.0-20231106114509-3d1fed57e76e/go.mod h1:DWbmmC5MBPpsrL6FuxvZhGmqfsNW7EomrDfj9MulsDY= github.com/transparency-dev/formats v0.0.0-20230928092353-f8ed364213f7 h1:YTZJA1J5Pg2FAq4YMgJmuCMr4KgFbABKGwmXm+UpQ6M= github.com/transparency-dev/formats v0.0.0-20230928092353-f8ed364213f7/go.mod h1:J2NdDb6IhKIvF6MwCvKikz9/QStRylEtS2mv+En+jBg= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= @@ -82,8 +85,8 @@ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -94,13 +97,13 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -120,8 +123,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA= -google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk= +google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY= +google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= @@ -129,19 +132,19 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA= -google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI= -google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA= +google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -160,5 +163,5 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=