vendor: github.com/moby/swarmkit/v2 v2.0.0-20221123162438-b17f02f0a054
Conflicts: vendor.mod Conflict because code.cloudfoundry.org/clock moved to a direct dependency in vendor.mod on master branch since342b44bf20
full diff:6341884e5f...b17f02f0a0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit64f9ea1cf5
) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
2b1ba3ea6b
commit
73a98393c6
164 changed files with 12642 additions and 1823 deletions
27
vendor.mod
27
vendor.mod
|
@ -7,7 +7,7 @@ module github.com/docker/docker
|
|||
go 1.18
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.93.3
|
||||
cloud.google.com/go/compute v1.7.0
|
||||
cloud.google.com/go/logging v1.4.2
|
||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
|
||||
github.com/Graylog2/go-gelf v0.0.0-20191017102106-1550ee647df0
|
||||
|
@ -54,7 +54,7 @@ require (
|
|||
github.com/moby/locker v1.0.1
|
||||
github.com/moby/patternmatcher v0.5.0
|
||||
github.com/moby/pubsub v1.0.0
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221102165002-6341884e5fc9
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221123162438-b17f02f0a054
|
||||
github.com/moby/sys/mount v0.3.3
|
||||
github.com/moby/sys/mountinfo v0.6.2
|
||||
github.com/moby/sys/sequential v0.5.0
|
||||
|
@ -91,6 +91,7 @@ require (
|
|||
)
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.102.1 // indirect
|
||||
code.cloudfoundry.org/clock v1.0.0 // indirect
|
||||
github.com/agext/levenshtein v1.2.3 // indirect
|
||||
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect
|
||||
|
@ -116,9 +117,10 @@ require (
|
|||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.2 // indirect
|
||||
github.com/google/btree v1.1.2 // indirect
|
||||
github.com/google/certificate-transparency-go v1.1.2 // indirect; replaced; see "replace" section at the bottom of this file for the actual version.
|
||||
github.com/google/certificate-transparency-go v1.1.4 // indirect; replaced; see "replace" section at the bottom of this file for the actual version.
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.0.5 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
|
||||
|
@ -140,10 +142,10 @@ require (
|
|||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
|
||||
github.com/tinylib/msgp v1.1.0 // indirect
|
||||
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.2 // indirect
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.2 // indirect
|
||||
go.etcd.io/etcd/raft/v3 v3.5.2 // indirect
|
||||
go.etcd.io/etcd/server/v3 v3.5.2 // indirect
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.6 // indirect
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.6 // indirect
|
||||
go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
|
||||
go.etcd.io/etcd/server/v3 v3.5.6 // indirect
|
||||
go.opencensus.io v0.23.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.29.0 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.29.0 // indirect
|
||||
|
@ -161,13 +163,8 @@ require (
|
|||
golang.org/x/crypto v0.1.0 // indirect
|
||||
golang.org/x/oauth2 v0.1.0 // indirect
|
||||
golang.org/x/text v0.4.0 // indirect
|
||||
google.golang.org/api v0.54.0 // indirect
|
||||
google.golang.org/api v0.93.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/protobuf v1.28.1 // indirect
|
||||
k8s.io/klog/v2 v2.80.1 // indirect
|
||||
)
|
||||
|
||||
// Resolve dependency hell with github.com/cloudflare/cfssl (transitive via
|
||||
// swarmkit) by pinning the certificate-transparency-go version. Remove once
|
||||
// module go.etcd.io/etcd/server/v3 has upgraded its dependency on
|
||||
// go.opentelemetry.io/otel to v1.
|
||||
replace github.com/google/certificate-transparency-go => github.com/google/certificate-transparency-go v1.0.20
|
||||
|
|
149
vendor.sum
149
vendor.sum
|
@ -24,17 +24,31 @@ cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAV
|
|||
cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
|
||||
cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
|
||||
cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
|
||||
cloud.google.com/go v0.93.3 h1:wPBktZFzYBcCZVARvwVKqH1uEj+aLXofJEtrb4oOsio=
|
||||
cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
|
||||
cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
|
||||
cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
|
||||
cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
|
||||
cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
|
||||
cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
|
||||
cloud.google.com/go v0.102.1 h1:vpK6iQWv/2uUeFJth4/cBHsQAGjn1iIE6AAlxipRaA0=
|
||||
cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
|
||||
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
|
||||
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
|
||||
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
|
||||
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
|
||||
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
|
||||
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
|
||||
cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
|
||||
cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
|
||||
cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
|
||||
cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
|
||||
cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
|
||||
cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
|
||||
cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
|
||||
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
|
||||
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
|
||||
cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
|
||||
cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
|
||||
cloud.google.com/go/logging v1.4.2 h1:Mu2Q75VBDQlW1HlBMjTX4X84UFR73G1TiLlRYc/b7tA=
|
||||
cloud.google.com/go/logging v1.4.2/go.mod h1:jco9QZSx8HiVVqLJReq7z7bVdj0P1Jb9PDFs63T+axo=
|
||||
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
|
||||
|
@ -46,6 +60,7 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
|
|||
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
|
||||
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
|
||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||
cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
|
||||
code.cloudfoundry.org/clock v1.0.0 h1:kFXWQM4bxYvdBw2X8BbBeXwQNgfoWv1vqAk2ZZyBN2o=
|
||||
code.cloudfoundry.org/clock v1.0.0/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
|
@ -496,6 +511,7 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
|
|||
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk=
|
||||
github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
|
@ -539,8 +555,8 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
|
|||
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
|
||||
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
|
||||
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
|
||||
github.com/google/certificate-transparency-go v1.0.20 h1:azETE79toaBOyp+StoEBy8atzQujL0PyBPEmsEeDCXI=
|
||||
github.com/google/certificate-transparency-go v1.0.20/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
|
||||
github.com/google/certificate-transparency-go v1.1.4 h1:hCyXHDbtqlr/lMXU0D4WgbalXL0Zk4dSWWMbPV8VrqY=
|
||||
github.com/google/certificate-transparency-go v1.1.4/go.mod h1:D6lvbfwckhNrbM9WVl1EVeMOyzC19mpIjMOI4nxBHtQ=
|
||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
|
@ -554,6 +570,7 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
|
|||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
|
||||
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
|
||||
|
@ -587,12 +604,21 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
|
|||
github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.1.0 h1:zO8WHNx/MYiAKJ3d5spxZXZE6KHmIQGQcAzwUzV7qQw=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
|
||||
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
|
||||
github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
|
||||
github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
|
||||
github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
|
||||
github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
|
||||
github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk=
|
||||
github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
|
||||
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
|
||||
github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
|
||||
github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
|
||||
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
|
||||
github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
|
||||
github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
|
||||
|
@ -773,8 +799,8 @@ github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YO
|
|||
github.com/moby/pubsub v1.0.0 h1:jkp/imWsmJz2f6LyFsk7EkVeN2HxR/HTTOY8kHrsxfA=
|
||||
github.com/moby/pubsub v1.0.0/go.mod h1:bXSO+3h5MNXXCaEG+6/NlAIk7MMZbySZlnB+cUQhKKc=
|
||||
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221102165002-6341884e5fc9 h1:d/XCmjx1zKZdzlBX90kSGDex7V2GE2jdGDr9nXYZg/Q=
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221102165002-6341884e5fc9/go.mod h1:/so6Lct4y1x14UprW/loFsOe6xoXVTlvh25V36ULXNQ=
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221123162438-b17f02f0a054 h1:ny1MdKQaQI/i+i7YrwO2zPpfW2ET1QBR59HqZd+ozOI=
|
||||
github.com/moby/swarmkit/v2 v2.0.0-20221123162438-b17f02f0a054/go.mod h1:rUZl7gR5C7156P2qEE6wnx4riFgBjqmsQaUqo/WeyBw=
|
||||
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
|
||||
github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
|
||||
github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
|
||||
|
@ -906,6 +932,7 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ
|
|||
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
|
||||
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
|
||||
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
|
||||
github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
|
||||
github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
|
||||
|
@ -1013,8 +1040,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
|
|||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q=
|
||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
|
@ -1078,23 +1105,23 @@ go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
|
|||
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
|
||||
go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
|
||||
go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
|
||||
go.etcd.io/etcd/api/v3 v3.5.2/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
|
||||
go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.2 h1:4hzqQ6hIb3blLyQ8usCU4h3NghkqcsohEQ3o3VetYxE=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.2/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.6 h1:TXQWYceBKqLp4sa87rcPs11SXxUA/mHwH975v+BDvLU=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.6/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
|
||||
go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
|
||||
go.etcd.io/etcd/client/v2 v2.305.2/go.mod h1:2D7ZejHVMIfog1221iLSYlQRzrtECw3kz4I4VAQm3qI=
|
||||
go.etcd.io/etcd/client/v2 v2.305.6/go.mod h1:BHha8XJGe8vCIBfWBpbBLVZ4QjOIlfoouvOwydu63E0=
|
||||
go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
|
||||
go.etcd.io/etcd/client/v3 v3.5.2/go.mod h1:kOOaWFFgHygyT0WlSmL8TJiXmMysO/nNUlEsSsN6W4o=
|
||||
go.etcd.io/etcd/client/v3 v3.5.6/go.mod h1:f6GRinRMCsFVv9Ht42EyY7nfsVGwrNO0WEoS2pRKzQk=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.2 h1:YZUojdoPhOyl5QILYnR8LTUbbNefu/sV4ma+ZMr2tto=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.2/go.mod h1:zsXz+9D/kijzRiG/UnFGDTyHKcVp0orwiO8iMLAi+k0=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.6 h1:k1GZrGrfMHy5/cg2bxNGsmLTFisatyhDYCFLRuaavWg=
|
||||
go.etcd.io/etcd/pkg/v3 v3.5.6/go.mod h1:qATwUzDb6MLyGWq2nUj+jwXqZJcxkCuabh0P7Cuff3k=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.2 h1:uCC37qOXqBvKqTGHGyhASsaCsnTuJugl1GvneJNwHWo=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.2/go.mod h1:G6pCP1sFgbjod7/KnEHY0vHUViqxjkdt6AiKsD0GRr8=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.6 h1:tOmx6Ym6rn2GpZOrvTGJZciJHek6RnC3U/zNInzIN50=
|
||||
go.etcd.io/etcd/raft/v3 v3.5.6/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0=
|
||||
go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
|
||||
go.etcd.io/etcd/server/v3 v3.5.2 h1:B6ytJvS4Fmt8nkjzS2/8POf4tuPhFMluE0lWd4dx/7U=
|
||||
go.etcd.io/etcd/server/v3 v3.5.2/go.mod h1:mlG8znIEz4N/28GABrohZCBM11FqgGVQcpbcyJgh0j0=
|
||||
go.etcd.io/etcd/server/v3 v3.5.6 h1:RXuwaB8AMiV62TqcqIt4O4bG8NWjsxOkDJVT3MZI5Ds=
|
||||
go.etcd.io/etcd/server/v3 v3.5.6/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo=
|
||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
|
||||
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
||||
|
@ -1106,6 +1133,7 @@ go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
|
|||
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
|
||||
go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.25.0/go.mod h1:E5NNboN0UqSAki0Atn9kVwaN7I+l25gGxDqBueo/74E=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.29.0 h1:n9b7AAdbQtQ0k9dm0Dm2/KUcUqtG8i2O15KzNaDze8c=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.29.0/go.mod h1:LsankqVDx4W+RhZNA5uWarULII/MBhF5qwCYxTuyXjs=
|
||||
|
@ -1115,6 +1143,7 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:
|
|||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII=
|
||||
go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
|
||||
go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU=
|
||||
go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
|
||||
go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk=
|
||||
go.opentelemetry.io/otel v1.4.1 h1:QbINgGDDcoQUoMJa2mMaWno49lja9sHwp6aoa2n3a4g=
|
||||
|
@ -1122,9 +1151,11 @@ go.opentelemetry.io/otel v1.4.1/go.mod h1:StM6F/0fSwpd8dKWDCdRr7uRvEPYdW0hBSlbdT
|
|||
go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
|
||||
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
|
||||
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.1/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1/go.mod h1:Kv8liBeVNFkkkbilbgWRpV+wWuu+H5xdOT6HAgd30iw=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.1 h1:WPpPsAAs8I2rA47v5u0558meKmmwm1Dj99ZbqCV8sZ8=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.1/go.mod h1:o5RW5o2pKpJLD5dNTCmjF1DorYwMeFJmb/rKr5sLaa8=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
|
||||
go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk=
|
||||
|
@ -1134,17 +1165,20 @@ go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1s
|
|||
go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g=
|
||||
go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
|
||||
go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
|
||||
go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI=
|
||||
go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
|
||||
go.opentelemetry.io/otel/sdk v1.4.1 h1:J7EaW71E0v87qflB4cDolaqq3AcujGrtyIPGQoZOB0Y=
|
||||
go.opentelemetry.io/otel/sdk v1.4.1/go.mod h1:NBwHDgDIBYjwK2WNu1OPgsIc2IJzmBXNnvIJxJc8BpE=
|
||||
go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
|
||||
go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
|
||||
go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
|
||||
go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk=
|
||||
go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
|
||||
go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE=
|
||||
go.opentelemetry.io/otel/trace v1.4.1 h1:O+16qcdTrT7zxv2J6GejTPFinSwA++cYerC5iSiF8EQ=
|
||||
go.opentelemetry.io/otel/trace v1.4.1/go.mod h1:iYEVbroFCNut9QkwEczV9vMRPHNKSSwYZjulEtsmhFc=
|
||||
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
|
||||
go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg=
|
||||
go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
|
||||
go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c=
|
||||
go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ=
|
||||
|
@ -1182,6 +1216,7 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
|
|||
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
|
||||
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
|
@ -1275,10 +1310,16 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
|
|||
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
|
||||
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
|
@ -1297,7 +1338,12 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
|
|||
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
|
||||
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
|
||||
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
|
||||
golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
|
||||
golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
|
||||
golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
|
||||
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -1311,6 +1357,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
|
|||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
|
@ -1411,14 +1458,27 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
|
||||
|
@ -1522,6 +1582,9 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
|
|||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
|
||||
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
|
||||
google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
|
||||
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
|
||||
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
|
||||
|
@ -1549,8 +1612,22 @@ google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59t
|
|||
google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
|
||||
google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
|
||||
google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
|
||||
google.golang.org/api v0.54.0 h1:ECJUVngj71QI6XEm7b1sAf8BljU5inEhMbKPR8Lxhhk=
|
||||
google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
|
||||
google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
|
||||
google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
|
||||
google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
|
||||
google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
|
||||
google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
|
||||
google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
|
||||
google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
|
||||
google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
|
||||
google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
|
||||
google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
|
||||
google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
|
||||
google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
|
||||
google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
|
||||
google.golang.org/api v0.93.0 h1:T2xt9gi0gHdxdnRkVQhT8mIvPaXKNsDNWz+L696M66M=
|
||||
google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
|
@ -1605,6 +1682,7 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D
|
|||
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
|
||||
google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
|
||||
google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
|
||||
google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
|
||||
|
@ -1618,8 +1696,35 @@ google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm
|
|||
google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
|
||||
google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
|
||||
google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
|
||||
google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
|
||||
google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
|
||||
google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
|
||||
google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
|
||||
google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
|
||||
google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
|
||||
google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
|
||||
google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
|
||||
google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
|
||||
google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
|
||||
google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
|
||||
google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
|
||||
google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
|
||||
google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
|
||||
google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
|
||||
google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
|
||||
google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
|
||||
google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
|
||||
google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 h1:7YDGQC/0sigNGzsEWyb9s72jTxlFdwVEYNJHbfQ+Dtg=
|
||||
google.golang.org/genproto v0.0.0-20220706185917-7780775163c4/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
|
||||
google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
|
@ -1651,10 +1756,14 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
|
|||
google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
|
||||
google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
|
||||
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
|
||||
google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
|
||||
google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
|
||||
google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
|
||||
google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
|
||||
google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
|
||||
google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
|
||||
google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
|
||||
google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
|
||||
google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
|
||||
|
@ -1764,6 +1873,8 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
|
|||
k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
|
||||
k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
|
||||
k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
|
||||
k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
|
||||
k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
|
||||
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
|
||||
|
|
107
vendor/cloud.google.com/go/.release-please-manifest-submodules.json
generated
vendored
Normal file
107
vendor/cloud.google.com/go/.release-please-manifest-submodules.json
generated
vendored
Normal file
|
@ -0,0 +1,107 @@
|
|||
{
|
||||
"accessapproval": "1.3.0",
|
||||
"accesscontextmanager": "1.2.0",
|
||||
"aiplatform": "1.13.0",
|
||||
"analytics": "0.7.0",
|
||||
"apigateway": "1.2.0",
|
||||
"apigeeconnect": "1.2.0",
|
||||
"appengine": "1.3.0",
|
||||
"area120": "0.3.0",
|
||||
"artifactregistry": "1.3.0",
|
||||
"asset": "1.2.0",
|
||||
"assuredworkloads": "0.6.0",
|
||||
"automl": "1.3.0",
|
||||
"baremetalsolution": "0.1.0",
|
||||
"batch": "0.1.0",
|
||||
"billing": "1.2.0",
|
||||
"binaryauthorization": "0.6.0",
|
||||
"certificatemanager": "0.2.0",
|
||||
"channel": "1.6.0",
|
||||
"cloudbuild": "1.2.0",
|
||||
"clouddms": "1.2.0",
|
||||
"cloudtasks": "1.3.0",
|
||||
"compute": "1.7.0",
|
||||
"contactcenterinsights": "1.2.0",
|
||||
"container": "1.2.0",
|
||||
"containeranalysis": "0.3.0",
|
||||
"datacatalog": "1.3.0",
|
||||
"dataflow": "0.4.0",
|
||||
"datafusion": "1.3.0",
|
||||
"datalabeling": "0.3.0",
|
||||
"dataplex": "0.4.0",
|
||||
"dataproc": "1.5.0",
|
||||
"dataqna": "0.3.0",
|
||||
"datastream": "0.5.0",
|
||||
"deploy": "1.2.0",
|
||||
"dialogflow": "1.10.0",
|
||||
"dlp": "1.4.0",
|
||||
"documentai": "1.4.0",
|
||||
"domains": "0.4.0",
|
||||
"essentialcontacts": "1.2.0",
|
||||
"eventarc": "1.6.0",
|
||||
"filestore": "1.2.0",
|
||||
"functions": "1.4.0",
|
||||
"gaming": "1.2.0",
|
||||
"gkebackup": "0.1.0",
|
||||
"gkeconnect": "0.3.0",
|
||||
"gkehub": "0.7.0",
|
||||
"gkemulticloud": "0.2.0",
|
||||
"grafeas": "0.2.0",
|
||||
"gsuiteaddons": "1.2.0",
|
||||
"iam": "0.3.0",
|
||||
"iap": "1.3.0",
|
||||
"ids": "0.3.0",
|
||||
"iot": "1.2.0",
|
||||
"kms": "1.4.0",
|
||||
"language": "1.2.0",
|
||||
"lifesciences": "0.3.0",
|
||||
"managedidentities": "1.2.0",
|
||||
"mediatranslation": "0.3.0",
|
||||
"memcache": "1.2.0",
|
||||
"metastore": "1.2.0",
|
||||
"monitoring": "1.5.0",
|
||||
"networkconnectivity": "1.2.0",
|
||||
"networkmanagement": "1.2.0",
|
||||
"networksecurity": "0.3.0",
|
||||
"notebooks": "0.4.0",
|
||||
"optimization": "0.1.0",
|
||||
"orchestration": "1.2.0",
|
||||
"orgpolicy": "1.3.0",
|
||||
"osconfig": "1.5.0",
|
||||
"oslogin": "1.2.0",
|
||||
"phishingprotection": "0.3.0",
|
||||
"policytroubleshooter": "1.2.0",
|
||||
"privatecatalog": "0.3.0",
|
||||
"recaptchaenterprise/v2": "2.0.1",
|
||||
"recommendationengine": "0.2.0",
|
||||
"recommender": "1.3.0",
|
||||
"redis": "1.5.0",
|
||||
"resourcemanager": "1.2.0",
|
||||
"resourcesettings": "1.2.0",
|
||||
"retail": "1.4.0",
|
||||
"run": "0.1.1",
|
||||
"scheduler": "1.2.0",
|
||||
"secretmanager": "1.4.0",
|
||||
"security": "1.4.0",
|
||||
"securitycenter": "1.8.0",
|
||||
"servicecontrol": "1.3.0",
|
||||
"servicedirectory": "1.2.0",
|
||||
"servicemanagement": "1.3.0",
|
||||
"serviceusage": "1.2.0",
|
||||
"shell": "1.2.0",
|
||||
"speech": "1.4.0",
|
||||
"storagetransfer": "1.3.0",
|
||||
"talent": "0.8.0",
|
||||
"texttospeech": "1.3.0",
|
||||
"tpu": "1.2.0",
|
||||
"trace": "1.2.0",
|
||||
"translate": "1.2.0",
|
||||
"video": "1.6.0",
|
||||
"videointelligence": "1.2.0",
|
||||
"vision/v2": "2.0.0",
|
||||
"vmmigration": "0.3.0",
|
||||
"vpcaccess": "1.2.0",
|
||||
"webrisk": "1.2.0",
|
||||
"websecurityscanner": "1.2.0",
|
||||
"workflows": "1.4.0"
|
||||
}
|
3
vendor/cloud.google.com/go/.release-please-manifest.json
generated
vendored
Normal file
3
vendor/cloud.google.com/go/.release-please-manifest.json
generated
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
".": "0.102.1"
|
||||
}
|
204
vendor/cloud.google.com/go/CHANGES.md
generated
vendored
204
vendor/cloud.google.com/go/CHANGES.md
generated
vendored
|
@ -1,5 +1,209 @@
|
|||
# Changes
|
||||
|
||||
## [0.102.1](https://github.com/googleapis/google-cloud-go/compare/v0.102.0...v0.102.1) (2022-06-17)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **longrunning:** regapic remove path params duped as query params ([#6183](https://github.com/googleapis/google-cloud-go/issues/6183)) ([c963be3](https://github.com/googleapis/google-cloud-go/commit/c963be301f074779e6bb8c897d8064fa076e9e35))
|
||||
|
||||
## [0.102.0](https://github.com/googleapis/google-cloud-go/compare/v0.101.1...v0.102.0) (2022-05-24)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **civil:** add Before and After methods to civil.Time ([#5703](https://github.com/googleapis/google-cloud-go/issues/5703)) ([7acaaaf](https://github.com/googleapis/google-cloud-go/commit/7acaaafef47668c3e8382b8bc03475598c3db187))
|
||||
|
||||
### [0.101.1](https://github.com/googleapis/google-cloud-go/compare/v0.101.0...v0.101.1) (2022-05-03)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **internal/gapicgen:** properly update modules that have no gapic changes ([#5945](https://github.com/googleapis/google-cloud-go/issues/5945)) ([de2befc](https://github.com/googleapis/google-cloud-go/commit/de2befcaa2a886499db9da6d4d04d28398c8d44b))
|
||||
|
||||
## [0.101.0](https://github.com/googleapis/google-cloud-go/compare/v0.100.2...v0.101.0) (2022-04-20)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **all:** bump grpc dep ([#5481](https://github.com/googleapis/google-cloud-go/issues/5481)) ([b12964d](https://github.com/googleapis/google-cloud-go/commit/b12964df5c63c647aaf204e73cfcdfd379d19682))
|
||||
* **internal/gapicgen:** change versionClient for gapics ([#5687](https://github.com/googleapis/google-cloud-go/issues/5687)) ([55f0d92](https://github.com/googleapis/google-cloud-go/commit/55f0d92bf112f14b024b4ab0076c9875a17423c9))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **internal/gapicgen:** add generation of internal/version.go for new client modules ([#5726](https://github.com/googleapis/google-cloud-go/issues/5726)) ([341e0df](https://github.com/googleapis/google-cloud-go/commit/341e0df1e44480706180cc5b07c49b3cee904095))
|
||||
* **internal/gapicgen:** don't gen version files for longrunning and debugger ([#5698](https://github.com/googleapis/google-cloud-go/issues/5698)) ([3a81108](https://github.com/googleapis/google-cloud-go/commit/3a81108c74cd8864c56b8ab5939afd864db3c64b))
|
||||
* **internal/gapicgen:** don't try to make snippets for non-gapics ([#5919](https://github.com/googleapis/google-cloud-go/issues/5919)) ([c94dddc](https://github.com/googleapis/google-cloud-go/commit/c94dddc60ef83a0584ba8f7dd24589d9db971672))
|
||||
* **internal/gapicgen:** move breaking change indicator if present ([#5452](https://github.com/googleapis/google-cloud-go/issues/5452)) ([e712df5](https://github.com/googleapis/google-cloud-go/commit/e712df5ebb45598a1653081d7e11e578bad22ff8))
|
||||
* **internal/godocfx:** prevent errors for filtered mods ([#5485](https://github.com/googleapis/google-cloud-go/issues/5485)) ([6cb9b89](https://github.com/googleapis/google-cloud-go/commit/6cb9b89b2d654c695eab00d8fb375cce0cd6e059))
|
||||
|
||||
## [0.100.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.99.0...v0.100.0) (2022-01-04)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **analytics/admin:** add the `AcknowledgeUserDataCollection` operation which acknowledges the terms of user data collection for the specified property feat: add the new resource type `DataStream`, which is planned to eventually replace `WebDataStream`, `IosAppDataStream`, `AndroidAppDataStream` resources fix!: remove `GetEnhancedMeasurementSettings`, `UpdateEnhancedMeasurementSettingsRequest`, `UpdateEnhancedMeasurementSettingsRequest` operations from the API feat: add `CreateDataStream`, `DeleteDataStream`, `UpdateDataStream`, `ListDataStreams` operations to support the new `DataStream` resource feat: add `DISPLAY_VIDEO_360_ADVERTISER_LINK`, `DISPLAY_VIDEO_360_ADVERTISER_LINK_PROPOSAL` fields to `ChangeHistoryResourceType` enum feat: add the `account` field to the `Property` type docs: update the documentation with a new list of valid values for `UserLink.direct_roles` field ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **assuredworkloads:** EU Regions and Support With Sovereign Controls ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **dialogflow/cx:** added the display name of the current page in webhook requests ([e0833b2](https://www.github.com/googleapis/google-cloud-go/commit/e0833b2853834ba79fd20ca2ae9c613d585dd2a5))
|
||||
* **dialogflow/cx:** added the display name of the current page in webhook requests ([e0833b2](https://www.github.com/googleapis/google-cloud-go/commit/e0833b2853834ba79fd20ca2ae9c613d585dd2a5))
|
||||
* **dialogflow:** added export documentation method feat: added filter in list documentations request feat: added option to import custom metadata from Google Cloud Storage in reload document request feat: added option to apply partial update to the smart messaging allowlist in reload document request feat: added filter in list knowledge bases request ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **dialogflow:** removed OPTIONAL for speech model variant docs: added more docs for speech model variant and improved docs format for participant ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **recaptchaenterprise:** add new reCAPTCHA Enterprise fraud annotations ([3dd34a2](https://www.github.com/googleapis/google-cloud-go/commit/3dd34a262edbff63b9aece8faddc2ff0d98ce42a))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **artifactregistry:** fix resource pattern ID segment name ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **compute:** add parameter in compute bazel rules ([#692](https://www.github.com/googleapis/google-cloud-go/issues/692)) ([5444809](https://www.github.com/googleapis/google-cloud-go/commit/5444809e0b7cf9f5416645ea2df6fec96f8b9023))
|
||||
* **profiler:** refine regular expression for parsing backoff duration in E2E tests ([#5229](https://www.github.com/googleapis/google-cloud-go/issues/5229)) ([4438aeb](https://www.github.com/googleapis/google-cloud-go/commit/4438aebca2ec01d4dbf22287aa651937a381e043))
|
||||
* **profiler:** remove certificate expiration workaround ([#5222](https://www.github.com/googleapis/google-cloud-go/issues/5222)) ([2da36c9](https://www.github.com/googleapis/google-cloud-go/commit/2da36c95f44d5f88fd93cd949ab78823cea74fe7))
|
||||
|
||||
## [0.99.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.98.0...v0.99.0) (2021-12-06)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **dialogflow/cx:** added `TelephonyTransferCall` in response message ([fe27098](https://www.github.com/googleapis/google-cloud-go/commit/fe27098e5d429911428821ded57384353e699774))
|
||||
|
||||
## [0.98.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.97.0...v0.98.0) (2021-12-03)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **aiplatform:** add enable_private_service_connect field to Endpoint feat: add id field to DeployedModel feat: add service_attachment field to PrivateEndpoints feat: add endpoint_id to CreateEndpointRequest and method signature to CreateEndpoint feat: add method signature to CreateFeatureStore, CreateEntityType, CreateFeature feat: add network and enable_private_service_connect to IndexEndpoint feat: add service_attachment to IndexPrivateEndpoints feat: add stratified_split field to training_pipeline InputDataConfig ([a2c0bef](https://www.github.com/googleapis/google-cloud-go/commit/a2c0bef551489c9f1d0d12b973d3bf095354841e))
|
||||
* **aiplatform:** add featurestore service to aiplatform v1 feat: add metadata service to aiplatform v1 ([30794e7](https://www.github.com/googleapis/google-cloud-go/commit/30794e70050b55ff87d6a80d0b4075065e9d271d))
|
||||
* **aiplatform:** Adds support for `google.protobuf.Value` pipeline parameters in the `parameter_values` field ([88a1cdb](https://www.github.com/googleapis/google-cloud-go/commit/88a1cdbef3cc337354a61bc9276725bfb9a686d8))
|
||||
* **aiplatform:** Tensorboard v1 protos release feat:Exposing a field for v1 CustomJob-Tensorboard integration. ([90e2868](https://www.github.com/googleapis/google-cloud-go/commit/90e2868a3d220aa7f897438f4917013fda7a7c59))
|
||||
* **binaryauthorization:** add new admission rule types to Policy feat: update SignatureAlgorithm enum to match algorithm names in KMS feat: add SystemPolicyV1Beta1 service ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **channel:** add resource type to ChannelPartnerLink ([c206948](https://www.github.com/googleapis/google-cloud-go/commit/c2069487f6af5bcb37d519afeb60e312e35e67d5))
|
||||
* **cloudtasks:** add C++ rules for Cloud Tasks ([90e2868](https://www.github.com/googleapis/google-cloud-go/commit/90e2868a3d220aa7f897438f4917013fda7a7c59))
|
||||
* **compute:** Move compute.v1 from googleapis-discovery to googleapis ([#675](https://www.github.com/googleapis/google-cloud-go/issues/675)) ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **compute:** Switch to string enums for compute ([#685](https://www.github.com/googleapis/google-cloud-go/issues/685)) ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **contactcenterinsights:** Add ability to update phrase matchers feat: Add issue model stats to time series feat: Add display name to issue model stats ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **contactcenterinsights:** Add WriteDisposition to BigQuery Export API ([a2c0bef](https://www.github.com/googleapis/google-cloud-go/commit/a2c0bef551489c9f1d0d12b973d3bf095354841e))
|
||||
* **contactcenterinsights:** deprecate issue_matches docs: if conversation medium is unspecified, it will default to PHONE_CALL ([1a0720f](https://www.github.com/googleapis/google-cloud-go/commit/1a0720f2f33bb14617f5c6a524946a93209e1266))
|
||||
* **contactcenterinsights:** new feature flag disable_issue_modeling docs: fixed formatting issues in the reference documentation ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **contactcenterinsights:** remove feature flag disable_issue_modeling ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **datacatalog:** Added BigQueryDateShardedSpec.latest_shard_resource field feat: Added SearchCatalogResult.display_name field feat: Added SearchCatalogResult.description field ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **dataproc:** add Dataproc Serverless for Spark Batches API ([30794e7](https://www.github.com/googleapis/google-cloud-go/commit/30794e70050b55ff87d6a80d0b4075065e9d271d))
|
||||
* **dataproc:** Add support for dataproc BatchController service ([8519b94](https://www.github.com/googleapis/google-cloud-go/commit/8519b948fee5dc82d39300c4d96e92c85fe78fe6))
|
||||
* **dialogflow/cx:** added API for changelogs docs: clarified semantic of the streaming APIs ([587bba5](https://www.github.com/googleapis/google-cloud-go/commit/587bba5ad792a92f252107aa38c6af50fb09fb58))
|
||||
* **dialogflow/cx:** added API for changelogs docs: clarified semantic of the streaming APIs ([587bba5](https://www.github.com/googleapis/google-cloud-go/commit/587bba5ad792a92f252107aa38c6af50fb09fb58))
|
||||
* **dialogflow/cx:** added support for comparing between versions docs: clarified security settings API reference ([83b941c](https://www.github.com/googleapis/google-cloud-go/commit/83b941c0983e44fdd18ceee8c6f3e91219d72ad1))
|
||||
* **dialogflow/cx:** added support for Deployments with ListDeployments and GetDeployment apis feat: added support for DeployFlow api under Environments feat: added support for TestCasesConfig under Environment docs: added long running operation explanation for several apis fix!: marked resource name of security setting as not-required ([8c5c6cf](https://www.github.com/googleapis/google-cloud-go/commit/8c5c6cf9df046b67998a8608d05595bd9e34feb0))
|
||||
* **dialogflow/cx:** allow setting custom CA for generic webhooks and release CompareVersions API docs: clarify DLP template reader usage ([90e2868](https://www.github.com/googleapis/google-cloud-go/commit/90e2868a3d220aa7f897438f4917013fda7a7c59))
|
||||
* **dialogflow:** added support to configure security settings, language code and time zone on conversation profile ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **dialogflow:** support document metadata filter in article suggestion and smart reply model in human agent assistant ([e33350c](https://www.github.com/googleapis/google-cloud-go/commit/e33350cfcabcddcda1a90069383d39c68deb977a))
|
||||
* **dlp:** added deidentify replacement dictionaries feat: added field for BigQuery inspect template inclusion lists feat: added field to support infotype versioning ([a2c0bef](https://www.github.com/googleapis/google-cloud-go/commit/a2c0bef551489c9f1d0d12b973d3bf095354841e))
|
||||
* **domains:** added library for Cloud Domains v1 API. Also added methods for the transfer-in flow docs: improved API comments ([8519b94](https://www.github.com/googleapis/google-cloud-go/commit/8519b948fee5dc82d39300c4d96e92c85fe78fe6))
|
||||
* **functions:** Secret Manager integration fields 'secret_environment_variables' and 'secret_volumes' added feat: CMEK integration fields 'kms_key_name' and 'docker_repository' added ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **kms:** add OAEP+SHA1 to the list of supported algorithms ([8c5c6cf](https://www.github.com/googleapis/google-cloud-go/commit/8c5c6cf9df046b67998a8608d05595bd9e34feb0))
|
||||
* **kms:** add RPC retry information for MacSign, MacVerify, and GenerateRandomBytes Committer: [@bdhess](https://www.github.com/bdhess) ([1a0720f](https://www.github.com/googleapis/google-cloud-go/commit/1a0720f2f33bb14617f5c6a524946a93209e1266))
|
||||
* **kms:** add support for Raw PKCS[#1](https://www.github.com/googleapis/google-cloud-go/issues/1) signing keys ([58bea89](https://www.github.com/googleapis/google-cloud-go/commit/58bea89a3d177d5c431ff19310794e3296253353))
|
||||
* **monitoring/apiv3:** add CreateServiceTimeSeries RPC ([9e41088](https://www.github.com/googleapis/google-cloud-go/commit/9e41088bb395fbae0e757738277d5c95fa2749c8))
|
||||
* **monitoring/dashboard:** Added support for auto-close configurations ([90e2868](https://www.github.com/googleapis/google-cloud-go/commit/90e2868a3d220aa7f897438f4917013fda7a7c59))
|
||||
* **monitoring/metricsscope:** promote apiv1 to GA ([#5135](https://www.github.com/googleapis/google-cloud-go/issues/5135)) ([33c0f63](https://www.github.com/googleapis/google-cloud-go/commit/33c0f63e0e0ce69d9ef6e57b04d1b8cc10ed2b78))
|
||||
* **osconfig:** OSConfig: add OS policy assignment rpcs ([83b941c](https://www.github.com/googleapis/google-cloud-go/commit/83b941c0983e44fdd18ceee8c6f3e91219d72ad1))
|
||||
* **osconfig:** Update OSConfig API ([e33350c](https://www.github.com/googleapis/google-cloud-go/commit/e33350cfcabcddcda1a90069383d39c68deb977a))
|
||||
* **osconfig:** Update osconfig v1 and v1alpha RecurringSchedule.Frequency with DAILY frequency ([59e548a](https://www.github.com/googleapis/google-cloud-go/commit/59e548acc249c7bddd9c884c2af35d582a408c4d))
|
||||
* **recaptchaenterprise:** add reCAPTCHA Enterprise account defender API methods ([88a1cdb](https://www.github.com/googleapis/google-cloud-go/commit/88a1cdbef3cc337354a61bc9276725bfb9a686d8))
|
||||
* **redis:** [Cloud Memorystore for Redis] Support Multiple Read Replicas when creating Instance ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **redis:** [Cloud Memorystore for Redis] Support Multiple Read Replicas when creating Instance ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **security/privateca:** add IAMPolicy & Locations mix-in support ([1a0720f](https://www.github.com/googleapis/google-cloud-go/commit/1a0720f2f33bb14617f5c6a524946a93209e1266))
|
||||
* **securitycenter:** Added a new API method UpdateExternalSystem, which enables updating a finding w/ external system metadata. External systems are a child resource under finding, and are housed on the finding itself, and can also be filtered on in Notifications, the ListFindings and GroupFindings API ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **securitycenter:** Added mute related APIs, proto messages and fields ([3e7185c](https://www.github.com/googleapis/google-cloud-go/commit/3e7185c241d97ee342f132ae04bc93bb79a8e897))
|
||||
* **securitycenter:** Added resource type and display_name field to the FindingResult, and supported them in the filter for ListFindings and GroupFindings. Also added display_name to the resource which is surfaced in NotificationMessage ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
* **securitycenter:** Added vulnerability field to the finding feat: Added type field to the resource which is surfaced in NotificationMessage ([090cc3a](https://www.github.com/googleapis/google-cloud-go/commit/090cc3ae0f8747a14cc904fc6d429e2f5379bb03))
|
||||
* **servicecontrol:** add C++ rules for many Cloud services ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **speech:** add result_end_time to SpeechRecognitionResult ([a2c0bef](https://www.github.com/googleapis/google-cloud-go/commit/a2c0bef551489c9f1d0d12b973d3bf095354841e))
|
||||
* **speech:** added alternative_language_codes to RecognitionConfig feat: WEBM_OPUS codec feat: SpeechAdaptation configuration feat: word confidence feat: spoken punctuation and spoken emojis feat: hint boost in SpeechContext ([a2c0bef](https://www.github.com/googleapis/google-cloud-go/commit/a2c0bef551489c9f1d0d12b973d3bf095354841e))
|
||||
* **texttospeech:** update v1 proto ([90e2868](https://www.github.com/googleapis/google-cloud-go/commit/90e2868a3d220aa7f897438f4917013fda7a7c59))
|
||||
* **workflows/executions:** add a stack_trace field to the Error messages specifying where the error occured feat: add call_log_level field to Execution messages doc: clarify requirement to escape strings within JSON arguments ([1f5aa78](https://www.github.com/googleapis/google-cloud-go/commit/1f5aa78a4d6633871651c89a6d9c48e3409fecc5))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **accesscontextmanager:** nodejs package name access-context-manager ([30794e7](https://www.github.com/googleapis/google-cloud-go/commit/30794e70050b55ff87d6a80d0b4075065e9d271d))
|
||||
* **aiplatform:** Remove invalid resource annotations ([587bba5](https://www.github.com/googleapis/google-cloud-go/commit/587bba5ad792a92f252107aa38c6af50fb09fb58))
|
||||
* **compute/metadata:** return an error when all retries have failed ([#5063](https://www.github.com/googleapis/google-cloud-go/issues/5063)) ([c792a0d](https://www.github.com/googleapis/google-cloud-go/commit/c792a0d13db019c9964efeee5c6bc85b07ca50fa)), refs [#5062](https://www.github.com/googleapis/google-cloud-go/issues/5062)
|
||||
* **compute:** make parent_id fields required compute move and insert methods ([#686](https://www.github.com/googleapis/google-cloud-go/issues/686)) ([c8271d4](https://www.github.com/googleapis/google-cloud-go/commit/c8271d4b217a6e6924d9f87eac9468c4b5767ba7))
|
||||
* **compute:** Move compute_small protos under its own directory ([#681](https://www.github.com/googleapis/google-cloud-go/issues/681)) ([3e7185c](https://www.github.com/googleapis/google-cloud-go/commit/3e7185c241d97ee342f132ae04bc93bb79a8e897))
|
||||
* **internal/gapicgen:** fix a compute filtering ([#5111](https://www.github.com/googleapis/google-cloud-go/issues/5111)) ([77aa19d](https://www.github.com/googleapis/google-cloud-go/commit/77aa19de7fc33a9e831e6b91bd324d6832b44d99))
|
||||
* **internal/godocfx:** only put TOC status on mod if all pkgs have same status ([#4974](https://www.github.com/googleapis/google-cloud-go/issues/4974)) ([309b59e](https://www.github.com/googleapis/google-cloud-go/commit/309b59e583d1bf0dd9ffe84223034eb8a2975d47))
|
||||
* **internal/godocfx:** replace * with HTML code ([#5049](https://www.github.com/googleapis/google-cloud-go/issues/5049)) ([a8f7c06](https://www.github.com/googleapis/google-cloud-go/commit/a8f7c066e8d97120ae4e12963e3c9acc8b8906c2))
|
||||
* **monitoring/apiv3:** Reintroduce deprecated field/enum for backward compatibility docs: Use absolute link targets in comments ([45fd259](https://www.github.com/googleapis/google-cloud-go/commit/45fd2594d99ef70c776df26866f0a3b537e7e69e))
|
||||
* **profiler:** workaround certificate expiration issue in integration tests ([#4955](https://www.github.com/googleapis/google-cloud-go/issues/4955)) ([de9e465](https://www.github.com/googleapis/google-cloud-go/commit/de9e465bea8cd0580c45e87d2cbc2b610615b363))
|
||||
* **security/privateca:** include mixin protos as input for mixin rpcs ([479c2f9](https://www.github.com/googleapis/google-cloud-go/commit/479c2f90d556a106b25ebcdb1539d231488182da))
|
||||
* **security/privateca:** repair service config to enable mixins ([83b941c](https://www.github.com/googleapis/google-cloud-go/commit/83b941c0983e44fdd18ceee8c6f3e91219d72ad1))
|
||||
* **video/transcoder:** update nodejs package name to video-transcoder ([30794e7](https://www.github.com/googleapis/google-cloud-go/commit/30794e70050b55ff87d6a80d0b4075065e9d271d))
|
||||
|
||||
## [0.97.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.96.0...v0.97.0) (2021-09-29)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **internal** add Retry func to testutil from samples repository [#4902](https://github.com/googleapis/google-cloud-go/pull/4902)
|
||||
|
||||
## [0.96.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.95.0...v0.96.0) (2021-09-28)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **civil:** add IsEmpty function to time, date and datetime ([#4728](https://www.github.com/googleapis/google-cloud-go/issues/4728)) ([88bfa64](https://www.github.com/googleapis/google-cloud-go/commit/88bfa64d6df2f3bb7d41e0b8f56717dd3de790e2)), refs [#4727](https://www.github.com/googleapis/google-cloud-go/issues/4727)
|
||||
* **internal/godocfx:** detect preview versions ([#4899](https://www.github.com/googleapis/google-cloud-go/issues/4899)) ([9b60844](https://www.github.com/googleapis/google-cloud-go/commit/9b608445ce9ebabbc87a50e85ce6ef89125031d2))
|
||||
* **internal:** provide wrapping for retried errors ([#4797](https://www.github.com/googleapis/google-cloud-go/issues/4797)) ([ce5f4db](https://www.github.com/googleapis/google-cloud-go/commit/ce5f4dbab884e847a2d9f1f8f3fcfd7df19a505a))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **internal/gapicgen:** restore fmting proto files ([#4789](https://www.github.com/googleapis/google-cloud-go/issues/4789)) ([5606b54](https://www.github.com/googleapis/google-cloud-go/commit/5606b54b97bb675487c6c138a4081c827218f933))
|
||||
* **internal/trace:** use xerrors.As for trace ([#4813](https://www.github.com/googleapis/google-cloud-go/issues/4813)) ([05fe61c](https://www.github.com/googleapis/google-cloud-go/commit/05fe61c5aa4860bdebbbe3e91a9afaba16aa6184))
|
||||
|
||||
## [0.95.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.94.1...v0.95.0) (2021-09-21)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **internal/gapicgen:** add a temporary import ([#4756](https://www.github.com/googleapis/google-cloud-go/issues/4756)) ([4d9c046](https://www.github.com/googleapis/google-cloud-go/commit/4d9c046b66a2dc205e2c14b676995771301440da))
|
||||
* **compute/metadata:** remove heavy gax dependency ([#4784](https://www.github.com/googleapis/google-cloud-go/issues/4784)) ([ea00264](https://www.github.com/googleapis/google-cloud-go/commit/ea00264428137471805f2ec67f04f3a5a42928fa))
|
||||
|
||||
### [0.94.1](https://www.github.com/googleapis/google-cloud-go/compare/v0.94.0...v0.94.1) (2021-09-02)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **compute/metadata:** fix retry logic to not panic on error ([#4714](https://www.github.com/googleapis/google-cloud-go/issues/4714)) ([75c63b9](https://www.github.com/googleapis/google-cloud-go/commit/75c63b94d2cf86606fffc3611f7e6150b667eedc)), refs [#4713](https://www.github.com/googleapis/google-cloud-go/issues/4713)
|
||||
|
||||
## [0.94.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.92.0...v0.94.0) (2021-08-31)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **aiplatform:** add XAI, model monitoring, and index services to aiplatform v1 ([e385b40](https://www.github.com/googleapis/google-cloud-go/commit/e385b40a1e2ecf81f5fd0910de5c37275951f86b))
|
||||
* **analytics/admin:** add `GetDataRetentionSettings`, `UpdateDataRetentionSettings` methods to the API ([8467899](https://www.github.com/googleapis/google-cloud-go/commit/8467899ab6ebf0328c543bfb5fbcddeb2f53a082))
|
||||
* **asset:** Release of relationships in v1, Add content type Relationship to support relationship export Committer: lvv@ ([d4c3340](https://www.github.com/googleapis/google-cloud-go/commit/d4c3340bfc8b6793d6d2c8a3ed8ccdb472e1efd3))
|
||||
* **assuredworkloads:** Add Canada Regions And Support compliance regime ([b9226eb](https://www.github.com/googleapis/google-cloud-go/commit/b9226eb0b34473cb6f920c2526ad0d6dacb03f3c))
|
||||
* **cloudbuild/apiv1:** Add ability to configure BuildTriggers to create Builds that require approval before executing and ApproveBuild API to approve or reject pending Builds ([d4c3340](https://www.github.com/googleapis/google-cloud-go/commit/d4c3340bfc8b6793d6d2c8a3ed8ccdb472e1efd3))
|
||||
* **cloudbuild/apiv1:** add script field to BuildStep message ([b9226eb](https://www.github.com/googleapis/google-cloud-go/commit/b9226eb0b34473cb6f920c2526ad0d6dacb03f3c))
|
||||
* **cloudbuild/apiv1:** Update cloudbuild proto with the service_account for BYOSA Triggers. ([b9226eb](https://www.github.com/googleapis/google-cloud-go/commit/b9226eb0b34473cb6f920c2526ad0d6dacb03f3c))
|
||||
* **compute/metadata:** retry error when talking to metadata service ([#4648](https://www.github.com/googleapis/google-cloud-go/issues/4648)) ([81c6039](https://www.github.com/googleapis/google-cloud-go/commit/81c6039503121f8da3de4f4cd957b8488a3ef620)), refs [#4642](https://www.github.com/googleapis/google-cloud-go/issues/4642)
|
||||
* **dataproc:** remove apiv1beta2 client ([#4682](https://www.github.com/googleapis/google-cloud-go/issues/4682)) ([2248554](https://www.github.com/googleapis/google-cloud-go/commit/22485541affb1251604df292670a20e794111d3e))
|
||||
* **gaming:** support version reporting API ([cd65cec](https://www.github.com/googleapis/google-cloud-go/commit/cd65cecf15c4a01648da7f8f4f4d497772961510))
|
||||
* **gkehub:** Add request_id under `DeleteMembershipRequest` and `UpdateMembershipRequest` ([b9226eb](https://www.github.com/googleapis/google-cloud-go/commit/b9226eb0b34473cb6f920c2526ad0d6dacb03f3c))
|
||||
* **internal/carver:** support carving batches ([#4623](https://www.github.com/googleapis/google-cloud-go/issues/4623)) ([2972d19](https://www.github.com/googleapis/google-cloud-go/commit/2972d194da19bedf16d76fda471c06a965cfdcd6))
|
||||
* **kms:** add support for Key Reimport ([bf4378b](https://www.github.com/googleapis/google-cloud-go/commit/bf4378b5b859f7b835946891dbfebfee31c4b123))
|
||||
* **metastore:** Added the Backup resource and Backup resource GetIamPolicy/SetIamPolicy to V1 feat: Added the RestoreService method to V1 ([d4c3340](https://www.github.com/googleapis/google-cloud-go/commit/d4c3340bfc8b6793d6d2c8a3ed8ccdb472e1efd3))
|
||||
* **monitoring/dashboard:** Added support for logs-based alerts: https://cloud.google.com/logging/docs/alerting/log-based-alerts feat: Added support for user-defined labels on cloud monitoring's Service and ServiceLevelObjective objects fix!: mark required fields in QueryTimeSeriesRequest as required ([b9226eb](https://www.github.com/googleapis/google-cloud-go/commit/b9226eb0b34473cb6f920c2526ad0d6dacb03f3c))
|
||||
* **osconfig:** Update osconfig v1 and v1alpha with WindowsApplication ([bf4378b](https://www.github.com/googleapis/google-cloud-go/commit/bf4378b5b859f7b835946891dbfebfee31c4b123))
|
||||
* **speech:** Add transcript normalization ([b31646d](https://www.github.com/googleapis/google-cloud-go/commit/b31646d1e12037731df4b5c0ba9f60b6434d7b9b))
|
||||
* **talent:** Add new commute methods in Search APIs feat: Add new histogram type 'publish_time_in_day' feat: Support filtering by requisitionId is ListJobs API ([d4c3340](https://www.github.com/googleapis/google-cloud-go/commit/d4c3340bfc8b6793d6d2c8a3ed8ccdb472e1efd3))
|
||||
* **translate:** added v3 proto for online/batch document translation and updated v3beta1 proto for format conversion ([bf4378b](https://www.github.com/googleapis/google-cloud-go/commit/bf4378b5b859f7b835946891dbfebfee31c4b123))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **datastream:** Change a few resource pattern variables from camelCase to snake_case ([bf4378b](https://www.github.com/googleapis/google-cloud-go/commit/bf4378b5b859f7b835946891dbfebfee31c4b123))
|
||||
|
||||
## [0.92.0](https://www.github.com/googleapis/google-cloud-go/compare/v0.91.0...v0.92.0) (2021-08-16)
|
||||
|
||||
|
||||
|
|
2
vendor/cloud.google.com/go/CONTRIBUTING.md
generated
vendored
2
vendor/cloud.google.com/go/CONTRIBUTING.md
generated
vendored
|
@ -2,7 +2,7 @@
|
|||
|
||||
1. [File an issue](https://github.com/googleapis/google-cloud-go/issues/new/choose).
|
||||
The issue will be used to discuss the bug or feature and should be created
|
||||
before sending a CL.
|
||||
before sending a PR.
|
||||
|
||||
1. [Install Go](https://golang.org/dl/).
|
||||
1. Ensure that your `GOBIN` directory (by default `$(go env GOPATH)/bin`)
|
||||
|
|
71
vendor/cloud.google.com/go/README.md
generated
vendored
71
vendor/cloud.google.com/go/README.md
generated
vendored
|
@ -27,67 +27,18 @@ make backwards-incompatible changes.
|
|||
|
||||
## Supported APIs
|
||||
|
||||
| Google API | Status | Package |
|
||||
| ----------------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------- |
|
||||
| [Asset][cloud-asset] | stable | [`cloud.google.com/go/asset/apiv1`](https://pkg.go.dev/cloud.google.com/go/asset/v1beta) |
|
||||
| [Automl][cloud-automl] | stable | [`cloud.google.com/go/automl/apiv1`](https://pkg.go.dev/cloud.google.com/go/automl/apiv1) |
|
||||
| [BigQuery][cloud-bigquery] | stable | [`cloud.google.com/go/bigquery`](https://pkg.go.dev/cloud.google.com/go/bigquery) |
|
||||
| [Bigtable][cloud-bigtable] | stable | [`cloud.google.com/go/bigtable`](https://pkg.go.dev/cloud.google.com/go/bigtable) |
|
||||
| [Cloudbuild][cloud-build] | stable | [`cloud.google.com/go/cloudbuild/apiv1`](https://pkg.go.dev/cloud.google.com/go/cloudbuild/apiv1) |
|
||||
| [Cloudtasks][cloud-tasks] | stable | [`cloud.google.com/go/cloudtasks/apiv2`](https://pkg.go.dev/cloud.google.com/go/cloudtasks/apiv2) |
|
||||
| [Compute Engine][cloud-compute] | alpha | [`cloud.google.com/go/compute/apiv1`](https://pkg.go.dev/cloud.google.com/go/compute/apiv1) |
|
||||
| [Container][cloud-container] | stable | [`cloud.google.com/go/container/apiv1`](https://pkg.go.dev/cloud.google.com/go/container/apiv1) |
|
||||
| [ContainerAnalysis][cloud-containeranalysis] | beta | [`cloud.google.com/go/containeranalysis/apiv1`](https://pkg.go.dev/cloud.google.com/go/containeranalysis/apiv1) |
|
||||
| [Dataproc][cloud-dataproc] | stable | [`cloud.google.com/go/dataproc/apiv1`](https://pkg.go.dev/cloud.google.com/go/dataproc/apiv1) |
|
||||
| [Datastore][cloud-datastore] | stable | [`cloud.google.com/go/datastore`](https://pkg.go.dev/cloud.google.com/go/datastore) |
|
||||
| [Debugger][cloud-debugger] | stable | [`cloud.google.com/go/debugger/apiv2`](https://pkg.go.dev/cloud.google.com/go/debugger/apiv2) |
|
||||
| [Dialogflow][cloud-dialogflow] | stable | [`cloud.google.com/go/dialogflow/apiv2`](https://pkg.go.dev/cloud.google.com/go/dialogflow/apiv2) |
|
||||
| [Data Loss Prevention][cloud-dlp] | stable | [`cloud.google.com/go/dlp/apiv2`](https://pkg.go.dev/cloud.google.com/go/dlp/apiv2) |
|
||||
| [ErrorReporting][cloud-errors] | alpha | [`cloud.google.com/go/errorreporting`](https://pkg.go.dev/cloud.google.com/go/errorreporting) |
|
||||
| [Firestore][cloud-firestore] | stable | [`cloud.google.com/go/firestore`](https://pkg.go.dev/cloud.google.com/go/firestore) |
|
||||
| [IAM][cloud-iam] | stable | [`cloud.google.com/go/iam`](https://pkg.go.dev/cloud.google.com/go/iam) |
|
||||
| [IoT][cloud-iot] | stable | [`cloud.google.com/go/iot/apiv1`](https://pkg.go.dev/cloud.google.com/go/iot/apiv1) |
|
||||
| [IRM][cloud-irm] | alpha | [`cloud.google.com/go/irm/apiv1alpha2`](https://pkg.go.dev/cloud.google.com/go/irm/apiv1alpha2) |
|
||||
| [KMS][cloud-kms] | stable | [`cloud.google.com/go/kms/apiv1`](https://pkg.go.dev/cloud.google.com/go/kms/apiv1) |
|
||||
| [Natural Language][cloud-natural-language] | stable | [`cloud.google.com/go/language/apiv1`](https://pkg.go.dev/cloud.google.com/go/language/apiv1) |
|
||||
| [Logging][cloud-logging] | stable | [`cloud.google.com/go/logging`](https://pkg.go.dev/cloud.google.com/go/logging) |
|
||||
| [Memorystore][cloud-memorystore] | alpha | [`cloud.google.com/go/redis/apiv1`](https://pkg.go.dev/cloud.google.com/go/redis/apiv1) |
|
||||
| [Monitoring][cloud-monitoring] | stable | [`cloud.google.com/go/monitoring/apiv3`](https://pkg.go.dev/cloud.google.com/go/monitoring/apiv3) |
|
||||
| [OS Login][cloud-oslogin] | stable | [`cloud.google.com/go/oslogin/apiv1`](https://pkg.go.dev/cloud.google.com/go/oslogin/apiv1) |
|
||||
| [Pub/Sub][cloud-pubsub] | stable | [`cloud.google.com/go/pubsub`](https://pkg.go.dev/cloud.google.com/go/pubsub) |
|
||||
| [Pub/Sub Lite][cloud-pubsublite] | stable | [`cloud.google.com/go/pubsublite`](https://pkg.go.dev/cloud.google.com/go/pubsublite) |
|
||||
| [Phishing Protection][cloud-phishingprotection] | alpha | [`cloud.google.com/go/phishingprotection/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/phishingprotection/apiv1beta1) |
|
||||
| [reCAPTCHA Enterprise][cloud-recaptcha] | alpha | [`cloud.google.com/go/recaptchaenterprise/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/recaptchaenterprise/apiv1beta1) |
|
||||
| [Recommender][cloud-recommender] | beta | [`cloud.google.com/go/recommender/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/recommender/apiv1beta1) |
|
||||
| [Scheduler][cloud-scheduler] | stable | [`cloud.google.com/go/scheduler/apiv1`](https://pkg.go.dev/cloud.google.com/go/scheduler/apiv1) |
|
||||
| [Securitycenter][cloud-securitycenter] | stable | [`cloud.google.com/go/securitycenter/apiv1`](https://pkg.go.dev/cloud.google.com/go/securitycenter/apiv1) |
|
||||
| [Spanner][cloud-spanner] | stable | [`cloud.google.com/go/spanner`](https://pkg.go.dev/cloud.google.com/go/spanner) |
|
||||
| [Speech][cloud-speech] | stable | [`cloud.google.com/go/speech/apiv1`](https://pkg.go.dev/cloud.google.com/go/speech/apiv1) |
|
||||
| [Storage][cloud-storage] | stable | [`cloud.google.com/go/storage`](https://pkg.go.dev/cloud.google.com/go/storage) |
|
||||
| [Talent][cloud-talent] | alpha | [`cloud.google.com/go/talent/apiv4beta1`](https://pkg.go.dev/cloud.google.com/go/talent/apiv4beta1) |
|
||||
| [Text To Speech][cloud-texttospeech] | stable | [`cloud.google.com/go/texttospeech/apiv1`](https://pkg.go.dev/cloud.google.com/go/texttospeech/apiv1) |
|
||||
| [Trace][cloud-trace] | stable | [`cloud.google.com/go/trace/apiv2`](https://pkg.go.dev/cloud.google.com/go/trace/apiv2) |
|
||||
| [Translate][cloud-translate] | stable | [`cloud.google.com/go/translate`](https://pkg.go.dev/cloud.google.com/go/translate) |
|
||||
| [Video Intelligence][cloud-video] | beta | [`cloud.google.com/go/videointelligence/apiv1beta2`](https://pkg.go.dev/cloud.google.com/go/videointelligence/apiv1beta2) |
|
||||
| [Vision][cloud-vision] | stable | [`cloud.google.com/go/vision/apiv1`](https://pkg.go.dev/cloud.google.com/go/vision/apiv1) |
|
||||
| [Webrisk][cloud-webrisk] | alpha | [`cloud.google.com/go/webrisk/apiv1beta1`](https://pkg.go.dev/cloud.google.com/go/webrisk/apiv1beta1) |
|
||||
|
||||
> **Alpha status**: the API is still being actively developed. As a
|
||||
> result, it might change in backward-incompatible ways and is not recommended
|
||||
> for production use.
|
||||
>
|
||||
> **Beta status**: the API is largely complete, but still has outstanding
|
||||
> features and bugs to be addressed. There may be minor backwards-incompatible
|
||||
> changes where necessary.
|
||||
>
|
||||
> **Stable status**: the API is mature and ready for production use. We will
|
||||
> continue addressing bugs and feature requests.
|
||||
|
||||
Documentation and examples are available at [pkg.go.dev/cloud.google.com/go](https://pkg.go.dev/cloud.google.com/go)
|
||||
For an updated list of all of our released APIs please see our
|
||||
[reference docs](https://cloud.google.com/go/docs/reference).
|
||||
|
||||
## [Go Versions Supported](#supported-versions)
|
||||
|
||||
We currently support Go versions 1.11 and newer.
|
||||
Our libraries are compatible with at least the three most recent, major Go
|
||||
releases. They are currently compatible with:
|
||||
|
||||
- Go 1.18
|
||||
- Go 1.17
|
||||
- Go 1.16
|
||||
- Go 1.15
|
||||
|
||||
## Authorization
|
||||
|
||||
|
@ -125,12 +76,12 @@ client, err := storage.NewClient(ctx, option.WithTokenSource(tokenSource))
|
|||
## Contributing
|
||||
|
||||
Contributions are welcome. Please, see the
|
||||
[CONTRIBUTING](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/master/CONTRIBUTING.md)
|
||||
[CONTRIBUTING](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/main/CONTRIBUTING.md)
|
||||
document for details.
|
||||
|
||||
Please note that this project is released with a Contributor Code of Conduct.
|
||||
By participating in this project you agree to abide by its terms.
|
||||
See [Contributor Code of Conduct](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/master/CONTRIBUTING.md#contributor-code-of-conduct)
|
||||
See [Contributor Code of Conduct](https://github.com/GoogleCloudPlatform/google-cloud-go/blob/main/CONTRIBUTING.md#contributor-code-of-conduct)
|
||||
for more information.
|
||||
|
||||
[cloud-asset]: https://cloud.google.com/security-command-center/docs/how-to-asset-inventory
|
||||
|
|
12
vendor/cloud.google.com/go/RELEASING.md
generated
vendored
12
vendor/cloud.google.com/go/RELEASING.md
generated
vendored
|
@ -79,14 +79,14 @@ here is how to manually cut a release of `cloud.google.com/go`.
|
|||
[continuous Kokoro build](http://go/google-cloud-go-continuous). If there are
|
||||
any failures in the most recent build, address them before proceeding with
|
||||
the release.
|
||||
1. Navigate to `google-cloud-go/` and switch to master.
|
||||
1. Navigate to `google-cloud-go/` and switch to main.
|
||||
1. `git pull`
|
||||
1. Run `git tag -l | grep -v beta | grep -v alpha` to see all existing releases.
|
||||
The current latest tag `$CV` is the largest tag. It should look something
|
||||
like `vX.Y.Z` (note: ignore all `LIB/vX.Y.Z` tags - these are tags for a
|
||||
specific library, not the module root). We'll call the current version `$CV`
|
||||
and the new version `$NV`.
|
||||
1. On master, run `git log $CV...` to list all the changes since the last
|
||||
1. On main, run `git log $CV...` to list all the changes since the last
|
||||
release. NOTE: You must manually visually parse out changes to submodules [1]
|
||||
(the `git log` is going to show you things in submodules, which are not going
|
||||
to be part of your release).
|
||||
|
@ -98,7 +98,7 @@ here is how to manually cut a release of `cloud.google.com/go`.
|
|||
and create a PR titled `chore: release $NV`.
|
||||
1. Wait for the PR to be reviewed and merged. Once it's merged, and without
|
||||
merging any other PRs in the meantime:
|
||||
a. Switch to master.
|
||||
a. Switch to main.
|
||||
b. `git pull`
|
||||
c. Tag the repo with the next version: `git tag $NV`.
|
||||
d. Push the tag to origin:
|
||||
|
@ -118,13 +118,13 @@ here is how to manually cut a release of a submodule.
|
|||
any failures in the most recent build, address them before proceeding with
|
||||
the release. (This applies even if the failures are in a different submodule
|
||||
from the one being released.)
|
||||
1. Navigate to `google-cloud-go/` and switch to master.
|
||||
1. Navigate to `google-cloud-go/` and switch to main.
|
||||
1. `git pull`
|
||||
1. Run `git tag -l | grep datastore | grep -v beta | grep -v alpha` to see all
|
||||
existing releases. The current latest tag `$CV` is the largest tag. It
|
||||
should look something like `datastore/vX.Y.Z`. We'll call the current version
|
||||
`$CV` and the new version `$NV`.
|
||||
1. On master, run `git log $CV.. -- datastore/` to list all the changes to the
|
||||
1. On main, run `git log $CV.. -- datastore/` to list all the changes to the
|
||||
submodule directory since the last release.
|
||||
1. Edit `datastore/CHANGES.md` to include a summary of the changes.
|
||||
1. In `internal/version` run `go generate`.
|
||||
|
@ -132,7 +132,7 @@ here is how to manually cut a release of a submodule.
|
|||
and create a PR titled `chore(datastore): release $NV`.
|
||||
1. Wait for the PR to be reviewed and merged. Once it's merged, and without
|
||||
merging any other PRs in the meantime:
|
||||
a. Switch to master.
|
||||
a. Switch to main.
|
||||
b. `git pull`
|
||||
c. Tag the repo with the next version: `git tag $NV`.
|
||||
d. Push the tag to origin:
|
||||
|
|
202
vendor/cloud.google.com/go/compute/LICENSE
generated
vendored
Normal file
202
vendor/cloud.google.com/go/compute/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
50
vendor/cloud.google.com/go/compute/metadata/metadata.go
generated
vendored
50
vendor/cloud.google.com/go/compute/metadata/metadata.go
generated
vendored
|
@ -16,7 +16,7 @@
|
|||
// metadata and API service accounts.
|
||||
//
|
||||
// This package is a wrapper around the GCE metadata service,
|
||||
// as documented at https://developers.google.com/compute/docs/metadata.
|
||||
// as documented at https://cloud.google.com/compute/docs/metadata/overview.
|
||||
package metadata // import "cloud.google.com/go/compute/metadata"
|
||||
|
||||
import (
|
||||
|
@ -61,14 +61,18 @@ var (
|
|||
instID = &cachedValue{k: "instance/id", trim: true}
|
||||
)
|
||||
|
||||
var defaultClient = &Client{hc: &http.Client{
|
||||
Transport: &http.Transport{
|
||||
Dial: (&net.Dialer{
|
||||
Timeout: 2 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).Dial,
|
||||
},
|
||||
}}
|
||||
var defaultClient = &Client{hc: newDefaultHTTPClient()}
|
||||
|
||||
func newDefaultHTTPClient() *http.Client {
|
||||
return &http.Client{
|
||||
Transport: &http.Transport{
|
||||
Dial: (&net.Dialer{
|
||||
Timeout: 2 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
}).Dial,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// NotDefinedError is returned when requested metadata is not defined.
|
||||
//
|
||||
|
@ -130,7 +134,7 @@ func testOnGCE() bool {
|
|||
go func() {
|
||||
req, _ := http.NewRequest("GET", "http://"+metadataIP, nil)
|
||||
req.Header.Set("User-Agent", userAgent)
|
||||
res, err := defaultClient.hc.Do(req.WithContext(ctx))
|
||||
res, err := newDefaultHTTPClient().Do(req.WithContext(ctx))
|
||||
if err != nil {
|
||||
resc <- false
|
||||
return
|
||||
|
@ -140,7 +144,8 @@ func testOnGCE() bool {
|
|||
}()
|
||||
|
||||
go func() {
|
||||
addrs, err := net.DefaultResolver.LookupHost(ctx, "metadata.google.internal")
|
||||
resolver := &net.Resolver{}
|
||||
addrs, err := resolver.LookupHost(ctx, "metadata.google.internal")
|
||||
if err != nil || len(addrs) == 0 {
|
||||
resc <- false
|
||||
return
|
||||
|
@ -282,6 +287,7 @@ func NewClient(c *http.Client) *Client {
|
|||
// getETag returns a value from the metadata service as well as the associated ETag.
|
||||
// This func is otherwise equivalent to Get.
|
||||
func (c *Client) getETag(suffix string) (value, etag string, err error) {
|
||||
ctx := context.TODO()
|
||||
// Using a fixed IP makes it very difficult to spoof the metadata service in
|
||||
// a container, which is an important use-case for local testing of cloud
|
||||
// deployments. To enable spoofing of the metadata service, the environment
|
||||
|
@ -304,9 +310,25 @@ func (c *Client) getETag(suffix string) (value, etag string, err error) {
|
|||
}
|
||||
req.Header.Set("Metadata-Flavor", "Google")
|
||||
req.Header.Set("User-Agent", userAgent)
|
||||
res, err := c.hc.Do(req)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
var res *http.Response
|
||||
var reqErr error
|
||||
retryer := newRetryer()
|
||||
for {
|
||||
res, reqErr = c.hc.Do(req)
|
||||
var code int
|
||||
if res != nil {
|
||||
code = res.StatusCode
|
||||
}
|
||||
if delay, shouldRetry := retryer.Retry(code, reqErr); shouldRetry {
|
||||
if err := sleep(ctx, delay); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
continue
|
||||
}
|
||||
break
|
||||
}
|
||||
if reqErr != nil {
|
||||
return "", "", reqErr
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode == http.StatusNotFound {
|
||||
|
|
114
vendor/cloud.google.com/go/compute/metadata/retry.go
generated
vendored
Normal file
114
vendor/cloud.google.com/go/compute/metadata/retry.go
generated
vendored
Normal file
|
@ -0,0 +1,114 @@
|
|||
// Copyright 2021 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package metadata
|
||||
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"math/rand"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
maxRetryAttempts = 5
|
||||
)
|
||||
|
||||
var (
|
||||
syscallRetryable = func(err error) bool { return false }
|
||||
)
|
||||
|
||||
// defaultBackoff is basically equivalent to gax.Backoff without the need for
|
||||
// the dependency.
|
||||
type defaultBackoff struct {
|
||||
max time.Duration
|
||||
mul float64
|
||||
cur time.Duration
|
||||
}
|
||||
|
||||
func (b *defaultBackoff) Pause() time.Duration {
|
||||
d := time.Duration(1 + rand.Int63n(int64(b.cur)))
|
||||
b.cur = time.Duration(float64(b.cur) * b.mul)
|
||||
if b.cur > b.max {
|
||||
b.cur = b.max
|
||||
}
|
||||
return d
|
||||
}
|
||||
|
||||
// sleep is the equivalent of gax.Sleep without the need for the dependency.
|
||||
func sleep(ctx context.Context, d time.Duration) error {
|
||||
t := time.NewTimer(d)
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
t.Stop()
|
||||
return ctx.Err()
|
||||
case <-t.C:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func newRetryer() *metadataRetryer {
|
||||
return &metadataRetryer{bo: &defaultBackoff{
|
||||
cur: 100 * time.Millisecond,
|
||||
max: 30 * time.Second,
|
||||
mul: 2,
|
||||
}}
|
||||
}
|
||||
|
||||
type backoff interface {
|
||||
Pause() time.Duration
|
||||
}
|
||||
|
||||
type metadataRetryer struct {
|
||||
bo backoff
|
||||
attempts int
|
||||
}
|
||||
|
||||
func (r *metadataRetryer) Retry(status int, err error) (time.Duration, bool) {
|
||||
if status == http.StatusOK {
|
||||
return 0, false
|
||||
}
|
||||
retryOk := shouldRetry(status, err)
|
||||
if !retryOk {
|
||||
return 0, false
|
||||
}
|
||||
if r.attempts == maxRetryAttempts {
|
||||
return 0, false
|
||||
}
|
||||
r.attempts++
|
||||
return r.bo.Pause(), true
|
||||
}
|
||||
|
||||
func shouldRetry(status int, err error) bool {
|
||||
if 500 <= status && status <= 599 {
|
||||
return true
|
||||
}
|
||||
if err == io.ErrUnexpectedEOF {
|
||||
return true
|
||||
}
|
||||
// Transient network errors should be retried.
|
||||
if syscallRetryable(err) {
|
||||
return true
|
||||
}
|
||||
if err, ok := err.(interface{ Temporary() bool }); ok {
|
||||
if err.Temporary() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
if err, ok := err.(interface{ Unwrap() error }); ok {
|
||||
return shouldRetry(status, err.Unwrap())
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -1,10 +1,10 @@
|
|||
// Copyright 2017 Google Inc. All Rights Reserved.
|
||||
// Copyright 2021 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
|
@ -12,6 +12,15 @@
|
|||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package configpb
|
||||
//go:build linux
|
||||
// +build linux
|
||||
|
||||
//go:generate protoc -I=. -I=$GOPATH/src --go_out=:. multilog.proto
|
||||
package metadata
|
||||
|
||||
import "syscall"
|
||||
|
||||
func init() {
|
||||
// Initialize syscallRetryable to return true on transient socket-level
|
||||
// errors. These errors are specific to Linux.
|
||||
syscallRetryable = func(err error) bool { return err == syscall.ECONNRESET || err == syscall.ECONNREFUSED }
|
||||
}
|
44
vendor/cloud.google.com/go/doc.go
generated
vendored
44
vendor/cloud.google.com/go/doc.go
generated
vendored
|
@ -165,16 +165,42 @@ For HTTP logging, set the GODEBUG environment variable to "http2debug=1" or "htt
|
|||
|
||||
Inspecting errors
|
||||
|
||||
Most of the errors returned by the generated clients can be converted into a
|
||||
`grpc.Status`. Converting your errors to this type can be a useful to get
|
||||
more information about what went wrong while debugging.
|
||||
if err != {
|
||||
Most of the errors returned by the generated clients are wrapped in an
|
||||
`apierror.APIError` (https://pkg.go.dev/github.com/googleapis/gax-go/v2/apierror)
|
||||
and can be further unwrapped into a `grpc.Status` or `googleapi.Error` depending
|
||||
on the transport used to make the call (gRPC or REST). Converting your errors to
|
||||
these types can be a useful way to get more information about what went wrong
|
||||
while debugging.
|
||||
|
||||
`apierror.APIError` gives access to specific details in the
|
||||
error. The transport-specific errors can still be unwrapped using the
|
||||
`apierror.APIError`.
|
||||
if err != nil {
|
||||
var ae *apierror.APIError
|
||||
if errors.As(err, &ae) {
|
||||
log.Println(ae.Reason())
|
||||
log.Println(ae.Details().Help.GetLinks())
|
||||
}
|
||||
}
|
||||
|
||||
If the gRPC transport was used, the `grpc.Status` can still be parsed using the
|
||||
`status.FromError` function.
|
||||
if err != nil {
|
||||
if s, ok := status.FromError(err); ok {
|
||||
log.Println(s.Message())
|
||||
for _, d := range s.Proto().Details {
|
||||
log.Println(d)
|
||||
}
|
||||
}
|
||||
log.Println(s.Message())
|
||||
for _, d := range s.Proto().Details {
|
||||
log.Println(d)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
If the REST transport was used, the `googleapi.Error` can be parsed in a similar
|
||||
way.
|
||||
if err != nil {
|
||||
var gerr *googleapi.Error
|
||||
if errors.As(err, &gerr) {
|
||||
log.Println(gerr.Message)
|
||||
}
|
||||
}
|
||||
|
||||
Client Stability
|
||||
|
|
322
vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json
generated
vendored
Normal file
322
vendor/cloud.google.com/go/release-please-config-yoshi-submodules.json
generated
vendored
Normal file
|
@ -0,0 +1,322 @@
|
|||
{
|
||||
"release-type": "go-yoshi",
|
||||
"include-component-in-tag": true,
|
||||
"tag-separator": "/",
|
||||
"packages": {
|
||||
"accessapproval": {
|
||||
"component": "accessapproval"
|
||||
},
|
||||
"accesscontextmanager": {
|
||||
"component": "accesscontextmanager"
|
||||
},
|
||||
"aiplatform": {
|
||||
"component": "aiplatform"
|
||||
},
|
||||
"analytics": {
|
||||
"component": "analytics"
|
||||
},
|
||||
"apigateway": {
|
||||
"component": "apigateway"
|
||||
},
|
||||
"apigeeconnect": {
|
||||
"component": "apigeeconnect"
|
||||
},
|
||||
"appengine": {
|
||||
"component": "appengine"
|
||||
},
|
||||
"area120": {
|
||||
"component": "area120"
|
||||
},
|
||||
"artifactregistry": {
|
||||
"component": "artifactregistry"
|
||||
},
|
||||
"asset": {
|
||||
"component": "asset"
|
||||
},
|
||||
"assuredworkloads": {
|
||||
"component": "assuredworkloads"
|
||||
},
|
||||
"automl": {
|
||||
"component": "automl"
|
||||
},
|
||||
"baremetalsolution": {
|
||||
"component": "baremetalsolution"
|
||||
},
|
||||
"batch": {
|
||||
"component": "batch"
|
||||
},
|
||||
"billing": {
|
||||
"component": "billing"
|
||||
},
|
||||
"binaryauthorization": {
|
||||
"component": "binaryauthorization"
|
||||
},
|
||||
"certificatemanager": {
|
||||
"component": "certificatemanager"
|
||||
},
|
||||
"channel": {
|
||||
"component": "channel"
|
||||
},
|
||||
"cloudbuild": {
|
||||
"component": "cloudbuild"
|
||||
},
|
||||
"clouddms": {
|
||||
"component": "clouddms"
|
||||
},
|
||||
"cloudtasks": {
|
||||
"component": "cloudtasks"
|
||||
},
|
||||
"compute": {
|
||||
"component": "compute"
|
||||
},
|
||||
"contactcenterinsights": {
|
||||
"component": "contactcenterinsights"
|
||||
},
|
||||
"container": {
|
||||
"component": "container"
|
||||
},
|
||||
"containeranalysis": {
|
||||
"component": "containeranalysis"
|
||||
},
|
||||
"datacatalog": {
|
||||
"component": "datacatalog"
|
||||
},
|
||||
"dataflow": {
|
||||
"component": "dataflow"
|
||||
},
|
||||
"datafusion": {
|
||||
"component": "datafusion"
|
||||
},
|
||||
"datalabeling": {
|
||||
"component": "datalabeling"
|
||||
},
|
||||
"dataplex": {
|
||||
"component": "dataplex"
|
||||
},
|
||||
"dataproc": {
|
||||
"component": "dataproc"
|
||||
},
|
||||
"dataqna": {
|
||||
"component": "dataqna"
|
||||
},
|
||||
"datastream": {
|
||||
"component": "datastream"
|
||||
},
|
||||
"deploy": {
|
||||
"component": "deploy"
|
||||
},
|
||||
"dialogflow": {
|
||||
"component": "dialogflow"
|
||||
},
|
||||
"dlp": {
|
||||
"component": "dlp"
|
||||
},
|
||||
"documentai": {
|
||||
"component": "documentai"
|
||||
},
|
||||
"domains": {
|
||||
"component": "domains"
|
||||
},
|
||||
"essentialcontacts": {
|
||||
"component": "essentialcontacts"
|
||||
},
|
||||
"eventarc": {
|
||||
"component": "eventarc"
|
||||
},
|
||||
"filestore": {
|
||||
"component": "filestore"
|
||||
},
|
||||
"functions": {
|
||||
"component": "functions"
|
||||
},
|
||||
"gaming": {
|
||||
"component": "gaming"
|
||||
},
|
||||
"gkebackup": {
|
||||
"component": "gkebackup"
|
||||
},
|
||||
"gkeconnect": {
|
||||
"component": "gkeconnect"
|
||||
},
|
||||
"gkehub": {
|
||||
"component": "gkehub"
|
||||
},
|
||||
"gkemulticloud": {
|
||||
"component": "gkemulticloud"
|
||||
},
|
||||
"grafeas": {
|
||||
"component": "grafeas"
|
||||
},
|
||||
"gsuiteaddons": {
|
||||
"component": "gsuiteaddons"
|
||||
},
|
||||
"iam": {
|
||||
"component": "iam"
|
||||
},
|
||||
"iap": {
|
||||
"component": "iap"
|
||||
},
|
||||
"ids": {
|
||||
"component": "ids"
|
||||
},
|
||||
"iot": {
|
||||
"component": "iot"
|
||||
},
|
||||
"kms": {
|
||||
"component": "kms"
|
||||
},
|
||||
"language": {
|
||||
"component": "language"
|
||||
},
|
||||
"lifesciences": {
|
||||
"component": "lifesciences"
|
||||
},
|
||||
"managedidentities": {
|
||||
"component": "managedidentities"
|
||||
},
|
||||
"mediatranslation": {
|
||||
"component": "mediatranslation"
|
||||
},
|
||||
"memcache": {
|
||||
"component": "memcache"
|
||||
},
|
||||
"metastore": {
|
||||
"component": "metastore"
|
||||
},
|
||||
"monitoring": {
|
||||
"component": "monitoring"
|
||||
},
|
||||
"networkconnectivity": {
|
||||
"component": "networkconnectivity"
|
||||
},
|
||||
"networkmanagement": {
|
||||
"component": "networkmanagement"
|
||||
},
|
||||
"networksecurity": {
|
||||
"component": "networksecurity"
|
||||
},
|
||||
"notebooks": {
|
||||
"component": "notebooks"
|
||||
},
|
||||
"optimization": {
|
||||
"component": "optimization"
|
||||
},
|
||||
"orchestration": {
|
||||
"component": "orchestration"
|
||||
},
|
||||
"orgpolicy": {
|
||||
"component": "orgpolicy"
|
||||
},
|
||||
"osconfig": {
|
||||
"component": "osconfig"
|
||||
},
|
||||
"oslogin": {
|
||||
"component": "oslogin"
|
||||
},
|
||||
"phishingprotection": {
|
||||
"component": "phishingprotection"
|
||||
},
|
||||
"policytroubleshooter": {
|
||||
"component": "policytroubleshooter"
|
||||
},
|
||||
"privatecatalog": {
|
||||
"component": "privatecatalog"
|
||||
},
|
||||
"recaptchaenterprise/v2": {
|
||||
"component": "recaptchaenterprise"
|
||||
},
|
||||
"recommendationengine": {
|
||||
"component": "recommendationengine"
|
||||
},
|
||||
"recommender": {
|
||||
"component": "recommender"
|
||||
},
|
||||
"redis": {
|
||||
"component": "redis"
|
||||
},
|
||||
"resourcemanager": {
|
||||
"component": "resourcemanager"
|
||||
},
|
||||
"resourcesettings": {
|
||||
"component": "resourcesettings"
|
||||
},
|
||||
"retail": {
|
||||
"component": "retail"
|
||||
},
|
||||
"run": {
|
||||
"component": "run"
|
||||
},
|
||||
"scheduler": {
|
||||
"component": "scheduler"
|
||||
},
|
||||
"secretmanager": {
|
||||
"component": "secretmanager"
|
||||
},
|
||||
"security": {
|
||||
"component": "security"
|
||||
},
|
||||
"securitycenter": {
|
||||
"component": "securitycenter"
|
||||
},
|
||||
"servicecontrol": {
|
||||
"component": "servicecontrol"
|
||||
},
|
||||
"servicedirectory": {
|
||||
"component": "servicedirectory"
|
||||
},
|
||||
"servicemanagement": {
|
||||
"component": "servicemanagement"
|
||||
},
|
||||
"serviceusage": {
|
||||
"component": "serviceusage"
|
||||
},
|
||||
"shell": {
|
||||
"component": "shell"
|
||||
},
|
||||
"speech": {
|
||||
"component": "speech"
|
||||
},
|
||||
"storagetransfer": {
|
||||
"component": "storagetransfer"
|
||||
},
|
||||
"talent": {
|
||||
"component": "talent"
|
||||
},
|
||||
"texttospeech": {
|
||||
"component": "texttospeech"
|
||||
},
|
||||
"tpu": {
|
||||
"component": "tpu"
|
||||
},
|
||||
"trace": {
|
||||
"component": "trace"
|
||||
},
|
||||
"translate": {
|
||||
"component": "translate"
|
||||
},
|
||||
"video": {
|
||||
"component": "video"
|
||||
},
|
||||
"videointelligence": {
|
||||
"component": "videointelligence"
|
||||
},
|
||||
"vision/v2": {
|
||||
"component": "vision"
|
||||
},
|
||||
"vmmigration": {
|
||||
"component": "vmmigration"
|
||||
},
|
||||
"vpcaccess": {
|
||||
"component": "vpcaccess"
|
||||
},
|
||||
"webrisk": {
|
||||
"component": "webrisk"
|
||||
},
|
||||
"websecurityscanner": {
|
||||
"component": "websecurityscanner"
|
||||
},
|
||||
"workflows": {
|
||||
"component": "workflows"
|
||||
}
|
||||
}
|
||||
}
|
10
vendor/cloud.google.com/go/release-please-config.json
generated
vendored
Normal file
10
vendor/cloud.google.com/go/release-please-config.json
generated
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"release-type": "go-yoshi",
|
||||
"separate-pull-requests": true,
|
||||
"include-component-in-tag": false,
|
||||
"packages": {
|
||||
".": {
|
||||
"component": "main"
|
||||
}
|
||||
}
|
||||
}
|
4
vendor/cloud.google.com/go/testing.md
generated
vendored
4
vendor/cloud.google.com/go/testing.md
generated
vendored
|
@ -9,7 +9,7 @@ on the Go client libraries.
|
|||
## Testing gRPC services using fakes
|
||||
|
||||
*Note*: You can see the full
|
||||
[example code using a fake here](https://github.com/googleapis/google-cloud-go/tree/master/internal/examples/fake).
|
||||
[example code using a fake here](https://github.com/googleapis/google-cloud-go/tree/main/internal/examples/fake).
|
||||
|
||||
The clients found in `cloud.google.com/go` are gRPC based, with a couple of
|
||||
notable exceptions being the [`storage`](https://pkg.go.dev/cloud.google.com/go/storage)
|
||||
|
@ -143,7 +143,7 @@ func TestTranslateTextWithConcreteClient(t *testing.T) {
|
|||
## Testing using mocks
|
||||
|
||||
*Note*: You can see the full
|
||||
[example code using a mock here](https://github.com/googleapis/google-cloud-go/tree/master/internal/examples/mock).
|
||||
[example code using a mock here](https://github.com/googleapis/google-cloud-go/tree/main/internal/examples/mock).
|
||||
|
||||
When mocking code you need to work with interfaces. Let’s create an interface
|
||||
for the `cloud.google.com/go/translate/apiv3` client used in the
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/.gitignore
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/.gitignore
generated
vendored
|
@ -15,7 +15,6 @@
|
|||
/ct_hammer
|
||||
/data
|
||||
/dumpscts
|
||||
/etcdiscover
|
||||
/findlog
|
||||
/goshawk
|
||||
/gosmin
|
||||
|
|
38
vendor/github.com/google/certificate-transparency-go/.golangci.yaml
generated
vendored
Normal file
38
vendor/github.com/google/certificate-transparency-go/.golangci.yaml
generated
vendored
Normal file
|
@ -0,0 +1,38 @@
|
|||
run:
|
||||
deadline: 90s
|
||||
skip-dirs:
|
||||
- (^|/)x509($|/)
|
||||
- (^|/)x509util($|/)
|
||||
- (^|/)asn1($|/)
|
||||
|
||||
linters-settings:
|
||||
gocyclo:
|
||||
min-complexity: 40
|
||||
depguard:
|
||||
list-type: blacklist
|
||||
packages:
|
||||
- ^golang.org/x/net/context$
|
||||
- github.com/gogo/protobuf/proto
|
||||
- encoding/asn1
|
||||
- crypto/x509
|
||||
|
||||
linters:
|
||||
disable-all: true
|
||||
enable:
|
||||
- deadcode
|
||||
- depguard
|
||||
- gocyclo
|
||||
- gofmt
|
||||
- goimports
|
||||
- govet
|
||||
- ineffassign
|
||||
- megacheck
|
||||
- misspell
|
||||
- revive
|
||||
- varcheck
|
||||
# TODO(gbelvin): write license linter and commit to upstream.
|
||||
# ./scripts/check_license.sh is run by ./scripts/presubmit.sh
|
||||
|
||||
issues:
|
||||
# Don't turn off any checks by default. We can do this explicitly if needed.
|
||||
exclude-use-default: false
|
74
vendor/github.com/google/certificate-transparency-go/.travis.yml
generated
vendored
74
vendor/github.com/google/certificate-transparency-go/.travis.yml
generated
vendored
|
@ -1,74 +0,0 @@
|
|||
sudo: true # required for CI push into Kubernetes.
|
||||
language: go
|
||||
os: linux
|
||||
go: "1.10"
|
||||
|
||||
go_import_path: github.com/google/certificate-transparency-go
|
||||
|
||||
env:
|
||||
- GCE_CI=${ENABLE_GCE_CI} GOFLAGS=
|
||||
- GOFLAGS=-race
|
||||
- GOFLAGS= WITH_ETCD=true WITH_COVERAGE=true
|
||||
- GOFLAGS=-race WITH_ETCD=true
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
install:
|
||||
- mkdir ../protoc
|
||||
- |
|
||||
(
|
||||
cd ../protoc
|
||||
wget https://github.com/google/protobuf/releases/download/v3.5.1/protoc-3.5.1-${TRAVIS_OS_NAME}-x86_64.zip
|
||||
unzip protoc-3.5.1-${TRAVIS_OS_NAME}-x86_64.zip
|
||||
)
|
||||
- export PATH=$(pwd)/../protoc/bin:$PATH
|
||||
- go get -d -t ./...
|
||||
- go get github.com/alecthomas/gometalinter
|
||||
- gometalinter --install
|
||||
- go get -u github.com/golang/protobuf/proto
|
||||
- go get -u github.com/golang/protobuf/protoc-gen-go
|
||||
- go install github.com/golang/mock/mockgen
|
||||
# install vendored etcd binary
|
||||
- go install ./vendor/github.com/coreos/etcd/cmd/etcd
|
||||
- go install ./vendor/github.com/coreos/etcd/cmd/etcdctl
|
||||
- pushd ${GOPATH}/src/github.com/google/trillian
|
||||
- go get -d -t ./...
|
||||
- popd
|
||||
|
||||
script:
|
||||
- set -e
|
||||
- cd $HOME/gopath/src/github.com/google/certificate-transparency-go
|
||||
- ./scripts/presubmit.sh ${PRESUBMIT_OPTS} ${WITH_COVERAGE:+--coverage}
|
||||
- |
|
||||
# Check re-generation didn't change anything
|
||||
status=$(git status --porcelain | grep -v coverage) || :
|
||||
if [[ -n ${status} ]]; then
|
||||
echo "Regenerated files differ from checked-in versions: ${status}"
|
||||
git status
|
||||
git diff
|
||||
exit 1
|
||||
fi
|
||||
- |
|
||||
if [[ "${WITH_ETCD}" == "true" ]]; then
|
||||
export ETCD_DIR="${GOPATH}/bin"
|
||||
fi
|
||||
- ./trillian/integration/integration_test.sh
|
||||
- HAMMER_OPTS="--operations=1500" ./trillian/integration/ct_hammer_test.sh
|
||||
- set +e
|
||||
|
||||
after_success:
|
||||
- cp /tmp/coverage.txt .
|
||||
- bash <(curl -s https://codecov.io/bash)
|
||||
- |
|
||||
# Push up to GCE CI instance if we're running after a merge to master
|
||||
if [[ "${GCE_CI}" == "true" ]] && [[ $TRAVIS_PULL_REQUEST == "false" ]] && [[ $TRAVIS_BRANCH == "master" ]]; then
|
||||
. scripts/install_cloud.sh
|
||||
echo ${GCLOUD_SERVICE_KEY_CI} | base64 --decode -i > ${HOME}/gcloud-service-key.json
|
||||
gcloud auth activate-service-account --key-file ${HOME}/gcloud-service-key.json
|
||||
rm ${HOME}/gcloud-service-key.json
|
||||
. scripts/deploy_gce_ci.sh
|
||||
fi
|
2
vendor/github.com/google/certificate-transparency-go/AUTHORS
generated
vendored
2
vendor/github.com/google/certificate-transparency-go/AUTHORS
generated
vendored
|
@ -11,7 +11,7 @@
|
|||
Comodo CA Limited
|
||||
Ed Maste <emaste@freebsd.org>
|
||||
Fiaz Hossain <fiaz.hossain@salesforce.com>
|
||||
Google Inc.
|
||||
Google LLC
|
||||
Internet Security Research Group
|
||||
Jeff Trawick <trawick@gmail.com>
|
||||
Katriel Cohn-Gordon <katriel.cohn-gordon@cybersecurity.ox.ac.uk>
|
||||
|
|
458
vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
generated
vendored
458
vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
generated
vendored
|
@ -1,5 +1,398 @@
|
|||
# CERTIFICATE-TRANSPARENCY-GO Changelog
|
||||
|
||||
## HEAD
|
||||
|
||||
### Integration
|
||||
|
||||
* Breaking change to API for `integration.HammerCTLog`:
|
||||
* Added `ctx` as first argument, and terminate loop if it becomes cancelled
|
||||
|
||||
### JSONClient
|
||||
|
||||
* PostAndParseWithRetry now does backoff-and-retry upon receiving HTTP 429.
|
||||
|
||||
### Cleanup
|
||||
|
||||
* `WithBalancerName` is deprecated and removed, using the recommended way.
|
||||
* `ctfe.PEMCertPool` type has been moved to `x509util.PEMCertPool` to reduce
|
||||
dependencies (#903).
|
||||
* Remove log list v1 package and its dependencies.
|
||||
|
||||
### Migrillian
|
||||
|
||||
* #960: Skip consistency check when root is size zero.
|
||||
|
||||
### Misc
|
||||
|
||||
* updated golangci-lint to v1.46.1 (developers should update to this version)
|
||||
* update `google.golang.org/grpc` to v1.46.0
|
||||
* `ctclient` tool now uses Cobra for better CLI experience (#901).
|
||||
* #800: Remove dependency from `ratelimit`.
|
||||
* #927: Add read-only mode to CTFE config.
|
||||
* Update Trillian to [0a389c4](https://github.com/google/trillian/commit/0a389c4bb8d97fb3be8f55d7e5b428cf4304986f)
|
||||
* Migrate loglist dependency from v1 to v3 in ctclient cmd.
|
||||
* Migrate loglist dependency from v1 to v3 in ctutil/loginfo.go
|
||||
* Migrate loglist dependency from v1 to v3 in ctutil/sctscan.go
|
||||
* Migrate loglist dependency from v1 to v3 in trillian/integration/ct_hammer/main.go
|
||||
|
||||
## v1.1.2
|
||||
|
||||
### CTFE
|
||||
|
||||
* Removed the `-by_range` flag.
|
||||
|
||||
### Updated dependencies
|
||||
|
||||
* Trillian from v1.3.11 to v1.4.0
|
||||
* protobuf to v2
|
||||
|
||||
## v1.1.1
|
||||
[Published 2020-10-06](https://github.com/google/certificate-transparency-go/releases/tag/v1.1.1)
|
||||
|
||||
### Tools
|
||||
|
||||
#### CT Hammer
|
||||
|
||||
Added a flag (--strict_sth_consistency_size) which when set to true enforces the current behaviour of only request consistency proofs between tree sizes for which the hammer has seen valid STHs.
|
||||
When setting this flag to false, if no two usable STHs are available the hammer will attempt to request a consistency proof between the latest STH it's seen and a random smaller (but > 0) tree size.
|
||||
|
||||
|
||||
### CTFE
|
||||
|
||||
#### Caching
|
||||
|
||||
The CTFE now includes a Cache-Control header in responses containing purely
|
||||
immutable data, e.g. those for get-entries and get-proof-by-hash. This allows
|
||||
clients and proxies to cache these responses for up to 24 hours.
|
||||
|
||||
#### EKU Filtering
|
||||
|
||||
> :warning: **It is not yet recommended to enable this option in a production CT Log!**
|
||||
|
||||
CTFE now supports filtering logging submissions by leaf certificate EKU.
|
||||
This is enabled by adding an extKeyUsage list to a log's stanza in the
|
||||
config file.
|
||||
|
||||
The format is a list of strings corresponding to the supported golang x509 EKUs:
|
||||
|Config string | Extended Key Usage |
|
||||
|----------------------------|----------------------------------------|
|
||||
|`Any` | ExtKeyUsageAny |
|
||||
|`ServerAuth` | ExtKeyUsageServerAuth |
|
||||
|`ClientAuth` | ExtKeyUsageClientAuth |
|
||||
|`CodeSigning` | ExtKeyUsageCodeSigning |
|
||||
|`EmailProtection` | ExtKeyUsageEmailProtection |
|
||||
|`IPSECEndSystem` | ExtKeyUsageIPSECEndSystem |
|
||||
|`IPSECTunnel` | ExtKeyUsageIPSECTunnel |
|
||||
|`IPSECUser` | ExtKeyUsageIPSECUser |
|
||||
|`TimeStamping` | ExtKeyUsageTimeStamping |
|
||||
|`OCSPSigning` | ExtKeyUsageOCSPSigning |
|
||||
|`MicrosoftServerGatedCrypto`| ExtKeyUsageMicrosoftServerGatedCrypto |
|
||||
|`NetscapeServerGatedCrypto` | ExtKeyUsageNetscapeServerGatedCrypto |
|
||||
|
||||
When an extKeyUsage list is specified, the CT Log will reject logging
|
||||
submissions for leaf certificates that do not contain an EKU present in this
|
||||
list.
|
||||
|
||||
When enabled, EKU filtering is only performed at the leaf level (i.e. there is
|
||||
no 'nested' EKU filtering performed).
|
||||
|
||||
If no list is specified, or the list contains an `Any` entry, no EKU
|
||||
filtering will be performed.
|
||||
|
||||
#### GetEntries
|
||||
Calls to `get-entries` which are at (or above) the maximum permitted number of
|
||||
entries whose `start` parameter does not fall on a multiple of the maximum
|
||||
permitted number of entries, will have their responses truncated such that
|
||||
subsequent requests will align with this boundary.
|
||||
This is intended to coerce callers of `get-entries` into all using the same
|
||||
`start` and `end` parameters and thereby increase the cachability of
|
||||
these requests.
|
||||
|
||||
e.g.:
|
||||
|
||||
<pre>
|
||||
Old behaviour:
|
||||
1 2 3
|
||||
0 0 0
|
||||
Entries>-----|---------|---------|----...
|
||||
Client A -------|---------|----------|...
|
||||
Client B --|--------|---------|-------...
|
||||
^ ^ ^
|
||||
`--------`---------`---- requests
|
||||
|
||||
With coercion (max batch = 10 entries):
|
||||
1 2 3
|
||||
0 0 0
|
||||
Entries>-----|---------|---------|----...
|
||||
Client A ----X---------|---------|...
|
||||
Client B --|-X---------|---------|-------...
|
||||
^
|
||||
`-- Requests truncated
|
||||
</pre>
|
||||
|
||||
This behaviour can be disabled by setting the `--align_getentries`
|
||||
flag to false.
|
||||
|
||||
#### Flags
|
||||
|
||||
The `ct_server` binary changed the default of these flags:
|
||||
|
||||
- `by_range` - Now defaults to `true`
|
||||
|
||||
The `ct_server` binary added the following flags:
|
||||
- `align_getentries` - See GetEntries section above for details
|
||||
|
||||
Added `backend` flag to `migrillian`, which now replaces the deprecated
|
||||
"backend" feature of Migrillian configs.
|
||||
|
||||
#### FixedBackendResolver Replaced
|
||||
|
||||
This was previously used in situations where a comma separated list of
|
||||
backends was provided in the `rpcBackend` flag rather than a single value.
|
||||
|
||||
It has been replaced by equivalent functionality using a newer gRPC API.
|
||||
However this support was only intended for use in integration tests. In
|
||||
production we recommend the use of etcd or a gRPC load balancer.
|
||||
|
||||
### LogList
|
||||
|
||||
Log list tools updated to use the correct v2 URL (from v2_beta previously).
|
||||
|
||||
### Libraries
|
||||
|
||||
#### x509 fork
|
||||
|
||||
Merged upstream Go 1.13 and Go 1.14 changes (with the exception
|
||||
of https://github.com/golang/go/commit/14521198679e, to allow
|
||||
old certs using a malformed root still to be logged).
|
||||
|
||||
#### asn1 fork
|
||||
|
||||
Merged upstream Go 1.14 changes.
|
||||
|
||||
#### ctutil
|
||||
|
||||
Added VerifySCTWithVerifier() to verify SCTs using a given ct.SignatureVerifier.
|
||||
|
||||
### Configuration Files
|
||||
|
||||
Configuration files that previously had to be text-encoded Protobuf messages can
|
||||
now alternatively be binary-encoded instead.
|
||||
|
||||
### JSONClient
|
||||
|
||||
- `PostAndParseWithRetry` error logging now includes log URI in messages.
|
||||
|
||||
### Minimal Gossip Example
|
||||
|
||||
All the code for this, except for the x509ext package, has been moved over
|
||||
to the [trillian-examples](https://github.com/google/trillian-examples) repository.
|
||||
|
||||
This keeps the code together and removes a circular dependency between the
|
||||
two repositories. The package layout and structure remains the same so
|
||||
updating should just mean changing any relevant import paths.
|
||||
|
||||
### Dependencies
|
||||
|
||||
A circular dependency on the [monologue](https://github.com/google/monologue) repository has been removed.
|
||||
|
||||
A circular dependency on the [trillian-examples](https://github.com/google/trillian-examples) repository has been removed.
|
||||
|
||||
The version of trillian in use has been updated to 1.3.11. This has required
|
||||
various other dependency updates including gRPC and protobuf. This code now
|
||||
uses the v2 proto API. The Travis tests now expect the 3.11.4 version of
|
||||
protoc.
|
||||
|
||||
The version of etcd in use has been switched to the one from `go.etcd.io`.
|
||||
|
||||
Most of the above changes are to align versions more closely with the ones
|
||||
used in the trillian repository.
|
||||
|
||||
## v1.1.0
|
||||
|
||||
Published 2019-11-14 15:00:00 +0000 UTC
|
||||
|
||||
### CTFE
|
||||
|
||||
The `reject_expired` and `reject_unexpired` configuration fields for the CTFE
|
||||
have been changed so that their behaviour reflects their name:
|
||||
|
||||
- `reject_expired` only rejects expired certificates (i.e. it now allows
|
||||
not-yet-valid certificates).
|
||||
- `reject_unexpired` only allows expired certificates (i.e. it now rejects
|
||||
not-yet-valid certificates).
|
||||
|
||||
A `reject_extensions` configuration field for the CTFE was added, this allows
|
||||
submissions to be rejected if they contain an extension with any of the
|
||||
specified OIDs.
|
||||
|
||||
A `frozen_sth` configuration field for the CTFE was added. This STH will be
|
||||
served permanently. It must be signed by the log's private key.
|
||||
|
||||
A `/healthz` URL has been added which responds with HTTP 200 OK and the string
|
||||
"ok" when the server is up.
|
||||
|
||||
#### Flags
|
||||
|
||||
The `ct_server` binary has these new flags:
|
||||
|
||||
- `mask_internal_errors` - Removes error strings from HTTP 500 responses
|
||||
(Internal Server Error)
|
||||
|
||||
Removed default values for `--metrics_endpoint` and `--log_rpc_server` flags.
|
||||
This makes it easier to get the documented "unset" behaviour.
|
||||
|
||||
#### Metrics
|
||||
|
||||
The CTFE exports these new metrics:
|
||||
|
||||
- `is_mirror` - set to 1 for mirror logs (copies of logs hosted elsewhere)
|
||||
- `frozen_sth_timestamp` - time of the frozen Signed Tree Head in milliseconds
|
||||
since the epoch
|
||||
|
||||
#### Kubernetes
|
||||
|
||||
Updated prometheus-to-sd to v0.5.2.
|
||||
|
||||
A dedicated node pool is no longer required by the Kubernetes manifests.
|
||||
|
||||
### Log Lists
|
||||
|
||||
A new package has been created for parsing, searching and creating JSON log
|
||||
lists compatible with the
|
||||
[v2 schema](http://www.gstatic.com/ct/log_list/v2_beta/log_list_schema.json):
|
||||
`github.com/google/certificate-transparency-go/loglist2`.
|
||||
|
||||
### Docker Images
|
||||
|
||||
Our Docker images have been updated to use Go 1.11 and
|
||||
[Distroless base images](https://github.com/GoogleContainerTools/distroless).
|
||||
|
||||
The CTFE Docker image now sets `ENTRYPOINT`.
|
||||
|
||||
### Utilities / Libraries
|
||||
|
||||
#### jsonclient
|
||||
|
||||
The `jsonclient` package now copes with empty HTTP responses. The user-agent
|
||||
header it sends can now be specified.
|
||||
|
||||
#### x509 and asn1 forks
|
||||
|
||||
Merged upstream changes from Go 1.12 into the `asn1` and `x509` packages.
|
||||
|
||||
Added a "lax" tag to `asn1` that applies recursively and makes some checks more
|
||||
relaxed:
|
||||
|
||||
- parsePrintableString() copes with invalid PrintableString contents, e.g. use
|
||||
of tagPrintableString when the string data is really ISO8859-1.
|
||||
- checkInteger() allows integers that are not minimally encoded (and so are
|
||||
not correct DER).
|
||||
- OIDs are allowed to be empty.
|
||||
|
||||
The following `x509` functions will now return `x509.NonFatalErrors` if ASN.1
|
||||
parsing fails in strict mode but succeeds in lax mode. Previously, they only
|
||||
attempted strict mode parsing.
|
||||
|
||||
- `x509.ParseTBSCertificate()`
|
||||
- `x509.ParseCertificate()`
|
||||
- `x509.ParseCertificates()`
|
||||
|
||||
The `x509` package will now treat a negative RSA modulus as a non-fatal error.
|
||||
|
||||
The `x509` package now supports RSASES-OAEP and Ed25519 keys.
|
||||
|
||||
#### ctclient
|
||||
|
||||
The `ctclient` tool now defaults to using
|
||||
[all_logs_list.json](https://www.gstatic.com/ct/log_list/all_logs_list.json)
|
||||
instead of [log_list.json](https://www.gstatic.com/ct/log_list/log_list.json).
|
||||
This can be overridden using the `--log_list` flag.
|
||||
|
||||
It can now perform inclusion checks on pre-certificates.
|
||||
|
||||
It has these new commands:
|
||||
|
||||
- `bisect` - Finds a log entry given a timestamp.
|
||||
|
||||
It has these new flags:
|
||||
|
||||
- `--chain` - Displays the entire certificate chain
|
||||
- `--dns_server` - The DNS server to direct queries to (system resolver by
|
||||
default)
|
||||
- `--skip_https_verify` - Skips verification of the HTTPS connection
|
||||
- `--timestamp` - Timestamp to use for `bisect` and `inclusion` commands (for
|
||||
`inclusion`, only if --leaf_hash is not used)
|
||||
|
||||
It now accepts hex or base64-encoded strings for the `--tree_hash`,
|
||||
`--prev_hash` and `--leaf_hash` flags.
|
||||
|
||||
#### certcheck
|
||||
|
||||
The `certcheck` tool has these new flags:
|
||||
|
||||
- `--check_time` - Check current validity of certificate (replaces
|
||||
`--timecheck`)
|
||||
- `--check_name` - Check validity of certificate name
|
||||
- `--check_eku` - Check validity of EKU nesting
|
||||
- `--check_path_len` - Check validity of path length constraint
|
||||
- `--check_name_constraint` - Check name constraints
|
||||
- `--check_unknown_critical_exts` - Check for unknown critical extensions
|
||||
(replaces `--ignore_unknown_critical_exts`)
|
||||
- `--strict` - Set non-zero exit code for non-fatal errors in parsing
|
||||
|
||||
#### sctcheck
|
||||
|
||||
The `sctcheck` tool has these new flags:
|
||||
|
||||
- `--check_inclusion` - Checks that the SCT was honoured (i.e. the
|
||||
corresponding certificate was included in the issuing CT log)
|
||||
|
||||
#### ct_hammer
|
||||
|
||||
The `ct_hammer` tool has these new flags:
|
||||
|
||||
- `--duplicate_chance` - Allows setting the probability of the hammer sending
|
||||
a duplicate submission.
|
||||
|
||||
## v1.0.21 - CTFE Logging / Path Options. Mirroring. RPKI. Non Fatal X.509 error improvements
|
||||
|
||||
Published 2018-08-20 10:11:04 +0000 UTC
|
||||
|
||||
### CTFE
|
||||
|
||||
`CTFE` no longer prints certificate chains as long byte strings in messages when handler errors occur. This was obscuring the reason for the failure and wasn't particularly useful.
|
||||
|
||||
`CTFE` now has a global log URL path prefix flag and a configuration proto for a log specific path. The latter should help for various migration strategies if existing C++ server logs are going to be converted to run on the new code.
|
||||
|
||||
### Mirroring
|
||||
|
||||
More progress has been made on log mirroring. We believe that it's now at the point where testing can begin.
|
||||
|
||||
### Utilities / Libraries
|
||||
|
||||
The `certcheck` and `ct_hammer` utilities have received more enhancements.
|
||||
|
||||
`x509` and `x509util` now support Subject Information Access and additional extensions for [RPKI / RFC 3779](https://www.ietf.org/rfc/rfc3779.txt).
|
||||
|
||||
`scanner` / `fixchain` and some other command line utilities now have better handling of non-fatal errors.
|
||||
|
||||
Commit [3629d6846518309d22c16fee15d1007262a459d2](https://api.github.com/repos/google/certificate-transparency-go/commits/3629d6846518309d22c16fee15d1007262a459d2) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.21)
|
||||
|
||||
## v1.0.20 - Minimal Gossip / Go 1.11 Fix / Utility Improvements
|
||||
|
||||
Published 2018-07-05 09:21:34 +0000 UTC
|
||||
|
||||
Enhancements have been made to various utilities including `scanner`, `sctcheck`, `loglist` and `x509util`.
|
||||
|
||||
The `allow_verification_with_non_compliant_keys` flag has been removed from `signatures.go`.
|
||||
|
||||
An implementation of Gossip has been added. See the `gossip/minimal` package for more information.
|
||||
|
||||
An X.509 compatibility issue for Go 1.11 has been fixed. This should be backwards compatible with 1.10.
|
||||
|
||||
Commit [37a384cd035e722ea46e55029093e26687138edf](https://api.github.com/repos/google/certificate-transparency-go/commits/37a384cd035e722ea46e55029093e26687138edf) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.20)
|
||||
|
||||
## v1.0.19 - CTFE User Quota
|
||||
|
||||
Published 2018-06-01 13:51:52 +0000 UTC
|
||||
|
@ -12,10 +405,10 @@ Commit [8736a411b4ff214ea20687e46c2b67d66ebd83fc](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:28:20 +0000 UTC
|
||||
|
||||
Work on a log migration tool (Migrillian) is in progress. This is not yet ready for production use but will provide features for mirroring and migrating logs.
|
||||
|
||||
The `RequestLog` API allows for logging of SCTs when they are issued by CTFE.
|
||||
|
||||
Work on a log migration tool (Migrillian) is in progress. This is not yet ready for production use but will provide features for mirroring and migrating logs.
|
||||
|
||||
The `RequestLog` API allows for logging of SCTs when they are issued by CTFE.
|
||||
|
||||
The CT Go client now supports `GetEntryAndProof`. Utilities have been switched over to use the `glog` package.
|
||||
|
||||
Commit [77abf2dac5410a62c04ac1c662c6d0fa54afc2dc](https://api.github.com/repos/google/certificate-transparency-go/commits/77abf2dac5410a62c04ac1c662c6d0fa54afc2dc) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.18)
|
||||
|
@ -24,12 +417,12 @@ Commit [77abf2dac5410a62c04ac1c662c6d0fa54afc2dc](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:25:16 +0000 UTC
|
||||
|
||||
Now uses Merkle Tree verification from Trillian.
|
||||
|
||||
The CT server now supports CORS.
|
||||
|
||||
Request tracing added using OpenCensus. For GCE / K8 it just requires the flag to be enabled to export traces to Stackdriver. Other environments may differ.
|
||||
|
||||
Now uses Merkle Tree verification from Trillian.
|
||||
|
||||
The CT server now supports CORS.
|
||||
|
||||
Request tracing added using OpenCensus. For GCE / K8 it just requires the flag to be enabled to export traces to Stackdriver. Other environments may differ.
|
||||
|
||||
A demo script was added that goes through setting up a simple deployment suitable for development / demo purposes. This may be useful for those new to the project.
|
||||
|
||||
Commit [3c3d22ce946447d047a03228ebb4a41e3e4eb15b](https://api.github.com/repos/google/certificate-transparency-go/commits/3c3d22ce946447d047a03228ebb4a41e3e4eb15b) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.17)
|
||||
|
@ -38,8 +431,8 @@ Commit [3c3d22ce946447d047a03228ebb4a41e3e4eb15b](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:22:23 +0000 UTC
|
||||
|
||||
An integration test was added that goes through a create / drain queue / freeze lifecycle for a log.
|
||||
|
||||
An integration test was added that goes through a create / drain queue / freeze lifecycle for a log.
|
||||
|
||||
Changes to `x509` were merged from Go 1.10.1.
|
||||
|
||||
Commit [a72423d09b410b80673fd1135ba1022d04bac6cd](https://api.github.com/repos/google/certificate-transparency-go/commits/a72423d09b410b80673fd1135ba1022d04bac6cd) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.16)
|
||||
|
@ -48,10 +441,10 @@ Commit [a72423d09b410b80673fd1135ba1022d04bac6cd](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:20:32 +0000 UTC
|
||||
|
||||
Facilities were added to the `x509` package to control whether verification checks are applied.
|
||||
|
||||
Log server requests are now balanced using `gRPClb`.
|
||||
|
||||
Facilities were added to the `x509` package to control whether verification checks are applied.
|
||||
|
||||
Log server requests are now balanced using `gRPClb`.
|
||||
|
||||
For Kubernetes, metrics can be published to Stackdriver monitoring.
|
||||
|
||||
Commit [684d6eee6092774e54d301ccad0ed61bc8d010c1](https://api.github.com/repos/google/certificate-transparency-go/commits/684d6eee6092774e54d301ccad0ed61bc8d010c1) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.15)
|
||||
|
@ -60,8 +453,8 @@ Commit [684d6eee6092774e54d301ccad0ed61bc8d010c1](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:15:37 +0000 UTC
|
||||
|
||||
Support for SQLlite was removed. This motivation was ongoing test flakiness caused by multi-user access. This database may work for an embedded scenario but is not suitable for use in a server environment.
|
||||
|
||||
Support for SQLite was removed. This motivation was ongoing test flakiness caused by multi-user access. This database may work for an embedded scenario but is not suitable for use in a server environment.
|
||||
|
||||
A `LeafHashForLeaf` client API was added and is now used by the CT client and integration tests.
|
||||
|
||||
Commit [698cd6a661196db4b2e71437422178ffe8705006](https://api.github.com/repos/google/certificate-transparency-go/commits/698cd6a661196db4b2e71437422178ffe8705006) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.14)
|
||||
|
@ -70,10 +463,10 @@ Commit [698cd6a661196db4b2e71437422178ffe8705006](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:15:21 +0000 UTC
|
||||
|
||||
Some of our custom crypto package that were wrapping calls to the standard package have been removed and the base features used directly.
|
||||
|
||||
Updates were made to GCE ingress and health checks.
|
||||
|
||||
Some of our custom crypto package that were wrapping calls to the standard package have been removed and the base features used directly.
|
||||
|
||||
Updates were made to GCE ingress and health checks.
|
||||
|
||||
The log list utility can verify signatures.
|
||||
|
||||
Commit [480c3654a70c5383b9543ec784203030aedbd3a5](https://api.github.com/repos/google/certificate-transparency-go/commits/480c3654a70c5383b9543ec784203030aedbd3a5) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.13)
|
||||
|
@ -82,10 +475,10 @@ Commit [480c3654a70c5383b9543ec784203030aedbd3a5](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:13:42 +0000 UTC
|
||||
|
||||
The CT client can now use a JSON loglist to find logs.
|
||||
|
||||
CTFE had a fix applied for preissued precerts.
|
||||
|
||||
The CT client can now use a JSON loglist to find logs.
|
||||
|
||||
CTFE had a fix applied for preissued precerts.
|
||||
|
||||
A DNS client was added and CT client was extended to support DNS retrieval.
|
||||
|
||||
Commit [74c06c95e0b304a050a1c33764c8a01d653a16e3](https://api.github.com/repos/google/certificate-transparency-go/commits/74c06c95e0b304a050a1c33764c8a01d653a16e3) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.12)
|
||||
|
@ -102,8 +495,8 @@ Commit [0856acca7e0ab7f082ae83a1fbb5d21160962efc](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:09:47 +0000 UTC
|
||||
|
||||
The CT client was using the wrong protobuffer library package. To guard against this in future a check has been added to our lint config.
|
||||
|
||||
The CT client was using the wrong protobuffer library package. To guard against this in future a check has been added to our lint config.
|
||||
|
||||
The `x509` and `asn1` packages have had upstream fixes applied from Go 1.10rc1.
|
||||
|
||||
Commit [1bec4527572c443752ad4f2830bef88be0533236](https://api.github.com/repos/google/certificate-transparency-go/commits/1bec4527572c443752ad4f2830bef88be0533236) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.10)
|
||||
|
@ -112,10 +505,10 @@ Commit [1bec4527572c443752ad4f2830bef88be0533236](https://api.github.com/repos/g
|
|||
|
||||
Published 2018-06-01 14:11:13 +0000 UTC
|
||||
|
||||
The `scanner` utility now displays throughput stats.
|
||||
|
||||
Build instructions and README files were updated.
|
||||
|
||||
The `scanner` utility now displays throughput stats.
|
||||
|
||||
Build instructions and README files were updated.
|
||||
|
||||
The `certcheck` utility can be told to ignore unknown critical X.509 extensions.
|
||||
|
||||
Commit [c06833528d04a94eed0c775104d1107bab9ae17c](https://api.github.com/repos/google/certificate-transparency-go/commits/c06833528d04a94eed0c775104d1107bab9ae17c) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.9)
|
||||
|
@ -191,4 +584,3 @@ Published 2018-06-01 13:59:00 +0000 UTC
|
|||
This is the point that corresponds to the 1.0 release in the trillian repo.
|
||||
|
||||
Commit [abb79e468b6f3bbd48d1ab0c9e68febf80d52c4d](https://api.github.com/repos/google/certificate-transparency-go/commits/abb79e468b6f3bbd48d1ab0c9e68febf80d52c4d) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0)
|
||||
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/CODEOWNERS
generated
vendored
Normal file
1
vendor/github.com/google/certificate-transparency-go/CODEOWNERS
generated
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
* @google/certificate-transparency
|
3
vendor/github.com/google/certificate-transparency-go/CONTRIBUTORS
generated
vendored
3
vendor/github.com/google/certificate-transparency-go/CONTRIBUTORS
generated
vendored
|
@ -47,11 +47,14 @@ Oliver Weidner <Oliver.Weidner@gmail.com>
|
|||
Pascal Leroy <phl@google.com>
|
||||
Paul Hadfield <hadfieldp@google.com> <paul@phad.org.uk>
|
||||
Paul Lietar <lietar@google.com>
|
||||
Pavel Kalinnikov <pkalinnikov@google.com> <pavelkalinnikov@gmail.com>
|
||||
Pierre Phaneuf <pphaneuf@google.com>
|
||||
Rob Percival <robpercival@google.com>
|
||||
Rob Stradling <rob@comodo.com>
|
||||
Roger Ng <rogerng@google.com> <roger2hk@gmail.com>
|
||||
Roland Shoemaker <roland@letsencrypt.org>
|
||||
Ruslan Kovalov <ruslan.kovalyov@gmail.com>
|
||||
Samuel Lidén Borell <samuel@kodafritt.se>
|
||||
Tatiana Merkulova <merkulova@google.com>
|
||||
Vladimir Rutsky <vladimir@rutsky.org>
|
||||
Ximin Luo <infinity0@gmx.com>
|
||||
|
|
16
vendor/github.com/google/certificate-transparency-go/PULL_REQUEST_TEMPLATE.md
generated
vendored
Normal file
16
vendor/github.com/google/certificate-transparency-go/PULL_REQUEST_TEMPLATE.md
generated
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
<!---
|
||||
Describe your changes in detail here.
|
||||
If this fixes an issue, please write "Fixes #123", substituting the issue number.
|
||||
-->
|
||||
|
||||
### Checklist
|
||||
|
||||
<!---
|
||||
Go over all the following points, and put an `x` in all the boxes that apply.
|
||||
Feel free to not tick any boxes that don't apply to this PR (e.g. refactoring may not need a CHANGELOG update).
|
||||
If you're unsure about any of these, don't hesitate to ask. We're here to help!
|
||||
-->
|
||||
|
||||
- [ ] I have updated the [CHANGELOG](CHANGELOG.md).
|
||||
- Adjust the draft version number according to [semantic versioning](https://semver.org/) rules.
|
||||
- [ ] I have updated [documentation](docs/) accordingly.
|
118
vendor/github.com/google/certificate-transparency-go/README.md
generated
vendored
118
vendor/github.com/google/certificate-transparency-go/README.md
generated
vendored
|
@ -6,14 +6,14 @@
|
|||
|
||||
This repository holds Go code related to
|
||||
[Certificate Transparency](https://www.certificate-transparency.org/) (CT). The
|
||||
repository requires Go version 1.9.
|
||||
repository requires Go version 1.17.
|
||||
|
||||
- [Repository Structure](#repository-structure)
|
||||
- [Trillian CT Personality](#trillian-ct-personality)
|
||||
- [Working on the Code](#working-on-the-code)
|
||||
- [Running Codebase Checks](#running-codebase-checks)
|
||||
- [Rebuilding Generated Code](#rebuilding-generated-code)
|
||||
- [Updating Vendor Code](#updating-vendor-code)
|
||||
- [Running Codebase Checks](#running-codebase-checks)
|
||||
|
||||
## Repository Structure
|
||||
|
||||
|
@ -29,57 +29,44 @@ The main parts of the repository are:
|
|||
[pre-certificates defined in RFC 6962](https://tools.ietf.org/html/rfc6962#section-3.1).
|
||||
- `tls` holds a library for processing TLS-encoded data as described in
|
||||
[RFC 5246](https://tools.ietf.org/html/rfc5246).
|
||||
- `x509util` provides additional utilities for dealing with
|
||||
- `x509util/` provides additional utilities for dealing with
|
||||
`x509.Certificate`s.
|
||||
- CT client libraries:
|
||||
- The top-level `ct` package (in `.`) holds types and utilities for working
|
||||
with CT data structures defined in
|
||||
[RFC 6962](https://tools.ietf.org/html/rfc6962).
|
||||
- `client/` and `jsonclient/` hold libraries that allow access to CT Logs
|
||||
via entrypoints described in
|
||||
via HTTP entrypoints described in
|
||||
[section 4 of RFC 6962](https://tools.ietf.org/html/rfc6962#section-4).
|
||||
- `dnsclient/` has a library that allows access to CT Logs over
|
||||
[DNS](https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md).
|
||||
- `scanner/` holds a library for scanning the entire contents of an existing
|
||||
CT Log.
|
||||
- CT Personality for [Trillian](https://github.com/google/trillian):
|
||||
- `trillian/` holds code that allows a Certificate Transparency Log to be
|
||||
run using a Trillian Log as its back-end -- see
|
||||
[below](#trillian-ct-personality).
|
||||
- Command line tools:
|
||||
- `./client/ctclient` allows interaction with a CT Log
|
||||
- `./client/ctclient` allows interaction with a CT Log.
|
||||
- `./ctutil/sctcheck` allows SCTs (signed certificate timestamps) from a CT
|
||||
Log to be verified.
|
||||
- `./scanner/scanlog` allows an existing CT Log to be scanned for certificates
|
||||
of interest; please be polite when running this tool against a Log.
|
||||
- `./x509util/certcheck` allows display and verification of certificates
|
||||
- `./x509util/crlcheck` allows display and verification of certificate
|
||||
revocation lists (CRLs).
|
||||
- CT Personality for [Trillian](https://github.com/google/trillian):
|
||||
- `trillian/` holds code that allows a Certificate Transparency Log to be
|
||||
run using a Trillian Log as its back-end -- see
|
||||
[below](#trillian-ct-personality).
|
||||
- Other libraries related to CT:
|
||||
- `ctutil/` holds utility functions for validating and verifying CT data
|
||||
structures.
|
||||
- `loglist3/` has a library for reading
|
||||
[v3 JSON lists of CT Logs](https://groups.google.com/a/chromium.org/g/ct-policy/c/IdbrdAcDQto/m/i5KPyzYwBAAJ).
|
||||
|
||||
|
||||
## Trillian CT Personality
|
||||
|
||||
The `trillian/` subdirectory holds code and scripts for running a CT Log based
|
||||
on the [Trillian](https://github.com/google/trillian) general transparency Log.
|
||||
|
||||
The main code for the CT personality is held in `trillian/ctfe`; this code
|
||||
responds to HTTP requests on the
|
||||
[CT API paths](https://tools.ietf.org/html/rfc6962#section-4) and translates
|
||||
them to the equivalent gRPC API requests to the Trillian Log.
|
||||
|
||||
This obviously relies on the gRPC API definitions at
|
||||
`github.com/google/trillian`; the code also uses common libraries from the
|
||||
Trillian project for:
|
||||
- exposing monitoring and statistics via an `interface` and corresponding
|
||||
Prometheus implementation (`github.com/google/trillian/monitoring/...`)
|
||||
- dealing with cryptographic keys (`github.com/google/trillian/crypto/...`).
|
||||
|
||||
The `trillian/integration/` directory holds scripts and tests for running the whole
|
||||
system locally. In particular:
|
||||
- `trillian/integration/ct_integration_test.sh` brings up local processes
|
||||
running a Trillian Log server, signer and a CT personality, and exercises the
|
||||
complete set of RFC 6962 API entrypoints.
|
||||
- `trillian/integration/ct_hammer_test.sh` brings up a complete system and runs
|
||||
a continuous randomized test of the CT entrypoints.
|
||||
|
||||
These scripts require a local database instance to be configured as described
|
||||
in the [Trillian instructions](https://github.com/google/trillian#mysql-setup).
|
||||
on the [Trillian](https://github.com/google/trillian) general transparency Log,
|
||||
and is [documented separately](trillian/README.md).
|
||||
|
||||
|
||||
## Working on the Code
|
||||
|
@ -90,48 +77,15 @@ dependencies and tools, described in the following sections. The
|
|||
for the required tools and scripts, as it may be more up-to-date than this
|
||||
document.
|
||||
|
||||
### Rebuilding Generated Code
|
||||
|
||||
Some of the CT Go code is autogenerated from other files:
|
||||
|
||||
- [Protocol buffer](https://developers.google.com/protocol-buffers/) message
|
||||
definitions are converted to `.pb.go` implementations.
|
||||
- A mock implementation of the Trillian gRPC API (in `trillian/mockclient`) is
|
||||
created with [GoMock](https://github.com/golang/mock).
|
||||
|
||||
Re-generating mock or protobuffer files is only needed if you're changing
|
||||
the original files; if you do, you'll need to install the prerequisites:
|
||||
|
||||
- `mockgen` tool from https://github.com/golang/mock
|
||||
- `protoc`, [Go support for protoc](https://github.com/golang/protobuf) (see
|
||||
documentation linked from the
|
||||
[protobuf site](https://github.com/google/protobuf))
|
||||
|
||||
and run the following:
|
||||
|
||||
```bash
|
||||
go generate -x ./... # hunts for //go:generate comments and runs them
|
||||
```
|
||||
|
||||
### Updating Vendor Code
|
||||
|
||||
The codebase includes a couple of external projects under the `vendor/`
|
||||
subdirectory, to ensure that builds use a fixed version (typically because the
|
||||
upstream repository does not guarantee back-compatibility between the tip
|
||||
`master` branch and the current stable release). See
|
||||
[instructions in the Trillian repo](https://github.com/google/trillian#updating-vendor-code)
|
||||
for how to update vendored subtrees.
|
||||
|
||||
|
||||
### Running Codebase Checks
|
||||
|
||||
The [`scripts/presubmit.sh`](scripts/presubmit.sh) script runs various tools
|
||||
and tests over the codebase.
|
||||
and tests over the codebase; please ensure this script passes before sending
|
||||
pull requests for review.
|
||||
|
||||
```bash
|
||||
# Install gometalinter and all linters
|
||||
go get -u github.com/alecthomas/gometalinter
|
||||
gometalinter --install
|
||||
# Install golangci-lint
|
||||
go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.1
|
||||
|
||||
# Run code generation, build, test and linters
|
||||
./scripts/presubmit.sh
|
||||
|
@ -140,5 +94,27 @@ gometalinter --install
|
|||
./scripts/presubmit.sh --no-generate
|
||||
|
||||
# Or just run the linters alone:
|
||||
gometalinter --config=gometalinter.json ./...
|
||||
golangci-lint run
|
||||
```
|
||||
|
||||
### Rebuilding Generated Code
|
||||
|
||||
Some of the CT Go code is autogenerated from other files:
|
||||
|
||||
- [Protocol buffer](https://developers.google.com/protocol-buffers/) message
|
||||
definitions are converted to `.pb.go` implementations.
|
||||
- A mock implementation of the Trillian gRPC API (in `trillian/mockclient`) is
|
||||
created with [GoMock](https://github.com/golang/mock).
|
||||
|
||||
Re-generating mock or protobuffer files is only needed if you're changing
|
||||
the original files; if you do, you'll need to install the prerequisites:
|
||||
|
||||
- tools written in `go` can be installed with a single run of `go install`
|
||||
(courtesy of [`tools.go`](./tools/tools.go) and `go.mod`).
|
||||
- `protoc` tool: you'll need [version 3.12.4](https://github.com/protocolbuffers/protobuf/releases/tag/v3.12.4) installed, and `PATH` updated to include its `bin/` directory.
|
||||
|
||||
With tools installed, run the following:
|
||||
|
||||
```bash
|
||||
go generate -x ./... # hunts for //go:generate comments and runs them
|
||||
```
|
||||
|
|
7
vendor/github.com/google/certificate-transparency-go/asn1/README.md
generated
vendored
Normal file
7
vendor/github.com/google/certificate-transparency-go/asn1/README.md
generated
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Important Notice
|
||||
|
||||
This is a fork of the `encoding/asn1` Go package. The original source can be found on
|
||||
[GitHub](https://github.com/golang/go).
|
||||
|
||||
Be careful about making local modifications to this code as it will
|
||||
make maintenance harder in future.
|
146
vendor/github.com/google/certificate-transparency-go/asn1/asn1.go
generated
vendored
146
vendor/github.com/google/certificate-transparency-go/asn1/asn1.go
generated
vendored
|
@ -5,13 +5,24 @@
|
|||
// Package asn1 implements parsing of DER-encoded ASN.1 data structures,
|
||||
// as defined in ITU-T Rec X.690.
|
||||
//
|
||||
// See also ``A Layman's Guide to a Subset of ASN.1, BER, and DER,''
|
||||
// See also “A Layman's Guide to a Subset of ASN.1, BER, and DER,”
|
||||
// http://luca.ntop.org/Teaching/Appunti/asn1.html.
|
||||
//
|
||||
// This is a fork of the Go standard library ASN.1 implementation
|
||||
// (encoding/asn1). The main difference is that this version tries to correct
|
||||
// for errors (e.g. use of tagPrintableString when the string data is really
|
||||
// ISO8859-1 - a common error present in many x509 certificates in the wild.)
|
||||
// (encoding/asn1), with the aim of relaxing checks for various things
|
||||
// that are common errors present in many X.509 certificates in the
|
||||
// wild.
|
||||
//
|
||||
// Main differences:
|
||||
// - Extra "lax" tag that recursively applies and relaxes some strict
|
||||
// checks:
|
||||
// - parsePrintableString() copes with invalid PrintableString contents,
|
||||
// e.g. use of tagPrintableString when the string data is really
|
||||
// ISO8859-1.
|
||||
// - checkInteger() allows integers that are not minimally encoded (and
|
||||
// so are not correct DER).
|
||||
// - parseObjectIdentifier() allows zero-length OIDs.
|
||||
// - Better diagnostics on which particular field causes errors.
|
||||
package asn1
|
||||
|
||||
// ASN.1 is a syntax for specifying abstract objects and BER, DER, PER, XER etc
|
||||
|
@ -31,8 +42,8 @@ import (
|
|||
"math/big"
|
||||
"reflect"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode/utf16"
|
||||
"unicode/utf8"
|
||||
)
|
||||
|
||||
|
@ -94,13 +105,16 @@ func parseBool(bytes []byte, fieldName string) (ret bool, err error) {
|
|||
|
||||
// checkInteger returns nil if the given bytes are a valid DER-encoded
|
||||
// INTEGER and an error otherwise.
|
||||
func checkInteger(bytes []byte, fieldName string) error {
|
||||
func checkInteger(bytes []byte, lax bool, fieldName string) error {
|
||||
if len(bytes) == 0 {
|
||||
return StructuralError{"empty integer", fieldName}
|
||||
}
|
||||
if len(bytes) == 1 {
|
||||
return nil
|
||||
}
|
||||
if lax {
|
||||
return nil
|
||||
}
|
||||
if (bytes[0] == 0 && bytes[1]&0x80 == 0) || (bytes[0] == 0xff && bytes[1]&0x80 == 0x80) {
|
||||
return StructuralError{"integer not minimally-encoded", fieldName}
|
||||
}
|
||||
|
@ -109,8 +123,8 @@ func checkInteger(bytes []byte, fieldName string) error {
|
|||
|
||||
// parseInt64 treats the given bytes as a big-endian, signed integer and
|
||||
// returns the result.
|
||||
func parseInt64(bytes []byte, fieldName string) (ret int64, err error) {
|
||||
err = checkInteger(bytes, fieldName)
|
||||
func parseInt64(bytes []byte, lax bool, fieldName string) (ret int64, err error) {
|
||||
err = checkInteger(bytes, lax, fieldName)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -132,11 +146,11 @@ func parseInt64(bytes []byte, fieldName string) (ret int64, err error) {
|
|||
|
||||
// parseInt treats the given bytes as a big-endian, signed integer and returns
|
||||
// the result.
|
||||
func parseInt32(bytes []byte, fieldName string) (int32, error) {
|
||||
if err := checkInteger(bytes, fieldName); err != nil {
|
||||
func parseInt32(bytes []byte, lax bool, fieldName string) (int32, error) {
|
||||
if err := checkInteger(bytes, lax, fieldName); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
ret64, err := parseInt64(bytes, fieldName)
|
||||
ret64, err := parseInt64(bytes, lax, fieldName)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
|
@ -150,8 +164,8 @@ var bigOne = big.NewInt(1)
|
|||
|
||||
// parseBigInt treats the given bytes as a big-endian, signed integer and returns
|
||||
// the result.
|
||||
func parseBigInt(bytes []byte, fieldName string) (*big.Int, error) {
|
||||
if err := checkInteger(bytes, fieldName); err != nil {
|
||||
func parseBigInt(bytes []byte, lax bool, fieldName string) (*big.Int, error) {
|
||||
if err := checkInteger(bytes, lax, fieldName); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ret := new(big.Int)
|
||||
|
@ -270,8 +284,11 @@ func (oi ObjectIdentifier) String() string {
|
|||
// parseObjectIdentifier parses an OBJECT IDENTIFIER from the given bytes and
|
||||
// returns it. An object identifier is a sequence of variable length integers
|
||||
// that are assigned in a hierarchy.
|
||||
func parseObjectIdentifier(bytes []byte, fieldName string) (s []int, err error) {
|
||||
func parseObjectIdentifier(bytes []byte, lax bool, fieldName string) (s ObjectIdentifier, err error) {
|
||||
if len(bytes) == 0 {
|
||||
if lax {
|
||||
return ObjectIdentifier{}, nil
|
||||
}
|
||||
err = SyntaxError{"zero length OBJECT IDENTIFIER", fieldName}
|
||||
return
|
||||
}
|
||||
|
@ -415,10 +432,25 @@ func isNumeric(b byte) bool {
|
|||
|
||||
// parsePrintableString parses an ASN.1 PrintableString from the given byte
|
||||
// array and returns it.
|
||||
func parsePrintableString(bytes []byte, fieldName string) (ret string, err error) {
|
||||
func parsePrintableString(bytes []byte, lax bool, fieldName string) (ret string, err error) {
|
||||
for _, b := range bytes {
|
||||
if !isPrintable(b, allowAsterisk, allowAmpersand) {
|
||||
err = SyntaxError{"PrintableString contains invalid character", fieldName}
|
||||
if !lax {
|
||||
err = SyntaxError{"PrintableString contains invalid character", fieldName}
|
||||
} else {
|
||||
// Might be an ISO8859-1 string stuffed in, check if it
|
||||
// would be valid and assume that's what's happened if so,
|
||||
// otherwise try T.61, failing that give up and just assign
|
||||
// the bytes
|
||||
switch {
|
||||
case couldBeISO8859_1(bytes):
|
||||
ret, err = iso8859_1ToUTF8(bytes), nil
|
||||
case couldBeT61(bytes):
|
||||
ret, err = parseT61String(bytes)
|
||||
default:
|
||||
err = SyntaxError{"PrintableString contains invalid character, couldn't determine correct String type", fieldName}
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -495,6 +527,29 @@ func parseUTF8String(bytes []byte) (ret string, err error) {
|
|||
return string(bytes), nil
|
||||
}
|
||||
|
||||
// BMPString
|
||||
|
||||
// parseBMPString parses an ASN.1 BMPString (Basic Multilingual Plane of
|
||||
// ISO/IEC/ITU 10646-1) from the given byte slice and returns it.
|
||||
func parseBMPString(bmpString []byte) (string, error) {
|
||||
if len(bmpString)%2 != 0 {
|
||||
return "", errors.New("pkcs12: odd-length BMP string")
|
||||
}
|
||||
|
||||
// Strip terminator if present.
|
||||
if l := len(bmpString); l >= 2 && bmpString[l-1] == 0 && bmpString[l-2] == 0 {
|
||||
bmpString = bmpString[:l-2]
|
||||
}
|
||||
|
||||
s := make([]uint16, 0, len(bmpString)/2)
|
||||
for len(bmpString) > 0 {
|
||||
s = append(s, uint16(bmpString[0])<<8+uint16(bmpString[1]))
|
||||
bmpString = bmpString[2:]
|
||||
}
|
||||
|
||||
return string(utf16.Decode(s)), nil
|
||||
}
|
||||
|
||||
// A RawValue represents an undecoded ASN.1 object.
|
||||
type RawValue struct {
|
||||
Class, Tag int
|
||||
|
@ -592,7 +647,7 @@ func parseTagAndLength(bytes []byte, initOffset int, fieldName string) (ret tagA
|
|||
// parseSequenceOf is used for SEQUENCE OF and SET OF values. It tries to parse
|
||||
// a number of ASN.1 values from the given byte slice and returns them as a
|
||||
// slice of Go values of the given type.
|
||||
func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type, fieldName string) (ret reflect.Value, err error) {
|
||||
func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type, lax bool, fieldName string) (ret reflect.Value, err error) {
|
||||
matchAny, expectedTag, compoundType, ok := getUniversalType(elemType)
|
||||
if !ok {
|
||||
err = StructuralError{"unknown Go type for slice", fieldName}
|
||||
|
@ -609,7 +664,7 @@ func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type
|
|||
return
|
||||
}
|
||||
switch t.tag {
|
||||
case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString:
|
||||
case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString, TagBMPString:
|
||||
// We pretend that various other string types are
|
||||
// PRINTABLE STRINGs so that a sequence of them can be
|
||||
// parsed into a []string.
|
||||
|
@ -631,7 +686,7 @@ func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type
|
|||
numElements++
|
||||
}
|
||||
ret = reflect.MakeSlice(sliceType, numElements, numElements)
|
||||
params := fieldParameters{}
|
||||
params := fieldParameters{lax: lax}
|
||||
offset := 0
|
||||
for i := 0; i < numElements; i++ {
|
||||
offset, err = parseField(ret.Index(i), bytes, offset, params)
|
||||
|
@ -653,7 +708,7 @@ var (
|
|||
bigIntType = reflect.TypeOf(new(big.Int))
|
||||
)
|
||||
|
||||
// invalidLength returns true iff offset + length > sliceLength, or if the
|
||||
// invalidLength reports whether offset + length > sliceLength, or if the
|
||||
// addition would overflow.
|
||||
func invalidLength(offset, length, sliceLength int) bool {
|
||||
return offset+length < offset || offset+length > sliceLength
|
||||
|
@ -735,22 +790,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
innerBytes := bytes[offset : offset+t.length]
|
||||
switch t.tag {
|
||||
case TagPrintableString:
|
||||
result, err = parsePrintableString(innerBytes, params.name)
|
||||
if err != nil && strings.Contains(err.Error(), "PrintableString contains invalid character") {
|
||||
// Probably an ISO8859-1 string stuffed in, check if it
|
||||
// would be valid and assume that's what's happened if so,
|
||||
// otherwise try T.61, failing that give up and just assign
|
||||
// the bytes
|
||||
switch {
|
||||
case couldBeISO8859_1(innerBytes):
|
||||
result, err = iso8859_1ToUTF8(innerBytes), nil
|
||||
case couldBeT61(innerBytes):
|
||||
result, err = parseT61String(innerBytes)
|
||||
default:
|
||||
result = nil
|
||||
err = errors.New("PrintableString contains invalid character, but couldn't determine correct String type.")
|
||||
}
|
||||
}
|
||||
result, err = parsePrintableString(innerBytes, params.lax, params.name)
|
||||
case TagNumericString:
|
||||
result, err = parseNumericString(innerBytes, params.name)
|
||||
case TagIA5String:
|
||||
|
@ -760,17 +800,19 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
case TagUTF8String:
|
||||
result, err = parseUTF8String(innerBytes)
|
||||
case TagInteger:
|
||||
result, err = parseInt64(innerBytes, params.name)
|
||||
result, err = parseInt64(innerBytes, params.lax, params.name)
|
||||
case TagBitString:
|
||||
result, err = parseBitString(innerBytes, params.name)
|
||||
case TagOID:
|
||||
result, err = parseObjectIdentifier(innerBytes, params.name)
|
||||
result, err = parseObjectIdentifier(innerBytes, params.lax, params.name)
|
||||
case TagUTCTime:
|
||||
result, err = parseUTCTime(innerBytes)
|
||||
case TagGeneralizedTime:
|
||||
result, err = parseGeneralizedTime(innerBytes)
|
||||
case TagOctetString:
|
||||
result = innerBytes
|
||||
case TagBMPString:
|
||||
result, err = parseBMPString(innerBytes)
|
||||
default:
|
||||
// If we don't know how to handle the type, we just leave Value as nil.
|
||||
}
|
||||
|
@ -839,7 +881,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
if universalTag == TagPrintableString {
|
||||
if t.class == ClassUniversal {
|
||||
switch t.tag {
|
||||
case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString:
|
||||
case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString, TagBMPString:
|
||||
universalTag = t.tag
|
||||
}
|
||||
} else if params.stringType != 0 {
|
||||
|
@ -873,6 +915,12 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
matchAnyClassAndTag = false
|
||||
}
|
||||
|
||||
if !params.explicit && params.private && params.tag != nil {
|
||||
expectedClass = ClassPrivate
|
||||
expectedTag = *params.tag
|
||||
matchAnyClassAndTag = false
|
||||
}
|
||||
|
||||
// We have unwrapped any explicit tagging at this point.
|
||||
if !matchAnyClassAndTag && (t.class != expectedClass || t.tag != expectedTag) ||
|
||||
(!matchAny && t.isCompound != compoundType) {
|
||||
|
@ -899,7 +947,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
v.Set(reflect.ValueOf(result))
|
||||
return
|
||||
case objectIdentifierType:
|
||||
newSlice, err1 := parseObjectIdentifier(innerBytes, params.name)
|
||||
newSlice, err1 := parseObjectIdentifier(innerBytes, params.lax, params.name)
|
||||
v.Set(reflect.MakeSlice(v.Type(), len(newSlice), len(newSlice)))
|
||||
if err1 == nil {
|
||||
reflect.Copy(v, reflect.ValueOf(newSlice))
|
||||
|
@ -927,7 +975,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
err = err1
|
||||
return
|
||||
case enumeratedType:
|
||||
parsedInt, err1 := parseInt32(innerBytes, params.name)
|
||||
parsedInt, err1 := parseInt32(innerBytes, params.lax, params.name)
|
||||
if err1 == nil {
|
||||
v.SetInt(int64(parsedInt))
|
||||
}
|
||||
|
@ -937,7 +985,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
v.SetBool(true)
|
||||
return
|
||||
case bigIntType:
|
||||
parsedInt, err1 := parseBigInt(innerBytes, params.name)
|
||||
parsedInt, err1 := parseBigInt(innerBytes, params.lax, params.name)
|
||||
if err1 == nil {
|
||||
v.Set(reflect.ValueOf(parsedInt))
|
||||
}
|
||||
|
@ -954,13 +1002,13 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
return
|
||||
case reflect.Int, reflect.Int32, reflect.Int64:
|
||||
if val.Type().Size() == 4 {
|
||||
parsedInt, err1 := parseInt32(innerBytes, params.name)
|
||||
parsedInt, err1 := parseInt32(innerBytes, params.lax, params.name)
|
||||
if err1 == nil {
|
||||
val.SetInt(int64(parsedInt))
|
||||
}
|
||||
err = err1
|
||||
} else {
|
||||
parsedInt, err1 := parseInt64(innerBytes, params.name)
|
||||
parsedInt, err1 := parseInt64(innerBytes, params.lax, params.name)
|
||||
if err1 == nil {
|
||||
val.SetInt(parsedInt)
|
||||
}
|
||||
|
@ -992,6 +1040,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
}
|
||||
innerParams := parseFieldParameters(field.Tag.Get("asn1"))
|
||||
innerParams.name = field.Name
|
||||
innerParams.lax = params.lax
|
||||
innerOffset, err = parseField(val.Field(i), innerBytes, innerOffset, innerParams)
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -1008,7 +1057,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
reflect.Copy(val, reflect.ValueOf(innerBytes))
|
||||
return
|
||||
}
|
||||
newSlice, err1 := parseSequenceOf(innerBytes, sliceType, sliceType.Elem(), params.name)
|
||||
newSlice, err1 := parseSequenceOf(innerBytes, sliceType, sliceType.Elem(), params.lax, params.name)
|
||||
if err1 == nil {
|
||||
val.Set(newSlice)
|
||||
}
|
||||
|
@ -1018,7 +1067,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
var v string
|
||||
switch universalTag {
|
||||
case TagPrintableString:
|
||||
v, err = parsePrintableString(innerBytes, params.name)
|
||||
v, err = parsePrintableString(innerBytes, params.lax, params.name)
|
||||
case TagNumericString:
|
||||
v, err = parseNumericString(innerBytes, params.name)
|
||||
case TagIA5String:
|
||||
|
@ -1033,6 +1082,9 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
|||
// that allow the encoding to change midstring and
|
||||
// such. We give up and pass it as an 8-bit string.
|
||||
v, err = parseT61String(innerBytes)
|
||||
case TagBMPString:
|
||||
v, err = parseBMPString(innerBytes)
|
||||
|
||||
default:
|
||||
err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag), params.name}
|
||||
}
|
||||
|
@ -1110,11 +1162,13 @@ func setDefaultValue(v reflect.Value, params fieldParameters) (ok bool) {
|
|||
// The following tags on struct fields have special meaning to Unmarshal:
|
||||
//
|
||||
// application specifies that an APPLICATION tag is used
|
||||
// private specifies that a PRIVATE tag is used
|
||||
// default:x sets the default value for optional integer fields (only used if optional is also present)
|
||||
// explicit specifies that an additional, explicit tag wraps the implicit one
|
||||
// optional marks the field as ASN.1 OPTIONAL
|
||||
// set causes a SET, rather than a SEQUENCE type to be expected
|
||||
// tag:x specifies the ASN.1 tag number; implies ASN.1 CONTEXT SPECIFIC
|
||||
// lax relax strict encoding checks for this field, and for any fields within it
|
||||
//
|
||||
// If the type of the first field of a structure is RawContent then the raw
|
||||
// ASN1 contents of the struct will be stored in it.
|
||||
|
|
10
vendor/github.com/google/certificate-transparency-go/asn1/common.go
generated
vendored
10
vendor/github.com/google/certificate-transparency-go/asn1/common.go
generated
vendored
|
@ -37,6 +37,7 @@ const (
|
|||
TagUTCTime = 23
|
||||
TagGeneralizedTime = 24
|
||||
TagGeneralString = 27
|
||||
TagBMPString = 30
|
||||
)
|
||||
|
||||
// ASN.1 class types represent the namespace of the tag.
|
||||
|
@ -75,12 +76,14 @@ type fieldParameters struct {
|
|||
optional bool // true iff the field is OPTIONAL
|
||||
explicit bool // true iff an EXPLICIT tag is in use.
|
||||
application bool // true iff an APPLICATION tag is in use.
|
||||
private bool // true iff a PRIVATE tag is in use.
|
||||
defaultValue *int64 // a default value for INTEGER typed fields (maybe nil).
|
||||
tag *int // the EXPLICIT or IMPLICIT tag (maybe nil).
|
||||
stringType int // the string tag to use when marshaling.
|
||||
timeType int // the time tag to use when marshaling.
|
||||
set bool // true iff this should be encoded as a SET
|
||||
omitEmpty bool // true iff this should be omitted if empty when marshaling.
|
||||
lax bool // true iff unmarshalling should skip some error checks
|
||||
name string // name of field for better diagnostics
|
||||
|
||||
// Invariants:
|
||||
|
@ -131,8 +134,15 @@ func parseFieldParameters(str string) (ret fieldParameters) {
|
|||
if ret.tag == nil {
|
||||
ret.tag = new(int)
|
||||
}
|
||||
case part == "private":
|
||||
ret.private = true
|
||||
if ret.tag == nil {
|
||||
ret.tag = new(int)
|
||||
}
|
||||
case part == "omitempty":
|
||||
ret.omitEmpty = true
|
||||
case part == "lax":
|
||||
ret.lax = true
|
||||
}
|
||||
}
|
||||
return
|
||||
|
|
2
vendor/github.com/google/certificate-transparency-go/asn1/marshal.go
generated
vendored
2
vendor/github.com/google/certificate-transparency-go/asn1/marshal.go
generated
vendored
|
@ -631,6 +631,8 @@ func makeField(v reflect.Value, params fieldParameters) (e encoder, err error) {
|
|||
if params.tag != nil {
|
||||
if params.application {
|
||||
class = ClassApplication
|
||||
} else if params.private {
|
||||
class = ClassPrivate
|
||||
} else {
|
||||
class = ClassContextSpecific
|
||||
}
|
||||
|
|
326
vendor/github.com/google/certificate-transparency-go/client/configpb/multilog.pb.go
generated
vendored
326
vendor/github.com/google/certificate-transparency-go/client/configpb/multilog.pb.go
generated
vendored
|
@ -1,60 +1,85 @@
|
|||
// Copyright 2017 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// source: multilog.proto
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.0
|
||||
// protoc v3.20.1
|
||||
// source: client/configpb/multilog.proto
|
||||
|
||||
package configpb
|
||||
|
||||
import proto "github.com/golang/protobuf/proto"
|
||||
import fmt "fmt"
|
||||
import math "math"
|
||||
import timestamp "github.com/golang/protobuf/ptypes/timestamp"
|
||||
import (
|
||||
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
||||
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
||||
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
|
||||
reflect "reflect"
|
||||
sync "sync"
|
||||
)
|
||||
|
||||
// Reference imports to suppress errors if they are not otherwise used.
|
||||
var _ = proto.Marshal
|
||||
var _ = fmt.Errorf
|
||||
var _ = math.Inf
|
||||
|
||||
// This is a compile-time assertion to ensure that this generated file
|
||||
// is compatible with the proto package it is being compiled against.
|
||||
// A compilation error at this line likely means your copy of the
|
||||
// proto package needs to be updated.
|
||||
const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
|
||||
const (
|
||||
// Verify that this generated code is sufficiently up-to-date.
|
||||
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
||||
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
||||
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
||||
)
|
||||
|
||||
// TemporalLogConfig is a set of LogShardConfig messages, whose
|
||||
// time limits should be contiguous.
|
||||
type TemporalLogConfig struct {
|
||||
Shard []*LogShardConfig `protobuf:"bytes,1,rep,name=shard,proto3" json:"shard,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
Shard []*LogShardConfig `protobuf:"bytes,1,rep,name=shard,proto3" json:"shard,omitempty"`
|
||||
}
|
||||
|
||||
func (m *TemporalLogConfig) Reset() { *m = TemporalLogConfig{} }
|
||||
func (m *TemporalLogConfig) String() string { return proto.CompactTextString(m) }
|
||||
func (*TemporalLogConfig) ProtoMessage() {}
|
||||
func (x *TemporalLogConfig) Reset() {
|
||||
*x = TemporalLogConfig{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_client_configpb_multilog_proto_msgTypes[0]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
}
|
||||
|
||||
func (x *TemporalLogConfig) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*TemporalLogConfig) ProtoMessage() {}
|
||||
|
||||
func (x *TemporalLogConfig) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_client_configpb_multilog_proto_msgTypes[0]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use TemporalLogConfig.ProtoReflect.Descriptor instead.
|
||||
func (*TemporalLogConfig) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_multilog_3c9b797b88da6f07, []int{0}
|
||||
}
|
||||
func (m *TemporalLogConfig) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_TemporalLogConfig.Unmarshal(m, b)
|
||||
}
|
||||
func (m *TemporalLogConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_TemporalLogConfig.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (dst *TemporalLogConfig) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_TemporalLogConfig.Merge(dst, src)
|
||||
}
|
||||
func (m *TemporalLogConfig) XXX_Size() int {
|
||||
return xxx_messageInfo_TemporalLogConfig.Size(m)
|
||||
}
|
||||
func (m *TemporalLogConfig) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_TemporalLogConfig.DiscardUnknown(m)
|
||||
return file_client_configpb_multilog_proto_rawDescGZIP(), []int{0}
|
||||
}
|
||||
|
||||
var xxx_messageInfo_TemporalLogConfig proto.InternalMessageInfo
|
||||
|
||||
func (m *TemporalLogConfig) GetShard() []*LogShardConfig {
|
||||
if m != nil {
|
||||
return m.Shard
|
||||
func (x *TemporalLogConfig) GetShard() []*LogShardConfig {
|
||||
if x != nil {
|
||||
return x.Shard
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -62,97 +87,192 @@ func (m *TemporalLogConfig) GetShard() []*LogShardConfig {
|
|||
// LogShardConfig describes the acceptable date range for a single shard of a temporal
|
||||
// log.
|
||||
type LogShardConfig struct {
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
|
||||
// The log's public key in DER-encoded PKIX form.
|
||||
PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
|
||||
// not_after_start defines the start of the range of acceptable NotAfter
|
||||
// values, inclusive.
|
||||
// Leaving this unset implies no lower bound to the range.
|
||||
NotAfterStart *timestamp.Timestamp `protobuf:"bytes,3,opt,name=not_after_start,json=notAfterStart,proto3" json:"not_after_start,omitempty"`
|
||||
NotAfterStart *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=not_after_start,json=notAfterStart,proto3" json:"not_after_start,omitempty"`
|
||||
// not_after_limit defines the end of the range of acceptable NotAfter values,
|
||||
// exclusive.
|
||||
// Leaving this unset implies no upper bound to the range.
|
||||
NotAfterLimit *timestamp.Timestamp `protobuf:"bytes,4,opt,name=not_after_limit,json=notAfterLimit,proto3" json:"not_after_limit,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
NotAfterLimit *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=not_after_limit,json=notAfterLimit,proto3" json:"not_after_limit,omitempty"`
|
||||
}
|
||||
|
||||
func (m *LogShardConfig) Reset() { *m = LogShardConfig{} }
|
||||
func (m *LogShardConfig) String() string { return proto.CompactTextString(m) }
|
||||
func (*LogShardConfig) ProtoMessage() {}
|
||||
func (x *LogShardConfig) Reset() {
|
||||
*x = LogShardConfig{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_client_configpb_multilog_proto_msgTypes[1]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
}
|
||||
|
||||
func (x *LogShardConfig) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*LogShardConfig) ProtoMessage() {}
|
||||
|
||||
func (x *LogShardConfig) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_client_configpb_multilog_proto_msgTypes[1]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use LogShardConfig.ProtoReflect.Descriptor instead.
|
||||
func (*LogShardConfig) Descriptor() ([]byte, []int) {
|
||||
return fileDescriptor_multilog_3c9b797b88da6f07, []int{1}
|
||||
}
|
||||
func (m *LogShardConfig) XXX_Unmarshal(b []byte) error {
|
||||
return xxx_messageInfo_LogShardConfig.Unmarshal(m, b)
|
||||
}
|
||||
func (m *LogShardConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||
return xxx_messageInfo_LogShardConfig.Marshal(b, m, deterministic)
|
||||
}
|
||||
func (dst *LogShardConfig) XXX_Merge(src proto.Message) {
|
||||
xxx_messageInfo_LogShardConfig.Merge(dst, src)
|
||||
}
|
||||
func (m *LogShardConfig) XXX_Size() int {
|
||||
return xxx_messageInfo_LogShardConfig.Size(m)
|
||||
}
|
||||
func (m *LogShardConfig) XXX_DiscardUnknown() {
|
||||
xxx_messageInfo_LogShardConfig.DiscardUnknown(m)
|
||||
return file_client_configpb_multilog_proto_rawDescGZIP(), []int{1}
|
||||
}
|
||||
|
||||
var xxx_messageInfo_LogShardConfig proto.InternalMessageInfo
|
||||
|
||||
func (m *LogShardConfig) GetUri() string {
|
||||
if m != nil {
|
||||
return m.Uri
|
||||
func (x *LogShardConfig) GetUri() string {
|
||||
if x != nil {
|
||||
return x.Uri
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (m *LogShardConfig) GetPublicKeyDer() []byte {
|
||||
if m != nil {
|
||||
return m.PublicKeyDer
|
||||
func (x *LogShardConfig) GetPublicKeyDer() []byte {
|
||||
if x != nil {
|
||||
return x.PublicKeyDer
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *LogShardConfig) GetNotAfterStart() *timestamp.Timestamp {
|
||||
if m != nil {
|
||||
return m.NotAfterStart
|
||||
func (x *LogShardConfig) GetNotAfterStart() *timestamppb.Timestamp {
|
||||
if x != nil {
|
||||
return x.NotAfterStart
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *LogShardConfig) GetNotAfterLimit() *timestamp.Timestamp {
|
||||
if m != nil {
|
||||
return m.NotAfterLimit
|
||||
func (x *LogShardConfig) GetNotAfterLimit() *timestamppb.Timestamp {
|
||||
if x != nil {
|
||||
return x.NotAfterLimit
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
proto.RegisterType((*TemporalLogConfig)(nil), "configpb.TemporalLogConfig")
|
||||
proto.RegisterType((*LogShardConfig)(nil), "configpb.LogShardConfig")
|
||||
var File_client_configpb_multilog_proto protoreflect.FileDescriptor
|
||||
|
||||
var file_client_configpb_multilog_proto_rawDesc = []byte{
|
||||
0x0a, 0x1e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x70,
|
||||
0x62, 0x2f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x6c, 0x6f, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
|
||||
0x12, 0x08, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x70, 0x62, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67,
|
||||
0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65,
|
||||
0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x43, 0x0a, 0x11, 0x54,
|
||||
0x65, 0x6d, 0x70, 0x6f, 0x72, 0x61, 0x6c, 0x4c, 0x6f, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
|
||||
0x12, 0x2e, 0x0a, 0x05, 0x73, 0x68, 0x61, 0x72, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
|
||||
0x18, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x70, 0x62, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x68,
|
||||
0x61, 0x72, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x73, 0x68, 0x61, 0x72, 0x64,
|
||||
0x22, 0xd0, 0x01, 0x0a, 0x0e, 0x4c, 0x6f, 0x67, 0x53, 0x68, 0x61, 0x72, 0x64, 0x43, 0x6f, 0x6e,
|
||||
0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
|
||||
0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f,
|
||||
0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x70,
|
||||
0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0f, 0x6e,
|
||||
0x6f, 0x74, 0x5f, 0x61, 0x66, 0x74, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x03,
|
||||
0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
|
||||
0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
|
||||
0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12,
|
||||
0x42, 0x0a, 0x0f, 0x6e, 0x6f, 0x74, 0x5f, 0x61, 0x66, 0x74, 0x65, 0x72, 0x5f, 0x6c, 0x69, 0x6d,
|
||||
0x69, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
|
||||
0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73,
|
||||
0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x4c, 0x69,
|
||||
0x6d, 0x69, 0x74, 0x42, 0x48, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
|
||||
0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
|
||||
0x63, 0x61, 0x74, 0x65, 0x2d, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63,
|
||||
0x79, 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2f, 0x6d, 0x75, 0x6c, 0x74,
|
||||
0x69, 0x6c, 0x6f, 0x67, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x70, 0x62, 0x62, 0x06, 0x70,
|
||||
0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||
}
|
||||
|
||||
func init() { proto.RegisterFile("multilog.proto", fileDescriptor_multilog_3c9b797b88da6f07) }
|
||||
var (
|
||||
file_client_configpb_multilog_proto_rawDescOnce sync.Once
|
||||
file_client_configpb_multilog_proto_rawDescData = file_client_configpb_multilog_proto_rawDesc
|
||||
)
|
||||
|
||||
var fileDescriptor_multilog_3c9b797b88da6f07 = []byte{
|
||||
// 241 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x8f, 0xb1, 0x4e, 0xc3, 0x30,
|
||||
0x14, 0x45, 0x65, 0x02, 0x08, 0xdc, 0x12, 0xc0, 0x93, 0xd5, 0x85, 0xa8, 0x62, 0xc8, 0xe4, 0x4a,
|
||||
0xe5, 0x0b, 0xa0, 0x6c, 0x64, 0x4a, 0xbb, 0x47, 0x4e, 0xeb, 0x18, 0x0b, 0x3b, 0xcf, 0x72, 0x5e,
|
||||
0x86, 0xfe, 0x25, 0x9f, 0x84, 0x1c, 0x2b, 0x43, 0x37, 0xb6, 0xa7, 0x77, 0xcf, 0xb9, 0xd2, 0xa5,
|
||||
0xb9, 0x1b, 0x2d, 0x1a, 0x0b, 0x5a, 0xf8, 0x00, 0x08, 0xec, 0xee, 0x08, 0x7d, 0x67, 0xb4, 0x6f,
|
||||
0x57, 0x2f, 0x1a, 0x40, 0x5b, 0xb5, 0x99, 0xfe, 0xed, 0xd8, 0x6d, 0xd0, 0x38, 0x35, 0xa0, 0x74,
|
||||
0x3e, 0xa1, 0xeb, 0x1d, 0x7d, 0x3e, 0x28, 0xe7, 0x21, 0x48, 0x5b, 0x81, 0xde, 0x4d, 0x1e, 0x13,
|
||||
0xf4, 0x66, 0xf8, 0x96, 0xe1, 0xc4, 0x49, 0x91, 0x95, 0x8b, 0x2d, 0x17, 0x73, 0x9f, 0xa8, 0x40,
|
||||
0xef, 0x63, 0x92, 0xc0, 0x3a, 0x61, 0xeb, 0x5f, 0x42, 0xf3, 0xcb, 0x84, 0x3d, 0xd1, 0x6c, 0x0c,
|
||||
0x86, 0x93, 0x82, 0x94, 0xf7, 0x75, 0x3c, 0xd9, 0x2b, 0xcd, 0xfd, 0xd8, 0x5a, 0x73, 0x6c, 0x7e,
|
||||
0xd4, 0xb9, 0x39, 0xa9, 0xc0, 0xaf, 0x0a, 0x52, 0x2e, 0xeb, 0x65, 0xfa, 0x7e, 0xa9, 0xf3, 0xa7,
|
||||
0x0a, 0xec, 0x83, 0x3e, 0xf6, 0x80, 0x8d, 0xec, 0x50, 0x85, 0x66, 0x40, 0x19, 0x90, 0x67, 0x05,
|
||||
0x29, 0x17, 0xdb, 0x95, 0x48, 0x53, 0xc4, 0x3c, 0x45, 0x1c, 0xe6, 0x29, 0xf5, 0x43, 0x0f, 0xf8,
|
||||
0x1e, 0x8d, 0x7d, 0x14, 0x2e, 0x3b, 0xac, 0x71, 0x06, 0xf9, 0xf5, 0xff, 0x3b, 0xaa, 0x28, 0xb4,
|
||||
0xb7, 0x13, 0xf2, 0xf6, 0x17, 0x00, 0x00, 0xff, 0xff, 0xf8, 0xd9, 0x50, 0x5b, 0x5b, 0x01, 0x00,
|
||||
0x00,
|
||||
func file_client_configpb_multilog_proto_rawDescGZIP() []byte {
|
||||
file_client_configpb_multilog_proto_rawDescOnce.Do(func() {
|
||||
file_client_configpb_multilog_proto_rawDescData = protoimpl.X.CompressGZIP(file_client_configpb_multilog_proto_rawDescData)
|
||||
})
|
||||
return file_client_configpb_multilog_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_client_configpb_multilog_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
|
||||
var file_client_configpb_multilog_proto_goTypes = []interface{}{
|
||||
(*TemporalLogConfig)(nil), // 0: configpb.TemporalLogConfig
|
||||
(*LogShardConfig)(nil), // 1: configpb.LogShardConfig
|
||||
(*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp
|
||||
}
|
||||
var file_client_configpb_multilog_proto_depIdxs = []int32{
|
||||
1, // 0: configpb.TemporalLogConfig.shard:type_name -> configpb.LogShardConfig
|
||||
2, // 1: configpb.LogShardConfig.not_after_start:type_name -> google.protobuf.Timestamp
|
||||
2, // 2: configpb.LogShardConfig.not_after_limit:type_name -> google.protobuf.Timestamp
|
||||
3, // [3:3] is the sub-list for method output_type
|
||||
3, // [3:3] is the sub-list for method input_type
|
||||
3, // [3:3] is the sub-list for extension type_name
|
||||
3, // [3:3] is the sub-list for extension extendee
|
||||
0, // [0:3] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_client_configpb_multilog_proto_init() }
|
||||
func file_client_configpb_multilog_proto_init() {
|
||||
if File_client_configpb_multilog_proto != nil {
|
||||
return
|
||||
}
|
||||
if !protoimpl.UnsafeEnabled {
|
||||
file_client_configpb_multilog_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*TemporalLogConfig); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
case 1:
|
||||
return &v.sizeCache
|
||||
case 2:
|
||||
return &v.unknownFields
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
file_client_configpb_multilog_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*LogShardConfig); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
case 1:
|
||||
return &v.sizeCache
|
||||
case 2:
|
||||
return &v.unknownFields
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
type x struct{}
|
||||
out := protoimpl.TypeBuilder{
|
||||
File: protoimpl.DescBuilder{
|
||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: file_client_configpb_multilog_proto_rawDesc,
|
||||
NumEnums: 0,
|
||||
NumMessages: 2,
|
||||
NumExtensions: 0,
|
||||
NumServices: 0,
|
||||
},
|
||||
GoTypes: file_client_configpb_multilog_proto_goTypes,
|
||||
DependencyIndexes: file_client_configpb_multilog_proto_depIdxs,
|
||||
MessageInfos: file_client_configpb_multilog_proto_msgTypes,
|
||||
}.Build()
|
||||
File_client_configpb_multilog_proto = out.File
|
||||
file_client_configpb_multilog_proto_rawDesc = nil
|
||||
file_client_configpb_multilog_proto_goTypes = nil
|
||||
file_client_configpb_multilog_proto_depIdxs = nil
|
||||
}
|
||||
|
|
4
vendor/github.com/google/certificate-transparency-go/client/configpb/multilog.proto
generated
vendored
4
vendor/github.com/google/certificate-transparency-go/client/configpb/multilog.proto
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2017 Google Inc. All Rights Reserved.
|
||||
// Copyright 2017 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -16,6 +16,8 @@ syntax = "proto3";
|
|||
|
||||
package configpb;
|
||||
|
||||
option go_package = "github.com/google/certificate-transparency-go/client/multilog/configpb";
|
||||
|
||||
import "google/protobuf/timestamp.proto";
|
||||
|
||||
// TemporalLogConfig is a set of LogShardConfig messages, whose
|
||||
|
|
13
vendor/github.com/google/certificate-transparency-go/client/getentries.go
generated
vendored
13
vendor/github.com/google/certificate-transparency-go/client/getentries.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2016 Google Inc. All Rights Reserved.
|
||||
// Copyright 2016 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -36,16 +36,9 @@ func (c *LogClient) GetRawEntries(ctx context.Context, start, end int64) (*ct.Ge
|
|||
"start": strconv.FormatInt(start, 10),
|
||||
"end": strconv.FormatInt(end, 10),
|
||||
}
|
||||
if ctx == nil {
|
||||
ctx = context.TODO()
|
||||
}
|
||||
|
||||
var resp ct.GetEntriesResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetEntriesPath, params, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
if _, _, err := c.GetAndParse(ctx, ct.GetEntriesPath, params, &resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -66,7 +59,7 @@ func (c *LogClient) GetEntries(ctx context.Context, start, end int64) ([]ct.LogE
|
|||
for i, entry := range resp.Entries {
|
||||
index := start + int64(i)
|
||||
logEntry, err := ct.LogEntryFromLeaf(index, &entry)
|
||||
if _, ok := err.(x509.NonFatalErrors); !ok && err != nil {
|
||||
if x509.IsFatal(err) {
|
||||
return nil, err
|
||||
}
|
||||
entries[i] = *logEntry
|
||||
|
|
75
vendor/github.com/google/certificate-transparency-go/client/logclient.go
generated
vendored
75
vendor/github.com/google/certificate-transparency-go/client/logclient.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||
// Copyright 2014 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -56,18 +56,8 @@ func New(uri string, hc *http.Client, opts jsonclient.Options) (*LogClient, erro
|
|||
return &LogClient{*logClient}, err
|
||||
}
|
||||
|
||||
// RspError represents an error that occurred when processing a response from a server,
|
||||
// and also includes key details from the http.Response that triggered the error.
|
||||
type RspError struct {
|
||||
Err error
|
||||
StatusCode int
|
||||
Body []byte
|
||||
}
|
||||
|
||||
// Error formats the RspError instance, focusing on the error.
|
||||
func (e RspError) Error() string {
|
||||
return e.Err.Error()
|
||||
}
|
||||
// RspError represents a server error including HTTP information.
|
||||
type RspError = jsonclient.RspError
|
||||
|
||||
// Attempts to add |chain| to the log, using the api end-point specified by
|
||||
// |path|. If provided context expires before submission is complete an
|
||||
|
@ -81,9 +71,6 @@ func (c *LogClient) addChainWithRetry(ctx context.Context, ctype ct.LogEntryType
|
|||
|
||||
httpRsp, body, err := c.PostAndParseWithRetry(ctx, path, &req, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -132,38 +119,6 @@ func (c *LogClient) AddPreChain(ctx context.Context, chain []ct.ASN1Cert) (*ct.S
|
|||
return c.addChainWithRetry(ctx, ct.PrecertLogEntryType, ct.AddPreChainPath, chain)
|
||||
}
|
||||
|
||||
// AddJSON submits arbitrary data to to XJSON server.
|
||||
func (c *LogClient) AddJSON(ctx context.Context, data interface{}) (*ct.SignedCertificateTimestamp, error) {
|
||||
req := ct.AddJSONRequest{Data: data}
|
||||
var resp ct.AddChainResponse
|
||||
httpRsp, body, err := c.PostAndParse(ctx, ct.AddJSONPath, &req, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
var ds ct.DigitallySigned
|
||||
if rest, err := tls.Unmarshal(resp.Signature, &ds); err != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
} else if len(rest) > 0 {
|
||||
return nil, RspError{
|
||||
Err: fmt.Errorf("trailing data (%d bytes) after DigitallySigned", len(rest)),
|
||||
StatusCode: httpRsp.StatusCode,
|
||||
Body: body,
|
||||
}
|
||||
}
|
||||
var logID ct.LogID
|
||||
copy(logID.KeyID[:], resp.ID)
|
||||
return &ct.SignedCertificateTimestamp{
|
||||
SCTVersion: resp.SCTVersion,
|
||||
LogID: logID,
|
||||
Timestamp: resp.Timestamp,
|
||||
Extensions: ct.CTExtensions(resp.Extensions),
|
||||
Signature: ds,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// GetSTH retrieves the current STH from the log.
|
||||
// Returns a populated SignedTreeHead, or a non-nil error (which may be of type
|
||||
// RspError if a raw http.Response is available).
|
||||
|
@ -171,9 +126,6 @@ func (c *LogClient) GetSTH(ctx context.Context) (*ct.SignedTreeHead, error) {
|
|||
var resp ct.GetSTHResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetSTHPath, nil, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -220,11 +172,7 @@ func (c *LogClient) GetSTHConsistency(ctx context.Context, first, second uint64)
|
|||
"second": strconv.FormatUint(second, base10),
|
||||
}
|
||||
var resp ct.GetSTHConsistencyResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetSTHConsistencyPath, params, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
if _, _, err := c.GetAndParse(ctx, ct.GetSTHConsistencyPath, params, &resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return resp.Consistency, nil
|
||||
|
@ -239,11 +187,7 @@ func (c *LogClient) GetProofByHash(ctx context.Context, hash []byte, treeSize ui
|
|||
"hash": b64Hash,
|
||||
}
|
||||
var resp ct.GetProofByHashResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetProofByHashPath, params, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
if _, _, err := c.GetAndParse(ctx, ct.GetProofByHashPath, params, &resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &resp, nil
|
||||
|
@ -254,9 +198,6 @@ func (c *LogClient) GetAcceptedRoots(ctx context.Context) ([]ct.ASN1Cert, error)
|
|||
var resp ct.GetRootsResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetRootsPath, nil, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
var roots []ct.ASN1Cert
|
||||
|
@ -278,11 +219,7 @@ func (c *LogClient) GetEntryAndProof(ctx context.Context, index, treeSize uint64
|
|||
"tree_size": strconv.FormatUint(treeSize, base10),
|
||||
}
|
||||
var resp ct.GetEntryAndProofResponse
|
||||
httpRsp, body, err := c.GetAndParse(ctx, ct.GetEntryAndProofPath, params, &resp)
|
||||
if err != nil {
|
||||
if httpRsp != nil {
|
||||
return nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
if _, _, err := c.GetAndParse(ctx, ct.GetEntryAndProofPath, params, &resp); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &resp, nil
|
||||
|
|
30
vendor/github.com/google/certificate-transparency-go/client/multilog.go
generated
vendored
30
vendor/github.com/google/certificate-transparency-go/client/multilog.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2017 Google Inc. All Rights Reserved.
|
||||
// Copyright 2017 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -19,16 +19,16 @@ import (
|
|||
"crypto/sha256"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/protobuf/proto"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
ct "github.com/google/certificate-transparency-go"
|
||||
"github.com/google/certificate-transparency-go/client/configpb"
|
||||
"github.com/google/certificate-transparency-go/jsonclient"
|
||||
"github.com/google/certificate-transparency-go/x509"
|
||||
"google.golang.org/protobuf/encoding/prototext"
|
||||
"google.golang.org/protobuf/proto"
|
||||
)
|
||||
|
||||
type interval struct {
|
||||
|
@ -43,14 +43,16 @@ func TemporalLogConfigFromFile(filename string) (*configpb.TemporalLogConfig, er
|
|||
return nil, errors.New("log config filename empty")
|
||||
}
|
||||
|
||||
cfgText, err := ioutil.ReadFile(filename)
|
||||
cfgBytes, err := os.ReadFile(filename)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read log config: %v", err)
|
||||
}
|
||||
|
||||
var cfg configpb.TemporalLogConfig
|
||||
if err := proto.UnmarshalText(string(cfgText), &cfg); err != nil {
|
||||
return nil, fmt.Errorf("failed to parse log config: %v", err)
|
||||
if txtErr := prototext.Unmarshal(cfgBytes, &cfg); txtErr != nil {
|
||||
if binErr := proto.Unmarshal(cfgBytes, &cfg); binErr != nil {
|
||||
return nil, fmt.Errorf("failed to parse TemporalLogConfig from %q as text protobuf (%v) or binary protobuf (%v)", filename, txtErr, binErr)
|
||||
}
|
||||
}
|
||||
|
||||
if len(cfg.Shard) == 0 {
|
||||
|
@ -76,8 +78,8 @@ type TemporalLogClient struct {
|
|||
|
||||
// NewTemporalLogClient builds a new client for interacting with a temporal log.
|
||||
// The provided config should be contiguous and chronological.
|
||||
func NewTemporalLogClient(cfg configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error) {
|
||||
if len(cfg.Shard) == 0 {
|
||||
func NewTemporalLogClient(cfg *configpb.TemporalLogConfig, hc *http.Client) (*TemporalLogClient, error) {
|
||||
if len(cfg.GetShard()) == 0 {
|
||||
return nil, errors.New("empty config")
|
||||
}
|
||||
|
||||
|
@ -106,7 +108,7 @@ func NewTemporalLogClient(cfg configpb.TemporalLogConfig, hc *http.Client) (*Tem
|
|||
}
|
||||
clients := make([]*LogClient, 0, len(cfg.Shard))
|
||||
for i, shard := range cfg.Shard {
|
||||
opts := jsonclient.Options{}
|
||||
opts := jsonclient.Options{UserAgent: "ct-go-multilog/1.0"}
|
||||
opts.PublicKeyDER = shard.GetPublicKeyDer()
|
||||
c, err := New(shard.Uri, hc, opts)
|
||||
if err != nil {
|
||||
|
@ -200,17 +202,17 @@ func (tlc *TemporalLogClient) IndexByDate(when time.Time) (int, error) {
|
|||
func shardInterval(cfg *configpb.LogShardConfig) (interval, error) {
|
||||
var interval interval
|
||||
if cfg.NotAfterStart != nil {
|
||||
t, err := ptypes.Timestamp(cfg.NotAfterStart)
|
||||
if err != nil {
|
||||
if err := cfg.NotAfterStart.CheckValid(); err != nil {
|
||||
return interval, fmt.Errorf("failed to parse NotAfterStart: %v", err)
|
||||
}
|
||||
t := cfg.NotAfterStart.AsTime()
|
||||
interval.lower = &t
|
||||
}
|
||||
if cfg.NotAfterLimit != nil {
|
||||
t, err := ptypes.Timestamp(cfg.NotAfterLimit)
|
||||
if err != nil {
|
||||
if err := cfg.NotAfterLimit.CheckValid(); err != nil {
|
||||
return interval, fmt.Errorf("failed to parse NotAfterLimit: %v", err)
|
||||
}
|
||||
t := cfg.NotAfterLimit.AsTime()
|
||||
interval.upper = &t
|
||||
}
|
||||
|
||||
|
|
201
vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
generated
vendored
Normal file
201
vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
generated
vendored
Normal file
|
@ -0,0 +1,201 @@
|
|||
#############################################################################
|
||||
## The top section of this file is identical in the 3 cloudbuild.*yaml files.
|
||||
## Make sure any edits you make here are copied over to the other files too
|
||||
## if appropriate.
|
||||
##
|
||||
## TODO(al): consider if it's possible to merge these 3 files and control via
|
||||
## substitutions.
|
||||
#############################################################################
|
||||
|
||||
timeout: 1200s
|
||||
options:
|
||||
machineType: N1_HIGHCPU_32
|
||||
volumes:
|
||||
- name: go-modules
|
||||
path: /go
|
||||
env:
|
||||
- GO111MODULE=on
|
||||
- GOPROXY=https://proxy.golang.org
|
||||
- PROJECT_ROOT=github.com/google/certificate-transparency-go
|
||||
- GOPATH=/go
|
||||
|
||||
substitutions:
|
||||
_CLUSTER_NAME: trillian-opensource-ci
|
||||
_MASTER_ZONE: us-central1-a
|
||||
|
||||
steps:
|
||||
# First build a "ct_testbase" docker image which contains most of the tools we need for the later steps:
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
entrypoint: 'bash'
|
||||
args: ['-c', 'docker pull gcr.io/$PROJECT_ID/ct_testbase:latest || exit 0']
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
args: [
|
||||
'build',
|
||||
'-t', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'--cache-from', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'-f', './integration/Dockerfile',
|
||||
'.'
|
||||
]
|
||||
|
||||
# prepare spins up an ephemeral trillian instance for testing use.
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
entrypoint: 'bash'
|
||||
id: 'prepare'
|
||||
args:
|
||||
- '-exc'
|
||||
- |
|
||||
# Use latest versions of Trillian docker images built by the Trillian CI cloudbuilders.
|
||||
docker pull gcr.io/$PROJECT_ID/log_server:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_server:latest deployment_trillian-log-server
|
||||
docker pull gcr.io/$PROJECT_ID/log_signer:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_signer:latest deployment_trillian-log-signer
|
||||
|
||||
# Bring up an ephemeral trillian instance using the docker-compose config in the Trillian repo:
|
||||
export TRILLIAN_LOCATION="$$(go list -f '{{.Dir}}' github.com/google/trillian)"
|
||||
|
||||
# We need to fix up Trillian's docker-compose to connect to the CloudBuild network to that tests can use it:
|
||||
echo -e "networks:\n default:\n external:\n name: cloudbuild" >> $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml
|
||||
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml pull mysql trillian-log-server trillian-log-signer
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml up -d mysql trillian-log-server trillian-log-signer
|
||||
|
||||
# Install proto related bits and block on Trillian being ready
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci-ready'
|
||||
entrypoint: 'bash'
|
||||
args:
|
||||
- '-ec'
|
||||
- |
|
||||
go install \
|
||||
github.com/golang/protobuf/proto \
|
||||
github.com/golang/protobuf/protoc-gen-go \
|
||||
github.com/golang/mock/mockgen \
|
||||
go.etcd.io/etcd/v3 go.etcd.io/etcd/etcdctl/v3 \
|
||||
github.com/fullstorydev/grpcurl/cmd/grpcurl
|
||||
|
||||
|
||||
# Cache all the modules we'll need too
|
||||
go mod download
|
||||
go test -i ./...
|
||||
|
||||
# Wait for trillian logserver to be up
|
||||
until nc -z deployment_trillian-log-server_1 8090; do echo .; sleep 5; done
|
||||
waitFor: ['prepare']
|
||||
|
||||
# Run the presubmit tests
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'default_test'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'race_detection'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_coverage'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'PRESUBMIT_OPTS=--no-linters --coverage'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'with_pkcs11_and_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race --tags=pkcs11'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_PKCS11=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
# Collect and submit codecoverage reports
|
||||
- name: 'gcr.io/cloud-builders/curl'
|
||||
id: 'codecov.io'
|
||||
entrypoint: bash
|
||||
args: ['-c', 'bash <(curl -s https://codecov.io/bash)']
|
||||
env:
|
||||
- 'VCS_COMMIT_ID=$COMMIT_SHA'
|
||||
- 'VCS_BRANCH_NAME=$BRANCH_NAME'
|
||||
- 'VCS_PULL_REQUEST=$_PR_NUMBER'
|
||||
- 'CI_BUILD_ID=$BUILD_ID'
|
||||
- 'CODECOV_TOKEN=$_CODECOV_TOKEN' # _CODECOV_TOKEN is specified in the cloud build trigger
|
||||
waitFor: ['etcd_with_coverage']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci_complete'
|
||||
entrypoint: /bin/true
|
||||
waitFor: ['codecov.io', 'default_test', 'race_detection', 'etcd_with_coverage', 'etcd_with_race', 'with_pkcs11_and_race']
|
||||
|
||||
############################################################################
|
||||
## End of replicated section.
|
||||
## Below are deployment specific steps for the CD env.
|
||||
############################################################################
|
||||
|
||||
- id: build_ctfe
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- build
|
||||
- --file=trillian/examples/deployment/docker/ctfe/Dockerfile
|
||||
- --tag=gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
- --cache-from=gcr.io/${PROJECT_ID}/ctfe
|
||||
- .
|
||||
waitFor: [-]
|
||||
- id: build_envsubst
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- build
|
||||
- trillian/examples/deployment/docker/envsubst
|
||||
- -t
|
||||
- envsubst
|
||||
waitFor: ['ci_complete']
|
||||
- id: envsubst_kubernetes_configs
|
||||
name: envsubst
|
||||
args:
|
||||
- trillian/examples/deployment/kubernetes/ctfe-deployment.yaml
|
||||
- trillian/examples/deployment/kubernetes/ctfe-service.yaml
|
||||
- trillian/examples/deployment/kubernetes/ctfe-ingress.yaml
|
||||
env:
|
||||
- PROJECT_ID=${PROJECT_ID}
|
||||
- IMAGE_TAG=${COMMIT_SHA}
|
||||
waitFor:
|
||||
- build_envsubst
|
||||
- id: update_kubernetes_configs_dryrun
|
||||
name: gcr.io/cloud-builders/kubectl
|
||||
args:
|
||||
- apply
|
||||
- --dry-run=server
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-deployment.yaml
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-service.yaml
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-ingress.yaml
|
||||
env:
|
||||
- CLOUDSDK_COMPUTE_ZONE=${_MASTER_ZONE}
|
||||
- CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}
|
||||
waitFor:
|
||||
- envsubst_kubernetes_configs
|
||||
- build_ctfe
|
||||
|
||||
images:
|
||||
- gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
- gcr.io/${PROJECT_ID}/ct_testbase:latest
|
217
vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
generated
vendored
Normal file
217
vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
generated
vendored
Normal file
|
@ -0,0 +1,217 @@
|
|||
#############################################################################
|
||||
## The top section of this file is identical in the 3 cloudbuild.*yaml files.
|
||||
## Make sure any edits you make here are copied over to the other files too
|
||||
## if appropriate.
|
||||
##
|
||||
## TODO(al): consider if it's possible to merge these 3 files and control via
|
||||
## substitutions.
|
||||
#############################################################################
|
||||
|
||||
timeout: 1200s
|
||||
options:
|
||||
machineType: N1_HIGHCPU_32
|
||||
volumes:
|
||||
- name: go-modules
|
||||
path: /go
|
||||
env:
|
||||
- GO111MODULE=on
|
||||
- GOPROXY=https://proxy.golang.org
|
||||
- PROJECT_ROOT=github.com/google/certificate-transparency-go
|
||||
- GOPATH=/go
|
||||
|
||||
substitutions:
|
||||
_CLUSTER_NAME: trillian-opensource-ci
|
||||
_MASTER_ZONE: us-central1-a
|
||||
|
||||
steps:
|
||||
# First build a "ct_testbase" docker image which contains most of the tools we need for the later steps:
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
entrypoint: 'bash'
|
||||
args: ['-c', 'docker pull gcr.io/$PROJECT_ID/ct_testbase:latest || exit 0']
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
args: [
|
||||
'build',
|
||||
'-t', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'--cache-from', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'-f', './integration/Dockerfile',
|
||||
'.'
|
||||
]
|
||||
|
||||
# prepare spins up an ephemeral trillian instance for testing use.
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
entrypoint: 'bash'
|
||||
id: 'prepare'
|
||||
args:
|
||||
- '-exc'
|
||||
- |
|
||||
# Use latest versions of Trillian docker images built by the Trillian CI cloudbuilders.
|
||||
docker pull gcr.io/$PROJECT_ID/log_server:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_server:latest deployment_trillian-log-server
|
||||
docker pull gcr.io/$PROJECT_ID/log_signer:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_signer:latest deployment_trillian-log-signer
|
||||
|
||||
# Bring up an ephemeral trillian instance using the docker-compose config in the Trillian repo:
|
||||
export TRILLIAN_LOCATION="$$(go list -f '{{.Dir}}' github.com/google/trillian)"
|
||||
|
||||
# We need to fix up Trillian's docker-compose to connect to the CloudBuild network to that tests can use it:
|
||||
echo -e "networks:\n default:\n external:\n name: cloudbuild" >> $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml
|
||||
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml pull mysql trillian-log-server trillian-log-signer
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml up -d mysql trillian-log-server trillian-log-signer
|
||||
|
||||
# Install proto related bits and block on Trillian being ready
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci-ready'
|
||||
entrypoint: 'bash'
|
||||
args:
|
||||
- '-ec'
|
||||
- |
|
||||
go install \
|
||||
github.com/golang/protobuf/proto \
|
||||
github.com/golang/protobuf/protoc-gen-go \
|
||||
github.com/golang/mock/mockgen \
|
||||
go.etcd.io/etcd/v3 go.etcd.io/etcd/etcdctl/v3 \
|
||||
github.com/fullstorydev/grpcurl/cmd/grpcurl
|
||||
|
||||
|
||||
# Cache all the modules we'll need too
|
||||
go mod download
|
||||
go test -i ./...
|
||||
|
||||
# Wait for trillian logserver to be up
|
||||
until nc -z deployment_trillian-log-server_1 8090; do echo .; sleep 5; done
|
||||
waitFor: ['prepare']
|
||||
|
||||
# Run the presubmit tests
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'default_test'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'race_detection'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_coverage'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'PRESUBMIT_OPTS=--no-linters --coverage'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'with_pkcs11_and_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race --tags=pkcs11'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_PKCS11=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
# Collect and submit codecoverage reports
|
||||
- name: 'gcr.io/cloud-builders/curl'
|
||||
id: 'codecov.io'
|
||||
entrypoint: bash
|
||||
args: ['-c', 'bash <(curl -s https://codecov.io/bash)']
|
||||
env:
|
||||
- 'VCS_COMMIT_ID=$COMMIT_SHA'
|
||||
- 'VCS_BRANCH_NAME=$BRANCH_NAME'
|
||||
- 'VCS_PULL_REQUEST=$_PR_NUMBER'
|
||||
- 'CI_BUILD_ID=$BUILD_ID'
|
||||
- 'CODECOV_TOKEN=$_CODECOV_TOKEN' # _CODECOV_TOKEN is specified in the cloud build trigger
|
||||
waitFor: ['etcd_with_coverage']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci_complete'
|
||||
entrypoint: /bin/true
|
||||
waitFor: ['codecov.io', 'default_test', 'race_detection', 'etcd_with_coverage', 'etcd_with_race', 'with_pkcs11_and_race']
|
||||
|
||||
############################################################################
|
||||
## End of replicated section.
|
||||
## Below are deployment specific steps for the CD env.
|
||||
############################################################################
|
||||
|
||||
- id: build_ctfe
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- build
|
||||
- --file=trillian/examples/deployment/docker/ctfe/Dockerfile
|
||||
- --tag=gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
- --cache-from=gcr.io/${PROJECT_ID}/ctfe
|
||||
- .
|
||||
waitFor: ["-"]
|
||||
- id: push_ctfe
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- push
|
||||
- gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
waitFor:
|
||||
- build_ctfe
|
||||
- id: tag_latest_ctfe
|
||||
name: gcr.io/cloud-builders/gcloud
|
||||
args:
|
||||
- container
|
||||
- images
|
||||
- add-tag
|
||||
- gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
- gcr.io/${PROJECT_ID}/ctfe:latest
|
||||
waitFor:
|
||||
- push_ctfe
|
||||
- id: build_envsubst
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- build
|
||||
- trillian/examples/deployment/docker/envsubst
|
||||
- -t
|
||||
- envsubst
|
||||
waitFor: ["-"]
|
||||
- id: envsubst_kubernetes_configs
|
||||
name: envsubst
|
||||
args:
|
||||
- trillian/examples/deployment/kubernetes/ctfe-deployment.yaml
|
||||
- trillian/examples/deployment/kubernetes/ctfe-service.yaml
|
||||
- trillian/examples/deployment/kubernetes/ctfe-ingress.yaml
|
||||
env:
|
||||
- PROJECT_ID=${PROJECT_ID}
|
||||
- IMAGE_TAG=${COMMIT_SHA}
|
||||
waitFor:
|
||||
- build_envsubst
|
||||
- id: update_kubernetes_configs
|
||||
name: gcr.io/cloud-builders/kubectl
|
||||
args:
|
||||
- apply
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-deployment.yaml
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-service.yaml
|
||||
- -f=trillian/examples/deployment/kubernetes/ctfe-ingress.yaml
|
||||
env:
|
||||
- CLOUDSDK_COMPUTE_ZONE=${_MASTER_ZONE}
|
||||
- CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}
|
||||
waitFor:
|
||||
- envsubst_kubernetes_configs
|
||||
- push_ctfe
|
||||
|
||||
images:
|
||||
- gcr.io/${PROJECT_ID}/ctfe:${COMMIT_SHA}
|
||||
- gcr.io/${PROJECT_ID}/ct_testbase:latest
|
157
vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
generated
vendored
157
vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
generated
vendored
|
@ -1,10 +1,167 @@
|
|||
#############################################################################
|
||||
## The top section of this file is identical in the 3 cloudbuild.*yaml files.
|
||||
## Make sure any edits you make here are copied over to the other files too
|
||||
## if appropriate.
|
||||
##
|
||||
## TODO(al): consider if it's possible to merge these 3 files and control via
|
||||
## substitutions.
|
||||
#############################################################################
|
||||
|
||||
timeout: 1200s
|
||||
options:
|
||||
machineType: N1_HIGHCPU_32
|
||||
volumes:
|
||||
- name: go-modules
|
||||
path: /go
|
||||
env:
|
||||
- GO111MODULE=on
|
||||
- GOPROXY=https://proxy.golang.org
|
||||
- PROJECT_ROOT=github.com/google/certificate-transparency-go
|
||||
- GOPATH=/go
|
||||
|
||||
substitutions:
|
||||
_CLUSTER_NAME: trillian-opensource-ci
|
||||
_MASTER_ZONE: us-central1-a
|
||||
|
||||
steps:
|
||||
# First build a "ct_testbase" docker image which contains most of the tools we need for the later steps:
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
entrypoint: 'bash'
|
||||
args: ['-c', 'docker pull gcr.io/$PROJECT_ID/ct_testbase:latest || exit 0']
|
||||
- name: 'gcr.io/cloud-builders/docker'
|
||||
args: [
|
||||
'build',
|
||||
'-t', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'--cache-from', 'gcr.io/$PROJECT_ID/ct_testbase:latest',
|
||||
'-f', './integration/Dockerfile',
|
||||
'.'
|
||||
]
|
||||
|
||||
# prepare spins up an ephemeral trillian instance for testing use.
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
entrypoint: 'bash'
|
||||
id: 'prepare'
|
||||
args:
|
||||
- '-exc'
|
||||
- |
|
||||
# Use latest versions of Trillian docker images built by the Trillian CI cloudbuilders.
|
||||
docker pull gcr.io/$PROJECT_ID/log_server:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_server:latest deployment_trillian-log-server
|
||||
docker pull gcr.io/$PROJECT_ID/log_signer:latest
|
||||
docker tag gcr.io/$PROJECT_ID/log_signer:latest deployment_trillian-log-signer
|
||||
|
||||
# Bring up an ephemeral trillian instance using the docker-compose config in the Trillian repo:
|
||||
export TRILLIAN_LOCATION="$$(go list -f '{{.Dir}}' github.com/google/trillian)"
|
||||
|
||||
# We need to fix up Trillian's docker-compose to connect to the CloudBuild network to that tests can use it:
|
||||
echo -e "networks:\n default:\n external:\n name: cloudbuild" >> $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml
|
||||
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml pull mysql trillian-log-server trillian-log-signer
|
||||
docker-compose -f $${TRILLIAN_LOCATION}/examples/deployment/docker-compose.yml up -d mysql trillian-log-server trillian-log-signer
|
||||
|
||||
# Install proto related bits and block on Trillian being ready
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci-ready'
|
||||
entrypoint: 'bash'
|
||||
args:
|
||||
- '-ec'
|
||||
- |
|
||||
go install \
|
||||
github.com/golang/protobuf/proto \
|
||||
github.com/golang/protobuf/protoc-gen-go \
|
||||
github.com/golang/mock/mockgen \
|
||||
go.etcd.io/etcd/v3 go.etcd.io/etcd/etcdctl/v3 \
|
||||
github.com/fullstorydev/grpcurl/cmd/grpcurl
|
||||
|
||||
|
||||
# Cache all the modules we'll need too
|
||||
go mod download
|
||||
go test -i ./...
|
||||
|
||||
# Wait for trillian logserver to be up
|
||||
until nc -z deployment_trillian-log-server_1 8090; do echo .; sleep 5; done
|
||||
waitFor: ['prepare']
|
||||
|
||||
# Run the presubmit tests
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'default_test'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'race_detection'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_coverage'
|
||||
env:
|
||||
- 'GOFLAGS='
|
||||
- 'PRESUBMIT_OPTS=--no-linters --coverage'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'etcd_with_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_ETCD=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'with_pkcs11_and_race'
|
||||
env:
|
||||
- 'GOFLAGS=-race --tags=pkcs11'
|
||||
- 'PRESUBMIT_OPTS=--no-linters'
|
||||
- 'WITH_PKCS11=true'
|
||||
- 'TRILLIAN_LOG_SERVERS=deployment_trillian-log-server_1:8090'
|
||||
- 'TRILLIAN_LOG_SERVER_1=deployment_trillian-log-server_1:8090'
|
||||
waitFor: ['ci-ready']
|
||||
|
||||
# Collect and submit codecoverage reports
|
||||
- name: 'gcr.io/cloud-builders/curl'
|
||||
id: 'codecov.io'
|
||||
entrypoint: bash
|
||||
args: ['-c', 'bash <(curl -s https://codecov.io/bash)']
|
||||
env:
|
||||
- 'VCS_COMMIT_ID=$COMMIT_SHA'
|
||||
- 'VCS_BRANCH_NAME=$BRANCH_NAME'
|
||||
- 'VCS_PULL_REQUEST=$_PR_NUMBER'
|
||||
- 'CI_BUILD_ID=$BUILD_ID'
|
||||
- 'CODECOV_TOKEN=$_CODECOV_TOKEN' # _CODECOV_TOKEN is specified in the cloud build trigger
|
||||
waitFor: ['etcd_with_coverage']
|
||||
|
||||
- name: gcr.io/$PROJECT_ID/ct_testbase
|
||||
id: 'ci_complete'
|
||||
entrypoint: /bin/true
|
||||
waitFor: ['codecov.io', 'default_test', 'race_detection', 'etcd_with_coverage', 'etcd_with_race', 'with_pkcs11_and_race']
|
||||
|
||||
############################################################################
|
||||
## End of replicated section.
|
||||
## Below are deployment specific steps for the CD env.
|
||||
############################################################################
|
||||
|
||||
- id: build_ctfe
|
||||
name: gcr.io/cloud-builders/docker
|
||||
args:
|
||||
- build
|
||||
- --file=trillian/examples/deployment/docker/ctfe/Dockerfile
|
||||
- --tag=gcr.io/${PROJECT_ID}/ctfe:${TAG_NAME}
|
||||
- --cache-from=gcr.io/${PROJECT_ID}/ctfe
|
||||
- .
|
||||
|
||||
images:
|
||||
- gcr.io/${PROJECT_ID}/ctfe:${TAG_NAME}
|
||||
- gcr.io/${PROJECT_ID}/ct_testbase:latest
|
||||
|
|
19
vendor/github.com/google/certificate-transparency-go/codecov.yml
generated
vendored
Normal file
19
vendor/github.com/google/certificate-transparency-go/codecov.yml
generated
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Customizations to codecov for c-t-go repo. This will be merged into
|
||||
# the team / default codecov yaml file.
|
||||
#
|
||||
# Validate changes with:
|
||||
# curl --data-binary @codecov.yml https://codecov.io/validate
|
||||
|
||||
# Exclude code that's for testing, demos or utilities that aren't really
|
||||
# part of production releases.
|
||||
ignore:
|
||||
- "**/mock_*.go"
|
||||
- "**/testonly"
|
||||
- "trillian/integration"
|
||||
|
||||
coverage:
|
||||
status:
|
||||
project:
|
||||
default:
|
||||
# Allow 1% coverage drop without complaining, to avoid being too noisy.
|
||||
threshold: 1%
|
28
vendor/github.com/google/certificate-transparency-go/gometalinter.json
generated
vendored
28
vendor/github.com/google/certificate-transparency-go/gometalinter.json
generated
vendored
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
"Deadline": "60s",
|
||||
"Linters": {
|
||||
"license": "./scripts/check_license.sh:PATH:LINE:MESSAGE",
|
||||
"forked": "./scripts/check_forked.sh:PATH:LINE:MESSAGE",
|
||||
"unforked": "./scripts/check_unforked.sh:PATH:LINE:MESSAGE"
|
||||
},
|
||||
"Enable": [
|
||||
"forked",
|
||||
"gocyclo",
|
||||
"gofmt",
|
||||
"goimports",
|
||||
"golint",
|
||||
"license",
|
||||
"misspell",
|
||||
"unforked",
|
||||
"vet"
|
||||
],
|
||||
"Exclude": [
|
||||
"x509/",
|
||||
"asn1/",
|
||||
".+\\.pb\\.go",
|
||||
".+\\.pb\\.gw\\.go",
|
||||
"mock_.+\\.go"
|
||||
],
|
||||
"Cyclo": 40,
|
||||
"Vendor": true
|
||||
}
|
2
vendor/github.com/google/certificate-transparency-go/jsonclient/backoff.go
generated
vendored
2
vendor/github.com/google/certificate-transparency-go/jsonclient/backoff.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2017 Google Inc. All Rights Reserved.
|
||||
// Copyright 2017 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
|
73
vendor/github.com/google/certificate-transparency-go/jsonclient/client.go
generated
vendored
73
vendor/github.com/google/certificate-transparency-go/jsonclient/client.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2016 Google Inc. All Rights Reserved.
|
||||
// Copyright 2016 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -21,7 +21,7 @@ import (
|
|||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"log"
|
||||
"math/rand"
|
||||
"net/http"
|
||||
|
@ -33,6 +33,7 @@ import (
|
|||
ct "github.com/google/certificate-transparency-go"
|
||||
"github.com/google/certificate-transparency-go/x509"
|
||||
"golang.org/x/net/context/ctxhttp"
|
||||
"k8s.io/klog/v2"
|
||||
)
|
||||
|
||||
const maxJitter = 250 * time.Millisecond
|
||||
|
@ -58,6 +59,7 @@ type JSONClient struct {
|
|||
Verifier *ct.SignatureVerifier // nil for no verification (e.g. no public key available)
|
||||
logger Logger // interface to use for logging warnings and errors
|
||||
backoff backoffer // object used to store and calculate backoff information
|
||||
userAgent string // If set, this is sent as the UserAgent header.
|
||||
}
|
||||
|
||||
// Logger is a simple logging interface used to log internal errors and warnings
|
||||
|
@ -75,6 +77,8 @@ type Options struct {
|
|||
PublicKey string
|
||||
// DER format public key to use for signature verification.
|
||||
PublicKeyDER []byte
|
||||
// UserAgent, if set, will be sent as the User-Agent header with each request.
|
||||
UserAgent string
|
||||
}
|
||||
|
||||
// ParsePublicKey parses and returns the public key contained in opts.
|
||||
|
@ -105,6 +109,19 @@ func (bl *basicLogger) Printf(msg string, args ...interface{}) {
|
|||
log.Printf(msg, args...)
|
||||
}
|
||||
|
||||
// RspError represents an error that occurred when processing a response from a server,
|
||||
// and also includes key details from the http.Response that triggered the error.
|
||||
type RspError struct {
|
||||
Err error
|
||||
StatusCode int
|
||||
Body []byte
|
||||
}
|
||||
|
||||
// Error formats the RspError instance, focusing on the error.
|
||||
func (e RspError) Error() string {
|
||||
return e.Err.Error()
|
||||
}
|
||||
|
||||
// New constructs a new JSONClient instance, for the given base URI, using the
|
||||
// given http.Client object (if provided) and the Options object.
|
||||
// If opts does not specify a public key, signatures will not be verified.
|
||||
|
@ -136,6 +153,7 @@ func New(uri string, hc *http.Client, opts Options) (*JSONClient, error) {
|
|||
Verifier: verifier,
|
||||
logger: logger,
|
||||
backoff: &backoff{},
|
||||
userAgent: opts.UserAgent,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -144,11 +162,10 @@ func (c *JSONClient) BaseURI() string {
|
|||
return c.uri
|
||||
}
|
||||
|
||||
// GetAndParse makes a HTTP GET call to the given path, and attempta to parse
|
||||
// GetAndParse makes a HTTP GET call to the given path, and attempts to parse
|
||||
// the response as a JSON representation of the rsp structure. Returns the
|
||||
// http.Response, the body of the response, and an error. Note that the
|
||||
// returned http.Response can be non-nil even when an error is returned,
|
||||
// in particular when the HTTP status is not OK or when the JSON parsing fails.
|
||||
// http.Response, the body of the response, and an error (which may be of
|
||||
// type RspError if the HTTP response was available).
|
||||
func (c *JSONClient) GetAndParse(ctx context.Context, path string, params map[string]string, rsp interface{}) (*http.Response, []byte, error) {
|
||||
if ctx == nil {
|
||||
return nil, nil, errors.New("context.Context required")
|
||||
|
@ -159,10 +176,14 @@ func (c *JSONClient) GetAndParse(ctx context.Context, path string, params map[st
|
|||
vals.Add(k, v)
|
||||
}
|
||||
fullURI := fmt.Sprintf("%s%s?%s", c.uri, path, vals.Encode())
|
||||
klog.V(2).Infof("GET %s", fullURI)
|
||||
httpReq, err := http.NewRequest(http.MethodGet, fullURI, nil)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if len(c.userAgent) != 0 {
|
||||
httpReq.Header.Set("User-Agent", c.userAgent)
|
||||
}
|
||||
|
||||
httpRsp, err := ctxhttp.Do(ctx, c.httpClient, httpReq)
|
||||
if err != nil {
|
||||
|
@ -170,18 +191,18 @@ func (c *JSONClient) GetAndParse(ctx context.Context, path string, params map[st
|
|||
}
|
||||
|
||||
// Read everything now so http.Client can reuse the connection.
|
||||
body, err := ioutil.ReadAll(httpRsp.Body)
|
||||
body, err := io.ReadAll(httpRsp.Body)
|
||||
httpRsp.Body.Close()
|
||||
if err != nil {
|
||||
return httpRsp, body, fmt.Errorf("failed to read response body: %v", err)
|
||||
return nil, nil, RspError{Err: fmt.Errorf("failed to read response body: %v", err), StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
|
||||
if httpRsp.StatusCode != http.StatusOK {
|
||||
return httpRsp, body, fmt.Errorf("got HTTP Status %q", httpRsp.Status)
|
||||
return nil, nil, RspError{Err: fmt.Errorf("got HTTP Status %q", httpRsp.Status), StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
|
||||
if err := json.NewDecoder(bytes.NewReader(body)).Decode(rsp); err != nil {
|
||||
return httpRsp, body, err
|
||||
return nil, nil, RspError{Err: err, StatusCode: httpRsp.StatusCode, Body: body}
|
||||
}
|
||||
|
||||
return httpRsp, body, nil
|
||||
|
@ -190,9 +211,7 @@ func (c *JSONClient) GetAndParse(ctx context.Context, path string, params map[st
|
|||
// PostAndParse makes a HTTP POST call to the given path, including the request
|
||||
// parameters, and attempts to parse the response as a JSON representation of
|
||||
// the rsp structure. Returns the http.Response, the body of the response, and
|
||||
// an error. Note that the returned http.Response can be non-nil even when an
|
||||
// error is returned, in particular when the HTTP status is not OK or when the
|
||||
// JSON parsing fails.
|
||||
// an error (which may be of type RspError if the HTTP response was available).
|
||||
func (c *JSONClient) PostAndParse(ctx context.Context, path string, req, rsp interface{}) (*http.Response, []byte, error) {
|
||||
if ctx == nil {
|
||||
return nil, nil, errors.New("context.Context required")
|
||||
|
@ -203,10 +222,14 @@ func (c *JSONClient) PostAndParse(ctx context.Context, path string, req, rsp int
|
|||
return nil, nil, err
|
||||
}
|
||||
fullURI := fmt.Sprintf("%s%s", c.uri, path)
|
||||
klog.V(2).Infof("POST %s", fullURI)
|
||||
httpReq, err := http.NewRequest(http.MethodPost, fullURI, bytes.NewReader(postBody))
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if len(c.userAgent) != 0 {
|
||||
httpReq.Header.Set("User-Agent", c.userAgent)
|
||||
}
|
||||
httpReq.Header.Set("Content-Type", "application/json")
|
||||
|
||||
httpRsp, err := ctxhttp.Do(ctx, c.httpClient, httpReq)
|
||||
|
@ -214,16 +237,19 @@ func (c *JSONClient) PostAndParse(ctx context.Context, path string, req, rsp int
|
|||
// Read all of the body, if there is one, so that the http.Client can do Keep-Alive.
|
||||
var body []byte
|
||||
if httpRsp != nil {
|
||||
body, err = ioutil.ReadAll(httpRsp.Body)
|
||||
body, err = io.ReadAll(httpRsp.Body)
|
||||
httpRsp.Body.Close()
|
||||
}
|
||||
if err != nil {
|
||||
return httpRsp, body, err
|
||||
if httpRsp != nil {
|
||||
return nil, nil, RspError{StatusCode: httpRsp.StatusCode, Body: body, Err: err}
|
||||
}
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if httpRsp.StatusCode == http.StatusOK {
|
||||
if err = json.Unmarshal(body, &rsp); err != nil {
|
||||
return httpRsp, body, err
|
||||
return nil, nil, RspError{StatusCode: httpRsp.StatusCode, Body: body, Err: err}
|
||||
}
|
||||
}
|
||||
return httpRsp, body, nil
|
||||
|
@ -260,15 +286,17 @@ func (c *JSONClient) PostAndParseWithRetry(ctx context.Context, path string, req
|
|||
return nil, nil, err
|
||||
}
|
||||
wait := c.backoff.set(nil)
|
||||
c.logger.Printf("Request failed, backing-off for %s: %s", wait, err)
|
||||
c.logger.Printf("Request to %s failed, backing-off %s: %s", c.uri, wait, err)
|
||||
} else {
|
||||
switch {
|
||||
case httpRsp.StatusCode == http.StatusOK:
|
||||
return httpRsp, body, nil
|
||||
case httpRsp.StatusCode == http.StatusRequestTimeout:
|
||||
// Request timeout, retry immediately
|
||||
c.logger.Printf("Request timed out, retrying immediately")
|
||||
c.logger.Printf("Request to %s timed out, retrying immediately", c.uri)
|
||||
case httpRsp.StatusCode == http.StatusServiceUnavailable:
|
||||
fallthrough
|
||||
case httpRsp.StatusCode == http.StatusTooManyRequests:
|
||||
var backoff *time.Duration
|
||||
// Retry-After may be either a number of seconds as a int or a RFC 1123
|
||||
// date string (RFC 7231 Section 7.1.3)
|
||||
|
@ -277,14 +305,17 @@ func (c *JSONClient) PostAndParseWithRetry(ctx context.Context, path string, req
|
|||
b := time.Duration(seconds) * time.Second
|
||||
backoff = &b
|
||||
} else if date, err := time.Parse(time.RFC1123, retryAfter); err == nil {
|
||||
b := date.Sub(time.Now())
|
||||
b := time.Until(date)
|
||||
backoff = &b
|
||||
}
|
||||
}
|
||||
wait := c.backoff.set(backoff)
|
||||
c.logger.Printf("Request failed, backing-off for %s: got HTTP status %s", wait, httpRsp.Status)
|
||||
c.logger.Printf("Request to %s failed, backing-off for %s: got HTTP status %s", c.uri, wait, httpRsp.Status)
|
||||
default:
|
||||
return httpRsp, body, fmt.Errorf("got HTTP Status %q", httpRsp.Status)
|
||||
return nil, nil, RspError{
|
||||
StatusCode: httpRsp.StatusCode,
|
||||
Body: body,
|
||||
Err: fmt.Errorf("got HTTP status %q", httpRsp.Status)}
|
||||
}
|
||||
}
|
||||
if err := c.waitForBackoff(ctx); err != nil {
|
||||
|
|
25
vendor/github.com/google/certificate-transparency-go/proto_gen.go
generated
vendored
Normal file
25
vendor/github.com/google/certificate-transparency-go/proto_gen.go
generated
vendored
Normal file
|
@ -0,0 +1,25 @@
|
|||
// Copyright 2021 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package ct
|
||||
|
||||
// We do the protoc generation here (rather than in the individual directories)
|
||||
// in order to work around the newly-enforced rule that all protobuf file "names"
|
||||
// must be unique.
|
||||
// See https://developers.google.com/protocol-buffers/docs/proto#packages and
|
||||
// https://github.com/golang/protobuf/issues/1122
|
||||
|
||||
//go:generate sh -c "protoc -I=. -I$(go list -f '{{ .Dir }}' github.com/google/trillian) -I$(go list -f '{{ .Dir }}' github.com/google/certificate-transparency-go) --go_out=paths=source_relative:. trillian/ctfe/configpb/config.proto"
|
||||
//go:generate sh -c "protoc -I=. -I$(go list -f '{{ .Dir }}' github.com/google/trillian) -I$(go list -f '{{ .Dir }}' github.com/google/certificate-transparency-go) --go_out=paths=source_relative:. trillian/migrillian/configpb/config.proto"
|
||||
//go:generate sh -c "protoc -I=. -I$(go list -f '{{ .Dir }}' github.com/google/certificate-transparency-go) --go_out=paths=source_relative:. client/configpb/multilog.proto"
|
132
vendor/github.com/google/certificate-transparency-go/serialization.go
generated
vendored
132
vendor/github.com/google/certificate-transparency-go/serialization.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2015 Google Inc. All Rights Reserved.
|
||||
// Copyright 2015 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -17,9 +17,7 @@ package ct
|
|||
import (
|
||||
"crypto"
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/google/certificate-transparency-go/tls"
|
||||
|
@ -46,8 +44,6 @@ func SerializeSCTSignatureInput(sct SignedCertificateTimestamp, entry LogEntry)
|
|||
IssuerKeyHash: entry.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash,
|
||||
TBSCertificate: entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate,
|
||||
}
|
||||
case XJSONLogEntryType:
|
||||
input.JSONEntry = entry.Leaf.TimestampedEntry.JSONEntry
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported entry type %s", entry.Leaf.TimestampedEntry.EntryType)
|
||||
}
|
||||
|
@ -92,32 +88,6 @@ func CreateX509MerkleTreeLeaf(cert ASN1Cert, timestamp uint64) *MerkleTreeLeaf {
|
|||
}
|
||||
}
|
||||
|
||||
// CreateJSONMerkleTreeLeaf creates the merkle tree leaf for json data.
|
||||
func CreateJSONMerkleTreeLeaf(data interface{}, timestamp uint64) *MerkleTreeLeaf {
|
||||
jsonData, err := json.Marshal(AddJSONRequest{Data: data})
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
// Match the JSON serialization implemented by json-c
|
||||
jsonStr := strings.Replace(string(jsonData), ":", ": ", -1)
|
||||
jsonStr = strings.Replace(jsonStr, ",", ", ", -1)
|
||||
jsonStr = strings.Replace(jsonStr, "{", "{ ", -1)
|
||||
jsonStr = strings.Replace(jsonStr, "}", " }", -1)
|
||||
jsonStr = strings.Replace(jsonStr, "/", `\/`, -1)
|
||||
// TODO: Pending google/certificate-transparency#1243, replace with
|
||||
// ObjectHash once supported by CT server.
|
||||
|
||||
return &MerkleTreeLeaf{
|
||||
Version: V1,
|
||||
LeafType: TimestampedEntryLeafType,
|
||||
TimestampedEntry: &TimestampedEntry{
|
||||
Timestamp: timestamp,
|
||||
EntryType: XJSONLogEntryType,
|
||||
JSONEntry: &JSONDataEntry{Data: []byte(jsonStr)},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// MerkleTreeLeafFromRawChain generates a MerkleTreeLeaf from a chain (in DER-encoded form) and timestamp.
|
||||
func MerkleTreeLeafFromRawChain(rawChain []ASN1Cert, etype LogEntryType, timestamp uint64) (*MerkleTreeLeaf, error) {
|
||||
// Need at most 3 of the chain
|
||||
|
@ -128,7 +98,7 @@ func MerkleTreeLeafFromRawChain(rawChain []ASN1Cert, etype LogEntryType, timesta
|
|||
chain := make([]*x509.Certificate, count)
|
||||
for i := range chain {
|
||||
cert, err := x509.ParseCertificate(rawChain[i].Data)
|
||||
if err != nil {
|
||||
if x509.IsFatal(err) {
|
||||
return nil, fmt.Errorf("failed to parse chain[%d] cert: %v", i, err)
|
||||
}
|
||||
chain[i] = cert
|
||||
|
@ -248,60 +218,96 @@ func IsPreIssuer(issuer *x509.Certificate) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// LogEntryFromLeaf converts a LeafEntry object (which has the raw leaf data after JSON parsing)
|
||||
// into a LogEntry object (which includes x509.Certificate objects, after TLS and ASN.1 parsing).
|
||||
// Note that this function may return a valid LogEntry object and a non-nil error value, when
|
||||
// the error indicates a non-fatal parsing error (of type x509.NonFatalErrors).
|
||||
func LogEntryFromLeaf(index int64, leafEntry *LeafEntry) (*LogEntry, error) {
|
||||
var leaf MerkleTreeLeaf
|
||||
if rest, err := tls.Unmarshal(leafEntry.LeafInput, &leaf); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal MerkleTreeLeaf for index %d: %v", index, err)
|
||||
// RawLogEntryFromLeaf converts a LeafEntry object (which has the raw leaf data
|
||||
// after JSON parsing) into a RawLogEntry object (i.e. a TLS-parsed structure).
|
||||
func RawLogEntryFromLeaf(index int64, entry *LeafEntry) (*RawLogEntry, error) {
|
||||
ret := RawLogEntry{Index: index}
|
||||
if rest, err := tls.Unmarshal(entry.LeafInput, &ret.Leaf); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal MerkleTreeLeaf: %v", err)
|
||||
} else if len(rest) > 0 {
|
||||
return nil, fmt.Errorf("trailing data (%d bytes) after MerkleTreeLeaf for index %d", len(rest), index)
|
||||
return nil, fmt.Errorf("MerkleTreeLeaf: trailing data %d bytes", len(rest))
|
||||
}
|
||||
|
||||
var err error
|
||||
entry := LogEntry{Index: index, Leaf: leaf}
|
||||
switch leaf.TimestampedEntry.EntryType {
|
||||
switch eType := ret.Leaf.TimestampedEntry.EntryType; eType {
|
||||
case X509LogEntryType:
|
||||
var certChain CertificateChain
|
||||
if rest, err := tls.Unmarshal(leafEntry.ExtraData, &certChain); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal ExtraData for index %d: %v", index, err)
|
||||
if rest, err := tls.Unmarshal(entry.ExtraData, &certChain); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal CertificateChain: %v", err)
|
||||
} else if len(rest) > 0 {
|
||||
return nil, fmt.Errorf("trailing data (%d bytes) after CertificateChain for index %d", len(rest), index)
|
||||
}
|
||||
entry.Chain = certChain.Entries
|
||||
entry.X509Cert, err = leaf.X509Certificate()
|
||||
if _, ok := err.(x509.NonFatalErrors); !ok && err != nil {
|
||||
return nil, fmt.Errorf("failed to parse certificate in MerkleTreeLeaf for index %d: %v", index, err)
|
||||
return nil, fmt.Errorf("CertificateChain: trailing data %d bytes", len(rest))
|
||||
}
|
||||
ret.Cert = *ret.Leaf.TimestampedEntry.X509Entry
|
||||
ret.Chain = certChain.Entries
|
||||
|
||||
case PrecertLogEntryType:
|
||||
var precertChain PrecertChainEntry
|
||||
if rest, err := tls.Unmarshal(leafEntry.ExtraData, &precertChain); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal PrecertChainEntry for index %d: %v", index, err)
|
||||
if rest, err := tls.Unmarshal(entry.ExtraData, &precertChain); err != nil {
|
||||
return nil, fmt.Errorf("failed to unmarshal PrecertChainEntry: %v", err)
|
||||
} else if len(rest) > 0 {
|
||||
return nil, fmt.Errorf("trailing data (%d bytes) after PrecertChainEntry for index %d", len(rest), index)
|
||||
return nil, fmt.Errorf("PrecertChainEntry: trailing data %d bytes", len(rest))
|
||||
}
|
||||
entry.Chain = precertChain.CertificateChain
|
||||
ret.Cert = precertChain.PreCertificate
|
||||
ret.Chain = precertChain.CertificateChain
|
||||
|
||||
default:
|
||||
// TODO(pavelkalinnikov): Section 4.6 of RFC6962 implies that unknown types
|
||||
// are not errors. We should revisit how we process this case.
|
||||
return nil, fmt.Errorf("unknown entry type: %v", eType)
|
||||
}
|
||||
|
||||
return &ret, nil
|
||||
}
|
||||
|
||||
// ToLogEntry converts RawLogEntry to a LogEntry, which includes an x509-parsed
|
||||
// (pre-)certificate.
|
||||
//
|
||||
// Note that this function may return a valid LogEntry object and a non-nil
|
||||
// error value, when the error indicates a non-fatal parsing error.
|
||||
func (rle *RawLogEntry) ToLogEntry() (*LogEntry, error) {
|
||||
var err error
|
||||
entry := LogEntry{Index: rle.Index, Leaf: rle.Leaf, Chain: rle.Chain}
|
||||
|
||||
switch eType := rle.Leaf.TimestampedEntry.EntryType; eType {
|
||||
case X509LogEntryType:
|
||||
entry.X509Cert, err = rle.Leaf.X509Certificate()
|
||||
if x509.IsFatal(err) {
|
||||
return nil, fmt.Errorf("failed to parse certificate: %v", err)
|
||||
}
|
||||
|
||||
case PrecertLogEntryType:
|
||||
var tbsCert *x509.Certificate
|
||||
tbsCert, err = leaf.Precertificate()
|
||||
if _, ok := err.(x509.NonFatalErrors); !ok && err != nil {
|
||||
return nil, fmt.Errorf("failed to parse precertificate in MerkleTreeLeaf for index %d: %v", index, err)
|
||||
tbsCert, err = rle.Leaf.Precertificate()
|
||||
if x509.IsFatal(err) {
|
||||
return nil, fmt.Errorf("failed to parse precertificate: %v", err)
|
||||
}
|
||||
entry.Precert = &Precertificate{
|
||||
Submitted: precertChain.PreCertificate,
|
||||
IssuerKeyHash: leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash,
|
||||
Submitted: rle.Cert,
|
||||
IssuerKeyHash: rle.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash,
|
||||
TBSCertificate: tbsCert,
|
||||
}
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("saw unknown entry type at index %d: %v", index, leaf.TimestampedEntry.EntryType)
|
||||
return nil, fmt.Errorf("unknown entry type: %v", eType)
|
||||
}
|
||||
// err may hold a x509.NonFatalErrors object.
|
||||
|
||||
// err may be non-nil for a non-fatal error.
|
||||
return &entry, err
|
||||
}
|
||||
|
||||
// LogEntryFromLeaf converts a LeafEntry object (which has the raw leaf data
|
||||
// after JSON parsing) into a LogEntry object (which includes x509.Certificate
|
||||
// objects, after TLS and ASN.1 parsing).
|
||||
//
|
||||
// Note that this function may return a valid LogEntry object and a non-nil
|
||||
// error value, when the error indicates a non-fatal parsing error.
|
||||
func LogEntryFromLeaf(index int64, leaf *LeafEntry) (*LogEntry, error) {
|
||||
rle, err := RawLogEntryFromLeaf(index, leaf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return rle.ToLogEntry()
|
||||
}
|
||||
|
||||
// TimestampToTime converts a timestamp in the style of RFC 6962 (milliseconds
|
||||
// since UNIX epoch) to a Go Time.
|
||||
func TimestampToTime(ts uint64) time.Time {
|
||||
|
|
12
vendor/github.com/google/certificate-transparency-go/signatures.go
generated
vendored
12
vendor/github.com/google/certificate-transparency-go/signatures.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2015 Google Inc. All Rights Reserved.
|
||||
// Copyright 2015 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -55,7 +55,7 @@ func PublicKeyFromB64(b64PubKey string) (crypto.PublicKey, error) {
|
|||
|
||||
// SignatureVerifier can verify signatures on SCTs and STHs
|
||||
type SignatureVerifier struct {
|
||||
pubKey crypto.PublicKey
|
||||
PubKey crypto.PublicKey
|
||||
}
|
||||
|
||||
// NewSignatureVerifier creates a new SignatureVerifier using the passed in PublicKey.
|
||||
|
@ -80,17 +80,15 @@ func NewSignatureVerifier(pk crypto.PublicKey) (*SignatureVerifier, error) {
|
|||
|
||||
}
|
||||
default:
|
||||
return nil, fmt.Errorf("Unsupported public key type %v", pkType)
|
||||
return nil, fmt.Errorf("unsupported public key type %v", pkType)
|
||||
}
|
||||
|
||||
return &SignatureVerifier{
|
||||
pubKey: pk,
|
||||
}, nil
|
||||
return &SignatureVerifier{PubKey: pk}, nil
|
||||
}
|
||||
|
||||
// VerifySignature verifies the given signature sig matches the data.
|
||||
func (s SignatureVerifier) VerifySignature(data []byte, sig tls.DigitallySigned) error {
|
||||
return tls.VerifySignature(s.pubKey, data, sig)
|
||||
return tls.VerifySignature(s.PubKey, data, sig)
|
||||
}
|
||||
|
||||
// VerifySCTSignature verifies that the SCT's signature is valid for the given LogEntry.
|
||||
|
|
4
vendor/github.com/google/certificate-transparency-go/tls/signature.go
generated
vendored
4
vendor/github.com/google/certificate-transparency-go/tls/signature.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2016 Google Inc. All Rights Reserved.
|
||||
// Copyright 2016 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -16,7 +16,7 @@ package tls
|
|||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/dsa" //nolint:staticcheck
|
||||
"crypto/ecdsa"
|
||||
_ "crypto/md5" // For registration side-effect
|
||||
"crypto/rand"
|
||||
|
|
48
vendor/github.com/google/certificate-transparency-go/tls/tls.go
generated
vendored
48
vendor/github.com/google/certificate-transparency-go/tls/tls.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2016 Google Inc. All Rights Reserved.
|
||||
// Copyright 2016 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -106,41 +106,41 @@ var (
|
|||
//
|
||||
// For example, a TLS structure:
|
||||
//
|
||||
// enum { e1(1), e2(2) } EnumType;
|
||||
// struct {
|
||||
// EnumType sel;
|
||||
// select(sel) {
|
||||
// case e1: uint16
|
||||
// case e2: uint32
|
||||
// } data;
|
||||
// } VariantItem;
|
||||
// enum { e1(1), e2(2) } EnumType;
|
||||
// struct {
|
||||
// EnumType sel;
|
||||
// select(sel) {
|
||||
// case e1: uint16
|
||||
// case e2: uint32
|
||||
// } data;
|
||||
// } VariantItem;
|
||||
//
|
||||
// would have a corresponding Go type:
|
||||
//
|
||||
// type VariantItem struct {
|
||||
// Sel tls.Enum `tls:"maxval:2"`
|
||||
// Data16 *uint16 `tls:"selector:Sel,val:1"`
|
||||
// Data32 *uint32 `tls:"selector:Sel,val:2"`
|
||||
// }
|
||||
// type VariantItem struct {
|
||||
// Sel tls.Enum `tls:"maxval:2"`
|
||||
// Data16 *uint16 `tls:"selector:Sel,val:1"`
|
||||
// Data32 *uint32 `tls:"selector:Sel,val:2"`
|
||||
// }
|
||||
//
|
||||
// TLS fixed-length vectors of types other than opaque or uint8 are not supported.
|
||||
//
|
||||
// For TLS variable-length vectors that are themselves used in other vectors,
|
||||
// create a single-field structure to represent the inner type. For example, for:
|
||||
//
|
||||
// opaque InnerType<1..65535>;
|
||||
// struct {
|
||||
// InnerType inners<1,65535>;
|
||||
// } Something;
|
||||
// opaque InnerType<1..65535>;
|
||||
// struct {
|
||||
// InnerType inners<1,65535>;
|
||||
// } Something;
|
||||
//
|
||||
// convert to:
|
||||
//
|
||||
// type InnerType struct {
|
||||
// Val []byte `tls:"minlen:1,maxlen:65535"`
|
||||
// }
|
||||
// type Something struct {
|
||||
// Inners []InnerType `tls:"minlen:1,maxlen:65535"`
|
||||
// }
|
||||
// type InnerType struct {
|
||||
// Val []byte `tls:"minlen:1,maxlen:65535"`
|
||||
// }
|
||||
// type Something struct {
|
||||
// Inners []InnerType `tls:"minlen:1,maxlen:65535"`
|
||||
// }
|
||||
//
|
||||
// If the encoded value does not fit in the Go type, Unmarshal returns a parse error.
|
||||
func Unmarshal(b []byte, val interface{}) ([]byte, error) {
|
||||
|
|
4
vendor/github.com/google/certificate-transparency-go/tls/types.go
generated
vendored
4
vendor/github.com/google/certificate-transparency-go/tls/types.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2016 Google Inc. All Rights Reserved.
|
||||
// Copyright 2016 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -16,7 +16,7 @@ package tls
|
|||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/dsa" //nolint:staticcheck
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"fmt"
|
||||
|
|
87
vendor/github.com/google/certificate-transparency-go/types.go
generated
vendored
87
vendor/github.com/google/certificate-transparency-go/types.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2015 Google Inc. All Rights Reserved.
|
||||
// Copyright 2015 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
@ -31,14 +31,14 @@ import (
|
|||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// LogEntryType represents the LogEntryType enum from section 3.1:
|
||||
// enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType;
|
||||
//
|
||||
// enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType;
|
||||
type LogEntryType tls.Enum // tls:"maxval:65535"
|
||||
|
||||
// LogEntryType constants from section 3.1.
|
||||
const (
|
||||
X509LogEntryType LogEntryType = 0
|
||||
PrecertLogEntryType LogEntryType = 1
|
||||
XJSONLogEntryType LogEntryType = 0x8000 // Experimental. Don't rely on this!
|
||||
)
|
||||
|
||||
func (e LogEntryType) String() string {
|
||||
|
@ -47,8 +47,6 @@ func (e LogEntryType) String() string {
|
|||
return "X509LogEntryType"
|
||||
case PrecertLogEntryType:
|
||||
return "PrecertLogEntryType"
|
||||
case XJSONLogEntryType:
|
||||
return "XJSONLogEntryType"
|
||||
default:
|
||||
return fmt.Sprintf("UnknownEntryType(%d)", e)
|
||||
}
|
||||
|
@ -61,7 +59,8 @@ const (
|
|||
)
|
||||
|
||||
// MerkleLeafType represents the MerkleLeafType enum from section 3.4:
|
||||
// enum { timestamped_entry(0), (255) } MerkleLeafType;
|
||||
//
|
||||
// enum { timestamped_entry(0), (255) } MerkleLeafType;
|
||||
type MerkleLeafType tls.Enum // tls:"maxval:255"
|
||||
|
||||
// TimestampedEntryLeafType is the only defined MerkleLeafType constant from section 3.4.
|
||||
|
@ -77,7 +76,8 @@ func (m MerkleLeafType) String() string {
|
|||
}
|
||||
|
||||
// Version represents the Version enum from section 3.2:
|
||||
// enum { v1(0), (255) } Version;
|
||||
//
|
||||
// enum { v1(0), (255) } Version;
|
||||
type Version tls.Enum // tls:"maxval:255"
|
||||
|
||||
// CT Version constants from section 3.2.
|
||||
|
@ -95,7 +95,8 @@ func (v Version) String() string {
|
|||
}
|
||||
|
||||
// SignatureType differentiates STH signatures from SCT signatures, see section 3.2.
|
||||
// enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType;
|
||||
//
|
||||
// enum { certificate_timestamp(0), tree_hash(1), (255) } SignatureType;
|
||||
type SignatureType tls.Enum // tls:"maxval:255"
|
||||
|
||||
// SignatureType constants from section 3.2.
|
||||
|
@ -135,7 +136,7 @@ type PreCert struct {
|
|||
|
||||
// CTExtensions is a representation of the raw bytes of any CtExtension
|
||||
// structure (see section 3.2).
|
||||
// nolint: golint
|
||||
// nolint: revive
|
||||
type CTExtensions []byte // tls:"minlen:0,maxlen:65535"`
|
||||
|
||||
// MerkleTreeNode represents an internal node in the CT tree.
|
||||
|
@ -199,6 +200,25 @@ func (d *DigitallySigned) UnmarshalJSON(b []byte) error {
|
|||
return d.FromBase64String(content)
|
||||
}
|
||||
|
||||
// RawLogEntry represents the (TLS-parsed) contents of an entry in a CT log.
|
||||
type RawLogEntry struct {
|
||||
// Index is a position of the entry in the log.
|
||||
Index int64
|
||||
// Leaf is a parsed Merkle leaf hash input.
|
||||
Leaf MerkleTreeLeaf
|
||||
// Cert is:
|
||||
// - A certificate if Leaf.TimestampedEntry.EntryType is X509LogEntryType.
|
||||
// - A precertificate if Leaf.TimestampedEntry.EntryType is
|
||||
// PrecertLogEntryType, in the form of a DER-encoded Certificate as
|
||||
// originally added (which includes the poison extension and a signature
|
||||
// generated over the pre-cert by the pre-cert issuer).
|
||||
// - Empty otherwise.
|
||||
Cert ASN1Cert
|
||||
// Chain is the issuing certificate chain starting with the issuer of Cert,
|
||||
// or an empty slice if Cert is empty.
|
||||
Chain []ASN1Cert
|
||||
}
|
||||
|
||||
// LogEntry represents the (parsed) contents of an entry in a CT log. This is described
|
||||
// in section 3.1, but note that this structure does *not* match the TLS structure
|
||||
// defined there (the TLS structure is never used directly in RFC6962).
|
||||
|
@ -279,6 +299,23 @@ type SignedTreeHead struct {
|
|||
LogID SHA256Hash `json:"log_id"` // The SHA256 hash of the log's public key
|
||||
}
|
||||
|
||||
func (s SignedTreeHead) String() string {
|
||||
sigStr, err := s.TreeHeadSignature.Base64String()
|
||||
if err != nil {
|
||||
sigStr = tls.DigitallySigned(s.TreeHeadSignature).String()
|
||||
}
|
||||
|
||||
// If the LogID field in the SignedTreeHead is empty, don't include it in
|
||||
// the string.
|
||||
var logIDStr string
|
||||
if id, empty := s.LogID, (SHA256Hash{}); id != empty {
|
||||
logIDStr = fmt.Sprintf("LogID:%s, ", id.Base64String())
|
||||
}
|
||||
|
||||
return fmt.Sprintf("{%sTreeSize:%d, Timestamp:%d, SHA256RootHash:%q, TreeHeadSignature:%q}",
|
||||
logIDStr, s.TreeSize, s.Timestamp, s.SHA256RootHash.Base64String(), sigStr)
|
||||
}
|
||||
|
||||
// TreeHeadSignature holds the data over which the signature in an STH is
|
||||
// generated; see section 3.5
|
||||
type TreeHeadSignature struct {
|
||||
|
@ -426,6 +463,36 @@ type AddChainResponse struct {
|
|||
Signature []byte `json:"signature"` // Log signature for this SCT
|
||||
}
|
||||
|
||||
// ToSignedCertificateTimestamp creates a SignedCertificateTimestamp from the
|
||||
// AddChainResponse.
|
||||
func (r *AddChainResponse) ToSignedCertificateTimestamp() (*SignedCertificateTimestamp, error) {
|
||||
sct := SignedCertificateTimestamp{
|
||||
SCTVersion: r.SCTVersion,
|
||||
Timestamp: r.Timestamp,
|
||||
}
|
||||
|
||||
if len(r.ID) != sha256.Size {
|
||||
return nil, fmt.Errorf("id is invalid length, expected %d got %d", sha256.Size, len(r.ID))
|
||||
}
|
||||
copy(sct.LogID.KeyID[:], r.ID)
|
||||
|
||||
exts, err := base64.StdEncoding.DecodeString(r.Extensions)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid base64 data in Extensions (%q): %v", r.Extensions, err)
|
||||
}
|
||||
sct.Extensions = CTExtensions(exts)
|
||||
|
||||
var ds DigitallySigned
|
||||
if rest, err := tls.Unmarshal(r.Signature, &ds); err != nil {
|
||||
return nil, fmt.Errorf("tls.Unmarshal(): %s", err)
|
||||
} else if len(rest) > 0 {
|
||||
return nil, fmt.Errorf("trailing data (%d bytes) after DigitallySigned", len(rest))
|
||||
}
|
||||
sct.Signature = ds
|
||||
|
||||
return &sct, nil
|
||||
}
|
||||
|
||||
// AddJSONRequest represents the JSON request body sent to the add-json POST method.
|
||||
// The corresponding response re-uses AddChainResponse.
|
||||
// This is an experimental addition not covered by RFC6962.
|
||||
|
@ -433,7 +500,7 @@ type AddJSONRequest struct {
|
|||
Data interface{} `json:"data"`
|
||||
}
|
||||
|
||||
// GetSTHResponse respresents the JSON response to the get-sth GET method from section 4.3.
|
||||
// GetSTHResponse represents the JSON response to the get-sth GET method from section 4.3.
|
||||
type GetSTHResponse struct {
|
||||
TreeSize uint64 `json:"tree_size"` // Number of certs in the current tree
|
||||
Timestamp uint64 `json:"timestamp"` // Time that the tree was created
|
||||
|
|
7
vendor/github.com/google/certificate-transparency-go/x509/README.md
generated
vendored
Normal file
7
vendor/github.com/google/certificate-transparency-go/x509/README.md
generated
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Important Notice
|
||||
|
||||
This is a fork of the `crypto/x509` Go package. The original source can be found on
|
||||
[GitHub](https://github.com/golang/go).
|
||||
|
||||
Be careful about making local modifications to this code as it will
|
||||
make maintenance harder in future.
|
54
vendor/github.com/google/certificate-transparency-go/x509/cert_pool.go
generated
vendored
54
vendor/github.com/google/certificate-transparency-go/x509/cert_pool.go
generated
vendored
|
@ -25,45 +25,61 @@ func NewCertPool() *CertPool {
|
|||
}
|
||||
}
|
||||
|
||||
func (s *CertPool) copy() *CertPool {
|
||||
p := &CertPool{
|
||||
bySubjectKeyId: make(map[string][]int, len(s.bySubjectKeyId)),
|
||||
byName: make(map[string][]int, len(s.byName)),
|
||||
certs: make([]*Certificate, len(s.certs)),
|
||||
}
|
||||
for k, v := range s.bySubjectKeyId {
|
||||
indexes := make([]int, len(v))
|
||||
copy(indexes, v)
|
||||
p.bySubjectKeyId[k] = indexes
|
||||
}
|
||||
for k, v := range s.byName {
|
||||
indexes := make([]int, len(v))
|
||||
copy(indexes, v)
|
||||
p.byName[k] = indexes
|
||||
}
|
||||
copy(p.certs, s.certs)
|
||||
return p
|
||||
}
|
||||
|
||||
// SystemCertPool returns a copy of the system cert pool.
|
||||
//
|
||||
// Any mutations to the returned pool are not written to disk and do
|
||||
// not affect any other pool.
|
||||
// not affect any other pool returned by SystemCertPool.
|
||||
//
|
||||
// New changes in the system cert pool might not be reflected
|
||||
// in subsequent calls.
|
||||
func SystemCertPool() (*CertPool, error) {
|
||||
if runtime.GOOS == "windows" {
|
||||
// Issue 16736, 18609:
|
||||
return nil, errors.New("crypto/x509: system root pool is not available on Windows")
|
||||
}
|
||||
|
||||
if sysRoots := systemRootsPool(); sysRoots != nil {
|
||||
return sysRoots.copy(), nil
|
||||
}
|
||||
|
||||
return loadSystemRoots()
|
||||
}
|
||||
|
||||
// findVerifiedParents attempts to find certificates in s which have signed the
|
||||
// given certificate. If any candidates were rejected then errCert will be set
|
||||
// to one of them, arbitrarily, and err will contain the reason that it was
|
||||
// rejected.
|
||||
func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int, errCert *Certificate, err error) {
|
||||
// findPotentialParents returns the indexes of certificates in s which might
|
||||
// have signed cert. The caller must not modify the returned slice.
|
||||
func (s *CertPool) findPotentialParents(cert *Certificate) []int {
|
||||
if s == nil {
|
||||
return
|
||||
return nil
|
||||
}
|
||||
var candidates []int
|
||||
|
||||
var candidates []int
|
||||
if len(cert.AuthorityKeyId) > 0 {
|
||||
candidates = s.bySubjectKeyId[string(cert.AuthorityKeyId)]
|
||||
}
|
||||
if len(candidates) == 0 {
|
||||
candidates = s.byName[string(cert.RawIssuer)]
|
||||
}
|
||||
|
||||
for _, c := range candidates {
|
||||
if err = cert.CheckSignatureFrom(s.certs[c]); err == nil {
|
||||
parents = append(parents, c)
|
||||
} else {
|
||||
errCert = s.certs[c]
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
return candidates
|
||||
}
|
||||
|
||||
func (s *CertPool) contains(cert *Certificate) bool {
|
||||
|
@ -121,7 +137,7 @@ func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) {
|
|||
}
|
||||
|
||||
cert, err := ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
if IsFatal(err) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
37
vendor/github.com/google/certificate-transparency-go/x509/curves.go
generated
vendored
Normal file
37
vendor/github.com/google/certificate-transparency-go/x509/curves.go
generated
vendored
Normal file
|
@ -0,0 +1,37 @@
|
|||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package x509
|
||||
|
||||
import (
|
||||
"crypto/elliptic"
|
||||
"math/big"
|
||||
"sync"
|
||||
)
|
||||
|
||||
// This file holds ECC curves that are not supported by the main Go crypto/elliptic
|
||||
// library, but which have been observed in certificates in the wild.
|
||||
|
||||
var initonce sync.Once
|
||||
var p192r1 *elliptic.CurveParams
|
||||
|
||||
func initAllCurves() {
|
||||
initSECP192R1()
|
||||
}
|
||||
|
||||
func initSECP192R1() {
|
||||
// See SEC-2, section 2.2.2
|
||||
p192r1 = &elliptic.CurveParams{Name: "P-192"}
|
||||
p192r1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16)
|
||||
p192r1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 16)
|
||||
p192r1.B, _ = new(big.Int).SetString("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 16)
|
||||
p192r1.Gx, _ = new(big.Int).SetString("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 16)
|
||||
p192r1.Gy, _ = new(big.Int).SetString("07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 16)
|
||||
p192r1.BitSize = 192
|
||||
}
|
||||
|
||||
func secp192r1() elliptic.Curve {
|
||||
initonce.Do(initAllCurves)
|
||||
return p192r1
|
||||
}
|
6
vendor/github.com/google/certificate-transparency-go/x509/error.go
generated
vendored
6
vendor/github.com/google/certificate-transparency-go/x509/error.go
generated
vendored
|
@ -163,12 +163,18 @@ func (e *Errors) Fatal() bool {
|
|||
|
||||
// Empty indicates whether e has no errors.
|
||||
func (e *Errors) Empty() bool {
|
||||
if e == nil {
|
||||
return true
|
||||
}
|
||||
return len(e.Errs) == 0
|
||||
}
|
||||
|
||||
// FirstFatal returns the first fatal error in e, or nil
|
||||
// if there is no fatal error.
|
||||
func (e *Errors) FirstFatal() error {
|
||||
if e == nil {
|
||||
return nil
|
||||
}
|
||||
for _, err := range e.Errs {
|
||||
if err.Fatal {
|
||||
return err
|
||||
|
|
7
vendor/github.com/google/certificate-transparency-go/x509/names.go
generated
vendored
7
vendor/github.com/google/certificate-transparency-go/x509/names.go
generated
vendored
|
@ -27,9 +27,10 @@ const (
|
|||
|
||||
// OtherName describes a name related to a certificate which is not in one
|
||||
// of the standard name formats. RFC 5280, 4.2.1.6:
|
||||
// OtherName ::= SEQUENCE {
|
||||
// type-id OBJECT IDENTIFIER,
|
||||
// value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
//
|
||||
// OtherName ::= SEQUENCE {
|
||||
// type-id OBJECT IDENTIFIER,
|
||||
// value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
type OtherName struct {
|
||||
TypeID asn1.ObjectIdentifier
|
||||
Value asn1.RawValue
|
||||
|
|
26
vendor/github.com/google/certificate-transparency-go/x509/nilref_nil_darwin.go
generated
vendored
26
vendor/github.com/google/certificate-transparency-go/x509/nilref_nil_darwin.go
generated
vendored
|
@ -1,26 +0,0 @@
|
|||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build cgo,!arm,!arm64,!ios,!go1.10
|
||||
|
||||
package x509
|
||||
|
||||
/*
|
||||
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
|
||||
#cgo LDFLAGS: -framework CoreFoundation -framework Security
|
||||
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
*/
|
||||
import "C"
|
||||
|
||||
// For Go versions before 1.10, nil values for Apple's CoreFoundation
|
||||
// CF*Ref types were represented by nil. See:
|
||||
// https://github.com/golang/go/commit/b868616b63a8
|
||||
func setNilCFRef(v *C.CFDataRef) {
|
||||
*v = nil
|
||||
}
|
||||
|
||||
func isNilCFRef(v C.CFDataRef) bool {
|
||||
return v == nil
|
||||
}
|
26
vendor/github.com/google/certificate-transparency-go/x509/nilref_zero_darwin.go
generated
vendored
26
vendor/github.com/google/certificate-transparency-go/x509/nilref_zero_darwin.go
generated
vendored
|
@ -1,26 +0,0 @@
|
|||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build cgo,!arm,!arm64,!ios,go1.10
|
||||
|
||||
package x509
|
||||
|
||||
/*
|
||||
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
|
||||
#cgo LDFLAGS: -framework CoreFoundation -framework Security
|
||||
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
*/
|
||||
import "C"
|
||||
|
||||
// For Go versions >= 1.10, nil values for Apple's CoreFoundation
|
||||
// CF*Ref types are represented by zero. See:
|
||||
// https://github.com/golang/go/commit/b868616b63a8
|
||||
func setNilCFRef(v *C.CFDataRef) {
|
||||
*v = 0
|
||||
}
|
||||
|
||||
func isNilCFRef(v C.CFDataRef) bool {
|
||||
return v == 0
|
||||
}
|
2
vendor/github.com/google/certificate-transparency-go/x509/pem_decrypt.go
generated
vendored
2
vendor/github.com/google/certificate-transparency-go/x509/pem_decrypt.go
generated
vendored
|
@ -203,7 +203,7 @@ func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, al
|
|||
// the data separately, but it doesn't seem worth the additional
|
||||
// code.
|
||||
copy(encrypted, data)
|
||||
// See RFC 1423, section 1.1
|
||||
// See RFC 1423, Section 1.1.
|
||||
for i := 0; i < pad; i++ {
|
||||
encrypted = append(encrypted, byte(pad))
|
||||
}
|
||||
|
|
25
vendor/github.com/google/certificate-transparency-go/x509/pkcs1.go
generated
vendored
25
vendor/github.com/google/certificate-transparency-go/x509/pkcs1.go
generated
vendored
|
@ -42,7 +42,9 @@ type pkcs1PublicKey struct {
|
|||
E int
|
||||
}
|
||||
|
||||
// ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.
|
||||
// ParsePKCS1PrivateKey parses an RSA private key in PKCS#1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "RSA PRIVATE KEY".
|
||||
func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) {
|
||||
var priv pkcs1PrivateKey
|
||||
rest, err := asn1.Unmarshal(der, &priv)
|
||||
|
@ -50,6 +52,12 @@ func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) {
|
|||
return nil, asn1.SyntaxError{Msg: "trailing data"}
|
||||
}
|
||||
if err != nil {
|
||||
if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
|
||||
}
|
||||
if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
@ -89,7 +97,11 @@ func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) {
|
|||
return key, nil
|
||||
}
|
||||
|
||||
// MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.
|
||||
// MarshalPKCS1PrivateKey converts an RSA private key to PKCS#1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "RSA PRIVATE KEY".
|
||||
// For a more flexible key format which is not RSA specific, use
|
||||
// MarshalPKCS8PrivateKey.
|
||||
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte {
|
||||
key.Precompute()
|
||||
|
||||
|
@ -121,11 +133,16 @@ func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte {
|
|||
return b
|
||||
}
|
||||
|
||||
// ParsePKCS1PublicKey parses a PKCS#1 public key in ASN.1 DER form.
|
||||
// ParsePKCS1PublicKey parses an RSA public key in PKCS#1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "RSA PUBLIC KEY".
|
||||
func ParsePKCS1PublicKey(der []byte) (*rsa.PublicKey, error) {
|
||||
var pub pkcs1PublicKey
|
||||
rest, err := asn1.Unmarshal(der, &pub)
|
||||
if err != nil {
|
||||
if _, err := asn1.Unmarshal(der, &publicKeyInfo{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse public key (use ParsePKIXPublicKey instead for this key format)")
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
if len(rest) > 0 {
|
||||
|
@ -146,6 +163,8 @@ func ParsePKCS1PublicKey(der []byte) (*rsa.PublicKey, error) {
|
|||
}
|
||||
|
||||
// MarshalPKCS1PublicKey converts an RSA public key to PKCS#1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "RSA PUBLIC KEY".
|
||||
func MarshalPKCS1PublicKey(key *rsa.PublicKey) []byte {
|
||||
derBytes, _ := asn1.Marshal(pkcs1PublicKey{
|
||||
N: key.N,
|
||||
|
|
53
vendor/github.com/google/certificate-transparency-go/x509/pkcs8.go
generated
vendored
53
vendor/github.com/google/certificate-transparency-go/x509/pkcs8.go
generated
vendored
|
@ -12,6 +12,9 @@ import (
|
|||
|
||||
"github.com/google/certificate-transparency-go/asn1"
|
||||
"github.com/google/certificate-transparency-go/x509/pkix"
|
||||
|
||||
// TODO(robpercival): change this to crypto/ed25519 when Go 1.13 is min version
|
||||
"golang.org/x/crypto/ed25519"
|
||||
)
|
||||
|
||||
// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
|
||||
|
@ -24,11 +27,21 @@ type pkcs8 struct {
|
|||
// optional attributes omitted.
|
||||
}
|
||||
|
||||
// ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key.
|
||||
// See RFC 5208.
|
||||
// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS#8, ASN.1 DER form.
|
||||
//
|
||||
// It returns a *rsa.PrivateKey, a *ecdsa.PrivateKey, or a ed25519.PrivateKey.
|
||||
// More types might be supported in the future.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
|
||||
func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
|
||||
var privKey pkcs8
|
||||
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
|
||||
if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
|
||||
}
|
||||
if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
switch {
|
||||
|
@ -51,16 +64,30 @@ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
|
|||
}
|
||||
return key, nil
|
||||
|
||||
case privKey.Algo.Algorithm.Equal(OIDPublicKeyEd25519):
|
||||
if l := len(privKey.Algo.Parameters.FullBytes); l != 0 {
|
||||
return nil, errors.New("x509: invalid Ed25519 private key parameters")
|
||||
}
|
||||
var curvePrivateKey []byte
|
||||
if _, err := asn1.Unmarshal(privKey.PrivateKey, &curvePrivateKey); err != nil {
|
||||
return nil, fmt.Errorf("x509: invalid Ed25519 private key: %v", err)
|
||||
}
|
||||
if l := len(curvePrivateKey); l != ed25519.SeedSize {
|
||||
return nil, fmt.Errorf("x509: invalid Ed25519 private key length: %d", l)
|
||||
}
|
||||
return ed25519.NewKeyFromSeed(curvePrivateKey), nil
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
|
||||
}
|
||||
}
|
||||
|
||||
// MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form.
|
||||
// The following key types are supported: *rsa.PrivateKey, *ecdsa.PublicKey.
|
||||
// Unsupported key types result in an error.
|
||||
// MarshalPKCS8PrivateKey converts a private key to PKCS#8, ASN.1 DER form.
|
||||
//
|
||||
// See RFC 5208.
|
||||
// The following key types are currently supported: *rsa.PrivateKey, *ecdsa.PrivateKey
|
||||
// and ed25519.PrivateKey. Unsupported key types result in an error.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
|
||||
func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
|
||||
var privKey pkcs8
|
||||
|
||||
|
@ -75,7 +102,7 @@ func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
|
|||
case *ecdsa.PrivateKey:
|
||||
oid, ok := OIDFromNamedCurve(k.Curve)
|
||||
if !ok {
|
||||
return nil, errors.New("x509: unknown curve while marshalling to PKCS#8")
|
||||
return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
|
||||
}
|
||||
|
||||
oidBytes, err := asn1.Marshal(oid)
|
||||
|
@ -94,8 +121,18 @@ func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
|
|||
return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
|
||||
}
|
||||
|
||||
case ed25519.PrivateKey:
|
||||
privKey.Algo = pkix.AlgorithmIdentifier{
|
||||
Algorithm: OIDPublicKeyEd25519,
|
||||
}
|
||||
curvePrivateKey, err := asn1.Marshal(k.Seed())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("x509: failed to marshal private key: %v", err)
|
||||
}
|
||||
privKey.PrivateKey = curvePrivateKey
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("x509: unknown key type while marshalling PKCS#8: %T", key)
|
||||
return nil, fmt.Errorf("x509: unknown key type while marshaling PKCS#8: %T", key)
|
||||
}
|
||||
|
||||
return asn1.Marshal(privKey)
|
||||
|
|
10
vendor/github.com/google/certificate-transparency-go/x509/pkix/pkix.go
generated
vendored
10
vendor/github.com/google/certificate-transparency-go/x509/pkix/pkix.go
generated
vendored
|
@ -7,14 +7,12 @@
|
|||
package pkix
|
||||
|
||||
import (
|
||||
// START CT CHANGES
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/certificate-transparency-go/asn1"
|
||||
// END CT CHANGES
|
||||
"math/big"
|
||||
"time"
|
||||
|
||||
"github.com/google/certificate-transparency-go/asn1"
|
||||
)
|
||||
|
||||
// AlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC
|
||||
|
@ -98,7 +96,7 @@ func (r RDNSequence) String() string {
|
|||
type RelativeDistinguishedNameSET []AttributeTypeAndValue
|
||||
|
||||
// AttributeTypeAndValue mirrors the ASN.1 structure of the same name in
|
||||
// http://tools.ietf.org/html/rfc5280#section-4.1.2.4
|
||||
// RFC 5280, Section 4.1.2.4.
|
||||
type AttributeTypeAndValue struct {
|
||||
Type asn1.ObjectIdentifier
|
||||
Value interface{}
|
||||
|
@ -240,7 +238,7 @@ func (n Name) String() string {
|
|||
return n.ToRDNSequence().String()
|
||||
}
|
||||
|
||||
// oidInAttributeTypeAndValue returns whether a type with the given OID exists
|
||||
// oidInAttributeTypeAndValue reports whether a type with the given OID exists
|
||||
// in atv.
|
||||
func oidInAttributeTypeAndValue(oid asn1.ObjectIdentifier, atv []AttributeTypeAndValue) bool {
|
||||
for _, a := range atv {
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/x509/ptr_sysptr_windows.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/ptr_sysptr_windows.go
generated
vendored
|
@ -2,6 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.11
|
||||
// +build go1.11
|
||||
|
||||
package x509
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/x509/ptr_uint_windows.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/ptr_uint_windows.go
generated
vendored
|
@ -2,6 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !go1.11
|
||||
// +build !go1.11
|
||||
|
||||
package x509
|
||||
|
|
11
vendor/github.com/google/certificate-transparency-go/x509/revoked.go
generated
vendored
11
vendor/github.com/google/certificate-transparency-go/x509/revoked.go
generated
vendored
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2017 Google Inc. All Rights Reserved.
|
||||
// Copyright 2017 Google LLC. All Rights Reserved.
|
||||
//
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
@ -14,12 +14,15 @@ import (
|
|||
"github.com/google/certificate-transparency-go/x509/pkix"
|
||||
)
|
||||
|
||||
// OID values for CRL extensions (TBSCertList.Extensions), RFC 5280 s5.2.
|
||||
var (
|
||||
// OID values for CRL extensions (TBSCertList.Extensions), RFC 5280 s5.2.
|
||||
OIDExtensionCRLNumber = asn1.ObjectIdentifier{2, 5, 29, 20}
|
||||
OIDExtensionDeltaCRLIndicator = asn1.ObjectIdentifier{2, 5, 29, 27}
|
||||
OIDExtensionIssuingDistributionPoint = asn1.ObjectIdentifier{2, 5, 29, 28}
|
||||
// OID values for CRL entry extensions (RevokedCertificate.Extensions), RFC 5280 s5.3
|
||||
)
|
||||
|
||||
// OID values for CRL entry extensions (RevokedCertificate.Extensions), RFC 5280 s5.3
|
||||
var (
|
||||
OIDExtensionCRLReasons = asn1.ObjectIdentifier{2, 5, 29, 21}
|
||||
OIDExtensionInvalidityDate = asn1.ObjectIdentifier{2, 5, 29, 24}
|
||||
OIDExtensionCertificateIssuer = asn1.ObjectIdentifier{2, 5, 29, 29}
|
||||
|
@ -238,7 +241,7 @@ func ParseCertificateListDER(derBytes []byte) (*CertificateList, error) {
|
|||
}
|
||||
case e.Id.Equal(OIDExtensionAuthorityInfoAccess):
|
||||
// RFC 5280 s5.2.7
|
||||
var aia []authorityInfoAccess
|
||||
var aia []accessDescription
|
||||
if rest, err := asn1.Unmarshal(e.Value, &aia); err != nil {
|
||||
errs.AddID(ErrInvalidCertListAuthInfoAccess, err)
|
||||
} else if len(rest) != 0 {
|
||||
|
|
3
vendor/github.com/google/certificate-transparency-go/x509/root.go
generated
vendored
3
vendor/github.com/google/certificate-transparency-go/x509/root.go
generated
vendored
|
@ -19,4 +19,7 @@ func systemRootsPool() *CertPool {
|
|||
|
||||
func initSystemRoots() {
|
||||
systemRoots, systemRootsErr = loadSystemRoots()
|
||||
if systemRootsErr != nil {
|
||||
systemRoots = nil
|
||||
}
|
||||
}
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/x509/root_bsd.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/root_bsd.go
generated
vendored
|
@ -2,6 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build dragonfly || freebsd || netbsd || openbsd
|
||||
// +build dragonfly freebsd netbsd openbsd
|
||||
|
||||
package x509
|
||||
|
|
355
vendor/github.com/google/certificate-transparency-go/x509/root_cgo_darwin.go
generated
vendored
355
vendor/github.com/google/certificate-transparency-go/x509/root_cgo_darwin.go
generated
vendored
|
@ -2,12 +2,13 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build cgo && !arm && !arm64 && !ios
|
||||
// +build cgo,!arm,!arm64,!ios
|
||||
|
||||
package x509
|
||||
|
||||
/*
|
||||
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
|
||||
#cgo CFLAGS: -mmacosx-version-min=10.10 -D__MAC_OS_X_VERSION_MAX_ALLOWED=101300
|
||||
#cgo LDFLAGS: -framework CoreFoundation -framework Security
|
||||
|
||||
#include <errno.h>
|
||||
|
@ -16,60 +17,142 @@ package x509
|
|||
#include <CoreFoundation/CoreFoundation.h>
|
||||
#include <Security/Security.h>
|
||||
|
||||
// FetchPEMRootsCTX509_MountainLion is the version of FetchPEMRoots from Go 1.6
|
||||
// which still works on OS X 10.8 (Mountain Lion).
|
||||
// It lacks support for admin & user cert domains.
|
||||
// See golang.org/issue/16473
|
||||
int FetchPEMRootsCTX509_MountainLion(CFDataRef *pemRoots) {
|
||||
if (pemRoots == NULL) {
|
||||
return -1;
|
||||
static Boolean isSSLPolicy(SecPolicyRef policyRef) {
|
||||
if (!policyRef) {
|
||||
return false;
|
||||
}
|
||||
CFArrayRef certs = NULL;
|
||||
OSStatus err = SecTrustCopyAnchorCertificates(&certs);
|
||||
if (err != noErr) {
|
||||
return -1;
|
||||
CFDictionaryRef properties = SecPolicyCopyProperties(policyRef);
|
||||
if (properties == NULL) {
|
||||
return false;
|
||||
}
|
||||
CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
int i, ncerts = CFArrayGetCount(certs);
|
||||
for (i = 0; i < ncerts; i++) {
|
||||
CFDataRef data = NULL;
|
||||
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
|
||||
if (cert == NULL) {
|
||||
continue;
|
||||
}
|
||||
// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
|
||||
// Once we support weak imports via cgo we should prefer that, and fall back to this
|
||||
// for older systems.
|
||||
err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
|
||||
if (err != noErr) {
|
||||
continue;
|
||||
}
|
||||
if (data != NULL) {
|
||||
CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
|
||||
CFRelease(data);
|
||||
}
|
||||
Boolean isSSL = false;
|
||||
CFTypeRef value = NULL;
|
||||
if (CFDictionaryGetValueIfPresent(properties, kSecPolicyOid, (const void **)&value)) {
|
||||
isSSL = CFEqual(value, kSecPolicyAppleSSL);
|
||||
}
|
||||
CFRelease(certs);
|
||||
*pemRoots = combinedData;
|
||||
return 0;
|
||||
CFRelease(properties);
|
||||
return isSSL;
|
||||
}
|
||||
|
||||
// useOldCodeCTX509 reports whether the running machine is OS X 10.8 Mountain Lion
|
||||
// or older. We only support Mountain Lion and higher, but we'll at least try our
|
||||
// best on older machines and continue to use the old code path.
|
||||
//
|
||||
// See golang.org/issue/16473
|
||||
int useOldCodeCTX509() {
|
||||
char str[256];
|
||||
size_t size = sizeof(str);
|
||||
memset(str, 0, size);
|
||||
sysctlbyname("kern.osrelease", str, &size, NULL, 0);
|
||||
// OS X 10.8 is osrelease "12.*", 10.7 is 11.*, 10.6 is 10.*.
|
||||
// We never supported things before that.
|
||||
return memcmp(str, "12.", 3) == 0 || memcmp(str, "11.", 3) == 0 || memcmp(str, "10.", 3) == 0;
|
||||
// sslTrustSettingsResult obtains the final kSecTrustSettingsResult value
|
||||
// for a certificate in the user or admin domain, combining usage constraints
|
||||
// for the SSL SecTrustSettingsPolicy, ignoring SecTrustSettingsKeyUsage and
|
||||
// kSecTrustSettingsAllowedError.
|
||||
// https://developer.apple.com/documentation/security/1400261-sectrustsettingscopytrustsetting
|
||||
static SInt32 sslTrustSettingsResult(SecCertificateRef cert) {
|
||||
CFArrayRef trustSettings = NULL;
|
||||
OSStatus err = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainUser, &trustSettings);
|
||||
|
||||
// According to Apple's SecTrustServer.c, "user trust settings overrule admin trust settings",
|
||||
// but the rules of the override are unclear. Let's assume admin trust settings are applicable
|
||||
// if and only if user trust settings fail to load or are NULL.
|
||||
if (err != errSecSuccess || trustSettings == NULL) {
|
||||
if (trustSettings != NULL) CFRelease(trustSettings);
|
||||
err = SecTrustSettingsCopyTrustSettings(cert, kSecTrustSettingsDomainAdmin, &trustSettings);
|
||||
}
|
||||
|
||||
// > no trust settings [...] means "this certificate must be verified to a known trusted certificate”
|
||||
// (Should this cause a fallback from user to admin domain? It's unclear.)
|
||||
if (err != errSecSuccess || trustSettings == NULL) {
|
||||
if (trustSettings != NULL) CFRelease(trustSettings);
|
||||
return kSecTrustSettingsResultUnspecified;
|
||||
}
|
||||
|
||||
// > An empty trust settings array means "always trust this certificate” with an
|
||||
// > overall trust setting for the certificate of kSecTrustSettingsResultTrustRoot.
|
||||
if (CFArrayGetCount(trustSettings) == 0) {
|
||||
CFRelease(trustSettings);
|
||||
return kSecTrustSettingsResultTrustRoot;
|
||||
}
|
||||
|
||||
// kSecTrustSettingsResult is defined as CFSTR("kSecTrustSettingsResult"),
|
||||
// but the Go linker's internal linking mode can't handle CFSTR relocations.
|
||||
// Create our own dynamic string instead and release it below.
|
||||
CFStringRef _kSecTrustSettingsResult = CFStringCreateWithCString(
|
||||
NULL, "kSecTrustSettingsResult", kCFStringEncodingUTF8);
|
||||
CFStringRef _kSecTrustSettingsPolicy = CFStringCreateWithCString(
|
||||
NULL, "kSecTrustSettingsPolicy", kCFStringEncodingUTF8);
|
||||
CFStringRef _kSecTrustSettingsPolicyString = CFStringCreateWithCString(
|
||||
NULL, "kSecTrustSettingsPolicyString", kCFStringEncodingUTF8);
|
||||
|
||||
CFIndex m; SInt32 result = 0;
|
||||
for (m = 0; m < CFArrayGetCount(trustSettings); m++) {
|
||||
CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, m);
|
||||
|
||||
// First, check if this trust setting is constrained to a non-SSL policy.
|
||||
SecPolicyRef policyRef;
|
||||
if (CFDictionaryGetValueIfPresent(tSetting, _kSecTrustSettingsPolicy, (const void**)&policyRef)) {
|
||||
if (!isSSLPolicy(policyRef)) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (CFDictionaryContainsKey(tSetting, _kSecTrustSettingsPolicyString)) {
|
||||
// Restricted to a hostname, not a root.
|
||||
continue;
|
||||
}
|
||||
|
||||
CFNumberRef cfNum;
|
||||
if (CFDictionaryGetValueIfPresent(tSetting, _kSecTrustSettingsResult, (const void**)&cfNum)) {
|
||||
CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result);
|
||||
} else {
|
||||
// > If this key is not present, a default value of
|
||||
// > kSecTrustSettingsResultTrustRoot is assumed.
|
||||
result = kSecTrustSettingsResultTrustRoot;
|
||||
}
|
||||
|
||||
// If multiple dictionaries match, we are supposed to "OR" them,
|
||||
// the semantics of which are not clear. Since TrustRoot and TrustAsRoot
|
||||
// are mutually exclusive, Deny should probably override, and Invalid and
|
||||
// Unspecified be overridden, approximate this by stopping at the first
|
||||
// TrustRoot, TrustAsRoot or Deny.
|
||||
if (result == kSecTrustSettingsResultTrustRoot) {
|
||||
break;
|
||||
} else if (result == kSecTrustSettingsResultTrustAsRoot) {
|
||||
break;
|
||||
} else if (result == kSecTrustSettingsResultDeny) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// If trust settings are present, but none of them match the policy...
|
||||
// the docs don't tell us what to do.
|
||||
//
|
||||
// "Trust settings for a given use apply if any of the dictionaries in the
|
||||
// certificate’s trust settings array satisfies the specified use." suggests
|
||||
// that it's as if there were no trust settings at all, so we should probably
|
||||
// fallback to the admin trust settings. TODO.
|
||||
if (result == 0) {
|
||||
result = kSecTrustSettingsResultUnspecified;
|
||||
}
|
||||
|
||||
CFRelease(_kSecTrustSettingsPolicy);
|
||||
CFRelease(_kSecTrustSettingsPolicyString);
|
||||
CFRelease(_kSecTrustSettingsResult);
|
||||
CFRelease(trustSettings);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
// FetchPEMRootsCTX509 fetches the system's list of trusted X.509 root certificates.
|
||||
// isRootCertificate reports whether Subject and Issuer match.
|
||||
static Boolean isRootCertificate(SecCertificateRef cert, CFErrorRef *errRef) {
|
||||
CFDataRef subjectName = SecCertificateCopyNormalizedSubjectContent(cert, errRef);
|
||||
if (*errRef != NULL) {
|
||||
return false;
|
||||
}
|
||||
CFDataRef issuerName = SecCertificateCopyNormalizedIssuerContent(cert, errRef);
|
||||
if (*errRef != NULL) {
|
||||
CFRelease(subjectName);
|
||||
return false;
|
||||
}
|
||||
Boolean equal = CFEqual(subjectName, issuerName);
|
||||
CFRelease(subjectName);
|
||||
CFRelease(issuerName);
|
||||
return equal;
|
||||
}
|
||||
|
||||
// CopyPEMRootsCTX509 fetches the system's list of trusted X.509 root certificates
|
||||
// for the kSecTrustSettingsPolicy SSL.
|
||||
//
|
||||
// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
|
||||
// certificates of the system. On failure, the function returns -1.
|
||||
|
@ -77,31 +160,32 @@ int useOldCodeCTX509() {
|
|||
//
|
||||
// Note: The CFDataRef returned in pemRoots and untrustedPemRoots must
|
||||
// be released (using CFRelease) after we've consumed its content.
|
||||
int FetchPEMRootsCTX509(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
|
||||
if (useOldCodeCTX509()) {
|
||||
return FetchPEMRootsCTX509_MountainLion(pemRoots);
|
||||
static int CopyPEMRootsCTX509(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots, bool debugDarwinRoots) {
|
||||
int i;
|
||||
|
||||
if (debugDarwinRoots) {
|
||||
fprintf(stderr, "crypto/x509: kSecTrustSettingsResultInvalid = %d\n", kSecTrustSettingsResultInvalid);
|
||||
fprintf(stderr, "crypto/x509: kSecTrustSettingsResultTrustRoot = %d\n", kSecTrustSettingsResultTrustRoot);
|
||||
fprintf(stderr, "crypto/x509: kSecTrustSettingsResultTrustAsRoot = %d\n", kSecTrustSettingsResultTrustAsRoot);
|
||||
fprintf(stderr, "crypto/x509: kSecTrustSettingsResultDeny = %d\n", kSecTrustSettingsResultDeny);
|
||||
fprintf(stderr, "crypto/x509: kSecTrustSettingsResultUnspecified = %d\n", kSecTrustSettingsResultUnspecified);
|
||||
}
|
||||
|
||||
// Get certificates from all domains, not just System, this lets
|
||||
// the user add CAs to their "login" keychain, and Admins to add
|
||||
// to the "System" keychain
|
||||
SecTrustSettingsDomain domains[] = { kSecTrustSettingsDomainSystem,
|
||||
kSecTrustSettingsDomainAdmin,
|
||||
kSecTrustSettingsDomainUser };
|
||||
kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainUser };
|
||||
|
||||
int numDomains = sizeof(domains)/sizeof(SecTrustSettingsDomain);
|
||||
if (pemRoots == NULL) {
|
||||
if (pemRoots == NULL || untrustedPemRoots == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
// kSecTrustSettingsResult is defined as CFSTR("kSecTrustSettingsResult"),
|
||||
// but the Go linker's internal linking mode can't handle CFSTR relocations.
|
||||
// Create our own dynamic string instead and release it below.
|
||||
CFStringRef policy = CFStringCreateWithCString(NULL, "kSecTrustSettingsResult", kCFStringEncodingUTF8);
|
||||
|
||||
CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
for (int i = 0; i < numDomains; i++) {
|
||||
for (i = 0; i < numDomains; i++) {
|
||||
int j;
|
||||
CFArrayRef certs = NULL;
|
||||
OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs);
|
||||
if (err != noErr) {
|
||||
|
@ -109,104 +193,86 @@ int FetchPEMRootsCTX509(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
|
|||
}
|
||||
|
||||
CFIndex numCerts = CFArrayGetCount(certs);
|
||||
for (int j = 0; j < numCerts; j++) {
|
||||
CFDataRef data = NULL;
|
||||
CFErrorRef errRef = NULL;
|
||||
CFArrayRef trustSettings = NULL;
|
||||
for (j = 0; j < numCerts; j++) {
|
||||
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, j);
|
||||
if (cert == NULL) {
|
||||
continue;
|
||||
}
|
||||
// We only want trusted certs.
|
||||
int untrusted = 0;
|
||||
int trustAsRoot = 0;
|
||||
int trustRoot = 0;
|
||||
if (i == 0) {
|
||||
trustAsRoot = 1;
|
||||
} else {
|
||||
|
||||
SInt32 result;
|
||||
if (domains[i] == kSecTrustSettingsDomainSystem) {
|
||||
// Certs found in the system domain are always trusted. If the user
|
||||
// configures "Never Trust" on such a cert, it will also be found in the
|
||||
// admin or user domain, causing it to be added to untrustedPemRoots. The
|
||||
// Go code will then clean this up.
|
||||
|
||||
// Trust may be stored in any of the domains. According to Apple's
|
||||
// SecTrustServer.c, "user trust settings overrule admin trust settings",
|
||||
// so take the last trust settings array we find.
|
||||
// Skip the system domain since it is always trusted.
|
||||
for (int k = i; k < numDomains; k++) {
|
||||
CFArrayRef domainTrustSettings = NULL;
|
||||
err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings);
|
||||
if (err == errSecSuccess && domainTrustSettings != NULL) {
|
||||
if (trustSettings) {
|
||||
CFRelease(trustSettings);
|
||||
}
|
||||
trustSettings = domainTrustSettings;
|
||||
result = kSecTrustSettingsResultTrustRoot;
|
||||
} else {
|
||||
result = sslTrustSettingsResult(cert);
|
||||
if (debugDarwinRoots) {
|
||||
CFErrorRef errRef = NULL;
|
||||
CFStringRef summary = SecCertificateCopyShortDescription(NULL, cert, &errRef);
|
||||
if (errRef != NULL) {
|
||||
fprintf(stderr, "crypto/x509: SecCertificateCopyShortDescription failed\n");
|
||||
CFRelease(errRef);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (trustSettings == NULL) {
|
||||
// "this certificate must be verified to a known trusted certificate"; aka not a root.
|
||||
continue;
|
||||
}
|
||||
for (CFIndex k = 0; k < CFArrayGetCount(trustSettings); k++) {
|
||||
CFNumberRef cfNum;
|
||||
CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, k);
|
||||
if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){
|
||||
SInt32 result = 0;
|
||||
CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result);
|
||||
// TODO: The rest of the dictionary specifies conditions for evaluation.
|
||||
if (result == kSecTrustSettingsResultDeny) {
|
||||
untrusted = 1;
|
||||
} else if (result == kSecTrustSettingsResultTrustAsRoot) {
|
||||
trustAsRoot = 1;
|
||||
} else if (result == kSecTrustSettingsResultTrustRoot) {
|
||||
trustRoot = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
CFRelease(trustSettings);
|
||||
}
|
||||
|
||||
if (trustRoot) {
|
||||
// We only want to add Root CAs, so make sure Subject and Issuer Name match
|
||||
CFDataRef subjectName = SecCertificateCopyNormalizedSubjectContent(cert, &errRef);
|
||||
if (errRef != NULL) {
|
||||
CFRelease(errRef);
|
||||
continue;
|
||||
}
|
||||
CFDataRef issuerName = SecCertificateCopyNormalizedIssuerContent(cert, &errRef);
|
||||
if (errRef != NULL) {
|
||||
CFRelease(subjectName);
|
||||
CFRelease(errRef);
|
||||
continue;
|
||||
}
|
||||
Boolean equal = CFEqual(subjectName, issuerName);
|
||||
CFRelease(subjectName);
|
||||
CFRelease(issuerName);
|
||||
if (!equal) {
|
||||
continue;
|
||||
CFIndex length = CFStringGetLength(summary);
|
||||
CFIndex maxSize = CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1;
|
||||
char *buffer = malloc(maxSize);
|
||||
if (CFStringGetCString(summary, buffer, maxSize, kCFStringEncodingUTF8)) {
|
||||
fprintf(stderr, "crypto/x509: %s returned %d\n", buffer, (int)result);
|
||||
}
|
||||
free(buffer);
|
||||
CFRelease(summary);
|
||||
}
|
||||
}
|
||||
|
||||
// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
|
||||
// Once we support weak imports via cgo we should prefer that, and fall back to this
|
||||
// for older systems.
|
||||
err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
|
||||
if (err != noErr) {
|
||||
CFMutableDataRef appendTo;
|
||||
// > Note the distinction between the results kSecTrustSettingsResultTrustRoot
|
||||
// > and kSecTrustSettingsResultTrustAsRoot: The former can only be applied to
|
||||
// > root (self-signed) certificates; the latter can only be applied to
|
||||
// > non-root certificates.
|
||||
if (result == kSecTrustSettingsResultTrustRoot) {
|
||||
CFErrorRef errRef = NULL;
|
||||
if (!isRootCertificate(cert, &errRef) || errRef != NULL) {
|
||||
if (errRef != NULL) CFRelease(errRef);
|
||||
continue;
|
||||
}
|
||||
|
||||
appendTo = combinedData;
|
||||
} else if (result == kSecTrustSettingsResultTrustAsRoot) {
|
||||
CFErrorRef errRef = NULL;
|
||||
if (isRootCertificate(cert, &errRef) || errRef != NULL) {
|
||||
if (errRef != NULL) CFRelease(errRef);
|
||||
continue;
|
||||
}
|
||||
|
||||
appendTo = combinedData;
|
||||
} else if (result == kSecTrustSettingsResultDeny) {
|
||||
appendTo = combinedUntrustedData;
|
||||
} else if (result == kSecTrustSettingsResultUnspecified) {
|
||||
// Certificates with unspecified trust should probably be added to a pool of
|
||||
// intermediates for chain building, or checked for transitive trust and
|
||||
// added to the root pool (which is an imprecise approximation because it
|
||||
// cuts chains short) but we don't support either at the moment. TODO.
|
||||
continue;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
|
||||
CFDataRef data = NULL;
|
||||
err = SecItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
|
||||
if (err != noErr) {
|
||||
continue;
|
||||
}
|
||||
if (data != NULL) {
|
||||
if (!trustRoot && !trustAsRoot) {
|
||||
untrusted = 1;
|
||||
}
|
||||
CFMutableDataRef appendTo = untrusted ? combinedUntrustedData : combinedData;
|
||||
CFDataAppendBytes(appendTo, CFDataGetBytePtr(data), CFDataGetLength(data));
|
||||
CFRelease(data);
|
||||
}
|
||||
}
|
||||
CFRelease(certs);
|
||||
}
|
||||
CFRelease(policy);
|
||||
*pemRoots = combinedData;
|
||||
*untrustedPemRoots = combinedUntrustedData;
|
||||
return 0;
|
||||
|
@ -219,25 +285,22 @@ import (
|
|||
)
|
||||
|
||||
func loadSystemRoots() (*CertPool, error) {
|
||||
roots := NewCertPool()
|
||||
|
||||
var data C.CFDataRef
|
||||
setNilCFRef(&data)
|
||||
var untrustedData C.CFDataRef
|
||||
setNilCFRef(&untrustedData)
|
||||
err := C.FetchPEMRootsCTX509(&data, &untrustedData)
|
||||
var data, untrustedData C.CFDataRef
|
||||
err := C.CopyPEMRootsCTX509(&data, &untrustedData, C.bool(debugDarwinRoots))
|
||||
if err == -1 {
|
||||
// TODO: better error message
|
||||
return nil, errors.New("crypto/x509: failed to load darwin system roots with cgo")
|
||||
}
|
||||
|
||||
defer C.CFRelease(C.CFTypeRef(data))
|
||||
defer C.CFRelease(C.CFTypeRef(untrustedData))
|
||||
|
||||
buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
|
||||
roots := NewCertPool()
|
||||
roots.AppendCertsFromPEM(buf)
|
||||
if isNilCFRef(untrustedData) {
|
||||
|
||||
if C.CFDataGetLength(untrustedData) == 0 {
|
||||
return roots, nil
|
||||
}
|
||||
defer C.CFRelease(C.CFTypeRef(untrustedData))
|
||||
|
||||
buf = C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(untrustedData)), C.int(C.CFDataGetLength(untrustedData)))
|
||||
untrustedRoots := NewCertPool()
|
||||
untrustedRoots.AppendCertsFromPEM(buf)
|
||||
|
|
154
vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go
generated
vendored
154
vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go
generated
vendored
|
@ -13,7 +13,6 @@ import (
|
|||
"encoding/pem"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/user"
|
||||
|
@ -22,7 +21,7 @@ import (
|
|||
"sync"
|
||||
)
|
||||
|
||||
var debugExecDarwinRoots = strings.Contains(os.Getenv("GODEBUG"), "x509roots=1")
|
||||
var debugDarwinRoots = strings.Contains(os.Getenv("GODEBUG"), "x509roots=1")
|
||||
|
||||
func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
||||
return nil, nil
|
||||
|
@ -38,42 +37,41 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
|||
//
|
||||
// The strategy is as follows:
|
||||
//
|
||||
// 1. Run "security trust-settings-export" and "security
|
||||
// trust-settings-export -d" to discover the set of certs with some
|
||||
// user-tweaked trust policy. We're too lazy to parse the XML (at
|
||||
// least at this stage of Go 1.8) to understand what the trust
|
||||
// policy actually is. We just learn that there is _some_ policy.
|
||||
// 1. Run "security trust-settings-export" and "security
|
||||
// trust-settings-export -d" to discover the set of certs with some
|
||||
// user-tweaked trust policy. We're too lazy to parse the XML
|
||||
// (Issue 26830) to understand what the trust
|
||||
// policy actually is. We just learn that there is _some_ policy.
|
||||
//
|
||||
// 2. Run "security find-certificate" to dump the list of system root
|
||||
// CAs in PEM format.
|
||||
// 2. Run "security find-certificate" to dump the list of system root
|
||||
// CAs in PEM format.
|
||||
//
|
||||
// 3. For each dumped cert, conditionally verify it with "security
|
||||
// verify-cert" if that cert was in the set discovered in Step 1.
|
||||
// Without the Step 1 optimization, running "security verify-cert"
|
||||
// 150-200 times takes 3.5 seconds. With the optimization, the
|
||||
// whole process takes about 180 milliseconds with 1 untrusted root
|
||||
// CA. (Compared to 110ms in the cgo path)
|
||||
// 3. For each dumped cert, conditionally verify it with "security
|
||||
// verify-cert" if that cert was in the set discovered in Step 1.
|
||||
// Without the Step 1 optimization, running "security verify-cert"
|
||||
// 150-200 times takes 3.5 seconds. With the optimization, the
|
||||
// whole process takes about 180 milliseconds with 1 untrusted root
|
||||
// CA. (Compared to 110ms in the cgo path)
|
||||
func execSecurityRoots() (*CertPool, error) {
|
||||
hasPolicy, err := getCertsWithTrustPolicy()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if debugExecDarwinRoots {
|
||||
println(fmt.Sprintf("crypto/x509: %d certs have a trust policy", len(hasPolicy)))
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: %d certs have a trust policy\n", len(hasPolicy))
|
||||
}
|
||||
|
||||
args := []string{"find-certificate", "-a", "-p",
|
||||
"/System/Library/Keychains/SystemRootCertificates.keychain",
|
||||
"/Library/Keychains/System.keychain",
|
||||
}
|
||||
keychains := []string{"/Library/Keychains/System.keychain"}
|
||||
|
||||
// Note that this results in trusting roots from $HOME/... (the environment
|
||||
// variable), which might not be expected.
|
||||
u, err := user.Current()
|
||||
if err != nil {
|
||||
if debugExecDarwinRoots {
|
||||
println(fmt.Sprintf("crypto/x509: get current user: %v", err))
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: can't get user home directory: %v\n", err)
|
||||
}
|
||||
} else {
|
||||
args = append(args,
|
||||
keychains = append(keychains,
|
||||
filepath.Join(u.HomeDir, "/Library/Keychains/login.keychain"),
|
||||
|
||||
// Fresh installs of Sierra use a slightly different path for the login keychain
|
||||
|
@ -81,21 +79,19 @@ func execSecurityRoots() (*CertPool, error) {
|
|||
)
|
||||
}
|
||||
|
||||
cmd := exec.Command("/usr/bin/security", args...)
|
||||
data, err := cmd.Output()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
type rootCandidate struct {
|
||||
c *Certificate
|
||||
system bool
|
||||
}
|
||||
|
||||
var (
|
||||
mu sync.Mutex
|
||||
roots = NewCertPool()
|
||||
numVerified int // number of execs of 'security verify-cert', for debug stats
|
||||
wg sync.WaitGroup
|
||||
verifyCh = make(chan rootCandidate)
|
||||
)
|
||||
|
||||
blockCh := make(chan *pem.Block)
|
||||
var wg sync.WaitGroup
|
||||
|
||||
// Using 4 goroutines to pipe into verify-cert seems to be
|
||||
// about the best we can do. The verify-cert binary seems to
|
||||
// just RPC to another server with coarse locking anyway, so
|
||||
|
@ -109,31 +105,62 @@ func execSecurityRoots() (*CertPool, error) {
|
|||
wg.Add(1)
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
for block := range blockCh {
|
||||
cert, err := ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
sha1CapHex := fmt.Sprintf("%X", sha1.Sum(block.Bytes))
|
||||
for cert := range verifyCh {
|
||||
sha1CapHex := fmt.Sprintf("%X", sha1.Sum(cert.c.Raw))
|
||||
|
||||
valid := true
|
||||
var valid bool
|
||||
verifyChecks := 0
|
||||
if hasPolicy[sha1CapHex] {
|
||||
verifyChecks++
|
||||
if !verifyCertWithSystem(block, cert) {
|
||||
valid = false
|
||||
}
|
||||
valid = verifyCertWithSystem(cert.c)
|
||||
} else {
|
||||
// Certificates not in SystemRootCertificates without user
|
||||
// or admin trust settings are not trusted.
|
||||
valid = cert.system
|
||||
}
|
||||
|
||||
mu.Lock()
|
||||
numVerified += verifyChecks
|
||||
if valid {
|
||||
roots.AddCert(cert)
|
||||
roots.AddCert(cert.c)
|
||||
}
|
||||
mu.Unlock()
|
||||
}
|
||||
}()
|
||||
}
|
||||
err = forEachCertInKeychains(keychains, func(cert *Certificate) {
|
||||
verifyCh <- rootCandidate{c: cert, system: false}
|
||||
})
|
||||
if err != nil {
|
||||
close(verifyCh)
|
||||
return nil, err
|
||||
}
|
||||
err = forEachCertInKeychains([]string{
|
||||
"/System/Library/Keychains/SystemRootCertificates.keychain",
|
||||
}, func(cert *Certificate) {
|
||||
verifyCh <- rootCandidate{c: cert, system: true}
|
||||
})
|
||||
if err != nil {
|
||||
close(verifyCh)
|
||||
return nil, err
|
||||
}
|
||||
close(verifyCh)
|
||||
wg.Wait()
|
||||
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: ran security verify-cert %d times\n", numVerified)
|
||||
}
|
||||
|
||||
return roots, nil
|
||||
}
|
||||
|
||||
func forEachCertInKeychains(paths []string, f func(*Certificate)) error {
|
||||
args := append([]string{"find-certificate", "-a", "-p"}, paths...)
|
||||
cmd := exec.Command("/usr/bin/security", args...)
|
||||
data, err := cmd.Output()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for len(data) > 0 {
|
||||
var block *pem.Block
|
||||
block, data = pem.Decode(data)
|
||||
|
@ -143,24 +170,21 @@ func execSecurityRoots() (*CertPool, error) {
|
|||
if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
|
||||
continue
|
||||
}
|
||||
blockCh <- block
|
||||
cert, err := ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
f(cert)
|
||||
}
|
||||
close(blockCh)
|
||||
wg.Wait()
|
||||
|
||||
if debugExecDarwinRoots {
|
||||
mu.Lock()
|
||||
defer mu.Unlock()
|
||||
println(fmt.Sprintf("crypto/x509: ran security verify-cert %d times", numVerified))
|
||||
}
|
||||
|
||||
return roots, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func verifyCertWithSystem(block *pem.Block, cert *Certificate) bool {
|
||||
data := pem.EncodeToMemory(block)
|
||||
func verifyCertWithSystem(cert *Certificate) bool {
|
||||
data := pem.EncodeToMemory(&pem.Block{
|
||||
Type: "CERTIFICATE", Bytes: cert.Raw,
|
||||
})
|
||||
|
||||
f, err := ioutil.TempFile("", "cert")
|
||||
f, err := os.CreateTemp("", "cert")
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "can't create temporary file for cert: %v", err)
|
||||
return false
|
||||
|
@ -174,19 +198,19 @@ func verifyCertWithSystem(block *pem.Block, cert *Certificate) bool {
|
|||
fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
|
||||
return false
|
||||
}
|
||||
cmd := exec.Command("/usr/bin/security", "verify-cert", "-c", f.Name(), "-l", "-L")
|
||||
cmd := exec.Command("/usr/bin/security", "verify-cert", "-p", "ssl", "-c", f.Name(), "-l", "-L")
|
||||
var stderr bytes.Buffer
|
||||
if debugExecDarwinRoots {
|
||||
if debugDarwinRoots {
|
||||
cmd.Stderr = &stderr
|
||||
}
|
||||
if err := cmd.Run(); err != nil {
|
||||
if debugExecDarwinRoots {
|
||||
println(fmt.Sprintf("crypto/x509: verify-cert rejected %s: %q", cert.Subject.CommonName, bytes.TrimSpace(stderr.Bytes())))
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert rejected %s: %q\n", cert.Subject, bytes.TrimSpace(stderr.Bytes()))
|
||||
}
|
||||
return false
|
||||
}
|
||||
if debugExecDarwinRoots {
|
||||
println(fmt.Sprintf("crypto/x509: verify-cert approved %s", cert.Subject.CommonName))
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: verify-cert approved %s\n", cert.Subject)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
@ -199,7 +223,7 @@ func verifyCertWithSystem(block *pem.Block, cert *Certificate) bool {
|
|||
// settings. This code is only used for cgo-disabled builds.
|
||||
func getCertsWithTrustPolicy() (map[string]bool, error) {
|
||||
set := map[string]bool{}
|
||||
td, err := ioutil.TempDir("", "x509trustpolicy")
|
||||
td, err := os.MkdirTemp("", "x509trustpolicy")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -218,8 +242,8 @@ func getCertsWithTrustPolicy() (map[string]bool, error) {
|
|||
// Rather than match on English substrings that are probably
|
||||
// localized on macOS, just interpret any failure to mean that
|
||||
// there are no trust settings.
|
||||
if debugExecDarwinRoots {
|
||||
println(fmt.Sprintf("crypto/x509: exec %q: %v, %s", cmd.Args, err, stderr.Bytes()))
|
||||
if debugDarwinRoots {
|
||||
fmt.Fprintf(os.Stderr, "crypto/x509: exec %q: %v, %s\n", cmd.Args, err, stderr.Bytes())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
1
vendor/github.com/google/certificate-transparency-go/x509/root_darwin_armx.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/root_darwin_armx.go
generated
vendored
|
@ -4,6 +4,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build cgo && darwin && (arm || arm64 || ios)
|
||||
// +build cgo
|
||||
// +build darwin
|
||||
// +build arm arm64 ios
|
||||
|
|
19
vendor/github.com/google/certificate-transparency-go/x509/root_js.go
generated
vendored
Normal file
19
vendor/github.com/google/certificate-transparency-go/x509/root_js.go
generated
vendored
Normal file
|
@ -0,0 +1,19 @@
|
|||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build js && wasm
|
||||
// +build js,wasm
|
||||
|
||||
package x509
|
||||
|
||||
// Possible certificate files; stop after finding one.
|
||||
var certFiles = []string{}
|
||||
|
||||
func loadSystemRoots() (*CertPool, error) {
|
||||
return NewCertPool(), nil
|
||||
}
|
||||
|
||||
func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
||||
return nil, nil
|
||||
}
|
1
vendor/github.com/google/certificate-transparency-go/x509/root_linux.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/root_linux.go
generated
vendored
|
@ -11,4 +11,5 @@ var certFiles = []string{
|
|||
"/etc/ssl/ca-bundle.pem", // OpenSUSE
|
||||
"/etc/pki/tls/cacert.pem", // OpenELEC
|
||||
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
|
||||
"/etc/ssl/cert.pem", // Alpine Linux
|
||||
}
|
||||
|
|
8
vendor/github.com/google/certificate-transparency-go/x509/root_nacl.go
generated
vendored
8
vendor/github.com/google/certificate-transparency-go/x509/root_nacl.go
generated
vendored
|
@ -1,8 +0,0 @@
|
|||
// Copyright 2015 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package x509
|
||||
|
||||
// Possible certificate files; stop after finding one.
|
||||
var certFiles = []string{}
|
1
vendor/github.com/google/certificate-transparency-go/x509/root_nocgo_darwin.go
generated
vendored
1
vendor/github.com/google/certificate-transparency-go/x509/root_nocgo_darwin.go
generated
vendored
|
@ -2,6 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !cgo
|
||||
// +build !cgo
|
||||
|
||||
package x509
|
||||
|
|
7
vendor/github.com/google/certificate-transparency-go/x509/root_plan9.go
generated
vendored
7
vendor/github.com/google/certificate-transparency-go/x509/root_plan9.go
generated
vendored
|
@ -2,12 +2,12 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build plan9
|
||||
// +build plan9
|
||||
|
||||
package x509
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
)
|
||||
|
||||
|
@ -24,7 +24,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
roots := NewCertPool()
|
||||
var bestErr error
|
||||
for _, file := range certFiles {
|
||||
data, err := ioutil.ReadFile(file)
|
||||
data, err := os.ReadFile(file)
|
||||
if err == nil {
|
||||
roots.AppendCertsFromPEM(data)
|
||||
return roots, nil
|
||||
|
@ -33,5 +33,8 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
bestErr = err
|
||||
}
|
||||
}
|
||||
if bestErr == nil {
|
||||
return roots, nil
|
||||
}
|
||||
return nil, bestErr
|
||||
}
|
||||
|
|
12
vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
generated
vendored
12
vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
generated
vendored
|
@ -2,12 +2,12 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build dragonfly freebsd linux nacl netbsd openbsd solaris
|
||||
//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
||||
// +build dragonfly freebsd linux netbsd openbsd solaris
|
||||
|
||||
package x509
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
)
|
||||
|
||||
|
@ -45,7 +45,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
|
||||
var firstErr error
|
||||
for _, file := range files {
|
||||
data, err := ioutil.ReadFile(file)
|
||||
data, err := os.ReadFile(file)
|
||||
if err == nil {
|
||||
roots.AppendCertsFromPEM(data)
|
||||
break
|
||||
|
@ -61,7 +61,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
}
|
||||
|
||||
for _, directory := range dirs {
|
||||
fis, err := ioutil.ReadDir(directory)
|
||||
fis, err := os.ReadDir(directory)
|
||||
if err != nil {
|
||||
if firstErr == nil && !os.IsNotExist(err) {
|
||||
firstErr = err
|
||||
|
@ -70,7 +70,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
}
|
||||
rootsAdded := false
|
||||
for _, fi := range fis {
|
||||
data, err := ioutil.ReadFile(directory + "/" + fi.Name())
|
||||
data, err := os.ReadFile(directory + "/" + fi.Name())
|
||||
if err == nil && roots.AppendCertsFromPEM(data) {
|
||||
rootsAdded = true
|
||||
}
|
||||
|
@ -80,7 +80,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
}
|
||||
}
|
||||
|
||||
if len(roots.certs) > 0 {
|
||||
if len(roots.certs) > 0 || firstErr == nil {
|
||||
return roots, nil
|
||||
}
|
||||
|
||||
|
|
36
vendor/github.com/google/certificate-transparency-go/x509/root_windows.go
generated
vendored
36
vendor/github.com/google/certificate-transparency-go/x509/root_windows.go
generated
vendored
|
@ -61,15 +61,15 @@ func extractSimpleChain(simpleChain **syscall.CertSimpleChain, count int) (chain
|
|||
return nil, errors.New("x509: invalid simple chain")
|
||||
}
|
||||
|
||||
simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:]
|
||||
simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:count:count]
|
||||
lastChain := simpleChains[count-1]
|
||||
elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:]
|
||||
elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:lastChain.NumElements:lastChain.NumElements]
|
||||
for i := 0; i < int(lastChain.NumElements); i++ {
|
||||
// Copy the buf, since ParseCertificate does not create its own copy.
|
||||
cert := elements[i].CertContext
|
||||
encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
|
||||
encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length]
|
||||
buf := make([]byte, cert.Length)
|
||||
copy(buf, encodedCert[:])
|
||||
copy(buf, encodedCert)
|
||||
parsedCert, err := ParseCertificate(buf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -219,17 +219,37 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(chain) < 1 {
|
||||
return nil, errors.New("x509: internal error: system verifier returned an empty chain")
|
||||
}
|
||||
|
||||
chains = append(chains, chain)
|
||||
// Mitigate CVE-2020-0601, where the Windows system verifier might be
|
||||
// tricked into using custom curve parameters for a trusted root, by
|
||||
// double-checking all ECDSA signatures. If the system was tricked into
|
||||
// using spoofed parameters, the signature will be invalid for the correct
|
||||
// ones we parsed. (We don't support custom curves ourselves.)
|
||||
for i, parent := range chain[1:] {
|
||||
if parent.PublicKeyAlgorithm != ECDSA {
|
||||
continue
|
||||
}
|
||||
if err := parent.CheckSignature(chain[i].SignatureAlgorithm,
|
||||
chain[i].RawTBSCertificate, chain[i].Signature); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return chains, nil
|
||||
return [][]*Certificate{chain}, nil
|
||||
}
|
||||
|
||||
func loadSystemRoots() (*CertPool, error) {
|
||||
// TODO: restore this functionality on Windows. We tried to do
|
||||
// it in Go 1.8 but had to revert it. See Issue 18609.
|
||||
// Returning (nil, nil) was the old behavior, prior to CL 30578.
|
||||
return nil, nil
|
||||
// The if statement here avoids vet complaining about
|
||||
// unreachable code below.
|
||||
if true {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
const CRYPT_E_NOT_FOUND = 0x80092004
|
||||
|
||||
|
@ -255,7 +275,7 @@ func loadSystemRoots() (*CertPool, error) {
|
|||
break
|
||||
}
|
||||
// Copy the buf, since ParseCertificate does not create its own copy.
|
||||
buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
|
||||
buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length]
|
||||
buf2 := make([]byte, cert.Length)
|
||||
copy(buf2, buf)
|
||||
if c, err := ParseCertificate(buf2); err == nil {
|
||||
|
|
242
vendor/github.com/google/certificate-transparency-go/x509/rpki.go
generated
vendored
Normal file
242
vendor/github.com/google/certificate-transparency-go/x509/rpki.go
generated
vendored
Normal file
|
@ -0,0 +1,242 @@
|
|||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package x509
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/certificate-transparency-go/asn1"
|
||||
)
|
||||
|
||||
// IPAddressPrefix describes an IP address prefix as an ASN.1 bit string,
|
||||
// where the BitLength field holds the prefix length.
|
||||
type IPAddressPrefix asn1.BitString
|
||||
|
||||
// IPAddressRange describes an (inclusive) IP address range.
|
||||
type IPAddressRange struct {
|
||||
Min IPAddressPrefix
|
||||
Max IPAddressPrefix
|
||||
}
|
||||
|
||||
// Most relevant values for AFI from:
|
||||
// http://www.iana.org/assignments/address-family-numbers.
|
||||
const (
|
||||
IPv4AddressFamilyIndicator = uint16(1)
|
||||
IPv6AddressFamilyIndicator = uint16(2)
|
||||
)
|
||||
|
||||
// IPAddressFamilyBlocks describes a set of ranges of IP addresses.
|
||||
type IPAddressFamilyBlocks struct {
|
||||
// AFI holds an address family indicator from
|
||||
// http://www.iana.org/assignments/address-family-numbers.
|
||||
AFI uint16
|
||||
// SAFI holds a subsequent address family indicator from
|
||||
// http://www.iana.org/assignments/safi-namespace.
|
||||
SAFI byte
|
||||
// InheritFromIssuer indicates that the set of addresses should
|
||||
// be taken from the issuer's certificate.
|
||||
InheritFromIssuer bool
|
||||
// AddressPrefixes holds prefixes if InheritFromIssuer is false.
|
||||
AddressPrefixes []IPAddressPrefix
|
||||
// AddressRanges holds ranges if InheritFromIssuer is false.
|
||||
AddressRanges []IPAddressRange
|
||||
}
|
||||
|
||||
// Internal types for asn1 unmarshalling.
|
||||
type ipAddressFamily struct {
|
||||
AddressFamily []byte // 2-byte AFI plus optional 1 byte SAFI
|
||||
Choice asn1.RawValue
|
||||
}
|
||||
|
||||
// Internally, use raw asn1.BitString rather than the IPAddressPrefix
|
||||
// type alias (so that asn1.Unmarshal() decodes properly).
|
||||
type ipAddressRange struct {
|
||||
Min asn1.BitString
|
||||
Max asn1.BitString
|
||||
}
|
||||
|
||||
func parseRPKIAddrBlocks(data []byte, nfe *NonFatalErrors) []*IPAddressFamilyBlocks {
|
||||
// RFC 3779 2.2.3
|
||||
// IPAddrBlocks ::= SEQUENCE OF IPAddressFamily
|
||||
//
|
||||
// IPAddressFamily ::= SEQUENCE { -- AFI & optional SAFI --
|
||||
// addressFamily OCTET STRING (SIZE (2..3)),
|
||||
// ipAddressChoice IPAddressChoice }
|
||||
//
|
||||
// IPAddressChoice ::= CHOICE {
|
||||
// inherit NULL, -- inherit from issuer --
|
||||
// addressesOrRanges SEQUENCE OF IPAddressOrRange }
|
||||
//
|
||||
// IPAddressOrRange ::= CHOICE {
|
||||
// addressPrefix IPAddress,
|
||||
// addressRange IPAddressRange }
|
||||
//
|
||||
// IPAddressRange ::= SEQUENCE {
|
||||
// min IPAddress,
|
||||
// max IPAddress }
|
||||
//
|
||||
// IPAddress ::= BIT STRING
|
||||
|
||||
var addrBlocks []ipAddressFamily
|
||||
if rest, err := asn1.Unmarshal(data, &addrBlocks); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ipAddrBlocks extension: %v", err))
|
||||
return nil
|
||||
} else if len(rest) != 0 {
|
||||
nfe.AddError(errors.New("trailing data after ipAddrBlocks extension"))
|
||||
return nil
|
||||
}
|
||||
|
||||
var results []*IPAddressFamilyBlocks
|
||||
for i, block := range addrBlocks {
|
||||
var fam IPAddressFamilyBlocks
|
||||
if l := len(block.AddressFamily); l < 2 || l > 3 {
|
||||
nfe.AddError(fmt.Errorf("invalid address family length (%d) for ipAddrBlock.addressFamily", l))
|
||||
continue
|
||||
}
|
||||
fam.AFI = binary.BigEndian.Uint16(block.AddressFamily[0:2])
|
||||
if len(block.AddressFamily) > 2 {
|
||||
fam.SAFI = block.AddressFamily[2]
|
||||
}
|
||||
// IPAddressChoice is an ASN.1 CHOICE where the chosen alternative is indicated by (implicit)
|
||||
// tagging of the alternatives -- here, either NULL or SEQUENCE OF.
|
||||
if bytes.Equal(block.Choice.FullBytes, asn1.NullBytes) {
|
||||
fam.InheritFromIssuer = true
|
||||
results = append(results, &fam)
|
||||
continue
|
||||
}
|
||||
|
||||
var addrRanges []asn1.RawValue
|
||||
if _, err := asn1.Unmarshal(block.Choice.FullBytes, &addrRanges); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ipAddrBlocks[%d].ipAddressChoice.addressesOrRanges: %v", i, err))
|
||||
continue
|
||||
}
|
||||
for j, ar := range addrRanges {
|
||||
// Each IPAddressOrRange is a CHOICE where the alternatives have distinct (implicit)
|
||||
// tags -- here, either BIT STRING or SEQUENCE.
|
||||
switch ar.Tag {
|
||||
case asn1.TagBitString:
|
||||
// BIT STRING for single prefix IPAddress
|
||||
var val asn1.BitString
|
||||
if _, err := asn1.Unmarshal(ar.FullBytes, &val); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ipAddrBlocks[%d].ipAddressChoice.addressesOrRanges[%d].addressPrefix: %v", i, j, err))
|
||||
continue
|
||||
}
|
||||
fam.AddressPrefixes = append(fam.AddressPrefixes, IPAddressPrefix(val))
|
||||
|
||||
case asn1.TagSequence:
|
||||
var val ipAddressRange
|
||||
if _, err := asn1.Unmarshal(ar.FullBytes, &val); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ipAddrBlocks[%d].ipAddressChoice.addressesOrRanges[%d].addressRange: %v", i, j, err))
|
||||
continue
|
||||
}
|
||||
fam.AddressRanges = append(fam.AddressRanges, IPAddressRange{Min: IPAddressPrefix(val.Min), Max: IPAddressPrefix(val.Max)})
|
||||
|
||||
default:
|
||||
nfe.AddError(fmt.Errorf("unexpected ASN.1 type in ipAddrBlocks[%d].ipAddressChoice.addressesOrRanges[%d]: %+v", i, j, ar))
|
||||
}
|
||||
}
|
||||
results = append(results, &fam)
|
||||
}
|
||||
return results
|
||||
}
|
||||
|
||||
// ASIDRange describes an inclusive range of AS Identifiers (AS numbers or routing
|
||||
// domain identifiers).
|
||||
type ASIDRange struct {
|
||||
Min int
|
||||
Max int
|
||||
}
|
||||
|
||||
// ASIdentifiers describes a collection of AS Identifiers (AS numbers or routing
|
||||
// domain identifiers).
|
||||
type ASIdentifiers struct {
|
||||
// InheritFromIssuer indicates that the set of AS identifiers should
|
||||
// be taken from the issuer's certificate.
|
||||
InheritFromIssuer bool
|
||||
// ASIDs holds AS identifiers if InheritFromIssuer is false.
|
||||
ASIDs []int
|
||||
// ASIDs holds AS identifier ranges (inclusive) if InheritFromIssuer is false.
|
||||
ASIDRanges []ASIDRange
|
||||
}
|
||||
|
||||
type asIdentifiers struct {
|
||||
ASNum asn1.RawValue `asn1:"optional,tag:0"`
|
||||
RDI asn1.RawValue `asn1:"optional,tag:1"`
|
||||
}
|
||||
|
||||
func parseASIDChoice(val asn1.RawValue, nfe *NonFatalErrors) *ASIdentifiers {
|
||||
// RFC 3779 2.3.2
|
||||
// ASIdentifierChoice ::= CHOICE {
|
||||
// inherit NULL, -- inherit from issuer --
|
||||
// asIdsOrRanges SEQUENCE OF ASIdOrRange }
|
||||
// ASIdOrRange ::= CHOICE {
|
||||
// id ASId,
|
||||
// range ASRange }
|
||||
// ASRange ::= SEQUENCE {
|
||||
// min ASId,
|
||||
// max ASId }
|
||||
// ASId ::= INTEGER
|
||||
if len(val.FullBytes) == 0 { // OPTIONAL
|
||||
return nil
|
||||
}
|
||||
// ASIdentifierChoice is an ASN.1 CHOICE where the chosen alternative is indicated by (implicit)
|
||||
// tagging of the alternatives -- here, either NULL or SEQUENCE OF.
|
||||
if bytes.Equal(val.Bytes, asn1.NullBytes) {
|
||||
return &ASIdentifiers{InheritFromIssuer: true}
|
||||
}
|
||||
var ids []asn1.RawValue
|
||||
if rest, err := asn1.Unmarshal(val.Bytes, &ids); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges: %v", err))
|
||||
return nil
|
||||
} else if len(rest) != 0 {
|
||||
nfe.AddError(errors.New("trailing data after ASIdentifiers.asIdsOrRanges"))
|
||||
return nil
|
||||
}
|
||||
var asID ASIdentifiers
|
||||
for i, id := range ids {
|
||||
// Each ASIdOrRange is a CHOICE where the alternatives have distinct (implicit)
|
||||
// tags -- here, either INTEGER or SEQUENCE.
|
||||
switch id.Tag {
|
||||
case asn1.TagInteger:
|
||||
var val int
|
||||
if _, err := asn1.Unmarshal(id.FullBytes, &val); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges[%d].id: %v", i, err))
|
||||
continue
|
||||
}
|
||||
asID.ASIDs = append(asID.ASIDs, val)
|
||||
|
||||
case asn1.TagSequence:
|
||||
var val ASIDRange
|
||||
if _, err := asn1.Unmarshal(id.FullBytes, &val); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ASIdentifiers.asIdsOrRanges[%d].range: %v", i, err))
|
||||
continue
|
||||
}
|
||||
asID.ASIDRanges = append(asID.ASIDRanges, val)
|
||||
|
||||
default:
|
||||
nfe.AddError(fmt.Errorf("unexpected value in ASIdentifiers.asIdsOrRanges[%d]: %+v", i, id))
|
||||
}
|
||||
}
|
||||
return &asID
|
||||
}
|
||||
|
||||
func parseRPKIASIdentifiers(data []byte, nfe *NonFatalErrors) (*ASIdentifiers, *ASIdentifiers) {
|
||||
// RFC 3779 2.3.2
|
||||
// ASIdentifiers ::= SEQUENCE {
|
||||
// asnum [0] EXPLICIT ASIdentifierChoice OPTIONAL,
|
||||
// rdi [1] EXPLICIT ASIdentifierChoice OPTIONAL}
|
||||
var asIDs asIdentifiers
|
||||
if rest, err := asn1.Unmarshal(data, &asIDs); err != nil {
|
||||
nfe.AddError(fmt.Errorf("failed to asn1.Unmarshal ASIdentifiers extension: %v", err))
|
||||
return nil, nil
|
||||
} else if len(rest) != 0 {
|
||||
nfe.AddError(errors.New("trailing data after ASIdentifiers extension"))
|
||||
return nil, nil
|
||||
}
|
||||
return parseASIDChoice(asIDs.ASNum, nfe), parseASIDChoice(asIDs.RDI, nfe)
|
||||
}
|
27
vendor/github.com/google/certificate-transparency-go/x509/sec1.go
generated
vendored
27
vendor/github.com/google/certificate-transparency-go/x509/sec1.go
generated
vendored
|
@ -18,8 +18,10 @@ const ecPrivKeyVersion = 1
|
|||
|
||||
// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
|
||||
// References:
|
||||
// RFC 5915
|
||||
// SEC1 - http://www.secg.org/sec1-v2.pdf
|
||||
//
|
||||
// RFC 5915
|
||||
// SEC1 - http://www.secg.org/sec1-v2.pdf
|
||||
//
|
||||
// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
|
||||
// most cases it is not.
|
||||
type ecPrivateKey struct {
|
||||
|
@ -29,12 +31,18 @@ type ecPrivateKey struct {
|
|||
PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
|
||||
}
|
||||
|
||||
// ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
|
||||
// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
|
||||
func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
|
||||
return parseECPrivateKey(nil, der)
|
||||
}
|
||||
|
||||
// MarshalECPrivateKey marshals an EC private key into ASN.1, DER format.
|
||||
// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
|
||||
//
|
||||
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
|
||||
// For a more flexible key format which is not EC specific, use
|
||||
// MarshalPKCS8PrivateKey.
|
||||
func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
|
||||
oid, ok := OIDFromNamedCurve(key.Curve)
|
||||
if !ok {
|
||||
|
@ -66,17 +74,24 @@ func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier
|
|||
func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
|
||||
var privKey ecPrivateKey
|
||||
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
|
||||
if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
|
||||
}
|
||||
if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
|
||||
return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
|
||||
}
|
||||
return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
|
||||
}
|
||||
if privKey.Version != ecPrivKeyVersion {
|
||||
return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
|
||||
}
|
||||
|
||||
var nfe NonFatalErrors
|
||||
var curve elliptic.Curve
|
||||
if namedCurveOID != nil {
|
||||
curve = namedCurveFromOID(*namedCurveOID)
|
||||
curve = namedCurveFromOID(*namedCurveOID, &nfe)
|
||||
} else {
|
||||
curve = namedCurveFromOID(privKey.NamedCurveOID)
|
||||
curve = namedCurveFromOID(privKey.NamedCurveOID, &nfe)
|
||||
}
|
||||
if curve == nil {
|
||||
return nil, errors.New("x509: unknown elliptic curve")
|
||||
|
|
501
vendor/github.com/google/certificate-transparency-go/x509/verify.go
generated
vendored
501
vendor/github.com/google/certificate-transparency-go/x509/verify.go
generated
vendored
|
@ -10,16 +10,17 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"os"
|
||||
"reflect"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode/utf8"
|
||||
|
||||
"github.com/google/certificate-transparency-go/asn1"
|
||||
)
|
||||
|
||||
// ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
|
||||
var ignoreCN = strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=1")
|
||||
|
||||
type InvalidReason int
|
||||
|
||||
const (
|
||||
|
@ -44,21 +45,25 @@ const (
|
|||
NameMismatch
|
||||
// NameConstraintsWithoutSANs results when a leaf certificate doesn't
|
||||
// contain a Subject Alternative Name extension, but a CA certificate
|
||||
// contains name constraints.
|
||||
// contains name constraints, and the Common Name can be interpreted as
|
||||
// a hostname.
|
||||
//
|
||||
// You can avoid this error by setting the experimental GODEBUG environment
|
||||
// variable to "x509ignoreCN=1", disabling Common Name matching entirely.
|
||||
// This behavior might become the default in the future.
|
||||
NameConstraintsWithoutSANs
|
||||
// UnconstrainedName results when a CA certificate contains permitted
|
||||
// name constraints, but leaf certificate contains a name of an
|
||||
// unsupported or unconstrained type.
|
||||
UnconstrainedName
|
||||
// TooManyConstraints results when the number of comparision operations
|
||||
// TooManyConstraints results when the number of comparison operations
|
||||
// needed to check a certificate exceeds the limit set by
|
||||
// VerifyOptions.MaxConstraintComparisions. This limit exists to
|
||||
// prevent pathological certificates can consuming excessive amounts of
|
||||
// CPU time to verify.
|
||||
TooManyConstraints
|
||||
// CANotAuthorizedForExtKeyUsage results when an intermediate or root
|
||||
// certificate does not permit an extended key usage that is claimed by
|
||||
// the leaf certificate.
|
||||
// certificate does not permit a requested extended key usage.
|
||||
CANotAuthorizedForExtKeyUsage
|
||||
)
|
||||
|
||||
|
@ -75,7 +80,7 @@ func (e CertificateInvalidError) Error() string {
|
|||
case NotAuthorizedToSign:
|
||||
return "x509: certificate is not authorized to sign other certificates"
|
||||
case Expired:
|
||||
return "x509: certificate has expired or is not yet valid"
|
||||
return "x509: certificate has expired or is not yet valid: " + e.Detail
|
||||
case CANotAuthorizedForThisName:
|
||||
return "x509: a root or intermediate certificate is not authorized to sign for this name: " + e.Detail
|
||||
case CANotAuthorizedForExtKeyUsage:
|
||||
|
@ -83,7 +88,7 @@ func (e CertificateInvalidError) Error() string {
|
|||
case TooManyIntermediates:
|
||||
return "x509: too many intermediates for path length constraint"
|
||||
case IncompatibleUsage:
|
||||
return "x509: certificate specifies an incompatible key usage: " + e.Detail
|
||||
return "x509: certificate specifies an incompatible key usage"
|
||||
case NameMismatch:
|
||||
return "x509: issuer name does not match subject from issuing certificate"
|
||||
case NameConstraintsWithoutSANs:
|
||||
|
@ -104,6 +109,12 @@ type HostnameError struct {
|
|||
func (h HostnameError) Error() string {
|
||||
c := h.Certificate
|
||||
|
||||
if !c.hasSANExtension() && !validHostname(c.Subject.CommonName) &&
|
||||
matchHostnames(toLowerCaseASCII(c.Subject.CommonName), toLowerCaseASCII(h.Host)) {
|
||||
// This would have validated, if it weren't for the validHostname check on Common Name.
|
||||
return "x509: Common Name is not a valid hostname: " + c.Subject.CommonName
|
||||
}
|
||||
|
||||
var valid string
|
||||
if ip := net.ParseIP(h.Host); ip != nil {
|
||||
// Trying to validate an IP
|
||||
|
@ -117,10 +128,10 @@ func (h HostnameError) Error() string {
|
|||
valid += san.String()
|
||||
}
|
||||
} else {
|
||||
if c.hasSANExtension() {
|
||||
valid = strings.Join(c.DNSNames, ", ")
|
||||
} else {
|
||||
if c.commonNameAsHostname() {
|
||||
valid = c.Subject.CommonName
|
||||
} else {
|
||||
valid = strings.Join(c.DNSNames, ", ")
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -193,9 +204,8 @@ type VerifyOptions struct {
|
|||
// list means ExtKeyUsageServerAuth. To accept any key usage, include
|
||||
// ExtKeyUsageAny.
|
||||
//
|
||||
// Certificate chains are required to nest extended key usage values,
|
||||
// irrespective of this value. This matches the Windows CryptoAPI behavior,
|
||||
// but not the spec.
|
||||
// Certificate chains are required to nest these extended key usage values.
|
||||
// (This matches the Windows CryptoAPI behavior, but not the spec.)
|
||||
KeyUsages []ExtKeyUsage
|
||||
// MaxConstraintComparisions is the maximum number of comparisons to
|
||||
// perform when checking a given certificate's name constraints. If
|
||||
|
@ -219,10 +229,9 @@ type rfc2821Mailbox struct {
|
|||
}
|
||||
|
||||
// parseRFC2821Mailbox parses an email address into local and domain parts,
|
||||
// based on the ABNF for a “Mailbox” from RFC 2821. According to
|
||||
// https://tools.ietf.org/html/rfc5280#section-4.2.1.6 that's correct for an
|
||||
// rfc822Name from a certificate: “The format of an rfc822Name is a "Mailbox"
|
||||
// as defined in https://tools.ietf.org/html/rfc2821#section-4.1.2”.
|
||||
// based on the ABNF for a “Mailbox” from RFC 2821. According to RFC 5280,
|
||||
// Section 4.2.1.6 that's correct for an rfc822Name from a certificate: “The
|
||||
// format of an rfc822Name is a "Mailbox" as defined in RFC 2821, Section 4.1.2”.
|
||||
func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) {
|
||||
if len(in) == 0 {
|
||||
return mailbox, false
|
||||
|
@ -239,9 +248,8 @@ func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) {
|
|||
// quoted-pair = ("\" text) / obs-qp
|
||||
// text = %d1-9 / %d11 / %d12 / %d14-127 / obs-text
|
||||
//
|
||||
// (Names beginning with “obs-” are the obsolete syntax from
|
||||
// https://tools.ietf.org/html/rfc2822#section-4. Since it has
|
||||
// been 16 years, we no longer accept that.)
|
||||
// (Names beginning with “obs-” are the obsolete syntax from RFC 2822,
|
||||
// Section 4. Since it has been 16 years, we no longer accept that.)
|
||||
in = in[1:]
|
||||
QuotedString:
|
||||
for {
|
||||
|
@ -295,7 +303,7 @@ func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) {
|
|||
// Atom ("." Atom)*
|
||||
NextChar:
|
||||
for len(in) > 0 {
|
||||
// atext from https://tools.ietf.org/html/rfc2822#section-3.2.4
|
||||
// atext from RFC 2822, Section 3.2.4
|
||||
c := in[0]
|
||||
|
||||
switch {
|
||||
|
@ -331,7 +339,7 @@ func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) {
|
|||
return mailbox, false
|
||||
}
|
||||
|
||||
// https://tools.ietf.org/html/rfc3696#section-3
|
||||
// From RFC 3696, Section 3:
|
||||
// “period (".") may also appear, but may not be used to start
|
||||
// or end the local part, nor may two or more consecutive
|
||||
// periods appear.”
|
||||
|
@ -368,7 +376,7 @@ func domainToReverseLabels(domain string) (reverseLabels []string, ok bool) {
|
|||
reverseLabels = append(reverseLabels, domain)
|
||||
domain = ""
|
||||
} else {
|
||||
reverseLabels = append(reverseLabels, domain[i+1:len(domain)])
|
||||
reverseLabels = append(reverseLabels, domain[i+1:])
|
||||
domain = domain[:i]
|
||||
}
|
||||
}
|
||||
|
@ -412,7 +420,7 @@ func matchEmailConstraint(mailbox rfc2821Mailbox, constraint string) (bool, erro
|
|||
}
|
||||
|
||||
func matchURIConstraint(uri *url.URL, constraint string) (bool, error) {
|
||||
// https://tools.ietf.org/html/rfc5280#section-4.2.1.10
|
||||
// From RFC 5280, Section 4.2.1.10:
|
||||
// “a uniformResourceIdentifier that does not include an authority
|
||||
// component with a host name specified as a fully qualified domain
|
||||
// name (e.g., if the URI either does not include an authority
|
||||
|
@ -557,51 +565,6 @@ func (c *Certificate) checkNameConstraints(count *int,
|
|||
return nil
|
||||
}
|
||||
|
||||
const (
|
||||
checkingAgainstIssuerCert = iota
|
||||
checkingAgainstLeafCert
|
||||
)
|
||||
|
||||
// ekuPermittedBy returns true iff the given extended key usage is permitted by
|
||||
// the given EKU from a certificate. Normally, this would be a simple
|
||||
// comparison plus a special case for the “any” EKU. But, in order to support
|
||||
// existing certificates, some exceptions are made.
|
||||
func ekuPermittedBy(eku, certEKU ExtKeyUsage, context int) bool {
|
||||
if certEKU == ExtKeyUsageAny || eku == certEKU {
|
||||
return true
|
||||
}
|
||||
|
||||
// Some exceptions are made to support existing certificates. Firstly,
|
||||
// the ServerAuth and SGC EKUs are treated as a group.
|
||||
mapServerAuthEKUs := func(eku ExtKeyUsage) ExtKeyUsage {
|
||||
if eku == ExtKeyUsageNetscapeServerGatedCrypto || eku == ExtKeyUsageMicrosoftServerGatedCrypto {
|
||||
return ExtKeyUsageServerAuth
|
||||
}
|
||||
return eku
|
||||
}
|
||||
|
||||
eku = mapServerAuthEKUs(eku)
|
||||
certEKU = mapServerAuthEKUs(certEKU)
|
||||
|
||||
if eku == certEKU {
|
||||
return true
|
||||
}
|
||||
|
||||
// If checking a requested EKU against the list in a leaf certificate there
|
||||
// are fewer exceptions.
|
||||
if context == checkingAgainstLeafCert {
|
||||
return false
|
||||
}
|
||||
|
||||
// ServerAuth in a CA permits ClientAuth in the leaf.
|
||||
return (eku == ExtKeyUsageClientAuth && certEKU == ExtKeyUsageServerAuth) ||
|
||||
// Any CA may issue an OCSP responder certificate.
|
||||
eku == ExtKeyUsageOCSPSigning ||
|
||||
// Code-signing CAs can use Microsoft's commercial and
|
||||
// kernel-mode EKUs.
|
||||
(eku == ExtKeyUsageMicrosoftCommercialCodeSigning || eku == ExtKeyUsageMicrosoftKernelCodeSigning) && certEKU == ExtKeyUsageCodeSigning
|
||||
}
|
||||
|
||||
// isValid performs validity checks on c given that it is a candidate to append
|
||||
// to the chain in currentChain.
|
||||
func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *VerifyOptions) error {
|
||||
|
@ -621,8 +584,18 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
|
|||
if now.IsZero() {
|
||||
now = time.Now()
|
||||
}
|
||||
if now.Before(c.NotBefore) || now.After(c.NotAfter) {
|
||||
return CertificateInvalidError{c, Expired, ""}
|
||||
if now.Before(c.NotBefore) {
|
||||
return CertificateInvalidError{
|
||||
Cert: c,
|
||||
Reason: Expired,
|
||||
Detail: fmt.Sprintf("current time %s is before %s", now.Format(time.RFC3339), c.NotBefore.Format(time.RFC3339)),
|
||||
}
|
||||
} else if now.After(c.NotAfter) {
|
||||
return CertificateInvalidError{
|
||||
Cert: c,
|
||||
Reason: Expired,
|
||||
Detail: fmt.Sprintf("current time %s is after %s", now.Format(time.RFC3339), c.NotAfter.Format(time.RFC3339)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -640,17 +613,16 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
|
|||
leaf = currentChain[0]
|
||||
}
|
||||
|
||||
if !opts.DisableNameConstraintChecks && (certType == intermediateCertificate || certType == rootCertificate) && c.hasNameConstraints() {
|
||||
sanExtension, ok := leaf.getSANExtension()
|
||||
if !ok {
|
||||
// This is the deprecated, legacy case of depending on
|
||||
// the CN as a hostname. Chains modern enough to be
|
||||
// using name constraints should not be depending on
|
||||
// CNs.
|
||||
return CertificateInvalidError{c, NameConstraintsWithoutSANs, ""}
|
||||
}
|
||||
|
||||
err := forEachSAN(sanExtension, func(tag int, data []byte) error {
|
||||
checkNameConstraints := !opts.DisableNameConstraintChecks && (certType == intermediateCertificate || certType == rootCertificate) && c.hasNameConstraints()
|
||||
if checkNameConstraints && leaf.commonNameAsHostname() {
|
||||
// This is the deprecated, legacy case of depending on the commonName as
|
||||
// a hostname. We don't enforce name constraints against the CN, but
|
||||
// VerifyHostname will look for hostnames in there if there are no SANs.
|
||||
// In order to ensure VerifyHostname will not accept an unchecked name,
|
||||
// return an error here.
|
||||
return CertificateInvalidError{c, NameConstraintsWithoutSANs, ""}
|
||||
} else if checkNameConstraints && leaf.hasSANExtension() {
|
||||
err := forEachSAN(leaf.getSANExtension(), func(tag int, data []byte) error {
|
||||
switch tag {
|
||||
case nameTypeEmail:
|
||||
name := string(data)
|
||||
|
@ -718,59 +690,6 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
|
|||
}
|
||||
}
|
||||
|
||||
checkEKUs := !opts.DisableEKUChecks && certType == intermediateCertificate
|
||||
|
||||
// If no extended key usages are specified, then all are acceptable.
|
||||
if checkEKUs && (len(c.ExtKeyUsage) == 0 && len(c.UnknownExtKeyUsage) == 0) {
|
||||
checkEKUs = false
|
||||
}
|
||||
|
||||
// If the “any” key usage is permitted, then no more checks are needed.
|
||||
if checkEKUs {
|
||||
for _, caEKU := range c.ExtKeyUsage {
|
||||
comparisonCount++
|
||||
if caEKU == ExtKeyUsageAny {
|
||||
checkEKUs = false
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if checkEKUs {
|
||||
NextEKU:
|
||||
for _, eku := range leaf.ExtKeyUsage {
|
||||
if comparisonCount > maxConstraintComparisons {
|
||||
return CertificateInvalidError{c, TooManyConstraints, ""}
|
||||
}
|
||||
|
||||
for _, caEKU := range c.ExtKeyUsage {
|
||||
comparisonCount++
|
||||
if ekuPermittedBy(eku, caEKU, checkingAgainstIssuerCert) {
|
||||
continue NextEKU
|
||||
}
|
||||
}
|
||||
|
||||
oid, _ := oidFromExtKeyUsage(eku)
|
||||
return CertificateInvalidError{c, CANotAuthorizedForExtKeyUsage, fmt.Sprintf("EKU not permitted: %#v", oid)}
|
||||
}
|
||||
|
||||
NextUnknownEKU:
|
||||
for _, eku := range leaf.UnknownExtKeyUsage {
|
||||
if comparisonCount > maxConstraintComparisons {
|
||||
return CertificateInvalidError{c, TooManyConstraints, ""}
|
||||
}
|
||||
|
||||
for _, caEKU := range c.UnknownExtKeyUsage {
|
||||
comparisonCount++
|
||||
if caEKU.Equal(eku) {
|
||||
continue NextUnknownEKU
|
||||
}
|
||||
}
|
||||
|
||||
return CertificateInvalidError{c, CANotAuthorizedForExtKeyUsage, fmt.Sprintf("EKU not permitted: %#v", eku)}
|
||||
}
|
||||
}
|
||||
|
||||
// KeyUsage status flags are ignored. From Engineering Security, Peter
|
||||
// Gutmann: A European government CA marked its signing certificates as
|
||||
// being valid for encryption only, but no-one noticed. Another
|
||||
|
@ -802,18 +721,6 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
|
|||
return nil
|
||||
}
|
||||
|
||||
// formatOID formats an ASN.1 OBJECT IDENTIFER in the common, dotted style.
|
||||
func formatOID(oid asn1.ObjectIdentifier) string {
|
||||
ret := ""
|
||||
for i, v := range oid {
|
||||
if i > 0 {
|
||||
ret += "."
|
||||
}
|
||||
ret += strconv.Itoa(v)
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
// Verify attempts to verify c by building one or more chains from c to a
|
||||
// certificate in opts.Roots, using certificates in opts.Intermediates if
|
||||
// needed. If successful, it returns one or more chains where the first
|
||||
|
@ -871,63 +778,38 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e
|
|||
}
|
||||
}
|
||||
|
||||
requestedKeyUsages := make([]ExtKeyUsage, len(opts.KeyUsages))
|
||||
copy(requestedKeyUsages, opts.KeyUsages)
|
||||
if len(requestedKeyUsages) == 0 {
|
||||
requestedKeyUsages = append(requestedKeyUsages, ExtKeyUsageServerAuth)
|
||||
}
|
||||
|
||||
// If no key usages are specified, then any are acceptable.
|
||||
checkEKU := !opts.DisableEKUChecks && len(c.ExtKeyUsage) > 0
|
||||
|
||||
for _, eku := range requestedKeyUsages {
|
||||
if eku == ExtKeyUsageAny {
|
||||
checkEKU = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if checkEKU {
|
||||
foundMatch := false
|
||||
NextUsage:
|
||||
for _, eku := range requestedKeyUsages {
|
||||
for _, leafEKU := range c.ExtKeyUsage {
|
||||
if ekuPermittedBy(eku, leafEKU, checkingAgainstLeafCert) {
|
||||
foundMatch = true
|
||||
break NextUsage
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !foundMatch {
|
||||
msg := "leaf contains the following, recognized EKUs: "
|
||||
|
||||
for i, leafEKU := range c.ExtKeyUsage {
|
||||
oid, ok := oidFromExtKeyUsage(leafEKU)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if i > 0 {
|
||||
msg += ", "
|
||||
}
|
||||
msg += formatOID(oid)
|
||||
}
|
||||
|
||||
return nil, CertificateInvalidError{c, IncompatibleUsage, msg}
|
||||
}
|
||||
}
|
||||
|
||||
var candidateChains [][]*Certificate
|
||||
if opts.Roots.contains(c) {
|
||||
candidateChains = append(candidateChains, []*Certificate{c})
|
||||
} else {
|
||||
if candidateChains, err = c.buildChains(make(map[int][][]*Certificate), []*Certificate{c}, &opts); err != nil {
|
||||
if candidateChains, err = c.buildChains(nil, []*Certificate{c}, nil, &opts); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return candidateChains, nil
|
||||
keyUsages := opts.KeyUsages
|
||||
if len(keyUsages) == 0 {
|
||||
keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth}
|
||||
}
|
||||
|
||||
// If any key usage is acceptable then we're done.
|
||||
for _, usage := range keyUsages {
|
||||
if usage == ExtKeyUsageAny {
|
||||
return candidateChains, nil
|
||||
}
|
||||
}
|
||||
|
||||
for _, candidate := range candidateChains {
|
||||
if opts.DisableEKUChecks || checkChainForKeyUsage(candidate, keyUsages) {
|
||||
chains = append(chains, candidate)
|
||||
}
|
||||
}
|
||||
|
||||
if len(chains) == 0 {
|
||||
return nil, CertificateInvalidError{c, IncompatibleUsage, ""}
|
||||
}
|
||||
|
||||
return chains, nil
|
||||
}
|
||||
|
||||
func appendToFreshChain(chain []*Certificate, cert *Certificate) []*Certificate {
|
||||
|
@ -937,64 +819,138 @@ func appendToFreshChain(chain []*Certificate, cert *Certificate) []*Certificate
|
|||
return n
|
||||
}
|
||||
|
||||
func (c *Certificate) buildChains(cache map[int][][]*Certificate, currentChain []*Certificate, opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
||||
possibleRoots, failedRoot, rootErr := opts.Roots.findVerifiedParents(c)
|
||||
nextRoot:
|
||||
for _, rootNum := range possibleRoots {
|
||||
root := opts.Roots.certs[rootNum]
|
||||
// maxChainSignatureChecks is the maximum number of CheckSignatureFrom calls
|
||||
// that an invocation of buildChains will (tranistively) make. Most chains are
|
||||
// less than 15 certificates long, so this leaves space for multiple chains and
|
||||
// for failed checks due to different intermediates having the same Subject.
|
||||
const maxChainSignatureChecks = 100
|
||||
|
||||
func (c *Certificate) buildChains(cache map[*Certificate][][]*Certificate, currentChain []*Certificate, sigChecks *int, opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
||||
var (
|
||||
hintErr error
|
||||
hintCert *Certificate
|
||||
)
|
||||
|
||||
considerCandidate := func(certType int, candidate *Certificate) {
|
||||
for _, cert := range currentChain {
|
||||
if cert.Equal(root) {
|
||||
continue nextRoot
|
||||
if cert.Equal(candidate) {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
err = root.isValid(rootCertificate, currentChain, opts)
|
||||
if err != nil {
|
||||
continue
|
||||
if sigChecks == nil {
|
||||
sigChecks = new(int)
|
||||
}
|
||||
*sigChecks++
|
||||
if *sigChecks > maxChainSignatureChecks {
|
||||
err = errors.New("x509: signature check attempts limit reached while verifying certificate chain")
|
||||
return
|
||||
}
|
||||
|
||||
if err := c.CheckSignatureFrom(candidate); err != nil {
|
||||
if hintErr == nil {
|
||||
hintErr = err
|
||||
hintCert = candidate
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
err = candidate.isValid(certType, currentChain, opts)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
switch certType {
|
||||
case rootCertificate:
|
||||
chains = append(chains, appendToFreshChain(currentChain, candidate))
|
||||
case intermediateCertificate:
|
||||
if cache == nil {
|
||||
cache = make(map[*Certificate][][]*Certificate)
|
||||
}
|
||||
childChains, ok := cache[candidate]
|
||||
if !ok {
|
||||
childChains, err = candidate.buildChains(cache, appendToFreshChain(currentChain, candidate), sigChecks, opts)
|
||||
cache[candidate] = childChains
|
||||
}
|
||||
chains = append(chains, childChains...)
|
||||
}
|
||||
chains = append(chains, appendToFreshChain(currentChain, root))
|
||||
}
|
||||
|
||||
possibleIntermediates, failedIntermediate, intermediateErr := opts.Intermediates.findVerifiedParents(c)
|
||||
nextIntermediate:
|
||||
for _, intermediateNum := range possibleIntermediates {
|
||||
intermediate := opts.Intermediates.certs[intermediateNum]
|
||||
for _, cert := range currentChain {
|
||||
if cert.Equal(intermediate) {
|
||||
continue nextIntermediate
|
||||
}
|
||||
}
|
||||
err = intermediate.isValid(intermediateCertificate, currentChain, opts)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
var childChains [][]*Certificate
|
||||
childChains, ok := cache[intermediateNum]
|
||||
if !ok {
|
||||
childChains, err = intermediate.buildChains(cache, appendToFreshChain(currentChain, intermediate), opts)
|
||||
cache[intermediateNum] = childChains
|
||||
}
|
||||
chains = append(chains, childChains...)
|
||||
for _, rootNum := range opts.Roots.findPotentialParents(c) {
|
||||
considerCandidate(rootCertificate, opts.Roots.certs[rootNum])
|
||||
}
|
||||
for _, intermediateNum := range opts.Intermediates.findPotentialParents(c) {
|
||||
considerCandidate(intermediateCertificate, opts.Intermediates.certs[intermediateNum])
|
||||
}
|
||||
|
||||
if len(chains) > 0 {
|
||||
err = nil
|
||||
}
|
||||
|
||||
if len(chains) == 0 && err == nil {
|
||||
hintErr := rootErr
|
||||
hintCert := failedRoot
|
||||
if hintErr == nil {
|
||||
hintErr = intermediateErr
|
||||
hintCert = failedIntermediate
|
||||
}
|
||||
err = UnknownAuthorityError{c, hintErr, hintCert}
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// validHostname reports whether host is a valid hostname that can be matched or
|
||||
// matched against according to RFC 6125 2.2, with some leniency to accommodate
|
||||
// legacy values.
|
||||
func validHostname(host string) bool {
|
||||
host = strings.TrimSuffix(host, ".")
|
||||
|
||||
if len(host) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
for i, part := range strings.Split(host, ".") {
|
||||
if part == "" {
|
||||
// Empty label.
|
||||
return false
|
||||
}
|
||||
if i == 0 && part == "*" {
|
||||
// Only allow full left-most wildcards, as those are the only ones
|
||||
// we match, and matching literal '*' characters is probably never
|
||||
// the expected behavior.
|
||||
continue
|
||||
}
|
||||
for j, c := range part {
|
||||
if 'a' <= c && c <= 'z' {
|
||||
continue
|
||||
}
|
||||
if '0' <= c && c <= '9' {
|
||||
continue
|
||||
}
|
||||
if 'A' <= c && c <= 'Z' {
|
||||
continue
|
||||
}
|
||||
if c == '-' && j != 0 {
|
||||
continue
|
||||
}
|
||||
if c == '_' || c == ':' {
|
||||
// Not valid characters in hostnames, but commonly
|
||||
// found in deployments outside the WebPKI.
|
||||
continue
|
||||
}
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// commonNameAsHostname reports whether the Common Name field should be
|
||||
// considered the hostname that the certificate is valid for. This is a legacy
|
||||
// behavior, disabled if the Subject Alt Name extension is present.
|
||||
//
|
||||
// It applies the strict validHostname check to the Common Name field, so that
|
||||
// certificates without SANs can still be validated against CAs with name
|
||||
// constraints if there is no risk the CN would be matched as a hostname.
|
||||
// See NameConstraintsWithoutSANs and issue 24151.
|
||||
func (c *Certificate) commonNameAsHostname() bool {
|
||||
return !ignoreCN && !c.hasSANExtension() && validHostname(c.Subject.CommonName)
|
||||
}
|
||||
|
||||
func matchHostnames(pattern, host string) bool {
|
||||
host = strings.TrimSuffix(host, ".")
|
||||
pattern = strings.TrimSuffix(pattern, ".")
|
||||
|
@ -1064,7 +1020,7 @@ func (c *Certificate) VerifyHostname(h string) error {
|
|||
}
|
||||
if ip := net.ParseIP(candidateIP); ip != nil {
|
||||
// We only match IP addresses against IP SANs.
|
||||
// https://tools.ietf.org/html/rfc6125#appendix-B.2
|
||||
// See RFC 6125, Appendix B.2.
|
||||
for _, candidate := range c.IPAddresses {
|
||||
if ip.Equal(candidate) {
|
||||
return nil
|
||||
|
@ -1075,16 +1031,79 @@ func (c *Certificate) VerifyHostname(h string) error {
|
|||
|
||||
lowered := toLowerCaseASCII(h)
|
||||
|
||||
if c.hasSANExtension() {
|
||||
if c.commonNameAsHostname() {
|
||||
if matchHostnames(toLowerCaseASCII(c.Subject.CommonName), lowered) {
|
||||
return nil
|
||||
}
|
||||
} else {
|
||||
for _, match := range c.DNSNames {
|
||||
if matchHostnames(toLowerCaseASCII(match), lowered) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
// If Subject Alt Name is given, we ignore the common name.
|
||||
} else if matchHostnames(toLowerCaseASCII(c.Subject.CommonName), lowered) {
|
||||
return nil
|
||||
}
|
||||
|
||||
return HostnameError{c, h}
|
||||
}
|
||||
|
||||
func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
|
||||
usages := make([]ExtKeyUsage, len(keyUsages))
|
||||
copy(usages, keyUsages)
|
||||
|
||||
if len(chain) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
usagesRemaining := len(usages)
|
||||
|
||||
// We walk down the list and cross out any usages that aren't supported
|
||||
// by each certificate. If we cross out all the usages, then the chain
|
||||
// is unacceptable.
|
||||
|
||||
NextCert:
|
||||
for i := len(chain) - 1; i >= 0; i-- {
|
||||
cert := chain[i]
|
||||
if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 {
|
||||
// The certificate doesn't have any extended key usage specified.
|
||||
continue
|
||||
}
|
||||
|
||||
for _, usage := range cert.ExtKeyUsage {
|
||||
if usage == ExtKeyUsageAny {
|
||||
// The certificate is explicitly good for any usage.
|
||||
continue NextCert
|
||||
}
|
||||
}
|
||||
|
||||
const invalidUsage ExtKeyUsage = -1
|
||||
|
||||
NextRequestedUsage:
|
||||
for i, requestedUsage := range usages {
|
||||
if requestedUsage == invalidUsage {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, usage := range cert.ExtKeyUsage {
|
||||
if requestedUsage == usage {
|
||||
continue NextRequestedUsage
|
||||
} else if requestedUsage == ExtKeyUsageServerAuth &&
|
||||
(usage == ExtKeyUsageNetscapeServerGatedCrypto ||
|
||||
usage == ExtKeyUsageMicrosoftServerGatedCrypto) {
|
||||
// In order to support COMODO
|
||||
// certificate chains, we have to
|
||||
// accept Netscape or Microsoft SGC
|
||||
// usages as equal to ServerAuth.
|
||||
continue NextRequestedUsage
|
||||
}
|
||||
}
|
||||
|
||||
usages[i] = invalidUsage
|
||||
usagesRemaining--
|
||||
if usagesRemaining == 0 {
|
||||
return false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
|
803
vendor/github.com/google/certificate-transparency-go/x509/x509.go
generated
vendored
803
vendor/github.com/google/certificate-transparency-go/x509/x509.go
generated
vendored
File diff suppressed because it is too large
Load diff
202
vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE
generated
vendored
Normal file
202
vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
151
vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
generated
vendored
Normal file
151
vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
generated
vendored
Normal file
|
@ -0,0 +1,151 @@
|
|||
// Copyright 2022 Google LLC.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
//
|
||||
// Client is a cross-platform client for the signer binary (a.k.a."EnterpriseCertSigner").
|
||||
// The signer binary is OS-specific, but exposes a standard set of APIs for the client to use.
|
||||
package client
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/gob"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/rpc"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"github.com/googleapis/enterprise-certificate-proxy/client/util"
|
||||
)
|
||||
|
||||
const signAPI = "EnterpriseCertSigner.Sign"
|
||||
const certificateChainAPI = "EnterpriseCertSigner.CertificateChain"
|
||||
const publicKeyAPI = "EnterpriseCertSigner.Public"
|
||||
|
||||
// A Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser.
|
||||
type Connection struct {
|
||||
io.ReadCloser
|
||||
io.WriteCloser
|
||||
}
|
||||
|
||||
// Close closes c's underlying ReadCloser and WriteCloser.
|
||||
func (c *Connection) Close() error {
|
||||
rerr := c.ReadCloser.Close()
|
||||
werr := c.WriteCloser.Close()
|
||||
if rerr != nil {
|
||||
return rerr
|
||||
}
|
||||
return werr
|
||||
}
|
||||
|
||||
func init() {
|
||||
gob.Register(crypto.SHA256)
|
||||
gob.Register(&rsa.PSSOptions{})
|
||||
}
|
||||
|
||||
// SignArgs contains arguments to a crypto Signer.Sign method.
|
||||
type SignArgs struct {
|
||||
Digest []byte // The content to sign.
|
||||
Opts crypto.SignerOpts // Options for signing, such as Hash identifier.
|
||||
}
|
||||
|
||||
// Key implements credential.Credential by holding the executed signer subprocess.
|
||||
type Key struct {
|
||||
cmd *exec.Cmd // Pointer to the signer subprocess.
|
||||
client *rpc.Client // Pointer to the rpc client that communicates with the signer subprocess.
|
||||
publicKey crypto.PublicKey // Public key of loaded certificate.
|
||||
chain [][]byte // Certificate chain of loaded certificate.
|
||||
}
|
||||
|
||||
// CertificateChain returns the credential as a raw X509 cert chain. This contains the public key.
|
||||
func (k *Key) CertificateChain() [][]byte {
|
||||
return k.chain
|
||||
}
|
||||
|
||||
// Close closes the RPC connection and kills the signer subprocess.
|
||||
// Call this to free up resources when the Key object is no longer needed.
|
||||
func (k *Key) Close() error {
|
||||
if err := k.client.Close(); err != nil {
|
||||
return fmt.Errorf("failed to close RPC connection: %w", err)
|
||||
}
|
||||
if err := k.cmd.Process.Kill(); err != nil {
|
||||
return fmt.Errorf("failed to kill signer process: %w", err)
|
||||
}
|
||||
if err := k.cmd.Wait(); err.Error() != "signal: killed" {
|
||||
return fmt.Errorf("signer process was not killed: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Public returns the public key for this Key.
|
||||
func (k *Key) Public() crypto.PublicKey {
|
||||
return k.publicKey
|
||||
}
|
||||
|
||||
// Sign signs a message by encrypting a message digest, using the specified signer options.
|
||||
func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) {
|
||||
err = k.client.Call(signAPI, SignArgs{Digest: digest, Opts: opts}, &signed)
|
||||
return
|
||||
}
|
||||
|
||||
// Cred spawns a signer subprocess that listens on stdin/stdout to perform certificate
|
||||
// related operations, including signing messages with the private key.
|
||||
//
|
||||
// The signer binary path is read from the specified configFilePath, if provided.
|
||||
// Otherwise, use the default config file path.
|
||||
//
|
||||
// The config file also specifies which certificate the signer should use.
|
||||
func Cred(configFilePath string) (*Key, error) {
|
||||
if configFilePath == "" {
|
||||
configFilePath = util.GetDefaultConfigFilePath()
|
||||
}
|
||||
enterpriseCertSignerPath, err := util.LoadSignerBinaryPath(configFilePath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
k := &Key{
|
||||
cmd: exec.Command(enterpriseCertSignerPath, configFilePath),
|
||||
}
|
||||
|
||||
// Redirect errors from subprocess to parent process.
|
||||
k.cmd.Stderr = os.Stderr
|
||||
|
||||
// RPC client will communicate with subprocess over stdin/stdout.
|
||||
kin, err := k.cmd.StdinPipe()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
kout, err := k.cmd.StdoutPipe()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
k.client = rpc.NewClient(&Connection{kout, kin})
|
||||
|
||||
if err := k.cmd.Start(); err != nil {
|
||||
return nil, fmt.Errorf("starting enterprise cert signer subprocess: %w", err)
|
||||
}
|
||||
|
||||
if err := k.client.Call(certificateChainAPI, struct{}{}, &k.chain); err != nil {
|
||||
return nil, fmt.Errorf("failed to retrieve certificate chain: %w", err)
|
||||
}
|
||||
|
||||
var publicKeyBytes []byte
|
||||
if err := k.client.Call(publicKeyAPI, struct{}{}, &publicKeyBytes); err != nil {
|
||||
return nil, fmt.Errorf("failed to retrieve public key: %w", err)
|
||||
}
|
||||
|
||||
publicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse public key: %w", err)
|
||||
}
|
||||
|
||||
var ok bool
|
||||
k.publicKey, ok = publicKey.(crypto.PublicKey)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid public key type: %T", publicKey)
|
||||
}
|
||||
|
||||
return k, nil
|
||||
}
|
72
vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
generated
vendored
Normal file
72
vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
generated
vendored
Normal file
|
@ -0,0 +1,72 @@
|
|||
// Package util provides helper functions for the client.
|
||||
package util
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
)
|
||||
|
||||
const configFileName = "enterprise_certificate_config.json"
|
||||
|
||||
// EnterpriseCertificateConfig contains parameters for initializing signer.
|
||||
type EnterpriseCertificateConfig struct {
|
||||
Libs Libs `json:"libs"`
|
||||
}
|
||||
|
||||
// Libs specifies the locations of helper libraries.
|
||||
type Libs struct {
|
||||
SignerBinary string `json:"signer_binary"`
|
||||
}
|
||||
|
||||
// LoadSignerBinaryPath retrieves the path of the signer binary from the config file.
|
||||
func LoadSignerBinaryPath(configFilePath string) (path string, err error) {
|
||||
jsonFile, err := os.Open(configFilePath)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
byteValue, err := ioutil.ReadAll(jsonFile)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
var config EnterpriseCertificateConfig
|
||||
err = json.Unmarshal(byteValue, &config)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
signerBinaryPath := config.Libs.SignerBinary
|
||||
if signerBinaryPath == "" {
|
||||
return "", errors.New("Signer binary path is missing.")
|
||||
}
|
||||
return signerBinaryPath, nil
|
||||
}
|
||||
|
||||
func guessHomeDir() string {
|
||||
// Prefer $HOME over user.Current due to glibc bug: golang.org/issue/13470
|
||||
if v := os.Getenv("HOME"); v != "" {
|
||||
return v
|
||||
}
|
||||
// Else, fall back to user.Current:
|
||||
if u, err := user.Current(); err == nil {
|
||||
return u.HomeDir
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func getDefaultConfigFileDirectory() (directory string) {
|
||||
if runtime.GOOS == "windows" {
|
||||
return filepath.Join(os.Getenv("APPDATA"), "gcloud")
|
||||
} else {
|
||||
return filepath.Join(guessHomeDir(), ".config/gcloud")
|
||||
}
|
||||
}
|
||||
|
||||
// GetDefaultConfigFilePath returns the default path of the enterprise certificate config file created by gCloud.
|
||||
func GetDefaultConfigFilePath() (path string) {
|
||||
return filepath.Join(getDefaultConfigFileDirectory(), configFileName)
|
||||
}
|
3
vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
generated
vendored
Normal file
3
vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
generated
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"v2": "2.4.0"
|
||||
}
|
18
vendor/github.com/googleapis/gax-go/v2/CHANGES.md
generated
vendored
Normal file
18
vendor/github.com/googleapis/gax-go/v2/CHANGES.md
generated
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Changelog
|
||||
|
||||
## [2.4.0](https://github.com/googleapis/gax-go/compare/v2.3.0...v2.4.0) (2022-05-09)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* **v2:** add OnHTTPCodes CallOption ([#188](https://github.com/googleapis/gax-go/issues/188)) ([ba7c534](https://github.com/googleapis/gax-go/commit/ba7c5348363ab6c33e1cee3c03c0be68a46ca07c))
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **v2/apierror:** use errors.As in FromError ([#189](https://github.com/googleapis/gax-go/issues/189)) ([f30f05b](https://github.com/googleapis/gax-go/commit/f30f05be583828f4c09cca4091333ea88ff8d79e))
|
||||
|
||||
|
||||
### Miscellaneous Chores
|
||||
|
||||
* **v2:** bump release-please processing ([#192](https://github.com/googleapis/gax-go/issues/192)) ([56172f9](https://github.com/googleapis/gax-go/commit/56172f971d1141d7687edaac053ad3470af76719))
|
298
vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
generated
vendored
Normal file
298
vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
generated
vendored
Normal file
|
@ -0,0 +1,298 @@
|
|||
// Copyright 2021, Google Inc.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following disclaimer
|
||||
// in the documentation and/or other materials provided with the
|
||||
// distribution.
|
||||
// * Neither the name of Google Inc. nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from
|
||||
// this software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
// Package apierror implements a wrapper error for parsing error details from
|
||||
// API calls. Both HTTP & gRPC status errors are supported.
|
||||
package apierror
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
jsonerror "github.com/googleapis/gax-go/v2/apierror/internal/proto"
|
||||
"google.golang.org/api/googleapi"
|
||||
"google.golang.org/genproto/googleapis/rpc/errdetails"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/encoding/protojson"
|
||||
)
|
||||
|
||||
// ErrDetails holds the google/rpc/error_details.proto messages.
|
||||
type ErrDetails struct {
|
||||
ErrorInfo *errdetails.ErrorInfo
|
||||
BadRequest *errdetails.BadRequest
|
||||
PreconditionFailure *errdetails.PreconditionFailure
|
||||
QuotaFailure *errdetails.QuotaFailure
|
||||
RetryInfo *errdetails.RetryInfo
|
||||
ResourceInfo *errdetails.ResourceInfo
|
||||
RequestInfo *errdetails.RequestInfo
|
||||
DebugInfo *errdetails.DebugInfo
|
||||
Help *errdetails.Help
|
||||
LocalizedMessage *errdetails.LocalizedMessage
|
||||
|
||||
// Unknown stores unidentifiable error details.
|
||||
Unknown []interface{}
|
||||
}
|
||||
|
||||
func (e ErrDetails) String() string {
|
||||
var d strings.Builder
|
||||
if e.ErrorInfo != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: name = ErrorInfo reason = %s domain = %s metadata = %s\n",
|
||||
e.ErrorInfo.GetReason(), e.ErrorInfo.GetDomain(), e.ErrorInfo.GetMetadata()))
|
||||
}
|
||||
|
||||
if e.BadRequest != nil {
|
||||
v := e.BadRequest.GetFieldViolations()
|
||||
var f []string
|
||||
var desc []string
|
||||
for _, x := range v {
|
||||
f = append(f, x.GetField())
|
||||
desc = append(desc, x.GetDescription())
|
||||
}
|
||||
d.WriteString(fmt.Sprintf("error details: name = BadRequest field = %s desc = %s\n",
|
||||
strings.Join(f, " "), strings.Join(desc, " ")))
|
||||
}
|
||||
|
||||
if e.PreconditionFailure != nil {
|
||||
v := e.PreconditionFailure.GetViolations()
|
||||
var t []string
|
||||
var s []string
|
||||
var desc []string
|
||||
for _, x := range v {
|
||||
t = append(t, x.GetType())
|
||||
s = append(s, x.GetSubject())
|
||||
desc = append(desc, x.GetDescription())
|
||||
}
|
||||
d.WriteString(fmt.Sprintf("error details: name = PreconditionFailure type = %s subj = %s desc = %s\n", strings.Join(t, " "),
|
||||
strings.Join(s, " "), strings.Join(desc, " ")))
|
||||
}
|
||||
|
||||
if e.QuotaFailure != nil {
|
||||
v := e.QuotaFailure.GetViolations()
|
||||
var s []string
|
||||
var desc []string
|
||||
for _, x := range v {
|
||||
s = append(s, x.GetSubject())
|
||||
desc = append(desc, x.GetDescription())
|
||||
}
|
||||
d.WriteString(fmt.Sprintf("error details: name = QuotaFailure subj = %s desc = %s\n",
|
||||
strings.Join(s, " "), strings.Join(desc, " ")))
|
||||
}
|
||||
|
||||
if e.RequestInfo != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: name = RequestInfo id = %s data = %s\n",
|
||||
e.RequestInfo.GetRequestId(), e.RequestInfo.GetServingData()))
|
||||
}
|
||||
|
||||
if e.ResourceInfo != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: name = ResourceInfo type = %s resourcename = %s owner = %s desc = %s\n",
|
||||
e.ResourceInfo.GetResourceType(), e.ResourceInfo.GetResourceName(),
|
||||
e.ResourceInfo.GetOwner(), e.ResourceInfo.GetDescription()))
|
||||
|
||||
}
|
||||
if e.RetryInfo != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: retry in %s\n", e.RetryInfo.GetRetryDelay().AsDuration()))
|
||||
|
||||
}
|
||||
if e.Unknown != nil {
|
||||
var s []string
|
||||
for _, x := range e.Unknown {
|
||||
s = append(s, fmt.Sprintf("%v", x))
|
||||
}
|
||||
d.WriteString(fmt.Sprintf("error details: name = Unknown desc = %s\n", strings.Join(s, " ")))
|
||||
}
|
||||
|
||||
if e.DebugInfo != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: name = DebugInfo detail = %s stack = %s\n", e.DebugInfo.GetDetail(),
|
||||
strings.Join(e.DebugInfo.GetStackEntries(), " ")))
|
||||
}
|
||||
if e.Help != nil {
|
||||
var desc []string
|
||||
var url []string
|
||||
for _, x := range e.Help.Links {
|
||||
desc = append(desc, x.GetDescription())
|
||||
url = append(url, x.GetUrl())
|
||||
}
|
||||
d.WriteString(fmt.Sprintf("error details: name = Help desc = %s url = %s\n",
|
||||
strings.Join(desc, " "), strings.Join(url, " ")))
|
||||
}
|
||||
if e.LocalizedMessage != nil {
|
||||
d.WriteString(fmt.Sprintf("error details: name = LocalizedMessage locale = %s msg = %s\n",
|
||||
e.LocalizedMessage.GetLocale(), e.LocalizedMessage.GetMessage()))
|
||||
}
|
||||
|
||||
return d.String()
|
||||
}
|
||||
|
||||
// APIError wraps either a gRPC Status error or a HTTP googleapi.Error. It
|
||||
// implements error and Status interfaces.
|
||||
type APIError struct {
|
||||
err error
|
||||
status *status.Status
|
||||
httpErr *googleapi.Error
|
||||
details ErrDetails
|
||||
}
|
||||
|
||||
// Details presents the error details of the APIError.
|
||||
func (a *APIError) Details() ErrDetails {
|
||||
return a.details
|
||||
}
|
||||
|
||||
// Unwrap extracts the original error.
|
||||
func (a *APIError) Unwrap() error {
|
||||
return a.err
|
||||
}
|
||||
|
||||
// Error returns a readable representation of the APIError.
|
||||
func (a *APIError) Error() string {
|
||||
var msg string
|
||||
if a.status != nil {
|
||||
msg = a.err.Error()
|
||||
} else if a.httpErr != nil {
|
||||
// Truncate the googleapi.Error message because it dumps the Details in
|
||||
// an ugly way.
|
||||
msg = fmt.Sprintf("googleapi: Error %d: %s", a.httpErr.Code, a.httpErr.Message)
|
||||
}
|
||||
return strings.TrimSpace(fmt.Sprintf("%s\n%s", msg, a.details))
|
||||
}
|
||||
|
||||
// GRPCStatus extracts the underlying gRPC Status error.
|
||||
// This method is necessary to fulfill the interface
|
||||
// described in https://pkg.go.dev/google.golang.org/grpc/status#FromError.
|
||||
func (a *APIError) GRPCStatus() *status.Status {
|
||||
return a.status
|
||||
}
|
||||
|
||||
// Reason returns the reason in an ErrorInfo.
|
||||
// If ErrorInfo is nil, it returns an empty string.
|
||||
func (a *APIError) Reason() string {
|
||||
return a.details.ErrorInfo.GetReason()
|
||||
}
|
||||
|
||||
// Domain returns the domain in an ErrorInfo.
|
||||
// If ErrorInfo is nil, it returns an empty string.
|
||||
func (a *APIError) Domain() string {
|
||||
return a.details.ErrorInfo.GetDomain()
|
||||
}
|
||||
|
||||
// Metadata returns the metadata in an ErrorInfo.
|
||||
// If ErrorInfo is nil, it returns nil.
|
||||
func (a *APIError) Metadata() map[string]string {
|
||||
return a.details.ErrorInfo.GetMetadata()
|
||||
|
||||
}
|
||||
|
||||
// FromError parses a Status error or a googleapi.Error and builds an APIError.
|
||||
func FromError(err error) (*APIError, bool) {
|
||||
if err == nil {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
ae := APIError{err: err}
|
||||
st, isStatus := status.FromError(err)
|
||||
var herr *googleapi.Error
|
||||
isHTTPErr := errors.As(err, &herr)
|
||||
|
||||
switch {
|
||||
case isStatus:
|
||||
ae.status = st
|
||||
ae.details = parseDetails(st.Details())
|
||||
case isHTTPErr:
|
||||
ae.httpErr = herr
|
||||
ae.details = parseHTTPDetails(herr)
|
||||
default:
|
||||
return nil, false
|
||||
}
|
||||
|
||||
return &ae, true
|
||||
|
||||
}
|
||||
|
||||
// parseDetails accepts a slice of interface{} that should be backed by some
|
||||
// sort of proto.Message that can be cast to the google/rpc/error_details.proto
|
||||
// types.
|
||||
//
|
||||
// This is for internal use only.
|
||||
func parseDetails(details []interface{}) ErrDetails {
|
||||
var ed ErrDetails
|
||||
for _, d := range details {
|
||||
switch d := d.(type) {
|
||||
case *errdetails.ErrorInfo:
|
||||
ed.ErrorInfo = d
|
||||
case *errdetails.BadRequest:
|
||||
ed.BadRequest = d
|
||||
case *errdetails.PreconditionFailure:
|
||||
ed.PreconditionFailure = d
|
||||
case *errdetails.QuotaFailure:
|
||||
ed.QuotaFailure = d
|
||||
case *errdetails.RetryInfo:
|
||||
ed.RetryInfo = d
|
||||
case *errdetails.ResourceInfo:
|
||||
ed.ResourceInfo = d
|
||||
case *errdetails.RequestInfo:
|
||||
ed.RequestInfo = d
|
||||
case *errdetails.DebugInfo:
|
||||
ed.DebugInfo = d
|
||||
case *errdetails.Help:
|
||||
ed.Help = d
|
||||
case *errdetails.LocalizedMessage:
|
||||
ed.LocalizedMessage = d
|
||||
default:
|
||||
ed.Unknown = append(ed.Unknown, d)
|
||||
}
|
||||
}
|
||||
|
||||
return ed
|
||||
}
|
||||
|
||||
// parseHTTPDetails will convert the given googleapi.Error into the protobuf
|
||||
// representation then parse the Any values that contain the error details.
|
||||
//
|
||||
// This is for internal use only.
|
||||
func parseHTTPDetails(gae *googleapi.Error) ErrDetails {
|
||||
e := &jsonerror.Error{}
|
||||
if err := protojson.Unmarshal([]byte(gae.Body), e); err != nil {
|
||||
// If the error body does not conform to the error schema, ignore it
|
||||
// altogther. See https://cloud.google.com/apis/design/errors#http_mapping.
|
||||
return ErrDetails{}
|
||||
}
|
||||
|
||||
// Coerce the Any messages into proto.Message then parse the details.
|
||||
details := []interface{}{}
|
||||
for _, any := range e.GetError().GetDetails() {
|
||||
m, err := any.UnmarshalNew()
|
||||
if err != nil {
|
||||
// Ignore malformed Any values.
|
||||
continue
|
||||
}
|
||||
details = append(details, m)
|
||||
}
|
||||
|
||||
return parseDetails(details)
|
||||
}
|
30
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
generated
vendored
Normal file
30
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
generated
vendored
Normal file
|
@ -0,0 +1,30 @@
|
|||
# HTTP JSON Error Schema
|
||||
|
||||
The `error.proto` represents the HTTP-JSON schema used by Google APIs to convey
|
||||
error payloads as described by https://cloud.google.com/apis/design/errors#http_mapping.
|
||||
This package is for internal parsing logic only and should not be used in any
|
||||
other context.
|
||||
|
||||
## Regeneration
|
||||
|
||||
To regenerate the protobuf Go code you will need the following:
|
||||
|
||||
* A local copy of [googleapis], the absolute path to which should be exported to
|
||||
the environment variable `GOOGLEAPIS`
|
||||
* The protobuf compiler [protoc]
|
||||
* The Go [protobuf plugin]
|
||||
* The [goimports] tool
|
||||
|
||||
From this directory run the following command:
|
||||
```sh
|
||||
protoc -I $GOOGLEAPIS -I. --go_out=. --go_opt=module=github.com/googleapis/gax-go/v2/apierror/internal/proto error.proto
|
||||
goimports -w .
|
||||
```
|
||||
|
||||
Note: the `module` plugin option ensures the generated code is placed in this
|
||||
directory, and not in several nested directories defined by `go_package` option.
|
||||
|
||||
[googleapis]: https://github.com/googleapis/googleapis
|
||||
[protoc]: https://github.com/protocolbuffers/protobuf#protocol-compiler-installation
|
||||
[protobuf plugin]: https://developers.google.com/protocol-buffers/docs/reference/go-generated
|
||||
[goimports]: https://pkg.go.dev/golang.org/x/tools/cmd/goimports
|
280
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
generated
vendored
Normal file
280
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
generated
vendored
Normal file
|
@ -0,0 +1,280 @@
|
|||
// Copyright 2021 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.0
|
||||
// protoc v3.15.8
|
||||
// source: apierror/internal/proto/error.proto
|
||||
|
||||
package jsonerror
|
||||
|
||||
import (
|
||||
reflect "reflect"
|
||||
sync "sync"
|
||||
|
||||
code "google.golang.org/genproto/googleapis/rpc/code"
|
||||
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
||||
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
||||
anypb "google.golang.org/protobuf/types/known/anypb"
|
||||
)
|
||||
|
||||
const (
|
||||
// Verify that this generated code is sufficiently up-to-date.
|
||||
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
||||
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
||||
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
||||
)
|
||||
|
||||
// The error format v2 for Google JSON REST APIs.
|
||||
// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
|
||||
//
|
||||
// NOTE: This schema is not used for other wire protocols.
|
||||
type Error struct {
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
// The actual error payload. The nested message structure is for backward
|
||||
// compatibility with Google API client libraries. It also makes the error
|
||||
// more readable to developers.
|
||||
Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
|
||||
}
|
||||
|
||||
func (x *Error) Reset() {
|
||||
*x = Error{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
}
|
||||
|
||||
func (x *Error) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*Error) ProtoMessage() {}
|
||||
|
||||
func (x *Error) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use Error.ProtoReflect.Descriptor instead.
|
||||
func (*Error) Descriptor() ([]byte, []int) {
|
||||
return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0}
|
||||
}
|
||||
|
||||
func (x *Error) GetError() *Error_Status {
|
||||
if x != nil {
|
||||
return x.Error
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// This message has the same semantics as `google.rpc.Status`. It uses HTTP
|
||||
// status code instead of gRPC status code. It has an extra field `status`
|
||||
// for backward compatibility with Google API Client Libraries.
|
||||
type Error_Status struct {
|
||||
state protoimpl.MessageState
|
||||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
// The HTTP status code that corresponds to `google.rpc.Status.code`.
|
||||
Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
|
||||
// This corresponds to `google.rpc.Status.message`.
|
||||
Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
|
||||
// This is the enum version for `google.rpc.Status.code`.
|
||||
Status code.Code `protobuf:"varint,4,opt,name=status,proto3,enum=google.rpc.Code" json:"status,omitempty"`
|
||||
// This corresponds to `google.rpc.Status.details`.
|
||||
Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"`
|
||||
}
|
||||
|
||||
func (x *Error_Status) Reset() {
|
||||
*x = Error_Status{}
|
||||
if protoimpl.UnsafeEnabled {
|
||||
mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
}
|
||||
|
||||
func (x *Error_Status) String() string {
|
||||
return protoimpl.X.MessageStringOf(x)
|
||||
}
|
||||
|
||||
func (*Error_Status) ProtoMessage() {}
|
||||
|
||||
func (x *Error_Status) ProtoReflect() protoreflect.Message {
|
||||
mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
|
||||
if protoimpl.UnsafeEnabled && x != nil {
|
||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
||||
if ms.LoadMessageInfo() == nil {
|
||||
ms.StoreMessageInfo(mi)
|
||||
}
|
||||
return ms
|
||||
}
|
||||
return mi.MessageOf(x)
|
||||
}
|
||||
|
||||
// Deprecated: Use Error_Status.ProtoReflect.Descriptor instead.
|
||||
func (*Error_Status) Descriptor() ([]byte, []int) {
|
||||
return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0, 0}
|
||||
}
|
||||
|
||||
func (x *Error_Status) GetCode() int32 {
|
||||
if x != nil {
|
||||
return x.Code
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *Error_Status) GetMessage() string {
|
||||
if x != nil {
|
||||
return x.Message
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func (x *Error_Status) GetStatus() code.Code {
|
||||
if x != nil {
|
||||
return x.Status
|
||||
}
|
||||
return code.Code(0)
|
||||
}
|
||||
|
||||
func (x *Error_Status) GetDetails() []*anypb.Any {
|
||||
if x != nil {
|
||||
return x.Details
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
var File_apierror_internal_proto_error_proto protoreflect.FileDescriptor
|
||||
|
||||
var file_apierror_internal_proto_error_proto_rawDesc = []byte{
|
||||
0x0a, 0x23, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
|
||||
0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
|
||||
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x19, 0x67, 0x6f,
|
||||
0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e,
|
||||
0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
|
||||
0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5,
|
||||
0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x29, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
|
||||
0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
|
||||
0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x65, 0x72,
|
||||
0x72, 0x6f, 0x72, 0x1a, 0x90, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
|
||||
0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f,
|
||||
0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20,
|
||||
0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x28, 0x0a, 0x06,
|
||||
0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x67,
|
||||
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x06,
|
||||
0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c,
|
||||
0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
|
||||
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64,
|
||||
0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
|
||||
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f,
|
||||
0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72,
|
||||
0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
|
||||
0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f,
|
||||
0x74, 0x6f, 0x33,
|
||||
}
|
||||
|
||||
var (
|
||||
file_apierror_internal_proto_error_proto_rawDescOnce sync.Once
|
||||
file_apierror_internal_proto_error_proto_rawDescData = file_apierror_internal_proto_error_proto_rawDesc
|
||||
)
|
||||
|
||||
func file_apierror_internal_proto_error_proto_rawDescGZIP() []byte {
|
||||
file_apierror_internal_proto_error_proto_rawDescOnce.Do(func() {
|
||||
file_apierror_internal_proto_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_apierror_internal_proto_error_proto_rawDescData)
|
||||
})
|
||||
return file_apierror_internal_proto_error_proto_rawDescData
|
||||
}
|
||||
|
||||
var file_apierror_internal_proto_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
|
||||
var file_apierror_internal_proto_error_proto_goTypes = []interface{}{
|
||||
(*Error)(nil), // 0: error.Error
|
||||
(*Error_Status)(nil), // 1: error.Error.Status
|
||||
(code.Code)(0), // 2: google.rpc.Code
|
||||
(*anypb.Any)(nil), // 3: google.protobuf.Any
|
||||
}
|
||||
var file_apierror_internal_proto_error_proto_depIdxs = []int32{
|
||||
1, // 0: error.Error.error:type_name -> error.Error.Status
|
||||
2, // 1: error.Error.Status.status:type_name -> google.rpc.Code
|
||||
3, // 2: error.Error.Status.details:type_name -> google.protobuf.Any
|
||||
3, // [3:3] is the sub-list for method output_type
|
||||
3, // [3:3] is the sub-list for method input_type
|
||||
3, // [3:3] is the sub-list for extension type_name
|
||||
3, // [3:3] is the sub-list for extension extendee
|
||||
0, // [0:3] is the sub-list for field type_name
|
||||
}
|
||||
|
||||
func init() { file_apierror_internal_proto_error_proto_init() }
|
||||
func file_apierror_internal_proto_error_proto_init() {
|
||||
if File_apierror_internal_proto_error_proto != nil {
|
||||
return
|
||||
}
|
||||
if !protoimpl.UnsafeEnabled {
|
||||
file_apierror_internal_proto_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*Error); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
case 1:
|
||||
return &v.sizeCache
|
||||
case 2:
|
||||
return &v.unknownFields
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
file_apierror_internal_proto_error_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
||||
switch v := v.(*Error_Status); i {
|
||||
case 0:
|
||||
return &v.state
|
||||
case 1:
|
||||
return &v.sizeCache
|
||||
case 2:
|
||||
return &v.unknownFields
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
type x struct{}
|
||||
out := protoimpl.TypeBuilder{
|
||||
File: protoimpl.DescBuilder{
|
||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
||||
RawDescriptor: file_apierror_internal_proto_error_proto_rawDesc,
|
||||
NumEnums: 0,
|
||||
NumMessages: 2,
|
||||
NumExtensions: 0,
|
||||
NumServices: 0,
|
||||
},
|
||||
GoTypes: file_apierror_internal_proto_error_proto_goTypes,
|
||||
DependencyIndexes: file_apierror_internal_proto_error_proto_depIdxs,
|
||||
MessageInfos: file_apierror_internal_proto_error_proto_msgTypes,
|
||||
}.Build()
|
||||
File_apierror_internal_proto_error_proto = out.File
|
||||
file_apierror_internal_proto_error_proto_rawDesc = nil
|
||||
file_apierror_internal_proto_error_proto_goTypes = nil
|
||||
file_apierror_internal_proto_error_proto_depIdxs = nil
|
||||
}
|
46
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
generated
vendored
Normal file
46
vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
generated
vendored
Normal file
|
@ -0,0 +1,46 @@
|
|||
// Copyright 2021 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
syntax = "proto3";
|
||||
|
||||
package error;
|
||||
|
||||
import "google/protobuf/any.proto";
|
||||
import "google/rpc/code.proto";
|
||||
|
||||
option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
|
||||
|
||||
// The error format v2 for Google JSON REST APIs.
|
||||
// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
|
||||
//
|
||||
// NOTE: This schema is not used for other wire protocols.
|
||||
message Error {
|
||||
// This message has the same semantics as `google.rpc.Status`. It uses HTTP
|
||||
// status code instead of gRPC status code. It has an extra field `status`
|
||||
// for backward compatibility with Google API Client Libraries.
|
||||
message Status {
|
||||
// The HTTP status code that corresponds to `google.rpc.Status.code`.
|
||||
int32 code = 1;
|
||||
// This corresponds to `google.rpc.Status.message`.
|
||||
string message = 2;
|
||||
// This is the enum version for `google.rpc.Status.code`.
|
||||
google.rpc.Code status = 4;
|
||||
// This corresponds to `google.rpc.Status.details`.
|
||||
repeated google.protobuf.Any details = 5;
|
||||
}
|
||||
// The actual error payload. The nested message structure is for backward
|
||||
// compatibility with Google API client libraries. It also makes the error
|
||||
// more readable to developers.
|
||||
Status error = 1;
|
||||
}
|
101
vendor/github.com/googleapis/gax-go/v2/call_option.go
generated
vendored
101
vendor/github.com/googleapis/gax-go/v2/call_option.go
generated
vendored
|
@ -30,9 +30,11 @@
|
|||
package gax
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"math/rand"
|
||||
"time"
|
||||
|
||||
"google.golang.org/api/googleapi"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
@ -47,7 +49,7 @@ type CallOption interface {
|
|||
|
||||
// Retryer is used by Invoke to determine retry behavior.
|
||||
type Retryer interface {
|
||||
// Retry reports whether a request should be retriedand how long to pause before retrying
|
||||
// Retry reports whether a request should be retried and how long to pause before retrying
|
||||
// if the previous attempt returned with err. Invoke never calls Retry with nil error.
|
||||
Retry(err error) (pause time.Duration, shouldRetry bool)
|
||||
}
|
||||
|
@ -63,6 +65,31 @@ func WithRetry(fn func() Retryer) CallOption {
|
|||
return retryerOption(fn)
|
||||
}
|
||||
|
||||
// OnErrorFunc returns a Retryer that retries if and only if the previous attempt
|
||||
// returns an error that satisfies shouldRetry.
|
||||
//
|
||||
// Pause times between retries are specified by bo. bo is only used for its
|
||||
// parameters; each Retryer has its own copy.
|
||||
func OnErrorFunc(bo Backoff, shouldRetry func(err error) bool) Retryer {
|
||||
return &errorRetryer{
|
||||
shouldRetry: shouldRetry,
|
||||
backoff: bo,
|
||||
}
|
||||
}
|
||||
|
||||
type errorRetryer struct {
|
||||
backoff Backoff
|
||||
shouldRetry func(err error) bool
|
||||
}
|
||||
|
||||
func (r *errorRetryer) Retry(err error) (time.Duration, bool) {
|
||||
if r.shouldRetry(err) {
|
||||
return r.backoff.Pause(), true
|
||||
}
|
||||
|
||||
return 0, false
|
||||
}
|
||||
|
||||
// OnCodes returns a Retryer that retries if and only if
|
||||
// the previous attempt returns a GRPC error whose error code is stored in cc.
|
||||
// Pause times between retries are specified by bo.
|
||||
|
@ -94,22 +121,60 @@ func (r *boRetryer) Retry(err error) (time.Duration, bool) {
|
|||
return 0, false
|
||||
}
|
||||
|
||||
// Backoff implements exponential backoff.
|
||||
// The wait time between retries is a random value between 0 and the "retry envelope".
|
||||
// The envelope starts at Initial and increases by the factor of Multiplier every retry,
|
||||
// but is capped at Max.
|
||||
// OnHTTPCodes returns a Retryer that retries if and only if
|
||||
// the previous attempt returns a googleapi.Error whose status code is stored in
|
||||
// cc. Pause times between retries are specified by bo.
|
||||
//
|
||||
// bo is only used for its parameters; each Retryer has its own copy.
|
||||
func OnHTTPCodes(bo Backoff, cc ...int) Retryer {
|
||||
codes := make(map[int]bool, len(cc))
|
||||
for _, c := range cc {
|
||||
codes[c] = true
|
||||
}
|
||||
|
||||
return &httpRetryer{
|
||||
backoff: bo,
|
||||
codes: codes,
|
||||
}
|
||||
}
|
||||
|
||||
type httpRetryer struct {
|
||||
backoff Backoff
|
||||
codes map[int]bool
|
||||
}
|
||||
|
||||
func (r *httpRetryer) Retry(err error) (time.Duration, bool) {
|
||||
var gerr *googleapi.Error
|
||||
if !errors.As(err, &gerr) {
|
||||
return 0, false
|
||||
}
|
||||
|
||||
if r.codes[gerr.Code] {
|
||||
return r.backoff.Pause(), true
|
||||
}
|
||||
|
||||
return 0, false
|
||||
}
|
||||
|
||||
// Backoff implements exponential backoff. The wait time between retries is a
|
||||
// random value between 0 and the "retry period" - the time between retries. The
|
||||
// retry period starts at Initial and increases by the factor of Multiplier
|
||||
// every retry, but is capped at Max.
|
||||
//
|
||||
// Note: MaxNumRetries / RPCDeadline is specifically not provided. These should
|
||||
// be built on top of Backoff.
|
||||
type Backoff struct {
|
||||
// Initial is the initial value of the retry envelope, defaults to 1 second.
|
||||
// Initial is the initial value of the retry period, defaults to 1 second.
|
||||
Initial time.Duration
|
||||
|
||||
// Max is the maximum value of the retry envelope, defaults to 30 seconds.
|
||||
// Max is the maximum value of the retry period, defaults to 30 seconds.
|
||||
Max time.Duration
|
||||
|
||||
// Multiplier is the factor by which the retry envelope increases.
|
||||
// Multiplier is the factor by which the retry period increases.
|
||||
// It should be greater than 1 and defaults to 2.
|
||||
Multiplier float64
|
||||
|
||||
// cur is the current retry envelope
|
||||
// cur is the current retry period.
|
||||
cur time.Duration
|
||||
}
|
||||
|
||||
|
@ -145,6 +210,21 @@ func (o grpcOpt) Resolve(s *CallSettings) {
|
|||
s.GRPC = o
|
||||
}
|
||||
|
||||
type pathOpt struct {
|
||||
p string
|
||||
}
|
||||
|
||||
func (p pathOpt) Resolve(s *CallSettings) {
|
||||
s.Path = p.p
|
||||
}
|
||||
|
||||
// WithPath applies a Path override to the HTTP-based APICall.
|
||||
//
|
||||
// This is for internal use only.
|
||||
func WithPath(p string) CallOption {
|
||||
return &pathOpt{p: p}
|
||||
}
|
||||
|
||||
// WithGRPCOptions allows passing gRPC call options during client creation.
|
||||
func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
|
||||
return grpcOpt(append([]grpc.CallOption(nil), opt...))
|
||||
|
@ -158,4 +238,7 @@ type CallSettings struct {
|
|||
|
||||
// CallOptions to be forwarded to GRPC.
|
||||
GRPC []grpc.CallOption
|
||||
|
||||
// Path is an HTTP override for an APICall.
|
||||
Path string
|
||||
}
|
||||
|
|
4
vendor/github.com/googleapis/gax-go/v2/gax.go
generated
vendored
4
vendor/github.com/googleapis/gax-go/v2/gax.go
generated
vendored
|
@ -35,5 +35,7 @@
|
|||
// to simplify code generation and to provide more convenient and idiomatic API surfaces.
|
||||
package gax
|
||||
|
||||
import "github.com/googleapis/gax-go/v2/internal"
|
||||
|
||||
// Version specifies the gax-go version being used.
|
||||
const Version = "2.0.4"
|
||||
const Version = internal.Version
|
||||
|
|
33
vendor/github.com/googleapis/gax-go/v2/internal/version.go
generated
vendored
Normal file
33
vendor/github.com/googleapis/gax-go/v2/internal/version.go
generated
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
// Copyright 2022, Google Inc.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following disclaimer
|
||||
// in the documentation and/or other materials provided with the
|
||||
// distribution.
|
||||
// * Neither the name of Google Inc. nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from
|
||||
// this software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
package internal
|
||||
|
||||
// Version is the current tagged release of the library.
|
||||
const Version = "2.4.0"
|
15
vendor/github.com/googleapis/gax-go/v2/invoke.go
generated
vendored
15
vendor/github.com/googleapis/gax-go/v2/invoke.go
generated
vendored
|
@ -33,13 +33,15 @@ import (
|
|||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/googleapis/gax-go/v2/apierror"
|
||||
)
|
||||
|
||||
// APICall is a user defined call stub.
|
||||
type APICall func(context.Context, CallSettings) error
|
||||
|
||||
// Invoke calls the given APICall,
|
||||
// performing retries as specified by opts, if any.
|
||||
// Invoke calls the given APICall, performing retries as specified by opts, if
|
||||
// any.
|
||||
func Invoke(ctx context.Context, call APICall, opts ...CallOption) error {
|
||||
var settings CallSettings
|
||||
for _, opt := range opts {
|
||||
|
@ -71,9 +73,6 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper
|
|||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
if settings.Retry == nil {
|
||||
return err
|
||||
}
|
||||
// Never retry permanent certificate errors. (e.x. if ca-certificates
|
||||
// are not installed). We should only make very few, targeted
|
||||
// exceptions: many (other) status=Unavailable should be retried, such
|
||||
|
@ -83,6 +82,12 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper
|
|||
if strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
|
||||
return err
|
||||
}
|
||||
if apierr, ok := apierror.FromError(err); ok {
|
||||
err = apierr
|
||||
}
|
||||
if settings.Retry == nil {
|
||||
return err
|
||||
}
|
||||
if retryer == nil {
|
||||
if r := settings.Retry(); r != nil {
|
||||
retryer = r
|
||||
|
|
126
vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
generated
vendored
Normal file
126
vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
generated
vendored
Normal file
|
@ -0,0 +1,126 @@
|
|||
// Copyright 2022, Google Inc.
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following disclaimer
|
||||
// in the documentation and/or other materials provided with the
|
||||
// distribution.
|
||||
// * Neither the name of Google Inc. nor the names of its
|
||||
// contributors may be used to endorse or promote products derived from
|
||||
// this software without specific prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
package gax
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io"
|
||||
|
||||
"google.golang.org/protobuf/encoding/protojson"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"google.golang.org/protobuf/reflect/protoreflect"
|
||||
)
|
||||
|
||||
var (
|
||||
arrayOpen = json.Delim('[')
|
||||
arrayClose = json.Delim(']')
|
||||
errBadOpening = errors.New("unexpected opening token, expected '['")
|
||||
)
|
||||
|
||||
// ProtoJSONStream represents a wrapper for consuming a stream of protobuf
|
||||
// messages encoded using protobuf-JSON format. More information on this format
|
||||
// can be found at https://developers.google.com/protocol-buffers/docs/proto3#json.
|
||||
// The stream must appear as a comma-delimited, JSON array of obbjects with
|
||||
// opening and closing square braces.
|
||||
//
|
||||
// This is for internal use only.
|
||||
type ProtoJSONStream struct {
|
||||
first, closed bool
|
||||
reader io.ReadCloser
|
||||
stream *json.Decoder
|
||||
typ protoreflect.MessageType
|
||||
}
|
||||
|
||||
// NewProtoJSONStreamReader accepts a stream of bytes via an io.ReadCloser that are
|
||||
// protobuf-JSON encoded protobuf messages of the given type. The ProtoJSONStream
|
||||
// must be closed when done.
|
||||
//
|
||||
// This is for internal use only.
|
||||
func NewProtoJSONStreamReader(rc io.ReadCloser, typ protoreflect.MessageType) *ProtoJSONStream {
|
||||
return &ProtoJSONStream{
|
||||
first: true,
|
||||
reader: rc,
|
||||
stream: json.NewDecoder(rc),
|
||||
typ: typ,
|
||||
}
|
||||
}
|
||||
|
||||
// Recv decodes the next protobuf message in the stream or returns io.EOF if
|
||||
// the stream is done. It is not safe to call Recv on the same stream from
|
||||
// different goroutines, just like it is not safe to do so with a single gRPC
|
||||
// stream. Type-cast the protobuf message returned to the type provided at
|
||||
// ProtoJSONStream creation.
|
||||
// Calls to Recv after calling Close will produce io.EOF.
|
||||
func (s *ProtoJSONStream) Recv() (proto.Message, error) {
|
||||
if s.closed {
|
||||
return nil, io.EOF
|
||||
}
|
||||
if s.first {
|
||||
s.first = false
|
||||
|
||||
// Consume the opening '[' so Decode gets one object at a time.
|
||||
if t, err := s.stream.Token(); err != nil {
|
||||
return nil, err
|
||||
} else if t != arrayOpen {
|
||||
return nil, errBadOpening
|
||||
}
|
||||
}
|
||||
|
||||
// Capture the next block of data for the item (a JSON object) in the stream.
|
||||
var raw json.RawMessage
|
||||
if err := s.stream.Decode(&raw); err != nil {
|
||||
e := err
|
||||
// To avoid checking the first token of each stream, just attempt to
|
||||
// Decode the next blob and if that fails, double check if it is just
|
||||
// the closing token ']'. If it is the closing, return io.EOF. If it
|
||||
// isn't, return the original error.
|
||||
if t, _ := s.stream.Token(); t == arrayClose {
|
||||
e = io.EOF
|
||||
}
|
||||
return nil, e
|
||||
}
|
||||
|
||||
// Initialize a new instance of the protobuf message to unmarshal the
|
||||
// raw data into.
|
||||
m := s.typ.New().Interface()
|
||||
err := protojson.Unmarshal(raw, m)
|
||||
|
||||
return m, err
|
||||
}
|
||||
|
||||
// Close closes the stream so that resources are cleaned up.
|
||||
func (s *ProtoJSONStream) Close() error {
|
||||
// Dereference the *json.Decoder so that the memory is gc'd.
|
||||
s.stream = nil
|
||||
s.closed = true
|
||||
|
||||
return s.reader.Close()
|
||||
}
|
10
vendor/github.com/googleapis/gax-go/v2/release-please-config.json
generated
vendored
Normal file
10
vendor/github.com/googleapis/gax-go/v2/release-please-config.json
generated
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"release-type": "go-yoshi",
|
||||
"separate-pull-requests": true,
|
||||
"include-component-in-tag": false,
|
||||
"packages": {
|
||||
"v2": {
|
||||
"component": "v2"
|
||||
}
|
||||
}
|
||||
}
|
8
vendor/github.com/moby/swarmkit/v2/agent/csi/plugin/manager.go
generated
vendored
8
vendor/github.com/moby/swarmkit/v2/agent/csi/plugin/manager.go
generated
vendored
|
@ -18,9 +18,9 @@ const (
|
|||
DockerCSIPluginCap = "csinode"
|
||||
)
|
||||
|
||||
// PluginManager manages the multiple CSI plugins that may be in use on the
|
||||
// node. PluginManager should be thread-safe.
|
||||
type PluginManager interface {
|
||||
// Manager manages the multiple CSI plugins that may be in use on the
|
||||
// node. Manager should be thread-safe.
|
||||
type Manager interface {
|
||||
// Get gets the plugin with the given name
|
||||
Get(name string) (NodePlugin, error)
|
||||
|
||||
|
@ -43,7 +43,7 @@ type pluginManager struct {
|
|||
pg plugingetter.PluginGetter
|
||||
}
|
||||
|
||||
func NewPluginManager(pg plugingetter.PluginGetter, secrets SecretGetter) PluginManager {
|
||||
func NewManager(pg plugingetter.PluginGetter, secrets SecretGetter) Manager {
|
||||
return &pluginManager{
|
||||
plugins: map[string]NodePlugin{},
|
||||
newNodePluginFunc: NewNodePlugin,
|
||||
|
|
11
vendor/github.com/moby/swarmkit/v2/agent/csi/plugin/manager_deprecated.go
generated
vendored
Normal file
11
vendor/github.com/moby/swarmkit/v2/agent/csi/plugin/manager_deprecated.go
generated
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
package plugin
|
||||
|
||||
// Deprecated: use [Manager].
|
||||
//
|
||||
//nolint:revive // exported: type name will be used as plugin.PluginManager by other packages
|
||||
type PluginManager = Manager
|
||||
|
||||
// Deprecated: use [NewManager].
|
||||
//
|
||||
//nolint:unused
|
||||
var NewPluginManager = NewManager
|
10
vendor/github.com/moby/swarmkit/v2/agent/csi/volumes.go
generated
vendored
10
vendor/github.com/moby/swarmkit/v2/agent/csi/volumes.go
generated
vendored
|
@ -17,7 +17,7 @@ import (
|
|||
"github.com/moby/swarmkit/v2/volumequeue"
|
||||
)
|
||||
|
||||
const CSI_CALL_TIMEOUT = 15 * time.Second
|
||||
const csiCallTimeout = 15 * time.Second
|
||||
|
||||
// volumeState keeps track of the state of a volume on this node.
|
||||
type volumeState struct {
|
||||
|
@ -39,8 +39,8 @@ type volumes struct {
|
|||
// volumes is a mapping of volume ID to volumeState
|
||||
volumes map[string]volumeState
|
||||
|
||||
// plugins is the PluginManager, which provides translation to the CSI RPCs
|
||||
plugins plugin.PluginManager
|
||||
// plugins is the Manager, which provides translation to the CSI RPCs
|
||||
plugins plugin.Manager
|
||||
|
||||
// pendingVolumes is a VolumeQueue which manages which volumes are
|
||||
// processed and when.
|
||||
|
@ -51,7 +51,7 @@ type volumes struct {
|
|||
func NewManager(pg plugingetter.PluginGetter, secrets exec.SecretGetter) exec.VolumesManager {
|
||||
r := &volumes{
|
||||
volumes: map[string]volumeState{},
|
||||
plugins: plugin.NewPluginManager(pg, secrets),
|
||||
plugins: plugin.NewManager(pg, secrets),
|
||||
pendingVolumes: volumequeue.NewVolumeQueue(),
|
||||
}
|
||||
go r.retryVolumes()
|
||||
|
@ -107,7 +107,7 @@ func (r *volumes) tryVolume(ctx context.Context, id string, attempt uint) {
|
|||
// These are too complicated to be worth the engineering effort at this
|
||||
// time.
|
||||
|
||||
timeoutCtx, cancel := context.WithTimeout(ctx, CSI_CALL_TIMEOUT)
|
||||
timeoutCtx, cancel := context.WithTimeout(ctx, csiCallTimeout)
|
||||
// always gotta call the WithTimeout cancel
|
||||
defer cancel()
|
||||
|
||||
|
|
3
vendor/github.com/moby/swarmkit/v2/agent/exec/controller_stub.go
generated
vendored
3
vendor/github.com/moby/swarmkit/v2/agent/exec/controller_stub.go
generated
vendored
|
@ -21,7 +21,6 @@ type StubController struct {
|
|||
RemoveFn func(ctx context.Context) error
|
||||
CloseFn func() error
|
||||
calls map[string]int
|
||||
cstatus *api.ContainerStatus
|
||||
}
|
||||
|
||||
// NewStubController returns an initialized StubController
|
||||
|
@ -38,7 +37,7 @@ func (sc *StubController) called() {
|
|||
if !ok {
|
||||
panic("Failed to find caller of function")
|
||||
}
|
||||
// longName looks like 'github.com/docker/swarmkit/agent/exec.(*StubController).Prepare:1'
|
||||
// longName looks like 'github.com/moby/swarmkit/agent/exec.(*StubController).Prepare:1'
|
||||
longName := runtime.FuncForPC(pc).Name()
|
||||
parts := strings.Split(longName, ".")
|
||||
tail := strings.Split(parts[len(parts)-1], ":")
|
||||
|
|
4
vendor/github.com/moby/swarmkit/v2/agent/exec/executor.go
generated
vendored
4
vendor/github.com/moby/swarmkit/v2/agent/exec/executor.go
generated
vendored
|
@ -112,9 +112,9 @@ type VolumesManager interface {
|
|||
Plugins() VolumePluginManager
|
||||
}
|
||||
|
||||
// PluginManager is the interface for accessing the volume plugin manager from
|
||||
// VolumePluginManager is the interface for accessing the volume plugin manager from
|
||||
// the executor. This is identical to
|
||||
// github.com/docker/swarmkit/agent/csi/plugin.PluginManager, except the former
|
||||
// github.com/moby/swarmkit/agent/csi/plugin.PluginManager, except the former
|
||||
// also includes a Get method for the VolumesManager to use. This does not
|
||||
// contain that Get method, to avoid having to import the Plugin type, and
|
||||
// because in this context, it is not needed.
|
||||
|
|
5
vendor/github.com/moby/swarmkit/v2/agent/reporter.go
generated
vendored
5
vendor/github.com/moby/swarmkit/v2/agent/reporter.go
generated
vendored
|
@ -15,7 +15,7 @@ type StatusReporter interface {
|
|||
UpdateTaskStatus(ctx context.Context, taskID string, status *api.TaskStatus) error
|
||||
}
|
||||
|
||||
// Reporter recieves update to both task and volume status.
|
||||
// Reporter receives update to both task and volume status.
|
||||
type Reporter interface {
|
||||
StatusReporter
|
||||
ReportVolumeUnpublished(ctx context.Context, volumeID string) error
|
||||
|
@ -27,12 +27,15 @@ func (fn statusReporterFunc) UpdateTaskStatus(ctx context.Context, taskID string
|
|||
return fn(ctx, taskID, status)
|
||||
}
|
||||
|
||||
//nolint:unused // currently only used in tests.
|
||||
type volumeReporterFunc func(ctx context.Context, volumeID string) error
|
||||
|
||||
//nolint:unused // currently only used in tests.
|
||||
func (fn volumeReporterFunc) ReportVolumeUnpublished(ctx context.Context, volumeID string) error {
|
||||
return fn(ctx, volumeID)
|
||||
}
|
||||
|
||||
//nolint:unused // currently only used in tests.
|
||||
type statusReporterCombined struct {
|
||||
statusReporterFunc
|
||||
volumeReporterFunc
|
||||
|
|
1
vendor/github.com/moby/swarmkit/v2/agent/session.go
generated
vendored
1
vendor/github.com/moby/swarmkit/v2/agent/session.go
generated
vendored
|
@ -391,6 +391,7 @@ func (s *session) sendTaskStatus(ctx context.Context, taskID string, taskStatus
|
|||
return nil
|
||||
}
|
||||
|
||||
//nolint:unused // TODO(thaJeztah) this is currently unused: is it safe to remove?
|
||||
func (s *session) sendTaskStatuses(ctx context.Context, updates ...*api.UpdateTaskStatusRequest_TaskStatusUpdate) ([]*api.UpdateTaskStatusRequest_TaskStatusUpdate, error) {
|
||||
if len(updates) < 1 {
|
||||
return nil, nil
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue