From d30a95236d7998bd20753abc9dab434dfd416ae4 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 14 Aug 2020 15:33:50 -0700 Subject: [PATCH] Use always go.step.sm/crypto --- acme/api/handler_test.go | 2 +- acme/api/middleware.go | 6 +++--- acme/api/order_test.go | 2 +- acme/certificate_test.go | 2 +- authority/authority.go | 2 +- authority/authority_test.go | 2 +- authority/authorize_test.go | 2 +- authority/provisioner/k8sSA.go | 2 +- authority/provisioner/options_test.go | 2 +- authority/provisioner/sign_options_test.go | 2 +- authority/provisioner/sign_ssh_options.go | 6 +++--- authority/provisioner/sign_ssh_options_test.go | 4 ++-- authority/provisioner/sshpop_test.go | 2 +- authority/provisioner/utils_test.go | 2 +- authority/provisioner/x5c_test.go | 2 +- authority/root_test.go | 2 +- authority/tls.go | 6 +++--- authority/tls_test.go | 8 ++++---- ca/acmeClient_test.go | 2 +- ca/ca_test.go | 8 ++++---- ca/client.go | 6 +++--- ca/identity/identity.go | 2 +- ca/identity/identity_test.go | 2 +- ca/provisioner_test.go | 2 +- cmd/step-awskms-init/main.go | 2 +- cmd/step-cloudkms-init/main.go | 2 +- cmd/step-yubikey-init/main.go | 2 +- go.mod | 4 ++-- go.sum | 3 +++ kms/awskms/awskms.go | 2 +- kms/awskms/awskms_test.go | 2 +- kms/awskms/signer.go | 2 +- kms/awskms/signer_test.go | 2 +- kms/cloudkms/cloudkms.go | 2 +- kms/cloudkms/cloudkms_test.go | 2 +- kms/cloudkms/signer.go | 2 +- kms/cloudkms/signer_test.go | 2 +- kms/softkms/softkms.go | 13 ++++++++++--- kms/softkms/softkms_test.go | 2 +- pki/pki.go | 8 ++++---- 40 files changed, 70 insertions(+), 60 deletions(-) diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go index f8bac96c..34493357 100644 --- a/acme/api/handler_test.go +++ b/acme/api/handler_test.go @@ -19,8 +19,8 @@ import ( "github.com/smallstep/certificates/acme" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" ) type mockAcmeAuthority struct { diff --git a/acme/api/middleware.go b/acme/api/middleware.go index f7d7dcf4..a847db64 100644 --- a/acme/api/middleware.go +++ b/acme/api/middleware.go @@ -14,9 +14,9 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/logging" - "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/jose" "github.com/smallstep/nosql" + "go.step.sm/crypto/keyutil" ) type nextHTTP = func(http.ResponseWriter, *http.Request) @@ -173,10 +173,10 @@ func (h *Handler) validateJWS(next nextHTTP) nextHTTP { if hdr.JSONWebKey != nil { switch k := hdr.JSONWebKey.Key.(type) { case *rsa.PublicKey: - if k.Size() < keys.MinRSAKeyBytes { + if k.Size() < keyutil.MinRSAKeyBytes { api.WriteError(w, acme.MalformedErr(errors.Errorf("rsa "+ "keys must be at least %d bits (%d bytes) in size", - 8*keys.MinRSAKeyBytes, keys.MinRSAKeyBytes))) + 8*keyutil.MinRSAKeyBytes, keyutil.MinRSAKeyBytes))) return } default: diff --git a/acme/api/order_test.go b/acme/api/order_test.go index 487b8669..a1c8fef7 100644 --- a/acme/api/order_test.go +++ b/acme/api/order_test.go @@ -17,7 +17,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/acme" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestNewOrderRequestValidate(t *testing.T) { diff --git a/acme/certificate_test.go b/acme/certificate_test.go index e99eb5af..a4b8f91a 100644 --- a/acme/certificate_test.go +++ b/acme/certificate_test.go @@ -10,9 +10,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/nosql" "github.com/smallstep/nosql/database" + "go.step.sm/crypto/pemutil" ) func defaultCertOps() (*CertOptions, error) { diff --git a/authority/authority.go b/authority/authority.go index 36bfe334..a0a80b62 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -16,7 +16,7 @@ import ( "github.com/smallstep/certificates/kms" kmsapi "github.com/smallstep/certificates/kms/apiv1" "github.com/smallstep/certificates/templates" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/authority_test.go b/authority/authority_test.go index f87f1df3..0f294a23 100644 --- a/authority/authority_test.go +++ b/authority/authority_test.go @@ -15,8 +15,8 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" - "github.com/smallstep/cli/crypto/pemutil" stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" ) func testAuthority(t *testing.T, opts ...Option) *Authority { diff --git a/authority/authorize_test.go b/authority/authorize_test.go index 167f11d0..f0c359c0 100644 --- a/authority/authorize_test.go +++ b/authority/authorize_test.go @@ -17,8 +17,8 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" "gopkg.in/square/go-jose.v2/jwt" diff --git a/authority/provisioner/k8sSA.go b/authority/provisioner/k8sSA.go index ee48d283..10309ced 100644 --- a/authority/provisioner/k8sSA.go +++ b/authority/provisioner/k8sSA.go @@ -11,8 +11,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/sshutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/options_test.go b/authority/provisioner/options_test.go index 38d50e3e..718a20bd 100644 --- a/authority/provisioner/options_test.go +++ b/authority/provisioner/options_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" ) diff --git a/authority/provisioner/sign_options_test.go b/authority/provisioner/sign_options_test.go index 28b0dc82..5d3a5d3a 100644 --- a/authority/provisioner/sign_options_test.go +++ b/authority/provisioner/sign_options_test.go @@ -12,7 +12,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func Test_emailOnlyIdentity_Valid(t *testing.T) { diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go index d948ddac..a872513e 100644 --- a/authority/provisioner/sign_ssh_options.go +++ b/authority/provisioner/sign_ssh_options.go @@ -8,7 +8,7 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/keys" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -423,9 +423,9 @@ func (v sshDefaultPublicKeyValidator) Valid(cert *ssh.Certificate, o SignSSHOpti if err != nil { return err } - if key.Size() < keys.MinRSAKeyBytes { + if key.Size() < keyutil.MinRSAKeyBytes { return errors.Errorf("ssh certificate key must be at least %d bits (%d bytes)", - 8*keys.MinRSAKeyBytes, keys.MinRSAKeyBytes) + 8*keyutil.MinRSAKeyBytes, keyutil.MinRSAKeyBytes) } return nil case ssh.KeyAlgoDSA: diff --git a/authority/provisioner/sign_ssh_options_test.go b/authority/provisioner/sign_ssh_options_test.go index 9ab72a51..693690f6 100644 --- a/authority/provisioner/sign_ssh_options_test.go +++ b/authority/provisioner/sign_ssh_options_test.go @@ -7,7 +7,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/keys" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -489,7 +489,7 @@ func Test_sshDefaultExtensionModifier_Modify(t *testing.T) { } func Test_sshCertDefaultValidator_Valid(t *testing.T) { - pub, _, err := keys.GenerateDefaultKeyPair() + pub, _, err := keyutil.GenerateDefaultKeyPair() assert.FatalError(t, err) sshPub, err := ssh.NewPublicKey(pub) assert.FatalError(t, err) diff --git a/authority/provisioner/sshpop_test.go b/authority/provisioner/sshpop_test.go index 5863b6f9..b35601d4 100644 --- a/authority/provisioner/sshpop_test.go +++ b/authority/provisioner/sshpop_test.go @@ -13,8 +13,8 @@ import ( "github.com/smallstep/assert" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/utils_test.go b/authority/provisioner/utils_test.go index 19c6436d..62efe8e2 100644 --- a/authority/provisioner/utils_test.go +++ b/authority/provisioner/utils_test.go @@ -16,8 +16,8 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" ) diff --git a/authority/provisioner/x5c_test.go b/authority/provisioner/x5c_test.go index 58130413..c1f9bf66 100644 --- a/authority/provisioner/x5c_test.go +++ b/authority/provisioner/x5c_test.go @@ -9,8 +9,8 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" ) diff --git a/authority/root_test.go b/authority/root_test.go index a936b66f..6e5f1932 100644 --- a/authority/root_test.go +++ b/authority/root_test.go @@ -9,7 +9,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestRoot(t *testing.T) { diff --git a/authority/tls.go b/authority/tls.go index 4dd7fecf..08741972 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -15,9 +15,9 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" ) @@ -363,7 +363,7 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) { } // Generate default key. - priv, err := keys.GenerateDefaultKey() + priv, err := keyutil.GenerateDefaultKey() if err != nil { return fatal(err) } diff --git a/authority/tls_test.go b/authority/tls_test.go index dbbabd03..e749e51e 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -22,9 +22,9 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" "gopkg.in/square/go-jose.v2/jwt" ) @@ -196,7 +196,7 @@ type basicConstraints struct { } func TestAuthority_Sign(t *testing.T) { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() assert.FatalError(t, err) a := testAuthority(t) @@ -745,7 +745,7 @@ func TestAuthority_Renew(t *testing.T) { } func TestAuthority_Rekey(t *testing.T) { - pub, _, err := keys.GenerateDefaultKeyPair() + pub, _, err := keyutil.GenerateDefaultKeyPair() assert.FatalError(t, err) a := testAuthority(t) diff --git a/ca/acmeClient_test.go b/ca/acmeClient_test.go index 5163101a..68990203 100644 --- a/ca/acmeClient_test.go +++ b/ca/acmeClient_test.go @@ -16,8 +16,8 @@ import ( "github.com/smallstep/certificates/acme" acmeAPI "github.com/smallstep/certificates/acme/api" "github.com/smallstep/certificates/api" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" ) func TestNewACMEClient(t *testing.T) { diff --git a/ca/ca_test.go b/ca/ca_test.go index 197e4cfe..aae5b729 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -25,9 +25,9 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" stepJOSE "github.com/smallstep/cli/jose" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/randutil" "go.step.sm/crypto/x509util" jose "gopkg.in/square/go-jose.v2" @@ -76,7 +76,7 @@ func TestMain(m *testing.M) { } func TestCASign(t *testing.T) { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() assert.FatalError(t, err) asn1dn := &authority.ASN1DN{ @@ -551,7 +551,7 @@ func TestCAHealth(t *testing.T) { } func TestCARenew(t *testing.T) { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() assert.FatalError(t, err) asn1dn := &authority.ASN1DN{ diff --git a/ca/client.go b/ca/client.go index 7edc1dc6..1282d6f4 100644 --- a/ca/client.go +++ b/ca/client.go @@ -28,8 +28,8 @@ import ( "github.com/smallstep/certificates/ca/identity" "github.com/smallstep/certificates/errs" "github.com/smallstep/cli/config" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" "golang.org/x/net/http2" "gopkg.in/square/go-jose.v2/jwt" @@ -1102,7 +1102,7 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error) // CreateCertificateRequest creates a new CSR with the given common name and // SANs. If no san is provided the commonName will set also a SAN. func CreateCertificateRequest(commonName string, sans ...string) (*api.CertificateRequest, crypto.PrivateKey, error) { - key, err := keys.GenerateDefaultKey() + key, err := keyutil.GenerateDefaultKey() if err != nil { return nil, nil, err } diff --git a/ca/identity/identity.go b/ca/identity/identity.go index d37628f1..c570e46c 100644 --- a/ca/identity/identity.go +++ b/ca/identity/identity.go @@ -17,7 +17,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/api" "github.com/smallstep/cli/config" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) // Type represents the different types of identity files. diff --git a/ca/identity/identity_test.go b/ca/identity/identity_test.go index 139c6917..7064cead 100644 --- a/ca/identity/identity_test.go +++ b/ca/identity/identity_test.go @@ -13,7 +13,7 @@ import ( "testing" "github.com/smallstep/certificates/api" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestLoadDefaultIdentity(t *testing.T) { diff --git a/ca/provisioner_test.go b/ca/provisioner_test.go index b3fe1346..c9910a04 100644 --- a/ca/provisioner_test.go +++ b/ca/provisioner_test.go @@ -7,8 +7,8 @@ import ( "testing" "time" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" ) diff --git a/cmd/step-awskms-init/main.go b/cmd/step-awskms-init/main.go index 2241cdd6..d7421c80 100644 --- a/cmd/step-awskms-init/main.go +++ b/cmd/step-awskms-init/main.go @@ -16,9 +16,9 @@ import ( "github.com/smallstep/certificates/kms/apiv1" "github.com/smallstep/certificates/kms/awskms" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) diff --git a/cmd/step-cloudkms-init/main.go b/cmd/step-cloudkms-init/main.go index eb23b048..9eab25bc 100644 --- a/cmd/step-cloudkms-init/main.go +++ b/cmd/step-cloudkms-init/main.go @@ -17,9 +17,9 @@ import ( "github.com/smallstep/certificates/kms/apiv1" "github.com/smallstep/certificates/kms/cloudkms" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) diff --git a/cmd/step-yubikey-init/main.go b/cmd/step-yubikey-init/main.go index 5a75a9ac..d5e81075 100644 --- a/cmd/step-yubikey-init/main.go +++ b/cmd/step-yubikey-init/main.go @@ -19,9 +19,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/kms" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/pemutil" // Enable yubikey. _ "github.com/smallstep/certificates/kms/yubikey" diff --git a/go.mod b/go.mod index 6d602db1..769900e4 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/smallstep/nosql v0.3.0 github.com/urfave/cli v1.22.2 go.step.sm/crypto v0.1.1 - golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 + golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de golang.org/x/net v0.0.0-20200202094626-16171245cfb2 google.golang.org/api v0.15.0 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb @@ -28,4 +28,4 @@ require ( // replace github.com/smallstep/cli => ../cli // replace github.com/smallstep/nosql => ../nosql -// replace go.step.sm/crypto => ../crypto +replace go.step.sm/crypto => ../crypto diff --git a/go.sum b/go.sum index 917e90c0..aabf4f1c 100644 --- a/go.sum +++ b/go.sum @@ -479,6 +479,7 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= +github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95 h1:TcCYqEqh6EIEiFabRdtG0IGyFK01kRLTjx6TIKqjxX8= github.com/smallstep/cli v0.14.7-rc.1.0.20200721180458-731b7c4c8c95/go.mod h1:7aWHk7WwJMpEP4PYyav86FMpaI9vuA0uJRliUAqCwxg= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= @@ -609,6 +610,8 @@ golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+v golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904 h1:bXoxMPcSLOq08zI3/c5dEBT6lE4eh+jOh886GHrn6V8= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/kms/awskms/awskms.go b/kms/awskms/awskms.go index df75d0e1..5e88eb80 100644 --- a/kms/awskms/awskms.go +++ b/kms/awskms/awskms.go @@ -14,7 +14,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/kms/apiv1" "github.com/smallstep/certificates/kms/uri" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) // KMS implements a KMS using AWS Key Management Service. diff --git a/kms/awskms/awskms_test.go b/kms/awskms/awskms_test.go index f19e1c49..c86645e2 100644 --- a/kms/awskms/awskms_test.go +++ b/kms/awskms/awskms_test.go @@ -14,7 +14,7 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/kms" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestNew(t *testing.T) { diff --git a/kms/awskms/signer.go b/kms/awskms/signer.go index 3d9767d0..0eec10c3 100644 --- a/kms/awskms/signer.go +++ b/kms/awskms/signer.go @@ -8,7 +8,7 @@ import ( "github.com/aws/aws-sdk-go/service/kms" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) // Signer implements a crypto.Signer using the AWS KMS. diff --git a/kms/awskms/signer_test.go b/kms/awskms/signer_test.go index 51915174..9694c62a 100644 --- a/kms/awskms/signer_test.go +++ b/kms/awskms/signer_test.go @@ -13,7 +13,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/kms" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestNewSigner(t *testing.T) { diff --git a/kms/cloudkms/cloudkms.go b/kms/cloudkms/cloudkms.go index 01cbcab2..547bfc62 100644 --- a/kms/cloudkms/cloudkms.go +++ b/kms/cloudkms/cloudkms.go @@ -14,7 +14,7 @@ import ( gax "github.com/googleapis/gax-go/v2" "github.com/pkg/errors" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" "google.golang.org/api/option" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) diff --git a/kms/cloudkms/cloudkms_test.go b/kms/cloudkms/cloudkms_test.go index c5eba318..1038432a 100644 --- a/kms/cloudkms/cloudkms_test.go +++ b/kms/cloudkms/cloudkms_test.go @@ -11,7 +11,7 @@ import ( gax "github.com/googleapis/gax-go/v2" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/kms/cloudkms/signer.go b/kms/cloudkms/signer.go index b9232ca4..303c2496 100644 --- a/kms/cloudkms/signer.go +++ b/kms/cloudkms/signer.go @@ -5,7 +5,7 @@ import ( "io" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) diff --git a/kms/cloudkms/signer_test.go b/kms/cloudkms/signer_test.go index 9a05e131..dec176f4 100644 --- a/kms/cloudkms/signer_test.go +++ b/kms/cloudkms/signer_test.go @@ -11,7 +11,7 @@ import ( "testing" gax "github.com/googleapis/gax-go/v2" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) diff --git a/kms/softkms/softkms.go b/kms/softkms/softkms.go index 3db9cbcc..e7873796 100644 --- a/kms/softkms/softkms.go +++ b/kms/softkms/softkms.go @@ -10,8 +10,9 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" + "github.com/smallstep/cli/ui" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" ) type algorithmAttributes struct { @@ -41,7 +42,7 @@ var generateKey = func(kty, crv string, size int) (interface{}, interface{}, err if kty == "RSA" && size == 0 { size = DefaultRSAKeySize } - return keys.GenerateKeyPair(kty, crv, size) + return keyutil.GenerateKeyPair(kty, crv, size) } // SoftKMS is a key manager that uses keys stored in disk. @@ -53,6 +54,9 @@ func New(ctx context.Context, opts apiv1.Options) (*SoftKMS, error) { } func init() { + pemutil.PromptPassword = func(msg string) ([]byte, error) { + return ui.PromptPassword(msg) + } apiv1.Register(apiv1.SoftKMS, func(ctx context.Context, opts apiv1.Options) (apiv1.KeyManager, error) { return New(ctx, opts) }) @@ -98,6 +102,8 @@ func (k *SoftKMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, e } } +// CreateKey generates a new key using Golang crypto and returns both public and +// private key. func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error) { v, ok := signatureAlgorithmMapping[req.SignatureAlgorithm] if !ok { @@ -123,6 +129,7 @@ func (k *SoftKMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyRespon }, nil } +// GetPublicKey returns the public key from the file passed in the request name. func (k *SoftKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) { v, err := pemutil.Read(req.Name) if err != nil { diff --git a/kms/softkms/softkms_test.go b/kms/softkms/softkms_test.go index 44dccaa9..11c0cdd1 100644 --- a/kms/softkms/softkms_test.go +++ b/kms/softkms/softkms_test.go @@ -16,7 +16,7 @@ import ( "testing" "github.com/smallstep/certificates/kms/apiv1" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestNew(t *testing.T) { diff --git a/pki/pki.go b/pki/pki.go index 12595917..6ee5a110 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -22,12 +22,12 @@ import ( "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/db" "github.com/smallstep/cli/config" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/errs" "github.com/smallstep/cli/jose" "github.com/smallstep/cli/ui" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x509util" "golang.org/x/crypto/ssh" ) @@ -115,7 +115,7 @@ func GetProvisioners(caURL, rootFile string) (provisioner.List, error) { } func generateDefaultKey() (crypto.Signer, error) { - priv, err := keys.GenerateDefaultKey() + priv, err := keyutil.GenerateDefaultKey() if err != nil { return nil, err } @@ -369,7 +369,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error { var pubNames = []string{p.sshHostPubKey, p.sshUserPubKey} var privNames = []string{p.sshHostKey, p.sshUserKey} for i := 0; i < 2; i++ { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err }