Remove github.com/satori/go.uuid.

2019-04-05 12:44:03 +02:00 · 2019-04-05 12:44:03 +02:00 · 2e19e45aa4
commit 2e19e45aa4
parent e1d097ea20
25 changed files with 1027 additions and 365 deletions
--- a/vendor/github.com/Masterminds/sprig/crypto.go
+++ b/vendor/github.com/Masterminds/sprig/crypto.go
@ -8,16 +8,23 @@ import (
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/asn1"
+	"encoding/base64"
 	"encoding/binary"
 	"encoding/hex"
 	"encoding/pem"
+	"errors"
 	"fmt"
+	"hash/adler32"
 	"math/big"
+	"net"
+	"time"

-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 	"golang.org/x/crypto/scrypt"
 )

@ -26,9 +33,19 @@ func sha256sum(input string) string {
 	return hex.EncodeToString(hash[:])
 }

+func sha1sum(input string) string {
+	hash := sha1.Sum([]byte(input))
+	return hex.EncodeToString(hash[:])
+}
+
+func adler32sum(input string) string {
+	hash := adler32.Checksum([]byte(input))
+	return fmt.Sprintf("%d", hash)
+}
+
 // uuidv4 provides a safe and secure UUID v4 implementation
 func uuidv4() string {
-	return fmt.Sprintf("%s", uuid.NewV4())
+	return fmt.Sprintf("%s", uuid.New())
 }

 var master_password_seed = "com.lyndir.masterpassword"
@ -146,3 +163,279 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 		return nil
 	}
 }
+
+type certificate struct {
+	Cert string
+	Key  string
+}
+
+func buildCustomCertificate(b64cert string, b64key string) (certificate, error) {
+	crt := certificate{}
+
+	cert, err := base64.StdEncoding.DecodeString(b64cert)
+	if err != nil {
+		return crt, errors.New("unable to decode base64 certificate")
+	}
+
+	key, err := base64.StdEncoding.DecodeString(b64key)
+	if err != nil {
+		return crt, errors.New("unable to decode base64 private key")
+	}
+
+	decodedCert, _ := pem.Decode(cert)
+	if decodedCert == nil {
+		return crt, errors.New("unable to decode certificate")
+	}
+	_, err = x509.ParseCertificate(decodedCert.Bytes)
+	if err != nil {
+		return crt, fmt.Errorf(
+			"error parsing certificate: decodedCert.Bytes: %s",
+			err,
+		)
+	}
+
+	decodedKey, _ := pem.Decode(key)
+	if decodedKey == nil {
+		return crt, errors.New("unable to decode key")
+	}
+	_, err = x509.ParsePKCS1PrivateKey(decodedKey.Bytes)
+	if err != nil {
+		return crt, fmt.Errorf(
+			"error parsing prive key: decodedKey.Bytes: %s",
+			err,
+		)
+	}
+
+	crt.Cert = string(cert)
+	crt.Key = string(key)
+
+	return crt, nil
+}
+
+func generateCertificateAuthority(
+	cn string,
+	daysValid int,
+) (certificate, error) {
+	ca := certificate{}
+
+	template, err := getBaseCertTemplate(cn, nil, nil, daysValid)
+	if err != nil {
+		return ca, err
+	}
+	// Override KeyUsage and IsCA
+	template.KeyUsage = x509.KeyUsageKeyEncipherment |
+		x509.KeyUsageDigitalSignature |
+		x509.KeyUsageCertSign
+	template.IsCA = true
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return ca, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	ca.Cert, ca.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return ca, err
+	}
+
+	return ca, nil
+}
+
+func generateSelfSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (certificate, error) {
+	cert := certificate{}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func generateSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+	ca certificate,
+) (certificate, error) {
+	cert := certificate{}
+
+	decodedSignerCert, _ := pem.Decode([]byte(ca.Cert))
+	if decodedSignerCert == nil {
+		return cert, errors.New("unable to decode certificate")
+	}
+	signerCert, err := x509.ParseCertificate(decodedSignerCert.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing certificate: decodedSignerCert.Bytes: %s",
+			err,
+		)
+	}
+	decodedSignerKey, _ := pem.Decode([]byte(ca.Key))
+	if decodedSignerKey == nil {
+		return cert, errors.New("unable to decode key")
+	}
+	signerKey, err := x509.ParsePKCS1PrivateKey(decodedSignerKey.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing prive key: decodedSignerKey.Bytes: %s",
+			err,
+		)
+	}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(
+		template,
+		priv,
+		signerCert,
+		signerKey,
+	)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func getCertAndKey(
+	template *x509.Certificate,
+	signeeKey *rsa.PrivateKey,
+	parent *x509.Certificate,
+	signingKey *rsa.PrivateKey,
+) (string, string, error) {
+	derBytes, err := x509.CreateCertificate(
+		rand.Reader,
+		template,
+		parent,
+		&signeeKey.PublicKey,
+		signingKey,
+	)
+	if err != nil {
+		return "", "", fmt.Errorf("error creating certificate: %s", err)
+	}
+
+	certBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&certBuffer,
+		&pem.Block{Type: "CERTIFICATE", Bytes: derBytes},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding certificate: %s", err)
+	}
+
+	keyBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&keyBuffer,
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(signeeKey),
+		},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding key: %s", err)
+	}
+
+	return string(certBuffer.Bytes()), string(keyBuffer.Bytes()), nil
+}
+
+func getBaseCertTemplate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (*x509.Certificate, error) {
+	ipAddresses, err := getNetIPs(ips)
+	if err != nil {
+		return nil, err
+	}
+	dnsNames, err := getAlternateDNSStrs(alternateDNS)
+	if err != nil {
+		return nil, err
+	}
+	serialNumberUpperBound := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberUpperBound)
+	if err != nil {
+		return nil, err
+	}
+	return &x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			CommonName: cn,
+		},
+		IPAddresses: ipAddresses,
+		DNSNames:    dnsNames,
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().Add(time.Hour * 24 * time.Duration(daysValid)),
+		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageServerAuth,
+			x509.ExtKeyUsageClientAuth,
+		},
+		BasicConstraintsValid: true,
+	}, nil
+}
+
+func getNetIPs(ips []interface{}) ([]net.IP, error) {
+	if ips == nil {
+		return []net.IP{}, nil
+	}
+	var ipStr string
+	var ok bool
+	var netIP net.IP
+	netIPs := make([]net.IP, len(ips))
+	for i, ip := range ips {
+		ipStr, ok = ip.(string)
+		if !ok {
+			return nil, fmt.Errorf("error parsing ip: %v is not a string", ip)
+		}
+		netIP = net.ParseIP(ipStr)
+		if netIP == nil {
+			return nil, fmt.Errorf("error parsing ip: %s", ipStr)
+		}
+		netIPs[i] = netIP
+	}
+	return netIPs, nil
+}
+
+func getAlternateDNSStrs(alternateDNS []interface{}) ([]string, error) {
+	if alternateDNS == nil {
+		return []string{}, nil
+	}
+	var dnsStr string
+	var ok bool
+	alternateDNSStrs := make([]string, len(alternateDNS))
+	for i, dns := range alternateDNS {
+		dnsStr, ok = dns.(string)
+		if !ok {
+			return nil, fmt.Errorf(
+				"error processing alternate dns name: %v is not a string",
+				dns,
+			)
+		}
+		alternateDNSStrs[i] = dnsStr
+	}
+	return alternateDNSStrs, nil
+}