Bump sprig@v2.14.1

2017-12-19 14:00:29 +01:00
parent 230480afd1
commit 9f831eb4de
11 changed files with 678 additions and 62 deletions
--- a/vendor/github.com/Masterminds/sprig/crypto.go
+++ b/vendor/github.com/Masterminds/sprig/crypto.go
@@ -10,12 +10,16 @@ import (
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/asn1"
 	"encoding/binary"
 	"encoding/hex"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"math/big"
+	"net"
+	"time"

 	uuid "github.com/satori/go.uuid"
 	"golang.org/x/crypto/scrypt"
@@ -146,3 +150,231 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 		return nil
 	}
 }
+
+type certificate struct {
+	Cert string
+	Key  string
+}
+
+func generateCertificateAuthority(
+	cn string,
+	daysValid int,
+) (certificate, error) {
+	ca := certificate{}
+
+	template, err := getBaseCertTemplate(cn, nil, nil, daysValid)
+	if err != nil {
+		return ca, err
+	}
+	// Override KeyUsage and IsCA
+	template.KeyUsage = x509.KeyUsageKeyEncipherment |
+		x509.KeyUsageDigitalSignature |
+		x509.KeyUsageCertSign
+	template.IsCA = true
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return ca, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	ca.Cert, ca.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return ca, err
+	}
+
+	return ca, nil
+}
+
+func generateSelfSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (certificate, error) {
+	cert := certificate{}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(template, priv, template, priv)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func generateSignedCertificate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+	ca certificate,
+) (certificate, error) {
+	cert := certificate{}
+
+	decodedSignerCert, _ := pem.Decode([]byte(ca.Cert))
+	if decodedSignerCert == nil {
+		return cert, errors.New("unable to decode certificate")
+	}
+	signerCert, err := x509.ParseCertificate(decodedSignerCert.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing certificate: decodedSignerCert.Bytes: %s",
+			err,
+		)
+	}
+	decodedSignerKey, _ := pem.Decode([]byte(ca.Key))
+	if decodedSignerKey == nil {
+		return cert, errors.New("unable to decode key")
+	}
+	signerKey, err := x509.ParsePKCS1PrivateKey(decodedSignerKey.Bytes)
+	if err != nil {
+		return cert, fmt.Errorf(
+			"error parsing prive key: decodedSignerKey.Bytes: %s",
+			err,
+		)
+	}
+
+	template, err := getBaseCertTemplate(cn, ips, alternateDNS, daysValid)
+	if err != nil {
+		return cert, err
+	}
+
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return cert, fmt.Errorf("error generating rsa key: %s", err)
+	}
+
+	cert.Cert, cert.Key, err = getCertAndKey(
+		template,
+		priv,
+		signerCert,
+		signerKey,
+	)
+	if err != nil {
+		return cert, err
+	}
+
+	return cert, nil
+}
+
+func getCertAndKey(
+	template *x509.Certificate,
+	signeeKey *rsa.PrivateKey,
+	parent *x509.Certificate,
+	signingKey *rsa.PrivateKey,
+) (string, string, error) {
+	derBytes, err := x509.CreateCertificate(
+		rand.Reader,
+		template,
+		parent,
+		&signeeKey.PublicKey,
+		signingKey,
+	)
+	if err != nil {
+		return "", "", fmt.Errorf("error creating certificate: %s", err)
+	}
+
+	certBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&certBuffer,
+		&pem.Block{Type: "CERTIFICATE", Bytes: derBytes},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding certificate: %s", err)
+	}
+
+	keyBuffer := bytes.Buffer{}
+	if err := pem.Encode(
+		&keyBuffer,
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(signeeKey),
+		},
+	); err != nil {
+		return "", "", fmt.Errorf("error pem-encoding key: %s", err)
+	}
+
+	return string(certBuffer.Bytes()), string(keyBuffer.Bytes()), nil
+}
+
+func getBaseCertTemplate(
+	cn string,
+	ips []interface{},
+	alternateDNS []interface{},
+	daysValid int,
+) (*x509.Certificate, error) {
+	ipAddresses, err := getNetIPs(ips)
+	if err != nil {
+		return nil, err
+	}
+	dnsNames, err := getAlternateDNSStrs(alternateDNS)
+	if err != nil {
+		return nil, err
+	}
+	return &x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName: cn,
+		},
+		IPAddresses: ipAddresses,
+		DNSNames:    dnsNames,
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().Add(time.Hour * 24 * time.Duration(daysValid)),
+		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage: []x509.ExtKeyUsage{
+			x509.ExtKeyUsageServerAuth,
+			x509.ExtKeyUsageClientAuth,
+		},
+		BasicConstraintsValid: true,
+	}, nil
+}
+
+func getNetIPs(ips []interface{}) ([]net.IP, error) {
+	if ips == nil {
+		return []net.IP{}, nil
+	}
+	var ipStr string
+	var ok bool
+	var netIP net.IP
+	netIPs := make([]net.IP, len(ips))
+	for i, ip := range ips {
+		ipStr, ok = ip.(string)
+		if !ok {
+			return nil, fmt.Errorf("error parsing ip: %v is not a string", ip)
+		}
+		netIP = net.ParseIP(ipStr)
+		if netIP == nil {
+			return nil, fmt.Errorf("error parsing ip: %s", ipStr)
+		}
+		netIPs[i] = netIP
+	}
+	return netIPs, nil
+}
+
+func getAlternateDNSStrs(alternateDNS []interface{}) ([]string, error) {
+	if alternateDNS == nil {
+		return []string{}, nil
+	}
+	var dnsStr string
+	var ok bool
+	alternateDNSStrs := make([]string, len(alternateDNS))
+	for i, dns := range alternateDNS {
+		dnsStr, ok = dns.(string)
+		if !ok {
+			return nil, fmt.Errorf(
+				"error processing alternate dns name: %v is not a string",
+				dns,
+			)
+		}
+		alternateDNSStrs[i] = dnsStr
+	}
+	return alternateDNSStrs, nil
+}