From 116600896df59df73e6c0c27073390c8df3aa29d Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 30 Sep 2022 14:30:40 -0700 Subject: [PATCH] Use pemutil, randutil, and keyutil from go.step.sm/crypto --- command/crypto/key/format.go | 18 +++++++++++------- command/oauth/cmd.go | 2 +- command/ssh/certificate.go | 12 +++++++----- command/ssh/login.go | 6 +++--- command/ssh/proxycommand.go | 4 ++-- command/ssh/rekey.go | 10 ++++++---- command/ssh/ssh.go | 4 ++-- crypto/kdf/kdf.go | 3 +-- crypto/kdf/kdf_test.go | 2 +- crypto/pemutil/pem.go | 4 ++-- crypto/pemutil/pem_test.go | 22 +++++++++++----------- crypto/pemutil/ssh.go | 2 +- crypto/x509util/identity.go | 2 +- crypto/x509util/identity_test.go | 2 +- crypto/x509util/profile.go | 10 +++++----- integration/jwk_test.go | 2 +- integration/jwt_test.go | 2 +- jose/encrypt.go | 2 +- jose/generate.go | 4 ++-- jose/parse.go | 2 +- jose/validate.go | 10 +++++----- jose/validate_test.go | 2 +- token/options.go | 2 +- token/provision/provision_test.go | 2 +- token/token_test.go | 4 ++-- utils/cautils/acme_flow.go | 2 +- utils/cautils/bootstrap.go | 5 ++--- utils/cautils/certificate_flow.go | 8 ++++---- utils/cautils/client.go | 6 +++--- utils/cautils/offline.go | 4 ++-- utils/cautils/token_generator.go | 4 ++-- 31 files changed, 85 insertions(+), 79 deletions(-) diff --git a/command/crypto/key/format.go b/command/crypto/key/format.go index 1d0f7a03..5dc00914 100644 --- a/command/crypto/key/format.go +++ b/command/crypto/key/format.go @@ -11,13 +11,13 @@ import ( "os" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/jose" "github.com/smallstep/cli/utils" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) @@ -342,7 +342,9 @@ func convertToPEM(ctx *cli.Context, key interface{}) (b []byte, err error) { if passFile := ctx.String("password-file"); passFile != "" { opts = append(opts, pemutil.WithPasswordFile(passFile)) } else { - opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key")) + opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key", func(s string) ([]byte, error) { + return ui.PromptPassword(s, ui.WithValidateNotEmpty()) + })) } default: return nil, errors.Errorf("unsupported key type %T", key) @@ -360,20 +362,20 @@ func convertToDER(ctx *cli.Context, key interface{}) (b []byte, err error) { switch k := key.(type) { case *rsa.PrivateKey: if ctx.Bool("pkcs8") { - b, err = pemutil.MarshalPKCS8PrivateKey(key) + b, err = x509.MarshalPKCS8PrivateKey(key) } else { b = x509.MarshalPKCS1PrivateKey(k) } case *ecdsa.PrivateKey: if ctx.Bool("pkcs8") { - b, err = pemutil.MarshalPKCS8PrivateKey(key) + b, err = x509.MarshalPKCS8PrivateKey(key) } else { b, err = x509.MarshalECPrivateKey(k) } case ed25519.PrivateKey: // always PKCS#8 - b, err = pemutil.MarshalPKCS8PrivateKey(key) + b, err = x509.MarshalPKCS8PrivateKey(key) case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey: // always PKIX - b, err = pemutil.MarshalPKIXPublicKey(key) + b, err = x509.MarshalPKIXPublicKey(key) default: return nil, errors.Errorf("unsupported key type %T", key) } @@ -396,7 +398,9 @@ func convertToSSH(ctx *cli.Context, key interface{}) ([]byte, error) { if passFile := ctx.String("password-file"); passFile != "" { opts = append(opts, pemutil.WithPasswordFile(passFile)) } else { - opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key")) + opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key", func(s string) ([]byte, error) { + return ui.PromptPassword(s, ui.WithValidateNotEmpty()) + })) } } block, err := pemutil.Serialize(key, opts...) diff --git a/command/oauth/cmd.go b/command/oauth/cmd.go index 5488266d..97fe5398 100644 --- a/command/oauth/cmd.go +++ b/command/oauth/cmd.go @@ -21,7 +21,6 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/exec" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/jose" @@ -29,6 +28,7 @@ import ( "github.com/urfave/cli" "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/errs" + "go.step.sm/crypto/randutil" ) // These are the OAuth2.0 client IDs from the Step CLI. This application is diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go index 1e2342e5..1293a288 100644 --- a/command/ssh/certificate.go +++ b/command/ssh/certificate.go @@ -15,8 +15,6 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/ca/identity" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/crypto/sshutil" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/utils" @@ -25,6 +23,8 @@ import ( "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/blake2b" "golang.org/x/crypto/ssh" ) @@ -372,7 +372,7 @@ func certificateAction(ctx *cli.Context) error { } } else { // Generate keypair - pub, priv, err = keys.GenerateDefaultKeyPair() + pub, priv, err = keyutil.GenerateDefaultKeyPair() if err != nil { return err } @@ -387,7 +387,7 @@ func certificateAction(ctx *cli.Context) error { var sshAuPubBytes []byte var auPub, auPriv interface{} if isAddUser { - auPub, auPriv, err = keys.GenerateDefaultKeyPair() + auPub, auPriv, err = keyutil.GenerateDefaultKeyPair() if err != nil { return err } @@ -426,7 +426,9 @@ func certificateAction(ctx *cli.Context) error { case passwordFile != "": opts = append(opts, pemutil.WithPasswordFile(passwordFile)) default: - opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key")) + opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key", func(s string) ([]byte, error) { + return ui.PromptPassword(s, ui.WithValidateNotEmpty()) + })) } _, err = pemutil.Serialize(priv, opts...) if err != nil { diff --git a/command/ssh/login.go b/command/ssh/login.go index 302d856b..09a8987b 100644 --- a/command/ssh/login.go +++ b/command/ssh/login.go @@ -8,7 +8,6 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" - "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/sshutil" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/utils/cautils" @@ -16,6 +15,7 @@ import ( "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -170,7 +170,7 @@ func loginAction(ctx *cli.Context) error { } // Generate keypair - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err } @@ -184,7 +184,7 @@ func loginAction(ctx *cli.Context) error { var sshAuPubBytes []byte var auPub, auPriv interface{} if isAddUser { - auPub, auPriv, err = keys.GenerateDefaultKeyPair() + auPub, auPriv, err = keyutil.GenerateDefaultKeyPair() if err != nil { return err } diff --git a/command/ssh/proxycommand.go b/command/ssh/proxycommand.go index c9d920cf..8aa97f25 100644 --- a/command/ssh/proxycommand.go +++ b/command/ssh/proxycommand.go @@ -13,7 +13,6 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" - "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/sshutil" "github.com/smallstep/cli/exec" "github.com/smallstep/cli/flags" @@ -21,6 +20,7 @@ import ( "github.com/urfave/cli" "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/errs" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -176,7 +176,7 @@ func doLoginIfNeeded(ctx *cli.Context, subject string) error { } // Generate keypair - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err } diff --git a/command/ssh/rekey.go b/command/ssh/rekey.go index f7924459..521993ab 100644 --- a/command/ssh/rekey.go +++ b/command/ssh/rekey.go @@ -8,8 +8,6 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca/identity" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/utils" "github.com/smallstep/cli/utils/cautils" @@ -17,6 +15,8 @@ import ( "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) @@ -133,7 +133,7 @@ func rekeyAction(ctx *cli.Context) error { } // Generate keypair - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err } @@ -161,7 +161,9 @@ func rekeyAction(ctx *cli.Context) error { case passwordFile != "": opts = append(opts, pemutil.WithPasswordFile(passwordFile)) default: - opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key")) + opts = append(opts, pemutil.WithPasswordPrompt("Please enter the password to encrypt the private key", func(s string) ([]byte, error) { + return ui.PromptPassword(s, ui.WithValidateNotEmpty()) + })) } _, err = pemutil.Serialize(priv, opts...) if err != nil { diff --git a/command/ssh/ssh.go b/command/ssh/ssh.go index b2590a72..ba3e2ff9 100644 --- a/command/ssh/ssh.go +++ b/command/ssh/ssh.go @@ -9,7 +9,6 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/errs" - "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/crypto/sshutil" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/token" @@ -17,6 +16,7 @@ import ( "github.com/urfave/cli" "go.step.sm/cli-utils/command" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -199,7 +199,7 @@ func loginOnUnauthorized(ctx *cli.Context) (ca.RetryFunc, error) { } // Generate SSH Keys - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return fail(err) } diff --git a/crypto/kdf/kdf.go b/crypto/kdf/kdf.go index a1c03ea7..fdb19440 100644 --- a/crypto/kdf/kdf.go +++ b/crypto/kdf/kdf.go @@ -5,8 +5,7 @@ import ( "strconv" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/randutil" - + "go.step.sm/crypto/randutil" "golang.org/x/crypto/argon2" "golang.org/x/crypto/bcrypt" "golang.org/x/crypto/scrypt" diff --git a/crypto/kdf/kdf_test.go b/crypto/kdf/kdf_test.go index aaae2dc8..c5a93750 100644 --- a/crypto/kdf/kdf_test.go +++ b/crypto/kdf/kdf_test.go @@ -4,7 +4,7 @@ import ( "testing" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/randutil" + "go.step.sm/crypto/randutil" ) func TestKDF(t *testing.T) { diff --git a/crypto/pemutil/pem.go b/crypto/pemutil/pem.go index 6ae7ea8f..b19a7233 100644 --- a/crypto/pemutil/pem.go +++ b/crypto/pemutil/pem.go @@ -15,10 +15,10 @@ import ( "os" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/keys" "github.com/smallstep/cli/utils" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" "golang.org/x/crypto/ssh" ) @@ -297,7 +297,7 @@ func ParseKey(b []byte, opts ...Options) (interface{}, error) { if err != nil { return nil, err } - return keys.ExtractKey(k) + return keyutil.ExtractKey(k) } // Read returns the key or certificate encoded in the given PEM file. diff --git a/crypto/pemutil/pem_test.go b/crypto/pemutil/pem_test.go index e320e282..a10a2416 100644 --- a/crypto/pemutil/pem_test.go +++ b/crypto/pemutil/pem_test.go @@ -19,7 +19,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/keys" + "go.step.sm/crypto/keyutil" ) type keyType int @@ -382,59 +382,59 @@ func TestSerialize(t *testing.T) { }, "RSA Private Key success": { in: func() (interface{}, error) { - return keys.GenerateKey("RSA", "", 1024) + return keyutil.GenerateKey("RSA", "", 1024) }, }, "RSA Public Key success": { in: func() (interface{}, error) { - pub, _, err := keys.GenerateKeyPair("RSA", "", 1024) + pub, _, err := keyutil.GenerateKeyPair("RSA", "", 1024) return pub, err }, }, "EC Private Key success": { in: func() (interface{}, error) { - return keys.GenerateKey("EC", "P-256", 0) + return keyutil.GenerateKey("EC", "P-256", 0) }, }, "EC Private Key success - encrypt input data": { in: func() (interface{}, error) { - return keys.GenerateKey("EC", "P-256", 0) + return keyutil.GenerateKey("EC", "P-256", 0) }, pass: "pass", }, "EC Public Key success": { in: func() (interface{}, error) { - pub, _, err := keys.GenerateKeyPair("EC", "P-256", 0) + pub, _, err := keyutil.GenerateKeyPair("EC", "P-256", 0) return pub, err }, }, "OKP Private Key success": { in: func() (interface{}, error) { - return keys.GenerateKey("OKP", "Ed25519", 0) + return keyutil.GenerateKey("OKP", "Ed25519", 0) }, }, "OKP Public Key success": { in: func() (interface{}, error) { - pub, _, err := keys.GenerateKeyPair("OKP", "Ed25519", 0) + pub, _, err := keyutil.GenerateKeyPair("OKP", "Ed25519", 0) return pub, err }, }, "propagate open key out file error": { in: func() (interface{}, error) { - return keys.GenerateKey("EC", "P-256", 0) + return keyutil.GenerateKey("EC", "P-256", 0) }, file: "./fakeDir/test.key", err: errors.New("open ./fakeDir/test.key failed: no such file or directory"), }, "ToFile Success (EC Private Key unencrypted)": { in: func() (interface{}, error) { - return keys.GenerateKey("EC", "P-256", 0) + return keyutil.GenerateKey("EC", "P-256", 0) }, file: "./test.key", }, "ToFile Success (EC Private Key encrypted)": { in: func() (interface{}, error) { - return keys.GenerateKey("EC", "P-256", 0) + return keyutil.GenerateKey("EC", "P-256", 0) }, pass: "pass", file: "./test.key", diff --git a/crypto/pemutil/ssh.go b/crypto/pemutil/ssh.go index 47dc37a5..7212403e 100644 --- a/crypto/pemutil/ssh.go +++ b/crypto/pemutil/ssh.go @@ -20,11 +20,11 @@ import ( "math/big" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/pkg/bcrypt_pbkdf" "github.com/smallstep/cli/utils" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/randutil" "golang.org/x/crypto/ssh" ) diff --git a/crypto/x509util/identity.go b/crypto/x509util/identity.go index e0680e5e..59d8bf73 100644 --- a/crypto/x509util/identity.go +++ b/crypto/x509util/identity.go @@ -5,7 +5,7 @@ import ( "os" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) // Identity contains a public/private x509 certificate/key pair. diff --git a/crypto/x509util/identity_test.go b/crypto/x509util/identity_test.go index 4e9ba728..11b7ea66 100644 --- a/crypto/x509util/identity_test.go +++ b/crypto/x509util/identity_test.go @@ -5,7 +5,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) func TestLoadIdentityFromDisk(t *testing.T) { diff --git a/crypto/x509util/profile.go b/crypto/x509util/profile.go index 1487bd30..37bac216 100644 --- a/crypto/x509util/profile.go +++ b/crypto/x509util/profile.go @@ -16,9 +16,9 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/utils" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" ) // Cribbed directly from golang src crypto/x509/x509.go @@ -130,7 +130,7 @@ func GenerateKeyPair(kty, crv string, size int) WithOption { // GenerateDefaultKeyPair generates a new public/private key pair using the // default values and sets them in the given profile. func GenerateDefaultKeyPair(p Profile) error { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err } @@ -414,7 +414,7 @@ func (b *base) DefaultDuration() time.Duration { } func (b *base) GenerateKeyPair(kty, crv string, size int) error { - pub, priv, err := keys.GenerateKeyPair(kty, crv, size) + pub, priv, err := keyutil.GenerateKeyPair(kty, crv, size) if err != nil { return err } @@ -424,7 +424,7 @@ func (b *base) GenerateKeyPair(kty, crv string, size int) error { } func (b *base) GenerateDefaultKeyPair() error { - pub, priv, err := keys.GenerateDefaultKeyPair() + pub, priv, err := keyutil.GenerateDefaultKeyPair() if err != nil { return err } diff --git a/integration/jwk_test.go b/integration/jwk_test.go index 744b9baf..6f12d638 100644 --- a/integration/jwk_test.go +++ b/integration/jwk_test.go @@ -12,7 +12,7 @@ import ( "testing" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/randutil" + "go.step.sm/crypto/randutil" jose "gopkg.in/square/go-jose.v2" ) diff --git a/integration/jwt_test.go b/integration/jwt_test.go index fb5bc223..aa418a66 100644 --- a/integration/jwt_test.go +++ b/integration/jwt_test.go @@ -25,7 +25,7 @@ import ( "github.com/icrowley/fake" "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" jose "gopkg.in/square/go-jose.v2" ) diff --git a/jose/encrypt.go b/jose/encrypt.go index 17ea8cdf..973d851a 100644 --- a/jose/encrypt.go +++ b/jose/encrypt.go @@ -6,9 +6,9 @@ import ( "encoding/json" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/randutil" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/randutil" ) // Thumbprint computes the JWK Thumbprint of a key using SHA256 as the hash diff --git a/jose/generate.go b/jose/generate.go index 413cdfea..77a2ab51 100644 --- a/jose/generate.go +++ b/jose/generate.go @@ -12,9 +12,9 @@ import ( "encoding/json" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "go.step.sm/cli-utils/errs" + "go.step.sm/crypto/pemutil" + "go.step.sm/crypto/randutil" ) const ( diff --git a/jose/parse.go b/jose/parse.go index 5f79d653..f948bfdd 100644 --- a/jose/parse.go +++ b/jose/parse.go @@ -18,8 +18,8 @@ import ( "time" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/pemutil" jose "gopkg.in/square/go-jose.v2" ) diff --git a/jose/validate.go b/jose/validate.go index f90eea37..163491c0 100644 --- a/jose/validate.go +++ b/jose/validate.go @@ -11,8 +11,8 @@ import ( "os" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" "golang.org/x/crypto/ssh" ) @@ -34,11 +34,11 @@ func ValidateSSHPOP(certFile string, key interface{}) (string, error) { if !ok { return "", errors.New("error casting ssh public key to ssh certificate") } - pubkey, err := keys.ExtractKey(cert) + pubkey, err := keyutil.ExtractKey(cert) if err != nil { return "", errors.Wrap(err, "error extracting public key from ssh public key interface") } - if err = keys.VerifyPair(pubkey, key); err != nil { + if err = keyutil.VerifyPair(pubkey, key); err != nil { return "", errors.Wrap(err, "error verifying ssh key pair") } @@ -54,7 +54,7 @@ func validateX5(certFile string, key interface{}) ([]*x509.Certificate, error) { return nil, errors.Wrap(err, "error reading certificate chain from file") } - if err = keys.VerifyPair(certs[0].PublicKey, key); err != nil { + if err = keyutil.VerifyPair(certs[0].PublicKey, key); err != nil { return nil, errors.Wrap(err, "error verifying certificate and key") } diff --git a/jose/validate_test.go b/jose/validate_test.go index b7abc30a..a484d846 100644 --- a/jose/validate_test.go +++ b/jose/validate_test.go @@ -7,7 +7,7 @@ import ( "github.com/pkg/errors" "github.com/smallstep/assert" - "github.com/smallstep/cli/crypto/pemutil" + "go.step.sm/crypto/pemutil" ) var ( diff --git a/token/options.go b/token/options.go index 1982ac3b..1f417308 100644 --- a/token/options.go +++ b/token/options.go @@ -10,8 +10,8 @@ import ( "github.com/pkg/errors" nebula "github.com/slackhq/nebula/cert" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" ) // Options is a function that set claims. diff --git a/token/provision/provision_test.go b/token/provision/provision_test.go index f2af415e..f7945959 100644 --- a/token/provision/provision_test.go +++ b/token/provision/provision_test.go @@ -6,10 +6,10 @@ import ( "testing" "time" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/jose" "github.com/smallstep/cli/token" "github.com/stretchr/testify/assert" + "go.step.sm/crypto/pemutil" ) func withFixedTime(tok *Token, t time.Time) { diff --git a/token/token_test.go b/token/token_test.go index 5609594c..91d2524a 100644 --- a/token/token_test.go +++ b/token/token_test.go @@ -8,9 +8,9 @@ import ( "testing" "time" - "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/jose" + "go.step.sm/crypto/pemutil" + "go.step.sm/crypto/randutil" ) func TestClaims_Set(t *testing.T) { diff --git a/utils/cautils/acme_flow.go b/utils/cautils/acme_flow.go index d68d2935..318c2f42 100644 --- a/utils/cautils/acme_flow.go +++ b/utils/cautils/acme_flow.go @@ -4,9 +4,9 @@ import ( "crypto/x509" "github.com/pkg/errors" - "github.com/smallstep/cli/crypto/pemutil" "github.com/urfave/cli" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/pemutil" ) // ACMECreateCertFlow performs an ACME transaction to get a new certificate. diff --git a/utils/cautils/bootstrap.go b/utils/cautils/bootstrap.go index 1e2c1280..48b8135e 100644 --- a/utils/cautils/bootstrap.go +++ b/utils/cautils/bootstrap.go @@ -10,17 +10,16 @@ import ( "path/filepath" "strings" + "github.com/pkg/errors" "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/pki" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/utils" "github.com/smallstep/truststore" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/step" "go.step.sm/cli-utils/ui" - - "github.com/pkg/errors" + "go.step.sm/crypto/pemutil" ) type bootstrapAPIResponse struct { diff --git a/utils/cautils/certificate_flow.go b/utils/cautils/certificate_flow.go index 6cd664cb..81fe2caf 100644 --- a/utils/cautils/certificate_flow.go +++ b/utils/cautils/certificate_flow.go @@ -18,15 +18,15 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/pki" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/flags" "github.com/smallstep/cli/token" "github.com/smallstep/cli/utils" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" + "go.step.sm/crypto/x509util" ) // CertificateFlow manages the flow to retrieve a new certificate. @@ -237,7 +237,7 @@ func (f *CertificateFlow) CreateSignRequest(ctx *cli.Context, tok, subject strin if err != nil { return nil, nil, err } - pk, err := keys.GenerateKey(kty, crv, size) + pk, err := keyutil.GenerateKey(kty, crv, size) if err != nil { return nil, nil, err } diff --git a/utils/cautils/client.go b/utils/cautils/client.go index 41699a19..b3e749e4 100644 --- a/utils/cautils/client.go +++ b/utils/cautils/client.go @@ -13,12 +13,12 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/ca" "github.com/smallstep/certificates/pki" - "github.com/smallstep/cli/crypto/keys" - "github.com/smallstep/cli/crypto/pemutil" "github.com/smallstep/cli/flags" "github.com/urfave/cli" "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/pemutil" ) // CaClient is the interface implemented by a client used to sign, renew, revoke @@ -139,7 +139,7 @@ func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient, URIs: uris, } - adminKey, err = keys.GenerateDefaultKey() + adminKey, err = keyutil.GenerateDefaultKey() if err != nil { return nil, err } diff --git a/utils/cautils/offline.go b/utils/cautils/offline.go index 8bc51554..8a7fa1a1 100644 --- a/utils/cautils/offline.go +++ b/utils/cautils/offline.go @@ -16,10 +16,10 @@ import ( "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/config" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/x509util" "github.com/smallstep/cli/utils" "github.com/urfave/cli" + "go.step.sm/crypto/pemutil" + "go.step.sm/crypto/x509util" "golang.org/x/crypto/ssh" ) diff --git a/utils/cautils/token_generator.go b/utils/cautils/token_generator.go index 4e130d35..9debb2a2 100644 --- a/utils/cautils/token_generator.go +++ b/utils/cautils/token_generator.go @@ -13,8 +13,6 @@ import ( "github.com/pkg/errors" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/pki" - "github.com/smallstep/cli/crypto/pemutil" - "github.com/smallstep/cli/crypto/randutil" "github.com/smallstep/cli/exec" "github.com/smallstep/cli/token" "github.com/smallstep/cli/token/provision" @@ -22,6 +20,8 @@ import ( "go.step.sm/cli-utils/errs" "go.step.sm/cli-utils/ui" "go.step.sm/crypto/jose" + "go.step.sm/crypto/pemutil" + "go.step.sm/crypto/randutil" "go.step.sm/crypto/x25519" )