From 7b4377ad9d8a7205416df8d6217ef2b010f89481 Mon Sep 17 00:00:00 2001 From: Taras Madan Date: Wed, 22 Jan 2025 16:07:17 +0100 Subject: vendor: delete --- .../enterprise-certificate-proxy/LICENSE | 202 ------------------- .../enterprise-certificate-proxy/client/client.go | 219 --------------------- .../client/util/util.go | 100 ---------- 3 files changed, 521 deletions(-) delete mode 100644 vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE delete mode 100644 vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go delete mode 100644 vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go (limited to 'vendor/github.com/googleapis/enterprise-certificate-proxy') diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE b/vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/vendor/github.com/googleapis/enterprise-certificate-proxy/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go deleted file mode 100644 index ea5beb5aa..000000000 --- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go +++ /dev/null @@ -1,219 +0,0 @@ -// Copyright 2022 Google LLC. -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Package client is a cross-platform client for the signer binary (a.k.a."EnterpriseCertSigner"). -// -// The signer binary is OS-specific, but exposes a standard set of APIs for the client to use. -package client - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/x509" - "encoding/gob" - "errors" - "fmt" - "io" - "net/rpc" - "os" - "os/exec" - - "github.com/googleapis/enterprise-certificate-proxy/client/util" -) - -const signAPI = "EnterpriseCertSigner.Sign" -const certificateChainAPI = "EnterpriseCertSigner.CertificateChain" -const publicKeyAPI = "EnterpriseCertSigner.Public" -const encryptAPI = "EnterpriseCertSigner.Encrypt" -const decryptAPI = "EnterpriseCertSigner.Decrypt" - -// A Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser. -type Connection struct { - io.ReadCloser - io.WriteCloser -} - -// Close closes c's underlying ReadCloser and WriteCloser. -func (c *Connection) Close() error { - rerr := c.ReadCloser.Close() - werr := c.WriteCloser.Close() - if rerr != nil { - return rerr - } - return werr -} - -func init() { - gob.Register(crypto.SHA256) - gob.Register(crypto.SHA384) - gob.Register(crypto.SHA512) - gob.Register(&rsa.PSSOptions{}) - gob.Register(&rsa.OAEPOptions{}) -} - -// SignArgs contains arguments for a Sign API call. -type SignArgs struct { - Digest []byte // The content to sign. - Opts crypto.SignerOpts // Options for signing. Must implement HashFunc(). -} - -// EncryptArgs contains arguments for an Encrypt API call. -type EncryptArgs struct { - Plaintext []byte // The plaintext to encrypt. - Opts any // Options for encryption. Ex: an instance of crypto.Hash. -} - -// DecryptArgs contains arguments to for a Decrypt API call. -type DecryptArgs struct { - Ciphertext []byte // The ciphertext to decrypt. - Opts crypto.DecrypterOpts // Options for decryption. Ex: an instance of *rsa.OAEPOptions. -} - -// Key implements credential.Credential by holding the executed signer subprocess. -type Key struct { - cmd *exec.Cmd // Pointer to the signer subprocess. - client *rpc.Client // Pointer to the rpc client that communicates with the signer subprocess. - publicKey crypto.PublicKey // Public key of loaded certificate. - chain [][]byte // Certificate chain of loaded certificate. -} - -// CertificateChain returns the credential as a raw X509 cert chain. This contains the public key. -func (k *Key) CertificateChain() [][]byte { - return k.chain -} - -// Close closes the RPC connection and kills the signer subprocess. -// Call this to free up resources when the Key object is no longer needed. -func (k *Key) Close() error { - if err := k.cmd.Process.Kill(); err != nil { - return fmt.Errorf("failed to kill signer process: %w", err) - } - // Wait for cmd to exit and release resources. Since the process is forcefully killed, this - // will return a non-nil error (varies by OS), which we will ignore. - _ = k.cmd.Wait() - // The Pipes connecting the RPC client should have been closed when the signer subprocess was killed. - // Calling `k.client.Close()` before `k.cmd.Process.Kill()` or `k.cmd.Wait()` _will_ cause a segfault. - if err := k.client.Close(); err.Error() != "close |0: file already closed" { - return fmt.Errorf("failed to close RPC connection: %w", err) - } - return nil -} - -// Public returns the public key for this Key. -func (k *Key) Public() crypto.PublicKey { - return k.publicKey -} - -// Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface. -func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) { - if opts != nil && opts.HashFunc() != 0 && len(digest) != opts.HashFunc().Size() { - return nil, fmt.Errorf("Digest length of %v bytes does not match Hash function size of %v bytes", len(digest), opts.HashFunc().Size()) - } - err = k.client.Call(signAPI, SignArgs{Digest: digest, Opts: opts}, &signed) - return -} - -// Encrypt encrypts a plaintext msg into ciphertext, using the specified encrypt opts. -func (k *Key) Encrypt(_ io.Reader, msg []byte, opts any) (ciphertext []byte, err error) { - err = k.client.Call(encryptAPI, EncryptArgs{Plaintext: msg, Opts: opts}, &ciphertext) - return -} - -// Decrypt decrypts a ciphertext msg into plaintext, using the specified decrypter opts. Implements crypto.Decrypter interface. -func (k *Key) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) { - err = k.client.Call(decryptAPI, DecryptArgs{Ciphertext: msg, Opts: opts}, &plaintext) - return -} - -// ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable, -// possibly due to missing config or missing binary path. -var ErrCredUnavailable = errors.New("Cred is unavailable") - -// Cred spawns a signer subprocess that listens on stdin/stdout to perform certificate -// related operations, including signing messages with the private key. -// -// The signer binary path is read from the specified configFilePath, if provided. -// Otherwise, use the default config file path. -// -// The config file also specifies which certificate the signer should use. -func Cred(configFilePath string) (*Key, error) { - if configFilePath == "" { - envFilePath := util.GetConfigFilePathFromEnv() - if envFilePath != "" { - configFilePath = envFilePath - } else { - configFilePath = util.GetDefaultConfigFilePath() - } - } - enterpriseCertSignerPath, err := util.LoadSignerBinaryPath(configFilePath) - if err != nil { - if errors.Is(err, util.ErrConfigUnavailable) { - return nil, ErrCredUnavailable - } - return nil, err - } - k := &Key{ - cmd: exec.Command(enterpriseCertSignerPath, configFilePath), - } - - // Redirect errors from subprocess to parent process. - k.cmd.Stderr = os.Stderr - - // RPC client will communicate with subprocess over stdin/stdout. - kin, err := k.cmd.StdinPipe() - if err != nil { - return nil, err - } - kout, err := k.cmd.StdoutPipe() - if err != nil { - return nil, err - } - k.client = rpc.NewClient(&Connection{kout, kin}) - - if err := k.cmd.Start(); err != nil { - return nil, fmt.Errorf("starting enterprise cert signer subprocess: %w", err) - } - - if err := k.client.Call(certificateChainAPI, struct{}{}, &k.chain); err != nil { - return nil, fmt.Errorf("failed to retrieve certificate chain: %w", err) - } - - var publicKeyBytes []byte - if err := k.client.Call(publicKeyAPI, struct{}{}, &publicKeyBytes); err != nil { - return nil, fmt.Errorf("failed to retrieve public key: %w", err) - } - - publicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes) - if err != nil { - return nil, fmt.Errorf("failed to parse public key: %w", err) - } - - var ok bool - k.publicKey, ok = publicKey.(crypto.PublicKey) - if !ok { - return nil, fmt.Errorf("invalid public key type: %T", publicKey) - } - - switch pub := k.publicKey.(type) { - case *rsa.PublicKey: - if pub.Size() < 256 { - return nil, fmt.Errorf("RSA modulus size is less than 2048 bits: %v", pub.Size()*8) - } - case *ecdsa.PublicKey: - default: - return nil, fmt.Errorf("unsupported public key type: %v", pub) - } - - return k, nil -} diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go deleted file mode 100644 index f374a7f55..000000000 --- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright 2022 Google LLC. -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Package util provides helper functions for the client. -package util - -import ( - "encoding/json" - "errors" - "io" - "os" - "os/user" - "path/filepath" - "runtime" - "strings" -) - -const configFileName = "certificate_config.json" - -// EnterpriseCertificateConfig contains parameters for initializing signer. -type EnterpriseCertificateConfig struct { - Libs Libs `json:"libs"` -} - -// Libs specifies the locations of helper libraries. -type Libs struct { - ECP string `json:"ecp"` -} - -// ErrConfigUnavailable is a sentinel error that indicates ECP config is unavailable, -// possibly due to entire config missing or missing binary path. -var ErrConfigUnavailable = errors.New("Config is unavailable") - -// LoadSignerBinaryPath retrieves the path of the signer binary from the config file. -func LoadSignerBinaryPath(configFilePath string) (path string, err error) { - jsonFile, err := os.Open(configFilePath) - if err != nil { - if errors.Is(err, os.ErrNotExist) { - return "", ErrConfigUnavailable - } - return "", err - } - - byteValue, err := io.ReadAll(jsonFile) - if err != nil { - return "", err - } - var config EnterpriseCertificateConfig - err = json.Unmarshal(byteValue, &config) - if err != nil { - return "", err - } - signerBinaryPath := config.Libs.ECP - if signerBinaryPath == "" { - return "", ErrConfigUnavailable - } - - signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "~", guessHomeDir()) - signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "$HOME", guessHomeDir()) - return signerBinaryPath, nil -} - -func guessHomeDir() string { - // Prefer $HOME over user.Current due to glibc bug: golang.org/issue/13470 - if v := os.Getenv("HOME"); v != "" { - return v - } - // Else, fall back to user.Current: - if u, err := user.Current(); err == nil { - return u.HomeDir - } - return "" -} - -func getDefaultConfigFileDirectory() (directory string) { - if runtime.GOOS == "windows" { - return filepath.Join(os.Getenv("APPDATA"), "gcloud") - } - return filepath.Join(guessHomeDir(), ".config/gcloud") -} - -// GetDefaultConfigFilePath returns the default path of the enterprise certificate config file created by gCloud. -func GetDefaultConfigFilePath() (path string) { - return filepath.Join(getDefaultConfigFileDirectory(), configFileName) -} - -// GetConfigFilePathFromEnv returns the path associated with environment variable GOOGLE_API_CERTIFICATE_CONFIG -func GetConfigFilePathFromEnv() (path string) { - return os.Getenv("GOOGLE_API_CERTIFICATE_CONFIG") -} -- cgit mrf-deployment