diff --git a/casket/casketmain/run.go b/casket/casketmain/run.go index 1d210862..2ad603a4 100644 --- a/casket/casketmain/run.go +++ b/casket/casketmain/run.go @@ -16,9 +16,11 @@ package casketmain import ( "bufio" + "context" "errors" "flag" "fmt" + "go.uber.org/zap" "io" "io/ioutil" "log" @@ -29,13 +31,13 @@ import ( "strconv" "strings" + "github.com/caddyserver/certmagic" "github.com/google/uuid" "github.com/klauspost/cpuid" "github.com/tmpim/casket" "github.com/tmpim/casket/casketfile" "github.com/tmpim/casket/caskettls" "github.com/tmpim/casket/telemetry" - "github.com/tmpim/certmagic" lumberjack "gopkg.in/natefinch/lumberjack.v2" _ "github.com/tmpim/casket/caskethttp" // plug in the HTTP server type @@ -45,11 +47,11 @@ import ( func init() { casket.TrapSignals() - flag.BoolVar(&certmagic.Default.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement") - flag.StringVar(&certmagic.Default.CA, "ca", certmagic.Default.CA, "URL to certificate authority's ACME server directory") + flag.BoolVar(&certmagic.DefaultACME.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement") + flag.StringVar(&certmagic.DefaultACME.CA, "ca", certmagic.DefaultACME.CA, "URL to certificate authority's ACME server directory") flag.StringVar(&certmagic.Default.DefaultServerName, "default-sni", certmagic.Default.DefaultServerName, "If a ClientHello ServerName is empty, use this ServerName to choose a TLS certificate") - flag.BoolVar(&certmagic.Default.DisableHTTPChallenge, "disable-http-challenge", certmagic.Default.DisableHTTPChallenge, "Disable the ACME HTTP challenge") - flag.BoolVar(&certmagic.Default.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.Default.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge") + flag.BoolVar(&certmagic.DefaultACME.DisableHTTPChallenge, "disable-http-challenge", certmagic.DefaultACME.DisableHTTPChallenge, "Disable the ACME HTTP challenge") + flag.BoolVar(&certmagic.DefaultACME.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.DefaultACME.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge") flag.StringVar(&disabledMetrics, "disabled-metrics", "", "Comma-separated list of telemetry metrics to disable") flag.StringVar(&conf, "conf", "", "Casketfile to load (default \""+casket.DefaultConfigFile+"\")") flag.StringVar(&cpu, "cpu", "100%", "CPU cap") @@ -57,7 +59,7 @@ func init() { flag.StringVar(&envFile, "envfile", "", "Path to file with environment variables to load in KEY=VALUE format") flag.BoolVar(&fromJSON, "json-to-casketfile", false, "From JSON stdin to Casketfile stdout") flag.BoolVar(&plugins, "plugins", false, "List installed plugins") - flag.StringVar(&certmagic.Default.Email, "email", "", "Default ACME CA account email address") + flag.StringVar(&certmagic.DefaultACME.Email, "email", "", "Default ACME CA account email address") flag.DurationVar(&certmagic.HTTPTimeout, "catimeout", certmagic.HTTPTimeout, "Default ACME CA HTTP timeout") flag.StringVar(&logfile, "log", "", "Process log file") flag.BoolVar(&logTimestamps, "log-timestamps", true, "Enable timestamps for the process log") @@ -84,7 +86,10 @@ func Run() { casket.AppName = appName casket.AppVersion = module.Version - casket.OnProcessExit = append(casket.OnProcessExit, certmagic.CleanUpOwnLocks) + casket.OnProcessExit = append(casket.OnProcessExit, func() { + // TODO: Redirect to our own logger instead of zap.NewNop() + certmagic.CleanUpOwnLocks(context.TODO(), zap.NewNop()) + }) certmagic.UserAgent = appName + "/" + cleanModVersion if !logTimestamps { diff --git a/caskethttp/httpserver/https.go b/caskethttp/httpserver/https.go index 5cf2ce3a..32683186 100644 --- a/caskethttp/httpserver/https.go +++ b/caskethttp/httpserver/https.go @@ -15,14 +15,15 @@ package httpserver import ( + "context" "fmt" "net" "net/http" "strconv" + "github.com/caddyserver/certmagic" "github.com/tmpim/casket" "github.com/tmpim/casket/caskettls" - "github.com/tmpim/certmagic" ) func activateHTTPS(cctx casket.Context) error { @@ -45,7 +46,8 @@ func activateHTTPS(cctx casket.Context) error { if c.TLS.Manager.OnDemand != nil { continue // obtain these certificates on-demand instead } - err := c.TLS.Manager.ObtainCert(c.TLS.Hostname, operatorPresent) + + err := c.TLS.Manager.ObtainCertAsync(context.TODO(), c.TLS.Hostname) if err != nil { return err } @@ -71,7 +73,7 @@ func activateHTTPS(cctx casket.Context) error { certCache, ok := ctx.instance.Storage[caskettls.CertCacheInstStorageKey].(*certmagic.Cache) ctx.instance.StorageMu.RUnlock() if ok && certCache != nil { - err = certCache.RenewManagedCertificates() + err = certCache.RenewManagedCertificates(context.TODO()) if err != nil { return err } @@ -116,8 +118,10 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error { } cfg.TLS.Enabled = true cfg.Addr.Scheme = "https" - if loadCertificates && certmagic.HostQualifies(cfg.TLS.Hostname) { - _, err := cfg.TLS.Manager.CacheManagedCertificate(cfg.TLS.Hostname) + + // TODO: SubjectQualifiesForPublicCert behavior may be slightly different in mainline certmagic + if loadCertificates && certmagic.SubjectQualifiesForPublicCert(cfg.TLS.Hostname) { + _, err := cfg.TLS.Manager.CacheManagedCertificate(context.TODO(), cfg.TLS.Hostname) if err != nil { return err } diff --git a/caskethttp/httpserver/https_test.go b/caskethttp/httpserver/https_test.go index 28a2fd04..b7fde333 100644 --- a/caskethttp/httpserver/https_test.go +++ b/caskethttp/httpserver/https_test.go @@ -23,8 +23,8 @@ import ( "strconv" "testing" + "github.com/caddyserver/certmagic" "github.com/tmpim/casket/caskettls" - "github.com/tmpim/certmagic" ) func TestRedirPlaintextHost(t *testing.T) { diff --git a/caskethttp/httpserver/plugin.go b/caskethttp/httpserver/plugin.go index de0cce4d..6ab5de3b 100644 --- a/caskethttp/httpserver/plugin.go +++ b/caskethttp/httpserver/plugin.go @@ -27,12 +27,12 @@ import ( "strings" "time" + "github.com/caddyserver/certmagic" "github.com/tmpim/casket" "github.com/tmpim/casket/casketfile" "github.com/tmpim/casket/caskethttp/staticfiles" "github.com/tmpim/casket/caskettls" "github.com/tmpim/casket/telemetry" - "github.com/tmpim/certmagic" ) const serverType = "http" @@ -192,13 +192,14 @@ func (h *httpContext) InspectServerBlocks(sourceFile string, serverBlocks []cask // Make our caskettls.Config, which has a pointer to the // instance's certificate cache and enough information // to use automatic HTTPS when the time comes - caskettlsConfig, err := caskettls.NewConfig(h.instance) + caskettlsConfig, err := caskettls.NewConfig(h.instance, certmagic.ACMEIssuer{ + AltHTTPPort: altHTTPPort, + AltTLSALPNPort: altTLSALPNPort, + }) if err != nil { return nil, fmt.Errorf("creating new caskettls configuration: %v", err) } caskettlsConfig.Hostname = addr.Host - caskettlsConfig.Manager.AltHTTPPort = altHTTPPort - caskettlsConfig.Manager.AltTLSALPNPort = altTLSALPNPort // Save the config to our master list, and key it for lookups cfg := &SiteConfig{ @@ -239,7 +240,7 @@ func (h *httpContext) MakeServers() ([]casket.Server, error) { // trusted CA (obviously not a perfect heuristic) var looksLikeProductionCA bool for _, publicCAEndpoint := range caskettls.KnownACMECAs { - if strings.Contains(certmagic.Default.CA, publicCAEndpoint) { + if strings.Contains(certmagic.DefaultACME.CA, publicCAEndpoint) { looksLikeProductionCA = true break } @@ -262,7 +263,7 @@ func (h *httpContext) MakeServers() ([]casket.Server, error) { !casket.IsInternal(cfg.Addr.Host) && !casket.IsInternal(cfg.ListenHost) && (caskettls.QualifiesForManagedTLS(cfg) || - certmagic.HostQualifies(cfg.Addr.Host)) { + certmagic.SubjectQualifiesForPublicCert(cfg.Addr.Host)) { atLeastOneSiteLooksLikeProduction = true } } @@ -328,7 +329,8 @@ func (h *httpContext) MakeServers() ([]casket.Server, error) { } // normalizedKey returns "normalized" key representation: -// scheme and host names are lowered, everything else stays the same +// +// scheme and host names are lowered, everything else stays the same func normalizedKey(key string) string { addr, err := standardizeAddress(key) if err != nil { diff --git a/caskethttp/httpserver/tplcontext.go b/caskethttp/httpserver/tplcontext.go index 16b53e31..7e599a21 100644 --- a/caskethttp/httpserver/tplcontext.go +++ b/caskethttp/httpserver/tplcontext.go @@ -33,7 +33,7 @@ import ( "os" - "github.com/tmpim/certmagic" + "github.com/caddyserver/certmagic" "github.com/russross/blackfriday" "github.com/tmpim/casket/caskettls" ) diff --git a/caskettls/config.go b/caskettls/config.go index b1d9f27f..ce1430ee 100644 --- a/caskettls/config.go +++ b/caskettls/config.go @@ -15,17 +15,17 @@ package caskettls import ( + "context" "crypto/tls" "crypto/x509" "fmt" "io/ioutil" "time" - "github.com/go-acme/lego/v4/certcrypto" + "github.com/caddyserver/certmagic" "github.com/go-acme/lego/v4/challenge/tlsalpn01" "github.com/klauspost/cpuid" "github.com/tmpim/casket" - "github.com/tmpim/certmagic" ) // Config describes how TLS should be configured and used. @@ -84,6 +84,12 @@ type Config struct { // Manager is how certificates are managed Manager *certmagic.Config + // Issuer is the configuration for the ACME issuer, which will be the first issuer in Manager.Issuers + Issuer *certmagic.ACMEIssuer + + // KeyType is the type of key used for self-signed certificates + KeyType certmagic.KeyType + // NoRedirect will disable the automatic HTTP->HTTPS redirect, regardless // of whether the site is managed or not. NoRedirect bool @@ -111,7 +117,7 @@ type Config struct { // NewConfig returns a new Config with a pointer to the instance's // certificate cache. You will usually need to set other fields on // the returned Config for successful practical use. -func NewConfig(inst *casket.Instance) (*Config, error) { +func NewConfig(inst *casket.Instance, template certmagic.ACMEIssuer) (*Config, error) { inst.StorageMu.RLock() certCache, ok := inst.Storage[CertCacheInstStorageKey].(*certmagic.Cache) inst.StorageMu.RUnlock() @@ -120,18 +126,18 @@ func NewConfig(inst *casket.Instance) (*Config, error) { return nil, err } certCache = certmagic.NewCache(certmagic.CacheOptions{ - GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) { + GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) { inst.StorageMu.RLock() cfgMap, ok := inst.Storage[configMapKey].(map[string]*Config) inst.StorageMu.RUnlock() if ok { for hostname, cfg := range cfgMap { if cfg.Manager != nil && hostname == cert.Names[0] { - return *cfg.Manager, nil + return cfg.Manager, nil } } } - return certmagic.Default, nil + return certmagic.NewDefault(), nil }, }) @@ -144,9 +150,13 @@ func NewConfig(inst *casket.Instance) (*Config, error) { storageCleaningTicker.Stop() return case <-storageCleaningTicker.C: - certmagic.CleanStorage(certmagic.Default.Storage, certmagic.CleanStorageOptions{ + err := certmagic.CleanStorage(context.TODO(), certmagic.Default.Storage, certmagic.CleanStorageOptions{ OCSPStaples: true, }) + + if err != nil { + fmt.Println("[ERROR] cleaning storage:", err) + } } } }() @@ -161,8 +171,14 @@ func NewConfig(inst *casket.Instance) (*Config, error) { inst.Storage[CertCacheInstStorageKey] = certCache inst.StorageMu.Unlock() } + + magic := certmagic.New(certCache, certmagic.Config{}) + issuer := certmagic.NewACMEIssuer(magic, template) + magic.Issuers = []certmagic.Issuer{issuer} + return &Config{ - Manager: certmagic.New(certCache, certmagic.Config{}), + Manager: magic, + Issuer: issuer, }, nil } @@ -438,11 +454,13 @@ func SetDefaultTLSParams(config *Config) { } // Map of supported key types -var supportedKeyTypes = map[string]certcrypto.KeyType{ - "P384": certcrypto.EC384, - "P256": certcrypto.EC256, - "RSA4096": certcrypto.RSA4096, - "RSA2048": certcrypto.RSA2048, +var supportedKeyTypes = map[string]certmagic.KeyType{ + "ED25519": certmagic.ED25519, + "P256": certmagic.P256, + "P384": certmagic.P384, + "RSA2048": certmagic.RSA2048, + "RSA4096": certmagic.RSA4096, + "RSA8192": certmagic.RSA8192, } // SupportedProtocols is a map of supported protocols. diff --git a/caskettls/handshake.go b/caskettls/handshake.go index 6765f6b1..dc6134bc 100644 --- a/caskettls/handshake.go +++ b/caskettls/handshake.go @@ -21,7 +21,7 @@ import ( "net" "strings" - "github.com/tmpim/certmagic" + "github.com/caddyserver/certmagic" "github.com/tmpim/casket/telemetry" ) @@ -40,9 +40,9 @@ type configGroup map[string]*Config // This function follows nearly the same logic to lookup // a hostname as the getCertificate function uses. func (cg configGroup) getConfig(hello *tls.ClientHelloInfo) *Config { - name := certmagic.NormalizedName(hello.ServerName) + name := normalizedName(hello.ServerName) if name == "" { - name = certmagic.NormalizedName(certmagic.Default.DefaultServerName) + name = normalizedName(certmagic.Default.DefaultServerName) } // if SNI is empty, prefer matching IP address (it is @@ -174,3 +174,9 @@ func (info ClientHelloInfo) Key() string { // TLS ClientHellos to telemetry. Disable if doing // it from a different package. var ClientHelloTelemetry = true + +// normalizedName returns a cleaned form of serverName that is +// used for consistency when referring to a SNI value. +func normalizedName(serverName string) string { + return strings.ToLower(strings.TrimSpace(serverName)) +} diff --git a/caskettls/selfsigned.go b/caskettls/selfsigned.go index eb32f67b..dc3e16f2 100644 --- a/caskettls/selfsigned.go +++ b/caskettls/selfsigned.go @@ -2,19 +2,17 @@ package caskettls import ( "crypto/ecdsa" - "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "fmt" + "github.com/caddyserver/certmagic" "math/big" "net" "strings" "time" - - "github.com/go-acme/lego/v4/certcrypto" ) // newSelfSignedCertificate returns a new self-signed certificate. @@ -22,20 +20,9 @@ func newSelfSignedCertificate(ssconfig selfSignedConfig) (tls.Certificate, error // start by generating private key var privKey interface{} var err error - switch ssconfig.KeyType { - case "", certcrypto.EC256: - privKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - case certcrypto.EC384: - privKey, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - case certcrypto.RSA2048: - privKey, err = rsa.GenerateKey(rand.Reader, 2048) - case certcrypto.RSA4096: - privKey, err = rsa.GenerateKey(rand.Reader, 4096) - case certcrypto.RSA8192: - privKey, err = rsa.GenerateKey(rand.Reader, 8192) - default: - return tls.Certificate{}, fmt.Errorf("cannot generate private key; unknown key type %v", ssconfig.KeyType) - } + + keyGenerator := certmagic.StandardKeyGenerator{KeyType: ssconfig.KeyType} + privKey, err = keyGenerator.GenerateKey() if err != nil { return tls.Certificate{}, fmt.Errorf("failed to generate private key: %v", err) } @@ -98,6 +85,6 @@ func newSelfSignedCertificate(ssconfig selfSignedConfig) (tls.Certificate, error // selfSignedConfig configures a self-signed certificate. type selfSignedConfig struct { SAN []string - KeyType certcrypto.KeyType + KeyType certmagic.KeyType Expire time.Time } diff --git a/caskettls/setup.go b/caskettls/setup.go index 88100874..6496c2bd 100644 --- a/caskettls/setup.go +++ b/caskettls/setup.go @@ -16,6 +16,7 @@ package caskettls import ( "bytes" + "context" "crypto/tls" "encoding/pem" "fmt" @@ -29,9 +30,9 @@ import ( "sync/atomic" "time" + "github.com/caddyserver/certmagic" "github.com/tmpim/casket" "github.com/tmpim/casket/telemetry" - "github.com/tmpim/certmagic" ) func init() { @@ -66,49 +67,15 @@ func setupTLS(c *casket.Controller) error { config.Enabled = true - // we use certmagic events to collect metrics for telemetry - config.Manager.OnEvent = func(event string, data interface{}) { + config.Manager.OnEvent = func(ctx context.Context, event string, data map[string]interface{}) error { switch event { - case "tls_handshake_started": - clientHello := data.(*tls.ClientHelloInfo) - if ClientHelloTelemetry && len(clientHello.SupportedVersions) > 0 { - // If no other plugin (such as the HTTP server type) is implementing ClientHello telemetry, we do it. - // NOTE: The values in the Go standard lib's ClientHelloInfo aren't guaranteed to be in order. - info := ClientHelloInfo{ - Version: clientHello.SupportedVersions[0], // report the highest - CipherSuites: clientHello.CipherSuites, - ExtensionsUnknown: true, // no extension info... :( - CompressionMethodsUnknown: true, // no compression methods... :( - Curves: clientHello.SupportedCurves, - Points: clientHello.SupportedPoints, - // We also have, but do not yet use: SignatureSchemes, ServerName, and SupportedProtos (ALPN) - // because the standard lib parses some extensions, but our MITM detector generally doesn't. - } - go telemetry.SetNested("tls_client_hello", info.Key(), info) + case "cert_obtained": + if data["renewal"] == true { + name := data["identifier"].(string) + casket.EmitEvent(casket.CertRenewEvent, name) } - - case "tls_handshake_completed": - // TODO: This is a "best guess" for now - at this point, we only gave a - // certificate to the client; we need something listener-level to be sure - go telemetry.Increment("tls_handshake_count") - - case "acme_cert_obtained": - go telemetry.Increment("tls_acme_certs_obtained") - - case "acme_cert_renewed": - name := data.(string) - casket.EmitEvent(casket.CertRenewEvent, name) - go telemetry.Increment("tls_acme_certs_renewed") - - case "acme_cert_revoked": - telemetry.Increment("acme_certs_revoked") - - case "cached_managed_cert": - telemetry.Increment("tls_managed_cert_count") - - case "cached_unmanaged_cert": - telemetry.Increment("tls_unmanaged_cert_count") } + return nil } for c.Next() { @@ -132,7 +99,7 @@ func setupTLS(c *casket.Controller) error { case "self_signed": config.SelfSigned = true default: - config.Manager.Email = args[0] + config.Issuer.Email = args[0] } case 2: certificateFile = args[0] @@ -150,14 +117,15 @@ func setupTLS(c *casket.Controller) error { if len(arg) != 1 { return c.ArgErr() } - config.Manager.CA = arg[0] + config.Issuer.CA = arg[0] case "key_type": arg := c.RemainingArgs() value, ok := supportedKeyTypes[strings.ToUpper(arg[0])] if !ok { return c.Errf("Wrong key type name or key type not supported: '%s'", c.Val()) } - config.Manager.KeyType = value + config.KeyType = value + config.Manager.KeySource = certmagic.StandardKeyGenerator{KeyType: value} case "protocols": args := c.RemainingArgs() if len(args) == 1 { @@ -254,7 +222,9 @@ func setupTLS(c *casket.Controller) error { if err != nil { return c.Errf("Setting up DNS provider '%s': %v", dnsProvName, err) } - config.Manager.DNSProvider = dnsProv + config.Issuer.DNS01Solver = &certmagic.DNS01Solver{ + DNSProvider: dnsProv, + } case "alpn": args := c.RemainingArgs() if len(args) == 0 { @@ -266,7 +236,7 @@ func setupTLS(c *casket.Controller) error { case "must_staple": config.Manager.MustStaple = true case "wildcard": - if !certmagic.HostQualifies(config.Hostname) { + if !certmagic.SubjectQualifiesForPublicCert(config.Hostname) { return c.Errf("Hostname '%s' does not qualify for managed TLS, so cannot manage wildcard certificate for it", config.Hostname) } if strings.Contains(config.Hostname, "*") { @@ -305,7 +275,7 @@ func setupTLS(c *casket.Controller) error { if parsedURL.Scheme != "http" && parsedURL.Scheme != "https" { return c.Err("ask URL must use http or https") } - config.Manager.OnDemand.DecisionFunc = func(name string) error { + config.Manager.OnDemand.DecisionFunc = func(ctx context.Context, name string) error { askURLParsed, err := url.Parse(askURL) if err != nil { return fmt.Errorf("parsing ask URL: %v", err) @@ -338,7 +308,7 @@ func setupTLS(c *casket.Controller) error { // load a single certificate and key, if specified if certificateFile != "" && keyFile != "" { - err := config.Manager.CacheUnmanagedCertificatePEMFile(certificateFile, keyFile, nil) + _, err := config.Manager.CacheUnmanagedCertificatePEMFile(context.TODO(), certificateFile, keyFile, nil) if err != nil { return c.Errf("Unable to load certificate and key files for '%s': %v", c.Key, err) } @@ -360,12 +330,12 @@ func setupTLS(c *casket.Controller) error { if config.SelfSigned { ssCert, err := newSelfSignedCertificate(selfSignedConfig{ SAN: []string{config.Hostname}, - KeyType: config.Manager.KeyType, + KeyType: config.KeyType, }) if err != nil { return fmt.Errorf("self-signed certificate generation: %v", err) } - err = config.Manager.CacheUnmanagedTLSCertificate(ssCert, nil) + _, err = config.Manager.CacheUnmanagedTLSCertificate(context.TODO(), ssCert, nil) if err != nil { return fmt.Errorf("self-signed: %v", err) } @@ -461,7 +431,7 @@ func loadCertsInDir(cfg *Config, c *casket.Controller, dir string) error { return c.Errf("%s: no private key block found", path) } - err = cfg.Manager.CacheUnmanagedCertificatePEMBytes(certPEMBytes, keyPEMBytes, nil) + _, err = cfg.Manager.CacheUnmanagedCertificatePEMBytes(context.TODO(), certPEMBytes, keyPEMBytes, nil) if err != nil { return c.Errf("%s: failed to load cert and key for '%s': %v", path, c.Key, err) } diff --git a/caskettls/tls.go b/caskettls/tls.go index dee21db0..681c5305 100644 --- a/caskettls/tls.go +++ b/caskettls/tls.go @@ -29,9 +29,10 @@ package caskettls import ( + "context" + "github.com/caddyserver/certmagic" "github.com/go-acme/lego/v4/challenge" "github.com/tmpim/casket" - "github.com/tmpim/certmagic" ) // ConfigHolder is any type that has a Config; it presumably is @@ -71,13 +72,15 @@ func QualifiesForManagedTLS(c ConfigHolder) bool { // we get can't certs for some kinds of hostnames, but // on-demand TLS allows empty hostnames at startup - (certmagic.HostQualifies(c.Host()) || onDemand) + (certmagic.SubjectQualifiesForPublicCert(c.Host()) || onDemand) } -// Revoke revokes the certificate fro host via the ACME protocol. +// Revoke revokes the certificate for host via the ACME protocol. // It assumes the certificate was obtained from certmagic.CA. func Revoke(domainName string) error { - return certmagic.NewDefault().RevokeCert(domainName, true) + // TODO: Bubble down certificate revocation reasons per RFC 5280. Is this function only ever called by human + // interaction? + return certmagic.NewDefault().RevokeCert(context.TODO(), domainName, 0, true) } // KnownACMECAs is a list of ACME directory endpoints of diff --git a/go.mod b/go.mod index 9a50d75f..a15e1dbf 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.16 require ( contrib.go.opencensus.io/exporter/ocagent v0.7.0 // indirect + github.com/caddyserver/certmagic v0.20.0 // indirect github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect github.com/djherbis/buffer v1.2.0 // indirect github.com/djherbis/nio/v3 v3.0.1 // indirect @@ -18,8 +19,10 @@ require ( github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 // indirect github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a github.com/klauspost/cpuid v1.3.1 + github.com/klauspost/cpuid/v2 v2.2.6 // indirect github.com/lucas-clemente/quic-go v0.23.0 github.com/mholt/archiver/v3 v3.5.0 + github.com/miekg/dns v1.1.58 // indirect github.com/miolini/datacounter v1.0.2 // indirect github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 @@ -28,12 +31,8 @@ require ( github.com/tmpim/casket-plugins v0.0.4-0.20210411234607-8b023eeb664d github.com/tmpim/certmagic v0.12.4 github.com/tmpim/dnsproviders v0.4.3-0.20211231213508-66e13a82678d - golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect - golang.org/x/mod v0.5.0 // indirect - golang.org/x/net v0.0.0-20210825183410-e898025ed96a - golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf // indirect - golang.org/x/text v0.3.7 // indirect - golang.org/x/tools v0.1.5 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/net v0.20.0 google.golang.org/api v0.36.0 // indirect google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d // indirect google.golang.org/grpc v1.34.0 // indirect diff --git a/go.sum b/go.sum index 483788b6..a215cad5 100644 --- a/go.sum +++ b/go.sum @@ -106,6 +106,7 @@ github.com/aws/aws-sdk-go v1.30.20 h1:ktsy2vodSZxz/arYqo7DlpkIeNohHL+4Rmjdo7YGtr github.com/aws/aws-sdk-go v1.30.20/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -116,6 +117,8 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBW github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/caddy v1.0.5/go.mod h1:AnFHB+/MrgRC+mJAvuAgQ38ePzw+wKeW0wzENpdQQKY= +github.com/caddyserver/certmagic v0.20.0 h1:bTw7LcEZAh9ucYCRXyCpIrSAGplplI0vGYJ4BpCQ/Fc= +github.com/caddyserver/certmagic v0.20.0/go.mod h1:N4sXgpICQUskEWpj7zVzvWD41p3NYacrNoZYiRM2jTg= github.com/caddyserver/forwardproxy v0.0.0-20201205091008-b3a96fb34dbe/go.mod h1:W0aU9LnTqv+Yzt+9Tu72GAb3ERJW6IDNB032Y6R9ZD0= github.com/captncraig/cors v0.0.0-20190703115713-e80254a89df1 h1:AFSJaASPGYNbkUa5c8ZybrcW9pP3Cy7+z5dnpcc/qG8= github.com/captncraig/cors v0.0.0-20190703115713-e80254a89df1/go.mod h1:EIlIeMufZ8nqdUhnesledB15xLRl4wIJUppwDLPrdrQ= @@ -166,6 +169,7 @@ github.com/cpu/goacmedns v0.0.3/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgS github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/dancannon/gorethink v4.0.0+incompatible h1:KFV7Gha3AuqT+gr0B/eKvGhbjmUv0qGF43aKCIKVE9A= github.com/dancannon/gorethink v4.0.0+incompatible/go.mod h1:BLvkat9KmZc1efyYwhz3WnybhRZtgF1K929FD8z1avU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -432,6 +436,11 @@ github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.3.1 h1:5JNjFYYQrZeKRJ0734q51WCEEn2huer72Dc7K+R/b6s= github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= +github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= +github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= +github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/klauspost/pgzip v1.2.4 h1:TQ7CNpYKovDOmqzRHKxJh0BeaBI7UdQZYc6p7pMQh1A= github.com/klauspost/pgzip v1.2.4/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= @@ -447,10 +456,13 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA= github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w= +github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= +github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= @@ -498,6 +510,8 @@ github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mholt/acmez v1.2.0 h1:1hhLxSgY5FvH5HCnGUuwbKY2VQVo8IU7rxXKSnZ7F30= +github.com/mholt/acmez v1.2.0/go.mod h1:VT9YwH1xgNX1kmYY89gY8xPJC84BFAisjo8Egigt4kE= github.com/mholt/archiver v1.1.2 h1:xukR55YIrnhDHp10lrNtRSsAK5THpWrOCuviweNSBw4= github.com/mholt/archiver v3.1.1+incompatible h1:1dCVxuqs0dJseYEhi5pl7MYPH9zDa1wBi7mF09cbNkU= github.com/mholt/archiver v3.1.1+incompatible/go.mod h1:Dh2dOXnSdiLxRiPoVfIr/fI1TwETms9B8CTWfeh7ROU= @@ -513,6 +527,10 @@ github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.35 h1:oTfOaDH+mZkdcgdIjH6yBajRGtIwcwcaR+rt23ZSrJs= github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= +github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/miolini/datacounter v1.0.2 h1:mGTL0vqEAtH7mwNJS1JIpd6jwTAP6cBQQ2P8apaCIm8= github.com/miolini/datacounter v1.0.2/go.mod h1:C45dc2hBumHjDpEU64IqPwR6TDyPVpzOqqRTN7zmBUA= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -741,12 +759,21 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tidwall/gjson v1.6.4 h1:JKsCsJqRVFz8eYCsQ5E/ANRbK6CanAtA9IUvGsXklyo= @@ -817,6 +844,11 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zeebo/blake3 v0.2.3 h1:TFoLXsjeXqRNFxSbk35Dk4YtszE/MQQGK10BH4ptoTg= +github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvvKCaQ= +github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= @@ -834,12 +866,26 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -869,6 +915,14 @@ golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHR golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -903,6 +957,14 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -960,6 +1022,17 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -985,6 +1058,12 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVs golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180828065106-d99a578cf41b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1058,8 +1137,29 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1070,6 +1170,15 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1134,6 +1243,14 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= +golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1306,6 +1423,7 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=