diff --git a/authenticate/handlers.go b/authenticate/handlers.go index 51bc334a5..d73ee9325 100644 --- a/authenticate/handlers.go +++ b/authenticate/handlers.go @@ -10,13 +10,13 @@ import ( "strings" "time" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/uuid" "github.com/gorilla/mux" "github.com/pomerium/csrf" "github.com/rs/cors" "golang.org/x/oauth2" "google.golang.org/protobuf/types/known/timestamppb" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/identity" diff --git a/authenticate/handlers_test.go b/authenticate/handlers_test.go index bbb9760e0..adfa751a3 100644 --- a/authenticate/handlers_test.go +++ b/authenticate/handlers_test.go @@ -13,6 +13,7 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3/jwt" "github.com/golang/mock/gomock" "github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes/empty" @@ -23,7 +24,6 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/encoding" diff --git a/authenticate/state.go b/authenticate/state.go index 317c39be1..37c8025b5 100644 --- a/authenticate/state.go +++ b/authenticate/state.go @@ -8,7 +8,7 @@ import ( "net/url" "sync/atomic" - "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/encoding" diff --git a/authorize/evaluator/evaluator.go b/authorize/evaluator/evaluator.go index 6e5c44565..8cc978c1c 100644 --- a/authorize/evaluator/evaluator.go +++ b/authorize/evaluator/evaluator.go @@ -7,8 +7,8 @@ import ( "fmt" "net/http" + "github.com/go-jose/go-jose/v3" "github.com/open-policy-agent/opa/rego" - "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/httputil" diff --git a/authorize/evaluator/evaluator_test.go b/authorize/evaluator/evaluator_test.go index e2ad9f9a0..2751987c6 100644 --- a/authorize/evaluator/evaluator_test.go +++ b/authorize/evaluator/evaluator_test.go @@ -8,13 +8,13 @@ import ( "net/url" "testing" + "github.com/go-jose/go-jose/v3" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/timestamppb" - "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/httputil" diff --git a/authorize/evaluator/headers_evaluator_test.go b/authorize/evaluator/headers_evaluator_test.go index 1c295be3c..f64bdbf9b 100644 --- a/authorize/evaluator/headers_evaluator_test.go +++ b/authorize/evaluator/headers_evaluator_test.go @@ -6,14 +6,13 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/pkg/cryptutil" ) diff --git a/authorize/evaluator/policy_evaluator_test.go b/authorize/evaluator/policy_evaluator_test.go index c2c7200c0..f7a4de462 100644 --- a/authorize/evaluator/policy_evaluator_test.go +++ b/authorize/evaluator/policy_evaluator_test.go @@ -5,16 +5,15 @@ import ( "math" "testing" + "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" - "gopkg.in/square/go-jose.v2" - - "github.com/pomerium/pomerium/pkg/grpc/session" - "github.com/pomerium/pomerium/pkg/grpc/user" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/pkg/cryptutil" + "github.com/pomerium/pomerium/pkg/grpc/session" + "github.com/pomerium/pomerium/pkg/grpc/user" ) func TestPolicyEvaluator(t *testing.T) { diff --git a/authorize/evaluator/store.go b/authorize/evaluator/store.go index 82e1e52d1..764693ccf 100644 --- a/authorize/evaluator/store.go +++ b/authorize/evaluator/store.go @@ -7,6 +7,7 @@ import ( "sync" "sync/atomic" + "github.com/go-jose/go-jose/v3" "github.com/google/uuid" "github.com/open-policy-agent/opa/ast" "github.com/open-policy-agent/opa/rego" @@ -16,7 +17,6 @@ import ( "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/timestamppb" - "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/log" diff --git a/cmd/pomerium-cli/kubernetes.go b/cmd/pomerium-cli/kubernetes.go index d0847a48b..f787e1c3e 100644 --- a/cmd/pomerium-cli/kubernetes.go +++ b/cmd/pomerium-cli/kubernetes.go @@ -9,8 +9,8 @@ import ( "os" "time" + "github.com/go-jose/go-jose/v3" "github.com/spf13/cobra" - jose "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/internal/authclient" ) diff --git a/go.mod b/go.mod index 1514a8971..fa6d54506 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/envoyproxy/protoc-gen-validate v0.6.1 github.com/fsnotify/fsnotify v1.4.9 github.com/go-chi/chi v1.5.4 + github.com/go-jose/go-jose/v3 v3.0.0-rc.1 github.com/go-ole/go-ole v1.2.5 // indirect github.com/go-redis/redis/v8 v8.10.0 github.com/golang/mock v1.5.0 @@ -76,6 +77,5 @@ require ( gopkg.in/auth0.v5 v5.17.0 gopkg.in/cookieo9/resources-go.v2 v2.0.0-20150225115733-d27c04069d0d gopkg.in/ini.v1 v1.62.0 // indirect - gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b ) diff --git a/go.sum b/go.sum index af0e82aa7..c61a77aaa 100644 --- a/go.sum +++ b/go.sum @@ -242,6 +242,8 @@ github.com/go-critic/go-critic v0.5.6/go.mod h1:cVjj0DfqewQVIlIAGexPCaGaZDAqGE29 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-jose/go-jose/v3 v3.0.0-rc.1 h1:PoP9L/6z8tO+cWgHNfkDaXXa4Aek6Ty8xYTKqJkL6xw= +github.com/go-jose/go-jose/v3 v3.0.0-rc.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= @@ -923,6 +925,7 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1387,9 +1390,8 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= -gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= diff --git a/internal/cliutil/jwtcache.go b/internal/cliutil/jwtcache.go index e69d0a119..befa45092 100644 --- a/internal/cliutil/jwtcache.go +++ b/internal/cliutil/jwtcache.go @@ -10,8 +10,8 @@ import ( "sync" "time" + "github.com/go-jose/go-jose/v3" "github.com/martinlindhe/base36" - "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/pkg/cryptutil" ) diff --git a/internal/cliutil/jwtcache_test.go b/internal/cliutil/jwtcache_test.go index c42dc1818..051862c22 100644 --- a/internal/cliutil/jwtcache_test.go +++ b/internal/cliutil/jwtcache_test.go @@ -9,9 +9,9 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" "github.com/google/uuid" "github.com/stretchr/testify/assert" - "gopkg.in/square/go-jose.v2" ) func TestLocalJWTCache(t *testing.T) { diff --git a/internal/encoding/jws/jws.go b/internal/encoding/jws/jws.go index 142bd294a..6615a7404 100644 --- a/internal/encoding/jws/jws.go +++ b/internal/encoding/jws/jws.go @@ -5,8 +5,8 @@ package jws import ( "github.com/pomerium/pomerium/internal/encoding" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" ) // JSONWebSigner is the struct representing a signed JWT. diff --git a/internal/identity/oauth/github/github.go b/internal/identity/oauth/github/github.go index 3a9d9f153..8ab1a59fc 100644 --- a/internal/identity/oauth/github/github.go +++ b/internal/identity/oauth/github/github.go @@ -13,8 +13,8 @@ import ( "strings" "time" + "github.com/go-jose/go-jose/v3/jwt" "golang.org/x/oauth2" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/identity/identity" diff --git a/internal/sessions/cookie/middleware_test.go b/internal/sessions/cookie/middleware_test.go index 90bba2f42..d3ac2ef69 100644 --- a/internal/sessions/cookie/middleware_test.go +++ b/internal/sessions/cookie/middleware_test.go @@ -10,8 +10,8 @@ import ( "github.com/pomerium/pomerium/internal/sessions" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/internal/encoding/ecjson" "github.com/pomerium/pomerium/pkg/cryptutil" diff --git a/internal/sessions/header/middleware_test.go b/internal/sessions/header/middleware_test.go index b0dc09137..92d9c6a5a 100644 --- a/internal/sessions/header/middleware_test.go +++ b/internal/sessions/header/middleware_test.go @@ -12,8 +12,8 @@ import ( "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/pkg/cryptutil" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" - "gopkg.in/square/go-jose.v2/jwt" ) func testAuthorizer(next http.Handler) http.Handler { diff --git a/internal/sessions/middleware_test.go b/internal/sessions/middleware_test.go index d24d0bf61..5ed6c2a9b 100644 --- a/internal/sessions/middleware_test.go +++ b/internal/sessions/middleware_test.go @@ -9,8 +9,8 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/internal/encoding/jws" "github.com/pomerium/pomerium/internal/sessions" diff --git a/internal/sessions/queryparam/middleware_test.go b/internal/sessions/queryparam/middleware_test.go index 29a624250..eb231ad8e 100644 --- a/internal/sessions/queryparam/middleware_test.go +++ b/internal/sessions/queryparam/middleware_test.go @@ -12,8 +12,8 @@ import ( "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/pkg/cryptutil" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" - "gopkg.in/square/go-jose.v2/jwt" ) func testAuthorizer(next http.Handler) http.Handler { diff --git a/internal/sessions/state.go b/internal/sessions/state.go index a623ca3f3..950761499 100644 --- a/internal/sessions/state.go +++ b/internal/sessions/state.go @@ -6,7 +6,7 @@ import ( "fmt" "time" - "gopkg.in/square/go-jose.v2/jwt" + "github.com/go-jose/go-jose/v3/jwt" ) // ErrMissingID is the error for a session state that has no ID set. diff --git a/internal/sessions/state_test.go b/internal/sessions/state_test.go index 11670d54f..3c67607cd 100644 --- a/internal/sessions/state_test.go +++ b/internal/sessions/state_test.go @@ -5,9 +5,9 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" "golang.org/x/oauth2" - "gopkg.in/square/go-jose.v2/jwt" ) func TestState_IsExpired(t *testing.T) { diff --git a/pkg/cryptutil/jose.go b/pkg/cryptutil/jose.go index a2012af3f..25fb0a2f9 100644 --- a/pkg/cryptutil/jose.go +++ b/pkg/cryptutil/jose.go @@ -10,8 +10,8 @@ import ( "encoding/pem" "fmt" + "github.com/go-jose/go-jose/v3" "github.com/hashicorp/go-multierror" - "gopkg.in/square/go-jose.v2" ) // PrivateJWKFromBytes returns a jose JSON Web _Private_ Key from bytes. diff --git a/pkg/cryptutil/jose_test.go b/pkg/cryptutil/jose_test.go index 75207877c..5d7c6eb48 100644 --- a/pkg/cryptutil/jose_test.go +++ b/pkg/cryptutil/jose_test.go @@ -5,8 +5,8 @@ import ( "encoding/json" "testing" + "github.com/go-jose/go-jose/v3" "github.com/google/go-cmp/cmp" - "gopkg.in/square/go-jose.v2" ) func TestPrivateJWKFromBytes(t *testing.T) { diff --git a/pkg/grpcutil/options.go b/pkg/grpcutil/options.go index eafdf5a4b..77873671d 100644 --- a/pkg/grpcutil/options.go +++ b/pkg/grpcutil/options.go @@ -5,11 +5,11 @@ import ( "encoding/base64" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) // WithStreamSignedJWT returns a StreamClientInterceptor that adds a JWT to requests. diff --git a/proxy/forward_auth_test.go b/proxy/forward_auth_test.go index bf473dbbb..3bfc4946e 100644 --- a/proxy/forward_auth_test.go +++ b/proxy/forward_auth_test.go @@ -9,11 +9,11 @@ import ( "time" envoy_service_auth_v2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc" "google.golang.org/grpc/codes" - "gopkg.in/square/go-jose.v2/jwt" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/encoding" diff --git a/proxy/handlers_test.go b/proxy/handlers_test.go index ae9a0212b..d35c051dc 100644 --- a/proxy/handlers_test.go +++ b/proxy/handlers_test.go @@ -21,9 +21,9 @@ import ( "github.com/pomerium/pomerium/internal/urlutil" "github.com/pomerium/pomerium/pkg/cryptutil" + "github.com/go-jose/go-jose/v3/jwt" "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" - "gopkg.in/square/go-jose.v2/jwt" ) const goodEncryptionString = "KBEjQ9rnCxaAX-GOqetGw9ivEQURqts3zZ2mNGy0wnVa3SbtM399KlBq2nZ-9wM21FfsZX52er4jlmC7kPEKM3P7uZ41zR0zeys1-_74a5tQp-vsf1WXZfRsgVOuBcWPkMiWEoc379JFHxGDudp5VhU8B-dcQt4f3_PtLTHARkuH54io1Va2gNMq4Hiy8sQ1MPGCQeltH_JMzzdDpXdmdusWrXUvCGkba24muvAV06D8XRVJj6Iu9eK94qFnqcHc7wzziEbb8ADBues9dwbtb6jl8vMWz5rN6XvXqA5YpZv_MQZlsrO4oXFFQDevdgB84cX1tVbVu6qZvK_yQBZqzpOjWA9uIaoSENMytoXuWAlFO_sXjswfX8JTNdGwzB7qQRNPqxVG_sM_tzY3QhPm8zqwEzsXG5DokxZfVt2I5WJRUEovFDb4BnK9KFnnkEzLEdMudixVnXeGmTtycgJvoTeTCQRPfDYkcgJ7oKf4tGea-W7z5UAVa2RduJM9ZoM6YtJX7jgDm__PvvqcE0knJUF87XHBzdcOjoDF-CUze9xDJgNBlvPbJqVshKrwoqSYpePSDH9GUCNKxGequW3Ma8GvlFfhwd0rK6IZG-XWkyk0XSWQIGkDSjAvhB1wsOusCCguDjbpVZpaW5MMyTkmx68pl6qlIKT5UCcrVPl4ix5ZEj91mUDF0O1t04haD7VZuLVFXVGmqtFrBKI76sdYN-zkokaa1_chPRTyqMQFlqu_8LD6-RiK3UccGM-dEmnX72i91NP9F9OK0WJr9Cheup1C_P0mjqAO4Cb8oIHm0Oxz_mRqv5QbTGJtb3xwPLPuVjVCiE4gGBcuU2ixpSVf5HUF7y1KicVMCKiX9ATCBtg8sTdQZQnPEtHcHHAvdsnDVwev1LGfqA-Gdvg="