diff --git a/authenticate/authenticate.go b/authenticate/authenticate.go index 51040dc68..3be0b0c6a 100644 --- a/authenticate/authenticate.go +++ b/authenticate/authenticate.go @@ -14,7 +14,6 @@ import ( "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" "github.com/pomerium/pomerium/internal/encoding/ecjson" "github.com/pomerium/pomerium/internal/encoding/jws" @@ -28,6 +27,7 @@ import ( "github.com/pomerium/pomerium/internal/sessions/header" "github.com/pomerium/pomerium/internal/sessions/queryparam" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc" "github.com/pomerium/pomerium/pkg/grpc/databroker" "github.com/pomerium/pomerium/pkg/grpc/session" diff --git a/authenticate/handlers.go b/authenticate/handlers.go index 3854877ab..d530b47b9 100644 --- a/authenticate/handlers.go +++ b/authenticate/handlers.go @@ -19,7 +19,6 @@ import ( "golang.org/x/oauth2" "google.golang.org/protobuf/types/known/timestamppb" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/identity/manager" "github.com/pomerium/pomerium/internal/identity/oidc" @@ -28,6 +27,7 @@ import ( "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/internal/telemetry/trace" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc/directory" "github.com/pomerium/pomerium/pkg/grpc/session" "github.com/pomerium/pomerium/pkg/grpc/user" diff --git a/authenticate/handlers_test.go b/authenticate/handlers_test.go index 8be62fbcd..220d6d09c 100644 --- a/authenticate/handlers_test.go +++ b/authenticate/handlers_test.go @@ -14,7 +14,6 @@ import ( "google.golang.org/grpc" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" "github.com/pomerium/pomerium/internal/encoding/jws" "github.com/pomerium/pomerium/internal/encoding/mock" @@ -26,6 +25,7 @@ import ( "github.com/pomerium/pomerium/internal/sessions/cookie" mstore "github.com/pomerium/pomerium/internal/sessions/mock" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc/databroker" "github.com/pomerium/pomerium/pkg/grpc/session" diff --git a/authorize/authorize.go b/authorize/authorize.go index ac8181fb8..37ae18903 100644 --- a/authorize/authorize.go +++ b/authorize/authorize.go @@ -11,7 +11,6 @@ import ( "github.com/pomerium/pomerium/authorize/evaluator" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" "github.com/pomerium/pomerium/internal/encoding/jws" "github.com/pomerium/pomerium/internal/frontend" @@ -19,6 +18,7 @@ import ( "github.com/pomerium/pomerium/internal/telemetry/metrics" "github.com/pomerium/pomerium/internal/telemetry/trace" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc" "github.com/pomerium/pomerium/pkg/grpc/databroker" ) diff --git a/authorize/evaluator/evaluator.go b/authorize/evaluator/evaluator.go index 1b2a5de3b..3bee9423e 100644 --- a/authorize/evaluator/evaluator.go +++ b/authorize/evaluator/evaluator.go @@ -22,9 +22,9 @@ import ( "gopkg.in/square/go-jose.v2" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/directory" "github.com/pomerium/pomerium/internal/log" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc/databroker" "github.com/pomerium/pomerium/pkg/grpc/session" "github.com/pomerium/pomerium/pkg/grpc/user" diff --git a/cache/cache.go b/cache/cache.go index 10f591945..3deeb1c2c 100644 --- a/cache/cache.go +++ b/cache/cache.go @@ -12,12 +12,12 @@ import ( "gopkg.in/tomb.v2" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/directory" "github.com/pomerium/pomerium/internal/identity" "github.com/pomerium/pomerium/internal/identity/manager" "github.com/pomerium/pomerium/internal/telemetry" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc/databroker" "github.com/pomerium/pomerium/pkg/grpc/session" "github.com/pomerium/pomerium/pkg/grpc/user" diff --git a/cache/cache_test.go b/cache/cache_test.go index 500136781..e3c7cca94 100644 --- a/cache/cache_test.go +++ b/cache/cache_test.go @@ -8,7 +8,7 @@ import ( "testing" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) func TestNew(t *testing.T) { diff --git a/cache/memberlist_test.go b/cache/memberlist_test.go index bd7360a8c..7f8791f05 100644 --- a/cache/memberlist_test.go +++ b/cache/memberlist_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/require" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) func TestCache_runMemberList(t *testing.T) { diff --git a/config/options.go b/config/options.go index 02d3016ff..81263d85e 100644 --- a/config/options.go +++ b/config/options.go @@ -20,12 +20,12 @@ import ( "github.com/spf13/viper" "gopkg.in/yaml.v2" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/identity/oauth" "github.com/pomerium/pomerium/internal/log" "github.com/pomerium/pomerium/internal/telemetry" "github.com/pomerium/pomerium/internal/telemetry/metrics" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) // DisableHeaderKey is the key used to check whether to disable setting header diff --git a/config/policy.go b/config/policy.go index 8ef515967..3d3ab51a9 100644 --- a/config/policy.go +++ b/config/policy.go @@ -12,8 +12,8 @@ import ( "github.com/cespare/xxhash/v2" "github.com/mitchellh/hashstructure" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) // Policy contains route specific configuration and access settings. diff --git a/go.mod b/go.mod index 43c996470..76db571f4 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( contrib.go.opencensus.io/exporter/jaeger v0.2.0 contrib.go.opencensus.io/exporter/prometheus v0.2.0 contrib.go.opencensus.io/exporter/zipkin v0.1.1 + github.com/btcsuite/btcutil v1.0.2 github.com/caddyserver/certmagic v0.11.2 github.com/cenkalti/backoff/v4 v4.0.2 github.com/cespare/xxhash/v2 v2.1.1 diff --git a/go.sum b/go.sum index c1f80b486..2a6d6ebe2 100644 --- a/go.sum +++ b/go.sum @@ -53,6 +53,7 @@ github.com/OneOfOne/xxhash v1.2.7/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdII github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= @@ -73,6 +74,16 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= +github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= +github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= +github.com/btcsuite/btcutil v1.0.2 h1:9iZ1Terx9fMIOtq1VrwdqfsATL9MC2l8ZrUY6YZ2uts= +github.com/btcsuite/btcutil v1.0.2/go.mod h1:j9HUFwoQRsZL3V4n+qG+CUnEGHOarIxfC3Le2Yhbcts= +github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg= +github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY= +github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc= +github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY= +github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs= github.com/caddyserver/certmagic v0.11.2 h1:nPBqyuFNHJEf2FwC1ixJjArtTKWyPqpaH6k4jl7gxYI= github.com/caddyserver/certmagic v0.11.2/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= @@ -105,6 +116,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -270,9 +282,11 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -287,6 +301,7 @@ github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALr github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= @@ -396,8 +411,6 @@ github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDf github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.2.1/go.mod h1:XMU6Z2MjaRKVu/dC1qupJI9SiNkDYzz3xecMgSW/F+U= -github.com/prometheus/client_golang v1.7.0 h1:wCi7urQOGBsYcQROHqpUUX4ct84xp40t9R9JX0FuA/U= -github.com/prometheus/client_golang v1.7.0/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -521,6 +534,7 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -531,9 +545,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= -golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -594,8 +607,6 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9 h1:pNX+40auqi2JqRfOP1akLGtYcn15TUbkhwuCO3foqqM= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -749,8 +760,6 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb h1:PUcq6RTy8Gp9xukBme8m2+2Z8pQCmJ7TbPpQd6xNDvk= -google.golang.org/genproto v0.0.0-20200623002339-fbb79eadd5eb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5 h1:a/Sqq5B3dGnmxhuJZIHFsIxhEkqElErr5TaU6IqBAj0= google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -765,8 +774,6 @@ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0 h1:M5a8xTlYTxwMn5ZFkwhRabsygDY5G8TYLyQDBxJNAxE= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= diff --git a/internal/controlplane/xds_cluster_test.go b/internal/controlplane/xds_cluster_test.go index 57e64a42d..98322e901 100644 --- a/internal/controlplane/xds_cluster_test.go +++ b/internal/controlplane/xds_cluster_test.go @@ -9,8 +9,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/testutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) func Test_buildPolicyTransportSocket(t *testing.T) { diff --git a/internal/controlplane/xds_listeners.go b/internal/controlplane/xds_listeners.go index 8ba6067b2..65b27675c 100644 --- a/internal/controlplane/xds_listeners.go +++ b/internal/controlplane/xds_listeners.go @@ -20,8 +20,8 @@ import ( "google.golang.org/protobuf/types/known/emptypb" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/log" + "github.com/pomerium/pomerium/pkg/cryptutil" ) var disableExtAuthz *any.Any diff --git a/internal/controlplane/xds_listeners_test.go b/internal/controlplane/xds_listeners_test.go index 7d39fd21b..39ebdd93a 100644 --- a/internal/controlplane/xds_listeners_test.go +++ b/internal/controlplane/xds_listeners_test.go @@ -10,8 +10,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/testutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) const ( diff --git a/internal/encoding/ecjson/ecjson.go b/internal/encoding/ecjson/ecjson.go index 7d682d493..f73e574f6 100644 --- a/internal/encoding/ecjson/ecjson.go +++ b/internal/encoding/ecjson/ecjson.go @@ -10,8 +10,8 @@ import ( "fmt" "io" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" + "github.com/pomerium/pomerium/pkg/cryptutil" ) // EncryptedCompressedJSON implements SecureEncoder for JSON using an AEAD cipher. diff --git a/internal/sessions/cookie/cookie_store_test.go b/internal/sessions/cookie/cookie_store_test.go index 189452a37..d84859a1a 100644 --- a/internal/sessions/cookie/cookie_store_test.go +++ b/internal/sessions/cookie/cookie_store_test.go @@ -9,11 +9,11 @@ import ( "testing" "time" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" "github.com/pomerium/pomerium/internal/encoding/ecjson" "github.com/pomerium/pomerium/internal/encoding/mock" "github.com/pomerium/pomerium/internal/sessions" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" diff --git a/internal/sessions/cookie/middleware_test.go b/internal/sessions/cookie/middleware_test.go index 0e6eaeed1..2b49bd680 100644 --- a/internal/sessions/cookie/middleware_test.go +++ b/internal/sessions/cookie/middleware_test.go @@ -13,8 +13,8 @@ import ( "github.com/google/go-cmp/cmp" "gopkg.in/square/go-jose.v2/jwt" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding/ecjson" + "github.com/pomerium/pomerium/pkg/cryptutil" ) func testAuthorizer(next http.Handler) http.Handler { diff --git a/internal/sessions/header/middleware_test.go b/internal/sessions/header/middleware_test.go index 9f8bf2854..b0dc09137 100644 --- a/internal/sessions/header/middleware_test.go +++ b/internal/sessions/header/middleware_test.go @@ -8,9 +8,9 @@ import ( "testing" "time" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding/ecjson" "github.com/pomerium/pomerium/internal/sessions" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/google/go-cmp/cmp" "gopkg.in/square/go-jose.v2/jwt" diff --git a/internal/sessions/middleware_test.go b/internal/sessions/middleware_test.go index adf58dac0..10640e14d 100644 --- a/internal/sessions/middleware_test.go +++ b/internal/sessions/middleware_test.go @@ -12,10 +12,10 @@ import ( "github.com/google/go-cmp/cmp" "gopkg.in/square/go-jose.v2/jwt" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding/jws" "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/internal/sessions/mock" + "github.com/pomerium/pomerium/pkg/cryptutil" ) func TestNewContext(t *testing.T) { diff --git a/internal/sessions/queryparam/middleware_test.go b/internal/sessions/queryparam/middleware_test.go index 862403a42..29a624250 100644 --- a/internal/sessions/queryparam/middleware_test.go +++ b/internal/sessions/queryparam/middleware_test.go @@ -8,9 +8,9 @@ import ( "testing" "time" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding/ecjson" "github.com/pomerium/pomerium/internal/sessions" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/google/go-cmp/cmp" "gopkg.in/square/go-jose.v2/jwt" diff --git a/internal/urlutil/signed.go b/internal/urlutil/signed.go index 5ce3b080f..b8022ee47 100644 --- a/internal/urlutil/signed.go +++ b/internal/urlutil/signed.go @@ -7,7 +7,7 @@ import ( "strconv" "time" - "github.com/pomerium/pomerium/internal/cryptutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) // SignedURL is a shared-key HMAC wrapped URL. diff --git a/internal/cryptutil/certificates.go b/pkg/cryptutil/certificates.go similarity index 100% rename from internal/cryptutil/certificates.go rename to pkg/cryptutil/certificates.go diff --git a/internal/cryptutil/certificates_test.go b/pkg/cryptutil/certificates_test.go similarity index 100% rename from internal/cryptutil/certificates_test.go rename to pkg/cryptutil/certificates_test.go diff --git a/internal/cryptutil/doc.go b/pkg/cryptutil/doc.go similarity index 100% rename from internal/cryptutil/doc.go rename to pkg/cryptutil/doc.go diff --git a/internal/cryptutil/encrypt.go b/pkg/cryptutil/encrypt.go similarity index 100% rename from internal/cryptutil/encrypt.go rename to pkg/cryptutil/encrypt.go diff --git a/internal/cryptutil/encrypt_test.go b/pkg/cryptutil/encrypt_test.go similarity index 100% rename from internal/cryptutil/encrypt_test.go rename to pkg/cryptutil/encrypt_test.go diff --git a/internal/cryptutil/hash.go b/pkg/cryptutil/hash.go similarity index 100% rename from internal/cryptutil/hash.go rename to pkg/cryptutil/hash.go diff --git a/internal/cryptutil/hash_test.go b/pkg/cryptutil/hash_test.go similarity index 100% rename from internal/cryptutil/hash_test.go rename to pkg/cryptutil/hash_test.go diff --git a/internal/cryptutil/helpers.go b/pkg/cryptutil/helpers.go similarity index 100% rename from internal/cryptutil/helpers.go rename to pkg/cryptutil/helpers.go diff --git a/internal/cryptutil/helpers_test.go b/pkg/cryptutil/helpers_test.go similarity index 100% rename from internal/cryptutil/helpers_test.go rename to pkg/cryptutil/helpers_test.go diff --git a/internal/cryptutil/hmac.go b/pkg/cryptutil/hmac.go similarity index 100% rename from internal/cryptutil/hmac.go rename to pkg/cryptutil/hmac.go diff --git a/internal/cryptutil/hmac_test.go b/pkg/cryptutil/hmac_test.go similarity index 100% rename from internal/cryptutil/hmac_test.go rename to pkg/cryptutil/hmac_test.go diff --git a/internal/cryptutil/jose.go b/pkg/cryptutil/jose.go similarity index 100% rename from internal/cryptutil/jose.go rename to pkg/cryptutil/jose.go diff --git a/internal/cryptutil/jose_test.go b/pkg/cryptutil/jose_test.go similarity index 100% rename from internal/cryptutil/jose_test.go rename to pkg/cryptutil/jose_test.go diff --git a/internal/cryptutil/sign.go b/pkg/cryptutil/sign.go similarity index 100% rename from internal/cryptutil/sign.go rename to pkg/cryptutil/sign.go diff --git a/internal/cryptutil/sign_test.go b/pkg/cryptutil/sign_test.go similarity index 100% rename from internal/cryptutil/sign_test.go rename to pkg/cryptutil/sign_test.go diff --git a/internal/cryptutil/testdata/ca.pem b/pkg/cryptutil/testdata/ca.pem similarity index 100% rename from internal/cryptutil/testdata/ca.pem rename to pkg/cryptutil/testdata/ca.pem diff --git a/internal/cryptutil/testdata/example-cert.pem b/pkg/cryptutil/testdata/example-cert.pem similarity index 95% rename from internal/cryptutil/testdata/example-cert.pem rename to pkg/cryptutil/testdata/example-cert.pem index 4952c7ed2..e0bf7db58 100644 --- a/internal/cryptutil/testdata/example-cert.pem +++ b/pkg/cryptutil/testdata/example-cert.pem @@ -8,4 +8,4 @@ BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc 6MF9+Yw1Yy0t ------END CERTIFICATE----- \ No newline at end of file +-----END CERTIFICATE----- diff --git a/internal/cryptutil/testdata/example-key.pem b/pkg/cryptutil/testdata/example-key.pem similarity index 87% rename from internal/cryptutil/testdata/example-key.pem rename to pkg/cryptutil/testdata/example-key.pem index 4a29bb379..104fb099f 100644 --- a/internal/cryptutil/testdata/example-key.pem +++ b/pkg/cryptutil/testdata/example-key.pem @@ -2,4 +2,4 @@ MHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49 AwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q EKTcWGekdmdDPsHloRNtsiCa697B2O9IFA== ------END EC PRIVATE KEY----- \ No newline at end of file +-----END EC PRIVATE KEY----- diff --git a/internal/cryptutil/testdata/random b/pkg/cryptutil/testdata/random similarity index 100% rename from internal/cryptutil/testdata/random rename to pkg/cryptutil/testdata/random diff --git a/internal/cryptutil/tls.go b/pkg/cryptutil/tls.go similarity index 100% rename from internal/cryptutil/tls.go rename to pkg/cryptutil/tls.go diff --git a/internal/cryptutil/tls_test.go b/pkg/cryptutil/tls_test.go similarity index 100% rename from internal/cryptutil/tls_test.go rename to pkg/cryptutil/tls_test.go diff --git a/pkg/cryptutil/token.go b/pkg/cryptutil/token.go new file mode 100644 index 000000000..2491a15e1 --- /dev/null +++ b/pkg/cryptutil/token.go @@ -0,0 +1,68 @@ +package cryptutil + +import ( + "github.com/btcsuite/btcutil/base58" + "github.com/google/uuid" +) + +// TokenLength is the length of a token. +const TokenLength = 16 + +// A Token is a globally unique identifier. +type Token [TokenLength]byte + +// NewRandomToken returns a new random Token (via a random UUID). +func NewRandomToken() (tok Token) { + bs := uuid.New() + copy(tok[:], bs[:]) + return tok +} + +// TokenFromString parses a base58-encoded string into a token. +func TokenFromString(rawstr string) (tok Token, ok bool) { + result := base58.Decode(rawstr) + if len(result) != TokenLength { + return tok, false + } + copy(tok[:], result[:TokenLength]) + return tok, true +} + +// String returns the Token as a base58-encoded string. +func (tok Token) String() string { + bs := make([]byte, TokenLength) + copy(bs, tok[:]) + return base58.Encode(bs) +} + +// UUID returns the token as a UUID. +func (tok Token) UUID() uuid.UUID { + var id uuid.UUID + copy(id[:], tok[:]) + return id +} + +// A SecretToken is made up of an id and a secret. +type SecretToken struct { + ID Token + Secret Token +} + +// SecretTokenFromString parses a base58-encoded string into a secret token. +func SecretTokenFromString(rawstr string) (tok SecretToken, ok bool) { + result := base58.Decode(rawstr) + if len(result) != TokenLength*2 { + return tok, false + } + copy(tok.ID[:], result[:TokenLength]) + copy(tok.Secret[:], result[TokenLength:]) + return tok, true +} + +// String returns the SecretToken as a base58-encoded string. +func (tok SecretToken) String() string { + bs := make([]byte, TokenLength*2) + copy(bs[:TokenLength], tok.ID[:]) + copy(bs[TokenLength:], tok.Secret[:]) + return base58.Encode(bs) +} diff --git a/pkg/cryptutil/token_test.go b/pkg/cryptutil/token_test.go new file mode 100644 index 000000000..f53c40700 --- /dev/null +++ b/pkg/cryptutil/token_test.go @@ -0,0 +1,64 @@ +package cryptutil + +import ( + "strings" + "testing" + + "github.com/google/uuid" + "github.com/stretchr/testify/assert" +) + +func TestToken_String(t *testing.T) { + v, _ := uuid.Parse("4aa29ffe-d802-4990-9be6-6adb4cd7af59") + tok := Token(v) + assert.Equal(t, "ADYZhBgVmT5Phd31hszpHN", tok.String()) +} + +func TestToken_UUID(t *testing.T) { + v, _ := uuid.Parse("4aa29ffe-d802-4990-9be6-6adb4cd7af59") + tok := Token(v) + assert.Equal(t, v, tok.UUID()) +} + +func TestTokenFromString(t *testing.T) { + v, _ := uuid.Parse("4aa29ffe-d802-4990-9be6-6adb4cd7af59") + tok1 := Token(v) + tok2, ok := TokenFromString("ADYZhBgVmT5Phd31hszpHN") + assert.True(t, ok) + assert.Equal(t, tok1, tok2) + + t.Run("invalid", func(t *testing.T) { + _, ok := TokenFromString("<<>>") + assert.False(t, ok) + }) +} + +func TestNewRandomToken(t *testing.T) { + uuid.SetRand(strings.NewReader("1111111111111111111111111111111")) + defer uuid.SetRand(nil) + + tok := NewRandomToken() + assert.Equal(t, "75KUW8tPVJWUnXBaApZfPE", tok.String()) +} + +func TestSecretToken_String(t *testing.T) { + v1, _ := uuid.Parse("fb297629-e61f-4f1d-bb7e-ece3ed702098") + v2, _ := uuid.Parse("047fb3ad-b1c7-463b-b16c-e41836811cc2") + actual := SecretToken{ + ID: Token(v1), + Secret: Token(v2), + }.String() + assert.Equal(t, "HuS14FdpunfDzMWTwxzuXN5vqHf4H8bAqbwbo98onbjo", actual) + + t.Run("invalid", func(t *testing.T) { + _, ok := SecretTokenFromString("<<>>") + assert.False(t, ok) + }) +} + +func TestSecretTokenFromString(t *testing.T) { + tok, ok := SecretTokenFromString("HuS14FdpunfDzMWTwxzuXN5vqHf4H8bAqbwbo98onbjo") + assert.True(t, ok) + assert.Equal(t, "fb297629-e61f-4f1d-bb7e-ece3ed702098", tok.ID.UUID().String()) + assert.Equal(t, "047fb3ad-b1c7-463b-b16c-e41836811cc2", tok.Secret.UUID().String()) +} diff --git a/proxy/handlers.go b/proxy/handlers.go index c6d6fcb8d..27f0a8e09 100644 --- a/proxy/handlers.go +++ b/proxy/handlers.go @@ -9,11 +9,11 @@ import ( "github.com/gorilla/mux" "github.com/pomerium/csrf" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/httputil" "github.com/pomerium/pomerium/internal/middleware" "github.com/pomerium/pomerium/internal/sessions" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" ) // registerDashboardHandlers returns the proxy service's ServeMux diff --git a/proxy/handlers_test.go b/proxy/handlers_test.go index 16e0e04d8..8a20fb22e 100644 --- a/proxy/handlers_test.go +++ b/proxy/handlers_test.go @@ -11,8 +11,8 @@ import ( "testing" "time" - "github.com/pomerium/pomerium/internal/cryptutil" mstore "github.com/pomerium/pomerium/internal/sessions/mock" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/config" "github.com/pomerium/pomerium/internal/encoding" diff --git a/proxy/proxy.go b/proxy/proxy.go index c0587af2f..a009c1e51 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -18,7 +18,6 @@ import ( "github.com/gorilla/mux" "github.com/pomerium/pomerium/config" - "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/encoding" "github.com/pomerium/pomerium/internal/encoding/jws" "github.com/pomerium/pomerium/internal/frontend" @@ -30,6 +29,7 @@ import ( "github.com/pomerium/pomerium/internal/sessions/queryparam" "github.com/pomerium/pomerium/internal/telemetry/metrics" "github.com/pomerium/pomerium/internal/urlutil" + "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc" )