Update dependencies (#5518)
This commit is contained in:
hongming
110
vendor/github.com/open-policy-agent/opa/topdown/crypto.go
generated
vendored
110
vendor/github.com/open-policy-agent/opa/topdown/crypto.go
generated
vendored
@@ -17,7 +17,6 @@ import (
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"hash"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
@@ -42,24 +41,28 @@ const (
|
||||
blockTypePrivateKey = "PRIVATE KEY"
|
||||
)
|
||||
|
||||
func builtinCryptoX509ParseCertificates(a ast.Value) (ast.Value, error) {
|
||||
input, err := builtins.StringOperand(a, 1)
|
||||
func builtinCryptoX509ParseCertificates(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
input, err := builtins.StringOperand(operands[0].Value, 1)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
certs, err := getX509CertsFromString(string(input))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
return ast.InterfaceToValue(certs)
|
||||
v, err := ast.InterfaceToValue(certs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return iter(ast.NewTerm(v))
|
||||
}
|
||||
|
||||
func builtinCryptoX509ParseAndVerifyCertificates(
|
||||
_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinCryptoX509ParseAndVerifyCertificates(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
|
||||
a := args[0].Value
|
||||
a := operands[0].Value
|
||||
input, err := builtins.StringOperand(a, 1)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -93,11 +96,10 @@ func builtinCryptoX509ParseAndVerifyCertificates(
|
||||
return iter(valid)
|
||||
}
|
||||
|
||||
func builtinCryptoX509ParseCertificateRequest(a ast.Value) (ast.Value, error) {
|
||||
|
||||
input, err := builtins.StringOperand(a, 1)
|
||||
func builtinCryptoX509ParseCertificateRequest(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
input, err := builtins.StringOperand(operands[0].Value, 1)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
// data to be passed to x509.ParseCertificateRequest
|
||||
@@ -107,13 +109,13 @@ func builtinCryptoX509ParseCertificateRequest(a ast.Value) (ast.Value, error) {
|
||||
if str := string(input); !strings.HasPrefix(str, "-----BEGIN CERTIFICATE REQUEST-----") {
|
||||
bytes, err = base64.StdEncoding.DecodeString(str)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
p, _ := pem.Decode(bytes)
|
||||
if p != nil && p.Type != blockTypeCertificateRequest {
|
||||
return nil, fmt.Errorf("invalid PEM-encoded certificate signing request")
|
||||
return fmt.Errorf("invalid PEM-encoded certificate signing request")
|
||||
}
|
||||
if p != nil {
|
||||
bytes = p.Bytes
|
||||
@@ -121,24 +123,30 @@ func builtinCryptoX509ParseCertificateRequest(a ast.Value) (ast.Value, error) {
|
||||
|
||||
csr, err := x509.ParseCertificateRequest(bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
bs, err := json.Marshal(csr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
var x interface{}
|
||||
if err := util.UnmarshalJSON(bs, &x); err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
return ast.InterfaceToValue(x)
|
||||
|
||||
v, err := ast.InterfaceToValue(x)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return iter(ast.NewTerm(v))
|
||||
}
|
||||
|
||||
func builtinCryptoX509ParseRSAPrivateKey(_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
func builtinCryptoX509ParseRSAPrivateKey(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
|
||||
a := args[0].Value
|
||||
a := operands[0].Value
|
||||
input, err := builtins.StringOperand(a, 1)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -181,26 +189,38 @@ func hashHelper(a ast.Value, h func(ast.String) string) (ast.Value, error) {
|
||||
return ast.String(h(s)), nil
|
||||
}
|
||||
|
||||
func builtinCryptoMd5(a ast.Value) (ast.Value, error) {
|
||||
return hashHelper(a, func(s ast.String) string { return fmt.Sprintf("%x", md5.Sum([]byte(s))) })
|
||||
func builtinCryptoMd5(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", md5.Sum([]byte(s))) })
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return iter(ast.NewTerm(res))
|
||||
}
|
||||
|
||||
func builtinCryptoSha1(a ast.Value) (ast.Value, error) {
|
||||
return hashHelper(a, func(s ast.String) string { return fmt.Sprintf("%x", sha1.Sum([]byte(s))) })
|
||||
func builtinCryptoSha1(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", sha1.Sum([]byte(s))) })
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return iter(ast.NewTerm(res))
|
||||
}
|
||||
|
||||
func builtinCryptoSha256(a ast.Value) (ast.Value, error) {
|
||||
return hashHelper(a, func(s ast.String) string { return fmt.Sprintf("%x", sha256.Sum256([]byte(s))) })
|
||||
func builtinCryptoSha256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
res, err := hashHelper(operands[0].Value, func(s ast.String) string { return fmt.Sprintf("%x", sha256.Sum256([]byte(s))) })
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return iter(ast.NewTerm(res))
|
||||
}
|
||||
|
||||
func hmacHelper(args []*ast.Term, iter func(*ast.Term) error, h func() hash.Hash) error {
|
||||
a1 := args[0].Value
|
||||
func hmacHelper(operands []*ast.Term, iter func(*ast.Term) error, h func() hash.Hash) error {
|
||||
a1 := operands[0].Value
|
||||
message, err := builtins.StringOperand(a1, 1)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
a2 := args[1].Value
|
||||
a2 := operands[1].Value
|
||||
key, err := builtins.StringOperand(a2, 2)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -213,29 +233,29 @@ func hmacHelper(args []*ast.Term, iter func(*ast.Term) error, h func() hash.Hash
|
||||
return iter(ast.StringTerm(fmt.Sprintf("%x", messageDigest)))
|
||||
}
|
||||
|
||||
func builtinCryptoHmacMd5(_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(args, iter, md5.New)
|
||||
func builtinCryptoHmacMd5(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(operands, iter, md5.New)
|
||||
}
|
||||
|
||||
func builtinCryptoHmacSha1(_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(args, iter, sha1.New)
|
||||
func builtinCryptoHmacSha1(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(operands, iter, sha1.New)
|
||||
}
|
||||
|
||||
func builtinCryptoHmacSha256(_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(args, iter, sha256.New)
|
||||
func builtinCryptoHmacSha256(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(operands, iter, sha256.New)
|
||||
}
|
||||
|
||||
func builtinCryptoHmacSha512(_ BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(args, iter, sha512.New)
|
||||
func builtinCryptoHmacSha512(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
|
||||
return hmacHelper(operands, iter, sha512.New)
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterFunctionalBuiltin1(ast.CryptoX509ParseCertificates.Name, builtinCryptoX509ParseCertificates)
|
||||
RegisterBuiltinFunc(ast.CryptoX509ParseCertificates.Name, builtinCryptoX509ParseCertificates)
|
||||
RegisterBuiltinFunc(ast.CryptoX509ParseAndVerifyCertificates.Name, builtinCryptoX509ParseAndVerifyCertificates)
|
||||
RegisterFunctionalBuiltin1(ast.CryptoMd5.Name, builtinCryptoMd5)
|
||||
RegisterFunctionalBuiltin1(ast.CryptoSha1.Name, builtinCryptoSha1)
|
||||
RegisterFunctionalBuiltin1(ast.CryptoSha256.Name, builtinCryptoSha256)
|
||||
RegisterFunctionalBuiltin1(ast.CryptoX509ParseCertificateRequest.Name, builtinCryptoX509ParseCertificateRequest)
|
||||
RegisterBuiltinFunc(ast.CryptoMd5.Name, builtinCryptoMd5)
|
||||
RegisterBuiltinFunc(ast.CryptoSha1.Name, builtinCryptoSha1)
|
||||
RegisterBuiltinFunc(ast.CryptoSha256.Name, builtinCryptoSha256)
|
||||
RegisterBuiltinFunc(ast.CryptoX509ParseCertificateRequest.Name, builtinCryptoX509ParseCertificateRequest)
|
||||
RegisterBuiltinFunc(ast.CryptoX509ParseRSAPrivateKey.Name, builtinCryptoX509ParseRSAPrivateKey)
|
||||
RegisterBuiltinFunc(ast.CryptoHmacMd5.Name, builtinCryptoHmacMd5)
|
||||
RegisterBuiltinFunc(ast.CryptoHmacSha1.Name, builtinCryptoHmacSha1)
|
||||
@@ -401,7 +421,7 @@ func addCACertsFromEnv(pool *x509.CertPool, envName string) (*x509.CertPool, err
|
||||
// ReadCertFromFile reads a cert from file
|
||||
func readCertFromFile(localCertFile string) ([]byte, error) {
|
||||
// Read in the cert file
|
||||
certPEM, err := ioutil.ReadFile(localCertFile)
|
||||
certPEM, err := os.ReadFile(localCertFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -411,7 +431,7 @@ func readCertFromFile(localCertFile string) ([]byte, error) {
|
||||
// ReadKeyFromFile reads a key from file
|
||||
func readKeyFromFile(localKeyFile string) ([]byte, error) {
|
||||
// Read in the cert file
|
||||
key, err := ioutil.ReadFile(localKeyFile)
|
||||
key, err := os.ReadFile(localKeyFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user