diff --git a/.github/workflows/go.yaml b/.github/workflows/test.yaml similarity index 70% rename from .github/workflows/go.yaml rename to .github/workflows/test.yaml index c33f2eb..fbfb276 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,4 @@ -name: Go +name: Test on: push: @@ -11,27 +11,27 @@ jobs: name: Test runs-on: ubuntu-latest timeout-minutes: 5 + strategy: + matrix: + go-version: ['1.24', '1.25'] steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: submodules: recursive - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v6 with: - go-version: ^1 - - - name: Install tools - run: brew install mkcert staticcheck + go-version: ${{ matrix.go-version }} - name: Vet run: go vet ./... - - name: Staticcheck - run: staticcheck ./... - - name: Test + run: go test -v ./... + + - name: Test with race detector run: go test -v -race ./... - name: Test without cgo diff --git a/ca.go b/ca.go index 8318761..255c498 100644 --- a/ca.go +++ b/ca.go @@ -6,7 +6,6 @@ import ( "encoding/pem" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "runtime" @@ -60,7 +59,7 @@ func CAPEM() (cert []byte, key []byte, err error) { if !pathExists(caPath) { return nil, nil, fmt.Errorf("no CA certificate located at: %s", caPath) } - cert, err = ioutil.ReadFile(caPath) + cert, err = os.ReadFile(caPath) if err != nil { return nil, nil, err } @@ -69,7 +68,7 @@ func CAPEM() (cert []byte, key []byte, err error) { if !pathExists(keyPath) { return nil, nil, fmt.Errorf("no CA key located at: %s", keyPath) } - key, err = ioutil.ReadFile(keyPath) + key, err = os.ReadFile(keyPath) if err != nil { return nil, nil, err } diff --git a/cert.go b/cert.go index d6820b3..5fd855a 100644 --- a/cert.go +++ b/cert.go @@ -93,7 +93,7 @@ func PEM(sans ...string) (cert []byte, key []byte, err error) { signKey = caKey } - b, err := x509.CreateCertificate(zeroes{}, template, parent, priv.Public(), signKey) + b, err := x509.CreateCertificate(ones{}, template, parent, priv.Public(), signKey) if err != nil { return nil, nil, fmt.Errorf("failed to create certificate: %s", err) } @@ -144,15 +144,15 @@ func notBeforeOrAfter(now time.Time) (time.Time, time.Time) { // Key returns a P-256 ECDSA private key generated WITHOUT randomess. func Key() (priv *ecdsa.PrivateKey, err error) { curve := elliptic.P256() - return ecdsa.GenerateKey(curve, zeroes{}) + return ecdsa.GenerateKey(curve, ones{}) } // For deterministic output. Do NOT do this for any real server. -type zeroes struct{} +type ones struct{} -func (z zeroes) Read(p []byte) (n int, err error) { +func (ones) Read(p []byte) (n int, err error) { for i := range p { - p[i] = 0 + p[i] = 1 } return len(p), nil } diff --git a/cert_test.go b/cert_test.go index 716b6a8..230db66 100644 --- a/cert_test.go +++ b/cert_test.go @@ -6,7 +6,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" + "io" "net/http" "net/http/httptest" "os" @@ -29,8 +29,8 @@ func TestUnsigned(t *testing.T) { wantSHA string wantErr bool }{ - {"computer.local", []string{"computer.local"}, []string{"computer.local"}, "cd53416a4bbf741a3d2156369ead968ee16dfdb804f44dffe573ed19912ed9f5", false}, - {"local SANs + computer.local", append(LocalSANs(), "computer.local"), append(LocalSANs(), "computer.local"), "2280d8a21afaf8b3a08c905c98a1e33c4656367233250a6820f0a24bbdb85698", false}, + {"computer.local", []string{"computer.local"}, []string{"computer.local"}, "6fc67759f0c2d5e5b21c510ebfe3485c07f7fd3d3d2fb398a26fe4a174599ccf", false}, + {"local SANs + computer.local", append(LocalSANs(), "computer.local"), append(LocalSANs(), "computer.local"), "bd697fd807f73b6e30699469f6e2ddbbf34520082a9d7b2c5bd6fa0692d6520c", false}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -58,7 +58,7 @@ func TestUnsigned(t *testing.T) { } cert, err := x509.ParseCertificate(block.Bytes) if err != nil { - t.Fatalf("failed to parse certificate: " + err.Error()) + t.Fatalf("failed to parse certificate: %s", err.Error()) } // Verify certificate is valid for all expected names @@ -69,7 +69,7 @@ func TestUnsigned(t *testing.T) { } if _, err := cert.Verify(opts); err != nil { - t.Errorf("failed to verify certificate: " + err.Error()) + t.Errorf("failed to verify certificate: %s", err.Error()) } } }) @@ -85,7 +85,7 @@ func TestSigned(t *testing.T) { caCert, _, err := CA() if err != nil { - cmd := exec.Command("mkcert") + cmd := exec.Command("go", "tool", "filippo.io/mkcert", "-install") err := cmd.Run() if err != nil { t.Fatal(err) @@ -122,7 +122,7 @@ func TestSigned(t *testing.T) { } cert, err := x509.ParseCertificate(block.Bytes) if err != nil { - t.Fatalf("failed to parse certificate: " + err.Error()) + t.Fatalf("failed to parse certificate: %s", err.Error()) } // Verify certificate is valid for all expected names @@ -133,7 +133,7 @@ func TestSigned(t *testing.T) { } if _, err := cert.Verify(opts); err != nil { - t.Errorf("failed to verify certificate: " + err.Error()) + t.Errorf("failed to verify certificate: %s", err.Error()) } } }) @@ -179,7 +179,7 @@ func TestServeCert(t *testing.T) { t.Fatal(err) } defer resp.Body.Close() - b, err := ioutil.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) if err != nil { t.Fatal(err) } diff --git a/go.mod b/go.mod index 678a06c..318d1b4 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,14 @@ module github.com/alta/insecure -go 1.15 +go 1.24 + +tool filippo.io/mkcert + +require ( + filippo.io/mkcert v1.4.4 // indirect + golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect + golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 // indirect + golang.org/x/text v0.3.7 // indirect + howett.net/plist v1.0.0 // indirect + software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect +) diff --git a/go.sum b/go.sum index e69de29..53d3922 100644 --- a/go.sum +++ b/go.sum @@ -0,0 +1,22 @@ +filippo.io/mkcert v1.4.4 h1:8eVbbwfVlaqUM7OwuftKc2nuYOoTDQWqsoXmzoXZdbc= +filippo.io/mkcert v1.4.4/go.mod h1:VyvOchVuAye3BoUsPUOOofKygVwLV2KQMVFJNRq+1dA= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 h1:yssD99+7tqHWO5Gwh81phT+67hg+KttniBr6UnEXOY8= +golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= +howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= +howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= +software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE= +software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ=