mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-29 05:11:04 +00:00
Use std methode to get SystemCertPool (#488)
* use std methode to get SystemCertPool * vendor * fix lint
This commit is contained in:
parent
798c2bc8b2
commit
e3033015ae
18 changed files with 5 additions and 5502 deletions
|
@ -2,11 +2,12 @@ package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/jackspirou/syscerts"
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
"golang.org/x/net/proxy"
|
"golang.org/x/net/proxy"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
@ -35,7 +36,8 @@ func NewClient(c *cli.Context) (woodpecker.Client, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// attempt to find system CA certs
|
// attempt to find system CA certs
|
||||||
certs := syscerts.SystemRootsPool()
|
certs, err := x509.SystemCertPool()
|
||||||
|
log.Error().Msgf("failed to find system CA certs: %v", err)
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
RootCAs: certs,
|
RootCAs: certs,
|
||||||
InsecureSkipVerify: skip,
|
InsecureSkipVerify: skip,
|
||||||
|
@ -43,7 +45,7 @@ func NewClient(c *cli.Context) (woodpecker.Client, error) {
|
||||||
|
|
||||||
config := new(oauth2.Config)
|
config := new(oauth2.Config)
|
||||||
client := config.Client(
|
client := config.Client(
|
||||||
oauth2.NoContext,
|
c.Context,
|
||||||
&oauth2.Token{
|
&oauth2.Token{
|
||||||
AccessToken: token,
|
AccessToken: token,
|
||||||
},
|
},
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -29,7 +29,6 @@ require (
|
||||||
github.com/google/go-github/v39 v39.1.0
|
github.com/google/go-github/v39 v39.1.0
|
||||||
github.com/gorilla/securecookie v1.1.1
|
github.com/gorilla/securecookie v1.1.1
|
||||||
github.com/hashicorp/go-version v1.3.0 // indirect
|
github.com/hashicorp/go-version v1.3.0 // indirect
|
||||||
github.com/jackspirou/syscerts v0.0.0-20160531025014-b68f5469dff1
|
|
||||||
github.com/joho/godotenv v1.3.0
|
github.com/joho/godotenv v1.3.0
|
||||||
github.com/json-iterator/go v1.1.12 // indirect
|
github.com/json-iterator/go v1.1.12 // indirect
|
||||||
github.com/kr/pretty v0.3.0
|
github.com/kr/pretty v0.3.0
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -436,8 +436,6 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
|
||||||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||||
github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
|
github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
|
||||||
github.com/jackspirou/syscerts v0.0.0-20160531025014-b68f5469dff1 h1:9Xm8CKtMZIXgcopfdWk/qZ1rt0HjMgfMR9nxxSeK6vk=
|
|
||||||
github.com/jackspirou/syscerts v0.0.0-20160531025014-b68f5469dff1/go.mod h1:zuHl3Hh+e9P6gmBPvcqR1HjkaWHC/csgyskg6IaFKFo=
|
|
||||||
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
||||||
github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
||||||
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
||||||
|
|
24
vendor/github.com/jackspirou/syscerts/.gitignore
generated
vendored
24
vendor/github.com/jackspirou/syscerts/.gitignore
generated
vendored
|
@ -1,24 +0,0 @@
|
||||||
# Compiled Object files, Static and Dynamic libs (Shared Objects)
|
|
||||||
*.o
|
|
||||||
*.a
|
|
||||||
*.so
|
|
||||||
|
|
||||||
# Folders
|
|
||||||
_obj
|
|
||||||
_test
|
|
||||||
|
|
||||||
# Architecture specific extensions/prefixes
|
|
||||||
*.[568vq]
|
|
||||||
[568vq].out
|
|
||||||
|
|
||||||
*.cgo1.go
|
|
||||||
*.cgo2.c
|
|
||||||
_cgo_defun.c
|
|
||||||
_cgo_gotypes.go
|
|
||||||
_cgo_export.*
|
|
||||||
|
|
||||||
_testmain.go
|
|
||||||
|
|
||||||
*.exe
|
|
||||||
*.test
|
|
||||||
*.prof
|
|
201
vendor/github.com/jackspirou/syscerts/LICENSE
generated
vendored
201
vendor/github.com/jackspirou/syscerts/LICENSE
generated
vendored
|
@ -1,201 +0,0 @@
|
||||||
Apache License
|
|
||||||
Version 2.0, January 2004
|
|
||||||
http://www.apache.org/licenses/
|
|
||||||
|
|
||||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
||||||
|
|
||||||
1. Definitions.
|
|
||||||
|
|
||||||
"License" shall mean the terms and conditions for use, reproduction,
|
|
||||||
and distribution as defined by Sections 1 through 9 of this document.
|
|
||||||
|
|
||||||
"Licensor" shall mean the copyright owner or entity authorized by
|
|
||||||
the copyright owner that is granting the License.
|
|
||||||
|
|
||||||
"Legal Entity" shall mean the union of the acting entity and all
|
|
||||||
other entities that control, are controlled by, or are under common
|
|
||||||
control with that entity. For the purposes of this definition,
|
|
||||||
"control" means (i) the power, direct or indirect, to cause the
|
|
||||||
direction or management of such entity, whether by contract or
|
|
||||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
||||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
||||||
|
|
||||||
"You" (or "Your") shall mean an individual or Legal Entity
|
|
||||||
exercising permissions granted by this License.
|
|
||||||
|
|
||||||
"Source" form shall mean the preferred form for making modifications,
|
|
||||||
including but not limited to software source code, documentation
|
|
||||||
source, and configuration files.
|
|
||||||
|
|
||||||
"Object" form shall mean any form resulting from mechanical
|
|
||||||
transformation or translation of a Source form, including but
|
|
||||||
not limited to compiled object code, generated documentation,
|
|
||||||
and conversions to other media types.
|
|
||||||
|
|
||||||
"Work" shall mean the work of authorship, whether in Source or
|
|
||||||
Object form, made available under the License, as indicated by a
|
|
||||||
copyright notice that is included in or attached to the work
|
|
||||||
(an example is provided in the Appendix below).
|
|
||||||
|
|
||||||
"Derivative Works" shall mean any work, whether in Source or Object
|
|
||||||
form, that is based on (or derived from) the Work and for which the
|
|
||||||
editorial revisions, annotations, elaborations, or other modifications
|
|
||||||
represent, as a whole, an original work of authorship. For the purposes
|
|
||||||
of this License, Derivative Works shall not include works that remain
|
|
||||||
separable from, or merely link (or bind by name) to the interfaces of,
|
|
||||||
the Work and Derivative Works thereof.
|
|
||||||
|
|
||||||
"Contribution" shall mean any work of authorship, including
|
|
||||||
the original version of the Work and any modifications or additions
|
|
||||||
to that Work or Derivative Works thereof, that is intentionally
|
|
||||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
||||||
or by an individual or Legal Entity authorized to submit on behalf of
|
|
||||||
the copyright owner. For the purposes of this definition, "submitted"
|
|
||||||
means any form of electronic, verbal, or written communication sent
|
|
||||||
to the Licensor or its representatives, including but not limited to
|
|
||||||
communication on electronic mailing lists, source code control systems,
|
|
||||||
and issue tracking systems that are managed by, or on behalf of, the
|
|
||||||
Licensor for the purpose of discussing and improving the Work, but
|
|
||||||
excluding communication that is conspicuously marked or otherwise
|
|
||||||
designated in writing by the copyright owner as "Not a Contribution."
|
|
||||||
|
|
||||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
||||||
on behalf of whom a Contribution has been received by Licensor and
|
|
||||||
subsequently incorporated within the Work.
|
|
||||||
|
|
||||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
copyright license to reproduce, prepare Derivative Works of,
|
|
||||||
publicly display, publicly perform, sublicense, and distribute the
|
|
||||||
Work and such Derivative Works in Source or Object form.
|
|
||||||
|
|
||||||
3. Grant of Patent License. Subject to the terms and conditions of
|
|
||||||
this License, each Contributor hereby grants to You a perpetual,
|
|
||||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
||||||
(except as stated in this section) patent license to make, have made,
|
|
||||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
|
||||||
where such license applies only to those patent claims licensable
|
|
||||||
by such Contributor that are necessarily infringed by their
|
|
||||||
Contribution(s) alone or by combination of their Contribution(s)
|
|
||||||
with the Work to which such Contribution(s) was submitted. If You
|
|
||||||
institute patent litigation against any entity (including a
|
|
||||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
|
||||||
or a Contribution incorporated within the Work constitutes direct
|
|
||||||
or contributory patent infringement, then any patent licenses
|
|
||||||
granted to You under this License for that Work shall terminate
|
|
||||||
as of the date such litigation is filed.
|
|
||||||
|
|
||||||
4. Redistribution. You may reproduce and distribute copies of the
|
|
||||||
Work or Derivative Works thereof in any medium, with or without
|
|
||||||
modifications, and in Source or Object form, provided that You
|
|
||||||
meet the following conditions:
|
|
||||||
|
|
||||||
(a) You must give any other recipients of the Work or
|
|
||||||
Derivative Works a copy of this License; and
|
|
||||||
|
|
||||||
(b) You must cause any modified files to carry prominent notices
|
|
||||||
stating that You changed the files; and
|
|
||||||
|
|
||||||
(c) You must retain, in the Source form of any Derivative Works
|
|
||||||
that You distribute, all copyright, patent, trademark, and
|
|
||||||
attribution notices from the Source form of the Work,
|
|
||||||
excluding those notices that do not pertain to any part of
|
|
||||||
the Derivative Works; and
|
|
||||||
|
|
||||||
(d) If the Work includes a "NOTICE" text file as part of its
|
|
||||||
distribution, then any Derivative Works that You distribute must
|
|
||||||
include a readable copy of the attribution notices contained
|
|
||||||
within such NOTICE file, excluding those notices that do not
|
|
||||||
pertain to any part of the Derivative Works, in at least one
|
|
||||||
of the following places: within a NOTICE text file distributed
|
|
||||||
as part of the Derivative Works; within the Source form or
|
|
||||||
documentation, if provided along with the Derivative Works; or,
|
|
||||||
within a display generated by the Derivative Works, if and
|
|
||||||
wherever such third-party notices normally appear. The contents
|
|
||||||
of the NOTICE file are for informational purposes only and
|
|
||||||
do not modify the License. You may add Your own attribution
|
|
||||||
notices within Derivative Works that You distribute, alongside
|
|
||||||
or as an addendum to the NOTICE text from the Work, provided
|
|
||||||
that such additional attribution notices cannot be construed
|
|
||||||
as modifying the License.
|
|
||||||
|
|
||||||
You may add Your own copyright statement to Your modifications and
|
|
||||||
may provide additional or different license terms and conditions
|
|
||||||
for use, reproduction, or distribution of Your modifications, or
|
|
||||||
for any such Derivative Works as a whole, provided Your use,
|
|
||||||
reproduction, and distribution of the Work otherwise complies with
|
|
||||||
the conditions stated in this License.
|
|
||||||
|
|
||||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
||||||
any Contribution intentionally submitted for inclusion in the Work
|
|
||||||
by You to the Licensor shall be under the terms and conditions of
|
|
||||||
this License, without any additional terms or conditions.
|
|
||||||
Notwithstanding the above, nothing herein shall supersede or modify
|
|
||||||
the terms of any separate license agreement you may have executed
|
|
||||||
with Licensor regarding such Contributions.
|
|
||||||
|
|
||||||
6. Trademarks. This License does not grant permission to use the trade
|
|
||||||
names, trademarks, service marks, or product names of the Licensor,
|
|
||||||
except as required for reasonable and customary use in describing the
|
|
||||||
origin of the Work and reproducing the content of the NOTICE file.
|
|
||||||
|
|
||||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
||||||
agreed to in writing, Licensor provides the Work (and each
|
|
||||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
||||||
implied, including, without limitation, any warranties or conditions
|
|
||||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
||||||
appropriateness of using or redistributing the Work and assume any
|
|
||||||
risks associated with Your exercise of permissions under this License.
|
|
||||||
|
|
||||||
8. Limitation of Liability. In no event and under no legal theory,
|
|
||||||
whether in tort (including negligence), contract, or otherwise,
|
|
||||||
unless required by applicable law (such as deliberate and grossly
|
|
||||||
negligent acts) or agreed to in writing, shall any Contributor be
|
|
||||||
liable to You for damages, including any direct, indirect, special,
|
|
||||||
incidental, or consequential damages of any character arising as a
|
|
||||||
result of this License or out of the use or inability to use the
|
|
||||||
Work (including but not limited to damages for loss of goodwill,
|
|
||||||
work stoppage, computer failure or malfunction, or any and all
|
|
||||||
other commercial damages or losses), even if such Contributor
|
|
||||||
has been advised of the possibility of such damages.
|
|
||||||
|
|
||||||
9. Accepting Warranty or Additional Liability. While redistributing
|
|
||||||
the Work or Derivative Works thereof, You may choose to offer,
|
|
||||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
|
||||||
or other liability obligations and/or rights consistent with this
|
|
||||||
License. However, in accepting such obligations, You may act only
|
|
||||||
on Your own behalf and on Your sole responsibility, not on behalf
|
|
||||||
of any other Contributor, and only if You agree to indemnify,
|
|
||||||
defend, and hold each Contributor harmless for any liability
|
|
||||||
incurred by, or claims asserted against, such Contributor by reason
|
|
||||||
of your accepting any such warranty or additional liability.
|
|
||||||
|
|
||||||
END OF TERMS AND CONDITIONS
|
|
||||||
|
|
||||||
APPENDIX: How to apply the Apache License to your work.
|
|
||||||
|
|
||||||
To apply the Apache License to your work, attach the following
|
|
||||||
boilerplate notice, with the fields enclosed by brackets "{}"
|
|
||||||
replaced with your own identifying information. (Don't include
|
|
||||||
the brackets!) The text should be enclosed in the appropriate
|
|
||||||
comment syntax for the file format. We also recommend that a
|
|
||||||
file or class name and description of purpose be included on the
|
|
||||||
same "printed page" as the copyright notice for easier
|
|
||||||
identification within third-party archives.
|
|
||||||
|
|
||||||
Copyright {yyyy} {name of copyright owner}
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
42
vendor/github.com/jackspirou/syscerts/README.md
generated
vendored
42
vendor/github.com/jackspirou/syscerts/README.md
generated
vendored
|
@ -1,42 +0,0 @@
|
||||||
# syscerts
|
|
||||||
Gather local system certificates in Go via a public `SystemRootsPool` method.
|
|
||||||
|
|
||||||
#### What does this do?
|
|
||||||
Provide a way to gather local system certificates
|
|
||||||
on different OS platforms.
|
|
||||||
|
|
||||||
#### How does it do it?
|
|
||||||
It uses the `crypto/x509` package and provides a single public method called
|
|
||||||
`SystemRootsPool()` to return a `*x509.CertPool` object.
|
|
||||||
|
|
||||||
#### How do you use it?
|
|
||||||
```Go
|
|
||||||
// gather CA certs
|
|
||||||
certpool := syscerts.SystemRootsPool()
|
|
||||||
|
|
||||||
// place them in an HTTP client for trusted SSL/TLS connections
|
|
||||||
tlsConfig := &tls.Config{RootCAs: certpool}
|
|
||||||
transport := &http.Transport{TLSClientConfig: tlsConfig}
|
|
||||||
client := &http.Client{Transport: transport}
|
|
||||||
|
|
||||||
// make a request
|
|
||||||
resp, err := client.Do(req)
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Why even do it?
|
|
||||||
The `crypto/x509` package already has a `systemRootsPool` method.
|
|
||||||
The `crypto/x509.systemRootsPool` method is almost the same as
|
|
||||||
`github.com/jackspirou/syscerts.SystemRootsPool`.
|
|
||||||
The difference? The `crypto/x509.systemRootsPool` method is private so you
|
|
||||||
cannot access it. :(
|
|
||||||
|
|
||||||
There are plans for the `crypto/x509.systemRootsPool` method to become public
|
|
||||||
in Go 1.7. When this happens you might no longer need `github.com/jackspirou/syscerts.SystemRootsPool`.
|
|
||||||
|
|
||||||
The only reason you may still use this package after the Go 1.7 release might
|
|
||||||
be for the Mac OSX System Keychain certs which are not included in the
|
|
||||||
`crypto/x509` package. Relevant lines below:
|
|
||||||
|
|
||||||
* https://github.com/jackspirou/syscerts/blob/master/root_darwin.go#L24-L32
|
|
||||||
|
|
||||||
Find more about this Go issue here: https://github.com/golang/go/issues/13335
|
|
22
vendor/github.com/jackspirou/syscerts/root.go
generated
vendored
22
vendor/github.com/jackspirou/syscerts/root.go
generated
vendored
|
@ -1,22 +0,0 @@
|
||||||
// Copyright 2012 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"sync"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
once sync.Once
|
|
||||||
systemRoots *x509.CertPool
|
|
||||||
)
|
|
||||||
|
|
||||||
// SystemRootsPool attempts to find and return a pool of all all installed
|
|
||||||
// system certificates.
|
|
||||||
func SystemRootsPool() *x509.CertPool {
|
|
||||||
once.Do(initSystemRoots)
|
|
||||||
return systemRoots
|
|
||||||
}
|
|
14
vendor/github.com/jackspirou/syscerts/root_bsd.go
generated
vendored
14
vendor/github.com/jackspirou/syscerts/root_bsd.go
generated
vendored
|
@ -1,14 +0,0 @@
|
||||||
// Copyright 2015 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
// +build dragonfly freebsd netbsd openbsd
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
// Possible certificate files; stop after finding one.
|
|
||||||
var certFiles = []string{
|
|
||||||
"/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
|
|
||||||
"/etc/ssl/cert.pem", // OpenBSD
|
|
||||||
"/etc/openssl/certs/ca-certificates.crt", // NetBSD
|
|
||||||
}
|
|
85
vendor/github.com/jackspirou/syscerts/root_cgo_darwin.go
generated
vendored
85
vendor/github.com/jackspirou/syscerts/root_cgo_darwin.go
generated
vendored
|
@ -1,85 +0,0 @@
|
||||||
// Copyright 2011 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
// +build cgo,darwin,!arm,!arm64,!ios
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
/*
|
|
||||||
#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
|
|
||||||
#cgo LDFLAGS: -framework CoreFoundation -framework Security
|
|
||||||
|
|
||||||
#include <CoreFoundation/CoreFoundation.h>
|
|
||||||
#include <Security/Security.h>
|
|
||||||
|
|
||||||
// FetchPEMRootsC fetches the system's list of trusted X.509 root certificates.
|
|
||||||
//
|
|
||||||
// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
|
|
||||||
// certificates of the system. On failure, the function returns -1.
|
|
||||||
//
|
|
||||||
// Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
|
|
||||||
// we've consumed its content.
|
|
||||||
int FetchPEMRootsC(CFDataRef *pemRoots) {
|
|
||||||
if (pemRoots == NULL) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
CFArrayRef certs = NULL;
|
|
||||||
OSStatus err = SecTrustCopyAnchorCertificates(&certs);
|
|
||||||
if (err != noErr) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
|
||||||
int i, ncerts = CFArrayGetCount(certs);
|
|
||||||
for (i = 0; i < ncerts; i++) {
|
|
||||||
CFDataRef data = NULL;
|
|
||||||
SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
|
|
||||||
if (cert == NULL) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
|
|
||||||
// Once we support weak imports via cgo we should prefer that, and fall back to this
|
|
||||||
// for older systems.
|
|
||||||
err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
|
|
||||||
if (err != noErr) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (data != NULL) {
|
|
||||||
CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
|
|
||||||
CFRelease(data);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
CFRelease(certs);
|
|
||||||
|
|
||||||
*pemRoots = combinedData;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
import "C"
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"unsafe"
|
|
||||||
)
|
|
||||||
|
|
||||||
func initSystemRoots() {
|
|
||||||
roots := x509.NewCertPool()
|
|
||||||
|
|
||||||
var data C.CFDataRef = nil
|
|
||||||
err := C.FetchPEMRootsC(&data)
|
|
||||||
if err == -1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
defer C.CFRelease(C.CFTypeRef(data))
|
|
||||||
buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
|
|
||||||
roots.AppendCertsFromPEM(buf)
|
|
||||||
systemRoots = roots
|
|
||||||
}
|
|
||||||
*/
|
|
39
vendor/github.com/jackspirou/syscerts/root_darwin.go
generated
vendored
39
vendor/github.com/jackspirou/syscerts/root_darwin.go
generated
vendored
|
@ -1,39 +0,0 @@
|
||||||
// Copyright 2013 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
//go:generate go run root_darwin_arm_gen.go -output root_darwin_armx.go
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"os"
|
|
||||||
"os/exec"
|
|
||||||
)
|
|
||||||
|
|
||||||
func execSecurityRoots() (*x509.CertPool, error) {
|
|
||||||
roots := x509.NewCertPool()
|
|
||||||
cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
|
|
||||||
data, err := cmd.Output()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
roots.AppendCertsFromPEM(data)
|
|
||||||
|
|
||||||
// if available add the Mac OSX System Keychain
|
|
||||||
if _, err := os.Stat("/Library/Keychains/System.keychain"); err == nil {
|
|
||||||
cmd = exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/Library/Keychains/System.keychain")
|
|
||||||
data, err = cmd.Output()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
roots.AppendCertsFromPEM(data)
|
|
||||||
}
|
|
||||||
|
|
||||||
return roots, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func initSystemRoots() {
|
|
||||||
systemRoots, _ = execSecurityRoots()
|
|
||||||
}
|
|
4909
vendor/github.com/jackspirou/syscerts/root_darwin_armx.go
generated
vendored
4909
vendor/github.com/jackspirou/syscerts/root_darwin_armx.go
generated
vendored
File diff suppressed because it is too large
Load diff
13
vendor/github.com/jackspirou/syscerts/root_linux.go
generated
vendored
13
vendor/github.com/jackspirou/syscerts/root_linux.go
generated
vendored
|
@ -1,13 +0,0 @@
|
||||||
// Copyright 2015 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
// Possible certificate files; stop after finding one.
|
|
||||||
var certFiles = []string{
|
|
||||||
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
|
|
||||||
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
|
|
||||||
"/etc/ssl/ca-bundle.pem", // OpenSUSE
|
|
||||||
"/etc/pki/tls/cacert.pem", // OpenELEC
|
|
||||||
}
|
|
8
vendor/github.com/jackspirou/syscerts/root_nacl.go
generated
vendored
8
vendor/github.com/jackspirou/syscerts/root_nacl.go
generated
vendored
|
@ -1,8 +0,0 @@
|
||||||
// Copyright 2015 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
// Possible certificate files; stop after finding one.
|
|
||||||
var certFiles = []string{}
|
|
32
vendor/github.com/jackspirou/syscerts/root_plan9.go
generated
vendored
32
vendor/github.com/jackspirou/syscerts/root_plan9.go
generated
vendored
|
@ -1,32 +0,0 @@
|
||||||
// Copyright 2012 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
// +build plan9
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"io/ioutil"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Possible certificate files; stop after finding one.
|
|
||||||
var certFiles = []string{
|
|
||||||
"/sys/lib/tls/ca.pem",
|
|
||||||
}
|
|
||||||
|
|
||||||
func initSystemRoots() {
|
|
||||||
roots := x509.NewCertPool()
|
|
||||||
for _, file := range certFiles {
|
|
||||||
data, err := ioutil.ReadFile(file)
|
|
||||||
if err == nil {
|
|
||||||
roots.AppendCertsFromPEM(data)
|
|
||||||
systemRoots = roots
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// All of the files failed to load. systemRoots will be nil which will
|
|
||||||
// trigger a specific error at verification time.
|
|
||||||
}
|
|
12
vendor/github.com/jackspirou/syscerts/root_solaris.go
generated
vendored
12
vendor/github.com/jackspirou/syscerts/root_solaris.go
generated
vendored
|
@ -1,12 +0,0 @@
|
||||||
// Copyright 2015 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
// Possible certificate files; stop after finding one.
|
|
||||||
var certFiles = []string{
|
|
||||||
"/etc/certs/ca-certificates.crt", // Solaris 11.2+
|
|
||||||
"/etc/ssl/certs/ca-certificates.crt", // Joyent SmartOS
|
|
||||||
"/etc/ssl/cacert.pem", // OmniOS
|
|
||||||
}
|
|
52
vendor/github.com/jackspirou/syscerts/root_unix.go
generated
vendored
52
vendor/github.com/jackspirou/syscerts/root_unix.go
generated
vendored
|
@ -1,52 +0,0 @@
|
||||||
// Copyright 2011 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
// +build dragonfly freebsd linux nacl netbsd openbsd solaris
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"io/ioutil"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Possible directories with certificate files; stop after successfully
|
|
||||||
// reading at least one file from a directory.
|
|
||||||
var certDirectories = []string{
|
|
||||||
"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
|
|
||||||
"/system/etc/security/cacerts", // Android
|
|
||||||
}
|
|
||||||
|
|
||||||
func initSystemRoots() {
|
|
||||||
roots := x509.NewCertPool()
|
|
||||||
for _, file := range certFiles {
|
|
||||||
data, err := ioutil.ReadFile(file)
|
|
||||||
if err == nil {
|
|
||||||
roots.AppendCertsFromPEM(data)
|
|
||||||
systemRoots = roots
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, directory := range certDirectories {
|
|
||||||
fis, err := ioutil.ReadDir(directory)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
rootsAdded := false
|
|
||||||
for _, fi := range fis {
|
|
||||||
data, err := ioutil.ReadFile(directory + "/" + fi.Name())
|
|
||||||
if err == nil && roots.AppendCertsFromPEM(data) {
|
|
||||||
rootsAdded = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if rootsAdded {
|
|
||||||
systemRoots = roots
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// All of the files failed to load. systemRoots will be nil which will
|
|
||||||
// trigger a specific error at verification time.
|
|
||||||
}
|
|
40
vendor/github.com/jackspirou/syscerts/root_windows.go
generated
vendored
40
vendor/github.com/jackspirou/syscerts/root_windows.go
generated
vendored
|
@ -1,40 +0,0 @@
|
||||||
// Copyright 2012 The Go Authors. All rights reserved.
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
package syscerts
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"errors"
|
|
||||||
"syscall"
|
|
||||||
"unsafe"
|
|
||||||
)
|
|
||||||
|
|
||||||
// extractSimpleChain extracts the final certificate chain from a CertSimpleChain.
|
|
||||||
func extractSimpleChain(simpleChain **syscall.CertSimpleChain, count int) (chain []*x509.Certificate, err error) {
|
|
||||||
if simpleChain == nil || count == 0 {
|
|
||||||
return nil, errors.New("x509: invalid simple chain")
|
|
||||||
}
|
|
||||||
|
|
||||||
simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:]
|
|
||||||
lastChain := simpleChains[count-1]
|
|
||||||
elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:]
|
|
||||||
for i := 0; i < int(lastChain.NumElements); i++ {
|
|
||||||
// Copy the buf, since ParseCertificate does not create its own copy.
|
|
||||||
cert := elements[i].CertContext
|
|
||||||
encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
|
|
||||||
buf := make([]byte, cert.Length)
|
|
||||||
copy(buf, encodedCert[:])
|
|
||||||
parsedCert, err := x509.ParseCertificate(buf)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
chain = append(chain, parsedCert)
|
|
||||||
}
|
|
||||||
|
|
||||||
return chain, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func initSystemRoots() {
|
|
||||||
}
|
|
3
vendor/modules.txt
vendored
3
vendor/modules.txt
vendored
|
@ -139,9 +139,6 @@ github.com/hashicorp/go-retryablehttp
|
||||||
# github.com/hashicorp/go-version v1.3.0
|
# github.com/hashicorp/go-version v1.3.0
|
||||||
## explicit
|
## explicit
|
||||||
github.com/hashicorp/go-version
|
github.com/hashicorp/go-version
|
||||||
# github.com/jackspirou/syscerts v0.0.0-20160531025014-b68f5469dff1
|
|
||||||
## explicit
|
|
||||||
github.com/jackspirou/syscerts
|
|
||||||
# github.com/joho/godotenv v1.3.0
|
# github.com/joho/godotenv v1.3.0
|
||||||
## explicit
|
## explicit
|
||||||
github.com/joho/godotenv
|
github.com/joho/godotenv
|
||||||
|
|
Loading…
Reference in a new issue