From 5937b045c843f9c8905b839976d22a74922d82fa Mon Sep 17 00:00:00 2001 From: Nuno Oliveira Date: Mon, 7 Nov 2022 09:41:23 +0000 Subject: [PATCH 1/5] Added support for specifying the digest algo. Support for go 1.18 --- client/client.go | 6 ++---- go.mod | 15 ++++++++++----- go.sum | 4 ++-- scep/scep.go | 41 ++++++++++++++++++++++++++++++++++++----- scep/scep_test.go | 2 +- server/service.go | 15 +++++++++++++-- 6 files changed, 64 insertions(+), 19 deletions(-) diff --git a/client/client.go b/client/client.go index eee82ff..08fe968 100644 --- a/client/client.go +++ b/client/client.go @@ -14,10 +14,7 @@ type Client interface { } // New creates a SCEP Client. -func New( - serverURL string, - logger log.Logger, -) (Client, error) { +func New(serverURL string, logger log.Logger) (Client, error) { endpoints, err := scepserver.MakeClientEndpoints(serverURL) if err != nil { return nil, err @@ -25,5 +22,6 @@ func New( logger = level.Info(logger) endpoints.GetEndpoint = scepserver.EndpointLoggingMiddleware(logger)(endpoints.GetEndpoint) endpoints.PostEndpoint = scepserver.EndpointLoggingMiddleware(logger)(endpoints.PostEndpoint) + return endpoints, nil } diff --git a/go.mod b/go.mod index 0d81571..5639934 100644 --- a/go.mod +++ b/go.mod @@ -1,18 +1,23 @@ module github.com/micromdm/scep/v2 -go 1.16 +go 1.17 require ( github.com/boltdb/bolt v1.3.1 github.com/go-kit/kit v0.4.0 - github.com/go-logfmt/logfmt v0.3.0 // indirect - github.com/go-stack/stack v1.6.0 // indirect - github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f // indirect github.com/gorilla/mux v1.4.0 github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda - github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect github.com/pkg/errors v0.8.0 go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 +) + +require ( + github.com/go-logfmt/logfmt v0.3.0 // indirect + github.com/go-stack/stack v1.6.0 // indirect + github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f // indirect + github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7 // indirect golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5 // indirect ) + +replace go.mozilla.org/pkcs7 => github.com/smallstep/pkcs7 v0.0.0-20221024180420-e1aab68dda05 diff --git a/go.sum b/go.sum index 80502af..d33ced4 100644 --- a/go.sum +++ b/go.sum @@ -16,8 +16,8 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= -go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +github.com/smallstep/pkcs7 v0.0.0-20221024180420-e1aab68dda05 h1:nVZXaJTwrUcfPUSZknkOidfITqOXSO0wE8pkOUTOdSM= +github.com/smallstep/pkcs7 v0.0.0-20221024180420-e1aab68dda05/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7 h1:1Pw+ZX4dmGORIwGkTwnUr7RFuMhfpCYHXRZNF04XPYs= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5 h1:NAjcSWsnFBcOQGn/lxvHouhL7iPC53X8+znVzzQkAEg= diff --git a/scep/scep.go b/scep/scep.go index c01f9bd..5f24ab0 100644 --- a/scep/scep.go +++ b/scep/scep.go @@ -162,13 +162,25 @@ func WithCertsSelector(selector CertsSelector) Option { } } +// WithDigestAlgorithm sets the PKCS #7 digest algorithm. Note that +//in go versions >=1.18 setting the algo as SHA1 will cause x509 +//verify function to failed due to unsecure algo. +// This option is effective when used with NewCSRRequest function. In +// this case, the PKCS #7 digest algo will be set to the specified value +func WithDigestAlgorithm(identifier asn1.ObjectIdentifier) Option { + return func(c *config) { + c.digestAlgorithm = identifier + } +} + // Option specifies custom configuration for SCEP. type Option func(*config) type config struct { - logger log.Logger - caCerts []*x509.Certificate // specified if CA certificates have already been retrieved - certsSelector CertsSelector + logger log.Logger + caCerts []*x509.Certificate // specified if CA certificates have already been retrieved + certsSelector CertsSelector + digestAlgorithm asn1.ObjectIdentifier } // PKIMessage defines the possible SCEP message types @@ -387,7 +399,7 @@ func (msg *PKIMessage) DecryptPKIEnvelope(cert *x509.Certificate, key *rsa.Priva } } -func (msg *PKIMessage) Fail(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, info FailInfo) (*PKIMessage, error) { +func (msg *PKIMessage) Fail(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, info FailInfo, digestAlgo asn1.ObjectIdentifier) (*PKIMessage, error) { config := pkcs7.SignerInfoConfig{ ExtraSignedAttributes: []pkcs7.Attribute{ { @@ -418,6 +430,12 @@ func (msg *PKIMessage) Fail(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, } sd, err := pkcs7.NewSignedData(nil) + if digestAlgo != nil && len(digestAlgo) > 0 { + sd.SetDigestAlgorithm(digestAlgo) + } else { + //default to sha256 since golang 1.18 prohibits sha1 + sd.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256) + } if err != nil { return nil, err } @@ -451,7 +469,7 @@ func (msg *PKIMessage) Fail(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, } // Success returns a new PKIMessage with CertRep data using an already-issued certificate -func (msg *PKIMessage) Success(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, crt *x509.Certificate) (*PKIMessage, error) { +func (msg *PKIMessage) Success(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, crt *x509.Certificate, digestAlgo asn1.ObjectIdentifier) (*PKIMessage, error) { // check if CSRReqMessage has already been decrypted if msg.CSRReqMessage.CSR == nil { if err := msg.DecryptPKIEnvelope(crtAuth, keyAuth); err != nil { @@ -498,6 +516,12 @@ func (msg *PKIMessage) Success(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKe } signedData, err := pkcs7.NewSignedData(e7) + if digestAlgo != nil && len(digestAlgo) > 0 { + signedData.SetDigestAlgorithm(digestAlgo) + } else { + //default to sha256 since golang 1.18 prohibits sha1 + signedData.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256) + } if err != nil { return nil, err } @@ -571,12 +595,19 @@ func NewCSRRequest(csr *x509.CertificateRequest, tmpl *PKIMessage, opts ...Optio } return nil, errors.New("no CA/RA recipients") } + e7, err := pkcs7.Encrypt(derBytes, recipients) if err != nil { return nil, err } signedData, err := pkcs7.NewSignedData(e7) + if conf.digestAlgorithm != nil && len(conf.digestAlgorithm) > 0 { + signedData.SetDigestAlgorithm(conf.digestAlgorithm) + } else { + //default to sha256 since golang 1.18 prohibits sha1 + signedData.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256) + } if err != nil { return nil, err } diff --git a/scep/scep_test.go b/scep/scep_test.go index a9c6838..e4b8e72 100644 --- a/scep/scep_test.go +++ b/scep/scep_test.go @@ -122,7 +122,7 @@ func TestSignCSR(t *testing.T) { if err != nil { t.Fatal(err) } - certRep, err := msg.Success(cacert, cakey, crt) + certRep, err := msg.Success(cacert, cakey, crt, nil) if err != nil { t.Fatal(err) } diff --git a/server/service.go b/server/service.go index 58ef85e..06dc925 100644 --- a/server/service.go +++ b/server/service.go @@ -4,6 +4,7 @@ import ( "context" "crypto/rsa" "crypto/x509" + "encoding/asn1" "errors" "github.com/micromdm/scep/v2/scep" @@ -51,6 +52,9 @@ type service struct { /// info logging is implemented in the service middleware layer. debugLogger log.Logger + + //disgest algo + digestAlgo asn1.ObjectIdentifier } func (svc *service) GetCACaps(ctx context.Context) ([]byte, error) { @@ -86,11 +90,11 @@ func (svc *service) PKIOperation(ctx context.Context, data []byte) ([]byte, erro } if err != nil { svc.debugLogger.Log("msg", "failed to sign CSR", "err", err) - certRep, err := msg.Fail(svc.crt, svc.key, scep.BadRequest) + certRep, err := msg.Fail(svc.crt, svc.key, scep.BadRequest, svc.digestAlgo) return certRep.Raw, err } - certRep, err := msg.Success(svc.crt, svc.key, crt) + certRep, err := msg.Success(svc.crt, svc.key, crt, svc.digestAlgo) return certRep.Raw, err } @@ -110,6 +114,13 @@ func WithLogger(logger log.Logger) ServiceOption { } } +func WithDigestAlgo(identifier asn1.ObjectIdentifier) ServiceOption { + return func(s *service) error { + s.digestAlgo = identifier + return nil + } +} + // WithAddlCA appends an additional certificate to the slice of CA certs func WithAddlCA(ca *x509.Certificate) ServiceOption { return func(s *service) error { From ecb4faa41a78f347b838f83b4e7395f8ad0d9f4e Mon Sep 17 00:00:00 2001 From: Nuno Oliveira Date: Mon, 7 Nov 2022 11:36:33 +0000 Subject: [PATCH 2/5] Updated server code to enable a user defined digest algo. --- cmd/scepserver/scepserver.go | 38 +++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/cmd/scepserver/scepserver.go b/cmd/scepserver/scepserver.go index 4e1ade5..7f371a4 100644 --- a/cmd/scepserver/scepserver.go +++ b/cmd/scepserver/scepserver.go @@ -4,9 +4,12 @@ import ( "crypto/rand" "crypto/rsa" "crypto/x509" + "encoding/asn1" "encoding/pem" + "errors" "flag" "fmt" + "go.mozilla.org/pkcs7" "net/http" "os" "os/signal" @@ -29,6 +32,21 @@ var ( version = "unknown" ) +var digestStringOIMap = map[string]asn1.ObjectIdentifier{ + "SHA1": pkcs7.OIDDigestAlgorithmSHA1, + "SHA256": pkcs7.OIDDigestAlgorithmSHA256, + "SHA384": pkcs7.OIDDigestAlgorithmSHA384, + "SHA512": pkcs7.OIDDigestAlgorithmSHA512, + "DSA": pkcs7.OIDDigestAlgorithmDSA, + "DSASHA1": pkcs7.OIDDigestAlgorithmDSASHA1, + "ECDSASHA1": pkcs7.OIDDigestAlgorithmECDSASHA1, + "ECDSASHA256": pkcs7.OIDDigestAlgorithmECDSASHA256, + "ECDSASHA384": pkcs7.OIDDigestAlgorithmECDSASHA384, + "ECDSASHA512": pkcs7.OIDDigestAlgorithmECDSASHA512, +} + +var digest = pkcs7.OIDDigestAlgorithmSHA256 + func main() { var caCMD = flag.NewFlagSet("ca", flag.ExitOnError) { @@ -40,11 +58,10 @@ func main() { } } - //main flags var ( flVersion = flag.Bool("version", false, "prints version information") flHTTPAddr = flag.String("http-addr", envString("SCEP_HTTP_ADDR", ""), "http listen address. defaults to \":8080\"") - flPort = flag.String("port", envString("SCEP_HTTP_LISTEN_PORT", "8080"), "http port to listen on (if you want to specify an address, use -http-addr instead)") + flPort = flag.String("port", envString("SCEP_HTTP_LISTEN_PORT", "8081"), "http port to listen on (if you want to specify an address, use -http-addr instead)") flDepotPath = flag.String("depot", envString("SCEP_FILE_DEPOT", "depot"), "path to ca folder") flCAPass = flag.String("capass", envString("SCEP_CA_PASS", ""), "passwd for the ca.key") flClDuration = flag.String("crtvalid", envString("SCEP_CERT_VALID", "365"), "validity for new client certificates in days") @@ -55,6 +72,9 @@ func main() { flLogJSON = flag.Bool("log-json", envBool("SCEP_LOG_JSON"), "output JSON logs") flSignServerAttrs = flag.Bool("sign-server-attrs", envBool("SCEP_SIGN_SERVER_ATTRS"), "sign cert attrs for server usage") ) + //main flags + flag.Func("digest-algo", "digest algorithm for pkcs7", parseUserDefinedDigestAlgo) + flag.Usage = func() { flag.PrintDefaults() @@ -154,7 +174,7 @@ func main() { if csrVerifier != nil { signer = csrverifier.Middleware(csrVerifier, signer) } - svc, err = scepserver.NewService(crts[0], key, signer, scepserver.WithLogger(logger)) + svc, err = scepserver.NewService(crts[0], key, signer, scepserver.WithLogger(logger), scepserver.WithDigestAlgo(digest)) if err != nil { lginfo.Log("err", err) os.Exit(1) @@ -317,3 +337,15 @@ func setByUser(flagName, envName string) bool { _, envSet := os.LookupEnv(envName) return flagSet || envSet } + +func parseUserDefinedDigestAlgo(s string) error { + if s == "" { + return nil + } + if v, ok := digestStringOIMap[s]; !ok { + return errors.New("invalid value for digest algo") + } else { + digest = v + } + return nil +} From 116a800476b5696c2b0b9650b5b02b5f6cc1bc63 Mon Sep 17 00:00:00 2001 From: nunooliveira Date: Tue, 30 Jan 2024 16:30:09 +0000 Subject: [PATCH 3/5] Adjust digest flag not to use globals Support any case input for digest algo --- cmd/scepserver/scepserver.go | 37 +++++++++++++++++++++--------------- go.mod | 1 - 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/cmd/scepserver/scepserver.go b/cmd/scepserver/scepserver.go index 802ec4b..e5012cb 100644 --- a/cmd/scepserver/scepserver.go +++ b/cmd/scepserver/scepserver.go @@ -9,12 +9,13 @@ import ( "errors" "flag" "fmt" - "go.mozilla.org/pkcs7" + "github.com/smallstep/pkcs7" "net/http" "os" "os/signal" "path/filepath" "strconv" + "strings" "syscall" "github.com/micromdm/scep/v2/csrverifier" @@ -45,8 +46,6 @@ var digestStringOIMap = map[string]asn1.ObjectIdentifier{ "ECDSASHA512": pkcs7.OIDDigestAlgorithmECDSASHA512, } -var digest = pkcs7.OIDDigestAlgorithmSHA256 - func main() { var caCMD = flag.NewFlagSet("ca", flag.ExitOnError) { @@ -61,20 +60,18 @@ func main() { var ( flVersion = flag.Bool("version", false, "prints version information") flHTTPAddr = flag.String("http-addr", envString("SCEP_HTTP_ADDR", ""), "http listen address. defaults to \":8080\"") - flPort = flag.String("port", envString("SCEP_HTTP_LISTEN_PORT", "8081"), "http port to listen on (if you want to specify an address, use -http-addr instead)") + flPort = flag.String("port", envString("SCEP_HTTP_LISTEN_PORT", "8080"), "http port to listen on (if you want to specify an address, use -http-addr instead)") flDepotPath = flag.String("depot", envString("SCEP_FILE_DEPOT", "depot"), "path to ca folder") flCAPass = flag.String("capass", envString("SCEP_CA_PASS", ""), "passwd for the ca.key") flClDuration = flag.String("crtvalid", envString("SCEP_CERT_VALID", "365"), "validity for new client certificates in days") flClAllowRenewal = flag.String("allowrenew", envString("SCEP_CERT_RENEW", "14"), "do not allow renewal until n days before expiry, set to 0 to always allow") flChallengePassword = flag.String("challenge", envString("SCEP_CHALLENGE_PASSWORD", ""), "enforce a challenge password") flCSRVerifierExec = flag.String("csrverifierexec", envString("SCEP_CSR_VERIFIER_EXEC", ""), "will be passed the CSRs for verification") + flDigestAlgo = flag.String("digest-algo", envString("SCEP_DIGEST_ALGO", "SHA256"), "digest algorithm for pkcs7") flDebug = flag.Bool("debug", envBool("SCEP_LOG_DEBUG"), "enable debug logging") flLogJSON = flag.Bool("log-json", envBool("SCEP_LOG_JSON"), "output JSON logs") flSignServerAttrs = flag.Bool("sign-server-attrs", envBool("SCEP_SIGN_SERVER_ATTRS"), "sign cert attrs for server usage") ) - //main flags - flag.Func("digest-algo", "digest algorithm for pkcs7", parseUserDefinedDigestAlgo) - flag.Usage = func() { flag.PrintDefaults() @@ -103,6 +100,17 @@ func main() { httpAddr = ":" + *flPort } + var digestAlgo asn1.ObjectIdentifier + digestSet := setByUser("digest-algo", "SCEP_DIGEST_ALGO") + if digestSet { + d, err := parseUserDefinedDigestAlgo(*flDigestAlgo) + if err != nil { + fmt.Fprintln(os.Stderr, err.Error()) + os.Exit(1) + } + digestAlgo = d + } + var logger log.Logger { @@ -174,7 +182,7 @@ func main() { if csrVerifier != nil { signer = csrverifier.Middleware(csrVerifier, signer) } - svc, err = scepserver.NewService(crts[0], key, signer, scepserver.WithLogger(logger), scepserver.WithDigestAlgo(digest)) + svc, err = scepserver.NewService(crts[0], key, signer, scepserver.WithLogger(logger), scepserver.WithDigestAlgo(digestAlgo)) if err != nil { lginfo.Log("err", err) os.Exit(1) @@ -338,14 +346,13 @@ func setByUser(flagName, envName string) bool { return flagSet || envSet } -func parseUserDefinedDigestAlgo(s string) error { +func parseUserDefinedDigestAlgo(s string) (asn1.ObjectIdentifier, error) { if s == "" { - return nil + //no value is fine, it will default to SHA256 + return nil, nil } - if v, ok := digestStringOIMap[s]; !ok { - return errors.New("invalid value for digest algo") - } else { - digest = v + if v, ok := digestStringOIMap[strings.ToUpper(s)]; ok { + return v, nil } - return nil + return nil, errors.New("invalid value for digest algo") } diff --git a/go.mod b/go.mod index 917d8c3..60ed90c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,6 @@ require ( github.com/groob/finalizer v0.0.0-20210806035223-91592c9e1e0b github.com/pkg/errors v0.8.0 github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 - go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 ) require ( From 292f5c9a01fef46fca6de9a8011bf40627c4c4cd Mon Sep 17 00:00:00 2001 From: nunooliveira Date: Tue, 30 Jan 2024 16:51:48 +0000 Subject: [PATCH 4/5] bump to 1.18 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 60ed90c..05c8dbf 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/micromdm/scep/v2 -go 1.17 +go 1.18 require ( github.com/boltdb/bolt v1.3.1 From 9b7b6bdba624a4a9eda4aefd71d9b17962d1a15c Mon Sep 17 00:00:00 2001 From: nunooliveira Date: Mon, 5 Feb 2024 11:20:48 +0000 Subject: [PATCH 5/5] Rollback unwanted changes --- client/client.go | 6 ++++-- go.mod | 15 ++++++--------- go.sum | 14 +++++++------- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/client/client.go b/client/client.go index 08fe968..eee82ff 100644 --- a/client/client.go +++ b/client/client.go @@ -14,7 +14,10 @@ type Client interface { } // New creates a SCEP Client. -func New(serverURL string, logger log.Logger) (Client, error) { +func New( + serverURL string, + logger log.Logger, +) (Client, error) { endpoints, err := scepserver.MakeClientEndpoints(serverURL) if err != nil { return nil, err @@ -22,6 +25,5 @@ func New(serverURL string, logger log.Logger) (Client, error) { logger = level.Info(logger) endpoints.GetEndpoint = scepserver.EndpointLoggingMiddleware(logger)(endpoints.GetEndpoint) endpoints.PostEndpoint = scepserver.EndpointLoggingMiddleware(logger)(endpoints.PostEndpoint) - return endpoints, nil } diff --git a/go.mod b/go.mod index 05c8dbf..f732350 100644 --- a/go.mod +++ b/go.mod @@ -1,20 +1,17 @@ module github.com/micromdm/scep/v2 -go 1.18 +go 1.16 require ( github.com/boltdb/bolt v1.3.1 github.com/go-kit/kit v0.4.0 - github.com/gorilla/mux v1.8.1 - github.com/groob/finalizer v0.0.0-20210806035223-91592c9e1e0b - github.com/pkg/errors v0.8.0 - github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 -) - -require ( github.com/go-logfmt/logfmt v0.3.0 // indirect github.com/go-stack/stack v1.6.0 // indirect + github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f // indirect + github.com/gorilla/mux v1.4.0 + github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect + github.com/pkg/errors v0.8.0 + github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.13.0 // indirect ) diff --git a/go.sum b/go.sum index bdb2efd..37afd10 100644 --- a/go.sum +++ b/go.sum @@ -6,19 +6,19 @@ github.com/go-logfmt/logfmt v0.3.0 h1:8HUsc87TaSWLKwrnumgC8/YconD2fJQsRJAsWaPg2i github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-stack/stack v1.6.0 h1:MmJCxYVKTJ0SplGKqFVX3SBnmaUhODHZrrFF6jMbpZk= github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= -github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/groob/finalizer v0.0.0-20210806035223-91592c9e1e0b h1:JXxRNkmRODJEcijViiib7ksipzTa3hr6vwoS15b8bWI= -github.com/groob/finalizer v0.0.0-20210806035223-91592c9e1e0b/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= +github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f h1:9oNbS1z4rVpbnkHBdPZU4jo9bSmrLpII768arSyMFgk= +github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.4.0 h1:N6R8isjoRv7IcVVlf0cTBbo0UDc9V6ZXWEm0HQoQmLo= +github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda h1:5ikpG9mYCMFiZX0nkxoV6aU2IpCHPdws3gCNgdZeEV0= +github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 h1:qRxEt9ESQhAg1kjmgJ8oyyzlc9zkAjOooe7bcKjKORQ= github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13/go.mod h1:SoUAr/4M46rZ3WaLstHxGhLEgoYIDRqxQEXLOmOEB0Y= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= -go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=