diff options
Diffstat (limited to 'vendor/github.com/smallstep/certificates/authority/linkedca.go')
| -rw-r--r-- | vendor/github.com/smallstep/certificates/authority/linkedca.go | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/vendor/github.com/smallstep/certificates/authority/linkedca.go b/vendor/github.com/smallstep/certificates/authority/linkedca.go index 3eaa76c..a452f67 100644 --- a/vendor/github.com/smallstep/certificates/authority/linkedca.go +++ b/vendor/github.com/smallstep/certificates/authority/linkedca.go @@ -19,15 +19,16 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials" + "github.com/smallstep/linkedca" "go.step.sm/crypto/jose" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/tlsutil" "go.step.sm/crypto/x509util" - "go.step.sm/linkedca" "github.com/smallstep/certificates/authority/admin" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" + "github.com/smallstep/certificates/internal/cast" ) const uuidPattern = "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" @@ -110,7 +111,7 @@ func newLinkedCAClient(token string) (*linkedCaClient, error) { tlsConfig.GetClientCertificate = renewer.GetClientCertificate // Start mTLS client - conn, err := grpc.Dial(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + conn, err := grpc.NewClient(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) if err != nil { return nil, errors.Wrapf(err, "error connecting %s", u.Host) } @@ -336,7 +337,7 @@ func (c *linkedCaClient) Revoke(crt *x509.Certificate, rci *db.RevokedCertificat Serial: rci.Serial, PemCertificate: serializeCertificate(crt), Reason: rci.Reason, - ReasonCode: linkedca.RevocationReasonCode(rci.ReasonCode), + ReasonCode: linkedca.RevocationReasonCode(cast.Int32(rci.ReasonCode)), Passive: true, }) @@ -350,7 +351,7 @@ func (c *linkedCaClient) RevokeSSH(cert *ssh.Certificate, rci *db.RevokedCertifi Serial: rci.Serial, Certificate: serializeSSHCertificate(cert), Reason: rci.Reason, - ReasonCode: linkedca.RevocationReasonCode(rci.ReasonCode), + ReasonCode: linkedca.RevocationReasonCode(cast.Int32(rci.ReasonCode)), Passive: true, }) @@ -403,7 +404,7 @@ func createProvisionerIdentity(p provisioner.Interface) *linkedca.ProvisionerIde } return &linkedca.ProvisionerIdentity{ Id: p.GetID(), - Type: linkedca.Provisioner_Type(p.GetType()), + Type: linkedca.Provisioner_Type(cast.Int32(int(p.GetType()))), Name: p.GetName(), } } @@ -478,10 +479,7 @@ func getAuthority(sans []string) (string, error) { // getRootCertificate creates an insecure majordomo client and returns the // verified root certificate. func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ + conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ //nolint:gosec // used in bootstrap protocol InsecureSkipVerify: true, // lgtm[go/disabled-certificate-check] }))) @@ -489,7 +487,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) return nil, errors.Wrapf(err, "error connecting %s", endpoint) } - ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() client := linkedca.NewMajordomoClient(conn) @@ -531,11 +529,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) // login creates a new majordomo client with just the root ca pool and returns // the signed certificate and tls configuration. func login(authority, token string, csr *x509.CertificateRequest, signer crypto.PrivateKey, endpoint string, rootCAs *x509.CertPool) (*tls.Certificate, *tls.Config, error) { - // Connect to majordomo - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ + conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ MinVersion: tls.VersionTLS12, RootCAs: rootCAs, }))) @@ -544,7 +538,7 @@ func login(authority, token string, csr *x509.CertificateRequest, signer crypto. } // Login to get the signed certificate - ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second) + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() client := linkedca.NewMajordomoClient(conn) |