Migrate to Go modules

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
2025-06-23 07:13:23 +00:00 · 2021-01-20 12:12:11 +00:00
parent 2e2250afe8
commit 7ce266adc0
667 changed files with 211781 additions and 17546 deletions
--- a/gateway/vendor/github.com/nats-io/nkeys/.travis.yml
+++ b/gateway/vendor/github.com/nats-io/nkeys/.travis.yml
@ -1,8 +1,8 @@
 language: go
 sudo: false
 go:
- 1.12.x
- 1.11.x
+- 1.14.x
+- 1.13.x

 install:
 - go get -t ./...
@ -28,4 +28,4 @@ script:
 #  script: curl -sL http://git.io/goreleaser | bash
 #  on:
 #    tags: true
-#    condition: $TRAVIS_OS_NAME = linux
+#    condition: $TRAVIS_OS_NAME = linux
--- a/gateway/vendor/github.com/nats-io/nkeys/README.md
+++ b/gateway/vendor/github.com/nats-io/nkeys/README.md
@ -17,7 +17,7 @@ Ed25519 is fast and resistant to side channel attacks. Generation of a seed key

 The NATS system will utilize Ed25519 keys, meaning that NATS systems will never store or even have access to any private keys. Authentication will utilize a random challenge response mechanism.

-Dealing with 32 byte and 64 byte raw keys can be challenging. NKEYS is designed to formulate keys in a much friendlier fashion and references work done in cryptocurrencies, specifically [Stellar](https://www.stellar.org/).	Bitcoin and others used a form of Base58 (or Base58Check) to endode raw keys. Stellar utilized a more traditonal Base32 with a CRC16 and a version or prefix byte. NKEYS utilizes a similar format where the prefix will be 1 byte for public and private keys and will be 2 bytes for seeds. The base32 encoding of these prefixes will yield friendly human readbable prefixes, e.g. '**N**' = server, '**C**' = cluster, '**O**' = operator, '**A**' = account, and '**U**' = user. '**P**' is used for private keys. For seeds, the first encoded prefix is '**S**', and the second character will be the type for the public key, e.g. "**SU**" is a seed for a user key pair, "**SA**" is a seed for an account key pair.
+Dealing with 32 byte and 64 byte raw keys can be challenging. NKEYS is designed to formulate keys in a much friendlier fashion and references work done in cryptocurrencies, specifically [Stellar](https://www.stellar.org/).	Bitcoin and others used a form of Base58 (or Base58Check) to encode raw keys. Stellar utilized a more traditional Base32 with a CRC16 and a version or prefix byte. NKEYS utilizes a similar format where the prefix will be 1 byte for public and private keys and will be 2 bytes for seeds. The base32 encoding of these prefixes will yield friendly human readable prefixes, e.g. '**N**' = server, '**C**' = cluster, '**O**' = operator, '**A**' = account, and '**U**' = user. '**P**' is used for private keys. For seeds, the first encoded prefix is '**S**', and the second character will be the type for the public key, e.g. "**SU**" is a seed for a user key pair, "**SA**" is a seed for an account key pair.

 ## Installation

@ -69,4 +69,4 @@ Unless otherwise noted, the NATS source files are distributed
 under the Apache Version 2.0 license found in the LICENSE file.


-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnats-io%2Fnkeys.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnats-io%2Fnkeys?ref=badge_large)
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnats-io%2Fnkeys.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnats-io%2Fnkeys?ref=badge_large)
--- a/gateway/vendor/github.com/nats-io/nkeys/creds_utils.go
+++ b/gateway/vendor/github.com/nats-io/nkeys/creds_utils.go
@ -0,0 +1,78 @@
+package nkeys
+
+import (
+	"bytes"
+	"errors"
+	"regexp"
+)
+
+var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}.*[-]{3,}\r?\n)([\w\-.=]+)(?:\r?\n[-]{3,}.*[-]{3,}\r?\n))`)
+
+// ParseDecoratedJWT takes a creds file and returns the JWT portion.
+func ParseDecoratedJWT(contents []byte) (string, error) {
+	items := userConfigRE.FindAllSubmatch(contents, -1)
+	if len(items) == 0 {
+		return string(contents), nil
+	}
+	// First result should be the user JWT.
+	// We copy here so that if the file contained a seed file too we wipe appropriately.
+	raw := items[0][1]
+	tmp := make([]byte, len(raw))
+	copy(tmp, raw)
+	return string(tmp), nil
+}
+
+// ParseDecoratedNKey takes a creds file, finds the NKey portion and creates a
+// key pair from it.
+func ParseDecoratedNKey(contents []byte) (KeyPair, error) {
+	var seed []byte
+
+	items := userConfigRE.FindAllSubmatch(contents, -1)
+	if len(items) > 1 {
+		seed = items[1][1]
+	} else {
+		lines := bytes.Split(contents, []byte("\n"))
+		for _, line := range lines {
+			if bytes.HasPrefix(bytes.TrimSpace(line), []byte("SO")) ||
+				bytes.HasPrefix(bytes.TrimSpace(line), []byte("SA")) ||
+				bytes.HasPrefix(bytes.TrimSpace(line), []byte("SU")) {
+				seed = line
+				break
+			}
+		}
+	}
+	if seed == nil {
+		return nil, errors.New("no nkey seed found")
+	}
+	if !bytes.HasPrefix(seed, []byte("SO")) &&
+		!bytes.HasPrefix(seed, []byte("SA")) &&
+		!bytes.HasPrefix(seed, []byte("SU")) {
+		return nil, errors.New("doesn't contain a seed nkey")
+	}
+	kp, err := FromSeed(seed)
+	if err != nil {
+		return nil, err
+	}
+	return kp, nil
+}
+
+// ParseDecoratedUserNKey takes a creds file, finds the NKey portion and creates a
+// key pair from it. Similar to ParseDecoratedNKey but fails for non-user keys.
+func ParseDecoratedUserNKey(contents []byte) (KeyPair, error) {
+	nk, err := ParseDecoratedNKey(contents)
+	if err != nil {
+		return nil, err
+	}
+	seed, err := nk.Seed()
+	if err != nil {
+		return nil, err
+	}
+	if !bytes.HasPrefix(seed, []byte("SU")) {
+		return nil, errors.New("doesn't contain an user seed nkey")
+	}
+	kp, err := FromSeed(seed)
+	if err != nil {
+		return nil, err
+	}
+	return kp, nil
+}
--- a/gateway/vendor/github.com/nats-io/nkeys/go.mod
+++ b/gateway/vendor/github.com/nats-io/nkeys/go.mod
@ -1,3 +1,3 @@
 module github.com/nats-io/nkeys

-require golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
+require golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
--- a/gateway/vendor/github.com/nats-io/nkeys/go.sum
+++ b/gateway/vendor/github.com/nats-io/nkeys/go.sum
@ -1,6 +1,6 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM=
+golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/gateway/vendor/github.com/nats-io/nkeys/main.go
+++ b/gateway/vendor/github.com/nats-io/nkeys/main.go
@ -19,8 +19,8 @@ import (
 	"errors"
 )

-// Version
-const Version = "0.1.0"
+// Version is our current version
+const Version = "0.2.0"

 // Errors
 var (
@ -33,6 +33,7 @@ var (
 	ErrInvalidSignature  = errors.New("nkeys: signature verification failed")
 	ErrCannotSign        = errors.New("nkeys: can not sign, no private key available")
 	ErrPublicKeyOnly     = errors.New("nkeys: no seed or private key available")
+	ErrIncompatibleKey   = errors.New("nkeys: incompatible key")
 )

 // KeyPair provides the central interface to nkeys.
@ -93,7 +94,7 @@ func FromSeed(seed []byte) (KeyPair, error) {
 	return &kp{copy}, nil
 }

-// Create a KeyPair from the raw 32 byte seed for a given type.
+// FromRawSeed will create a KeyPair from the raw 32 byte seed for a given type.
 func FromRawSeed(prefix PrefixByte, rawSeed []byte) (KeyPair, error) {
 	seed, err := EncodeSeed(prefix, rawSeed)
 	if err != nil {
--- a/gateway/vendor/github.com/nats-io/nkeys/strkey.go
+++ b/gateway/vendor/github.com/nats-io/nkeys/strkey.go
@ -17,7 +17,6 @@ import (
 	"bytes"
 	"encoding/base32"
 	"encoding/binary"
-
 	"golang.org/x/crypto/ed25519"
 )

@ -47,7 +46,7 @@ const (
 	PrefixByteUser PrefixByte = 20 << 3 // Base32-encodes to 'U...'

 	// PrefixByteUnknown is for unknown prefixes.
-	PrefixByteUknown PrefixByte = 23 << 3 // Base32-encodes to 'X...'
+	PrefixByteUnknown PrefixByte = 23 << 3 // Base32-encodes to 'X...'
 )

 // Set our encoding to not include padding '=='
@ -188,10 +187,11 @@ func DecodeSeed(src []byte) (PrefixByte, []byte, error) {
 	return PrefixByte(b2), raw[2:], nil
 }

+// Prefix returns PrefixBytes of its input
 func Prefix(src string) PrefixByte {
 	b, err := decode([]byte(src))
 	if err != nil {
-		return PrefixByteUknown
+		return PrefixByteUnknown
 	}
 	prefix := PrefixByte(b[0])
 	err = checkValidPrefixByte(prefix)
@ -203,7 +203,7 @@ func Prefix(src string) PrefixByte {
 	if PrefixByte(b1) == PrefixByteSeed {
 		return PrefixByteSeed
 	}
-	return PrefixByteUknown
+	return PrefixByteUnknown
 }

 // IsValidPublicKey will decode and verify that the string is a valid encoded public key.
@ -288,3 +288,19 @@ func (p PrefixByte) String() string {
 	}
 	return "unknown"
 }
+
+// CompatibleKeyPair returns an error if the KeyPair doesn't match expected PrefixByte(s)
+func CompatibleKeyPair(kp KeyPair, expected ...PrefixByte) error {
+	pk, err := kp.PublicKey()
+	if err != nil {
+		return err
+	}
+	pkType := Prefix(pk)
+	for _, k := range expected {
+		if pkType == k {
+			return nil
+		}
+	}
+
+	return ErrIncompatibleKey
+}