go.mod: update osbuild/images to v0.74.0
This commit is contained in:
Gianluca Zuccarelli
Sanne Raymaekers
parent
3789ff4ce8
commit
c9972f7da8
327 changed files with 8341 additions and 12785 deletions
40
vendor/github.com/google/s2a-go/internal/v2/s2av2.go
generated
vendored
40
vendor/github.com/google/s2a-go/internal/v2/s2av2.go
generated
vendored
|
|
@ -28,7 +28,6 @@ import (
|
|||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang/protobuf/proto"
|
||||
"github.com/google/s2a-go/fallback"
|
||||
"github.com/google/s2a-go/internal/handshaker/service"
|
||||
"github.com/google/s2a-go/internal/tokenmanager"
|
||||
|
|
@ -38,8 +37,9 @@ import (
|
|||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/grpclog"
|
||||
"google.golang.org/protobuf/proto"
|
||||
|
||||
commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
|
||||
commonpb "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
|
||||
s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
|
||||
)
|
||||
|
||||
|
|
@ -59,9 +59,9 @@ type s2av2TransportCreds struct {
|
|||
transportCreds credentials.TransportCredentials
|
||||
tokenManager *tokenmanager.AccessTokenManager
|
||||
// localIdentity should only be used by the client.
|
||||
localIdentity *commonpbv1.Identity
|
||||
localIdentity *commonpb.Identity
|
||||
// localIdentities should only be used by the server.
|
||||
localIdentities []*commonpbv1.Identity
|
||||
localIdentities []*commonpb.Identity
|
||||
verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
|
||||
fallbackClientHandshake fallback.ClientHandshake
|
||||
getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
|
||||
|
|
@ -70,7 +70,7 @@ type s2av2TransportCreds struct {
|
|||
|
||||
// NewClientCreds returns a client-side transport credentials object that uses
|
||||
// the S2Av2 to establish a secure connection with a server.
|
||||
func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
|
||||
func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentity *commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
|
||||
// Create an AccessTokenManager instance to use to authenticate to S2Av2.
|
||||
accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
|
||||
|
||||
|
|
@ -101,7 +101,7 @@ func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCre
|
|||
|
||||
// NewServerCreds returns a server-side transport credentials object that uses
|
||||
// the S2Av2 to establish a secure connection with a client.
|
||||
func NewServerCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
|
||||
func NewServerCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentities []*commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
|
||||
// Create an AccessTokenManager instance to use to authenticate to S2Av2.
|
||||
accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
|
||||
creds := &s2av2TransportCreds{
|
||||
|
|
@ -183,13 +183,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
|
|||
}
|
||||
|
||||
creds := credentials.NewTLS(config)
|
||||
var conn net.Conn
|
||||
var authInfo credentials.AuthInfo
|
||||
retry.Run(timeoutCtx,
|
||||
func() error {
|
||||
conn, authInfo, err = creds.ClientHandshake(timeoutCtx, serverName, rawConn)
|
||||
return err
|
||||
})
|
||||
conn, authInfo, err := creds.ClientHandshake(timeoutCtx, serverName, rawConn)
|
||||
if err != nil {
|
||||
grpclog.Infof("Failed to do client handshake using S2Av2: %v", err)
|
||||
if c.fallbackClientHandshake != nil {
|
||||
|
|
@ -197,7 +191,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
|
|||
}
|
||||
return nil, nil, err
|
||||
}
|
||||
grpclog.Infof("Successfully done client handshake using S2Av2 to: %s", serverName)
|
||||
grpclog.Infof("client-side handshake is done using S2Av2 to: %s", serverName)
|
||||
|
||||
return conn, authInfo, err
|
||||
}
|
||||
|
|
@ -247,13 +241,7 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
|
|||
}
|
||||
|
||||
creds := credentials.NewTLS(config)
|
||||
var conn net.Conn
|
||||
var authInfo credentials.AuthInfo
|
||||
retry.Run(ctx,
|
||||
func() error {
|
||||
conn, authInfo, err = creds.ServerHandshake(rawConn)
|
||||
return err
|
||||
})
|
||||
conn, authInfo, err := creds.ServerHandshake(rawConn)
|
||||
if err != nil {
|
||||
grpclog.Infof("Failed to do server handshake using S2Av2: %v", err)
|
||||
return nil, nil, err
|
||||
|
|
@ -280,15 +268,15 @@ func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
|
|||
tokenManager = *c.tokenManager
|
||||
}
|
||||
verificationMode := c.verificationMode
|
||||
var localIdentity *commonpbv1.Identity
|
||||
var localIdentity *commonpb.Identity
|
||||
if c.localIdentity != nil {
|
||||
localIdentity = proto.Clone(c.localIdentity).(*commonpbv1.Identity)
|
||||
localIdentity = proto.Clone(c.localIdentity).(*commonpb.Identity)
|
||||
}
|
||||
var localIdentities []*commonpbv1.Identity
|
||||
var localIdentities []*commonpb.Identity
|
||||
if c.localIdentities != nil {
|
||||
localIdentities = make([]*commonpbv1.Identity, len(c.localIdentities))
|
||||
localIdentities = make([]*commonpb.Identity, len(c.localIdentities))
|
||||
for i, localIdentity := range c.localIdentities {
|
||||
localIdentities[i] = proto.Clone(localIdentity).(*commonpbv1.Identity)
|
||||
localIdentities[i] = proto.Clone(localIdentity).(*commonpb.Identity)
|
||||
}
|
||||
}
|
||||
creds := &s2av2TransportCreds{
|
||||
|
|
|
|||
15
vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
generated
vendored
15
vendor/github.com/google/s2a-go/internal/v2/tlsconfigstore/tlsconfigstore.go
generated
vendored
|
|
@ -33,7 +33,6 @@ import (
|
|||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/grpclog"
|
||||
|
||||
commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
|
||||
commonpb "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
|
||||
s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
|
||||
)
|
||||
|
|
@ -44,8 +43,8 @@ const (
|
|||
)
|
||||
|
||||
// GetTLSConfigurationForClient returns a tls.Config instance for use by a client application.
|
||||
func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, serverAuthorizationPolicy []byte) (*tls.Config, error) {
|
||||
authMechanisms := getAuthMechanisms(tokenManager, []*commonpbv1.Identity{localIdentity})
|
||||
func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentity *commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, serverAuthorizationPolicy []byte) (*tls.Config, error) {
|
||||
authMechanisms := getAuthMechanisms(tokenManager, []*commonpb.Identity{localIdentity})
|
||||
|
||||
if grpclog.V(1) {
|
||||
grpclog.Infof("Sending request to S2Av2 for client TLS config.")
|
||||
|
|
@ -126,7 +125,7 @@ func GetTLSConfigurationForClient(serverHostname string, s2AStream stream.S2AStr
|
|||
}
|
||||
|
||||
// GetTLSConfigurationForServer returns a tls.Config instance for use by a server application.
|
||||
func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
|
||||
func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode) (*tls.Config, error) {
|
||||
return &tls.Config{
|
||||
GetConfigForClient: ClientConfig(tokenManager, localIdentities, verificationMode, s2AStream),
|
||||
}, nil
|
||||
|
|
@ -136,7 +135,7 @@ func GetTLSConfigurationForServer(s2AStream stream.S2AStream, tokenManager token
|
|||
// connection with a client, based on SNI communicated during ClientHello.
|
||||
// Ensures that server presents the correct certificate to establish a TLS
|
||||
// connection.
|
||||
func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
|
||||
func ClientConfig(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, s2AStream stream.S2AStream) func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
|
||||
return func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
|
||||
tlsConfig, err := getServerConfigFromS2Av2(tokenManager, localIdentities, chi.ServerName, s2AStream)
|
||||
if err != nil {
|
||||
|
|
@ -219,9 +218,9 @@ func getTLSCipherSuite(tlsCipherSuite commonpb.Ciphersuite) uint16 {
|
|||
}
|
||||
}
|
||||
|
||||
func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity, sni string, s2AStream stream.S2AStream) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
|
||||
func getServerConfigFromS2Av2(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpb.Identity, sni string, s2AStream stream.S2AStream) (*s2av2pb.GetTlsConfigurationResp_ServerTlsConfiguration, error) {
|
||||
authMechanisms := getAuthMechanisms(tokenManager, localIdentities)
|
||||
var locID *commonpbv1.Identity
|
||||
var locID *commonpb.Identity
|
||||
if localIdentities != nil {
|
||||
locID = localIdentities[0]
|
||||
}
|
||||
|
|
@ -283,7 +282,7 @@ func getTLSClientAuthType(tlsConfig *s2av2pb.GetTlsConfigurationResp_ServerTlsCo
|
|||
return clientAuth
|
||||
}
|
||||
|
||||
func getAuthMechanisms(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpbv1.Identity) []*s2av2pb.AuthenticationMechanism {
|
||||
func getAuthMechanisms(tokenManager tokenmanager.AccessTokenManager, localIdentities []*commonpb.Identity) []*s2av2pb.AuthenticationMechanism {
|
||||
if tokenManager == nil {
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue