DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Switch to go modules

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-04-15 08:34:23 -04:00
parent 461954facb
commit 1720059244
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
763 changed files with 24896 additions and 177398 deletions
Download patch file Download diff file Expand all files Collapse all files

11
vendor/github.com/zakjan/cert-chain-resolver/.editorconfig generated vendored
View file

@ -1,11 +0,0 @@
root = true
[*]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.go]
indent_style = tab
indent_size = 4

9
vendor/github.com/zakjan/cert-chain-resolver/.gitignore generated vendored
View file

@ -1,9 +0,0 @@
.idea
*.iml
/vendor
/cert-chain-resolver
/out
tests/http-server

21
vendor/github.com/zakjan/cert-chain-resolver/LICENCE generated vendored
View file

@ -1,21 +0,0 @@
The MIT License (MIT)
Copyright (c) 2015 Jan Žák (http://zakjan.cz)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

85
vendor/github.com/zakjan/cert-chain-resolver/README.md generated vendored
View file

@ -1,85 +0,0 @@
# SSL certificate chain resolver
[![CircleCI](https://img.shields.io/circleci/project/zakjan/cert-chain-resolver.svg)](https://circleci.com/gh/zakjan/cert-chain-resolver)
[![Licence](https://img.shields.io/badge/licence-MIT-blue.svg)](https://tldrlegal.com/license/mit-license)
This application downloads all intermediate CA certificates for a given SSL server certificate. It can help you fix the *incomplete certificate chain* issue, also reported as *Extra download* by [Qualys SSL Server Test](https://www.ssllabs.com/ssltest/).
See Releases for prebuilt binaries or build it yourself.
NOTE: In case of any troubles with Go you can try the deprecated shell script in [shell](https://github.com/zakjan/cert-chain-resolver/tree/shell) branch.
## Usage
```
NAME:
cert-chain-resolver - SSL certificate chain resolver
USAGE:
cert-chain-resolver [global options] [INPUT_FILE]
VERSION:
1.0.1
GLOBAL OPTIONS:
--output OUTPUT_FILE, -o OUTPUT_FILE output to OUTPUT_FILE (default: stdout)
--intermediate-only, -i output intermediate certificates only
--der, -d output DER format
--include-system, -s include root CA from system in output
--version, -v print the version
```
## Example
```
$ cert-chain-resolver -o domain.bundle.pem domain.pem
1: *.xxx.com
2: COMODO RSA Domain Validation Secure Server CA
3: COMODO RSA Certification Authority
Certificate chain complete.
Total 3 certificate(s) found.
```
## Build
Dependencies:
* Go 1.6
* project cloned in `$GOPATH` (otherwise vendoring doesn't work, see https://github.com/golang/go/issues/12511)
```
go get github.com/Masterminds/glide
glide install
go build
```
## Tests
```
go test $(glide novendor)
tests/run.sh
```
## Background
![Incomplete certificate chain](images/incomplete-chain.png)
All operating systems contain a set of default trusted root certificates. But CAs usually don't use their root certificate to sign customer certificates. Instead of they use so called intermediate certificates, because they can be rotated more frequently.
A certificate can contain a special *Authority Information Access* extension ([RFC-3280](http://tools.ietf.org/html/rfc3280)) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. This is the exact meaning of the *Extra download* message. But some clients (mobile browsers, OpenSSL) don't support this extension, so they report such certificate as untrusted.
A server should always send a complete chain, which means concatenated all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. Note, the trusted root certificate should not be there, as it is already included in the systems root certificate store.
You should be able to fetch intermediate certificates from the issuer and concat them together by yourself, this script helps you automatize it by looping over certificate's AIA extension field.
### Other implementations
* [deprecated shell script](https://github.com/zakjan/cert-chain-resolver/tree/shell) (shell)
* [https://certificatechain.io/](https://certificatechain.io/) (webservice)
* [freekmurze/ssl-certificate-chain-resolver](https://github.com/freekmurze/ssl-certificate-chain-resolver) (PHP)
### Licence
The MIT License (MIT). See [LICENCE](LICENCE) file for more information. [TL;DR](https://tldrlegal.com/license/mit-license)
If you use my code in some interesting project, I'd be happy to know about it.

63
vendor/github.com/zakjan/cert-chain-resolver/circle.sh generated vendored
View file

@ -1,63 +0,0 @@
#!/usr/bin/env bash
set -eu
GO_PROJECT_HOME="/home/ubuntu/.go_workspace/src/${CIRCLE_REPOSITORY_URL/https:\/\//}"
dependencies() {
mkdir -p "${GO_PROJECT_HOME}"
rsync -a --delete . "${GO_PROJECT_HOME}"
cd "${GO_PROJECT_HOME}"
go get github.com/Masterminds/glide
glide install
}
build() {
cd "${GO_PROJECT_HOME}"
go build
}
test() {
cd "${GO_PROJECT_HOME}"
go test $(glide novendor)
tests/run.sh
}
release() {
cd "${GO_PROJECT_HOME}"
mkdir out
GOARCH="amd64"
for GOOS in linux darwin windows; do
echo "Building ${GOOS}_${GOARCH}"
DIR="${CIRCLE_PROJECT_REPONAME}_${GOOS}_${GOARCH}"
OUT="out/${DIR}/${CIRCLE_PROJECT_REPONAME}"
if [ "${GOOS}" = "windows" ]; then
OUT="${OUT}.exe"
fi
GOOS="${GOOS}" GOARCH="${GOARCH}" go build -o "${OUT}"
cd out
tar -czf "${DIR}.tar.gz" "${DIR}"
rm -rf "${DIR}"
cp "${DIR}.tar.gz" "${CIRCLE_ARTIFACTS}"
cd ..
done
}
case "$1" in
dependencies)
dependencies;;
build)
build;;
test)
test;;
release)
release;;
esac

9
vendor/github.com/zakjan/cert-chain-resolver/circle.yml generated vendored
View file

@ -1,9 +0,0 @@
dependencies:
override:
- ./circle.sh dependencies
test:
override:
- ./circle.sh build
- ./circle.sh test
- ./circle.sh release

12
vendor/github.com/zakjan/cert-chain-resolver/glide.lock generated vendored
View file

@ -1,12 +0,0 @@
hash: a2c552569a10dc8f17247d97f4d7d6801e7298721d4476c9c8d1755ec488216e
updated: 2016-06-02T09:18:54.603431478+02:00
imports:
- name: github.com/fullsailor/pkcs7
version: 2585af45975b11f1d7502bb6c01556c29efb54ce
- name: github.com/stretchr/testify
version: f390dcf405f7b83c997eac1b06768bb9f44dec18
subpackages:
- assert
- name: github.com/urfave/cli
version: 01a33823596e7cffafa9e037acdd2441dc0eb03f
devImports: []

7
vendor/github.com/zakjan/cert-chain-resolver/glide.yaml generated vendored
View file

@ -1,7 +0,0 @@
package: github.com/zakjan/cert-chain-resolver
import:
- package: github.com/stretchr/testify
subpackages:
- assert
- package: github.com/fullsailor/pkcs7
- package: github.com/urfave/cli

146
vendor/github.com/zakjan/cert-chain-resolver/main.go generated vendored
View file

@ -1,146 +0,0 @@
package main
import (
"fmt"
"github.com/urfave/cli"
"github.com/zakjan/cert-chain-resolver/certUtil"
"io/ioutil"
"os"
)
func openInputFile(filename string) (*os.File, error) {
if filename == "" {
return os.Stdin, nil
}
file, err := os.Open(filename)
if err != nil {
return nil, err
}
return file, nil
}
func openOutputFile(filename string) (*os.File, error) {
if filename == "" {
return os.Stdout, nil
}
file, err := os.Create(filename)
if err != nil {
return nil, err
}
return file, nil
}
func run(inputFilename string, outputFilename string, outputIntermediateOnly bool,
outputDerFormat bool, includeSystem bool) error {
inputFile, err := openInputFile(inputFilename)
if err != nil {
return err
}
outputFile, err := openOutputFile(outputFilename)
if err != nil {
return err
}
data, err := ioutil.ReadAll(inputFile)
if err != nil {
return err
}
cert, err := certUtil.DecodeCertificate(data)
if err != nil {
return err
}
certs, err := certUtil.FetchCertificateChain(cert)
if err != nil {
return err
}
if includeSystem {
certs, err = certUtil.AddRootCA(certs)
if err != nil {
return err
}
}
if outputIntermediateOnly {
certs = certs[1:]
}
if !outputDerFormat {
data = certUtil.EncodeCertificates(certs)
} else {
data = certUtil.EncodeCertificatesDER(certs)
}
_, err = outputFile.Write(data)
if err != nil {
return err
}
for i, cert := range certs {
fmt.Fprintf(os.Stderr, "%d: %s\n", i+1, cert.Subject.CommonName)
}
fmt.Fprintf(os.Stderr, "Certificate chain complete.\n")
fmt.Fprintf(os.Stderr, "Total %d certificate(s) found.\n", len(certs))
return nil
}
func main() {
var (
inputFilename string
outputFilename string
outputIntermediateOnly bool
outputDerFormat bool
includeSystem bool
)
app := cli.NewApp()
app.Usage = "SSL certificate chain resolver"
app.ArgsUsage = "[INPUT_FILE]"
app.Version = "1.0.2"
app.HideHelp = true
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "output, o",
Usage: "output to `OUTPUT_FILE` (default: stdout)",
Destination: &outputFilename,
},
cli.BoolFlag{
Name: "intermediate-only, i",
Usage: "output intermediate certificates only",
Destination: &outputIntermediateOnly,
},
cli.BoolFlag{
Name: "der, d",
Usage: "output DER format",
Destination: &outputDerFormat,
},
cli.BoolFlag{
Name: "include-system, s",
Usage: "include root CA from system in output",
Destination: &includeSystem,
},
}
app.Action = func(c *cli.Context) error {
args := c.Args()
if len(args) > 0 {
inputFilename = args[0]
}
err := run(inputFilename, outputFilename, outputIntermediateOnly, outputDerFormat, includeSystem)
return err
}
err := app.Run(os.Args)
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
}