From 06cabb005c6b0c1fa5605432ecf0c10f9efa781f Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 14 Nov 2024 21:08:25 +0100 Subject: [PATCH 01/24] start migration to acme & dns challenges --- backend/common/go.mod | 15 ++- backend/common/go.sum | 26 ++-- backend/common/helper/md5dns.go | 48 +++++++ backend/dns-service/go.mod | 16 +-- backend/dns-service/go.sum | 28 ++-- backend/domain-rest-interface/go.mod | 21 +-- backend/domain-rest-interface/go.sum | 38 +++--- backend/eab-rest-interface/go.mod | 24 ++-- backend/eab-rest-interface/go.sum | 57 ++++---- backend/pki-rest-interface/go.mod | 22 +-- backend/pki-rest-interface/go.sum | 42 +++--- backend/pki-service/cmd/run.go | 3 + backend/pki-service/go.mod | 31 +++-- backend/pki-service/go.sum | 43 +++--- backend/pki-service/pkg/cfg/sectigo.go | 3 + backend/pki-service/pkg/grpc/ssl.go | 124 +++++++++++------ backend/pki-service/pkg/helper/acme.go | 100 ++++++++++++++ backend/pki-service/pkg/helper/dns.go | 179 +++++++++++++++++++++++++ backend/pki-service/pkg/helper/zap.go | 61 +++++++++ backend/validation-service/go.mod | 16 +-- backend/validation-service/go.sum | 28 ++-- 21 files changed, 698 insertions(+), 227 deletions(-) create mode 100644 backend/common/helper/md5dns.go create mode 100644 backend/pki-service/pkg/helper/acme.go create mode 100644 backend/pki-service/pkg/helper/dns.go create mode 100644 backend/pki-service/pkg/helper/zap.go diff --git a/backend/common/go.mod b/backend/common/go.mod index 6a68be38..3c0a09c7 100644 --- a/backend/common/go.mod +++ b/backend/common/go.mod @@ -7,7 +7,7 @@ require ( github.com/getkin/kin-openapi v0.128.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/joho/godotenv v1.5.1 - github.com/labstack/echo/v4 v4.13.2 + github.com/labstack/echo/v4 v4.13.3 github.com/lestrrat-go/jwx v1.2.30 github.com/prometheus/client_golang v1.20.5 github.com/spf13/cobra v1.8.1 @@ -28,6 +28,8 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sync v0.10.0 // indirect ) require ( @@ -69,7 +71,7 @@ require ( github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect @@ -77,12 +79,12 @@ require ( go.opentelemetry.io/otel/metric v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -90,9 +92,10 @@ require ( require ( github.com/getsentry/sentry-go v0.30.0 github.com/go-playground/validator/v10 v10.23.0 + github.com/miekg/dns v1.1.62 github.com/valyala/bytebufferpool v1.0.0 // indirect go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 golang.org/x/sys v0.28.0 // indirect - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 ) diff --git a/backend/common/go.sum b/backend/common/go.sum index 234107ba..0cf6dece 100644 --- a/backend/common/go.sum +++ b/backend/common/go.sum @@ -76,8 +76,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= @@ -104,6 +104,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= +github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= @@ -140,8 +142,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -189,8 +191,8 @@ golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/ golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -203,12 +205,12 @@ golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/backend/common/helper/md5dns.go b/backend/common/helper/md5dns.go new file mode 100644 index 00000000..0576232e --- /dev/null +++ b/backend/common/helper/md5dns.go @@ -0,0 +1,48 @@ +package helper + +import ( + "crypto/hmac" + // Required due to the use in the MWN + "crypto/md5" //#nosec + "encoding/base64" + "encoding/hex" + + "github.com/miekg/dns" +) + +type Md5provider string + +func fromBase64(s []byte) (buf []byte, err error) { + buflen := base64.StdEncoding.DecodedLen(len(s)) + buf = make([]byte, buflen) + n, err := base64.StdEncoding.Decode(buf, s) + buf = buf[:n] + return +} + +func (key Md5provider) Generate(msg []byte, _ *dns.TSIG) ([]byte, error) { + // If we barf here, the caller is to blame + rawsecret, err := fromBase64([]byte(key)) + if err != nil { + return nil, err + } + h := hmac.New(md5.New, rawsecret) + + h.Write(msg) + return h.Sum(nil), nil +} + +func (key Md5provider) Verify(msg []byte, t *dns.TSIG) error { + b, err := key.Generate(msg, t) + if err != nil { + return err + } + mac, err := hex.DecodeString(t.MAC) + if err != nil { + return err + } + if !hmac.Equal(b, mac) { + return dns.ErrSig + } + return nil +} diff --git a/backend/dns-service/go.mod b/backend/dns-service/go.mod index 2514a9dd..32da642b 100644 --- a/backend/dns-service/go.mod +++ b/backend/dns-service/go.mod @@ -7,7 +7,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/miekg/dns v1.1.62 go.uber.org/zap v1.27.0 - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 ) require ( @@ -23,7 +23,7 @@ require ( github.com/invopop/yaml v0.3.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/klauspost/compress v1.17.11 // indirect - github.com/labstack/echo/v4 v4.13.2 // indirect + github.com/labstack/echo/v4 v4.13.3 // indirect github.com/mailru/easyjson v0.9.0 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -42,7 +42,7 @@ require ( golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -53,14 +53,14 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 github.com/joho/godotenv v1.5.1 // indirect github.com/magiconair/properties v1.8.9 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/spf13/viper v1.19.0 github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect @@ -71,12 +71,12 @@ require ( go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/text v0.21.0 // indirect - google.golang.org/protobuf v1.36.0 + google.golang.org/protobuf v1.36.1 gopkg.in/ini.v1 v1.67.0 // indirect ) require ( - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect ) @@ -84,7 +84,7 @@ require ( require ( github.com/spf13/cobra v1.8.1 golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/tools v0.28.0 // indirect ) diff --git a/backend/dns-service/go.sum b/backend/dns-service/go.sum index e969de58..23c5e4d2 100644 --- a/backend/dns-service/go.sum +++ b/backend/dns-service/go.sum @@ -67,8 +67,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDa github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= @@ -91,8 +91,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= @@ -146,8 +146,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -222,8 +222,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -268,17 +268,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/backend/domain-rest-interface/go.mod b/backend/domain-rest-interface/go.mod index df50da13..d9f823bc 100644 --- a/backend/domain-rest-interface/go.mod +++ b/backend/domain-rest-interface/go.mod @@ -4,10 +4,10 @@ go 1.23.0 require ( github.com/getkin/kin-openapi v0.128.0 - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 ) require ( @@ -19,7 +19,7 @@ require ( github.com/magiconair/properties v1.8.9 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 @@ -39,11 +39,11 @@ require ( github.com/swaggo/swag v1.16.4 go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/net v0.32.0 + golang.org/x/net v0.33.0 golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/protobuf v1.36.0 + google.golang.org/protobuf v1.36.1 gopkg.in/yaml.v2 v2.4.0 // indirect ) @@ -54,10 +54,10 @@ require ( github.com/getsentry/sentry-go v0.30.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 github.com/jackc/pgx/v4 v4.18.3 github.com/johnbellone/grpc-middleware-sentry v0.4.0 - github.com/labstack/echo/v4 v4.13.2 + github.com/labstack/echo/v4 v4.13.3 github.com/lestrrat-go/jwx v1.2.30 github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 @@ -83,6 +83,7 @@ require ( github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/pgtype v1.14.4 // indirect github.com/klauspost/compress v1.17.11 // indirect + github.com/miekg/dns v1.1.62 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect @@ -95,17 +96,17 @@ require ( github.com/sagikazarmark/locafero v0.6.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect - github.com/swaggo/files/v2 v2.0.1 // indirect + github.com/swaggo/files/v2 v2.0.2 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/sync v0.10.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) require ( - ariga.io/atlas v0.29.0 // indirect + ariga.io/atlas v0.29.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/go-openapi/inflect v0.21.0 // indirect diff --git a/backend/domain-rest-interface/go.sum b/backend/domain-rest-interface/go.sum index 5775a18e..97b55a8e 100644 --- a/backend/domain-rest-interface/go.sum +++ b/backend/domain-rest-interface/go.sum @@ -1,5 +1,5 @@ -ariga.io/atlas v0.29.0 h1:sXlI6ktGjo0vpBDvStjtgEKwLvjFfveK0vmRRTxyu1E= -ariga.io/atlas v0.29.0/go.mod h1:LOOp18LCL9r+VifvVlJqgYJwYl271rrXD9/wIyzJ8sw= +ariga.io/atlas v0.29.1 h1:7gB8XRFTnJeZ7ZiccNCJqwBtUv3yjFyxRFDMzu0AmRg= +ariga.io/atlas v0.29.1/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= entgo.io/ent v0.14.1 h1:fUERL506Pqr92EPHJqr8EYxbPioflJo6PudkrEA8a/s= entgo.io/ent v0.14.1/go.mod h1:MH6XLG0KXpkcDQhKiHfANZSzR55TJyPL5IGNpI8wpco= @@ -111,8 +111,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= @@ -190,8 +190,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= @@ -230,6 +230,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= +github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -281,8 +283,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -309,8 +311,8 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/swaggo/echo-swagger v1.4.1 h1:Yf0uPaJWp1uRtDloZALyLnvdBeoEL5Kc7DtnjzO/TUk= github.com/swaggo/echo-swagger v1.4.1/go.mod h1:C8bSi+9yH2FLZsnhqMZLIZddpUxZdBYuNHbtaS1Hljc= -github.com/swaggo/files/v2 v2.0.1 h1:XCVJO/i/VosCDsJu1YLpdejGsGnBE9deRMpjN4pJLHk= -github.com/swaggo/files/v2 v2.0.1/go.mod h1:24kk2Y9NYEJ5lHuCra6iVwkMjIekMCaFq/0JQj66kyM= +github.com/swaggo/files/v2 v2.0.2 h1:Bq4tgS/yxLB/3nwOMcul5oLEUKa877Ykgz3CJMVbQKU= +github.com/swaggo/files/v2 v2.0.2/go.mod h1:TVqetIzZsO9OhHX1Am9sRf9LdrFZqoK49N37KON/jr0= github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A= github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg= github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0= @@ -405,8 +407,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -490,17 +492,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/backend/eab-rest-interface/go.mod b/backend/eab-rest-interface/go.mod index 723d717c..50a6f528 100644 --- a/backend/eab-rest-interface/go.mod +++ b/backend/eab-rest-interface/go.mod @@ -4,11 +4,11 @@ go 1.23.0 require ( github.com/getkin/kin-openapi v0.128.0 - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/smallstep/certificates v0.28.1 go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 ) require ( @@ -20,7 +20,7 @@ require ( github.com/magiconair/properties v1.8.9 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 @@ -40,11 +40,11 @@ require ( github.com/swaggo/swag v1.16.4 go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) @@ -53,9 +53,9 @@ require ( github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.30.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 github.com/johnbellone/grpc-middleware-sentry v0.4.0 - github.com/labstack/echo/v4 v4.13.2 + github.com/labstack/echo/v4 v4.13.3 github.com/labstack/gommon v0.4.2 github.com/lestrrat-go/jwx v1.2.30 github.com/smallstep/nosql v0.7.0 @@ -107,12 +107,12 @@ require ( github.com/urfave/cli v1.22.16 // indirect go.etcd.io/bbolt v1.3.11 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect - go.step.sm/crypto v0.55.0 // indirect + go.step.sm/crypto v0.56.0 // indirect go.step.sm/linkedca v0.22.2 // indirect ) require ( - ariga.io/atlas v0.29.0 // indirect + ariga.io/atlas v0.29.1 // indirect dario.cat/mergo v1.0.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -163,10 +163,10 @@ require ( github.com/smallstep/cli-utils v0.10.0 // indirect github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect - github.com/smallstep/scep v0.0.0-20241216111545-f3ca9c43928a // indirect + github.com/smallstep/scep v0.0.0-20241223071629-a37a330173bc // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/viper v1.19.0 // indirect - github.com/swaggo/files/v2 v2.0.1 // indirect + github.com/swaggo/files/v2 v2.0.2 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zclconf/go-cty v1.15.1 // indirect @@ -177,7 +177,7 @@ require ( golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/backend/eab-rest-interface/go.sum b/backend/eab-rest-interface/go.sum index a43b0ec8..e759edf2 100644 --- a/backend/eab-rest-interface/go.sum +++ b/backend/eab-rest-interface/go.sum @@ -1,15 +1,15 @@ -ariga.io/atlas v0.29.0 h1:sXlI6ktGjo0vpBDvStjtgEKwLvjFfveK0vmRRTxyu1E= -ariga.io/atlas v0.29.0/go.mod h1:LOOp18LCL9r+VifvVlJqgYJwYl271rrXD9/wIyzJ8sw= +ariga.io/atlas v0.29.1 h1:7gB8XRFTnJeZ7ZiccNCJqwBtUv3yjFyxRFDMzu0AmRg= +ariga.io/atlas v0.29.1/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= -cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= +cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= +cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= -cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= -cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0= @@ -247,8 +247,8 @@ github.com/hm-edu/certificates v0.0.0-20241213062523-8b3e0eba6d66 h1:adUmdPiI50b github.com/hm-edu/certificates v0.0.0-20241213062523-8b3e0eba6d66/go.mod h1:lg/jurv9iLCxYbnvyYY0MQ0lSOcnTsCeRkDXWyof7xo= github.com/hm-edu/nosql v0.4.1-0.20230305071512-139857866201 h1:KB8SVIw1MA30wUUXYziiTErSw487ahokcesqzgPlK/o= github.com/hm-edu/nosql v0.4.1-0.20230305071512-139857866201/go.mod h1:jOXwLtockXORUPPZ2MCUcIkGR6w0cN1QGZniY9DITQA= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -331,8 +331,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= @@ -454,11 +454,10 @@ github.com/smallstep/cli-utils v0.10.0 h1:CfXNvHtIN5pAzGvGP0NEUZoGFcj5epNEB6RSpS github.com/smallstep/cli-utils v0.10.0/go.mod h1:jIeNa5ctrVg89lU5TaQKYd6o1eFxi9mtZu1sXSxpEBg= github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 h1:kjYvkvS/Wdy0PVRDUAA0gGJIVSEZYhiAJtfwYgOYoGA= github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935/go.mod h1:vNAduivU014fubg6ewygkAvQC0IQVXqdc8vaGl/0er4= -github.com/smallstep/pkcs7 v0.1.0/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= -github.com/smallstep/scep v0.0.0-20241216111545-f3ca9c43928a h1:bUDUC2M6BDNZZcMDViEi+lnoVvapHaoTXRIuJrQvuCg= -github.com/smallstep/scep v0.0.0-20241216111545-f3ca9c43928a/go.mod h1:IWmjrOXZHq8fv+9MbXbhHL73JunrnDK4e1C33K+6Pg8= +github.com/smallstep/scep v0.0.0-20241223071629-a37a330173bc h1:gJ1mkz/iJhKnKUJit5DCFxNRWo9mxIkVm9SI8DiUugI= +github.com/smallstep/scep v0.0.0-20241223071629-a37a330173bc/go.mod h1:bENyEPpujhqigQx115AitJTc11LZmGUNk0ftgyhcNus= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -468,8 +467,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= @@ -503,8 +502,8 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/swaggo/echo-swagger v1.4.1 h1:Yf0uPaJWp1uRtDloZALyLnvdBeoEL5Kc7DtnjzO/TUk= github.com/swaggo/echo-swagger v1.4.1/go.mod h1:C8bSi+9yH2FLZsnhqMZLIZddpUxZdBYuNHbtaS1Hljc= -github.com/swaggo/files/v2 v2.0.1 h1:XCVJO/i/VosCDsJu1YLpdejGsGnBE9deRMpjN4pJLHk= -github.com/swaggo/files/v2 v2.0.1/go.mod h1:24kk2Y9NYEJ5lHuCra6iVwkMjIekMCaFq/0JQj66kyM= +github.com/swaggo/files/v2 v2.0.2 h1:Bq4tgS/yxLB/3nwOMcul5oLEUKa877Ykgz3CJMVbQKU= +github.com/swaggo/files/v2 v2.0.2/go.mod h1:TVqetIzZsO9OhHX1Am9sRf9LdrFZqoK49N37KON/jr0= github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A= github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -545,8 +544,8 @@ go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4Jjx go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= -go.step.sm/crypto v0.55.0 h1:575Q7NahuM/ZRxUVN1GkO2e1aDYQJqIIg+nbfOajQJk= -go.step.sm/crypto v0.55.0/go.mod h1:MgEmD1lgwsuzZwTgI0GwKapHjKVEQLVggSvHuf3bYnU= +go.step.sm/crypto v0.56.0 h1:KcFfV76cI9Xaw8bdSc9x55skyuSdcHcTdL37vvVZnvY= +go.step.sm/crypto v0.56.0/go.mod h1:snWNloxY9s1W+HsFqcviq55nvzbqqX6LxVt0Vktv5mw= go.step.sm/linkedca v0.22.2 h1:zmFIyDC77gFHo6FLQJ8OIXYpLYDIsgDWaYqtYs6A9/Q= go.step.sm/linkedca v0.22.2/go.mod h1:ESY8r5VfhJA8ZVzI6hXIQcEX9LwaY3aoPnT+Hb9jpbw= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -622,8 +621,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -724,8 +723,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= -google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= +google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg= +google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -735,17 +734,17 @@ google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 h1:k48HcZ4FE6in0o8 google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576/go.mod h1:DV2u3tCn/AcVjjmGYZKt6HyvY4w4y3ipAdHkMbe/0i4= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/backend/pki-rest-interface/go.mod b/backend/pki-rest-interface/go.mod index a0229484..7a306550 100644 --- a/backend/pki-rest-interface/go.mod +++ b/backend/pki-rest-interface/go.mod @@ -4,17 +4,17 @@ go 1.23 require ( github.com/getkin/kin-openapi v0.128.0 - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/johnbellone/grpc-middleware-sentry v0.4.0 - github.com/labstack/echo/v4 v4.13.2 + github.com/labstack/echo/v4 v4.13.3 github.com/labstack/gommon v0.4.2 github.com/lestrrat-go/jwx v1.2.30 github.com/spf13/cobra v1.8.1 github.com/swaggo/echo-swagger v1.4.1 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 go.uber.org/zap v1.27.0 - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 ) require ( @@ -45,6 +45,7 @@ require ( github.com/magiconair/properties v1.8.9 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/miekg/dns v1.1.62 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -59,19 +60,22 @@ require ( github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/spf13/viper v1.19.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/swaggo/files/v2 v2.0.1 // indirect + github.com/swaggo/files/v2 v2.0.2 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -92,11 +96,11 @@ require ( github.com/swaggo/swag v1.16.4 go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/backend/pki-rest-interface/go.sum b/backend/pki-rest-interface/go.sum index b5ecf918..11db6949 100644 --- a/backend/pki-rest-interface/go.sum +++ b/backend/pki-rest-interface/go.sum @@ -85,8 +85,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDa github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= @@ -111,8 +111,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= @@ -139,6 +139,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= +github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= @@ -179,8 +181,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -201,8 +203,8 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/swaggo/echo-swagger v1.4.1 h1:Yf0uPaJWp1uRtDloZALyLnvdBeoEL5Kc7DtnjzO/TUk= github.com/swaggo/echo-swagger v1.4.1/go.mod h1:C8bSi+9yH2FLZsnhqMZLIZddpUxZdBYuNHbtaS1Hljc= -github.com/swaggo/files/v2 v2.0.1 h1:XCVJO/i/VosCDsJu1YLpdejGsGnBE9deRMpjN4pJLHk= -github.com/swaggo/files/v2 v2.0.1/go.mod h1:24kk2Y9NYEJ5lHuCra6iVwkMjIekMCaFq/0JQj66kyM= +github.com/swaggo/files/v2 v2.0.2 h1:Bq4tgS/yxLB/3nwOMcul5oLEUKa877Ykgz3CJMVbQKU= +github.com/swaggo/files/v2 v2.0.2/go.mod h1:TVqetIzZsO9OhHX1Am9sRf9LdrFZqoK49N37KON/jr0= github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A= github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg= github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0= @@ -221,10 +223,10 @@ go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= -go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= -go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= -go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= -go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= +go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -261,8 +263,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -307,17 +309,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 8421f9fa..01c787c0 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -119,4 +119,7 @@ func init() { runCmd.Flags().String("mail_to", "", "Optional param to send notifications to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_bcc", "", "Optional param to send notifications as blind copy to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_from", "", "The mail from") + runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client") + runCmd.Flags().String("acme_email", "", "Email for the acme client") + runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index d83d14d5..5d97a65f 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -16,7 +16,13 @@ require ( require go.opentelemetry.io/auto/sdk v1.1.0 // indirect require ( - ariga.io/atlas v0.29.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/magiconair/properties v1.8.9 // indirect + github.com/spf13/afero v1.11.0 // indirect +) + +require ( + ariga.io/atlas v0.29.1 // indirect github.com/KyleBanks/depth v1.2.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -25,6 +31,7 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/getkin/kin-openapi v0.128.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-openapi/inflect v0.21.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect @@ -43,11 +50,12 @@ require ( github.com/jackc/pgtype v1.14.4 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/klauspost/compress v1.17.11 // indirect - github.com/labstack/echo/v4 v4.13.2 // indirect + github.com/labstack/echo/v4 v4.13.3 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/miekg/dns v1.1.62 github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -74,41 +82,40 @@ require ( golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect + gopkg.in/yaml.v3 v3.0.1 ) require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - google.golang.org/protobuf v1.36.0 + google.golang.org/protobuf v1.36.1 ) require ( github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 - github.com/magiconair/properties v1.8.9 // indirect + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - google.golang.org/grpc v1.69.0 + google.golang.org/grpc v1.69.2 gopkg.in/ini.v1 v1.67.0 // indirect ) require ( entgo.io/ent v0.14.1 + github.com/go-acme/lego/v4 v4.21.0 github.com/go-co-op/gocron v1.37.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/inconshreveable/mousetrap v1.1.0 // indirect diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index d3fb4630..90748b23 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -1,5 +1,5 @@ -ariga.io/atlas v0.29.0 h1:sXlI6ktGjo0vpBDvStjtgEKwLvjFfveK0vmRRTxyu1E= -ariga.io/atlas v0.29.0/go.mod h1:LOOp18LCL9r+VifvVlJqgYJwYl271rrXD9/wIyzJ8sw= +ariga.io/atlas v0.29.1 h1:7gB8XRFTnJeZ7ZiccNCJqwBtUv3yjFyxRFDMzu0AmRg= +ariga.io/atlas v0.29.1/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= entgo.io/ent v0.14.1 h1:fUERL506Pqr92EPHJqr8EYxbPioflJo6PudkrEA8a/s= entgo.io/ent v0.14.1/go.mod h1:MH6XLG0KXpkcDQhKiHfANZSzR55TJyPL5IGNpI8wpco= @@ -21,6 +21,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0= github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -49,10 +51,14 @@ github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLb github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM= github.com/getsentry/sentry-go v0.30.0 h1:lWUwDnY7sKHaVIoZ9wYqRHJ5iEmoc0pqcRqFkosKzBo= github.com/getsentry/sentry-go v0.30.0/go.mod h1:WU9B9/1/sHDqeV8T+3VwwbjeR5MSXs/6aqG3mqZrezA= +github.com/go-acme/lego/v4 v4.21.0 h1:arEW+8o5p7VI8Bk1kr/PDlgD1DrxtTH1gJ4b7mehL8o= +github.com/go-acme/lego/v4 v4.21.0/go.mod h1:HrSWzm3Ckj45Ie3i+p1zKVobbQoMOaGu9m4up0dUeDI= github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0= github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -100,8 +106,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15 h1:WigNT3oF3UT35Txraj+SfYPcOOrYWW0UHYZn0a7UPAI= github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15/go.mod h1:RzXeZCdNs35GmYG5gsN8wIuSp2sxw+yMT7oCIBjDSGo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -185,8 +191,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -210,6 +216,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= +github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -258,16 +266,17 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= -github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -389,8 +398,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -474,17 +483,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/backend/pki-service/pkg/cfg/sectigo.go b/backend/pki-service/pkg/cfg/sectigo.go index 6252e0d1..c714b0e6 100644 --- a/backend/pki-service/pkg/cfg/sectigo.go +++ b/backend/pki-service/pkg/cfg/sectigo.go @@ -24,6 +24,9 @@ type SectigoConfiguration struct { SslTerm int `mapstructure:"ssl_term"` SmimeKeyLength string `mapstructure:"smime_key_length"` SmimeKeyType string `mapstructure:"smime_key_type"` + AcmeStorage string `mapstructure:"acme_storage"` + AcmeEmail string `mapstructure:"acme_email"` + DnsConfigs string `mapstructure:"dns_configs"` } // CheckSectigoConfiguration checks the sectigo configuration for the syntactical correctness. diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 20cb669e..48992e32 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -2,14 +2,23 @@ package grpc import ( "context" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" "crypto/x509" + "encoding/json" "encoding/pem" "fmt" - "strings" + "os" + "path/filepath" "time" "github.com/TheZeroSlave/zapsentry" "github.com/getsentry/sentry-go" + legoCert "github.com/go-acme/lego/v4/certificate" + "github.com/go-acme/lego/v4/lego" + legoLog "github.com/go-acme/lego/v4/log" + "github.com/hm-edu/pki-service/ent" "github.com/hm-edu/pki-service/ent/certificate" "github.com/hm-edu/pki-service/ent/domain" @@ -19,7 +28,6 @@ import ( pb "github.com/hm-edu/portal-apis" "github.com/hm-edu/portal-common/helper" "github.com/hm-edu/sectigo-client/sectigo" - "github.com/hm-edu/sectigo-client/sectigo/ssl" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" @@ -83,25 +91,25 @@ func (s *sslAPIServer) handleError(msg string, err error, logger *zap.Logger, hu type sslAPIServer struct { pb.UnimplementedSSLServiceServer - client *sectigo.Client - db *ent.Client - cfg *cfg.SectigoConfiguration - logger *zap.Logger + client *sectigo.Client + db *ent.Client + cfg *cfg.SectigoConfiguration + logger *zap.Logger + legoClient *lego.Client last *time.Time duration *time.Duration } func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db *ent.Client) *sslAPIServer { - - instance := &sslAPIServer{client: client, cfg: cfg, logger: zap.L(), db: db} + legoClient := registerAcme(cfg) + instance := &sslAPIServer{client: client, legoClient: legoClient, cfg: cfg, logger: zap.L(), db: db} _ = promauto.NewGaugeFunc(prometheus.GaugeOpts{ Name: "ssl_issue_last_duration", Help: "Required time for last SSL Certificates", }, func() float64 { if instance.duration != nil { return instance.duration.Seconds() - } return 0 }) @@ -118,6 +126,70 @@ func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db * return instance } +func registerAcme(cfg *cfg.SectigoConfiguration) *lego.Client { + accountFile := filepath.Join(cfg.AcmeStorage, "reg.json") + keyFile := filepath.Join(cfg.AcmeStorage, "reg.key") + + var account pkiHelper.User + if ok, _ := pkiHelper.FileExists(accountFile); !ok { + // Actually we would not need a private key but the lego API requires one. + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil + } + + account = pkiHelper.User{ + Key: privateKey, Email: cfg.AcmeEmail, + } + + } else { + data, err := os.ReadFile(accountFile) //#nosec + if err != nil { + return nil + } + err = json.Unmarshal(data, &account) + if err != nil { + return nil + } + account.Key, err = pkiHelper.LoadPrivateKey(keyFile) + if err != nil { + return nil + } + + } + legoCfg := lego.NewConfig(&account) + + legoLog.Logger = pkiHelper.NewZapLogger(zap.L()) + legoCfg.Certificate.Timeout = time.Duration(5) * time.Minute + if account.Registration == nil { + legoClient, err := lego.NewClient(legoCfg) + + if err != nil { + return nil + } + err = pkiHelper.RegisterAcme(legoClient, account, accountFile, keyFile) + if err != nil { + return nil + } + } + + legoClient, err := lego.NewClient(legoCfg) + if err != nil { + zap.L().Fatal("Failed to create lego client", zap.Error(err)) + } + dns, err := pkiHelper.NewDNSProvider(cfg.DnsConfigs) + if err != nil { + zap.L().Fatal("Failed to create DNS provider", zap.Error(err)) + } + + err = legoClient.Challenge.SetDNS01Provider(dns) + if err != nil { + zap.L().Fatal("Failed to set DNS01 provider", zap.Error(err)) + } + + return legoClient +} + func (s *sslAPIServer) CertificateDetails(ctx context.Context, req *pb.CertificateDetailsRequest) (*pb.SslCertificateDetails, error) { x, err := s.db.Certificate.Query().WithDomains().Where(certificate.Serial(req.Serial)).First(ctx) if err != nil { @@ -227,39 +299,15 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq start := time.Now() hub.AddBreadcrumb(&sentry.Breadcrumb{Message: "Requesting certificate", Category: "info", Level: sentry.LevelInfo}, nil) - enrollment, err := s.client.SslService.Enroll(ssl.EnrollmentRequest{ - OrgID: s.cfg.SslOrgID, - Csr: req.Csr, - Term: s.cfg.SslTerm, - CertType: s.cfg.SslProfile, - SubjAltNames: strings.Join(req.SubjectAlternativeNames, ","), - }) - - if err != nil { - return s.handleError("Error while requesting certificate", err, logger, hub) - } - entry, err = s.db.Certificate.UpdateOneID(entry.ID).SetStatus(certificate.StatusRequested).SetSslId(enrollment.SslID).Save(ctx) + entry, err = s.db.Certificate.UpdateOneID(entry.ID).SetStatus(certificate.StatusRequested).Save(ctx) if err != nil { return s.handleError("Error while storing certificate", err, logger, hub) } - cert := "" - err = helper.WaitFor(5*time.Minute, 1*time.Second, func() (bool, error) { - c, err := s.client.SslService.Collect(enrollment.SslID, "x509R") - if err != nil { - if e, ok := err.(*sectigo.ErrorResponse); ok { - if e.Code == 0 && e.Description == "Being processed by Sectigo" { - s.logger.Debug("Certificate not ready", zap.Int("id", enrollment.SslID), zap.Strings("subject_alternative_names", req.SubjectAlternativeNames)) - return false, nil - } - } - return true, err - } - cert = *c - return true, nil - }) + + resp, err := s.legoClient.Certificate.ObtainForCSR(legoCert.ObtainForCSRRequest{CSR: csr, Bundle: true}) if err != nil { - return s.handleError("Error collecting certificate", err, logger, hub) + return s.handleError("Error while obtaining certificate", err, logger) } hub.AddBreadcrumb(&sentry.Breadcrumb{Message: "Certificate collected", Category: "info", Level: sentry.LevelInfo}, nil) stop := time.Now() @@ -267,7 +315,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq s.duration = &duration s.last = &stop - certs, err := pkiHelper.ParseCertificates([]byte(cert)) + certs, err := pkiHelper.ParseCertificates(resp.Certificate) if err != nil { return s.handleError("Error parsing certificate", err, logger, hub) } diff --git a/backend/pki-service/pkg/helper/acme.go b/backend/pki-service/pkg/helper/acme.go new file mode 100644 index 00000000..45461890 --- /dev/null +++ b/backend/pki-service/pkg/helper/acme.go @@ -0,0 +1,100 @@ +package helper + +import ( + "crypto" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "os" + + "github.com/go-acme/lego/v4/certcrypto" + "github.com/go-acme/lego/v4/lego" + "github.com/go-acme/lego/v4/registration" +) + +// User represents an ACME user. +type User struct { + Email string + Registration *registration.Resource + Key crypto.PrivateKey +} + +// GetEmail returns the email of the user. +func (u *User) GetEmail() string { + return u.Email +} + +// GetRegistration returns the registration resource of the user. +func (u User) GetRegistration() *registration.Resource { + return u.Registration +} + +// GetPrivateKey returns the private key of the user. +func (u *User) GetPrivateKey() crypto.PrivateKey { + return u.Key +} + +// RegisterAcme performs a new registration and stores the registration in the given file. +func RegisterAcme(client *lego.Client, account User, accountFile string, keyFile string) error { + reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) + if err != nil { + return err + } + + account.Registration = reg + data, err := json.Marshal(account) + if err != nil { + return err + } + err = os.WriteFile(accountFile, data, 0600) + if err != nil { + return err + } + certOut, err := os.OpenFile(keyFile, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) //#nosec + if err != nil { + return err + } + + defer func(certOut *os.File) { + _ = certOut.Close() + }(certOut) + + pemKey := certcrypto.PEMBlock(account.Key) + err = pem.Encode(certOut, pemKey) + if err != nil { + return err + } + return nil +} + +// FileExists checks whether a file exists. +func FileExists(name string) (bool, error) { + _, err := os.Stat(name) + if err == nil { + return true, nil + } + if errors.Is(err, os.ErrNotExist) { + return false, nil + } + return false, err +} + +// LoadPrivateKey loads a private key from a file. +func LoadPrivateKey(file string) (crypto.PrivateKey, error) { + keyBytes, err := os.ReadFile(file) //#nosec + if err != nil { + return nil, err + } + + keyBlock, _ := pem.Decode(keyBytes) + + switch keyBlock.Type { + case "RSA PRIVATE KEY": + return x509.ParsePKCS1PrivateKey(keyBlock.Bytes) + case "EC PRIVATE KEY": + return x509.ParseECPrivateKey(keyBlock.Bytes) + } + + return nil, errors.New("unknown private key type") +} diff --git a/backend/pki-service/pkg/helper/dns.go b/backend/pki-service/pkg/helper/dns.go new file mode 100644 index 00000000..bcd64d30 --- /dev/null +++ b/backend/pki-service/pkg/helper/dns.go @@ -0,0 +1,179 @@ +package helper + +import ( + "fmt" + "os" + "strings" + "time" + + "github.com/go-acme/lego/v4/challenge/dns01" + portalCommon "github.com/hm-edu/portal-common/helper" + "github.com/miekg/dns" + "gopkg.in/yaml.v3" +) + +const ( + // maximum time DNS client can be off from server for an update to succeed + clockSkew = 300 + + // maximum size of a UDP transport message in DNS protocol + udpMaxMsgSize = 512 +) + +type ProviderConfig struct { + BaseDomain string `yaml:"base_domain"` + ReadNameserver string `yaml:"read_nameserver"` + WriteNameserver string `yaml:"write_nameserver"` + TsigKeyName string `yaml:"tsig_key_name"` + TsigSecret string `yaml:"tsig_secret"` + TsigSecretAlg string `yaml:"tsig_secret_alg"` +} + +type DNSProvider struct { + Configs []*ProviderConfig +} + +func NewDNSProvider(config string) (*DNSProvider, error) { + data, err := os.ReadFile(config) + if err != nil { + fmt.Println("Error reading config file: ", err) + return nil, err + } + + providerConfigs := make([]*ProviderConfig, 0) + err = yaml.Unmarshal(data, &providerConfigs) + + return &DNSProvider{}, nil +} + +// List returns the current list of records. +func (r ProviderConfig) List() ([]dns.RR, error) { + m := new(dns.Msg) + m.SetAxfr(r.BaseDomain) + t := new(dns.Transfer) + t.TsigSecret = map[string]string{r.TsigKeyName: r.TsigSecret} + m.SetTsig(r.TsigKeyName, r.TsigSecretAlg, clockSkew, time.Now().Unix()) + if r.TsigSecretAlg == dns.HmacMD5 { + t.TsigProvider = portalCommon.Md5provider(r.TsigSecret) + } + env, err := t.In(m, r.ReadNameserver) + if err != nil { + return nil, fmt.Errorf("failed to fetch records: %v", err) + } + + records := make([]dns.RR, 0) + for e := range env { + if e.Error != nil { + continue + } + records = append(records, e.RR...) + } + + return records, nil +} + +// Add adds the given records to the zone. +func (r ProviderConfig) Add(entries []dns.RR) error { + m := new(dns.Msg) + m.SetUpdate(r.BaseDomain) + m.Insert(entries) + return r.sendMessage(m) + +} + +// Delete removes the given records from the zone. +func (r ProviderConfig) Delete(entries []dns.RR) error { + m := new(dns.Msg) + m.SetUpdate(r.BaseDomain) + m.Remove(entries) + return r.sendMessage(m) +} + +func (r ProviderConfig) sendMessage(msg *dns.Msg) error { + + c := new(dns.Client) + + c.TsigSecret = map[string]string{r.TsigKeyName: r.TsigSecret} + msg.SetTsig(r.TsigKeyName, r.TsigSecretAlg, clockSkew, time.Now().Unix()) + if r.TsigSecretAlg == dns.HmacMD5 { + c.TsigProvider = portalCommon.Md5provider(r.TsigSecret) + } + if msg.Len() > udpMaxMsgSize { + c.Net = "tcp" + } + + resp, _, err := c.Exchange(msg, r.WriteNameserver) + if err != nil { + if resp != nil && resp.Rcode != dns.RcodeSuccess { + return err + } + } + if resp != nil && resp.Rcode != dns.RcodeSuccess { + return fmt.Errorf("bad return code: %s", dns.RcodeToString[resp.Rcode]) + } + + return nil +} + +func (d *DNSProvider) Present(domain, token, keyAuth string) error { + info := dns01.GetChallengeInfo(domain, keyAuth) + // Get the DNS Provider with the best matching domain + // Check if the currently selected config is more specific than the previous one + matchingConfig, err := d.matchingProvider(info, domain) + if err != nil { + return err + } + + // Use the matching DNS provider to create the TXT record + rr := new(dns.TXT) + rr.Hdr = dns.RR_Header{Name: info.FQDN, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 60} + rr.Txt = []string{info.Value} + + err = matchingConfig.Add([]dns.RR{rr}) + if err != nil { + return fmt.Errorf("error adding TXT record: %v", err) + } + + return nil +} + +func (d *DNSProvider) matchingProvider(info dns01.ChallengeInfo, domain string) (*ProviderConfig, error) { + var matchingConfig *ProviderConfig + matchingConfig = nil + for _, config := range d.Configs { + if strings.HasSuffix(info.EffectiveFQDN, fmt.Sprintf(".%s", config.BaseDomain)) { + if matchingConfig == nil { + matchingConfig = config + continue + } + + if len(strings.Split(config.BaseDomain, ".")) > len(strings.Split(matchingConfig.BaseDomain, ".")) { + matchingConfig = config + } + } + } + + if matchingConfig == nil { + return nil, fmt.Errorf("no matching DNS provider found for domain %s", domain) + } + return matchingConfig, nil +} + +func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { + // clean up any state you created in Present, like removing the TXT record + info := dns01.GetChallengeInfo(domain, keyAuth) + // Get the DNS Provider with the best matching domain + provider, err := d.matchingProvider(info, domain) + if err != nil { + } + rr := new(dns.TXT) + rr.Hdr = dns.RR_Header{Name: info.FQDN, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 60} + rr.Txt = []string{info.Value} + + err = provider.Delete([]dns.RR{rr}) + if err != nil { + return fmt.Errorf("error deleting TXT record: %v", err) + } + + return nil +} diff --git a/backend/pki-service/pkg/helper/zap.go b/backend/pki-service/pkg/helper/zap.go new file mode 100644 index 00000000..5aa0aec7 --- /dev/null +++ b/backend/pki-service/pkg/helper/zap.go @@ -0,0 +1,61 @@ +package helper + +import ( + "fmt" + "strings" + + "go.uber.org/zap" +) + +// ZapLogger wraps a zap.Logger for the lego client. +type ZapLogger struct { + logger *zap.Logger +} + +// NewZapLogger creates a new logger. +func NewZapLogger(logger *zap.Logger) *ZapLogger { + return &ZapLogger{ + logger: logger, + } +} + +// Fatal does logging in fatal level. +func (z *ZapLogger) Fatal(args ...interface{}) { + z.logger.Sugar().Fatal(args...) +} + +// Fatalln is in theory equivalent to Fatal, but followed by a line break. However, for ZAP both functions behave same +func (z *ZapLogger) Fatalln(args ...interface{}) { + z.Fatal(args...) +} + +// Fatalf is equivalent to Fatalln, but with formatting. +func (z *ZapLogger) Fatalf(format string, args ...interface{}) { + z.logger.Sugar().Fatalf(format, args...) +} + +// Print is equivalent to Println, but without the final line break. +func (z *ZapLogger) Print(args ...interface{}) { + msg := strings.TrimSpace(fmt.Sprint(args...)) + if strings.HasPrefix(msg, "[WARN]") { + z.logger.Sugar().Warn(strings.TrimPrefix(msg, "[WARN]")) + } else { + z.logger.Sugar().Info(msg) + } +} + +// Println is in theory equivalent to Print, but followed by a line break. However, for ZAP both functions behave same +func (z *ZapLogger) Println(args ...interface{}) { + z.Print(args...) +} + +// Printf is equivalent to Print, but with formatting. +func (z *ZapLogger) Printf(format string, args ...interface{}) { + msg := strings.TrimSpace(fmt.Sprintf(format, args...)) + if strings.HasPrefix(msg, "[WARN]") { + z.logger.Sugar().Warn(strings.TrimPrefix(msg, "[WARN]")) + } else { + z.logger.Sugar().Info(msg) + } + +} diff --git a/backend/validation-service/go.mod b/backend/validation-service/go.mod index 0e1fe7a5..2fee8616 100644 --- a/backend/validation-service/go.mod +++ b/backend/validation-service/go.mod @@ -23,7 +23,7 @@ require ( github.com/invopop/yaml v0.3.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/klauspost/compress v1.17.11 // indirect - github.com/labstack/echo/v4 v4.13.2 // indirect + github.com/labstack/echo/v4 v4.13.3 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -50,7 +50,7 @@ require ( golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -58,27 +58,27 @@ require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 + github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect go.opentelemetry.io/otel v1.33.0 go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect ) require ( github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/hm-edu/portal-common v0.0.0-20241210123407-8b7f3d70d1e8 + github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/magiconair/properties v1.8.9 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - google.golang.org/grpc v1.69.0 // indirect + google.golang.org/grpc v1.69.2 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/backend/validation-service/go.sum b/backend/validation-service/go.sum index 0fb67168..fbac699c 100644 --- a/backend/validation-service/go.sum +++ b/backend/validation-service/go.sum @@ -46,8 +46,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3 h1:gNVH6aztpfgTd/AKe0S/hhGS11dNKXkYgCJCi1xA+kw= -github.com/hm-edu/portal-apis v0.0.0-20241128063248-b872e0b712f3/go.mod h1:o2FYTwt6w4uXfIoPAFRQpxbOOhGjde0PiGZlErVVyZk= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= +github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15 h1:WigNT3oF3UT35Txraj+SfYPcOOrYWW0UHYZn0a7UPAI= github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15/go.mod h1:RzXeZCdNs35GmYG5gsN8wIuSp2sxw+yMT7oCIBjDSGo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -68,8 +68,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.2 h1:9aAt4hstpH54qIcqkuUXRLTf+v7yOTfMPWzDtuqLmtA= -github.com/labstack/echo/v4 v4.13.2/go.mod h1:uc9gDtHB8UWt3FfbYx0HyxcCuvR4YuPYOxF/1QjoV/c= +github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= +github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= @@ -118,8 +118,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -164,8 +164,8 @@ golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/ golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -179,12 +179,12 @@ golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 34d5d2e883c21762cbcea875f0090d8659c97671 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Fri, 15 Nov 2024 07:43:41 +0100 Subject: [PATCH 02/24] feat: custom validations --- backend/pki-service/pkg/grpc/ssl.go | 4 +- backend/pki-service/pkg/helper/dns.go | 40 +++++--- .../pkg/helper/precheck/validation.go | 91 +++++++++++++++++++ 3 files changed, 121 insertions(+), 14 deletions(-) create mode 100644 backend/pki-service/pkg/helper/precheck/validation.go diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 48992e32..6da03465 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -16,6 +16,7 @@ import ( "github.com/TheZeroSlave/zapsentry" "github.com/getsentry/sentry-go" legoCert "github.com/go-acme/lego/v4/certificate" + "github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/lego" legoLog "github.com/go-acme/lego/v4/log" @@ -25,6 +26,7 @@ import ( "github.com/hm-edu/pki-service/ent/predicate" "github.com/hm-edu/pki-service/pkg/cfg" pkiHelper "github.com/hm-edu/pki-service/pkg/helper" + "github.com/hm-edu/pki-service/pkg/helper/precheck" pb "github.com/hm-edu/portal-apis" "github.com/hm-edu/portal-common/helper" "github.com/hm-edu/sectigo-client/sectigo" @@ -182,7 +184,7 @@ func registerAcme(cfg *cfg.SectigoConfiguration) *lego.Client { zap.L().Fatal("Failed to create DNS provider", zap.Error(err)) } - err = legoClient.Challenge.SetDNS01Provider(dns) + err = legoClient.Challenge.SetDNS01Provider(dns, dns01.WrapPreCheck(precheck.CheckDNS)) if err != nil { zap.L().Fatal("Failed to set DNS01 provider", zap.Error(err)) } diff --git a/backend/pki-service/pkg/helper/dns.go b/backend/pki-service/pkg/helper/dns.go index bcd64d30..4e0331bb 100644 --- a/backend/pki-service/pkg/helper/dns.go +++ b/backend/pki-service/pkg/helper/dns.go @@ -9,6 +9,7 @@ import ( "github.com/go-acme/lego/v4/challenge/dns01" portalCommon "github.com/hm-edu/portal-common/helper" "github.com/miekg/dns" + "go.uber.org/zap" "gopkg.in/yaml.v3" ) @@ -43,7 +44,14 @@ func NewDNSProvider(config string) (*DNSProvider, error) { providerConfigs := make([]*ProviderConfig, 0) err = yaml.Unmarshal(data, &providerConfigs) - return &DNSProvider{}, nil + if err != nil { + fmt.Println("Error unmarshalling config file: ", err) + return nil, err + } + + return &DNSProvider{ + Configs: providerConfigs, + }, nil } // List returns the current list of records. @@ -101,17 +109,16 @@ func (r ProviderConfig) sendMessage(msg *dns.Msg) error { if msg.Len() > udpMaxMsgSize { c.Net = "tcp" } - resp, _, err := c.Exchange(msg, r.WriteNameserver) + if resp == nil { + return fmt.Errorf("no response received") + } if err != nil { - if resp != nil && resp.Rcode != dns.RcodeSuccess { - return err - } + return err } - if resp != nil && resp.Rcode != dns.RcodeSuccess { + if resp.Rcode != dns.RcodeSuccess { return fmt.Errorf("bad return code: %s", dns.RcodeToString[resp.Rcode]) } - return nil } @@ -119,10 +126,11 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { info := dns01.GetChallengeInfo(domain, keyAuth) // Get the DNS Provider with the best matching domain // Check if the currently selected config is more specific than the previous one - matchingConfig, err := d.matchingProvider(info, domain) + matchingConfig, err := d.matchingProvider(info) if err != nil { return err } + zap.L().Info("Using DNS provider for domain", zap.String("provider", matchingConfig.BaseDomain)) // Use the matching DNS provider to create the TXT record rr := new(dns.TXT) @@ -133,15 +141,18 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error { if err != nil { return fmt.Errorf("error adding TXT record: %v", err) } - + zap.L().Info("Successfully added TXT record", zap.String("fqdn", info.FQDN)) return nil } -func (d *DNSProvider) matchingProvider(info dns01.ChallengeInfo, domain string) (*ProviderConfig, error) { +func (d *DNSProvider) matchingProvider(info dns01.ChallengeInfo) (*ProviderConfig, error) { var matchingConfig *ProviderConfig matchingConfig = nil + log := zap.L() + log.Info("Searching for DNS provider for domain", zap.String("fqdn", info.FQDN)) for _, config := range d.Configs { - if strings.HasSuffix(info.EffectiveFQDN, fmt.Sprintf(".%s", config.BaseDomain)) { + + if strings.HasSuffix(dns.Fqdn(info.FQDN), fmt.Sprintf(".%s", dns.Fqdn(config.BaseDomain))) { if matchingConfig == nil { matchingConfig = config continue @@ -150,11 +161,13 @@ func (d *DNSProvider) matchingProvider(info dns01.ChallengeInfo, domain string) if len(strings.Split(config.BaseDomain, ".")) > len(strings.Split(matchingConfig.BaseDomain, ".")) { matchingConfig = config } + } else { + log.Info("Domain does not match", zap.String("fqdn", info.FQDN), zap.String("provider", config.BaseDomain)) } } if matchingConfig == nil { - return nil, fmt.Errorf("no matching DNS provider found for domain %s", domain) + return nil, fmt.Errorf("no matching DNS provider found for domain %s", info.FQDN) } return matchingConfig, nil } @@ -163,8 +176,9 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { // clean up any state you created in Present, like removing the TXT record info := dns01.GetChallengeInfo(domain, keyAuth) // Get the DNS Provider with the best matching domain - provider, err := d.matchingProvider(info, domain) + provider, err := d.matchingProvider(info) if err != nil { + return err } rr := new(dns.TXT) rr.Hdr = dns.RR_Header{Name: info.FQDN, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 60} diff --git a/backend/pki-service/pkg/helper/precheck/validation.go b/backend/pki-service/pkg/helper/precheck/validation.go new file mode 100644 index 00000000..5fa5ce54 --- /dev/null +++ b/backend/pki-service/pkg/helper/precheck/validation.go @@ -0,0 +1,91 @@ +package precheck + +import ( + "fmt" + "net" + "time" + + "github.com/go-acme/lego/v4/challenge/dns01" + "github.com/miekg/dns" + "go.uber.org/zap" +) + +func CheckDNS(domain, fqdn, value string, _ dns01.PreCheckFunc) (bool, error) { + for _, ns := range []string{"1.1.1.1", "8.8.8.8"} { + data, err := LookupTxt(fqdn, ns) + if err != nil { + return false, err + } + found := false + for _, txt := range data { + if txt == value { + found = true + continue + } + } + if !found { + return false, fmt.Errorf("TXT record not found") + } + } + zap.L().Sugar().Infof("TXT record found for %s", fqdn) + return true, nil +} + +var timeouts = []time.Duration{(time.Second * 1), (time.Second * 1), (time.Second * 2), (time.Second * 4), (time.Second * 2)} + +func ResolveWithTimeout(name, resolver string, qtype, qclass uint16) (*dns.Msg, error) { + client := new(dns.Client) + msg := &dns.Msg{ + MsgHdr: dns.MsgHdr{ + Id: dns.Id(), + RecursionDesired: true, + }, + Question: []dns.Question{{Name: dns.Fqdn(name), Qtype: qtype, Qclass: qclass}}, + } + msg.AuthenticatedData = true + msg.SetEdns0(4096, true) + + for i := 0; i < len(timeouts); i++ { + + client.Timeout = timeouts[i] + resp, _, err := client.Exchange(msg, fmt.Sprintf("%s:53", resolver)) + if err == nil && resp.Truncated { + tcpConn, _ := dns.Dial("tcp", fmt.Sprintf("%s:53", resolver)) + resp, _, err = client.ExchangeWithConn(msg, tcpConn) + } + if err != nil { + if err, ok := err.(net.Error); ok && err.Timeout() { + zap.L().Sugar().Warnf("Timeout querying %s records '%s' after %v", dns.TypeToString[qtype], name, timeouts[i]) + continue + } + return nil, err + } + + return resp, nil + + } + return nil, &net.DNSError{ + Name: name, + Err: "Final timeout.", + IsTimeout: true, + } +} + +func LookupTxt(name, resolver string) ([]string, error) { + zap.L().Sugar().Infof("Using custom resolver %s for lookup of %s", resolver, name) + resp, err := ResolveWithTimeout(name, resolver, dns.TypeTXT, dns.ClassINET) + if err != nil { + zap.L().Sugar().Warnf("Failed to lookup %s: %v", name, err) + return nil, err + } + data := []string{} + + // Check if TXT records are present + for _, answer := range resp.Answer { + if txt, ok := answer.(*dns.TXT); ok { + zap.L().Sugar().Infof("Resolved TXT records for %s: %s", name, txt.Txt) + data = append(data, txt.Txt...) + } + } + return data, nil +} From 55bb42ad1a1c900304ae8f03d044c2a463a6af55 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Fri, 15 Nov 2024 08:34:01 +0100 Subject: [PATCH 03/24] feat: permitting setting tcp explicit --- backend/pki-service/pkg/helper/dns.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/pki-service/pkg/helper/dns.go b/backend/pki-service/pkg/helper/dns.go index 4e0331bb..a7dd6be8 100644 --- a/backend/pki-service/pkg/helper/dns.go +++ b/backend/pki-service/pkg/helper/dns.go @@ -28,6 +28,7 @@ type ProviderConfig struct { TsigKeyName string `yaml:"tsig_key_name"` TsigSecret string `yaml:"tsig_secret"` TsigSecretAlg string `yaml:"tsig_secret_alg"` + Net string `yaml:"net"` } type DNSProvider struct { @@ -106,7 +107,7 @@ func (r ProviderConfig) sendMessage(msg *dns.Msg) error { if r.TsigSecretAlg == dns.HmacMD5 { c.TsigProvider = portalCommon.Md5provider(r.TsigSecret) } - if msg.Len() > udpMaxMsgSize { + if msg.Len() > udpMaxMsgSize || r.Net == "tcp" { c.Net = "tcp" } resp, _, err := c.Exchange(msg, r.WriteNameserver) From 3c9a6184201e5ddf0066ece417a6606866c79fab Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Fri, 15 Nov 2024 11:42:23 +0100 Subject: [PATCH 04/24] feat: better logging --- backend/pki-service/pkg/helper/zap.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/backend/pki-service/pkg/helper/zap.go b/backend/pki-service/pkg/helper/zap.go index 5aa0aec7..0a678455 100644 --- a/backend/pki-service/pkg/helper/zap.go +++ b/backend/pki-service/pkg/helper/zap.go @@ -14,6 +14,7 @@ type ZapLogger struct { // NewZapLogger creates a new logger. func NewZapLogger(logger *zap.Logger) *ZapLogger { + logger = logger.WithOptions(zap.AddCallerSkip(3)) return &ZapLogger{ logger: logger, } @@ -38,7 +39,9 @@ func (z *ZapLogger) Fatalf(format string, args ...interface{}) { func (z *ZapLogger) Print(args ...interface{}) { msg := strings.TrimSpace(fmt.Sprint(args...)) if strings.HasPrefix(msg, "[WARN]") { - z.logger.Sugar().Warn(strings.TrimPrefix(msg, "[WARN]")) + z.logger.Sugar().Warn(strings.TrimSpace(strings.TrimPrefix(msg, "[WARN]"))) + } else if strings.HasPrefix(msg, "[INFO]") { + z.logger.Sugar().Info(strings.TrimSpace(strings.TrimPrefix(msg, "[INFO]"))) } else { z.logger.Sugar().Info(msg) } @@ -53,7 +56,9 @@ func (z *ZapLogger) Println(args ...interface{}) { func (z *ZapLogger) Printf(format string, args ...interface{}) { msg := strings.TrimSpace(fmt.Sprintf(format, args...)) if strings.HasPrefix(msg, "[WARN]") { - z.logger.Sugar().Warn(strings.TrimPrefix(msg, "[WARN]")) + z.logger.Sugar().Warn(strings.TrimSpace(strings.TrimPrefix(msg, "[WARN]"))) + } else if strings.HasPrefix(msg, "[INFO]") { + z.logger.Sugar().Info(strings.TrimSpace(strings.TrimPrefix(msg, "[INFO]"))) } else { z.logger.Sugar().Info(msg) } From a3c92e58507ea25a46935b06f74d7ded28f8dbed Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 21 Nov 2024 08:04:56 +0100 Subject: [PATCH 05/24] feat: start adding commands for zerossl --- backend/pki-service/pkg/grpc/ssl.go | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 6da03465..090a98fc 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -292,6 +292,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq SetCommonName(sans[0]). SetIssuedBy(req.Issuer). SetSource(req.Source). + SetCa("zerossl"). AddDomainIDs(ids...). Save(ctx) From 1a7d1b0ae165a8e000c9ef9890bbba93c4e3abc7 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 21 Nov 2024 09:14:01 +0100 Subject: [PATCH 06/24] feat: rename backend classes --- backend/pki-service/cmd/run.go | 4 +++- backend/pki-service/cmd/sync.go | 2 +- backend/pki-service/pkg/cfg/sectigo.go | 8 +++++--- backend/pki-service/pkg/grpc/server.go | 4 ++-- backend/pki-service/pkg/grpc/smime.go | 4 ++-- backend/pki-service/pkg/grpc/ssl.go | 10 ++++++---- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 01c787c0..db05a369 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -31,7 +31,7 @@ var runCmd = &cobra.Command{ } // load Sectigo config - var sectigoCfg cfg.SectigoConfiguration + var sectigoCfg cfg.PKIConfiguration if err := viper.Unmarshal(§igoCfg); err != nil { logger.Panic("config unmarshal failed", zap.Error(err)) } @@ -121,5 +121,7 @@ func init() { runCmd.Flags().String("mail_from", "", "The mail from") runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client") runCmd.Flags().String("acme_email", "", "Email for the acme client") + runCmd.Flags().String("acme_eab", "", "EAB for the acme client") + runCmd.Flags().String("acme_key", "", "Key for the acme client") runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/cmd/sync.go b/backend/pki-service/cmd/sync.go index 21c078cf..6fed0c80 100644 --- a/backend/pki-service/cmd/sync.go +++ b/backend/pki-service/cmd/sync.go @@ -25,7 +25,7 @@ var syncCmd = &cobra.Command{ defer deferFunc(logger) // load HTTP server config - var sectigoCfg cfg.SectigoConfiguration + var sectigoCfg cfg.PKIConfiguration if err := viper.Unmarshal(§igoCfg); err != nil { logger.Panic("config unmarshal failed", zap.Error(err)) } diff --git a/backend/pki-service/pkg/cfg/sectigo.go b/backend/pki-service/pkg/cfg/sectigo.go index c714b0e6..d1aa9b05 100644 --- a/backend/pki-service/pkg/cfg/sectigo.go +++ b/backend/pki-service/pkg/cfg/sectigo.go @@ -9,8 +9,8 @@ import ( "go.uber.org/zap" ) -// SectigoConfiguration handles different configuration properties for the sectigo client -type SectigoConfiguration struct { +// PKIConfiguration handles different configuration properties for the sectigo client +type PKIConfiguration struct { User string `mapstructure:"sectigo_user"` Password string `mapstructure:"sectigo_password"` CustomerURI string `mapstructure:"sectigo_customeruri"` @@ -26,11 +26,13 @@ type SectigoConfiguration struct { SmimeKeyType string `mapstructure:"smime_key_type"` AcmeStorage string `mapstructure:"acme_storage"` AcmeEmail string `mapstructure:"acme_email"` + AcmeEab string `mapstructure:"acme_eab"` + AcmeKey string `mapstructure:"acme_key"` DnsConfigs string `mapstructure:"dns_configs"` } // CheckSectigoConfiguration checks the sectigo configuration for the syntactical correctness. -func (cfg *SectigoConfiguration) CheckSectigoConfiguration() { +func (cfg *PKIConfiguration) CheckSectigoConfiguration() { logger := zap.L() diff --git a/backend/pki-service/pkg/grpc/server.go b/backend/pki-service/pkg/grpc/server.go index 594b81e2..7936686b 100644 --- a/backend/pki-service/pkg/grpc/server.go +++ b/backend/pki-service/pkg/grpc/server.go @@ -29,7 +29,7 @@ import ( type Server struct { logger *zap.Logger config *Config - sectigoCfg *cfg.SectigoConfiguration + sectigoCfg *cfg.PKIConfiguration db *ent.Client } @@ -41,7 +41,7 @@ type Config struct { } // NewServer creates a new GRPC server -func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.SectigoConfiguration, db *ent.Client) (*Server, error) { +func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.PKIConfiguration, db *ent.Client) (*Server, error) { srv := &Server{ logger: logger, sectigoCfg: sectigoCfg, diff --git a/backend/pki-service/pkg/grpc/smime.go b/backend/pki-service/pkg/grpc/smime.go index 8bac6953..10a258a3 100644 --- a/backend/pki-service/pkg/grpc/smime.go +++ b/backend/pki-service/pkg/grpc/smime.go @@ -27,11 +27,11 @@ import ( type smimeAPIServer struct { pb.UnimplementedSmimeServiceServer client *sectigo.Client - cfg *cfg.SectigoConfiguration + cfg *cfg.PKIConfiguration logger *zap.Logger } -func newSmimeAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration) *smimeAPIServer { +func newSmimeAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration) *smimeAPIServer { return &smimeAPIServer{client: client, cfg: cfg, logger: zap.L()} } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 090a98fc..3961de49 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -95,7 +95,7 @@ type sslAPIServer struct { pb.UnimplementedSSLServiceServer client *sectigo.Client db *ent.Client - cfg *cfg.SectigoConfiguration + cfg *cfg.PKIConfiguration logger *zap.Logger legoClient *lego.Client @@ -103,7 +103,8 @@ type sslAPIServer struct { duration *time.Duration } -func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db *ent.Client) *sslAPIServer { +func newSslAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration, db *ent.Client) *sslAPIServer { + legoClient := registerAcme(cfg) instance := &sslAPIServer{client: client, legoClient: legoClient, cfg: cfg, logger: zap.L(), db: db} _ = promauto.NewGaugeFunc(prometheus.GaugeOpts{ @@ -112,6 +113,7 @@ func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db * }, func() float64 { if instance.duration != nil { return instance.duration.Seconds() + } return 0 }) @@ -128,7 +130,7 @@ func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db * return instance } -func registerAcme(cfg *cfg.SectigoConfiguration) *lego.Client { +func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client { accountFile := filepath.Join(cfg.AcmeStorage, "reg.json") keyFile := filepath.Join(cfg.AcmeStorage, "reg.key") @@ -310,7 +312,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq resp, err := s.legoClient.Certificate.ObtainForCSR(legoCert.ObtainForCSRRequest{CSR: csr, Bundle: true}) if err != nil { - return s.handleError("Error while obtaining certificate", err, logger) + return s.handleError("Error while obtaining certificate", err, logger, hub) } hub.AddBreadcrumb(&sentry.Breadcrumb{Message: "Certificate collected", Category: "info", Level: sentry.LevelInfo}, nil) stop := time.Now() From 3a8ab44a52c2bd626ac48e112d2910b70a60f384 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 21 Nov 2024 10:31:25 +0100 Subject: [PATCH 07/24] handle eab kid and hmac --- backend/pki-service/cmd/run.go | 4 ++-- backend/pki-service/pkg/cfg/sectigo.go | 4 ++-- backend/pki-service/pkg/grpc/ssl.go | 2 +- backend/pki-service/pkg/helper/acme.go | 10 ++++++++-- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index db05a369..aa947dd2 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -121,7 +121,7 @@ func init() { runCmd.Flags().String("mail_from", "", "The mail from") runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client") runCmd.Flags().String("acme_email", "", "Email for the acme client") - runCmd.Flags().String("acme_eab", "", "EAB for the acme client") - runCmd.Flags().String("acme_key", "", "Key for the acme client") + runCmd.Flags().String("acme_hmac", "", "EAB HMAC for the acme client") + runCmd.Flags().String("acme_kid", "", "Key ID for the acme client") runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/pkg/cfg/sectigo.go b/backend/pki-service/pkg/cfg/sectigo.go index d1aa9b05..ec4705cf 100644 --- a/backend/pki-service/pkg/cfg/sectigo.go +++ b/backend/pki-service/pkg/cfg/sectigo.go @@ -26,8 +26,8 @@ type PKIConfiguration struct { SmimeKeyType string `mapstructure:"smime_key_type"` AcmeStorage string `mapstructure:"acme_storage"` AcmeEmail string `mapstructure:"acme_email"` - AcmeEab string `mapstructure:"acme_eab"` - AcmeKey string `mapstructure:"acme_key"` + AcmeKid string `mapstructure:"acme_kid"` + AcmeHmac string `mapstructure:"acme_hmac"` DnsConfigs string `mapstructure:"dns_configs"` } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 3961de49..ca078464 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -171,7 +171,7 @@ func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client { if err != nil { return nil } - err = pkiHelper.RegisterAcme(legoClient, account, accountFile, keyFile) + err = pkiHelper.RegisterAcme(legoClient, cfg, account, accountFile, keyFile) if err != nil { return nil } diff --git a/backend/pki-service/pkg/helper/acme.go b/backend/pki-service/pkg/helper/acme.go index 45461890..bd734629 100644 --- a/backend/pki-service/pkg/helper/acme.go +++ b/backend/pki-service/pkg/helper/acme.go @@ -11,6 +11,7 @@ import ( "github.com/go-acme/lego/v4/certcrypto" "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/registration" + "github.com/hm-edu/pki-service/pkg/cfg" ) // User represents an ACME user. @@ -36,8 +37,13 @@ func (u *User) GetPrivateKey() crypto.PrivateKey { } // RegisterAcme performs a new registration and stores the registration in the given file. -func RegisterAcme(client *lego.Client, account User, accountFile string, keyFile string) error { - reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) +func RegisterAcme(client *lego.Client, config *cfg.PKIConfiguration, account User, accountFile string, keyFile string) error { + reg, err := client.Registration.RegisterWithExternalAccountBinding( + registration.RegisterEABOptions{ + TermsOfServiceAgreed: true, + Kid: config.AcmeKid, + HmacEncoded: config.AcmeHmac, + }) if err != nil { return err } From 4e6db8b60f9d57c9faf9238a66a56a16fb9e5705 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 28 Nov 2024 07:54:25 +0100 Subject: [PATCH 08/24] feat: add ca information --- backend/pki-rest-interface/pkg/api/docs/docs.go | 10 ++++++++++ backend/pki-service/go.mod | 1 + backend/pki-service/go.sum | 4 ++-- backend/pki-service/pkg/grpc/ssl.go | 5 +++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/backend/pki-rest-interface/pkg/api/docs/docs.go b/backend/pki-rest-interface/pkg/api/docs/docs.go index 889eb3bf..c896c1e9 100644 --- a/backend/pki-rest-interface/pkg/api/docs/docs.go +++ b/backend/pki-rest-interface/pkg/api/docs/docs.go @@ -39,6 +39,13 @@ const docTemplate = `{ "SMIME" ], "summary": "SMIME List Endpoint", + "parameters": [ + { + "type": "string", + "name": "email", + "in": "query" + } + ], "responses": { "200": { "description": "certificates", @@ -399,6 +406,9 @@ const docTemplate = `{ "portal_apis.SslCertificateDetails": { "type": "object", "properties": { + "ca": { + "type": "string" + }, "common_name": { "type": "string" }, diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index 5d97a65f..f4db01ce 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -93,6 +93,7 @@ require ( github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect google.golang.org/protobuf v1.36.1 diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 90748b23..23d00a98 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -325,8 +325,8 @@ go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= -go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= -go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= +go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index ca078464..69a759fa 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -60,6 +60,10 @@ func mapCertificate(x *ent.Certificate) *pb.SslCertificateDetails { if x.Source != nil { source = *x.Source } + ca := "" + if x.Ca != nil { + ca = *x.Ca + } return &pb.SslCertificateDetails{ Id: int32(x.SslId), DbId: int32(x.ID), @@ -72,6 +76,7 @@ func mapCertificate(x *ent.Certificate) *pb.SslCertificateDetails { Source: source, IssuedBy: issuedBy, Created: created, + Ca: ca, } } From a90a85a93d5af4a581e4edab7eda0381927d1539 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Mon, 16 Dec 2024 07:50:41 +0100 Subject: [PATCH 09/24] feat: prepare using any other acme service --- backend/pki-service/cmd/run.go | 9 +++++---- backend/pki-service/pkg/cfg/{sectigo.go => pki.go} | 1 + backend/pki-service/pkg/grpc/ssl.go | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) rename backend/pki-service/pkg/cfg/{sectigo.go => pki.go} (97%) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index aa947dd2..e909a7b1 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -31,8 +31,8 @@ var runCmd = &cobra.Command{ } // load Sectigo config - var sectigoCfg cfg.PKIConfiguration - if err := viper.Unmarshal(§igoCfg); err != nil { + var pkiCfg cfg.PKIConfiguration + if err := viper.Unmarshal(&pkiCfg); err != nil { logger.Panic("config unmarshal failed", zap.Error(err)) } @@ -46,7 +46,7 @@ var runCmd = &cobra.Command{ stopCh := signals.SetupSignalHandler() - sectigoCfg.CheckSectigoConfiguration() + pkiCfg.CheckSectigoConfiguration() database.ConnectDb(logger, viper.GetString("db")) @@ -86,7 +86,7 @@ var runCmd = &cobra.Command{ s.StartAsync() // start gRPC server if grpcCfg.Port > 0 { - grpcSrv, _ := grpc.NewServer(&grpcCfg, logger, §igoCfg, database.DB.Db) + grpcSrv, _ := grpc.NewServer(&grpcCfg, logger, &pkiCfg, database.DB.Db) grpcSrv.ListenAndServe(stopCh) } }, @@ -123,5 +123,6 @@ func init() { runCmd.Flags().String("acme_email", "", "Email for the acme client") runCmd.Flags().String("acme_hmac", "", "EAB HMAC for the acme client") runCmd.Flags().String("acme_kid", "", "Key ID for the acme client") + runCmd.Flags().String("acme_server", "", "Server for the acme client") runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/pkg/cfg/sectigo.go b/backend/pki-service/pkg/cfg/pki.go similarity index 97% rename from backend/pki-service/pkg/cfg/sectigo.go rename to backend/pki-service/pkg/cfg/pki.go index ec4705cf..0dd660c6 100644 --- a/backend/pki-service/pkg/cfg/sectigo.go +++ b/backend/pki-service/pkg/cfg/pki.go @@ -28,6 +28,7 @@ type PKIConfiguration struct { AcmeEmail string `mapstructure:"acme_email"` AcmeKid string `mapstructure:"acme_kid"` AcmeHmac string `mapstructure:"acme_hmac"` + AcmeServer string `mapstructure:"acme_server"` DnsConfigs string `mapstructure:"dns_configs"` } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 69a759fa..1c8ec2ec 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -167,7 +167,7 @@ func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client { } legoCfg := lego.NewConfig(&account) - + legoCfg.CADirURL = cfg.AcmeServer legoLog.Logger = pkiHelper.NewZapLogger(zap.L()) legoCfg.Certificate.Timeout = time.Duration(5) * time.Minute if account.Registration == nil { From 5021b7d8653cfcd43fe6071d9c03cfedc560d03b Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 2 Jan 2025 10:58:52 +0100 Subject: [PATCH 10/24] feat: use harica instead of acme --- backend/common/api/grpc.go | 3 +- backend/common/go.mod | 7 +- backend/common/go.sum | 3 - backend/dns-service/go.mod | 5 - backend/dns-service/go.sum | 3 - backend/dns-service/pkg/grpc/server.go | 3 +- backend/domain-rest-interface/go.mod | 5 - backend/domain-rest-interface/go.sum | 3 - .../domain-rest-interface/pkg/grpc/server.go | 3 +- backend/eab-rest-interface/go.mod | 7 - backend/eab-rest-interface/go.sum | 1 - backend/eab-rest-interface/pkg/grpc/server.go | 3 +- .../pki-rest-interface/pkg/api/docs/docs.go | 3 + backend/pki-service/cmd/run.go | 20 -- backend/pki-service/cmd/sync.go | 59 ------ backend/pki-service/ent/certificate.go | 13 +- .../ent/certificate/certificate.go | 8 + backend/pki-service/ent/certificate/where.go | 80 ++++++++ backend/pki-service/ent/certificate_create.go | 78 +++++++ backend/pki-service/ent/certificate_update.go | 52 +++++ backend/pki-service/ent/migrate/schema.go | 1 + backend/pki-service/ent/mutation.go | 75 ++++++- backend/pki-service/ent/runtime/runtime.go | 2 +- backend/pki-service/ent/schema/certificate.go | 1 + backend/pki-service/go.mod | 30 +-- backend/pki-service/go.sum | 31 ++- backend/pki-service/pkg/cfg/pki.go | 67 +----- backend/pki-service/pkg/grpc/server.go | 30 ++- backend/pki-service/pkg/grpc/smime.go | 156 +------------- backend/pki-service/pkg/grpc/ssl.go | 165 ++++++--------- backend/pki-service/pkg/helper/acme.go | 106 ---------- backend/pki-service/pkg/helper/dns.go | 194 ------------------ .../pkg/helper/precheck/validation.go | 91 -------- backend/pki-service/pkg/worker/syncer.go | 119 ----------- backend/validation-service/go.mod | 1 - backend/validation-service/go.sum | 2 - 36 files changed, 435 insertions(+), 995 deletions(-) delete mode 100644 backend/pki-service/cmd/sync.go delete mode 100644 backend/pki-service/pkg/helper/acme.go delete mode 100644 backend/pki-service/pkg/helper/dns.go delete mode 100644 backend/pki-service/pkg/helper/precheck/validation.go delete mode 100644 backend/pki-service/pkg/worker/syncer.go diff --git a/backend/common/api/grpc.go b/backend/common/api/grpc.go index 4b92146b..a9a0b517 100644 --- a/backend/common/api/grpc.go +++ b/backend/common/api/grpc.go @@ -8,7 +8,6 @@ import ( "github.com/joho/godotenv" "github.com/spf13/cobra" "github.com/spf13/viper" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "go.uber.org/zap" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" @@ -40,7 +39,7 @@ func PrepareEnv(cmd *cobra.Command) (*zap.Logger, func(*zap.Logger), *viper.Vipe // ConnectGRPC connects to the GRPC server. func ConnectGRPC(host string, options ...grpc.DialOption) (*grpc.ClientConn, error) { - options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithStatsHandler(otelgrpc.NewClientHandler())) + options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials())) conn, err := grpc.NewClient(host, options...) if err != nil { return nil, err diff --git a/backend/common/go.mod b/backend/common/go.mod index 3c0a09c7..88479cf3 100644 --- a/backend/common/go.mod +++ b/backend/common/go.mod @@ -14,7 +14,6 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.10.0 github.com/swaggo/swag v1.16.4 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 ) require ( @@ -26,7 +25,6 @@ require ( github.com/sagikazarmark/locafero v0.6.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect - go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/sync v0.10.0 // indirect @@ -39,8 +37,6 @@ require ( github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/gabriel-vasile/mimetype v1.4.7 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/spec v0.21.0 // indirect @@ -70,13 +66,12 @@ require ( github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/rogpeppe/go-internal v1.13.1 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.7.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/otel/metric v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.33.0 // indirect diff --git a/backend/common/go.sum b/backend/common/go.sum index 0cf6dece..f1cafd63 100644 --- a/backend/common/go.sum +++ b/backend/common/go.sum @@ -25,7 +25,6 @@ github.com/getsentry/sentry-go v0.30.0 h1:lWUwDnY7sKHaVIoZ9wYqRHJ5iEmoc0pqcRqFko github.com/getsentry/sentry-go v0.30.0/go.mod h1:WU9B9/1/sHDqeV8T+3VwwbjeR5MSXs/6aqG3mqZrezA= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -167,8 +166,6 @@ github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQ github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= diff --git a/backend/dns-service/go.mod b/backend/dns-service/go.mod index 32da642b..3b7e0ac6 100644 --- a/backend/dns-service/go.mod +++ b/backend/dns-service/go.mod @@ -37,7 +37,6 @@ require ( github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/swaggo/swag v1.16.4 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/sync v0.10.0 // indirect @@ -49,8 +48,6 @@ require ( require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/fsnotify/fsnotify v1.8.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 @@ -65,8 +62,6 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 - go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/backend/dns-service/go.sum b/backend/dns-service/go.sum index 23c5e4d2..b2cef528 100644 --- a/backend/dns-service/go.sum +++ b/backend/dns-service/go.sum @@ -33,7 +33,6 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -176,8 +175,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= diff --git a/backend/dns-service/pkg/grpc/server.go b/backend/dns-service/pkg/grpc/server.go index 2d35e8ea..79cbad30 100644 --- a/backend/dns-service/pkg/grpc/server.go +++ b/backend/dns-service/pkg/grpc/server.go @@ -6,7 +6,6 @@ import ( "github.com/hm-edu/dns-service/pkg/core" pb "github.com/hm-edu/portal-apis" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" @@ -52,7 +51,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) { if err != nil { s.logger.Fatal("failed to listen", zap.Int("port", s.config.Port)) } - srv := grpc.NewServer(grpc.StatsHandler(otelgrpc.NewServerHandler()), + srv := grpc.NewServer( grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(grpc_recovery.UnaryServerInterceptor(), grpc_zap.UnaryServerInterceptor(s.logger))), grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(grpc_recovery.StreamServerInterceptor(), grpc_zap.StreamServerInterceptor(s.logger)))) diff --git a/backend/domain-rest-interface/go.mod b/backend/domain-rest-interface/go.mod index d9f823bc..a9381551 100644 --- a/backend/domain-rest-interface/go.mod +++ b/backend/domain-rest-interface/go.mod @@ -5,15 +5,12 @@ go 1.23.0 require ( github.com/getkin/kin-openapi v0.128.0 github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 - go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 google.golang.org/grpc v1.69.2 ) require ( github.com/fsnotify/fsnotify v1.8.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/joho/godotenv v1.5.1 // indirect github.com/magiconair/properties v1.8.9 // indirect @@ -22,7 +19,6 @@ require ( github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 gopkg.in/ini.v1 v1.67.0 // indirect ) @@ -97,7 +93,6 @@ require ( github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/swaggo/files/v2 v2.0.2 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/otel/metric v1.33.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/sync v0.10.0 // indirect diff --git a/backend/domain-rest-interface/go.sum b/backend/domain-rest-interface/go.sum index 97b55a8e..8b9917ec 100644 --- a/backend/domain-rest-interface/go.sum +++ b/backend/domain-rest-interface/go.sum @@ -58,7 +58,6 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -331,8 +330,6 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmB github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= diff --git a/backend/domain-rest-interface/pkg/grpc/server.go b/backend/domain-rest-interface/pkg/grpc/server.go index ee692a59..9e7975f1 100644 --- a/backend/domain-rest-interface/pkg/grpc/server.go +++ b/backend/domain-rest-interface/pkg/grpc/server.go @@ -10,7 +10,6 @@ import ( grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" grpc_recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery" grpc_sentry "github.com/johnbellone/grpc-middleware-sentry" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "github.com/hm-edu/domain-rest-interface/pkg/store" pb "github.com/hm-edu/portal-apis" @@ -96,7 +95,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) { } } - srv := grpc.NewServer(grpc.StatsHandler(otelgrpc.NewServerHandler()), + srv := grpc.NewServer( grpc.UnaryInterceptor( grpc_middleware.ChainUnaryServer( interceptors..., diff --git a/backend/eab-rest-interface/go.mod b/backend/eab-rest-interface/go.mod index 50a6f528..1fd34617 100644 --- a/backend/eab-rest-interface/go.mod +++ b/backend/eab-rest-interface/go.mod @@ -6,15 +6,12 @@ require ( github.com/getkin/kin-openapi v0.128.0 github.com/hm-edu/portal-common v0.0.0-20241218063258-fbc57509a1e8 github.com/smallstep/certificates v0.28.1 - go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 google.golang.org/grpc v1.69.2 ) require ( github.com/fsnotify/fsnotify v1.8.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/joho/godotenv v1.5.1 // indirect github.com/magiconair/properties v1.8.9 // indirect @@ -23,7 +20,6 @@ require ( github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 gopkg.in/ini.v1 v1.67.0 // indirect ) @@ -38,7 +34,6 @@ require ( github.com/mailru/easyjson v0.9.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/swaggo/swag v1.16.4 - go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -106,7 +101,6 @@ require ( github.com/slackhq/nebula v1.9.5 // indirect github.com/urfave/cli v1.22.16 // indirect go.etcd.io/bbolt v1.3.11 // indirect - go.opentelemetry.io/otel/metric v1.33.0 // indirect go.step.sm/crypto v0.56.0 // indirect go.step.sm/linkedca v0.22.2 // indirect ) @@ -170,7 +164,6 @@ require ( github.com/valyala/fasttemplate v1.2.2 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zclconf/go-cty v1.15.1 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/mod v0.22.0 // indirect diff --git a/backend/eab-rest-interface/go.sum b/backend/eab-rest-interface/go.sum index e759edf2..5264796b 100644 --- a/backend/eab-rest-interface/go.sum +++ b/backend/eab-rest-interface/go.sum @@ -162,7 +162,6 @@ github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= diff --git a/backend/eab-rest-interface/pkg/grpc/server.go b/backend/eab-rest-interface/pkg/grpc/server.go index 1e8d2699..bd634373 100644 --- a/backend/eab-rest-interface/pkg/grpc/server.go +++ b/backend/eab-rest-interface/pkg/grpc/server.go @@ -10,7 +10,6 @@ import ( grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" grpc_recovery "github.com/grpc-ecosystem/go-grpc-middleware/recovery" grpc_sentry "github.com/johnbellone/grpc-middleware-sentry" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" pb "github.com/hm-edu/portal-apis" "github.com/hm-edu/portal-common/api" @@ -96,7 +95,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) { } } - srv := grpc.NewServer(grpc.StatsHandler(otelgrpc.NewServerHandler()), + srv := grpc.NewServer( grpc.UnaryInterceptor( grpc_middleware.ChainUnaryServer( interceptors..., diff --git a/backend/pki-rest-interface/pkg/api/docs/docs.go b/backend/pki-rest-interface/pkg/api/docs/docs.go index c896c1e9..feaecb5b 100644 --- a/backend/pki-rest-interface/pkg/api/docs/docs.go +++ b/backend/pki-rest-interface/pkg/api/docs/docs.go @@ -444,6 +444,9 @@ const docTemplate = `{ "items": { "type": "string" } + }, + "transaction_id": { + "type": "string" } } }, diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index e909a7b1..21e4c626 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -46,8 +46,6 @@ var runCmd = &cobra.Command{ stopCh := signals.SetupSignalHandler() - pkiCfg.CheckSectigoConfiguration() - database.ConnectDb(logger, viper.GetString("db")) _, errUpdate := database.DB.Db.Certificate.Update().Where(certificate.CaIsNil()).SetCa("sectigo").Save(context.Background()) @@ -98,20 +96,8 @@ func init() { runCmd.Flags().String("host", "", "Host to bind service to") runCmd.Flags().Int("grpc-port", 8081, "GRPC port to bind service to") runCmd.Flags().String("sentry_dsn", "", "The sentry dsn to use") - runCmd.Flags().String("sectigo_user", "", "The sectigo user") - runCmd.Flags().String("sectigo_password", "", "The password for the sectigo user") - runCmd.Flags().String("sectigo_customeruri", "", "The sectigo customerUri") - runCmd.Flags().Int("smime_profile", 0, "The (default) smime profile id") - runCmd.Flags().Int("smime_profile_standard", 0, "The (default) smime profile id for validation level standard") - runCmd.Flags().Int("smime_org_id", 0, "The (default) org id") - runCmd.Flags().Int("smime_term", 0, "The (default) lifetime of an employee certificate") - runCmd.Flags().Int("smime_student_term", 0, "The (default) lifetime of a student certificate") runCmd.Flags().Int("smime_key_length", 365, "The (expected) key length") - runCmd.Flags().String("smime_key_type", "", "The (expected) key type") runCmd.Flags().String("db", "", "connection string for the database") - runCmd.Flags().Int("ssl_profile", 0, "The (default) ssl profile id") - runCmd.Flags().Int("ssl_org_id", 0, "The (default) ssl org id") - runCmd.Flags().Int("ssl_term", 0, "The (default) ssl lifetime") runCmd.Flags().String("level", "info", "log level debug, info, warn, error, flat or panic") runCmd.Flags().Bool("enable_notifications", false, "Enable notifications") runCmd.Flags().String("mail_host", "", "The mail host") @@ -119,10 +105,4 @@ func init() { runCmd.Flags().String("mail_to", "", "Optional param to send notifications to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_bcc", "", "Optional param to send notifications as blind copy to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_from", "", "The mail from") - runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client") - runCmd.Flags().String("acme_email", "", "Email for the acme client") - runCmd.Flags().String("acme_hmac", "", "EAB HMAC for the acme client") - runCmd.Flags().String("acme_kid", "", "Key ID for the acme client") - runCmd.Flags().String("acme_server", "", "Server for the acme client") - runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/cmd/sync.go b/backend/pki-service/cmd/sync.go deleted file mode 100644 index 6fed0c80..00000000 --- a/backend/pki-service/cmd/sync.go +++ /dev/null @@ -1,59 +0,0 @@ -package cmd - -import ( - "context" - "net/http" - - "github.com/hm-edu/pki-service/pkg/cfg" - "github.com/hm-edu/pki-service/pkg/database" - "github.com/hm-edu/pki-service/pkg/worker" - "github.com/hm-edu/portal-common/api" - "github.com/hm-edu/portal-common/tracing" - "github.com/hm-edu/sectigo-client/sectigo" - "github.com/spf13/cobra" - "go.uber.org/zap" -) - -// syncCmd represents the sync command -var syncCmd = &cobra.Command{ - Use: "sync", - Short: "Syncs the database with the Sectigo API", - Long: `Adds all missing entries from the Sectigo API to the database`, - Run: func(cmd *cobra.Command, _ []string) { - - logger, deferFunc, viper := api.PrepareEnv(cmd) - defer deferFunc(logger) - - // load HTTP server config - var sectigoCfg cfg.PKIConfiguration - if err := viper.Unmarshal(§igoCfg); err != nil { - logger.Panic("config unmarshal failed", zap.Error(err)) - } - - tp := tracing.InitTracer(logger) - - defer func() { - if err := tp.Shutdown(context.Background()); err != nil { - logger.Fatal("Error shutting down tracer provider.", zap.Error(err)) - } - }() - - database.ConnectDb(logger, viper.GetString("db")) - syncer := worker.Syncer{ - Db: database.DB.Db, - Client: sectigo.NewClient(http.DefaultClient, logger, sectigoCfg.User, sectigoCfg.Password, sectigoCfg.CustomerURI), - } - syncer.SyncAllCertificates() - - }, -} - -func init() { - rootCmd.AddCommand(syncCmd) - - syncCmd.Flags().String("sectigo_user", "", "The sectigo user") - syncCmd.Flags().String("sectigo_password", "", "The password for the sectigo user") - syncCmd.Flags().String("sectigo_customeruri", "", "The sectigo customerUri") - syncCmd.Flags().String("db", "", "connection string for the database") - syncCmd.Flags().String("level", "info", "log level debug, info, warn, error, flat or panic") -} diff --git a/backend/pki-service/ent/certificate.go b/backend/pki-service/ent/certificate.go index 28421260..9352f7b3 100644 --- a/backend/pki-service/ent/certificate.go +++ b/backend/pki-service/ent/certificate.go @@ -23,6 +23,8 @@ type Certificate struct { UpdateTime time.Time `json:"update_time,omitempty"` // SslId holds the value of the "sslId" field. SslId int `json:"sslId,omitempty"` + // TransactionId holds the value of the "transactionId" field. + TransactionId string `json:"transactionId,omitempty"` // Serial holds the value of the "serial" field. Serial string `json:"serial,omitempty"` // CommonName holds the value of the "commonName" field. @@ -72,7 +74,7 @@ func (*Certificate) scanValues(columns []string) ([]any, error) { switch columns[i] { case certificate.FieldID, certificate.FieldSslId: values[i] = new(sql.NullInt64) - case certificate.FieldSerial, certificate.FieldCommonName, certificate.FieldIssuedBy, certificate.FieldSource, certificate.FieldStatus, certificate.FieldCa: + case certificate.FieldTransactionId, certificate.FieldSerial, certificate.FieldCommonName, certificate.FieldIssuedBy, certificate.FieldSource, certificate.FieldStatus, certificate.FieldCa: values[i] = new(sql.NullString) case certificate.FieldCreateTime, certificate.FieldUpdateTime, certificate.FieldNotBefore, certificate.FieldNotAfter, certificate.FieldCreated: values[i] = new(sql.NullTime) @@ -115,6 +117,12 @@ func (c *Certificate) assignValues(columns []string, values []any) error { } else if value.Valid { c.SslId = int(value.Int64) } + case certificate.FieldTransactionId: + if value, ok := values[i].(*sql.NullString); !ok { + return fmt.Errorf("unexpected type %T for field transactionId", values[i]) + } else if value.Valid { + c.TransactionId = value.String + } case certificate.FieldSerial: if value, ok := values[i].(*sql.NullString); !ok { return fmt.Errorf("unexpected type %T for field serial", values[i]) @@ -224,6 +232,9 @@ func (c *Certificate) String() string { builder.WriteString("sslId=") builder.WriteString(fmt.Sprintf("%v", c.SslId)) builder.WriteString(", ") + builder.WriteString("transactionId=") + builder.WriteString(c.TransactionId) + builder.WriteString(", ") builder.WriteString("serial=") builder.WriteString(c.Serial) builder.WriteString(", ") diff --git a/backend/pki-service/ent/certificate/certificate.go b/backend/pki-service/ent/certificate/certificate.go index 4ce6260e..4bc3b2bf 100644 --- a/backend/pki-service/ent/certificate/certificate.go +++ b/backend/pki-service/ent/certificate/certificate.go @@ -22,6 +22,8 @@ const ( FieldUpdateTime = "update_time" // FieldSslId holds the string denoting the sslid field in the database. FieldSslId = "ssl_id" + // FieldTransactionId holds the string denoting the transactionid field in the database. + FieldTransactionId = "transaction_id" // FieldSerial holds the string denoting the serial field in the database. FieldSerial = "serial" // FieldCommonName holds the string denoting the commonname field in the database. @@ -57,6 +59,7 @@ var Columns = []string{ FieldCreateTime, FieldUpdateTime, FieldSslId, + FieldTransactionId, FieldSerial, FieldCommonName, FieldNotBefore, @@ -161,6 +164,11 @@ func BySslId(opts ...sql.OrderTermOption) OrderOption { return sql.OrderByField(FieldSslId, opts...).ToFunc() } +// ByTransactionId orders the results by the transactionId field. +func ByTransactionId(opts ...sql.OrderTermOption) OrderOption { + return sql.OrderByField(FieldTransactionId, opts...).ToFunc() +} + // BySerial orders the results by the serial field. func BySerial(opts ...sql.OrderTermOption) OrderOption { return sql.OrderByField(FieldSerial, opts...).ToFunc() diff --git a/backend/pki-service/ent/certificate/where.go b/backend/pki-service/ent/certificate/where.go index ddb354e8..9967b189 100644 --- a/backend/pki-service/ent/certificate/where.go +++ b/backend/pki-service/ent/certificate/where.go @@ -70,6 +70,11 @@ func SslId(v int) predicate.Certificate { return predicate.Certificate(sql.FieldEQ(FieldSslId, v)) } +// TransactionId applies equality check predicate on the "transactionId" field. It's identical to TransactionIdEQ. +func TransactionId(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldEQ(FieldTransactionId, v)) +} + // Serial applies equality check predicate on the "serial" field. It's identical to SerialEQ. func Serial(v string) predicate.Certificate { return predicate.Certificate(sql.FieldEQ(FieldSerial, v)) @@ -240,6 +245,81 @@ func SslIdNotNil() predicate.Certificate { return predicate.Certificate(sql.FieldNotNull(FieldSslId)) } +// TransactionIdEQ applies the EQ predicate on the "transactionId" field. +func TransactionIdEQ(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldEQ(FieldTransactionId, v)) +} + +// TransactionIdNEQ applies the NEQ predicate on the "transactionId" field. +func TransactionIdNEQ(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldNEQ(FieldTransactionId, v)) +} + +// TransactionIdIn applies the In predicate on the "transactionId" field. +func TransactionIdIn(vs ...string) predicate.Certificate { + return predicate.Certificate(sql.FieldIn(FieldTransactionId, vs...)) +} + +// TransactionIdNotIn applies the NotIn predicate on the "transactionId" field. +func TransactionIdNotIn(vs ...string) predicate.Certificate { + return predicate.Certificate(sql.FieldNotIn(FieldTransactionId, vs...)) +} + +// TransactionIdGT applies the GT predicate on the "transactionId" field. +func TransactionIdGT(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldGT(FieldTransactionId, v)) +} + +// TransactionIdGTE applies the GTE predicate on the "transactionId" field. +func TransactionIdGTE(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldGTE(FieldTransactionId, v)) +} + +// TransactionIdLT applies the LT predicate on the "transactionId" field. +func TransactionIdLT(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldLT(FieldTransactionId, v)) +} + +// TransactionIdLTE applies the LTE predicate on the "transactionId" field. +func TransactionIdLTE(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldLTE(FieldTransactionId, v)) +} + +// TransactionIdContains applies the Contains predicate on the "transactionId" field. +func TransactionIdContains(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldContains(FieldTransactionId, v)) +} + +// TransactionIdHasPrefix applies the HasPrefix predicate on the "transactionId" field. +func TransactionIdHasPrefix(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldHasPrefix(FieldTransactionId, v)) +} + +// TransactionIdHasSuffix applies the HasSuffix predicate on the "transactionId" field. +func TransactionIdHasSuffix(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldHasSuffix(FieldTransactionId, v)) +} + +// TransactionIdIsNil applies the IsNil predicate on the "transactionId" field. +func TransactionIdIsNil() predicate.Certificate { + return predicate.Certificate(sql.FieldIsNull(FieldTransactionId)) +} + +// TransactionIdNotNil applies the NotNil predicate on the "transactionId" field. +func TransactionIdNotNil() predicate.Certificate { + return predicate.Certificate(sql.FieldNotNull(FieldTransactionId)) +} + +// TransactionIdEqualFold applies the EqualFold predicate on the "transactionId" field. +func TransactionIdEqualFold(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldEqualFold(FieldTransactionId, v)) +} + +// TransactionIdContainsFold applies the ContainsFold predicate on the "transactionId" field. +func TransactionIdContainsFold(v string) predicate.Certificate { + return predicate.Certificate(sql.FieldContainsFold(FieldTransactionId, v)) +} + // SerialEQ applies the EQ predicate on the "serial" field. func SerialEQ(v string) predicate.Certificate { return predicate.Certificate(sql.FieldEQ(FieldSerial, v)) diff --git a/backend/pki-service/ent/certificate_create.go b/backend/pki-service/ent/certificate_create.go index bd977f20..e3b1f69e 100644 --- a/backend/pki-service/ent/certificate_create.go +++ b/backend/pki-service/ent/certificate_create.go @@ -65,6 +65,20 @@ func (cc *CertificateCreate) SetNillableSslId(i *int) *CertificateCreate { return cc } +// SetTransactionId sets the "transactionId" field. +func (cc *CertificateCreate) SetTransactionId(s string) *CertificateCreate { + cc.mutation.SetTransactionId(s) + return cc +} + +// SetNillableTransactionId sets the "transactionId" field if the given value is not nil. +func (cc *CertificateCreate) SetNillableTransactionId(s *string) *CertificateCreate { + if s != nil { + cc.SetTransactionId(*s) + } + return cc +} + // SetSerial sets the "serial" field. func (cc *CertificateCreate) SetSerial(s string) *CertificateCreate { cc.mutation.SetSerial(s) @@ -319,6 +333,10 @@ func (cc *CertificateCreate) createSpec() (*Certificate, *sqlgraph.CreateSpec) { _spec.SetField(certificate.FieldSslId, field.TypeInt, value) _node.SslId = value } + if value, ok := cc.mutation.TransactionId(); ok { + _spec.SetField(certificate.FieldTransactionId, field.TypeString, value) + _node.TransactionId = value + } if value, ok := cc.mutation.Serial(); ok { _spec.SetField(certificate.FieldSerial, field.TypeString, value) _node.Serial = value @@ -459,6 +477,24 @@ func (u *CertificateUpsert) ClearSslId() *CertificateUpsert { return u } +// SetTransactionId sets the "transactionId" field. +func (u *CertificateUpsert) SetTransactionId(v string) *CertificateUpsert { + u.Set(certificate.FieldTransactionId, v) + return u +} + +// UpdateTransactionId sets the "transactionId" field to the value that was provided on create. +func (u *CertificateUpsert) UpdateTransactionId() *CertificateUpsert { + u.SetExcluded(certificate.FieldTransactionId) + return u +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (u *CertificateUpsert) ClearTransactionId() *CertificateUpsert { + u.SetNull(certificate.FieldTransactionId) + return u +} + // SetSerial sets the "serial" field. func (u *CertificateUpsert) SetSerial(v string) *CertificateUpsert { u.Set(certificate.FieldSerial, v) @@ -696,6 +732,27 @@ func (u *CertificateUpsertOne) ClearSslId() *CertificateUpsertOne { }) } +// SetTransactionId sets the "transactionId" field. +func (u *CertificateUpsertOne) SetTransactionId(v string) *CertificateUpsertOne { + return u.Update(func(s *CertificateUpsert) { + s.SetTransactionId(v) + }) +} + +// UpdateTransactionId sets the "transactionId" field to the value that was provided on create. +func (u *CertificateUpsertOne) UpdateTransactionId() *CertificateUpsertOne { + return u.Update(func(s *CertificateUpsert) { + s.UpdateTransactionId() + }) +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (u *CertificateUpsertOne) ClearTransactionId() *CertificateUpsertOne { + return u.Update(func(s *CertificateUpsert) { + s.ClearTransactionId() + }) +} + // SetSerial sets the "serial" field. func (u *CertificateUpsertOne) SetSerial(v string) *CertificateUpsertOne { return u.Update(func(s *CertificateUpsert) { @@ -1124,6 +1181,27 @@ func (u *CertificateUpsertBulk) ClearSslId() *CertificateUpsertBulk { }) } +// SetTransactionId sets the "transactionId" field. +func (u *CertificateUpsertBulk) SetTransactionId(v string) *CertificateUpsertBulk { + return u.Update(func(s *CertificateUpsert) { + s.SetTransactionId(v) + }) +} + +// UpdateTransactionId sets the "transactionId" field to the value that was provided on create. +func (u *CertificateUpsertBulk) UpdateTransactionId() *CertificateUpsertBulk { + return u.Update(func(s *CertificateUpsert) { + s.UpdateTransactionId() + }) +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (u *CertificateUpsertBulk) ClearTransactionId() *CertificateUpsertBulk { + return u.Update(func(s *CertificateUpsert) { + s.ClearTransactionId() + }) +} + // SetSerial sets the "serial" field. func (u *CertificateUpsertBulk) SetSerial(v string) *CertificateUpsertBulk { return u.Update(func(s *CertificateUpsert) { diff --git a/backend/pki-service/ent/certificate_update.go b/backend/pki-service/ent/certificate_update.go index 364aaf1f..68d707fd 100644 --- a/backend/pki-service/ent/certificate_update.go +++ b/backend/pki-service/ent/certificate_update.go @@ -62,6 +62,26 @@ func (cu *CertificateUpdate) ClearSslId() *CertificateUpdate { return cu } +// SetTransactionId sets the "transactionId" field. +func (cu *CertificateUpdate) SetTransactionId(s string) *CertificateUpdate { + cu.mutation.SetTransactionId(s) + return cu +} + +// SetNillableTransactionId sets the "transactionId" field if the given value is not nil. +func (cu *CertificateUpdate) SetNillableTransactionId(s *string) *CertificateUpdate { + if s != nil { + cu.SetTransactionId(*s) + } + return cu +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (cu *CertificateUpdate) ClearTransactionId() *CertificateUpdate { + cu.mutation.ClearTransactionId() + return cu +} + // SetSerial sets the "serial" field. func (cu *CertificateUpdate) SetSerial(s string) *CertificateUpdate { cu.mutation.SetSerial(s) @@ -352,6 +372,12 @@ func (cu *CertificateUpdate) sqlSave(ctx context.Context) (n int, err error) { if cu.mutation.SslIdCleared() { _spec.ClearField(certificate.FieldSslId, field.TypeInt) } + if value, ok := cu.mutation.TransactionId(); ok { + _spec.SetField(certificate.FieldTransactionId, field.TypeString, value) + } + if cu.mutation.TransactionIdCleared() { + _spec.ClearField(certificate.FieldTransactionId, field.TypeString) + } if value, ok := cu.mutation.Serial(); ok { _spec.SetField(certificate.FieldSerial, field.TypeString, value) } @@ -498,6 +524,26 @@ func (cuo *CertificateUpdateOne) ClearSslId() *CertificateUpdateOne { return cuo } +// SetTransactionId sets the "transactionId" field. +func (cuo *CertificateUpdateOne) SetTransactionId(s string) *CertificateUpdateOne { + cuo.mutation.SetTransactionId(s) + return cuo +} + +// SetNillableTransactionId sets the "transactionId" field if the given value is not nil. +func (cuo *CertificateUpdateOne) SetNillableTransactionId(s *string) *CertificateUpdateOne { + if s != nil { + cuo.SetTransactionId(*s) + } + return cuo +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (cuo *CertificateUpdateOne) ClearTransactionId() *CertificateUpdateOne { + cuo.mutation.ClearTransactionId() + return cuo +} + // SetSerial sets the "serial" field. func (cuo *CertificateUpdateOne) SetSerial(s string) *CertificateUpdateOne { cuo.mutation.SetSerial(s) @@ -818,6 +864,12 @@ func (cuo *CertificateUpdateOne) sqlSave(ctx context.Context) (_node *Certificat if cuo.mutation.SslIdCleared() { _spec.ClearField(certificate.FieldSslId, field.TypeInt) } + if value, ok := cuo.mutation.TransactionId(); ok { + _spec.SetField(certificate.FieldTransactionId, field.TypeString, value) + } + if cuo.mutation.TransactionIdCleared() { + _spec.ClearField(certificate.FieldTransactionId, field.TypeString) + } if value, ok := cuo.mutation.Serial(); ok { _spec.SetField(certificate.FieldSerial, field.TypeString, value) } diff --git a/backend/pki-service/ent/migrate/schema.go b/backend/pki-service/ent/migrate/schema.go index 0c972e1f..db086028 100644 --- a/backend/pki-service/ent/migrate/schema.go +++ b/backend/pki-service/ent/migrate/schema.go @@ -15,6 +15,7 @@ var ( {Name: "create_time", Type: field.TypeTime}, {Name: "update_time", Type: field.TypeTime}, {Name: "ssl_id", Type: field.TypeInt, Nullable: true}, + {Name: "transaction_id", Type: field.TypeString, Nullable: true}, {Name: "serial", Type: field.TypeString, Unique: true, Nullable: true}, {Name: "common_name", Type: field.TypeString}, {Name: "not_before", Type: field.TypeTime, Nullable: true}, diff --git a/backend/pki-service/ent/mutation.go b/backend/pki-service/ent/mutation.go index 8fec4821..67a9d7e4 100644 --- a/backend/pki-service/ent/mutation.go +++ b/backend/pki-service/ent/mutation.go @@ -39,6 +39,7 @@ type CertificateMutation struct { update_time *time.Time sslId *int addsslId *int + transactionId *string serial *string commonName *string notBefore *time.Time @@ -297,6 +298,55 @@ func (m *CertificateMutation) ResetSslId() { delete(m.clearedFields, certificate.FieldSslId) } +// SetTransactionId sets the "transactionId" field. +func (m *CertificateMutation) SetTransactionId(s string) { + m.transactionId = &s +} + +// TransactionId returns the value of the "transactionId" field in the mutation. +func (m *CertificateMutation) TransactionId() (r string, exists bool) { + v := m.transactionId + if v == nil { + return + } + return *v, true +} + +// OldTransactionId returns the old "transactionId" field's value of the Certificate entity. +// If the Certificate object wasn't provided to the builder, the object is fetched from the database. +// An error is returned if the mutation operation is not UpdateOne, or the database query fails. +func (m *CertificateMutation) OldTransactionId(ctx context.Context) (v string, err error) { + if !m.op.Is(OpUpdateOne) { + return v, errors.New("OldTransactionId is only allowed on UpdateOne operations") + } + if m.id == nil || m.oldValue == nil { + return v, errors.New("OldTransactionId requires an ID field in the mutation") + } + oldValue, err := m.oldValue(ctx) + if err != nil { + return v, fmt.Errorf("querying old value for OldTransactionId: %w", err) + } + return oldValue.TransactionId, nil +} + +// ClearTransactionId clears the value of the "transactionId" field. +func (m *CertificateMutation) ClearTransactionId() { + m.transactionId = nil + m.clearedFields[certificate.FieldTransactionId] = struct{}{} +} + +// TransactionIdCleared returns if the "transactionId" field was cleared in this mutation. +func (m *CertificateMutation) TransactionIdCleared() bool { + _, ok := m.clearedFields[certificate.FieldTransactionId] + return ok +} + +// ResetTransactionId resets all changes to the "transactionId" field. +func (m *CertificateMutation) ResetTransactionId() { + m.transactionId = nil + delete(m.clearedFields, certificate.FieldTransactionId) +} + // SetSerial sets the "serial" field. func (m *CertificateMutation) SetSerial(s string) { m.serial = &s @@ -800,7 +850,7 @@ func (m *CertificateMutation) Type() string { // order to get all numeric fields that were incremented/decremented, call // AddedFields(). func (m *CertificateMutation) Fields() []string { - fields := make([]string, 0, 12) + fields := make([]string, 0, 13) if m.create_time != nil { fields = append(fields, certificate.FieldCreateTime) } @@ -810,6 +860,9 @@ func (m *CertificateMutation) Fields() []string { if m.sslId != nil { fields = append(fields, certificate.FieldSslId) } + if m.transactionId != nil { + fields = append(fields, certificate.FieldTransactionId) + } if m.serial != nil { fields = append(fields, certificate.FieldSerial) } @@ -851,6 +904,8 @@ func (m *CertificateMutation) Field(name string) (ent.Value, bool) { return m.UpdateTime() case certificate.FieldSslId: return m.SslId() + case certificate.FieldTransactionId: + return m.TransactionId() case certificate.FieldSerial: return m.Serial() case certificate.FieldCommonName: @@ -884,6 +939,8 @@ func (m *CertificateMutation) OldField(ctx context.Context, name string) (ent.Va return m.OldUpdateTime(ctx) case certificate.FieldSslId: return m.OldSslId(ctx) + case certificate.FieldTransactionId: + return m.OldTransactionId(ctx) case certificate.FieldSerial: return m.OldSerial(ctx) case certificate.FieldCommonName: @@ -932,6 +989,13 @@ func (m *CertificateMutation) SetField(name string, value ent.Value) error { } m.SetSslId(v) return nil + case certificate.FieldTransactionId: + v, ok := value.(string) + if !ok { + return fmt.Errorf("unexpected type %T for field %s", value, name) + } + m.SetTransactionId(v) + return nil case certificate.FieldSerial: v, ok := value.(string) if !ok { @@ -1043,6 +1107,9 @@ func (m *CertificateMutation) ClearedFields() []string { if m.FieldCleared(certificate.FieldSslId) { fields = append(fields, certificate.FieldSslId) } + if m.FieldCleared(certificate.FieldTransactionId) { + fields = append(fields, certificate.FieldTransactionId) + } if m.FieldCleared(certificate.FieldSerial) { fields = append(fields, certificate.FieldSerial) } @@ -1081,6 +1148,9 @@ func (m *CertificateMutation) ClearField(name string) error { case certificate.FieldSslId: m.ClearSslId() return nil + case certificate.FieldTransactionId: + m.ClearTransactionId() + return nil case certificate.FieldSerial: m.ClearSerial() return nil @@ -1119,6 +1189,9 @@ func (m *CertificateMutation) ResetField(name string) error { case certificate.FieldSslId: m.ResetSslId() return nil + case certificate.FieldTransactionId: + m.ResetTransactionId() + return nil case certificate.FieldSerial: m.ResetSerial() return nil diff --git a/backend/pki-service/ent/runtime/runtime.go b/backend/pki-service/ent/runtime/runtime.go index 4e08232e..02a3e6b7 100644 --- a/backend/pki-service/ent/runtime/runtime.go +++ b/backend/pki-service/ent/runtime/runtime.go @@ -32,7 +32,7 @@ func init() { // certificate.UpdateDefaultUpdateTime holds the default value on update for the update_time field. certificate.UpdateDefaultUpdateTime = certificateDescUpdateTime.UpdateDefault.(func() time.Time) // certificateDescCommonName is the schema descriptor for commonName field. - certificateDescCommonName := certificateFields[2].Descriptor() + certificateDescCommonName := certificateFields[3].Descriptor() // certificate.CommonNameValidator is a validator for the "commonName" field. It is called by the builders before save. certificate.CommonNameValidator = certificateDescCommonName.Validators[0].(func(string) error) domainFields := schema.Domain{}.Fields() diff --git a/backend/pki-service/ent/schema/certificate.go b/backend/pki-service/ent/schema/certificate.go index c25fc671..6d4e97c9 100644 --- a/backend/pki-service/ent/schema/certificate.go +++ b/backend/pki-service/ent/schema/certificate.go @@ -18,6 +18,7 @@ type Certificate struct { func (Certificate) Fields() []ent.Field { return []ent.Field{ field.Int("sslId").Optional(), + field.String("transactionId").Optional(), field.String("serial").Optional().Unique(), field.String("commonName").NotEmpty(), field.Time("notBefore").Nillable().Optional(), diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index f4db01ce..fbfdedbc 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -1,23 +1,29 @@ module github.com/hm-edu/pki-service -go 1.23.0 +go 1.23.3 + +toolchain go1.23.4 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.30.0 - github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15 + github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 go.uber.org/zap v1.27.0 ) -require go.opentelemetry.io/auto/sdk v1.1.0 // indirect - require ( - github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/boombuler/barcode v1.0.2 // indirect + github.com/go-co-op/gocron/v2 v2.14.0 // indirect + github.com/go-resty/resty/v2 v2.16.2 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect + github.com/jonboulle/clockwork v0.4.0 // indirect github.com/magiconair/properties v1.8.9 // indirect + github.com/pquerna/otp v1.4.0 // indirect + github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/afero v1.11.0 // indirect ) @@ -31,7 +37,6 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/getkin/kin-openapi v0.128.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-openapi/inflect v0.21.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect @@ -55,7 +60,7 @@ require ( github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/miekg/dns v1.1.62 + github.com/miekg/dns v1.1.62 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -83,16 +88,12 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect - gopkg.in/yaml.v3 v3.0.1 + gopkg.in/yaml.v3 v3.0.1 // indirect ) +require github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 + require ( - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/google/go-querystring v1.1.0 // indirect - github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 - go.opentelemetry.io/otel v1.33.0 // indirect go.opentelemetry.io/otel/sdk v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -116,7 +117,6 @@ require ( require ( entgo.io/ent v0.14.1 - github.com/go-acme/lego/v4 v4.21.0 github.com/go-co-op/gocron v1.37.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/inconshreveable/mousetrap v1.1.0 // indirect diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 23d00a98..c5bcac11 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -21,8 +21,9 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0= github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= -github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= -github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4= +github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -51,17 +52,14 @@ github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLb github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM= github.com/getsentry/sentry-go v0.30.0 h1:lWUwDnY7sKHaVIoZ9wYqRHJ5iEmoc0pqcRqFkosKzBo= github.com/getsentry/sentry-go v0.30.0/go.mod h1:WU9B9/1/sHDqeV8T+3VwwbjeR5MSXs/6aqG3mqZrezA= -github.com/go-acme/lego/v4 v4.21.0 h1:arEW+8o5p7VI8Bk1kr/PDlgD1DrxtTH1gJ4b7mehL8o= -github.com/go-acme/lego/v4 v4.21.0/go.mod h1:HrSWzm3Ckj45Ie3i+p1zKVobbQoMOaGu9m4up0dUeDI= github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0= github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= +github.com/go-co-op/gocron/v2 v2.14.0 h1:bWPJeIdd4ioqiEpLLD1BVSTrtae7WABhX/WaVJbKVqg= +github.com/go-co-op/gocron/v2 v2.14.0/go.mod h1:ZF70ZwEqz0OO4RBXE1sNxnANy/zvwLcattWEFsqpKig= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -76,6 +74,8 @@ github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9Z github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-resty/resty/v2 v2.16.2 h1:CpRqTjIzq/rweXUt9+GxzzQdlkqMdt8Lm/fuK/CAbAg= +github.com/go-resty/resty/v2 v2.16.2/go.mod h1:0fHAoK7JoBy/Ch36N8VFeMsK7xQOHhvWaC3iOktwmIU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM= github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= @@ -83,6 +83,8 @@ github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPh github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -91,11 +93,8 @@ github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaW github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -106,10 +105,10 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= +github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c h1:CEakS1zi7u5aOVU9kXEZ4bT5P3DVZR9icV24YhSLtIU= +github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= -github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15 h1:WigNT3oF3UT35Txraj+SfYPcOOrYWW0UHYZn0a7UPAI= -github.com/hm-edu/sectigo-client v0.0.0-20241203213233-31e0bf071c15/go.mod h1:RzXeZCdNs35GmYG5gsN8wIuSp2sxw+yMT7oCIBjDSGo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= @@ -165,12 +164,12 @@ github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0f github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww= -github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/johnbellone/grpc-middleware-sentry v0.4.0 h1:4Ojhjv+/1skH2wLMkNGWtYHo+iwiOnLZV3dn7KUhCvc= github.com/johnbellone/grpc-middleware-sentry v0.4.0/go.mod h1:o017YrGIUqWfhPMbcg/Jg2CTeLTdbGRkuEQywqcDVqY= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= +github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= +github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -240,6 +239,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= +github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -319,8 +320,6 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmB github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= diff --git a/backend/pki-service/pkg/cfg/pki.go b/backend/pki-service/pkg/cfg/pki.go index 0dd660c6..549e9ccb 100644 --- a/backend/pki-service/pkg/cfg/pki.go +++ b/backend/pki-service/pkg/cfg/pki.go @@ -1,65 +1,12 @@ package cfg -import ( - "net/http" - - "github.com/hm-edu/portal-common/helper" - "github.com/hm-edu/sectigo-client/sectigo" - "github.com/hm-edu/sectigo-client/sectigo/client" - "go.uber.org/zap" -) - // PKIConfiguration handles different configuration properties for the sectigo client type PKIConfiguration struct { - User string `mapstructure:"sectigo_user"` - Password string `mapstructure:"sectigo_password"` - CustomerURI string `mapstructure:"sectigo_customeruri"` - SmimeProfile int `mapstructure:"smime_profile"` - SmimeProfileStandard int `mapstructure:"smime_profile_standard"` - SmimeOrgID int `mapstructure:"smime_org_id"` - SmimeTerm int `mapstructure:"smime_term"` - SmimeStudentTerm int `mapstructure:"smime_student_term"` - SslProfile int `mapstructure:"ssl_profile"` - SslOrgID int `mapstructure:"ssl_org_id"` - SslTerm int `mapstructure:"ssl_term"` - SmimeKeyLength string `mapstructure:"smime_key_length"` - SmimeKeyType string `mapstructure:"smime_key_type"` - AcmeStorage string `mapstructure:"acme_storage"` - AcmeEmail string `mapstructure:"acme_email"` - AcmeKid string `mapstructure:"acme_kid"` - AcmeHmac string `mapstructure:"acme_hmac"` - AcmeServer string `mapstructure:"acme_server"` - DnsConfigs string `mapstructure:"dns_configs"` -} - -// CheckSectigoConfiguration checks the sectigo configuration for the syntactical correctness. -func (cfg *PKIConfiguration) CheckSectigoConfiguration() { - - logger := zap.L() - - c := sectigo.NewClient(http.DefaultClient, zap.L(), cfg.User, cfg.Password, cfg.CustomerURI) - profiles, err := c.ClientService.Profiles() - if err != nil { - logger.Fatal("fetching profiles failed", zap.Error(err)) - } - if len(*profiles) == 0 { - logger.Warn("no profiles found") - return - } - found := helper.Any(*profiles, func(t client.ListProfileItem) bool { - if t.ID == cfg.SmimeProfile || (t.ID == cfg.SmimeProfileStandard && cfg.SmimeProfileStandard > 0) { - if helper.Any(t.Terms, func(i int) bool { return i == cfg.SmimeTerm }) && - helper.Any(t.KeyTypes[cfg.SmimeKeyType], func(i string) bool { - return i == cfg.SmimeKeyLength - }) { - return true - } - return false - } - return false - }) - if !found { - logger.Fatal("smime profile not found") - } - + User string `mapstructure:"user"` + Password string `mapstructure:"password"` + TotpSeed string `mapstructure:"totp_seed"` + ValidationUser string `mapstructure:"validation_user"` + ValidationPassword string `mapstructure:"validation_password"` + ValidationTotpSeed string `mapstructure:"validation_totp_seed"` + SmimeKeyLength string `mapstructure:"smime_key_length"` } diff --git a/backend/pki-service/pkg/grpc/server.go b/backend/pki-service/pkg/grpc/server.go index 7936686b..0d5686eb 100644 --- a/backend/pki-service/pkg/grpc/server.go +++ b/backend/pki-service/pkg/grpc/server.go @@ -3,13 +3,11 @@ package grpc import ( "fmt" "net" - "net/http" "github.com/getsentry/sentry-go" grpc_sentry "github.com/johnbellone/grpc-middleware-sentry" pb "github.com/hm-edu/portal-apis" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" @@ -17,7 +15,6 @@ import ( "github.com/hm-edu/pki-service/ent" "github.com/hm-edu/pki-service/pkg/cfg" - "github.com/hm-edu/sectigo-client/sectigo" "go.uber.org/zap" "google.golang.org/grpc" @@ -27,10 +24,10 @@ import ( // Server is the basic structure of the GRPC server. type Server struct { - logger *zap.Logger - config *Config - sectigoCfg *cfg.PKIConfiguration - db *ent.Client + logger *zap.Logger + config *Config + pkiCfg *cfg.PKIConfiguration + db *ent.Client } // Config is the basic structure of the GRPC configuration @@ -43,10 +40,10 @@ type Config struct { // NewServer creates a new GRPC server func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.PKIConfiguration, db *ent.Client) (*Server, error) { srv := &Server{ - logger: logger, - sectigoCfg: sectigoCfg, - config: config, - db: db, + logger: logger, + pkiCfg: sectigoCfg, + config: config, + db: db, } return srv, nil @@ -89,7 +86,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) { } } - srv := grpc.NewServer(grpc.StatsHandler(otelgrpc.NewServerHandler()), + srv := grpc.NewServer( grpc.UnaryInterceptor( grpc_middleware.ChainUnaryServer( interceptors..., @@ -106,11 +103,12 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) { // "Clients are safe for concurrent use by multiple goroutines." // => one http client is fine ;) - c := sectigo.NewClient(http.DefaultClient, s.logger, s.sectigoCfg.User, s.sectigoCfg.Password, s.sectigoCfg.CustomerURI) - - ssl := newSslAPIServer(c, s.sectigoCfg, s.db) + ssl, err := newSslAPIServer(s.pkiCfg, s.db) + if err != nil { + s.logger.Fatal("failed to create ssl server", zap.Error(err)) + } pb.RegisterSSLServiceServer(srv, ssl) - smime := newSmimeAPIServer(c, s.sectigoCfg) + smime := newSmimeAPIServer(s.pkiCfg) pb.RegisterSmimeServiceServer(srv, smime) grpc_health_v1.RegisterHealthServer(srv, server) diff --git a/backend/pki-service/pkg/grpc/smime.go b/backend/pki-service/pkg/grpc/smime.go index 10a258a3..1a8f2ab2 100644 --- a/backend/pki-service/pkg/grpc/smime.go +++ b/backend/pki-service/pkg/grpc/smime.go @@ -6,33 +6,26 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "time" "github.com/TheZeroSlave/zapsentry" "github.com/getsentry/sentry-go" "github.com/hm-edu/pki-service/pkg/cfg" pb "github.com/hm-edu/portal-apis" - "github.com/hm-edu/portal-common/helper" - "github.com/hm-edu/sectigo-client/sectigo" - "github.com/hm-edu/sectigo-client/sectigo/client" - "github.com/hm-edu/sectigo-client/sectigo/person" "go.uber.org/zap" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/emptypb" - "google.golang.org/protobuf/types/known/timestamppb" ) type smimeAPIServer struct { pb.UnimplementedSmimeServiceServer - client *sectigo.Client cfg *cfg.PKIConfiguration logger *zap.Logger } -func newSmimeAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration) *smimeAPIServer { - return &smimeAPIServer{client: client, cfg: cfg, logger: zap.L()} +func newSmimeAPIServer(cfg *cfg.PKIConfiguration) *smimeAPIServer { + return &smimeAPIServer{cfg: cfg, logger: zap.L()} } func (s *smimeAPIServer) ListCertificates(ctx context.Context, req *pb.ListSmimeRequest) (*pb.ListSmimeResponse, error) { @@ -48,27 +41,8 @@ func (s *smimeAPIServer) ListCertificates(ctx context.Context, req *pb.ListSmime logger := log.With(zap.String("user", req.Email)) logger.Info("Requesting issued smime certificates") - items, err := s.client.ClientService.ListByEmail(req.Email) - if err != nil { - if sectigoError, ok := err.(*sectigo.ErrorResponse); ok { - if sectigoError.Code == -105 { - logger.Info("No certificates found") - return &pb.ListSmimeResponse{Certificates: []*pb.ListSmimeResponse_CertificateDetails{}}, nil - } - } - logger.Info("Error while requesting smime certificates", zap.Error(err)) - hub.CaptureException(err) - return nil, status.Error(codes.Internal, err.Error()) - } - logger.Info("Successfully requested smime certificates", zap.Int("count", len(*items))) - return &pb.ListSmimeResponse{Certificates: helper.Map(*items, func(t client.ListItem) *pb.ListSmimeResponse_CertificateDetails { - return &pb.ListSmimeResponse_CertificateDetails{ - Id: int32(t.ID), - Serial: t.SerialNumber, - Status: string(t.State), - Expires: timestamppb.New(t.Expires.Time), - } - })}, nil + return nil, status.Errorf(codes.Unimplemented, "method ListCertificates not implemented") + } func (s *smimeAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSmimeRequest) (*pb.IssueSmimeResponse, error) { hub := sentry.GetHubFromContext(ctx) @@ -113,106 +87,7 @@ func (s *smimeAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSmim logger.Warn("Invalid key length", zap.String("key_length", fmt.Sprintf("%d", size))) return nil, status.Error(codes.InvalidArgument, "Invalid CSR") } - - term := s.cfg.SmimeTerm - if req.Student { - term = s.cfg.SmimeStudentTerm - } - - persons, err := s.client.PersonService.List(&person.ListParams{Email: req.Email}) - if err != nil { - hub.CaptureException(err) - logger.Error("Error while requesting person", zap.Error(err)) - return nil, status.Error(codes.Internal, "Error requesting person") - } - - validationLevel := "HIGH" - profile := s.cfg.SmimeProfile - - if req.ValidationStandard { - validationLevel = "STANDARD" - profile = s.cfg.SmimeProfileStandard - if profile == 0 { - logger.Warn("No profile for validation level standard configured") - return nil, status.Error(codes.InvalidArgument, "Validation level standard not supported") - } - } - - if len(*persons) == 0 { - logger.Info("No person found. Creating new") - err = s.client.PersonService.CreatePerson(person.CreateRequest{ - FirstName: req.FirstName, - LastName: req.LastName, - Email: req.Email, - OrganizationID: s.cfg.SmimeOrgID, - ValidationType: validationLevel, - CommonName: req.CommonName, - Phone: "", - }) - if err != nil { - logger.Error("Error while creating person", zap.Error(err)) - return nil, status.Error(codes.Internal, "Error creating person") - } - } else { - personItem := (*persons)[0] - if personItem.ValidationType != "HIGH" && !req.ValidationStandard { - err := s.client.PersonService.UpdatePerson(personItem.ID, person.UpdateRequest{ - FirstName: req.FirstName, - LastName: req.LastName, - OrganizationID: s.cfg.SmimeOrgID, - ValidationType: validationLevel, - CommonName: req.CommonName, - }) - if err != nil { - hub.CaptureException(err) - logger.Error("Error while updating person", zap.Error(err)) - return nil, status.Error(codes.Internal, "Error updating person") - } - } - } - - resp, err := s.client.ClientService.Enroll(client.EnrollmentRequest{ - OrgID: s.cfg.SmimeOrgID, - FirstName: req.FirstName, - MiddleName: req.MiddleName, - CommonName: req.CommonName, - LastName: req.LastName, - Email: req.Email, - Phone: "", - SecondaryEmails: []string{}, - CSR: req.Csr, - CertType: profile, - Term: term, - Eppn: "", - }) - if err != nil { - hub.CaptureException(err) - logger.Error("Error while enrolling certificate", zap.Error(err)) - return nil, status.Error(codes.Internal, "Error enrolling certificate") - } - cert := "" - err = helper.WaitFor(10*time.Minute, 15*time.Second, func() (bool, error) { - c, err := s.client.ClientService.Collect(resp.OrderNumber, "x509R") - if err != nil { - if e, ok := err.(*sectigo.ErrorResponse); ok { - if e.Code == 0 && e.Description == "Being processed by Sectigo" { - logger.Debug("Certificate not ready", zap.Int("id", resp.OrderNumber), zap.String("email", req.Email)) - return false, nil - } - } - return false, err - } - logger.Info("Certificate ready", zap.Int("id", resp.OrderNumber)) - cert = *c - return true, nil - }) - - if err != nil { - hub.CaptureException(err) - return nil, status.Error(codes.Internal, "Error obtaining certificate") - } - - return &pb.IssueSmimeResponse{Certificate: cert}, nil + return nil, status.Errorf(codes.Unimplemented, "method IssueCertificate not implemented") } func (s *smimeAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSmimeRequest) (*emptypb.Empty, error) { @@ -226,26 +101,7 @@ func (s *smimeAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSm } logger := log.With(zap.String("reason", req.Reason)) + logger.Info("Revoking smime certificate") - switch req.Identifier.(type) { - case *pb.RevokeSmimeRequest_Email: - logger = logger.With(zap.String("email", req.GetEmail())) - logger.Info("Revoking smime certificate") - err := s.client.ClientService.RevokeByEmail(client.RevokeByEmailRequest{Email: req.GetEmail(), Reason: req.GetReason()}) - if err != nil { - hub.CaptureException(err) - logger.Error("Error while revoking certificate", zap.Error(err)) - return nil, status.Error(codes.Internal, err.Error()) - } - logger.Info("Successfully revoked smime certificate") - return &emptypb.Empty{}, nil - case *pb.RevokeSmimeRequest_Serial: - err := s.client.ClientService.RevokeBySerial(client.RevokeBySerialRequest{Serial: req.GetSerial(), Reason: req.GetReason()}) - if err != nil { - hub.CaptureException(err) - return nil, status.Error(codes.Internal, err.Error()) - } - return &emptypb.Empty{}, nil - } return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented") } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 1c8ec2ec..503ca25f 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -2,23 +2,16 @@ package grpc import ( "context" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" "crypto/x509" - "encoding/json" "encoding/pem" "fmt" - "os" - "path/filepath" "time" "github.com/TheZeroSlave/zapsentry" "github.com/getsentry/sentry-go" - legoCert "github.com/go-acme/lego/v4/certificate" - "github.com/go-acme/lego/v4/challenge/dns01" - "github.com/go-acme/lego/v4/lego" - legoLog "github.com/go-acme/lego/v4/log" + + harica "github.com/hm-edu/harica/client" + "github.com/hm-edu/harica/models" "github.com/hm-edu/pki-service/ent" "github.com/hm-edu/pki-service/ent/certificate" @@ -26,10 +19,8 @@ import ( "github.com/hm-edu/pki-service/ent/predicate" "github.com/hm-edu/pki-service/pkg/cfg" pkiHelper "github.com/hm-edu/pki-service/pkg/helper" - "github.com/hm-edu/pki-service/pkg/helper/precheck" pb "github.com/hm-edu/portal-apis" "github.com/hm-edu/portal-common/helper" - "github.com/hm-edu/sectigo-client/sectigo" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" @@ -77,6 +68,7 @@ func mapCertificate(x *ent.Certificate) *pb.SslCertificateDetails { IssuedBy: issuedBy, Created: created, Ca: ca, + TransactionId: x.TransactionId, } } @@ -98,20 +90,26 @@ func (s *sslAPIServer) handleError(msg string, err error, logger *zap.Logger, hu type sslAPIServer struct { pb.UnimplementedSSLServiceServer - client *sectigo.Client - db *ent.Client - cfg *cfg.PKIConfiguration - logger *zap.Logger - legoClient *lego.Client + client *harica.Client + validationClient *harica.Client + db *ent.Client + cfg *cfg.PKIConfiguration + logger *zap.Logger last *time.Time duration *time.Duration } -func newSslAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration, db *ent.Client) *sslAPIServer { - - legoClient := registerAcme(cfg) - instance := &sslAPIServer{client: client, legoClient: legoClient, cfg: cfg, logger: zap.L(), db: db} +func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, error) { + client, err := harica.NewClient(cfg.User, cfg.Password, cfg.TotpSeed) + if err != nil { + return nil, err + } + validationClient, err := harica.NewClient(cfg.ValidationUser, cfg.ValidationPassword, cfg.ValidationTotpSeed) + if err != nil { + return nil, err + } + instance := &sslAPIServer{client: client, validationClient: validationClient, cfg: cfg, logger: zap.L(), db: db} _ = promauto.NewGaugeFunc(prometheus.GaugeOpts{ Name: "ssl_issue_last_duration", Help: "Required time for last SSL Certificates", @@ -132,71 +130,7 @@ func newSslAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration, db *ent. return 0 }) - return instance -} - -func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client { - accountFile := filepath.Join(cfg.AcmeStorage, "reg.json") - keyFile := filepath.Join(cfg.AcmeStorage, "reg.key") - - var account pkiHelper.User - if ok, _ := pkiHelper.FileExists(accountFile); !ok { - // Actually we would not need a private key but the lego API requires one. - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - return nil - } - - account = pkiHelper.User{ - Key: privateKey, Email: cfg.AcmeEmail, - } - - } else { - data, err := os.ReadFile(accountFile) //#nosec - if err != nil { - return nil - } - err = json.Unmarshal(data, &account) - if err != nil { - return nil - } - account.Key, err = pkiHelper.LoadPrivateKey(keyFile) - if err != nil { - return nil - } - - } - legoCfg := lego.NewConfig(&account) - legoCfg.CADirURL = cfg.AcmeServer - legoLog.Logger = pkiHelper.NewZapLogger(zap.L()) - legoCfg.Certificate.Timeout = time.Duration(5) * time.Minute - if account.Registration == nil { - legoClient, err := lego.NewClient(legoCfg) - - if err != nil { - return nil - } - err = pkiHelper.RegisterAcme(legoClient, cfg, account, accountFile, keyFile) - if err != nil { - return nil - } - } - - legoClient, err := lego.NewClient(legoCfg) - if err != nil { - zap.L().Fatal("Failed to create lego client", zap.Error(err)) - } - dns, err := pkiHelper.NewDNSProvider(cfg.DnsConfigs) - if err != nil { - zap.L().Fatal("Failed to create DNS provider", zap.Error(err)) - } - - err = legoClient.Challenge.SetDNS01Provider(dns, dns01.WrapPreCheck(precheck.CheckDNS)) - if err != nil { - zap.L().Fatal("Failed to set DNS01 provider", zap.Error(err)) - } - - return legoClient + return instance, nil } func (s *sslAPIServer) CertificateDetails(ctx context.Context, req *pb.CertificateDetailsRequest) (*pb.SslCertificateDetails, error) { @@ -299,7 +233,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq SetCommonName(sans[0]). SetIssuedBy(req.Issuer). SetSource(req.Source). - SetCa("zerossl"). + SetCa("harica"). AddDomainIDs(ids...). Save(ctx) @@ -315,7 +249,35 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq return s.handleError("Error while storing certificate", err, logger, hub) } - resp, err := s.legoClient.Certificate.ObtainForCSR(legoCert.ObtainForCSRRequest{CSR: csr, Bundle: true}) + orgs, err := s.client.CheckMatchingOrganization(sans) + if err != nil || len(orgs) == 0 { + return s.handleError("Error while checking organization", err, logger, hub) + } + + transaction, err := s.client.RequestCertificate(sans, req.Csr, "OV", orgs[0]) + if err != nil { + return s.handleError("Error while requesting certificate", err, logger, hub) + } + + reviews, err := s.validationClient.GetPendingReviews() + if err != nil { + return s.handleError("Error while fetching pending reviews", err, logger, hub) + } + + logger.Info("Certificate requested. Approving Request", zap.String("transaction_id", transaction.TransactionID)) + for _, r := range reviews { + if r.TransactionID == transaction.TransactionID { + for _, sub := range r.ReviewGetDTOs { + err = s.validationClient.ApproveRequest(sub.ReviewID, "Auto Approval", sub.ReviewValue) + if err != nil { + return s.handleError("Error while approving request", err, logger, hub) + } + } + break + } + } + logger.Info("Request approved. Collecting certificate") + cert, err := s.client.GetCertificate(transaction.TransactionID) if err != nil { return s.handleError("Error while obtaining certificate", err, logger, hub) } @@ -324,8 +286,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq duration := stop.Sub(start) s.duration = &duration s.last = &stop - - certs, err := pkiHelper.ParseCertificates(resp.Certificate) + certs, err := pkiHelper.ParseCertificates([]byte(cert.PemBundle)) if err != nil { return s.handleError("Error parsing certificate", err, logger, hub) } @@ -341,6 +302,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq SetNotAfter(pem.NotAfter). SetNotBefore(pem.NotBefore). SetCreated(stop). + SetTransactionId(transaction.TransactionID). Save(ctx) if err != nil { @@ -376,10 +338,9 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR if err != nil { return errorReturn(err, logger) } - err = s.client.SslService.RevokeBySslID(fmt.Sprint(c.SslId), req.Reason) - if sectigoError, ok := err.(*sectigo.ErrorResponse); ok && sectigoError.Code == -102 { - logger.Info("Certificate already revoked") - } else if err != nil { + logger.Info("Skipping certificate. Not issued by HARICA", zap.Int("id", c.ID)) + err = s.client.RevokeCertificate(models.RevocationReasonsResponse{}, req.Reason, c.TransactionId) + if err != nil { logger.Error("Revoking request failed", zap.Error(err)) return errorReturn(err, logger) } @@ -404,16 +365,16 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR ret := make(chan struct{ err error }, len(certs)) for _, c := range certs { + if c.Ca == nil || *c.Ca != "harica" { + logger.Info("Skipping certificate. Not issued by HARICA", zap.Int("id", c.ID)) + continue + } go func(c *ent.Certificate, ret chan struct{ err error }) { - err := s.client.SslService.RevokeBySslID(fmt.Sprint(c.SslId), req.Reason) + + err = s.client.RevokeCertificate(models.RevocationReasonsResponse{}, req.Reason, c.TransactionId) if err != nil { - if sectigoError, ok := err.(*sectigo.ErrorResponse); ok && sectigoError.Code == -102 { - logger.Info("Certificate already revoked") - } else { - logger.Error("Revoking request failed", zap.Error(err)) - ret <- struct{ err error }{err} - return - } + ret <- struct{ err error }{err} + return } _, err = s.db.Certificate.UpdateOneID(c.ID).SetStatus(certificate.StatusRevoked).Save(ctx) if err != nil { diff --git a/backend/pki-service/pkg/helper/acme.go b/backend/pki-service/pkg/helper/acme.go deleted file mode 100644 index bd734629..00000000 --- a/backend/pki-service/pkg/helper/acme.go +++ /dev/null @@ -1,106 +0,0 @@ -package helper - -import ( - "crypto" - "crypto/x509" - "encoding/json" - "encoding/pem" - "errors" - "os" - - "github.com/go-acme/lego/v4/certcrypto" - "github.com/go-acme/lego/v4/lego" - "github.com/go-acme/lego/v4/registration" - "github.com/hm-edu/pki-service/pkg/cfg" -) - -// User represents an ACME user. -type User struct { - Email string - Registration *registration.Resource - Key crypto.PrivateKey -} - -// GetEmail returns the email of the user. -func (u *User) GetEmail() string { - return u.Email -} - -// GetRegistration returns the registration resource of the user. -func (u User) GetRegistration() *registration.Resource { - return u.Registration -} - -// GetPrivateKey returns the private key of the user. -func (u *User) GetPrivateKey() crypto.PrivateKey { - return u.Key -} - -// RegisterAcme performs a new registration and stores the registration in the given file. -func RegisterAcme(client *lego.Client, config *cfg.PKIConfiguration, account User, accountFile string, keyFile string) error { - reg, err := client.Registration.RegisterWithExternalAccountBinding( - registration.RegisterEABOptions{ - TermsOfServiceAgreed: true, - Kid: config.AcmeKid, - HmacEncoded: config.AcmeHmac, - }) - if err != nil { - return err - } - - account.Registration = reg - data, err := json.Marshal(account) - if err != nil { - return err - } - err = os.WriteFile(accountFile, data, 0600) - if err != nil { - return err - } - certOut, err := os.OpenFile(keyFile, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) //#nosec - if err != nil { - return err - } - - defer func(certOut *os.File) { - _ = certOut.Close() - }(certOut) - - pemKey := certcrypto.PEMBlock(account.Key) - err = pem.Encode(certOut, pemKey) - if err != nil { - return err - } - return nil -} - -// FileExists checks whether a file exists. -func FileExists(name string) (bool, error) { - _, err := os.Stat(name) - if err == nil { - return true, nil - } - if errors.Is(err, os.ErrNotExist) { - return false, nil - } - return false, err -} - -// LoadPrivateKey loads a private key from a file. -func LoadPrivateKey(file string) (crypto.PrivateKey, error) { - keyBytes, err := os.ReadFile(file) //#nosec - if err != nil { - return nil, err - } - - keyBlock, _ := pem.Decode(keyBytes) - - switch keyBlock.Type { - case "RSA PRIVATE KEY": - return x509.ParsePKCS1PrivateKey(keyBlock.Bytes) - case "EC PRIVATE KEY": - return x509.ParseECPrivateKey(keyBlock.Bytes) - } - - return nil, errors.New("unknown private key type") -} diff --git a/backend/pki-service/pkg/helper/dns.go b/backend/pki-service/pkg/helper/dns.go deleted file mode 100644 index a7dd6be8..00000000 --- a/backend/pki-service/pkg/helper/dns.go +++ /dev/null @@ -1,194 +0,0 @@ -package helper - -import ( - "fmt" - "os" - "strings" - "time" - - "github.com/go-acme/lego/v4/challenge/dns01" - portalCommon "github.com/hm-edu/portal-common/helper" - "github.com/miekg/dns" - "go.uber.org/zap" - "gopkg.in/yaml.v3" -) - -const ( - // maximum time DNS client can be off from server for an update to succeed - clockSkew = 300 - - // maximum size of a UDP transport message in DNS protocol - udpMaxMsgSize = 512 -) - -type ProviderConfig struct { - BaseDomain string `yaml:"base_domain"` - ReadNameserver string `yaml:"read_nameserver"` - WriteNameserver string `yaml:"write_nameserver"` - TsigKeyName string `yaml:"tsig_key_name"` - TsigSecret string `yaml:"tsig_secret"` - TsigSecretAlg string `yaml:"tsig_secret_alg"` - Net string `yaml:"net"` -} - -type DNSProvider struct { - Configs []*ProviderConfig -} - -func NewDNSProvider(config string) (*DNSProvider, error) { - data, err := os.ReadFile(config) - if err != nil { - fmt.Println("Error reading config file: ", err) - return nil, err - } - - providerConfigs := make([]*ProviderConfig, 0) - err = yaml.Unmarshal(data, &providerConfigs) - - if err != nil { - fmt.Println("Error unmarshalling config file: ", err) - return nil, err - } - - return &DNSProvider{ - Configs: providerConfigs, - }, nil -} - -// List returns the current list of records. -func (r ProviderConfig) List() ([]dns.RR, error) { - m := new(dns.Msg) - m.SetAxfr(r.BaseDomain) - t := new(dns.Transfer) - t.TsigSecret = map[string]string{r.TsigKeyName: r.TsigSecret} - m.SetTsig(r.TsigKeyName, r.TsigSecretAlg, clockSkew, time.Now().Unix()) - if r.TsigSecretAlg == dns.HmacMD5 { - t.TsigProvider = portalCommon.Md5provider(r.TsigSecret) - } - env, err := t.In(m, r.ReadNameserver) - if err != nil { - return nil, fmt.Errorf("failed to fetch records: %v", err) - } - - records := make([]dns.RR, 0) - for e := range env { - if e.Error != nil { - continue - } - records = append(records, e.RR...) - } - - return records, nil -} - -// Add adds the given records to the zone. -func (r ProviderConfig) Add(entries []dns.RR) error { - m := new(dns.Msg) - m.SetUpdate(r.BaseDomain) - m.Insert(entries) - return r.sendMessage(m) - -} - -// Delete removes the given records from the zone. -func (r ProviderConfig) Delete(entries []dns.RR) error { - m := new(dns.Msg) - m.SetUpdate(r.BaseDomain) - m.Remove(entries) - return r.sendMessage(m) -} - -func (r ProviderConfig) sendMessage(msg *dns.Msg) error { - - c := new(dns.Client) - - c.TsigSecret = map[string]string{r.TsigKeyName: r.TsigSecret} - msg.SetTsig(r.TsigKeyName, r.TsigSecretAlg, clockSkew, time.Now().Unix()) - if r.TsigSecretAlg == dns.HmacMD5 { - c.TsigProvider = portalCommon.Md5provider(r.TsigSecret) - } - if msg.Len() > udpMaxMsgSize || r.Net == "tcp" { - c.Net = "tcp" - } - resp, _, err := c.Exchange(msg, r.WriteNameserver) - if resp == nil { - return fmt.Errorf("no response received") - } - if err != nil { - return err - } - if resp.Rcode != dns.RcodeSuccess { - return fmt.Errorf("bad return code: %s", dns.RcodeToString[resp.Rcode]) - } - return nil -} - -func (d *DNSProvider) Present(domain, token, keyAuth string) error { - info := dns01.GetChallengeInfo(domain, keyAuth) - // Get the DNS Provider with the best matching domain - // Check if the currently selected config is more specific than the previous one - matchingConfig, err := d.matchingProvider(info) - if err != nil { - return err - } - zap.L().Info("Using DNS provider for domain", zap.String("provider", matchingConfig.BaseDomain)) - - // Use the matching DNS provider to create the TXT record - rr := new(dns.TXT) - rr.Hdr = dns.RR_Header{Name: info.FQDN, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 60} - rr.Txt = []string{info.Value} - - err = matchingConfig.Add([]dns.RR{rr}) - if err != nil { - return fmt.Errorf("error adding TXT record: %v", err) - } - zap.L().Info("Successfully added TXT record", zap.String("fqdn", info.FQDN)) - return nil -} - -func (d *DNSProvider) matchingProvider(info dns01.ChallengeInfo) (*ProviderConfig, error) { - var matchingConfig *ProviderConfig - matchingConfig = nil - log := zap.L() - log.Info("Searching for DNS provider for domain", zap.String("fqdn", info.FQDN)) - for _, config := range d.Configs { - - if strings.HasSuffix(dns.Fqdn(info.FQDN), fmt.Sprintf(".%s", dns.Fqdn(config.BaseDomain))) { - if matchingConfig == nil { - matchingConfig = config - continue - } - - if len(strings.Split(config.BaseDomain, ".")) > len(strings.Split(matchingConfig.BaseDomain, ".")) { - matchingConfig = config - } - } else { - log.Info("Domain does not match", zap.String("fqdn", info.FQDN), zap.String("provider", config.BaseDomain)) - } - } - - if matchingConfig == nil { - return nil, fmt.Errorf("no matching DNS provider found for domain %s", info.FQDN) - } - return matchingConfig, nil -} - -func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error { - // clean up any state you created in Present, like removing the TXT record - info := dns01.GetChallengeInfo(domain, keyAuth) - // Get the DNS Provider with the best matching domain - provider, err := d.matchingProvider(info) - if err != nil { - return err - } - rr := new(dns.TXT) - rr.Hdr = dns.RR_Header{Name: info.FQDN, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 60} - rr.Txt = []string{info.Value} - - err = provider.Delete([]dns.RR{rr}) - if err != nil { - return fmt.Errorf("error deleting TXT record: %v", err) - } - - return nil -} diff --git a/backend/pki-service/pkg/helper/precheck/validation.go b/backend/pki-service/pkg/helper/precheck/validation.go deleted file mode 100644 index 5fa5ce54..00000000 --- a/backend/pki-service/pkg/helper/precheck/validation.go +++ /dev/null @@ -1,91 +0,0 @@ -package precheck - -import ( - "fmt" - "net" - "time" - - "github.com/go-acme/lego/v4/challenge/dns01" - "github.com/miekg/dns" - "go.uber.org/zap" -) - -func CheckDNS(domain, fqdn, value string, _ dns01.PreCheckFunc) (bool, error) { - for _, ns := range []string{"1.1.1.1", "8.8.8.8"} { - data, err := LookupTxt(fqdn, ns) - if err != nil { - return false, err - } - found := false - for _, txt := range data { - if txt == value { - found = true - continue - } - } - if !found { - return false, fmt.Errorf("TXT record not found") - } - } - zap.L().Sugar().Infof("TXT record found for %s", fqdn) - return true, nil -} - -var timeouts = []time.Duration{(time.Second * 1), (time.Second * 1), (time.Second * 2), (time.Second * 4), (time.Second * 2)} - -func ResolveWithTimeout(name, resolver string, qtype, qclass uint16) (*dns.Msg, error) { - client := new(dns.Client) - msg := &dns.Msg{ - MsgHdr: dns.MsgHdr{ - Id: dns.Id(), - RecursionDesired: true, - }, - Question: []dns.Question{{Name: dns.Fqdn(name), Qtype: qtype, Qclass: qclass}}, - } - msg.AuthenticatedData = true - msg.SetEdns0(4096, true) - - for i := 0; i < len(timeouts); i++ { - - client.Timeout = timeouts[i] - resp, _, err := client.Exchange(msg, fmt.Sprintf("%s:53", resolver)) - if err == nil && resp.Truncated { - tcpConn, _ := dns.Dial("tcp", fmt.Sprintf("%s:53", resolver)) - resp, _, err = client.ExchangeWithConn(msg, tcpConn) - } - if err != nil { - if err, ok := err.(net.Error); ok && err.Timeout() { - zap.L().Sugar().Warnf("Timeout querying %s records '%s' after %v", dns.TypeToString[qtype], name, timeouts[i]) - continue - } - return nil, err - } - - return resp, nil - - } - return nil, &net.DNSError{ - Name: name, - Err: "Final timeout.", - IsTimeout: true, - } -} - -func LookupTxt(name, resolver string) ([]string, error) { - zap.L().Sugar().Infof("Using custom resolver %s for lookup of %s", resolver, name) - resp, err := ResolveWithTimeout(name, resolver, dns.TypeTXT, dns.ClassINET) - if err != nil { - zap.L().Sugar().Warnf("Failed to lookup %s: %v", name, err) - return nil, err - } - data := []string{} - - // Check if TXT records are present - for _, answer := range resp.Answer { - if txt, ok := answer.(*dns.TXT); ok { - zap.L().Sugar().Infof("Resolved TXT records for %s: %s", name, txt.Txt) - data = append(data, txt.Txt...) - } - } - return data, nil -} diff --git a/backend/pki-service/pkg/worker/syncer.go b/backend/pki-service/pkg/worker/syncer.go deleted file mode 100644 index 3dabba7a..00000000 --- a/backend/pki-service/pkg/worker/syncer.go +++ /dev/null @@ -1,119 +0,0 @@ -package worker - -import ( - "context" - "sync" - - "github.com/hm-edu/pki-service/ent" - "github.com/hm-edu/pki-service/ent/certificate" - "github.com/hm-edu/pki-service/ent/domain" - - pkiHelper "github.com/hm-edu/pki-service/pkg/helper" - "github.com/hm-edu/sectigo-client/sectigo" - "github.com/hm-edu/sectigo-client/sectigo/ssl" - - "go.uber.org/zap" -) - -// Syncer holds the sectigo client and the database instance. -type Syncer struct { - Client *sectigo.Client - Db *ent.Client -} - -// SyncAllCertificates downloads all available information from the Sectigo API and stores it in the database. -func (s *Syncer) SyncAllCertificates() { - logger := zap.L() - ctx := context.Background() - certs, certificates, err := s.Client.SslService.List(&ssl.ListSSLRequest{Size: 200}) - - if err != nil { - logger.Fatal("Error while listing certificates", zap.Error(err)) - return - } - offset := 0 - for { - var wg sync.WaitGroup - details := []*ssl.Details{} - for _, cert := range *certs { - wg.Add(1) - go func(cert ssl.ListItem) { - defer wg.Done() - item, err := s.Client.SslService.Details(cert.SslID) - if err != nil { - logger.Error("Error while getting certificate details", zap.Error(err), zap.Int("id", cert.SslID)) - return - } - // In the the requested time is empty due to the ACME issuance. - if item.Requested == nil { - cert, err := s.Client.SslService.Collect(item.SslID, "x509CO") - if err != nil { - logger.Error("Error while collecting certificate", zap.Error(err), zap.Int("id", item.SslID)) - return - } - certs, err := pkiHelper.ParseCertificates([]byte(*cert)) - if err != nil { - logger.Error("Error while parsing certificate", zap.Error(err), zap.Int("id", item.SslID)) - return - } - item.Requested = &ssl.JSONDate{Time: certs[0].NotBefore} - } - details = append(details, item) - }(cert) - } - wg.Wait() - logger.Info("Got certificate details for certificates", zap.Int("count", len(details))) - for _, item := range details { - if item.SerialNumber == "" { - continue - } - logger.Info("Updating certificate", zap.Int("id", item.SslID), zap.String("serial", item.SerialNumber)) - sans := []string{item.CommonName} - - for _, domain := range item.SubjectAlternativeNames { - if domain != item.CommonName { - sans = append(sans, domain) - } - } - ids := []int{} - - for _, fqdn := range sans { - id, err := s.Db.Domain.Create().SetFqdn(fqdn).OnConflictColumns(domain.FieldFqdn).Ignore().ID(ctx) - - if err != nil { - logger.Error("Error while creating domain", zap.Error(err)) - continue - } - ids = append(ids, id) - } - - creator := s.Db.Certificate.Create().SetCommonName(item.CommonName).SetSslId(item.SslID).SetNotAfter(item.Expires.Time).SetSerial(pkiHelper.NormalizeSerial(item.SerialNumber)) - - if item.Requested != nil { - creator.SetNotBefore(item.Requested.Time) - } - creator.SetStatus(certificate.Status(item.Status)) - id, err := creator.OnConflictColumns(certificate.FieldSerial).UpdateNewValues().ID(ctx) - if err != nil { - logger.Error("Error while creating certificate", zap.Error(err)) - } - - _, err = s.Db.Certificate.UpdateOneID(id).ClearDomains().AddDomainIDs(ids...).Save(ctx) - if err != nil { - logger.Error("Error while creating certificate", zap.Error(err)) - } - } - certificates -= len(*certs) - if certificates <= 0 { - break - } - offset += len(*certs) - certs, _, err = s.Client.SslService.List(&ssl.ListSSLRequest{Size: 200, Position: offset}) - - if err != nil { - logger.Fatal("Error while listing certificates", zap.Error(err)) - return - } - } - -} diff --git a/backend/validation-service/go.mod b/backend/validation-service/go.mod index 2fee8616..1d5f7dac 100644 --- a/backend/validation-service/go.mod +++ b/backend/validation-service/go.mod @@ -59,7 +59,6 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect go.opentelemetry.io/otel v1.33.0 go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/backend/validation-service/go.sum b/backend/validation-service/go.sum index fbac699c..9f984ffb 100644 --- a/backend/validation-service/go.sum +++ b/backend/validation-service/go.sum @@ -140,8 +140,6 @@ github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQ github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= From 07fadc07204ee95f485d4be0afde9ab0793dbeb1 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Tue, 7 Jan 2025 08:04:39 +0100 Subject: [PATCH 11/24] feat: add arguments --- backend/pki-service/cmd/run.go | 13 +++++++++++++ backend/pki-service/go.mod | 9 +++++---- backend/pki-service/go.sum | 14 ++++++++++++-- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 21e4c626..5318eada 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -105,4 +105,17 @@ func init() { runCmd.Flags().String("mail_to", "", "Optional param to send notifications to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_bcc", "", "Optional param to send notifications as blind copy to a specific mail address instead of the orignal issuer.") runCmd.Flags().String("mail_from", "", "The mail from") + runCmd.Flags().String("user", "", "The user for the HARICA API") + runCmd.Flags().String("password", "", "The password for the HARICA API") + runCmd.Flags().String("totp_seed", "", "The totp seed for the HARICA API") + runCmd.Flags().String("validation_user", "", "The user for the HARICA API") + runCmd.Flags().String("validation_password", "", "The password for the HARICA API") + runCmd.Flags().String("validation_totp_seed", "", "The totp seed for the HARICA API") + + _ = runCmd.MarkFlagRequired("user") + _ = runCmd.MarkFlagRequired("password") + _ = runCmd.MarkFlagRequired("totp_seed") + _ = runCmd.MarkFlagRequired("validation_user") + _ = runCmd.MarkFlagRequired("validation_password") + _ = runCmd.MarkFlagRequired("validation_totp_seed") } diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index fbfdedbc..635c4e6b 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -7,8 +7,8 @@ toolchain go1.23.4 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 - github.com/getsentry/sentry-go v0.30.0 - github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c + github.com/getsentry/sentry-go v0.31.1 + github.com/hm-edu/harica v1.0.0 github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 @@ -17,10 +17,11 @@ require ( require ( github.com/boombuler/barcode v1.0.2 // indirect + github.com/getsentry/sentry-go/echo v0.31.1 // indirect github.com/go-co-op/gocron/v2 v2.14.0 // indirect github.com/go-resty/resty/v2 v2.16.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/jonboulle/clockwork v0.4.0 // indirect + github.com/jonboulle/clockwork v0.5.0 // indirect github.com/magiconair/properties v1.8.9 // indirect github.com/pquerna/otp v1.4.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect @@ -87,7 +88,7 @@ require ( golang.org/x/sync v0.10.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index c5bcac11..914924d5 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -52,6 +52,10 @@ github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLb github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM= github.com/getsentry/sentry-go v0.30.0 h1:lWUwDnY7sKHaVIoZ9wYqRHJ5iEmoc0pqcRqFkosKzBo= github.com/getsentry/sentry-go v0.30.0/go.mod h1:WU9B9/1/sHDqeV8T+3VwwbjeR5MSXs/6aqG3mqZrezA= +github.com/getsentry/sentry-go v0.31.1 h1:ELVc0h7gwyhnXHDouXkhqTFSO5oslsRDk0++eyE0KJ4= +github.com/getsentry/sentry-go v0.31.1/go.mod h1:CYNcMMz73YigoHljQRG+qPF+eMq8gG72XcGN/p71BAY= +github.com/getsentry/sentry-go/echo v0.31.1 h1:bGY2QrNq5PovERoQBwyfJtQixjptHC06gLiAlF0WUPc= +github.com/getsentry/sentry-go/echo v0.31.1/go.mod h1:2gHa20EVxDNNTJY+Cq4Eqr8A0Z6UEULh4ImSsVMSRUg= github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0= github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= github.com/go-co-op/gocron/v2 v2.14.0 h1:bWPJeIdd4ioqiEpLLD1BVSTrtae7WABhX/WaVJbKVqg= @@ -105,14 +109,15 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c h1:CEakS1zi7u5aOVU9kXEZ4bT5P3DVZR9icV24YhSLtIU= -github.com/hm-edu/harica v0.0.0-20250102061629-52e03afeef0c/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= +github.com/hm-edu/harica v1.0.0 h1:Jg/v4osf9BmizgFQq5MmvdTndFrRH64BU7arjL3y6IQ= +github.com/hm-edu/harica v1.0.0/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= github.com/invopop/yaml v0.3.1/go.mod h1:PMOp3nn4/12yEZUFfmOuNHJsZToEEOwoWsT+D81KkeA= +github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= @@ -133,6 +138,7 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= @@ -170,6 +176,8 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I= +github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -484,6 +492,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= From 2a6676548abe1374dbd6727afae4e859e2f054ce Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Tue, 7 Jan 2025 08:15:47 +0100 Subject: [PATCH 12/24] feat: make args optional to respect env --- backend/pki-service/cmd/run.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 5318eada..2293c879 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -111,11 +111,4 @@ func init() { runCmd.Flags().String("validation_user", "", "The user for the HARICA API") runCmd.Flags().String("validation_password", "", "The password for the HARICA API") runCmd.Flags().String("validation_totp_seed", "", "The totp seed for the HARICA API") - - _ = runCmd.MarkFlagRequired("user") - _ = runCmd.MarkFlagRequired("password") - _ = runCmd.MarkFlagRequired("totp_seed") - _ = runCmd.MarkFlagRequired("validation_user") - _ = runCmd.MarkFlagRequired("validation_password") - _ = runCmd.MarkFlagRequired("validation_totp_seed") } From 9c41585cc7afbb67ebd6b137d5cc63deeecbdae9 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Tue, 7 Jan 2025 09:06:31 +0100 Subject: [PATCH 13/24] feat: implement revocation --- backend/pki-service/pkg/grpc/server.go | 4 ++-- backend/pki-service/pkg/grpc/ssl.go | 21 +++++++++++++++++++-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/backend/pki-service/pkg/grpc/server.go b/backend/pki-service/pkg/grpc/server.go index 0d5686eb..228be4af 100644 --- a/backend/pki-service/pkg/grpc/server.go +++ b/backend/pki-service/pkg/grpc/server.go @@ -38,10 +38,10 @@ type Config struct { } // NewServer creates a new GRPC server -func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.PKIConfiguration, db *ent.Client) (*Server, error) { +func NewServer(config *Config, logger *zap.Logger, pkiCfg *cfg.PKIConfiguration, db *ent.Client) (*Server, error) { srv := &Server{ logger: logger, - pkiCfg: sectigoCfg, + pkiCfg: pkiCfg, config: config, db: db, } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 503ca25f..3858d598 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -338,8 +338,25 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR if err != nil { return errorReturn(err, logger) } - logger.Info("Skipping certificate. Not issued by HARICA", zap.Int("id", c.ID)) - err = s.client.RevokeCertificate(models.RevocationReasonsResponse{}, req.Reason, c.TransactionId) + if c.Ca == nil || *c.Ca != "harica" { + logger.Info("Skipping certificate. Not issued by HARICA", zap.Int("id", c.ID)) + return &emptypb.Empty{}, nil + } + reasons, err := s.client.GetRevocationReasons() + if err != nil { + return errorReturn(err, logger) + } + var reason *models.RevocationReasonsResponse + for _, r := range reasons { + if r.Name == "4.9.1.1.1.1" { + reason = &r + break + } + } + if reason == nil { + return errorReturn(fmt.Errorf("Revocation reason not found"), logger) + } + err = s.client.RevokeCertificate(*reason, req.Reason, c.TransactionId) if err != nil { logger.Error("Revoking request failed", zap.Error(err)) return errorReturn(err, logger) From afbf84744301808bfcb54abbf89bdef57048f5aa Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Tue, 7 Jan 2025 13:33:22 +0100 Subject: [PATCH 14/24] feat: debug revocation bug --- backend/pki-service/pkg/grpc/ssl.go | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 3858d598..60b46f66 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -356,6 +356,7 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR if reason == nil { return errorReturn(fmt.Errorf("Revocation reason not found"), logger) } + logger.Info("Revoking certificate", zap.String("transaction_id", c.TransactionId), zap.String("reason", reason.Name), zap.String("description", req.Reason)) err = s.client.RevokeCertificate(*reason, req.Reason, c.TransactionId) if err != nil { logger.Error("Revoking request failed", zap.Error(err)) From 34d40752237a549a9cebac205a105598d01974e7 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Tue, 7 Jan 2025 13:40:52 +0100 Subject: [PATCH 15/24] fix: use correct client --- backend/pki-service/pkg/grpc/ssl.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 60b46f66..32a10d14 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -357,7 +357,7 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR return errorReturn(fmt.Errorf("Revocation reason not found"), logger) } logger.Info("Revoking certificate", zap.String("transaction_id", c.TransactionId), zap.String("reason", reason.Name), zap.String("description", req.Reason)) - err = s.client.RevokeCertificate(*reason, req.Reason, c.TransactionId) + err = s.validationClient.RevokeCertificate(*reason, req.Reason, c.TransactionId) if err != nil { logger.Error("Revoking request failed", zap.Error(err)) return errorReturn(err, logger) @@ -389,7 +389,7 @@ func (s *sslAPIServer) RevokeCertificate(ctx context.Context, req *pb.RevokeSslR } go func(c *ent.Certificate, ret chan struct{ err error }) { - err = s.client.RevokeCertificate(models.RevocationReasonsResponse{}, req.Reason, c.TransactionId) + err = s.validationClient.RevokeCertificate(models.RevocationReasonsResponse{}, req.Reason, c.TransactionId) if err != nil { ret <- struct{ err error }{err} return From b3227ed145a1eb812dea7e6371a4dfc5d64c8c57 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Wed, 8 Jan 2025 19:18:23 +0100 Subject: [PATCH 16/24] feat: debug refresh ... --- backend/pki-service/go.mod | 24 ++++++++++++------------ backend/pki-service/go.sum | 24 ++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index 635c4e6b..77a33298 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -8,7 +8,7 @@ require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.31.1 - github.com/hm-edu/harica v1.0.0 + github.com/hm-edu/harica v1.0.1 github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 @@ -18,7 +18,7 @@ require ( require ( github.com/boombuler/barcode v1.0.2 // indirect github.com/getsentry/sentry-go/echo v0.31.1 // indirect - github.com/go-co-op/gocron/v2 v2.14.0 // indirect + github.com/go-co-op/gocron/v2 v2.14.1 // indirect github.com/go-resty/resty/v2 v2.16.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/jonboulle/clockwork v0.5.0 // indirect @@ -29,7 +29,7 @@ require ( ) require ( - ariga.io/atlas v0.29.1 // indirect + ariga.io/atlas v0.30.0 // indirect github.com/KyleBanks/depth v1.2.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -80,15 +80,15 @@ require ( github.com/swaggo/swag v1.16.4 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - github.com/zclconf/go-cty v1.15.1 // indirect + github.com/zclconf/go-cty v1.16.0 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/time v0.8.0 // indirect - golang.org/x/tools v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect + golang.org/x/time v0.9.0 // indirect + golang.org/x/tools v0.29.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -98,7 +98,7 @@ require ( go.opentelemetry.io/otel/sdk v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect - google.golang.org/protobuf v1.36.1 + google.golang.org/protobuf v1.36.2 ) require ( @@ -109,8 +109,8 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/spf13/cast v1.7.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - golang.org/x/net v0.33.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/net v0.34.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect google.golang.org/grpc v1.69.2 gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 914924d5..85a7ed7b 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -1,5 +1,7 @@ ariga.io/atlas v0.29.1 h1:7gB8XRFTnJeZ7ZiccNCJqwBtUv3yjFyxRFDMzu0AmRg= ariga.io/atlas v0.29.1/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= +ariga.io/atlas v0.30.0 h1:Tyi4A1LXDp9VB+EO51e8Xacsw31uJge9fr5pmd3TL9U= +ariga.io/atlas v0.30.0/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= entgo.io/ent v0.14.1 h1:fUERL506Pqr92EPHJqr8EYxbPioflJo6PudkrEA8a/s= entgo.io/ent v0.14.1/go.mod h1:MH6XLG0KXpkcDQhKiHfANZSzR55TJyPL5IGNpI8wpco= @@ -60,6 +62,8 @@ github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= github.com/go-co-op/gocron/v2 v2.14.0 h1:bWPJeIdd4ioqiEpLLD1BVSTrtae7WABhX/WaVJbKVqg= github.com/go-co-op/gocron/v2 v2.14.0/go.mod h1:ZF70ZwEqz0OO4RBXE1sNxnANy/zvwLcattWEFsqpKig= +github.com/go-co-op/gocron/v2 v2.14.1 h1:bwWMkX2rNfS6RqBmUAfkDuOPKl/BRCRCrmuAv8flrOQ= +github.com/go-co-op/gocron/v2 v2.14.1/go.mod h1:ZF70ZwEqz0OO4RBXE1sNxnANy/zvwLcattWEFsqpKig= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -111,6 +115,8 @@ github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3q github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hm-edu/harica v1.0.0 h1:Jg/v4osf9BmizgFQq5MmvdTndFrRH64BU7arjL3y6IQ= github.com/hm-edu/harica v1.0.0/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= +github.com/hm-edu/harica v1.0.1 h1:BT9hqiXW40TT0S3BX/drlhxukdxzJufwoWid2Crz0Tc= +github.com/hm-edu/harica v1.0.1/go.mod h1:cgr/m0VeGD+Bx7CTTWVb64G9cy95IfAwNHRMErquVjc= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -323,6 +329,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0= github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.16.0 h1:xPKEhst+BW5D0wxebMZkxgapvOE/dw7bFTlgSc9nD6w= +github.com/zclconf/go-cty v1.16.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= @@ -376,9 +384,13 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -407,6 +419,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -441,6 +455,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -460,6 +476,8 @@ golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -479,6 +497,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -494,6 +514,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= @@ -503,6 +525,8 @@ google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= +google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 18ede00d5d8610d2a990938b57118a381f951e60 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Wed, 8 Jan 2025 19:51:21 +0100 Subject: [PATCH 17/24] feat: use debug version for token refresh --- backend/pki-service/go.mod | 2 +- backend/pki-service/go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index 77a33298..019ebc61 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -8,7 +8,7 @@ require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.31.1 - github.com/hm-edu/harica v1.0.1 + github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933 github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 85a7ed7b..5e5b10de 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -113,6 +113,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= +github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933 h1:71+/1iQVjiP2+pR1Oc8e3sV4yUPP1MGn3vJUAAz9LgA= +github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933/go.mod h1:cgr/m0VeGD+Bx7CTTWVb64G9cy95IfAwNHRMErquVjc= github.com/hm-edu/harica v1.0.0 h1:Jg/v4osf9BmizgFQq5MmvdTndFrRH64BU7arjL3y6IQ= github.com/hm-edu/harica v1.0.0/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= github.com/hm-edu/harica v1.0.1 h1:BT9hqiXW40TT0S3BX/drlhxukdxzJufwoWid2Crz0Tc= From 46703991f88445cdc7d38969bfc29b2c1d6420b1 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Wed, 8 Jan 2025 20:40:14 +0100 Subject: [PATCH 18/24] feat: try get refresh working --- backend/pki-service/go.mod | 4 +-- backend/pki-service/go.sum | 42 ++--------------------------- backend/pki-service/pkg/grpc/ssl.go | 17 ++++++++++-- 3 files changed, 18 insertions(+), 45 deletions(-) diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index 019ebc61..9926af77 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -8,7 +8,7 @@ require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.31.1 - github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933 + github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5 github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 @@ -18,10 +18,8 @@ require ( require ( github.com/boombuler/barcode v1.0.2 // indirect github.com/getsentry/sentry-go/echo v0.31.1 // indirect - github.com/go-co-op/gocron/v2 v2.14.1 // indirect github.com/go-resty/resty/v2 v2.16.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/jonboulle/clockwork v0.5.0 // indirect github.com/magiconair/properties v1.8.9 // indirect github.com/pquerna/otp v1.4.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 5e5b10de..765cf387 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -1,5 +1,3 @@ -ariga.io/atlas v0.29.1 h1:7gB8XRFTnJeZ7ZiccNCJqwBtUv3yjFyxRFDMzu0AmRg= -ariga.io/atlas v0.29.1/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= ariga.io/atlas v0.30.0 h1:Tyi4A1LXDp9VB+EO51e8Xacsw31uJge9fr5pmd3TL9U= ariga.io/atlas v0.30.0/go.mod h1:lkLAw/t2/P7g5CFYlYmHvNuShlmGujwm3OGsW00xowI= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -52,18 +50,12 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/ github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLbITSp4= github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM= -github.com/getsentry/sentry-go v0.30.0 h1:lWUwDnY7sKHaVIoZ9wYqRHJ5iEmoc0pqcRqFkosKzBo= -github.com/getsentry/sentry-go v0.30.0/go.mod h1:WU9B9/1/sHDqeV8T+3VwwbjeR5MSXs/6aqG3mqZrezA= github.com/getsentry/sentry-go v0.31.1 h1:ELVc0h7gwyhnXHDouXkhqTFSO5oslsRDk0++eyE0KJ4= github.com/getsentry/sentry-go v0.31.1/go.mod h1:CYNcMMz73YigoHljQRG+qPF+eMq8gG72XcGN/p71BAY= github.com/getsentry/sentry-go/echo v0.31.1 h1:bGY2QrNq5PovERoQBwyfJtQixjptHC06gLiAlF0WUPc= github.com/getsentry/sentry-go/echo v0.31.1/go.mod h1:2gHa20EVxDNNTJY+Cq4Eqr8A0Z6UEULh4ImSsVMSRUg= github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0= github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= -github.com/go-co-op/gocron/v2 v2.14.0 h1:bWPJeIdd4ioqiEpLLD1BVSTrtae7WABhX/WaVJbKVqg= -github.com/go-co-op/gocron/v2 v2.14.0/go.mod h1:ZF70ZwEqz0OO4RBXE1sNxnANy/zvwLcattWEFsqpKig= -github.com/go-co-op/gocron/v2 v2.14.1 h1:bwWMkX2rNfS6RqBmUAfkDuOPKl/BRCRCrmuAv8flrOQ= -github.com/go-co-op/gocron/v2 v2.14.1/go.mod h1:ZF70ZwEqz0OO4RBXE1sNxnANy/zvwLcattWEFsqpKig= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -113,19 +105,14 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933 h1:71+/1iQVjiP2+pR1Oc8e3sV4yUPP1MGn3vJUAAz9LgA= -github.com/hm-edu/harica v0.0.0-20250108184730-ea05769d6933/go.mod h1:cgr/m0VeGD+Bx7CTTWVb64G9cy95IfAwNHRMErquVjc= -github.com/hm-edu/harica v1.0.0 h1:Jg/v4osf9BmizgFQq5MmvdTndFrRH64BU7arjL3y6IQ= -github.com/hm-edu/harica v1.0.0/go.mod h1:RY/5HFe3u+e4Y1eiLRGYKxsDl2qV7vRhvcQGJuTaIhE= -github.com/hm-edu/harica v1.0.1 h1:BT9hqiXW40TT0S3BX/drlhxukdxzJufwoWid2Crz0Tc= -github.com/hm-edu/harica v1.0.1/go.mod h1:cgr/m0VeGD+Bx7CTTWVb64G9cy95IfAwNHRMErquVjc= +github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5 h1:ivv21dhuJJSS2/LcAATO7eeUU9R6x5BevqQyK5pvUzE= +github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5/go.mod h1:EIK0hbCv3C6hJzZdol6yb9JYkjsyTSV8F1Lmr/D4xGE= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= github.com/invopop/yaml v0.3.1/go.mod h1:PMOp3nn4/12yEZUFfmOuNHJsZToEEOwoWsT+D81KkeA= -github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= @@ -146,7 +133,6 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= @@ -182,10 +168,6 @@ github.com/johnbellone/grpc-middleware-sentry v0.4.0 h1:4Ojhjv+/1skH2wLMkNGWtYHo github.com/johnbellone/grpc-middleware-sentry v0.4.0/go.mod h1:o017YrGIUqWfhPMbcg/Jg2CTeLTdbGRkuEQywqcDVqY= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= -github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= -github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= -github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I= -github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -329,8 +311,6 @@ github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0= -github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty v1.16.0 h1:xPKEhst+BW5D0wxebMZkxgapvOE/dw7bFTlgSc9nD6w= github.com/zclconf/go-cty v1.16.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= @@ -384,13 +364,9 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -419,8 +395,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -455,8 +429,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -476,8 +448,6 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -497,8 +467,6 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= -golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -512,10 +480,6 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def h1:4P81qv5JXI/sDNae2ClVx88cgDDA6DPilADkG9tYKz8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241230172942-26aa7a208def/go.mod h1:bdAgzvd4kFrpykc5/AC2eLUiegK9T/qxZHD4hXYf/ho= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw= google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -525,8 +489,6 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 32a10d14..74f8587a 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -9,6 +9,7 @@ import ( "github.com/TheZeroSlave/zapsentry" "github.com/getsentry/sentry-go" + "github.com/go-co-op/gocron" harica "github.com/hm-edu/harica/client" "github.com/hm-edu/harica/models" @@ -101,11 +102,11 @@ type sslAPIServer struct { } func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, error) { - client, err := harica.NewClient(cfg.User, cfg.Password, cfg.TotpSeed) + client, err := harica.NewClient(cfg.User, cfg.Password, cfg.TotpSeed, harica.WithRefreshInterval(5*time.Minute)) if err != nil { return nil, err } - validationClient, err := harica.NewClient(cfg.ValidationUser, cfg.ValidationPassword, cfg.ValidationTotpSeed) + validationClient, err := harica.NewClient(cfg.ValidationUser, cfg.ValidationPassword, cfg.ValidationTotpSeed, harica.WithRefreshInterval(5*time.Minute)) if err != nil { return nil, err } @@ -130,6 +131,18 @@ func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, return 0 }) + s := gocron.NewScheduler(time.UTC) + s.Every(5).Minutes().Do(func() { + err := client.SessionRefresh() + if err != nil { + instance.logger.Error("Error refreshing client", zap.Error(err)) + } + err = validationClient.SessionRefresh() + if err != nil { + instance.logger.Error("Error refreshing validation client", zap.Error(err)) + } + }) + s.StartAsync() return instance, nil } From b97ce3dc82d20920708297da8f642f034c96e166 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Wed, 8 Jan 2025 20:53:27 +0100 Subject: [PATCH 19/24] feat: add force function --- backend/pki-service/go.mod | 2 +- backend/pki-service/go.sum | 4 ++-- backend/pki-service/pkg/grpc/ssl.go | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/pki-service/go.mod b/backend/pki-service/go.mod index 9926af77..02b2544e 100644 --- a/backend/pki-service/go.mod +++ b/backend/pki-service/go.mod @@ -8,7 +8,7 @@ require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/TheZeroSlave/zapsentry v1.23.0 github.com/getsentry/sentry-go v0.31.1 - github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5 + github.com/hm-edu/harica v0.0.0-20250108195105-42f8cc50becc github.com/mattn/go-sqlite3 v1.14.16 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 diff --git a/backend/pki-service/go.sum b/backend/pki-service/go.sum index 765cf387..f48d938c 100644 --- a/backend/pki-service/go.sum +++ b/backend/pki-service/go.sum @@ -105,8 +105,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos= github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= -github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5 h1:ivv21dhuJJSS2/LcAATO7eeUU9R6x5BevqQyK5pvUzE= -github.com/hm-edu/harica v0.0.0-20250108193546-6dce26cbc9d5/go.mod h1:EIK0hbCv3C6hJzZdol6yb9JYkjsyTSV8F1Lmr/D4xGE= +github.com/hm-edu/harica v0.0.0-20250108195105-42f8cc50becc h1:rZbu8mPcb1Cs4d46oqjc09sqX0c0r/XoEZ+ZPvX9ycc= +github.com/hm-edu/harica v0.0.0-20250108195105-42f8cc50becc/go.mod h1:EIK0hbCv3C6hJzZdol6yb9JYkjsyTSV8F1Lmr/D4xGE= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776 h1:5XAf2vZQ6aMyLeHqZg1V7Dn/y6fzN0cpbo/jk7dWJC0= github.com/hm-edu/portal-apis v0.0.0-20250102083103-f7750f2a7776/go.mod h1:HoVbhQCLyk/XKtKjVahdTTkCa5KLYIi/HyzrExss1Zo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 74f8587a..b90ea308 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -132,12 +132,12 @@ func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, }) s := gocron.NewScheduler(time.UTC) - s.Every(5).Minutes().Do(func() { - err := client.SessionRefresh() + s.Every(1).Hour().Do(func() { + err := client.SessionRefresh(true) if err != nil { instance.logger.Error("Error refreshing client", zap.Error(err)) } - err = validationClient.SessionRefresh() + err = validationClient.SessionRefresh(true) if err != nil { instance.logger.Error("Error refreshing validation client", zap.Error(err)) } From 1f558b78bf42b308df066d9a5b7aafed0cf9111f Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 9 Jan 2025 07:24:03 +0100 Subject: [PATCH 20/24] feat: fix expire --- backend/pki-service/pkg/worker/cleanup.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/backend/pki-service/pkg/worker/cleanup.go b/backend/pki-service/pkg/worker/cleanup.go index cea3bdc0..b6be92f4 100644 --- a/backend/pki-service/pkg/worker/cleanup.go +++ b/backend/pki-service/pkg/worker/cleanup.go @@ -18,8 +18,7 @@ func Cleanup(logger *zap.Logger, db *ent.Client) error { } for _, cert := range certs { // Mark certificate as expired - cert.Status = certificate.StatusExpired - if _, err := db.Certificate.UpdateOne(cert).Save(context.Background()); err != nil { + if _, err := db.Certificate.UpdateOneID(cert.ID).SetStatus(certificate.StatusExpired).Save(context.Background()); err != nil { return err } logger.Info("Certificate expired", zap.String("common_name", cert.CommonName), zap.String("serial_number", cert.Serial)) From 22f9913e67bc03ae3bf24486e0dd08d69a983e5b Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 9 Jan 2025 08:09:15 +0100 Subject: [PATCH 21/24] feat: add option for OV/DV setting --- backend/pki-service/cmd/run.go | 1 + backend/pki-service/pkg/cfg/pki.go | 1 + backend/pki-service/pkg/grpc/ssl.go | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 2293c879..9d94c4c6 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -111,4 +111,5 @@ func init() { runCmd.Flags().String("validation_user", "", "The user for the HARICA API") runCmd.Flags().String("validation_password", "", "The password for the HARICA API") runCmd.Flags().String("validation_totp_seed", "", "The totp seed for the HARICA API") + runCmd.Flags().String("cert_type", "OV", "The certificate type to use") } diff --git a/backend/pki-service/pkg/cfg/pki.go b/backend/pki-service/pkg/cfg/pki.go index 549e9ccb..9e020405 100644 --- a/backend/pki-service/pkg/cfg/pki.go +++ b/backend/pki-service/pkg/cfg/pki.go @@ -9,4 +9,5 @@ type PKIConfiguration struct { ValidationPassword string `mapstructure:"validation_password"` ValidationTotpSeed string `mapstructure:"validation_totp_seed"` SmimeKeyLength string `mapstructure:"smime_key_length"` + CertType string `mapstructure:"cert_type"` } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index b90ea308..d1c7e5c2 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -267,7 +267,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq return s.handleError("Error while checking organization", err, logger, hub) } - transaction, err := s.client.RequestCertificate(sans, req.Csr, "OV", orgs[0]) + transaction, err := s.client.RequestCertificate(sans, req.Csr, s.cfg.CertType, orgs[0]) if err != nil { return s.handleError("Error while requesting certificate", err, logger, hub) } From ff37ad0b511696e70419fa69f682d149c673d145 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 9 Jan 2025 08:44:55 +0100 Subject: [PATCH 22/24] fix: capture dangling certs --- backend/domain-rest-interface/pkg/api/domains/domains.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/domain-rest-interface/pkg/api/domains/domains.go b/backend/domain-rest-interface/pkg/api/domains/domains.go index 06aadba3..b569d350 100644 --- a/backend/domain-rest-interface/pkg/api/domains/domains.go +++ b/backend/domain-rest-interface/pkg/api/domains/domains.go @@ -127,7 +127,7 @@ func (h *Handler) enumerateDomains(ctx context.Context, user string, logger *zap if cert.Status == "Invalid" { continue } - if cert.Id == 0 { + if (cert.Id == 0 && strings.EqualFold(cert.Ca, "sectigo")) || (strings.EqualFold(cert.Ca, "harica") && cert.TransactionId == "") { logger.Warn("Denying deletion of domain. Domain has dangling certificate.", zap.String("serial", cert.Serial), zap.String("domain", domain.Fqdn), zap.String("user", user)) item.Permissions.CanDelete = false continue From 0b45972d6e2e68f7c203f2dc0b345ae3a3bddea1 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 9 Jan 2025 10:13:07 +0100 Subject: [PATCH 23/24] remove unused dns class --- backend/common/go.mod | 3 --- backend/common/go.sum | 2 -- backend/common/helper/md5dns.go | 48 --------------------------------- 3 files changed, 53 deletions(-) delete mode 100644 backend/common/helper/md5dns.go diff --git a/backend/common/go.mod b/backend/common/go.mod index 88479cf3..6f2d2d13 100644 --- a/backend/common/go.mod +++ b/backend/common/go.mod @@ -26,8 +26,6 @@ require ( github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect - golang.org/x/mod v0.22.0 // indirect - golang.org/x/sync v0.10.0 // indirect ) require ( @@ -87,7 +85,6 @@ require ( require ( github.com/getsentry/sentry-go v0.30.0 github.com/go-playground/validator/v10 v10.23.0 - github.com/miekg/dns v1.1.62 github.com/valyala/bytebufferpool v1.0.0 // indirect go.opentelemetry.io/otel v1.33.0 // indirect go.uber.org/zap v1.27.0 diff --git a/backend/common/go.sum b/backend/common/go.sum index f1cafd63..df60841e 100644 --- a/backend/common/go.sum +++ b/backend/common/go.sum @@ -103,8 +103,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= -github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= diff --git a/backend/common/helper/md5dns.go b/backend/common/helper/md5dns.go deleted file mode 100644 index 0576232e..00000000 --- a/backend/common/helper/md5dns.go +++ /dev/null @@ -1,48 +0,0 @@ -package helper - -import ( - "crypto/hmac" - // Required due to the use in the MWN - "crypto/md5" //#nosec - "encoding/base64" - "encoding/hex" - - "github.com/miekg/dns" -) - -type Md5provider string - -func fromBase64(s []byte) (buf []byte, err error) { - buflen := base64.StdEncoding.DecodedLen(len(s)) - buf = make([]byte, buflen) - n, err := base64.StdEncoding.Decode(buf, s) - buf = buf[:n] - return -} - -func (key Md5provider) Generate(msg []byte, _ *dns.TSIG) ([]byte, error) { - // If we barf here, the caller is to blame - rawsecret, err := fromBase64([]byte(key)) - if err != nil { - return nil, err - } - h := hmac.New(md5.New, rawsecret) - - h.Write(msg) - return h.Sum(nil), nil -} - -func (key Md5provider) Verify(msg []byte, t *dns.TSIG) error { - b, err := key.Generate(msg, t) - if err != nil { - return err - } - mac, err := hex.DecodeString(t.MAC) - if err != nil { - return err - } - if !hmac.Equal(b, mac) { - return dns.ErrSig - } - return nil -} From 5ea2934fd9bb67fe65b6dfcc12d747023cafcd12 Mon Sep 17 00:00:00 2001 From: Florian Ritterhoff Date: Thu, 9 Jan 2025 10:18:10 +0100 Subject: [PATCH 24/24] feat: handle error --- backend/pki-service/pkg/grpc/ssl.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index d1c7e5c2..cc82b218 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -132,7 +132,7 @@ func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, }) s := gocron.NewScheduler(time.UTC) - s.Every(1).Hour().Do(func() { + _, err = s.Every(1).Hour().Do(func() { err := client.SessionRefresh(true) if err != nil { instance.logger.Error("Error refreshing client", zap.Error(err)) @@ -142,6 +142,9 @@ func newSslAPIServer(cfg *cfg.PKIConfiguration, db *ent.Client) (*sslAPIServer, instance.logger.Error("Error refreshing validation client", zap.Error(err)) } }) + if err != nil { + return nil, err + } s.StartAsync() return instance, nil }