Skip to content

Commit

Permalink
Merge branch 'main' into alpha
Browse files Browse the repository at this point in the history
  • Loading branch information
@rsdmike
rsdmike authored Jul 19, 2024
2 parents 4571325 + ee95c36 commit d3e6a2c
Show file tree
Hide file tree
Showing 12 changed files with 21 additions and 41 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/api-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand All @@ -28,7 +28,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand All @@ -45,7 +45,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand All @@ -61,7 +61,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand All @@ -75,7 +75,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand All @@ -101,7 +101,7 @@ jobs:
os: [windows-2019, windows-2022, ubuntu-22.04, ubuntu-20.04]
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docker-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/projectsSync.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/semantic.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/trivy-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
security-events: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit

Expand Down
2 changes: 1 addition & 1 deletion .releaserc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"label": "Linux x64 Console Executable"
},
{
"path": "console_windows_x64.zip",
"path": "console_windows_x64.exe",
"label": "Windows x64 Console Executable"
},
{
Expand Down
3 changes: 0 additions & 3 deletions build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,3 @@ chmod +x console_mac_arm64
tar cvfpz console_linux_x64.tar.gz console_linux_x64
tar cvfpz console_mac_x64.tar.gz console_mac_x64
tar cvfpz console_mac_arm64.tar.gz console_mac_arm64

# Add Windows build to a zip file
zip console_windows_x64.zip console_windows_x64.exe
29 changes: 6 additions & 23 deletions internal/usecase/domains/usecase.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,42 +153,25 @@ func (uc *UseCase) Insert(ctx context.Context, d *dto.Domain) (*dto.Domain, erro

return d2, nil
}

func DecryptAndCheckCertExpiration(domain dto.Domain) (*x509.Certificate, error) {
// Decode the base64 encoded PFX certificate
pfxData, err := base64.StdEncoding.DecodeString(domain.ProvisioningCert)
if err != nil {
return nil, err
}

// Convert the PFX data to PEM blocks
//nolint:staticcheck // AMT certs don't work with pkcs12.Decode (the suggested replacement)
pemBlocks, err := pkcs12.ToPEM(pfxData, domain.ProvisioningCertPassword)
if err != nil {
return nil, ErrCertPassword.Wrap("DecryptAndCheckCertExpiration", "pkcs12.ToPEM", err)
}

var x509Cert *x509.Certificate

for _, block := range pemBlocks {
if block.Type == "CERTIFICATE" {
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}

x509Cert = cert

break
}
// Convert the PFX data to x509 cert
_, cert, err := pkcs12.Decode(pfxData, domain.ProvisioningCertPassword)
if err != nil && cert == nil {
return nil, ErrCertPassword.Wrap("DecryptAndCheckCertExpiration", "pkcs12.Decode", err)
}

// Check the expiration date of the certificate
if x509Cert.NotAfter.Before(time.Now()) {
if cert.NotAfter.Before(time.Now()) {
return nil, ErrCertExpiration.Wrap("DecryptAndCheckCertExpiration", "x509Cert.NotAfter.Before", nil)
}

return x509Cert, nil
return cert, nil
}

// convert dto.Domain to entity.Domain.
Expand Down

0 comments on commit d3e6a2c

Please sign in to comment.