update cfssl usage, remove some ioutil

nickysemenza · nickysemenza · commit 65dab12aff86 · 2023-05-15T10:38:31.000-07:00
diff --git a/certmetrics/metrics.go b/certmetrics/metrics.go
@@ -3,7 +3,7 @@ package certmetrics
 
 import (
 	"crypto/x509"
-	"io/ioutil"
+	"io"
 	"os"
 	"sort"
 	"strings"
@@ -34,7 +34,7 @@ func certSourceFromFile(path string) ([]CertSource, error) {
 	if err != nil {
 		return nil, err
 	}
-	pemData, err := ioutil.ReadAll(file)
+	pemData, err := io.ReadAll(file)
 	if err != nil {
 		return nil, err
 	}
diff --git a/client/client.go b/client/client.go
@@ -10,7 +10,6 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -71,7 +70,7 @@ func NewClientFromFile(certFile, keyFile, caFile string) (*Client, error) {
 		return nil, err
 	}
 
-	pemCerts, err := ioutil.ReadFile(caFile)
+	pemCerts, err := os.ReadFile(caFile)
 	if err != nil {
 		return nil, err
 	}
@@ -321,7 +320,7 @@ func (c *Client) ScanDir(server, dir string, LoadPubKey func([]byte) (crypto.Pub
 		if !info.IsDir() && (isPubKey || isCert) {
 			log.Infof("Loading %s...\n", path)
 
-			in, err := ioutil.ReadFile(path)
+			in, err := os.ReadFile(path)
 			if err != nil {
 				return err
 			}
@@ -358,7 +357,7 @@ func (c *Client) LoadTLSCertificate(server, certFile string) (cert tls.Certifica
 	var certPEMBlock []byte
 	var certDERBlock *pem.Block
 
-	if certPEMBlock, err = ioutil.ReadFile(certFile); err != nil {
+	if certPEMBlock, err = os.ReadFile(certFile); err != nil {
 		return fail(err)
 	}
 
diff --git a/client/remote_test.go b/client/remote_test.go
@@ -5,7 +5,6 @@ import (
 	"crypto"
 	"crypto/x509"
 	"encoding/pem"
-	"io/ioutil"
 	"log"
 	"net"
 	"os"
@@ -243,7 +242,7 @@ func TestSlowServer(t *testing.T) {
 
 // helper function reads a cert from a file and convert it to a signer
 func NewRemoteSignerByCertFile(filepath string) (crypto.Signer, error) {
-	pemBytes, err := ioutil.ReadFile(filepath)
+	pemBytes, err := os.ReadFile(filepath)
 	if err != nil {
 		return nil, err
 	}
diff --git a/cmd/gokeyless/gokeyless.go b/cmd/gokeyless/gokeyless.go
@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"strconv"
@@ -366,7 +365,7 @@ func needNewCertAndKey() bool {
 	}
 
 	// error is ignore because tls.LoadX509KeyPair already verify the existence of the file
-	certBytes, _ := ioutil.ReadFile(config.CertFile)
+	certBytes, _ := os.ReadFile(config.CertFile)
 	// error is ignore because tls.LoadX509KeyPair already verify the file can be parsed
 	cert, _ := helpers.ParseCertificatePEM(certBytes)
 	// verify the leaf certificate
@@ -380,7 +379,7 @@ func needNewCertAndKey() bool {
 
 // verifyCSRAndKey checks if csr and key files exist and if they match
 func verifyCSRAndKey() bool {
-	csrBytes, err := ioutil.ReadFile(config.CSRFile)
+	csrBytes, err := os.ReadFile(config.CSRFile)
 	if err != nil {
 		log.Errorf("cannot read csr file: %v", err)
 		return false
@@ -403,7 +402,7 @@ func verifyCSRAndKey() bool {
 		return false
 	}
 
-	keyBytes, err := ioutil.ReadFile(config.KeyFile)
+	keyBytes, err := os.ReadFile(config.KeyFile)
 	if err != nil {
 		log.Errorf("cannot read private key file: %v", err)
 		return false
diff --git a/cmd/gokeyless/initialize.go b/cmd/gokeyless/initialize.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
 
@@ -65,7 +64,7 @@ func initAPICall(token, hostname, zoneID, csr string) ([]byte, error) {
 	}
 	defer resp.Body.Close()
 
-	bodyBytes, err := ioutil.ReadAll(resp.Body)
+	bodyBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("certificate API returned an invalid response body for HTTP %d", resp.StatusCode)
 	}
@@ -120,12 +119,12 @@ func initializeServerCertAndKey() {
 		log.Fatal("failed to generate csr and key: ", err)
 	}
 
-	if err := ioutil.WriteFile(config.KeyFile, key, 0600); err != nil {
+	if err := os.WriteFile(config.KeyFile, key, 0600); err != nil {
 		log.Fatal("failed to write to key file: ", err)
 	}
 	log.Infof("key is generated and saved to %s", config.KeyFile)
 
-	if err := ioutil.WriteFile(config.CSRFile, csr, 0600); err != nil {
+	if err := os.WriteFile(config.CSRFile, csr, 0600); err != nil {
 		log.Fatal("failed to write to csr file:", err)
 	}
 	log.Infof("csr is generated and saved to %s", config.CSRFile)
@@ -141,12 +140,11 @@ func initializeServerCertAndKey() {
 		log.Fatal("couldn't remove old certificate file: ", err)
 	}
 
-	if err := ioutil.WriteFile(config.CertFile, cert, 0644); err != nil {
+	if err := os.WriteFile(config.CertFile, cert, 0644); err != nil {
 		log.Fatal("couldn't write to certificate file: ", err)
 	}
 	log.Infof("certificate saved to %s", config.CertFile)
 
-	return
 }
 
 // generateCSR generates a private key and a CSR for the given host. The
@@ -155,7 +153,7 @@ func generateCSR(host string) ([]byte, []byte, error) {
 	csr, key, err := csr.ParseRequest(&csr.CertificateRequest{
 		CN:    "Keyless Server Authentication Certificate",
 		Hosts: []string{host},
-		KeyRequest: &csr.BasicKeyRequest{
+		KeyRequest: &csr.KeyRequest{
 			A: "ecdsa",
 			S: 384,
 		},
@@ -173,12 +171,12 @@ func manualActivation() {
 		log.Fatal("failed to generate csr and key: ", err)
 	}
 
-	if err := ioutil.WriteFile(config.KeyFile, key, 0600); err != nil {
+	if err := os.WriteFile(config.KeyFile, key, 0600); err != nil {
 		log.Fatal("failed to write to key file:", err)
 	}
 	log.Infof("key is generated and saved to %s", config.KeyFile)
 
-	if err := ioutil.WriteFile(config.CSRFile, csr, 0600); err != nil {
+	if err := os.WriteFile(config.CSRFile, csr, 0600); err != nil {
 		log.Fatal("failed to write to csr file:", err)
 	}
 	log.Infof("csr is generated and saved to %s", config.CSRFile)
diff --git a/server/keystore.go b/server/keystore.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -78,7 +77,7 @@ func (keys *DefaultKeystore) AddFromDir(dir string, LoadKey func([]byte) (crypto
 func (keys *DefaultKeystore) AddFromFile(path string, LoadKey func([]byte) (crypto.Signer, error)) error {
 	log.Infof("loading %s...", path)
 
-	in, err := ioutil.ReadFile(path)
+	in, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
diff --git a/server/server.go b/server/server.go
@@ -12,9 +12,9 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/rpc"
+	"os"
 	"sync"
 	"time"
 
@@ -85,7 +85,7 @@ func NewServerFromFile(config *ServeConfig, certFile, keyFile, caFile string) (*
 		return nil, err
 	}
 
-	pemCerts, err := ioutil.ReadFile(caFile)
+	pemCerts, err := os.ReadFile(caFile)
 	if err != nil {
 		return nil, err
 	}
@@ -706,12 +706,12 @@ const (
 
 // DefaultServeConfig constructs a default ServeConfig with the following
 // values:
-//  - The number of ECDSA workers is max(2, runtime.NumCPU())
-//  - The number of RSA workers is max(2, runtime.NumCPU())
-//  - The number of other workers is 2
-//  - The TCP connection timeout is 30 seconds
-//  - The Unix connection timeout is 1 hour
-//  - All connections have full power
+//   - The number of ECDSA workers is max(2, runtime.NumCPU())
+//   - The number of RSA workers is max(2, runtime.NumCPU())
+//   - The number of other workers is 2
+//   - The TCP connection timeout is 30 seconds
+//   - The Unix connection timeout is 1 hour
+//   - All connections have full power
 func DefaultServeConfig() *ServeConfig {
 	return &ServeConfig{
 		tcpTimeout:             defaultTCPTimeout,
diff --git a/tests/common_test.go b/tests/common_test.go
@@ -9,7 +9,6 @@ import (
 	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"os"
 	"strconv"
@@ -131,7 +130,7 @@ func (d DummyRPC) PipeRead(in int, out *[]byte) (err error) {
 
 // helper function reads a pub key from a file and convert it to a signer
 func (s *IntegrationTestSuite) NewRemoteSignerByPubKeyFile(filepath string) (crypto.Signer, error) {
-	pemBytes, err := ioutil.ReadFile(filepath)
+	pemBytes, err := os.ReadFile(filepath)
 	if err != nil {
 		return nil, err
 	}
diff --git a/tests/proxy_test.go b/tests/proxy_test.go
@@ -7,7 +7,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"testing"
 	"time"
 
@@ -41,7 +41,7 @@ func clientFunc(conn *tls.Conn) error {
 		return err
 	}
 
-	output, err := ioutil.ReadAll(conn)
+	output, err := io.ReadAll(conn)
 	if err != nil {
 		return err
 	}
@@ -83,7 +83,7 @@ func (s *IntegrationTestSuite) TestTLSProxy() {
 
 	keys := server.NewDefaultKeystore()
 	s.server.SetKeystore(keys)
-	pemKey, err := ioutil.ReadFile(tlsKey)
+	pemKey, err := os.ReadFile(tlsKey)
 	require.NoError(err)
 	p, _ := pem.Decode(pemKey)
 	rsaKey, err := x509.ParseECPrivateKey(p.Bytes)
@@ -97,7 +97,7 @@ func (s *IntegrationTestSuite) TestTLSProxy() {
 		RootCAs:    x509.NewCertPool(),
 	}
 
-	caBytes, err := ioutil.ReadFile(caCert)
+	caBytes, err := os.ReadFile(caCert)
 	require.NoError(err)
 	clientConfig.RootCAs.AppendCertsFromPEM(caBytes)
 

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,6 @@ import (`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"fmt"`
`7`	`7`	`"io"`
`8`		`- "io/ioutil"`
`9`	`8`	`"net/http"`
`10`	`9`	`"os"`
`11`	`10`
`@@ -65,7 +64,7 @@ func initAPICall(token, hostname, zoneID, csr string) ([]byte, error) {`
`65`	`64`	`}`
`66`	`65`	`defer resp.Body.Close()`
`67`	`66`
`68`		`- bodyBytes, err := ioutil.ReadAll(resp.Body)`
	`67`	`+ bodyBytes, err := io.ReadAll(resp.Body)`
`69`	`68`	`if err != nil {`
`70`	`69`	`return nil, fmt.Errorf("certificate API returned an invalid response body for HTTP %d", resp.StatusCode)`
`71`	`70`	`}`
`@@ -120,12 +119,12 @@ func initializeServerCertAndKey() {`
`120`	`119`	`log.Fatal("failed to generate csr and key: ", err)`
`121`	`120`	`}`
`122`	`121`
`123`		`- if err := ioutil.WriteFile(config.KeyFile, key, 0600); err != nil {`
	`122`	`+ if err := os.WriteFile(config.KeyFile, key, 0600); err != nil {`
`124`	`123`	`log.Fatal("failed to write to key file: ", err)`
`125`	`124`	`}`
`126`	`125`	`log.Infof("key is generated and saved to %s", config.KeyFile)`
`127`	`126`
`128`		`- if err := ioutil.WriteFile(config.CSRFile, csr, 0600); err != nil {`
	`127`	`+ if err := os.WriteFile(config.CSRFile, csr, 0600); err != nil {`
`129`	`128`	`log.Fatal("failed to write to csr file:", err)`
`130`	`129`	`}`
`131`	`130`	`log.Infof("csr is generated and saved to %s", config.CSRFile)`
`@@ -141,12 +140,11 @@ func initializeServerCertAndKey() {`
`141`	`140`	`log.Fatal("couldn't remove old certificate file: ", err)`
`142`	`141`	`}`
`143`	`142`
`144`		`- if err := ioutil.WriteFile(config.CertFile, cert, 0644); err != nil {`
	`143`	`+ if err := os.WriteFile(config.CertFile, cert, 0644); err != nil {`
`145`	`144`	`log.Fatal("couldn't write to certificate file: ", err)`
`146`	`145`	`}`
`147`	`146`	`log.Infof("certificate saved to %s", config.CertFile)`
`148`	`147`
`149`		`- return`
`150`	`148`	`}`
`151`	`149`
`152`	`150`	`// generateCSR generates a private key and a CSR for the given host. The`
`@@ -155,7 +153,7 @@ func generateCSR(host string) ([]byte, []byte, error) {`
`155`	`153`	`csr, key, err := csr.ParseRequest(&csr.CertificateRequest{`
`156`	`154`	`CN: "Keyless Server Authentication Certificate",`
`157`	`155`	`Hosts: []string{host},`
`158`		`- KeyRequest: &csr.BasicKeyRequest{`
	`156`	`+ KeyRequest: &csr.KeyRequest{`
`159`	`157`	`A: "ecdsa",`
`160`	`158`	`S: 384,`
`161`	`159`	`},`
`@@ -173,12 +171,12 @@ func manualActivation() {`
`173`	`171`	`log.Fatal("failed to generate csr and key: ", err)`
`174`	`172`	`}`
`175`	`173`
`176`		`- if err := ioutil.WriteFile(config.KeyFile, key, 0600); err != nil {`
	`174`	`+ if err := os.WriteFile(config.KeyFile, key, 0600); err != nil {`
`177`	`175`	`log.Fatal("failed to write to key file:", err)`
`178`	`176`	`}`
`179`	`177`	`log.Infof("key is generated and saved to %s", config.KeyFile)`
`180`	`178`
`181`		`- if err := ioutil.WriteFile(config.CSRFile, csr, 0600); err != nil {`
	`179`	`+ if err := os.WriteFile(config.CSRFile, csr, 0600); err != nil {`
`182`	`180`	`log.Fatal("failed to write to csr file:", err)`
`183`	`181`	`}`
`184`	`182`	`log.Infof("csr is generated and saved to %s", config.CSRFile)`