diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index dc8b31a..9f0e4f8 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -25,7 +25,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.18" + go-version: "1.23" - name: Checkout code uses: actions/checkout@v2 - name: Go Coverage diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a087515..67ed79b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.18" + go-version: "1.23" - name: Checkout code uses: actions/checkout@v2 - name: Build package and run tests diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index 6bcd5e4..587e0a1 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -10,14 +10,12 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.18" + go-version: "1.23" - name: Checkout code uses: actions/checkout@v2 - - name: Install golangci-lint + - name: Install golangci-lint run: | go version - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.47.0 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.2.1 - name: Run required linters in .golangci.yml plus hard-coded ones here run: make -w GOLINT=$(go env GOPATH)/bin/golangci-lint lint - - name: Run optional linters (not required to pass) - run: make -w GOLINT=$(go env GOPATH)/bin/golangci-lint lint-extra diff --git a/.golangci.yml b/.golangci.yml index 82ce9af..7420892 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,88 +1,85 @@ -# Do not delete linter settings. Linters like gocritic can be enabled on the command line. - -linters-settings: - dupl: - threshold: 100 - funlen: - lines: 100 - statements: 50 - goconst: - min-len: 2 - min-occurrences: 3 - gocritic: - enabled-tags: - - diagnostic - - experimental - - opinionated - - performance - - style - disabled-checks: - - dupImport # https://github.com/go-critic/go-critic/issues/845 - - ifElseChain - - octalLiteral - - paramTypeCombine - - whyNoLint - - wrapperFunc - gofmt: - simplify: false - goimports: - golint: - min-confidence: 0 - govet: - check-shadowing: true - lll: - line-length: 140 - maligned: - suggest-new: true - misspell: - locale: US - +version: "2" linters: - disable-all: true + default: none enable: - - deadcode - errcheck - goconst - gocyclo - - gofmt - - goimports - - golint - gosec - govet - ineffassign - - maligned - misspell - staticcheck - - structcheck - - typecheck - unconvert - unused - - varcheck - - + settings: + dupl: + threshold: 100 + funlen: + lines: 100 + statements: 50 + goconst: + min-len: 2 + min-occurrences: 3 + gocritic: + disabled-checks: + - dupImport + - ifElseChain + - octalLiteral + - paramTypeCombine + - whyNoLint + - wrapperFunc + enabled-tags: + - diagnostic + - experimental + - opinionated + - performance + - style + lll: + line-length: 140 + misspell: + locale: US + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - dupl + - goconst + - lll + - mnd + path: _test\.go + - linters: + - lll + - mnd + path: doc\.go + - linters: + - lll + path: pretty_test_vectors.go + paths: + - third_party$ + - builtin$ + - examples$ issues: # max-issues-per-linter default is 50. Set to 0 to disable limit. max-issues-per-linter: 0 # max-same-issues default is 3. Set to 0 to disable limit. max-same-issues: 0 - # Excluding configuration per-path, per-linter, per-text and per-source - exclude-rules: - - path: _test\.go - linters: - - goconst - - dupl - - gomnd - - lll - - path: doc\.go - linters: - - goimports - - gomnd - - lll - - path: pretty_test_vectors.go - linters: - - lll - -# golangci.com configuration -# https://github.com/golangci/golangci/wiki/Configuration -service: - golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly +formatters: + enable: + - gofmt + - goimports + settings: + gofmt: + simplify: false + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ + - doc\.go diff --git a/Makefile b/Makefile index b4f649b..5bf0989 100644 --- a/Makefile +++ b/Makefile @@ -7,13 +7,10 @@ GOPKG := github.com/veraison/ear GOPKG += github.com/veraison/ear/arc/cmd GOLINT ?= golangci-lint +GOLINT_ARGS ?= run --timeout=3m -E dupl -E gocritic -E lll -E prealloc -ifeq ($(MAKECMDGOALS),lint) -GOLINT_ARGS ?= run --timeout=3m -E dupl -E gocritic -E gosimple -E lll -E prealloc -endif - -.PHONY: lint lint-extra -lint lint-extra: ; $(GOLINT) $(GOLINT_ARGS) +.PHONY: lint +lint: ; $(GOLINT) $(GOLINT_ARGS) ifeq ($(MAKECMDGOALS),test) GOTEST_ARGS ?= -v -race $(GOPKG) @@ -48,6 +45,5 @@ help: @echo " * test-cover: run unit tests and measure coverage for $(GOPKG)" @echo " * licenses: check licenses of dependent packages" @echo " * lint: lint sources using default configuration" - @echo " * lint-extra: lint sources using default configuration and some extra checkers" @echo " * presubmit: check you are ready to push your local branch to remote" @echo " * help: print this menu" diff --git a/arc/cmd/common.go b/arc/cmd/common.go index e85880a..930b4be 100644 --- a/arc/cmd/common.go +++ b/arc/cmd/common.go @@ -5,14 +5,14 @@ package cmd import ( "strings" - "github.com/lestrrat-go/jwx/v2/jwa" + "github.com/lestrrat-go/jwx/v3/jwa" ) func algList() string { var l []string // nolint: prealloc for _, a := range jwa.SignatureAlgorithms() { - l = append(l, string(a)) + l = append(l, a.String()) } return strings.Join(l, ", ") diff --git a/arc/cmd/create.go b/arc/cmd/create.go index c908988..1bbf3f7 100644 --- a/arc/cmd/create.go +++ b/arc/cmd/create.go @@ -6,8 +6,8 @@ import ( "errors" "fmt" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwk" "github.com/spf13/afero" "github.com/spf13/cobra" "github.com/veraison/ear" @@ -38,6 +38,7 @@ the key in the default key file "skey.json", and save the result to "my-ear.jwt" claimsSet, sKey, arBytes []byte sigK jwk.Key ar ear.AttestationResult + alg jwa.KeyAlgorithm err error ) @@ -64,7 +65,11 @@ the key in the default key file "skey.json", and save the result to "my-ear.jwt" return fmt.Errorf("parsing signing key from %q: %w", createSKey, err) } - if arBytes, err = ar.Sign(jwa.KeyAlgorithmFrom(createAlg), sigK); err != nil { + if alg, err = jwa.KeyAlgorithmFrom(createAlg); err != nil { + return fmt.Errorf("parsing algorithm from %q: %w", createAlg, err) + } + + if arBytes, err = ar.Sign(alg, sigK); err != nil { return fmt.Errorf("signing EAR: %w", err) } diff --git a/arc/cmd/create_test.go b/arc/cmd/create_test.go index 1240de2..e694a8c 100644 --- a/arc/cmd/create_test.go +++ b/arc/cmd/create_test.go @@ -66,7 +66,7 @@ func Test_CreateCmd_skey_file_bad_format(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `parsing signing key from "empty-skey.json": failed to unmarshal JSON into key hint: EOF` + expectedErr := `parsing signing key from "empty-skey.json": jwk.Parse: failed to probe data: probe: failed to unmarshal data: EOF` err := cmd.Execute() assert.EqualError(t, err, expectedErr) @@ -89,7 +89,7 @@ func Test_CreateCmd_skey_not_ok_for_signing(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `failed to generate signature for signer #0 (alg=ES256): failed to sign payload: failed to retrieve ecdsa.PrivateKey out of *jwk.ecdsaPublicKey: failed to produce ecdsa.PrivateKey from *jwk.ecdsaPublicKey: argument to AssignIfCompatible() must be compatible with *ecdsa.PublicKey (was *ecdsa.PrivateKey)` + expectedErr := `invalid key type *jwk.ecdsaPublicKey. ecdsa.PrivateKey is required: keyconv: failed to produce ecdsa.PrivateKey from *jwk.ecdsaPublicKey` err := cmd.Execute() assert.ErrorContains(t, err, expectedErr) @@ -154,7 +154,7 @@ func Test_CreateCmd_unknown_signing_alg(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `expected algorithm to be of type jwa.SignatureAlgorithm but got ("XYZ", jwa.InvalidKeyAlgorithm)` + expectedErr := `invalid key value: "XYZ": invalid key algorithm` err := cmd.Execute() assert.ErrorContains(t, err, expectedErr) diff --git a/arc/cmd/verify.go b/arc/cmd/verify.go index 374e6a0..432e050 100644 --- a/arc/cmd/verify.go +++ b/arc/cmd/verify.go @@ -6,8 +6,8 @@ import ( "errors" "fmt" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwk" "github.com/spf13/afero" "github.com/spf13/cobra" "github.com/veraison/ear" @@ -40,6 +40,7 @@ embedded EAR claims-set and present a report of the trustworthiness vector. claimsSet, pKey, arBytes []byte vfyK jwk.Key ar ear.AttestationResult + alg jwa.KeyAlgorithm err error ) @@ -62,7 +63,11 @@ embedded EAR claims-set and present a report of the trustworthiness vector. return fmt.Errorf("parsing verification key from %q: %w", verifyPKey, err) } - if err = ar.Verify(arBytes, jwa.KeyAlgorithmFrom(verifyAlg), vfyK); err != nil { + if alg, err = jwa.KeyAlgorithmFrom(verifyAlg); err != nil { + return fmt.Errorf("parsing algorithm from %q: %w", verifyAlg, err) + } + + if err = ar.Verify(arBytes, alg, vfyK); err != nil { return fmt.Errorf("verifying signed EAR from %s: %w", verifyInput, err) } diff --git a/arc/cmd/verify_test.go b/arc/cmd/verify_test.go index f1308a9..bcca3b5 100644 --- a/arc/cmd/verify_test.go +++ b/arc/cmd/verify_test.go @@ -64,29 +64,7 @@ func Test_VerifyCmd_pkey_file_bad_format(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `parsing verification key from "empty-pkey.json": failed to unmarshal JSON into key hint: EOF` - - err := cmd.Execute() - assert.EqualError(t, err, expectedErr) -} - -func Test_VerifyCmd_skey_not_ok_for_verifying(t *testing.T) { - cmd := NewVerifyCmd() - - files := []fileEntry{ - {"ear.jwt", testJWT}, - {"skey.json", testSKey}, - } - makeFS(t, files) - - args := []string{ - "--pkey=skey.json", - "--alg=ES256", - "ear.jwt", - } - cmd.SetArgs(args) - - expectedErr := `verifying signed EAR from ear.jwt: failed verifying JWT message: could not verify message using any of the signatures or keys` + expectedErr := `parsing verification key from "empty-pkey.json": jwk.Parse: failed to probe data: probe: failed to unmarshal data: EOF` err := cmd.Execute() assert.EqualError(t, err, expectedErr) @@ -129,7 +107,7 @@ func Test_VerifyCmd_input_file_bad_format(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `verifying signed EAR from ear.jwt: failed verifying JWT message: failed to parse jws: invalid byte sequence` + expectedErr := `verifying signed EAR from ear.jwt: failed verifying JWT message: jwt.Parse: failed to parse token: jwt.verifyFast: failed to split compact: jwsbb: invalid number of segments` err := cmd.Execute() assert.EqualError(t, err, expectedErr) @@ -151,7 +129,7 @@ func Test_VerifyCmd_unknown_verification_alg(t *testing.T) { } cmd.SetArgs(args) - expectedErr := `verifying signed EAR from ear.jwt: failed verifying JWT message: WithKey() option must be specified using jwa.SignatureAlgorithm (got jwa.InvalidKeyAlgorithm)` + expectedErr := `parsing algorithm from "XYZ": invalid key value: "XYZ": invalid key algorithm` err := cmd.Execute() assert.EqualError(t, err, expectedErr) diff --git a/doc.go b/doc.go index 202b655..6a0dc8b 100644 --- a/doc.go +++ b/doc.go @@ -13,28 +13,28 @@ The mandatory attributes are: status, issued_at, profile, submods, and verifier_ For example, a simple AttestationResult payload with only the bare minimum claims could be created as follows: - myStatus := TrustTierAffirming - myTimestamp := time.Now().Unix() - myPolicyID := `https://veraison.example/policy/1A4DF345-B512-4F3B-8461-967DE7F60ECA` - myProfile := EatProfile - verifierBuild := "verifier-build" - verifierDeveloper := "verifier-developer" - - ar := AttestationResult{ - Profile: &myProfile, - IssuedAt: &myTimestamp, - Submods: map[string]*Appraisal{ - "submodName": { - TrustVector: &TrustVector{}, - Status: &myStatus, - AppraisalPolicyID: &myPolicyID, - }, - }, - VerifierID: &VerifierIdentity{ - Build: &verifierBuild, - Developer: &verifierDeveloper, - }, - } + myStatus := TrustTierAffirming + myTimestamp := time.Now().Unix() + myPolicyID := `https://veraison.example/policy/1A4DF345-B512-4F3B-8461-967DE7F60ECA` + myProfile := EatProfile + verifierBuild := "verifier-build" + verifierDeveloper := "verifier-developer" + + ar := AttestationResult{ + Profile: &myProfile, + IssuedAt: &myTimestamp, + Submods: map[string]*Appraisal{ + "submodName": { + TrustVector: &TrustVector{}, + Status: &myStatus, + AppraisalPolicyID: &myPolicyID, + }, + }, + VerifierID: &VerifierIdentity{ + Build: &verifierBuild, + Developer: &verifierDeveloper, + }, + } A richer one would normally include the Trustworthiness Vector, which provides details about the appraised attester components. In the example below, the @@ -42,31 +42,31 @@ attester has been assessed as genuine, i.e., all claims are in the "affirming" range. (See ยง2.3 of draft-ietf-rats-ar4si-03 for details about the allowed values and their meaning.) - tv := TrustVector{ - InstanceIdentity: 2, - Configuration: 2, - Executables: 2, - Hardware: 2, - } + tv := TrustVector{ + InstanceIdentity: 2, + Configuration: 2, + Executables: 2, + Hardware: 2, + } - ar.Submods["submodName"].TrustVector = &tv + ar.Submods["submodName"].TrustVector = &tv # Signing and Serializing Once the AttestationResult is populated, it can be signed (i.e., wrapped in a JWT) by invoking the Sign method: - myECDSAPrivateKey := `{ - "kty": "EC", - "crv": "P-256", - "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", - "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", - "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM" - }` + myECDSAPrivateKey := `{ + "kty": "EC", + "crv": "P-256", + "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", + "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4", + "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM" + }` - sigK, _ := jwk.ParseKey([]byte(myECDSAPrivateKey)) + sigK, _ := jwk.ParseKey([]byte(myECDSAPrivateKey)) - buf, _ := ar.Sign(jwa.ES256, sigK) + buf, _ := ar.Sign(jwa.ES256, sigK) In this case, the returned buf contains a signed ES256 JWT with the JSON serialization of the AttestationResult object as its payload. This is the usual @@ -78,29 +78,29 @@ On the consumer end of the protocol, when the EAT containing the attestation result is received from a veraison verifier, the relying party needs to first parse it and verify the signature using the Verify method: - myECDSAPublicKey := `{ - "kty": "EC", - "crv": "P-256", - "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", - "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4" - }` + myECDSAPublicKey := `{ + "kty": "EC", + "crv": "P-256", + "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8", + "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4" + }` - vfyK, _ := jwk.ParseKey([]byte(myECDSAPublicKey)) + vfyK, _ := jwk.ParseKey([]byte(myECDSAPublicKey)) - var ar AttestationResult + var ar AttestationResult - err := ar.Verify(token, jwa.ES256, vfyK) - if err != nil { - // handle verification error - } + err := ar.Verify(token, jwa.ES256, vfyK) + if err != nil { + // handle verification error + } If there are no errors, the relying party can trust the attestation result and inspect the relevant fields to decide about the trustworthiness of the attested entity. - if *ar.Submods["submodName"].Status != TrustTierAffirming { - // handle troubles with appraisal - } + if *ar.Submods["submodName"].Status != TrustTierAffirming { + // handle troubles with appraisal + } # Pretty printing @@ -108,8 +108,8 @@ The package provides a Report method that allows pretty printing of the Trustworthiness Vector. The caller can request a short summary or a detailed printout, as well as using colors when displaying the claims' values. - short, color := true, true + short, color := true, true - fmt.Print(ar.Submods["submodName"].TrustVector.Report(short, color)) + fmt.Print(ar.Submods["submodName"].TrustVector.Report(short, color)) */ package ear diff --git a/ear.go b/ear.go index 94e2f47..165f343 100644 --- a/ear.go +++ b/ear.go @@ -11,8 +11,8 @@ import ( "strings" "time" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwt" ) // EatProfile is the EAT profile implemented by this package @@ -195,8 +195,16 @@ func (o *AttestationResult) Verify(data []byte, alg jwa.KeyAlgorithm, key interf return fmt.Errorf("failed verifying JWT message: %w", err) } - claims := token.PrivateClaims() - claims["iat"] = token.IssuedAt().Unix() + claims := make(map[string]any) + for _, k := range token.Keys() { + var v any + if err := token.Get(k, &v); err != nil { + return fmt.Errorf(`failed to get claim %s: %w`, k, err) + } + claims[k] = v + } + iat, _ := token.IssuedAt() + claims["iat"] = iat.Unix() return o.populateFromMap(claims) } diff --git a/ear_test.go b/ear_test.go index 73c2575..7655176 100644 --- a/ear_test.go +++ b/ear_test.go @@ -7,8 +7,8 @@ import ( "fmt" "testing" - "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/lestrrat-go/jwx/v3/jwa" + "github.com/lestrrat-go/jwx/v3/jwk" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -181,7 +181,7 @@ func TestVerify_pass(t *testing.T) { for i, tv := range tvs { var ar AttestationResult - err := ar.Verify([]byte(tv.token), jwa.ES256, k) + err := ar.Verify([]byte(tv.token), jwa.ES256(), k) assert.NoError(t, err, "failed test vector at index %d", i) assert.Equal(t, tv.expected, ar) } @@ -195,17 +195,17 @@ func TestVerify_fail(t *testing.T) { { // non-matching alg (HS256) token: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJhZmZpcm1pbmciLCJ0aW1lc3RhbXAiOiIyMDIyLTA5LTI2VDE3OjI5OjAwWiIsImFwcHJhaXNhbC1wb2xpY3ktaWQiOiJodHRwczovL3ZlcmFpc29uLmV4YW1wbGUvcG9saWN5LzEvNjBhMDA2OGQiLCJ2ZXJhaXNvbi5wcm9jZXNzZWQtZXZpZGVuY2UiOnsiazEiOiJ2MSIsImsyIjoidjIifSwidmVyYWlzb24udmVyaWZpZXItYWRkZWQtY2xhaW1zIjp7ImJhciI6ImJheiIsImZvbyI6ImJhciJ9fQ.Dv3PqGA2W8anXne0YZs8cvIhQhNF1Su1RS83RPzDVg4OhJFNN1oSF-loDpjfIwPdzCWt0eA6JYxSMqpGiemq-Q`, - expected: `failed verifying JWT message: could not verify message using any of the signatures or keys`, + expected: `signature verification failed for ES256: jwsbb.ECDSAVerifier: invalid ECDSA signature`, }, { // alg "none" token: `eyJhbGciOiJub25lIn0.eyJzdGF0dXMiOiJhZmZpcm1pbmciLCJ0aW1lc3RhbXAiOiIyMDIyLTA5LTI2VDE3OjI5OjAwWiIsImFwcHJhaXNhbC1wb2xpY3ktaWQiOiJodHRwczovL3ZlcmFpc29uLmV4YW1wbGUvcG9saWN5LzEvNjBhMDA2OGQiLCJ2ZXJhaXNvbi5wcm9jZXNzZWQtZXZpZGVuY2UiOnsiazEiOiJ2MSIsImsyIjoidjIifSwidmVyYWlzb24udmVyaWZpZXItYWRkZWQtY2xhaW1zIjp7ImJhciI6ImJheiIsImZvbyI6ImJhciJ9fQ.`, - expected: `failed verifying JWT message: could not verify message using any of the signatures or keys`, + expected: `failed to unpack ECDSA signature: invalid signature length for curve "P-256"`, }, { // bad JWT formatting token: `.eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJhZmZpcm1pbmciLCJ0aW1lc3RhbXAiOiIyMDIyLTA5LTI2VDE3OjI5OjAwWiIsImFwcHJhaXNhbC1wb2xpY3ktaWQiOiJodHRwczovL3ZlcmFpc29uLmV4YW1wbGUvcG9saWN5LzEvNjBhMDA2OGQiLCJ2ZXJhaXNvbi5wcm9jZXNzZWQtZXZpZGVuY2UiOnsiazEiOiJ2MSIsImsyIjoidjIifSwidmVyYWlzb24udmVyaWZpZXItYWRkZWQtY2xhaW1zIjp7ImJhciI6ImJheiIsImZvbyI6ImJhciJ9fQ.Dv3PqGA2W8anXne0YZs8cvIhQhNF1Su1RS83RPzDVg4OhJFNN1oSF-loDpjfIwPdzCWt0eA6JYxSMqpGiemq-Q`, - expected: `failed verifying JWT message: failed to parse jws: failed to parse JOSE headers: EOF`, + expected: `failed to parse token: unknown payload type (payload is not JWT?)`, }, { // empty attestation results @@ -213,9 +213,9 @@ func TestVerify_fail(t *testing.T) { expected: `missing mandatory 'eat_profile', 'ear.verifier-id', 'submods'`, }, { - // empty attestation results + // JWT with trailing rubbish token: `eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXIudmVyaWZpZXItaWQiOnsiYnVpbGQiOiJycnRyYXAtdjEuMC4wIiwiZGV2ZWxvcGVyIjoiQWNtZSBJbmMuIn0sImVhdF9wcm9maWxlIjoidGFnOmdpdGh1Yi5jb20sMjAyMzp2ZXJhaXNvbi9lYXIiLCJpYXQiOjEuNjY2MDkxMzczZSswOSwianRpIjoiMTY1Zjg0YzY3YzE0ZTEwZDFlNGI0MzM0MDgzY2IyYTIxZDI2YmYxN2FhNjBkNWU5ZGE5ZDhmNzE3NmFjNWI2MyIsIm5iZiI6MTY3NjQ3MjcwOSwic3VibW9kcyI6eyJ0ZXN0Ijp7ImVhci5hcHByYWlzYWwtcG9saWN5LWlkIjoicG9saWN5Oi8vdGVzdC8wMTIzNCIsImVhci5zdGF0dXMiOiJhZmZpcm1pbmciLCJlYXIudmVyYWlzb24uYW5ub3RhdGVkLWV2aWRlbmNlIjp7ImsxIjoidjEiLCJrMiI6InYyIn0sImVhci52ZXJhaXNvbi5wb2xpY3ktY2xhaW1zIjp7ImJhciI6ImJheiIsImZvbyI6ImJhciJ9fX19.LunlKAnUiVHZxIUr7jNnrwFlRtd7t6f6W1rzIFgcWFLdtJELKIVGkPVV5PriHh8T0uLLIEJafwvi6hmIr27aDw.trailing-rubbish`, - expected: `failed to parse token: invalid character 'e' looking for beginning of value`, + expected: `failed to parse token: unknown payload type (payload is not JWT?)`, }, } @@ -225,7 +225,7 @@ func TestVerify_fail(t *testing.T) { for i, tv := range tvs { var ar AttestationResult - err := ar.Verify([]byte(tv.token), jwa.ES256, k) + err := ar.Verify([]byte(tv.token), jwa.ES256(), k) assert.ErrorContains(t, err, tv.expected, "failed test vector at index %d", i) } } @@ -237,7 +237,7 @@ func TestSign_fail(t *testing.T) { // an empty AR is not a valid AR4SI payload var ar AttestationResult - _, err = ar.Sign(jwa.ES256, sigK) + _, err = ar.Sign(jwa.ES256(), sigK) assert.EqualError(t, err, `missing mandatory 'eat_profile', 'iat', 'verifier-id', 'submods' (at least one appraisal must be present)`) } @@ -245,7 +245,7 @@ func TestRoundTrip_pass(t *testing.T) { sigK, err := jwk.ParseKey([]byte(testECDSAPrivateKey)) require.NoError(t, err) - token, err := testAttestationResultsWithVeraisonExtns.Sign(jwa.ES256, sigK) + token, err := testAttestationResultsWithVeraisonExtns.Sign(jwa.ES256(), sigK) assert.NoError(t, err) fmt.Println(string(token)) @@ -255,7 +255,7 @@ func TestRoundTrip_pass(t *testing.T) { var actual AttestationResult - err = actual.Verify(token, jwa.ES256, vfyK) + err = actual.Verify(token, jwa.ES256(), vfyK) assert.NoError(t, err) assert.Equal(t, testAttestationResultsWithVeraisonExtns, actual) @@ -265,7 +265,7 @@ func TestRoundTrip_tampering(t *testing.T) { sigK, err := jwk.ParseKey([]byte(testECDSAPrivateKey)) require.NoError(t, err) - token, err := testAttestationResultsWithVeraisonExtns.Sign(jwa.ES256, sigK) + token, err := testAttestationResultsWithVeraisonExtns.Sign(jwa.ES256(), sigK) assert.NoError(t, err) vfyK, err := jwk.ParseKey([]byte(testECDSAPublicKey)) @@ -279,7 +279,7 @@ func TestRoundTrip_tampering(t *testing.T) { // than EqualError. token[len(token)-1] ^= 1 - err = actual.Verify(token, jwa.ES256, vfyK) + err = actual.Verify(token, jwa.ES256(), vfyK) assert.ErrorContains(t, err, "failed verifying JWT message") } diff --git a/example_test.go b/example_test.go index bf67263..7741d93 100644 --- a/example_test.go +++ b/example_test.go @@ -121,7 +121,7 @@ func Example_decode_veraison_extensions() { fmt.Println((*ar.Submods["test"].VeraisonKeyAttestation)["akpub"]) fmt.Println(*ar.VeraisonTeeInfo.TeeName) fmt.Println(*ar.VeraisonTeeInfo.EvidenceID) - fmt.Println(*ar.VeraisonTeeInfo.Evidence) + fmt.Printf("%v\n", *ar.VeraisonTeeInfo.Evidence) // Output: // affirming diff --git a/go.mod b/go.mod index f6fc7c8..2d50b80 100644 --- a/go.mod +++ b/go.mod @@ -1,40 +1,44 @@ module github.com/veraison/ear -go 1.18 +go 1.23.0 + +toolchain go1.24.4 require ( github.com/huandu/xstrings v1.3.3 - github.com/lestrrat-go/jwx/v2 v2.0.6 + github.com/lestrrat-go/jwx/v3 v3.0.8 github.com/spf13/afero v1.9.2 github.com/spf13/cobra v1.6.1 github.com/spf13/viper v1.13.0 - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.10.0 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect - github.com/goccy/go-json v0.9.11 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect - github.com/lestrrat-go/blackmagic v1.0.1 // indirect + github.com/lestrrat-go/blackmagic v1.0.4 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.4 // indirect - github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/option v1.0.0 // indirect + github.com/lestrrat-go/httprc/v3 v3.0.0 // indirect + github.com/lestrrat-go/option v1.0.1 // indirect + github.com/lestrrat-go/option/v2 v2.0.0 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.5 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/segmentio/asm v1.2.0 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.4.1 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/text v0.14.0 // indirect + github.com/valyala/fastjson v1.6.4 // indirect + golang.org/x/crypto v0.39.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.26.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 436d6dd..6f9c40b 100644 --- a/go.sum +++ b/go.sum @@ -50,9 +50,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1owhMVTHFZIlnvd4= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -60,13 +59,14 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= -github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -104,6 +104,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -138,21 +139,23 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80= -github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA= +github.com/lestrrat-go/blackmagic v1.0.4/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8= -github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= -github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= -github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.6 h1:RlyYNLV892Ed7+FTfj1ROoF6x7WxL965PGTHso/60G0= -github.com/lestrrat-go/jwx/v2 v2.0.6/go.mod h1:aVrGuwEr3cp2Prw6TtQvr8sQxe+84gruID5C9TxT64Q= -github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4= -github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/lestrrat-go/httprc/v3 v3.0.0 h1:nZUx/zFg5uc2rhlu1L1DidGr5Sj02JbXvGSpnY4LMrc= +github.com/lestrrat-go/httprc/v3 v3.0.0/go.mod h1:k2U1QIiyVqAKtkffbg+cUmsyiPGQsb9aAfNQiNFuQ9Q= +github.com/lestrrat-go/jwx/v3 v3.0.8 h1:lOCHy+k4/mgRI8FkgkHO+NsUx1GXHHktGx0CIkFToyI= +github.com/lestrrat-go/jwx/v3 v3.0.8/go.mod h1:0P9rjqNMDOspNSetpKX86Go54jLSEwCh8ax4jQRGYL0= +github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= +github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss= +github.com/lestrrat-go/option/v2 v2.0.0/go.mod h1:oSySsmzMoR0iRzCDCaUfsCzxQHUEuhOViQObyy7S6Vg= github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -168,7 +171,10 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= +github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= @@ -189,10 +195,13 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= +github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -210,9 +219,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -277,7 +285,6 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -329,12 +336,11 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -342,9 +348,8 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/trustclaim.go b/trustclaim.go index 5bf5c8a..47d4b90 100644 --- a/trustclaim.go +++ b/trustclaim.go @@ -473,7 +473,8 @@ func (o TrustClaim) IsWarning() bool { func (o TrustClaim) IsContraindicated() bool { // contraindicated = [-128, -97] U [96, 127] - return (o >= -128 && o <= -97) || (o >= 96 && o <= 127) + // o is int8. i.e. math.MinInt8 < o < math.MaxInt8 + return (o <= -97) || (o >= 96) } func (o TrustClaim) detailsPrinter(dm detailsMap, short bool, color bool) string { diff --git a/trustclaim_test.go b/trustclaim_test.go index 7a66277..4270716 100644 --- a/trustclaim_test.go +++ b/trustclaim_test.go @@ -12,7 +12,7 @@ import ( ) var ( - ranges = map[string][]int{ + ranges = map[string][]int8{ "none": { -1, 0, 1, },