Skip to content

Commit

Permalink
Revert "Update jose v4 (#248)"
Browse files Browse the repository at this point in the history
This reverts commit 337d772.
  • Loading branch information
kpcraig committed May 21, 2024
1 parent 337d772 commit e3ff39a
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 15 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
## Unreleased

### Changes
* Updated `github.com/go-jose/go-jose/v3` and `github/go-jose/go-jose/v2` to v4.0.2

* Updated dependencies
* `github.com/docker/docker` v24.0.7+incompatible -> v24.0.9+incompatible
* `github.com/go-jose/go-jose/v3` v3.0.1 -> v3.0.3
* `github.com/hashicorp/cap` v0.4.1 -> v0.6.0
* `github.com/hashicorp/vault/api` v1.11.0 -> v1.12.2
* `github.com/hashicorp/vault/sdk` v0.10.2 -> v0.11.1
Expand Down
3 changes: 2 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ go 1.21
toolchain go1.21.3

require (
github.com/go-jose/go-jose/v4 v4.0.2
github.com/go-test/deep v1.1.0
github.com/hashicorp/cap v0.6.0
github.com/hashicorp/go-cleanhttp v0.5.2
Expand All @@ -16,6 +15,7 @@ require (
github.com/hashicorp/vault/api v1.12.2
github.com/hashicorp/vault/sdk v0.11.1
github.com/mitchellh/mapstructure v1.5.0
gopkg.in/square/go-jose.v2 v2.6.0
k8s.io/api v0.29.3
k8s.io/apimachinery v0.29.3
)
Expand All @@ -34,6 +34,7 @@ require (
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-jose/go-jose/v4 v4.0.1 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
Expand Down
6 changes: 4 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@ github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzP
github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
Expand Down Expand Up @@ -360,6 +360,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
Expand Down
12 changes: 3 additions & 9 deletions path_login.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ import (
"net/http"
"strings"

"github.com/go-jose/go-jose/v4"
josejwt "github.com/go-jose/go-jose/v4/jwt"
capjwt "github.com/hashicorp/cap/jwt"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/mapstructure"
"gopkg.in/square/go-jose.v2"
josejwt "gopkg.in/square/go-jose.v2/jwt"
)

const (
Expand All @@ -43,12 +43,6 @@ var supportedJwtAlgs = []capjwt.Alg{
capjwt.ES256, capjwt.ES384, capjwt.ES512,
}

var allowedSignatureAlgs = []jose.SignatureAlgorithm{
jose.RS256,
jose.ES256,
jose.HS256,
}

// pathLogin returns the path configurations for login endpoints
func pathLogin(b *kubeAuthBackend) *framework.Path {
return &framework.Path{
Expand Down Expand Up @@ -308,7 +302,7 @@ func (b *kubeAuthBackend) aliasLookahead(ctx context.Context, req *logical.Reque
type DontVerifySignature struct{}

func (keySet DontVerifySignature) VerifySignature(_ context.Context, token string) (map[string]interface{}, error) {
parsed, err := josejwt.ParseSigned(token, allowedSignatureAlgs)
parsed, err := josejwt.ParseSigned(token)
if err != nil {
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions path_login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ import (
"testing"
"time"

josejwt "github.com/go-jose/go-jose/v4/jwt"
"github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/helper/tokenutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/mapstructure"
josejwt "gopkg.in/square/go-jose.v2/jwt"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
)
Expand Down Expand Up @@ -1477,7 +1477,7 @@ func Test_kubeAuthBackend_getAliasName(t *testing.T) {
t.Fatal(err)
}

tok, err := josejwt.ParseSigned(s, allowedSignatureAlgs)
tok, err := josejwt.ParseSigned(s)
if err != nil {
t.Fatal(err)
}
Expand Down

0 comments on commit e3ff39a

Please sign in to comment.