From e3ff39a754a2cedeaff84fc918d300255cfa0f18 Mon Sep 17 00:00:00 2001 From: kpcraig <3031348+kpcraig@users.noreply.github.com> Date: Tue, 21 May 2024 12:53:35 -0400 Subject: [PATCH] Revert "Update jose v4 (#248)" This reverts commit 337d7723748b06669d0b0aa0c88bf2efefe4834a. --- CHANGELOG.md | 3 ++- go.mod | 3 ++- go.sum | 6 ++++-- path_login.go | 12 +++--------- path_login_test.go | 4 ++-- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fb4fc6d..c37dbaaa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,10 @@ ## Unreleased ### Changes -* Updated `github.com/go-jose/go-jose/v3` and `github/go-jose/go-jose/v2` to v4.0.2 + * Updated dependencies * `github.com/docker/docker` v24.0.7+incompatible -> v24.0.9+incompatible + * `github.com/go-jose/go-jose/v3` v3.0.1 -> v3.0.3 * `github.com/hashicorp/cap` v0.4.1 -> v0.6.0 * `github.com/hashicorp/vault/api` v1.11.0 -> v1.12.2 * `github.com/hashicorp/vault/sdk` v0.10.2 -> v0.11.1 diff --git a/go.mod b/go.mod index d6c15a5f..a0ec5e2c 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,6 @@ go 1.21 toolchain go1.21.3 require ( - github.com/go-jose/go-jose/v4 v4.0.2 github.com/go-test/deep v1.1.0 github.com/hashicorp/cap v0.6.0 github.com/hashicorp/go-cleanhttp v0.5.2 @@ -16,6 +15,7 @@ require ( github.com/hashicorp/vault/api v1.12.2 github.com/hashicorp/vault/sdk v0.11.1 github.com/mitchellh/mapstructure v1.5.0 + gopkg.in/square/go-jose.v2 v2.6.0 k8s.io/api v0.29.3 k8s.io/apimachinery v0.29.3 ) @@ -34,6 +34,7 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.16.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect diff --git a/go.sum b/go.sum index 19917558..ce6570e2 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,8 @@ github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzP github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -360,6 +360,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= +gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/path_login.go b/path_login.go index 4c76917c..ca4a91d8 100644 --- a/path_login.go +++ b/path_login.go @@ -10,14 +10,14 @@ import ( "net/http" "strings" - "github.com/go-jose/go-jose/v4" - josejwt "github.com/go-jose/go-jose/v4/jwt" capjwt "github.com/hashicorp/cap/jwt" "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" + "gopkg.in/square/go-jose.v2" + josejwt "gopkg.in/square/go-jose.v2/jwt" ) const ( @@ -43,12 +43,6 @@ var supportedJwtAlgs = []capjwt.Alg{ capjwt.ES256, capjwt.ES384, capjwt.ES512, } -var allowedSignatureAlgs = []jose.SignatureAlgorithm{ - jose.RS256, - jose.ES256, - jose.HS256, -} - // pathLogin returns the path configurations for login endpoints func pathLogin(b *kubeAuthBackend) *framework.Path { return &framework.Path{ @@ -308,7 +302,7 @@ func (b *kubeAuthBackend) aliasLookahead(ctx context.Context, req *logical.Reque type DontVerifySignature struct{} func (keySet DontVerifySignature) VerifySignature(_ context.Context, token string) (map[string]interface{}, error) { - parsed, err := josejwt.ParseSigned(token, allowedSignatureAlgs) + parsed, err := josejwt.ParseSigned(token) if err != nil { return nil, err } diff --git a/path_login_test.go b/path_login_test.go index b6b682b5..acc3549d 100644 --- a/path_login_test.go +++ b/path_login_test.go @@ -21,11 +21,11 @@ import ( "testing" "time" - josejwt "github.com/go-jose/go-jose/v4/jwt" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" + josejwt "gopkg.in/square/go-jose.v2/jwt" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" ) @@ -1477,7 +1477,7 @@ func Test_kubeAuthBackend_getAliasName(t *testing.T) { t.Fatal(err) } - tok, err := josejwt.ParseSigned(s, allowedSignatureAlgs) + tok, err := josejwt.ParseSigned(s) if err != nil { t.Fatal(err) }