From 67a7b4e57c5db11bcd78f76e57242c95e3972380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kriszti=C3=A1n=20G=C3=B6drei?= Date: Wed, 30 Aug 2023 09:09:01 +0200 Subject: [PATCH] Pull latest go-xcode (#15) * Update go-xcode * Add new files * Update go-xcode to v1.0.16 --- go.mod | 9 +- go.sum | 28 +- .../bitrise-io/go-pkcs12/.gitattributes | 10 + .../bitrise-io/go-pkcs12/.gitignore | 2 + .../bitrise-io/{pkcs12 => go-pkcs12}/LICENSE | 0 .../{pkcs12 => go-pkcs12}/README.md | 18 +- .../{pkcs12 => go-pkcs12}/bmp-string.go | 19 +- .../{pkcs12 => go-pkcs12}/crypto.go | 94 ++++- .../{pkcs12 => go-pkcs12}/errors.go | 0 .../{pkcs12 => go-pkcs12}/internal/rc2/rc2.go | 0 .../bitrise-io/{pkcs12 => go-pkcs12}/mac.go | 20 +- .../bitrise-io/{pkcs12 => go-pkcs12}/pbkdf.go | 11 +- .../{pkcs12 => go-pkcs12}/pkcs12.go | 323 +++++++++++++++--- .../{pkcs12 => go-pkcs12}/safebags.go | 0 .../bitrise-io/go-utils/command/file.go | 22 +- .../go-utils/errorutil/errorutil.go | 6 +- .../go-utils/log/internal_logger.go | 2 +- .../bitrise-io/go-utils/pathutil/pathutil.go | 2 +- vendor/github.com/bitrise-io/go-xcode/LICENSE | 21 ++ .../go-xcode/certificateutil/info_model.go | 2 +- .../go-xcode/certificateutil/util.go | 4 +- .../go-xcode/profileutil/capabilities.go | 3 + .../go-xcode/profileutil/info_model.go | 19 +- .../go-xcode/xcarchive/entitlements.go | 3 + .../bitrise-io/go-xcode/xcodebuild/build.go | 90 +++-- .../xcodebuild/resolve_package_deps.go | 85 +++++ .../xcodebuild/show_build_settings.go | 11 +- .../bitrise-io/go-xcode/xcodebuild/test.go | 20 +- .../xcodeproject/serialized/serialized.go | 15 + .../bitrise-io/pkcs12/renovate.json | 6 - vendor/golang.org/x/crypto/LICENSE | 27 ++ vendor/golang.org/x/crypto/PATENTS | 22 ++ vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 77 +++++ vendor/modules.txt | 17 +- 34 files changed, 822 insertions(+), 166 deletions(-) create mode 100644 vendor/github.com/bitrise-io/go-pkcs12/.gitattributes create mode 100644 vendor/github.com/bitrise-io/go-pkcs12/.gitignore rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/LICENSE (100%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/README.md (63%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/bmp-string.go (77%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/crypto.go (60%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/errors.go (100%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/internal/rc2/rc2.go (100%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/mac.go (70%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/pbkdf.go (96%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/pkcs12.go (60%) rename vendor/github.com/bitrise-io/{pkcs12 => go-pkcs12}/safebags.go (100%) create mode 100644 vendor/github.com/bitrise-io/go-xcode/LICENSE create mode 100644 vendor/github.com/bitrise-io/go-xcode/xcodebuild/resolve_package_deps.go delete mode 100644 vendor/github.com/bitrise-io/pkcs12/renovate.json create mode 100644 vendor/golang.org/x/crypto/LICENSE create mode 100644 vendor/golang.org/x/crypto/PATENTS create mode 100644 vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go diff --git a/go.mod b/go.mod index 1133e3c..f18ddc6 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,17 @@ module github.com/bitrise-steplib/steps-export-xcarchive-mac -go 1.17 +go 1.20 require ( - github.com/bitrise-io/go-utils v1.0.1 - github.com/bitrise-io/go-xcode v1.0.4 + github.com/bitrise-io/go-utils v1.0.9 + github.com/bitrise-io/go-xcode v1.0.16 ) require ( - github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 // indirect + github.com/bitrise-io/go-pkcs12 v0.0.0-20230815095624-feb898696e02 // indirect github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect github.com/pkg/errors v0.9.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect + golang.org/x/crypto v0.12.0 // indirect howett.net/plist v1.0.0 // indirect ) diff --git a/go.sum b/go.sum index 010f158..82a1da0 100644 --- a/go.sum +++ b/go.sum @@ -1,26 +1,19 @@ -github.com/bitrise-io/go-plist v0.0.0-20210301100253-4b1a112ccd10/go.mod h1:pARutiL3kEuRLV3JvswidvfCj+9Y3qMZtji2BDqLFsA= -github.com/bitrise-io/go-steputils v1.0.1/go.mod h1:YIUaQnIAyK4pCvQG0hYHVkSzKNT9uL2FWmkFNW4mfNI= -github.com/bitrise-io/go-utils v1.0.1 h1:e7mepVBkVN1DXRPESNXb0djEw6bxB6B93p/Q74zzcvk= -github.com/bitrise-io/go-utils v1.0.1/go.mod h1:ZY1DI+fEpZuFpO9szgDeICM4QbqoWVt0RSY3tRI1heY= -github.com/bitrise-io/go-xcode v1.0.4 h1:9i3VlaUX46LqdDKnjFd8aYRmzqUKp9wFKEoBYhNWfao= -github.com/bitrise-io/go-xcode v1.0.4/go.mod h1:Y0Wu2dXm0MilJ/4D3+gPHaNMlUcP+1DjIPoLPykq7wY= -github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 h1:kmvU8AxrNTxXsVPKepBHD8W+eCVmeaKyTkRuUJB2K38= -github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8/go.mod h1:UiXKNs0essbC14a2TvGlnUKo9isP9m4guPrp8KJHJpU= +github.com/bitrise-io/go-pkcs12 v0.0.0-20230815095624-feb898696e02 h1:DoXD85rP+di4sJplai0Fyvvt0HBK7umrqVHTGBnkaaQ= +github.com/bitrise-io/go-pkcs12 v0.0.0-20230815095624-feb898696e02/go.mod h1:R3yKQBGvbDTB/B173ZV/MnRfn6AERDUVeWxH8ZtwXcY= +github.com/bitrise-io/go-utils v1.0.9 h1:wy7FewUpseNSTZr41BbGH0csfFqzptFt4zy2pOAEOg0= +github.com/bitrise-io/go-utils v1.0.9/go.mod h1:ZY1DI+fEpZuFpO9szgDeICM4QbqoWVt0RSY3tRI1heY= +github.com/bitrise-io/go-xcode v1.0.16 h1:G1IItfD2dvPNm7MLIWXFQHNPcafMVnw83M1lqCUH5L4= +github.com/bitrise-io/go-xcode v1.0.16/go.mod h1:9OwsvrhZ4A2JxHVoEY7CPcABAKA+OE7FQqFfBfvbFuY= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -31,9 +24,11 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -42,15 +37,12 @@ golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= diff --git a/vendor/github.com/bitrise-io/go-pkcs12/.gitattributes b/vendor/github.com/bitrise-io/go-pkcs12/.gitattributes new file mode 100644 index 0000000..d2f212e --- /dev/null +++ b/vendor/github.com/bitrise-io/go-pkcs12/.gitattributes @@ -0,0 +1,10 @@ +# Treat all files in this repo as binary, with no git magic updating +# line endings. Windows users contributing to Go will need to use a +# modern version of git and editors capable of LF line endings. +# +# We'll prevent accidental CRLF line endings from entering the repo +# via the git-review gofmt checks. +# +# See golang.org/issue/9281 + +* -text diff --git a/vendor/github.com/bitrise-io/go-pkcs12/.gitignore b/vendor/github.com/bitrise-io/go-pkcs12/.gitignore new file mode 100644 index 0000000..8339fd6 --- /dev/null +++ b/vendor/github.com/bitrise-io/go-pkcs12/.gitignore @@ -0,0 +1,2 @@ +# Add no patterns to .hgignore except for files generated by the build. +last-change diff --git a/vendor/github.com/bitrise-io/pkcs12/LICENSE b/vendor/github.com/bitrise-io/go-pkcs12/LICENSE similarity index 100% rename from vendor/github.com/bitrise-io/pkcs12/LICENSE rename to vendor/github.com/bitrise-io/go-pkcs12/LICENSE diff --git a/vendor/github.com/bitrise-io/pkcs12/README.md b/vendor/github.com/bitrise-io/go-pkcs12/README.md similarity index 63% rename from vendor/github.com/bitrise-io/pkcs12/README.md rename to vendor/github.com/bitrise-io/go-pkcs12/README.md index f10f9f1..4a45f95 100644 --- a/vendor/github.com/bitrise-io/pkcs12/README.md +++ b/vendor/github.com/bitrise-io/go-pkcs12/README.md @@ -1,21 +1,26 @@ # package pkcs12 -[![GoDoc](https://godoc.org/software.sslmate.com/src/go-pkcs12?status.svg)](https://godoc.org/software.sslmate.com/src/go-pkcs12) +## Fork info + +This is a fork of https://github.com/SSLMate/go-pkcs12 that adds support for https://github.com/bitrise-io/go-pkcs12/pull/1 + +[![Documentation](https://pkg.go.dev/badge/software.sslmate.com/src/go-pkcs12)](https://pkg.go.dev/software.sslmate.com/src/go-pkcs12) import "software.sslmate.com/src/go-pkcs12" Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX). -It is intended for decoding P12/PFX files for use with the `crypto/tls` +It is intended for decoding DER-encoded P12/PFX files for use with the `crypto/tls` package, and for encoding P12/PFX files for use by legacy applications which do not support newer formats. Since PKCS#12 uses weak encryption primitives, it SHOULD NOT be used for new applications. +Note that only DER-encoded PKCS#12 files are supported, even though PKCS#12 +allows BER encoding. This is because encoding/asn1 only supports DER. + This package is forked from `golang.org/x/crypto/pkcs12`, which is frozen. The implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. -This repository holds supplementary Go cryptography libraries. - ## Import Path Note that although the source code and issue tracker for this package are hosted @@ -25,11 +30,6 @@ on GitHub, the import path is: Please be sure to use this path when you `go get` and `import` this package. -## Download/Install - -The easiest way to install is to run `go get -u software.sslmate.com/src/go-pkcs12`. You -can also manually git clone the repository to `$GOPATH/src/software.sslmate.com/src/go-pkcs12`. - ## Report Issues / Send Patches Open an issue or PR at https://github.com/SSLMate/go-pkcs12 diff --git a/vendor/github.com/bitrise-io/pkcs12/bmp-string.go b/vendor/github.com/bitrise-io/go-pkcs12/bmp-string.go similarity index 77% rename from vendor/github.com/bitrise-io/pkcs12/bmp-string.go rename to vendor/github.com/bitrise-io/go-pkcs12/bmp-string.go index 233b8b6..2bfbf2e 100644 --- a/vendor/github.com/bitrise-io/pkcs12/bmp-string.go +++ b/vendor/github.com/bitrise-io/go-pkcs12/bmp-string.go @@ -9,14 +9,27 @@ import ( "unicode/utf16" ) -// bmpString returns s encoded in UCS-2 with a zero terminator. +// bmpStringZeroTerminated returns s encoded in UCS-2 with a zero terminator. +func bmpStringZeroTerminated(s string) ([]byte, error) { + // References: + // https://tools.ietf.org/html/rfc7292#appendix-B.1 + // The above RFC provides the info that BMPStrings are NULL terminated. + + ret, err := bmpString(s) + if err != nil { + return nil, err + } + + return append(ret, 0, 0), nil +} + +// bmpString returns s encoded in UCS-2 func bmpString(s string) ([]byte, error) { // References: // https://tools.ietf.org/html/rfc7292#appendix-B.1 // https://en.wikipedia.org/wiki/Plane_(Unicode)#Basic_Multilingual_Plane // - non-BMP characters are encoded in UTF 16 by using a surrogate pair of 16-bit codes // EncodeRune returns 0xfffd if the rune does not need special encoding - // - the above RFC provides the info that BMPStrings are NULL terminated. ret := make([]byte, 0, 2*len(s)+2) @@ -27,7 +40,7 @@ func bmpString(s string) ([]byte, error) { ret = append(ret, byte(r/256), byte(r%256)) } - return append(ret, 0, 0), nil + return ret, nil } func decodeBMPString(bmpString []byte) (string, error) { diff --git a/vendor/github.com/bitrise-io/pkcs12/crypto.go b/vendor/github.com/bitrise-io/go-pkcs12/crypto.go similarity index 60% rename from vendor/github.com/bitrise-io/pkcs12/crypto.go rename to vendor/github.com/bitrise-io/go-pkcs12/crypto.go index 1709b51..e948ff5 100644 --- a/vendor/github.com/bitrise-io/pkcs12/crypto.go +++ b/vendor/github.com/bitrise-io/go-pkcs12/crypto.go @@ -7,18 +7,28 @@ package pkcs12 import ( "bytes" + "crypto/aes" "crypto/cipher" "crypto/des" + "crypto/sha1" + "crypto/sha256" "crypto/x509/pkix" "encoding/asn1" "errors" + "hash" - "github.com/bitrise-io/pkcs12/internal/rc2" + "golang.org/x/crypto/pbkdf2" + "github.com/bitrise-io/go-pkcs12/internal/rc2" ) var ( oidPBEWithSHAAnd3KeyTripleDESCBC = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 3}) oidPBEWithSHAAnd40BitRC2CBC = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 6}) + oidPBES2 = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 5, 13}) + oidPBKDF2 = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 5, 12}) + oidHmacWithSHA1 = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 2, 7}) + oidHmacWithSHA256 = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 2, 9}) + oidAES256CBC = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 1, 42}) ) // pbeCipher is an abstraction of a PKCS#12 cipher. @@ -72,6 +82,17 @@ func pbeCipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher.B cipherType = shaWithTripleDESCBC{} case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC): cipherType = shaWith40BitRC2CBC{} + case algorithm.Algorithm.Equal(oidPBES2): + // rfc7292#appendix-B.1 (the original PKCS#12 PBE) requires passwords formatted as BMPStrings. + // However, rfc8018#section-3 recommends that the password for PBES2 follow ASCII or UTF-8. + // This is also what Windows expects. + // Therefore, we convert the password to UTF-8. + originalPassword, err := decodeBMPString(password) + if err != nil { + return nil, nil, err + } + utf8Password := []byte(originalPassword) + return pbes2CipherFor(algorithm, utf8Password) default: return nil, nil, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported") } @@ -134,6 +155,77 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error) return } +// PBES2-params ::= SEQUENCE { +// keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, +// encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} +// } +type pbes2Params struct { + Kdf pkix.AlgorithmIdentifier + EncryptionScheme pkix.AlgorithmIdentifier +} + +// PBKDF2-params ::= SEQUENCE { +// salt CHOICE { +// specified OCTET STRING, +// otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} +// }, +// iterationCount INTEGER (1..MAX), +// keyLength INTEGER (1..MAX) OPTIONAL, +// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT +// algid-hmacWithSHA1 +// } +type pbkdf2Params struct { + Salt asn1.RawValue + Iterations int + KeyLength int `asn1:"optional"` + Prf pkix.AlgorithmIdentifier +} + +func pbes2CipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher.Block, []byte, error) { + var params pbes2Params + if err := unmarshal(algorithm.Parameters.FullBytes, ¶ms); err != nil { + return nil, nil, err + } + + if !params.Kdf.Algorithm.Equal(oidPBKDF2) { + return nil, nil, NotImplementedError("kdf algorithm " + params.Kdf.Algorithm.String() + " is not supported") + } + + var kdfParams pbkdf2Params + if err := unmarshal(params.Kdf.Parameters.FullBytes, &kdfParams); err != nil { + return nil, nil, err + } + if kdfParams.Salt.Tag != asn1.TagOctetString { + return nil, nil, errors.New("pkcs12: only octet string salts are supported for pbkdf2") + } + + var prf func() hash.Hash + switch { + case kdfParams.Prf.Algorithm.Equal(oidHmacWithSHA256): + prf = sha256.New + case kdfParams.Prf.Algorithm.Equal(oidHmacWithSHA1): + prf = sha1.New + case kdfParams.Prf.Algorithm.Equal(asn1.ObjectIdentifier([]int{})): + prf = sha1.New + } + + key := pbkdf2.Key(password, kdfParams.Salt.Bytes, kdfParams.Iterations, 32, prf) + iv := params.EncryptionScheme.Parameters.Bytes + + var block cipher.Block + switch { + case params.EncryptionScheme.Algorithm.Equal(oidAES256CBC): + b, err := aes.NewCipher(key) + if err != nil { + return nil, nil, err + } + block = b + default: + return nil, nil, NotImplementedError("pbes2 algorithm " + params.EncryptionScheme.Algorithm.String() + " is not supported") + } + return block, iv, nil +} + // decryptable abstracts an object that contains ciphertext. type decryptable interface { Algorithm() pkix.AlgorithmIdentifier diff --git a/vendor/github.com/bitrise-io/pkcs12/errors.go b/vendor/github.com/bitrise-io/go-pkcs12/errors.go similarity index 100% rename from vendor/github.com/bitrise-io/pkcs12/errors.go rename to vendor/github.com/bitrise-io/go-pkcs12/errors.go diff --git a/vendor/github.com/bitrise-io/pkcs12/internal/rc2/rc2.go b/vendor/github.com/bitrise-io/go-pkcs12/internal/rc2/rc2.go similarity index 100% rename from vendor/github.com/bitrise-io/pkcs12/internal/rc2/rc2.go rename to vendor/github.com/bitrise-io/go-pkcs12/internal/rc2/rc2.go diff --git a/vendor/github.com/bitrise-io/pkcs12/mac.go b/vendor/github.com/bitrise-io/go-pkcs12/mac.go similarity index 70% rename from vendor/github.com/bitrise-io/pkcs12/mac.go rename to vendor/github.com/bitrise-io/go-pkcs12/mac.go index b7b05de..b8a3439 100644 --- a/vendor/github.com/bitrise-io/pkcs12/mac.go +++ b/vendor/github.com/bitrise-io/go-pkcs12/mac.go @@ -8,8 +8,10 @@ package pkcs12 import ( "crypto/hmac" "crypto/sha1" + "crypto/sha256" "crypto/x509/pkix" "encoding/asn1" + "hash" ) type macData struct { @@ -25,17 +27,25 @@ type digestInfo struct { } var ( - oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) + oidSHA1 = asn1.ObjectIdentifier([]int{1, 3, 14, 3, 2, 26}) + oidSHA256 = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 101, 3, 4, 2, 1}) ) func verifyMac(macData *macData, message, password []byte) error { - if !macData.Mac.Algorithm.Algorithm.Equal(oidSHA1) { + var hFn func() hash.Hash + var key []byte + switch { + case macData.Mac.Algorithm.Algorithm.Equal(oidSHA1): + hFn = sha1.New + key = pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20) + case macData.Mac.Algorithm.Algorithm.Equal(oidSHA256): + hFn = sha256.New + key = pbkdf(sha256Sum, 32, 64, macData.MacSalt, password, macData.Iterations, 3, 32) + default: return NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String()) } - key := pbkdf(sha1Sum, 20, 64, macData.MacSalt, password, macData.Iterations, 3, 20) - - mac := hmac.New(sha1.New, key) + mac := hmac.New(hFn, key) mac.Write(message) expectedMAC := mac.Sum(nil) diff --git a/vendor/github.com/bitrise-io/pkcs12/pbkdf.go b/vendor/github.com/bitrise-io/go-pkcs12/pbkdf.go similarity index 96% rename from vendor/github.com/bitrise-io/pkcs12/pbkdf.go rename to vendor/github.com/bitrise-io/go-pkcs12/pbkdf.go index 5c419d4..e6e0c62 100644 --- a/vendor/github.com/bitrise-io/pkcs12/pbkdf.go +++ b/vendor/github.com/bitrise-io/go-pkcs12/pbkdf.go @@ -7,6 +7,7 @@ package pkcs12 import ( "bytes" "crypto/sha1" + "crypto/sha256" "math/big" ) @@ -20,6 +21,12 @@ func sha1Sum(in []byte) []byte { return sum[:] } +// sha256Sum returns the SHA-256 hash of in. +func sha256Sum(in []byte) []byte { + sum := sha256.Sum256(in) + return sum[:] +} + // fillWithRepeats returns v*ceiling(len(pattern) / v) bytes consisting of // repeats of pattern. func fillWithRepeats(pattern []byte, v int) []byte { @@ -102,7 +109,7 @@ func pbkdf(hash func([]byte) []byte, u, v int, salt, password []byte, r int, ID c := (size + u - 1) / u // 6. For i=1, 2, ..., c, do the following: - A := make([]byte, c*20) + A := make([]byte, c*u) var IjBuf []byte for i := 0; i < c; i++ { // A. Set A2=H^r(D||I). (i.e., the r-th hash of D||1, @@ -111,7 +118,7 @@ func pbkdf(hash func([]byte) []byte, u, v int, salt, password []byte, r int, ID for j := 1; j < r; j++ { Ai = hash(Ai) } - copy(A[i*20:], Ai[:]) + copy(A[i*u:], Ai[:]) if i < c-1 { // skip on last iteration // B. Concatenate copies of Ai to create a string B of length v diff --git a/vendor/github.com/bitrise-io/pkcs12/pkcs12.go b/vendor/github.com/bitrise-io/go-pkcs12/pkcs12.go similarity index 60% rename from vendor/github.com/bitrise-io/pkcs12/pkcs12.go rename to vendor/github.com/bitrise-io/go-pkcs12/pkcs12.go index c257a3e..f2f2d8d 100644 --- a/vendor/github.com/bitrise-io/pkcs12/pkcs12.go +++ b/vendor/github.com/bitrise-io/go-pkcs12/pkcs12.go @@ -4,15 +4,18 @@ // license that can be found in the LICENSE file. // Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX). -// It is intended for decoding P12/PFX files for use with the crypto/tls +// It is intended for decoding DER-encoded P12/PFX files for use with the crypto/tls // package, and for encoding P12/PFX files for use by legacy applications which // do not support newer formats. Since PKCS#12 uses weak encryption // primitives, it SHOULD NOT be used for new applications. // +// Note that only DER-encoded PKCS#12 files are supported, even though PKCS#12 +// allows BER encoding. This is because encoding/asn1 only supports DER. +// // This package is forked from golang.org/x/crypto/pkcs12, which is frozen. // The implementation is distilled from https://tools.ietf.org/html/rfc7292 // and referenced documents. -package pkcs12 +package pkcs12 // import "software.sslmate.com/src/go-pkcs12" import ( "crypto/ecdsa" @@ -24,6 +27,7 @@ import ( "encoding/hex" "encoding/pem" "errors" + "fmt" "io" ) @@ -40,6 +44,9 @@ var ( oidFriendlyName = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 20}) oidLocalKeyID = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21}) oidMicrosoftCSPName = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 311, 17, 1}) + + oidJavaTrustStore = asn1.ObjectIdentifier([]int{2, 16, 840, 1, 113894, 746875, 1, 1}) + oidAnyExtendedKeyUsage = asn1.ObjectIdentifier([]int{2, 5, 29, 37, 0}) ) type pfxPdu struct { @@ -78,6 +85,15 @@ type safeBag struct { Attributes []pkcs12Attribute `asn1:"set,optional"` } +func (bag *safeBag) hasAttribute(id asn1.ObjectIdentifier) bool { + for _, attr := range bag.Attributes { + if attr.Id.Equal(id) { + return true + } + } + return false +} + type pkcs12Attribute struct { Id asn1.ObjectIdentifier Value asn1.RawValue `asn1:"set"` @@ -120,17 +136,18 @@ func unmarshal(in []byte, out interface{}) error { } // ToPEM converts all "safe bags" contained in pfxData to PEM blocks. -// DO NOT USE THIS FUNCTION. ToPEM creates invalid PEM blocks; private keys +// +// Deprecated: ToPEM creates invalid PEM blocks (private keys // are encoded as raw RSA or EC private keys rather than PKCS#8 despite being -// labeled "PRIVATE KEY". To decode a PKCS#12 file, use DecodeChain instead, -// and use the encoding/pem package to convert to PEM if necessary. +// labeled "PRIVATE KEY"). To decode a PKCS#12 file, use [DecodeChain] instead, +// and use the [encoding/pem] package to convert to PEM if necessary. func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) { - encodedPassword, err := bmpString(password) + encodedPassword, err := bmpStringZeroTerminated(password) if err != nil { return nil, ErrIncorrectPassword } - bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword) + bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2) if err != nil { return nil, err @@ -229,10 +246,10 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error) return key, value, nil } -// Decode extracts a certificate and private key from pfxData. This function +// Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file. This function // assumes that there is only one certificate and only one private key in the // pfxData. Since PKCS#12 files often contain more than one certificate, you -// probably want to use DecodeChain instead. +// probably want to use [DecodeChain] or [DecodeAll] instead. func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) { var caCerts []*x509.Certificate privateKey, certificate, caCerts, err = DecodeChain(pfxData, password) @@ -243,51 +260,76 @@ func Decode(pfxData []byte, password string) (privateKey interface{}, certificat } // DecodeChain extracts a certificate, a CA certificate chain, and private key -// from pfxData. This function assumes that there is at least one certificate +// from pfxData, which must be a DER-encoded PKCS#12 file. This function assumes that there is at least one certificate // and only one private key in the pfxData. The first certificate is assumed to // be the leaf certificate, and subsequent certificates, if any, are assumed to // comprise the CA certificate chain. func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, err error) { - certificates, privateKeys, err := DecodeAll(pfxData, password) + encodedPassword, err := bmpStringZeroTerminated(password) if err != nil { return nil, nil, nil, err } - if len(certificates) == 0 { - return nil, nil, nil, errors.New("pkcs12: certificate missing") + bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2) + if err != nil { + return nil, nil, nil, err } - certificate = certificates[0] - if len(certificates) > 1 { - caCerts = certificates[1:] + for _, bag := range bags { + switch { + case bag.Id.Equal(oidCertBag): + certsData, err := decodeCertBag(bag.Value.Bytes) + if err != nil { + return nil, nil, nil, err + } + certs, err := x509.ParseCertificates(certsData) + if err != nil { + return nil, nil, nil, err + } + if len(certs) != 1 { + err = errors.New("pkcs12: expected exactly one certificate in the certBag") + return nil, nil, nil, err + } + if certificate == nil { + certificate = certs[0] + } else { + caCerts = append(caCerts, certs[0]) + } + + case bag.Id.Equal(oidPKCS8ShroundedKeyBag): + if privateKey != nil { + err = errors.New("pkcs12: expected exactly one key bag") + return nil, nil, nil, err + } + + if privateKey, err = decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword); err != nil { + return nil, nil, nil, err + } + } } - if len(privateKeys) == 0 { - return nil, nil, nil, errors.New("pkcs12: private key missing") + if certificate == nil { + return nil, nil, nil, errors.New("pkcs12: certificate missing") } - if len(privateKeys) > 1 { - return nil, nil, nil, errors.New("pkcs12: expected exactly one key bag") + if privateKey == nil { + return nil, nil, nil, errors.New("pkcs12: private key missing") } - privateKey = privateKeys[0] - return } -// DecodeAll extracts all certificates and private keys from pfxData. -func DecodeAll(pfxData []byte, password string) ([]*x509.Certificate, []interface{}, error) { - encodedPassword, err := bmpString(password) +// DecodeAll extracts all certificates and private keys from pfxData. This behaves the same as [Decode], but can be used with +// PKCS#12 files containing multiple (unrelated) certificates. +func DecodeAll(pfxData []byte, password string) (privateKeys []interface{}, certificates []*x509.Certificate, err error) { + encodedPassword, err := bmpStringZeroTerminated(password) if err != nil { return nil, nil, err } - bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword) + bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 2) if err != nil { return nil, nil, err } - - var certificates []*x509.Certificate - var privateKeys []interface{} for _, bag := range bags { switch { case bag.Id.Equal(oidCertBag): @@ -314,10 +356,54 @@ func DecodeAll(pfxData []byte, password string) ([]*x509.Certificate, []interfac } } - return certificates, privateKeys, nil + return +} + +// DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded +// PKCS#12 file containing exclusively certificates with attribute 2.16.840.1.113894.746875.1.1, +// which is used by Java to designate a trust anchor. +func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error) { + encodedPassword, err := bmpStringZeroTerminated(password) + if err != nil { + return nil, err + } + + bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword, 1) + if err != nil { + return nil, err + } + + for _, bag := range bags { + switch { + case bag.Id.Equal(oidCertBag): + if !bag.hasAttribute(oidJavaTrustStore) { + return nil, errors.New("pkcs12: trust store contains a certificate that is not marked as trusted") + } + certsData, err := decodeCertBag(bag.Value.Bytes) + if err != nil { + return nil, err + } + parsedCerts, err := x509.ParseCertificates(certsData) + if err != nil { + return nil, err + } + + if len(parsedCerts) != 1 { + err = errors.New("pkcs12: expected exactly one certificate in the certBag") + return nil, err + } + + certs = append(certs, parsedCerts[0]) + + default: + return nil, errors.New("pkcs12: expected only certificate bags") + } + } + + return } -func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword []byte, err error) { +func getSafeContents(p12Data, password []byte, expectedItems int) (bags []safeBag, updatedPassword []byte, err error) { pfx := new(pfxPdu) if err := unmarshal(p12Data, pfx); err != nil { return nil, nil, errors.New("pkcs12: error reading P12 data: " + err.Error()) @@ -337,10 +423,10 @@ func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword } if len(pfx.MacData.Mac.Algorithm.Algorithm) == 0 { - return nil, nil, errors.New("pkcs12: no MAC in data") - } - - if err := verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password); err != nil { + if !(len(password) == 2 && password[0] == 0 && password[1] == 0) { + return nil, nil, errors.New("pkcs12: no MAC in data") + } + } else if err := verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password); err != nil { if err == ErrIncorrectPassword && len(password) == 2 && password[0] == 0 && password[1] == 0 { // some implementations use an empty byte array // for the empty string password try one more @@ -358,8 +444,8 @@ func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword return nil, nil, err } - if len(authenticatedSafe) != 2 { - return nil, nil, NotImplementedError("expected exactly two items in the authenticated safe") + if len(authenticatedSafe) != expectedItems { + return nil, nil, NotImplementedError(fmt.Sprintf("expected exactly %d items in the authenticated safe", expectedItems)) } for _, ci := range authenticatedSafe { @@ -401,11 +487,11 @@ func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword // // The private key is encrypted with the provided password, but due to the // weak encryption primitives used by PKCS#12, it is RECOMMENDED that you -// specify a hard-coded password (such as pkcs12.DefaultPassword) and protect +// specify a hard-coded password (such as [DefaultPassword]) and protect // the resulting pfxData using other means. // // The rand argument is used to provide entropy for the encryption, and -// can be set to rand.Reader from the crypto/rand package. +// can be set to [crypto/rand.Reader]. // // Encode emulates the behavior of OpenSSL's PKCS12_create: it creates two // SafeContents: one that's encrypted with RC2 and contains the certificates, @@ -414,7 +500,7 @@ func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword // LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity // certificate. func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) { - encodedPassword, err := bmpString(password) + encodedPassword, err := bmpStringZeroTerminated(password) if err != nil { return nil, err } @@ -497,6 +583,163 @@ func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificat return } +// EncodeTrustStore produces pfxData containing any number of CA certificates +// (certs) to be trusted. The certificates will be marked with a special OID that +// allow it to be used as a Java TrustStore in Java 1.8 and newer. +// +// Due to the weak encryption primitives used by PKCS#12, it is RECOMMENDED that +// you specify a hard-coded password (such as [DefaultPassword]) and protect +// the resulting pfxData using other means. +// +// The rand argument is used to provide entropy for the encryption, and +// can be set to [crypto/rand.Reader]. +// +// EncodeTrustStore creates a single SafeContents that's encrypted with RC2 +// and contains the certificates. +// +// The Subject of the certificates are used as the Friendly Names (Aliases) +// within the resulting pfxData. If certificates share a Subject, then the +// resulting Friendly Names (Aliases) will be identical, which Java may treat as +// the same entry when used as a Java TrustStore, e.g. with `keytool`. To +// customize the Friendly Names, use [EncodeTrustStoreEntries]. +func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) { + var certsWithFriendlyNames []TrustStoreEntry + for _, cert := range certs { + certsWithFriendlyNames = append(certsWithFriendlyNames, TrustStoreEntry{ + Cert: cert, + FriendlyName: cert.Subject.String(), + }) + } + return EncodeTrustStoreEntries(rand, certsWithFriendlyNames, password) +} + +// TrustStoreEntry represents an entry in a Java TrustStore. +type TrustStoreEntry struct { + Cert *x509.Certificate + FriendlyName string +} + +// EncodeTrustStoreEntries produces pfxData containing any number of CA +// certificates (entries) to be trusted. The certificates will be marked with a +// special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer. +// +// This is identical to [EncodeTrustStore], but also allows for setting specific +// Friendly Names (Aliases) to be used per certificate, by specifying a slice +// of TrustStoreEntry. +// +// If the same Friendly Name is used for more than one certificate, then the +// resulting Friendly Names (Aliases) in the pfxData will be identical, which Java +// may treat as the same entry when used as a Java TrustStore, e.g. with `keytool`. +// +// Due to the weak encryption primitives used by PKCS#12, it is RECOMMENDED that +// you specify a hard-coded password (such as [DefaultPassword]) and protect +// the resulting pfxData using other means. +// +// The rand argument is used to provide entropy for the encryption, and +// can be set to [crypto/rand.Reader]. +// +// EncodeTrustStoreEntries creates a single SafeContents that's encrypted +// with RC2 and contains the certificates. +func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string) (pfxData []byte, err error) { + encodedPassword, err := bmpStringZeroTerminated(password) + if err != nil { + return nil, err + } + + var pfx pfxPdu + pfx.Version = 3 + + var certAttributes []pkcs12Attribute + + extKeyUsageOidBytes, err := asn1.Marshal(oidAnyExtendedKeyUsage) + if err != nil { + return nil, err + } + + // the oidJavaTrustStore attribute contains the EKUs for which + // this trust anchor will be valid + certAttributes = append(certAttributes, pkcs12Attribute{ + Id: oidJavaTrustStore, + Value: asn1.RawValue{ + Class: 0, + Tag: 17, + IsCompound: true, + Bytes: extKeyUsageOidBytes, + }, + }) + + var certBags []safeBag + for _, entry := range entries { + + bmpFriendlyName, err := bmpString(entry.FriendlyName) + if err != nil { + return nil, err + } + + encodedFriendlyName, err := asn1.Marshal(asn1.RawValue{ + Class: 0, + Tag: 30, + IsCompound: false, + Bytes: bmpFriendlyName, + }) + if err != nil { + return nil, err + } + + friendlyName := pkcs12Attribute{ + Id: oidFriendlyName, + Value: asn1.RawValue{ + Class: 0, + Tag: 17, + IsCompound: true, + Bytes: encodedFriendlyName, + }, + } + + certBag, err := makeCertBag(entry.Cert.Raw, append(certAttributes, friendlyName)) + if err != nil { + return nil, err + } + certBags = append(certBags, *certBag) + } + + // Construct an authenticated safe with one SafeContent. + // The SafeContents is encrypted and contains the cert bags. + var authenticatedSafe [1]contentInfo + if authenticatedSafe[0], err = makeSafeContents(rand, certBags, encodedPassword); err != nil { + return nil, err + } + + var authenticatedSafeBytes []byte + if authenticatedSafeBytes, err = asn1.Marshal(authenticatedSafe[:]); err != nil { + return nil, err + } + + // compute the MAC + pfx.MacData.Mac.Algorithm.Algorithm = oidSHA1 + pfx.MacData.MacSalt = make([]byte, 8) + if _, err = rand.Read(pfx.MacData.MacSalt); err != nil { + return nil, err + } + pfx.MacData.Iterations = 1 + if err = computeMac(&pfx.MacData, authenticatedSafeBytes, encodedPassword); err != nil { + return nil, err + } + + pfx.AuthSafe.ContentType = oidDataContentType + pfx.AuthSafe.Content.Class = 2 + pfx.AuthSafe.Content.Tag = 0 + pfx.AuthSafe.Content.IsCompound = true + if pfx.AuthSafe.Content.Bytes, err = asn1.Marshal(authenticatedSafeBytes); err != nil { + return nil, err + } + + if pfxData, err = asn1.Marshal(pfx); err != nil { + return nil, errors.New("pkcs12: error writing P12 data: " + err.Error()) + } + return +} + func makeCertBag(certBytes []byte, attributes []pkcs12Attribute) (certBag *safeBag, err error) { certBag = new(safeBag) certBag.Id = oidCertBag diff --git a/vendor/github.com/bitrise-io/pkcs12/safebags.go b/vendor/github.com/bitrise-io/go-pkcs12/safebags.go similarity index 100% rename from vendor/github.com/bitrise-io/pkcs12/safebags.go rename to vendor/github.com/bitrise-io/go-pkcs12/safebags.go diff --git a/vendor/github.com/bitrise-io/go-utils/command/file.go b/vendor/github.com/bitrise-io/go-utils/command/file.go index 6b22172..f1a2445 100644 --- a/vendor/github.com/bitrise-io/go-utils/command/file.go +++ b/vendor/github.com/bitrise-io/go-utils/command/file.go @@ -2,12 +2,28 @@ package command import ( "errors" + "fmt" "os" + "os/exec" "strings" "github.com/bitrise-io/go-utils/pathutil" ) +func runCommand(name string, args ...string) error { + cmd := exec.Command(name, args...) + if out, err := cmd.CombinedOutput(); err != nil { + printableCmd := PrintableCommandArgs(false, append([]string{name}, args...)) + + var exitErr *exec.ExitError + if errors.As(err, &exitErr) { + return fmt.Errorf("command failed with exit status %d (%s): %w", exitErr.ExitCode(), printableCmd, errors.New(string(out))) + } + return fmt.Errorf("executing command failed (%s): %w", printableCmd, err) + } + return nil +} + // CopyFile ... func CopyFile(src, dst string) error { // replace with a pure Go implementation? @@ -17,10 +33,10 @@ func CopyFile(src, dst string) error { return err } if isDir { - return errors.New("Source is a directory: " + src) + return errors.New("source is a directory: " + src) } args := []string{src, dst} - return RunCommand("rsync", args...) + return runCommand("rsync", args...) } // CopyDir ... @@ -29,7 +45,7 @@ func CopyDir(src, dst string, isOnlyContent bool) error { src = src + "/" } args := []string{"-ar", src, dst} - return RunCommand("rsync", args...) + return runCommand("rsync", args...) } // RemoveDir ... diff --git a/vendor/github.com/bitrise-io/go-utils/errorutil/errorutil.go b/vendor/github.com/bitrise-io/go-utils/errorutil/errorutil.go index dd5f8d2..d7d8955 100644 --- a/vendor/github.com/bitrise-io/go-utils/errorutil/errorutil.go +++ b/vendor/github.com/bitrise-io/go-utils/errorutil/errorutil.go @@ -2,12 +2,14 @@ package errorutil import ( + "errors" "os/exec" "regexp" ) func exitCode(err error) int { - if exitError, ok := err.(*exec.ExitError); ok { + var exitError *exec.ExitError + if errors.As(err, &exitError) { return exitError.ProcessState.ExitCode() } return -1 @@ -22,7 +24,7 @@ func IsExitStatusError(err error) bool { func IsExitStatusErrorStr(errString string) bool { // https://golang.org/src/os/exec_posix.go?s=2421:2459#L87 // example exit status error string: exit status 1 - var rex = regexp.MustCompile(`^exit status [0-9]{1,3}$`) + var rex = regexp.MustCompile(`^exit status \d{1,3}$`) return rex.MatchString(errString) } diff --git a/vendor/github.com/bitrise-io/go-utils/log/internal_logger.go b/vendor/github.com/bitrise-io/go-utils/log/internal_logger.go index 245f995..ff9ac66 100644 --- a/vendor/github.com/bitrise-io/go-utils/log/internal_logger.go +++ b/vendor/github.com/bitrise-io/go-utils/log/internal_logger.go @@ -10,7 +10,7 @@ import ( ) var ( - analyticsServerURL = "https://bitrise-step-analytics.herokuapp.com" + analyticsServerURL = "https://step-analytics.bitrise.io" httpClient = http.Client{ Timeout: time.Second * 5, } diff --git a/vendor/github.com/bitrise-io/go-utils/pathutil/pathutil.go b/vendor/github.com/bitrise-io/go-utils/pathutil/pathutil.go index 947c97c..822aa0d 100644 --- a/vendor/github.com/bitrise-io/go-utils/pathutil/pathutil.go +++ b/vendor/github.com/bitrise-io/go-utils/pathutil/pathutil.go @@ -44,7 +44,7 @@ func UserHomeDir() string { func EnsureDirExist(dir string) error { exist, err := IsDirExists(dir) if !exist || err != nil { - return os.MkdirAll(dir, 0777) + return os.MkdirAll(dir, 0755) } return nil } diff --git a/vendor/github.com/bitrise-io/go-xcode/LICENSE b/vendor/github.com/bitrise-io/go-xcode/LICENSE new file mode 100644 index 0000000..cdfcf1f --- /dev/null +++ b/vendor/github.com/bitrise-io/go-xcode/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Bitrise + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/bitrise-io/go-xcode/certificateutil/info_model.go b/vendor/github.com/bitrise-io/go-xcode/certificateutil/info_model.go index 226b63f..0a0a834 100644 --- a/vendor/github.com/bitrise-io/go-xcode/certificateutil/info_model.go +++ b/vendor/github.com/bitrise-io/go-xcode/certificateutil/info_model.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "github.com/bitrise-io/pkcs12" + "github.com/bitrise-io/go-pkcs12" ) // CertificateInfoModel ... diff --git a/vendor/github.com/bitrise-io/go-xcode/certificateutil/util.go b/vendor/github.com/bitrise-io/go-xcode/certificateutil/util.go index e53e734..bde9969 100644 --- a/vendor/github.com/bitrise-io/go-xcode/certificateutil/util.go +++ b/vendor/github.com/bitrise-io/go-xcode/certificateutil/util.go @@ -10,7 +10,7 @@ import ( "github.com/bitrise-io/go-utils/command" "github.com/bitrise-io/go-utils/fileutil" - "github.com/bitrise-io/pkcs12" + "github.com/bitrise-io/go-pkcs12" "github.com/pkg/errors" ) @@ -21,7 +21,7 @@ func commandError(printableCmd string, cmdOut string, cmdErr error) error { // CertificatesFromPKCS12Content returns an array of CertificateInfoModel // Used to parse p12 file containing multiple codesign identities (exported from macOS Keychain) func CertificatesFromPKCS12Content(content []byte, password string) ([]CertificateInfoModel, error) { - certificates, privateKeys, err := pkcs12.DecodeAll(content, password) + privateKeys, certificates, err := pkcs12.DecodeAll(content, password) if err != nil { return nil, err } diff --git a/vendor/github.com/bitrise-io/go-xcode/profileutil/capabilities.go b/vendor/github.com/bitrise-io/go-xcode/profileutil/capabilities.go index 7bc709b..3e5b850 100644 --- a/vendor/github.com/bitrise-io/go-xcode/profileutil/capabilities.go +++ b/vendor/github.com/bitrise-io/go-xcode/profileutil/capabilities.go @@ -1,6 +1,7 @@ package profileutil import ( + "github.com/bitrise-io/go-utils/log" "github.com/bitrise-io/go-xcode/plistutil" ) @@ -19,6 +20,8 @@ func MatchTargetAndProfileEntitlements(targetEntitlements plistutil.PlistData, p } } + log.Debugf("Found %v entitlements from %v target", len(missingEntitlements), len(targetEntitlements)) + return missingEntitlements } diff --git a/vendor/github.com/bitrise-io/go-xcode/profileutil/info_model.go b/vendor/github.com/bitrise-io/go-xcode/profileutil/info_model.go index 47149d0..22c4758 100644 --- a/vendor/github.com/bitrise-io/go-xcode/profileutil/info_model.go +++ b/vendor/github.com/bitrise-io/go-xcode/profileutil/info_model.go @@ -33,6 +33,19 @@ type ProvisioningProfileInfoModel struct { Type ProfileType } +func collectCapabilitesPrintableInfo(entitlements plistutil.PlistData) map[string]interface{} { + capabilities := map[string]interface{}{} + + for key, value := range entitlements { + if KnownProfileCapabilitiesMap[ProfileTypeIos][key] || + KnownProfileCapabilitiesMap[ProfileTypeMacOs][key] { + capabilities[key] = value + } + } + + return capabilities +} + // PrintableProvisioningProfileInfo ... func (info ProvisioningProfileInfoModel) String(installedCertificates ...certificateutil.CertificateInfoModel) string { printable := map[string]interface{}{} @@ -40,8 +53,11 @@ func (info ProvisioningProfileInfoModel) String(installedCertificates ...certifi printable["export_type"] = string(info.ExportType) printable["team"] = fmt.Sprintf("%s (%s)", info.TeamName, info.TeamID) printable["bundle_id"] = info.BundleID - printable["expire"] = info.ExpirationDate.String() + printable["expiry"] = info.ExpirationDate.String() printable["is_xcode_managed"] = info.IsXcodeManaged() + + printable["capabilities"] = collectCapabilitesPrintableInfo(info.Entitlements) + if info.ProvisionedDevices != nil { printable["devices"] = info.ProvisionedDevices } @@ -60,6 +76,7 @@ func (info ProvisioningProfileInfoModel) String(installedCertificates ...certifi if installedCertificates != nil && !info.HasInstalledCertificate(installedCertificates) { errors = append(errors, "none of the profile's certificates are installed") } + if err := info.CheckValidity(); err != nil { errors = append(errors, err.Error()) } diff --git a/vendor/github.com/bitrise-io/go-xcode/xcarchive/entitlements.go b/vendor/github.com/bitrise-io/go-xcode/xcarchive/entitlements.go index 806aefa..7908e5c 100644 --- a/vendor/github.com/bitrise-io/go-xcode/xcarchive/entitlements.go +++ b/vendor/github.com/bitrise-io/go-xcode/xcarchive/entitlements.go @@ -1,6 +1,7 @@ package xcarchive import ( + "fmt" "path/filepath" "github.com/bitrise-io/go-utils/command" @@ -28,6 +29,8 @@ func getEntitlements(basePath, executableRelativePath string) (plistutil.PlistDa } func entitlementsFromExecutable(basePath, executableRelativePath string) (*plistutil.PlistData, error) { + fmt.Printf("Fetching entitlements from executable") + cmd := command.New("codesign", "--display", "--entitlements", ":-", filepath.Join(basePath, executableRelativePath)) entitlementsString, err := cmd.RunAndReturnTrimmedOutput() if err != nil { diff --git a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/build.go b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/build.go index de4291c..5f9d3b0 100644 --- a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/build.go +++ b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/build.go @@ -3,10 +3,18 @@ package xcodebuild import ( "os" "os/exec" + "path/filepath" "github.com/bitrise-io/go-utils/command" ) +const ( + // XCWorkspaceExtension ... + XCWorkspaceExtension = ".xcworkspace" + // XCProjExtension ... + XCProjExtension = ".xcodeproj" +) + /* xcodebuild [-project ] \ -scheme \ @@ -28,48 +36,32 @@ xcodebuild -workspace \ []... */ -// const ... -const ( - ArchiveAction Action = "archiveAction" - BuildAction Action = "buildAction" - AnalyzeAction Action = "analyzeAction" -) - -// Action ... -type Action string - // CommandBuilder ... type CommandBuilder struct { - projectPath string - isWorkspace bool - scheme string - configuration string - destination string - xcconfigPath string - authentication *AuthenticationParams - - // buildsetting - disableCodesign bool - - // buildaction - customBuildActions []string + actions []string // Options + projectPath string + scheme string + configuration string + destination string + xcconfigPath string + authentication *AuthenticationParams archivePath string customOptions []string sdk string resultBundlePath string + testPlan string - // Archive - action Action + // buildsetting + disableCodesign bool } // NewCommandBuilder ... -func NewCommandBuilder(projectPath string, isWorkspace bool, action Action) *CommandBuilder { +func NewCommandBuilder(projectPath string, actions ...string) *CommandBuilder { return &CommandBuilder{ projectPath: projectPath, - isWorkspace: isWorkspace, - action: action, + actions: actions, } } @@ -103,12 +95,6 @@ func (c *CommandBuilder) SetAuthentication(authenticationParams AuthenticationPa return c } -// SetCustomBuildAction ... -func (c *CommandBuilder) SetCustomBuildAction(buildAction ...string) *CommandBuilder { - c.customBuildActions = buildAction - return c -} - // SetArchivePath ... func (c *CommandBuilder) SetArchivePath(archivePath string) *CommandBuilder { c.archivePath = archivePath @@ -139,11 +125,18 @@ func (c *CommandBuilder) SetDisableCodesign(disable bool) *CommandBuilder { return c } +// SetTestPlan ... +func (c *CommandBuilder) SetTestPlan(testPlan string) *CommandBuilder { + c.testPlan = testPlan + return c +} + func (c *CommandBuilder) cmdSlice() []string { slice := []string{toolName} + slice = append(slice, c.actions...) if c.projectPath != "" { - if c.isWorkspace { + if filepath.Ext(c.projectPath) == XCWorkspaceExtension { slice = append(slice, "-workspace", c.projectPath) } else { slice = append(slice, "-project", c.projectPath) @@ -167,23 +160,8 @@ func (c *CommandBuilder) cmdSlice() []string { slice = append(slice, "-xcconfig", c.xcconfigPath) } - if c.disableCodesign { - slice = append(slice, "CODE_SIGNING_ALLOWED=NO") - } - - slice = append(slice, c.customBuildActions...) - - switch c.action { - case ArchiveAction: - slice = append(slice, "archive") - - if c.archivePath != "" { - slice = append(slice, "-archivePath", c.archivePath) - } - case BuildAction: - slice = append(slice, "build") - case AnalyzeAction: - slice = append(slice, "analyze") + if c.archivePath != "" { + slice = append(slice, "-archivePath", c.archivePath) } if c.sdk != "" { @@ -198,6 +176,14 @@ func (c *CommandBuilder) cmdSlice() []string { slice = append(slice, c.authentication.args()...) } + if c.testPlan != "" { + slice = append(slice, "-testPlan", c.testPlan) + } + + if c.disableCodesign { + slice = append(slice, "CODE_SIGNING_ALLOWED=NO") + } + slice = append(slice, c.customOptions...) return slice diff --git a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/resolve_package_deps.go b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/resolve_package_deps.go new file mode 100644 index 0000000..6e93b77 --- /dev/null +++ b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/resolve_package_deps.go @@ -0,0 +1,85 @@ +package xcodebuild + +import ( + "fmt" + "path/filepath" + + "github.com/bitrise-io/go-utils/command" + "github.com/bitrise-io/go-utils/errorutil" + "github.com/bitrise-io/go-utils/log" +) + +// ResolvePackagesCommandModel is a command builder +// used to create `xcodebuild -resolvePackageDependencies` command +type ResolvePackagesCommandModel struct { + projectPath string + scheme string + configuration string + + customOptions []string +} + +// NewResolvePackagesCommandModel returns a new ResolvePackagesCommandModel +func NewResolvePackagesCommandModel(projectPath, scheme, configuration string) *ResolvePackagesCommandModel { + return &ResolvePackagesCommandModel{ + projectPath: projectPath, + scheme: scheme, + configuration: configuration, + } +} + +// SetCustomOptions sets custom options +func (m *ResolvePackagesCommandModel) SetCustomOptions(customOptions []string) *ResolvePackagesCommandModel { + m.customOptions = customOptions + return m +} + +func (m *ResolvePackagesCommandModel) cmdSlice() []string { + slice := []string{toolName} + + if m.projectPath != "" { + if filepath.Ext(m.projectPath) == ".xcworkspace" { + slice = append(slice, "-workspace", m.projectPath) + } else { + slice = append(slice, "-project", m.projectPath) + } + } + + if m.scheme != "" { + slice = append(slice, "-scheme", m.scheme) + } + + if m.configuration != "" { + slice = append(slice, "-configuration", m.configuration) + } + + slice = append(slice, "-resolvePackageDependencies") + slice = append(slice, m.customOptions...) + + return slice +} + +// Command returns the executable command +func (m *ResolvePackagesCommandModel) command() command.Model { + cmdSlice := m.cmdSlice() + return *command.NewWithStandardOuts(cmdSlice[0], cmdSlice[1:]...) +} + +// Run runs the command and logs elapsed time +func (m *ResolvePackagesCommandModel) Run() error { + var cmd = m.command() + + log.TPrintf("Resolving package dependencies...") + + log.TDonef("$ %s", cmd.PrintableCommandArgs()) + if err := cmd.Run(); err != nil { + if errorutil.IsExitStatusError(err) { + return fmt.Errorf("failed to resolve package dependencies") + } + return fmt.Errorf("failed to run command: %s", err) + } + + log.TPrintf("Resolved package dependencies.") + + return nil +} diff --git a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/show_build_settings.go b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/show_build_settings.go index 32f256b..b548ffc 100644 --- a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/show_build_settings.go +++ b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/show_build_settings.go @@ -8,6 +8,7 @@ import ( "github.com/bitrise-io/go-utils/command" "github.com/bitrise-io/go-utils/errorutil" + "github.com/bitrise-io/go-utils/log" "github.com/bitrise-io/go-xcode/xcodeproject/serialized" ) @@ -117,14 +118,20 @@ func parseBuildSettings(out string) (serialized.Object, error) { // RunAndReturnSettings ... func (c ShowBuildSettingsCommandModel) RunAndReturnSettings() (serialized.Object, error) { - cmd := c.Command() + var cmd = c.Command() + + log.TPrintf("Reading build settings...") + + log.TDonef("$ %s", cmd.PrintableCommandArgs()) out, err := cmd.RunAndReturnTrimmedCombinedOutput() if err != nil { if errorutil.IsExitStatusError(err) { - return nil, fmt.Errorf("%s command failed: output: %s", cmd.PrintableCommandArgs(), out) + return nil, fmt.Errorf("%s command failed, output: %s", cmd.PrintableCommandArgs(), out) } return nil, fmt.Errorf("failed to run command %s: %s", cmd.PrintableCommandArgs(), err) } + log.TPrintf("Read target settings.") + return parseBuildSettings(out) } diff --git a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/test.go b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/test.go index 446933d..26f554e 100644 --- a/vendor/github.com/bitrise-io/go-xcode/xcodebuild/test.go +++ b/vendor/github.com/bitrise-io/go-xcode/xcodebuild/test.go @@ -3,6 +3,7 @@ package xcodebuild import ( "os" "os/exec" + "path/filepath" "github.com/bitrise-io/go-utils/command" ) @@ -32,9 +33,9 @@ xcodebuild -workspace \ // TestCommandModel ... type TestCommandModel struct { projectPath string - isWorkspace bool scheme string destination string + workDir string // buildsetting generateCodeCoverage bool @@ -48,10 +49,9 @@ type TestCommandModel struct { } // NewTestCommand ... -func NewTestCommand(projectPath string, isWorkspace bool) *TestCommandModel { +func NewTestCommand(projectPath string) *TestCommandModel { return &TestCommandModel{ projectPath: projectPath, - isWorkspace: isWorkspace, } } @@ -61,6 +61,12 @@ func (c *TestCommandModel) SetScheme(scheme string) *TestCommandModel { return c } +// SetDir ... +func (c *TestCommandModel) SetDir(workDir string) *TestCommandModel { + c.workDir = workDir + return c +} + // SetDestination ... func (c *TestCommandModel) SetDestination(destination string) *TestCommandModel { c.destination = destination @@ -95,9 +101,9 @@ func (c *TestCommandModel) cmdSlice() []string { slice := []string{toolName} if c.projectPath != "" { - if c.isWorkspace { + if filepath.Ext(c.projectPath) == XCWorkspaceExtension { slice = append(slice, "-workspace", c.projectPath) - } else { + } else if filepath.Ext(c.projectPath) == XCProjExtension { slice = append(slice, "-project", c.projectPath) } } @@ -134,7 +140,9 @@ func (c TestCommandModel) PrintableCmd() string { // Command ... func (c TestCommandModel) Command() *command.Model { cmdSlice := c.cmdSlice() - return command.New(cmdSlice[0], cmdSlice[1:]...) + cmd := command.New(cmdSlice[0], cmdSlice[1:]...) + cmd.SetDir(c.workDir) + return cmd } // Cmd ... diff --git a/vendor/github.com/bitrise-io/go-xcode/xcodeproject/serialized/serialized.go b/vendor/github.com/bitrise-io/go-xcode/xcodeproject/serialized/serialized.go index ce329f2..c5f542d 100644 --- a/vendor/github.com/bitrise-io/go-xcode/xcodeproject/serialized/serialized.go +++ b/vendor/github.com/bitrise-io/go-xcode/xcodeproject/serialized/serialized.go @@ -21,6 +21,21 @@ func (o Object) Value(key string) (interface{}, error) { return value, nil } +// Bool ... +func (o Object) Bool(key string) (bool, error) { + value, err := o.Value(key) + if err != nil { + return false, err + } + + casted, ok := value.(bool) + if !ok { + return false, NewTypeCastError(key, value, "bool") + } + + return casted, nil +} + // String ... func (o Object) String(key string) (string, error) { value, err := o.Value(key) diff --git a/vendor/github.com/bitrise-io/pkcs12/renovate.json b/vendor/github.com/bitrise-io/pkcs12/renovate.json deleted file mode 100644 index 7369fcf..0000000 --- a/vendor/github.com/bitrise-io/pkcs12/renovate.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "local>bitrise-io/renovate-config" - ] -} diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE new file mode 100644 index 0000000..6a66aea --- /dev/null +++ b/vendor/golang.org/x/crypto/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/crypto/PATENTS b/vendor/golang.org/x/crypto/PATENTS new file mode 100644 index 0000000..7330990 --- /dev/null +++ b/vendor/golang.org/x/crypto/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go new file mode 100644 index 0000000..904b57e --- /dev/null +++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go @@ -0,0 +1,77 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +/* +Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC +2898 / PKCS #5 v2.0. + +A key derivation function is useful when encrypting data based on a password +or any other not-fully-random data. It uses a pseudorandom function to derive +a secure encryption key based on the password. + +While v2.0 of the standard defines only one pseudorandom function to use, +HMAC-SHA1, the drafted v2.1 specification allows use of all five FIPS Approved +Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To +choose, you can pass the `New` functions from the different SHA packages to +pbkdf2.Key. +*/ +package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + +import ( + "crypto/hmac" + "hash" +) + +// Key derives a key from the password, salt and iteration count, returning a +// []byte of length keylen that can be used as cryptographic key. The key is +// derived based on the method described as PBKDF2 with the HMAC variant using +// the supplied hash function. +// +// For example, to use a HMAC-SHA-1 based PBKDF2 key derivation function, you +// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by +// doing: +// +// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New) +// +// Remember to get a good random salt. At least 8 bytes is recommended by the +// RFC. +// +// Using a higher iteration count will increase the cost of an exhaustive +// search but will also make derivation proportionally slower. +func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen + + var buf [4]byte + dk := make([]byte, 0, numBlocks*hashLen) + U := make([]byte, hashLen) + for block := 1; block <= numBlocks; block++ { + // N.B.: || means concatenation, ^ means XOR + // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter + // U_1 = PRF(password, salt || uint(i)) + prf.Reset() + prf.Write(salt) + buf[0] = byte(block >> 24) + buf[1] = byte(block >> 16) + buf[2] = byte(block >> 8) + buf[3] = byte(block) + prf.Write(buf[:4]) + dk = prf.Sum(dk) + T := dk[len(dk)-hashLen:] + copy(U, T) + + // U_n = PRF(password, U_(n-1)) + for n := 2; n <= iter; n++ { + prf.Reset() + prf.Write(U) + U = U[:0] + U = prf.Sum(U) + for x := range U { + T[x] ^= U[x] + } + } + } + return dk[:keyLen] +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 491c553..280ed6e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,8 @@ -# github.com/bitrise-io/go-utils v1.0.1 +# github.com/bitrise-io/go-pkcs12 v0.0.0-20230815095624-feb898696e02 +## explicit; go 1.19 +github.com/bitrise-io/go-pkcs12 +github.com/bitrise-io/go-pkcs12/internal/rc2 +# github.com/bitrise-io/go-utils v1.0.9 ## explicit; go 1.13 github.com/bitrise-io/go-utils/colorstring github.com/bitrise-io/go-utils/command @@ -7,8 +11,8 @@ github.com/bitrise-io/go-utils/fileutil github.com/bitrise-io/go-utils/log github.com/bitrise-io/go-utils/pathutil github.com/bitrise-io/go-utils/ziputil -# github.com/bitrise-io/go-xcode v1.0.4 -## explicit; go 1.15 +# github.com/bitrise-io/go-xcode v1.0.16 +## explicit; go 1.20 github.com/bitrise-io/go-xcode/certificateutil github.com/bitrise-io/go-xcode/export github.com/bitrise-io/go-xcode/exportoptions @@ -19,10 +23,6 @@ github.com/bitrise-io/go-xcode/utility github.com/bitrise-io/go-xcode/xcarchive github.com/bitrise-io/go-xcode/xcodebuild github.com/bitrise-io/go-xcode/xcodeproject/serialized -# github.com/bitrise-io/pkcs12 v0.0.0-20211108084543-e52728e011c8 -## explicit -github.com/bitrise-io/pkcs12 -github.com/bitrise-io/pkcs12/internal/rc2 # github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa ## explicit github.com/fullsailor/pkcs7 @@ -32,6 +32,9 @@ github.com/pkg/errors # github.com/ryanuber/go-glob v1.0.0 ## explicit github.com/ryanuber/go-glob +# golang.org/x/crypto v0.12.0 +## explicit; go 1.17 +golang.org/x/crypto/pbkdf2 # howett.net/plist v1.0.0 ## explicit; go 1.12 howett.net/plist