Additional Go 1.10 fixes

Author: cbroglie

bundler/bundler.go

@@ -63,12 +63,36 @@ type Bundler struct {
 	RootPool         *x509.CertPool
 	IntermediatePool *x509.CertPool
 	KnownIssuers     map[string]bool
+	opts             options
+}
+
+type options struct {
+	keyUsages []x509.ExtKeyUsage
+}
+
+var defaultOptions = options{
+	keyUsages: []x509.ExtKeyUsage{
+		x509.ExtKeyUsageServerAuth,
+		x509.ExtKeyUsageClientAuth,
+		x509.ExtKeyUsageMicrosoftServerGatedCrypto,
+		x509.ExtKeyUsageNetscapeServerGatedCrypto,
+	},
+}
+
+// An Option sets options such as allowed key usages, etc.
+type Option func(*options)
+
+// WithKeyUsages lets you set which Extended Key Usage values are acceptable.
+func WithKeyUsages(usages ...x509.ExtKeyUsage) Option {
+	return func(o *options) {
+		o.keyUsages = usages
+	}
 }
 
 // NewBundler creates a new Bundler from the files passed in; these
 // files should contain a list of valid root certificates and a list
 // of valid intermediate certificates, respectively.
-func NewBundler(caBundleFile, intBundleFile string) (*Bundler, error) {
+func NewBundler(caBundleFile, intBundleFile string, opt ...Option) (*Bundler, error) {
 	var caBundle, intBundle []byte
 	var err error
 
@@ -103,14 +127,19 @@ func NewBundler(caBundleFile, intBundleFile string) (*Bundler, error) {
 		}
 	}
 
-	return NewBundlerFromPEM(caBundle, intBundle)
+	return NewBundlerFromPEM(caBundle, intBundle, opt...)
 
 }
 
 // NewBundlerFromPEM creates a new Bundler from PEM-encoded root certificates and
 // intermediate certificates.
 // If caBundlePEM is nil, the resulting Bundler can only do "Force" bundle.
-func NewBundlerFromPEM(caBundlePEM, intBundlePEM []byte) (*Bundler, error) {
+func NewBundlerFromPEM(caBundlePEM, intBundlePEM []byte, opt ...Option) (*Bundler, error) {
+	opts := defaultOptions
+	for _, o := range opt {
+		o(&opts)
+	}
+
 	log.Debug("parsing root certificates from PEM")
 	roots, err := helpers.ParseCertificatesPEM(caBundlePEM)
 	if err != nil {
@@ -128,6 +157,7 @@ func NewBundlerFromPEM(caBundlePEM, intBundlePEM []byte) (*Bundler, error) {
 	b := &Bundler{
 		KnownIssuers:     map[string]bool{},
 		IntermediatePool: x509.NewCertPool(),
+		opts:             opts,
 	}
 
 	log.Debug("building certificate pools")
@@ -159,12 +189,7 @@ func (b *Bundler) VerifyOptions() x509.VerifyOptions {
 	return x509.VerifyOptions{
 		Roots:         b.RootPool,
 		Intermediates: b.IntermediatePool,
-		KeyUsages: []x509.ExtKeyUsage{
-			x509.ExtKeyUsageServerAuth,
-			x509.ExtKeyUsageClientAuth,
-			x509.ExtKeyUsageMicrosoftServerGatedCrypto,
-			x509.ExtKeyUsageNetscapeServerGatedCrypto,
-		},
+		KeyUsages:     b.opts.keyUsages,
 	}
 }
 

bundler/bundler_test.go

@@ -912,7 +912,11 @@ func TestBundlerWithEmptyRootInfo(t *testing.T) {
 }
 
 func TestBundlerClientAuth(t *testing.T) {
-	b, err := NewBundler("testdata/client-auth/root.pem", "testdata/client-auth/int.pem")
+	b, err := NewBundler(
+		"testdata/client-auth/root.pem",
+		"testdata/client-auth/int.pem",
+		WithKeyUsages(x509.ExtKeyUsageClientAuth),
+	)
 	if err != nil {
 		t.Fatal(err)
 	}

helpers/testsuite/testing_helpers_test.go

@@ -214,7 +214,7 @@ func TestCreateCertificateChain(t *testing.T) {
 		org := randomElement(orgGrabBag)
 		orgUnit := randomElement(orgUnitGrabBag)
 
-		requests[i].CN = cn + "." + tld
+		requests[i].CN = cn + tld
 		requests[i].Names = []csr.Name{
 			{C: country,
 				ST: state,

ocsp/responder.go

@@ -13,17 +13,18 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"regexp"
+	"time"
+
 	"github.com/cloudflare/cfssl/certdb"
 	"github.com/cloudflare/cfssl/certdb/dbconf"
 	"github.com/cloudflare/cfssl/certdb/sql"
 	"github.com/cloudflare/cfssl/log"
 	"github.com/jmhodges/clock"
 	"golang.org/x/crypto/ocsp"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"regexp"
-	"time"
 )
 
 var (
@@ -186,7 +187,7 @@ type Responder struct {
 func NewResponder(source Source) *Responder {
 	return &Responder{
 		Source: source,
-		clk:    clock.Default(),
+		clk:    clock.New(),
 	}
 }