mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
fix(deps): update github.com/containers/image/v5 digest to aa93504
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot]
14
vendor/github.com/letsencrypt/boulder/core/challenges.go
generated
vendored
14
vendor/github.com/letsencrypt/boulder/core/challenges.go
generated
vendored
@ -10,27 +10,23 @@ func newChallenge(challengeType AcmeChallenge, token string) Challenge {
|
||||
}
|
||||
}
|
||||
|
||||
// HTTPChallenge01 constructs a random http-01 challenge. If token is empty a random token
|
||||
// will be generated, otherwise the provided token is used.
|
||||
// HTTPChallenge01 constructs a http-01 challenge.
|
||||
func HTTPChallenge01(token string) Challenge {
|
||||
return newChallenge(ChallengeTypeHTTP01, token)
|
||||
}
|
||||
|
||||
// DNSChallenge01 constructs a random dns-01 challenge. If token is empty a random token
|
||||
// will be generated, otherwise the provided token is used.
|
||||
// DNSChallenge01 constructs a dns-01 challenge.
|
||||
func DNSChallenge01(token string) Challenge {
|
||||
return newChallenge(ChallengeTypeDNS01, token)
|
||||
}
|
||||
|
||||
// TLSALPNChallenge01 constructs a random tls-alpn-01 challenge. If token is empty a random token
|
||||
// will be generated, otherwise the provided token is used.
|
||||
// TLSALPNChallenge01 constructs a tls-alpn-01 challenge.
|
||||
func TLSALPNChallenge01(token string) Challenge {
|
||||
return newChallenge(ChallengeTypeTLSALPN01, token)
|
||||
}
|
||||
|
||||
// NewChallenge constructs a random challenge of the given kind. It returns an
|
||||
// error if the challenge type is unrecognized. If token is empty a random token
|
||||
// will be generated, otherwise the provided token is used.
|
||||
// NewChallenge constructs a challenge of the given kind. It returns an
|
||||
// error if the challenge type is unrecognized.
|
||||
func NewChallenge(kind AcmeChallenge, token string) (Challenge, error) {
|
||||
switch kind {
|
||||
case ChallengeTypeHTTP01:
|
||||
|
||||
2
vendor/github.com/letsencrypt/boulder/core/interfaces.go
generated
vendored
2
vendor/github.com/letsencrypt/boulder/core/interfaces.go
generated
vendored
@ -7,7 +7,7 @@ import (
|
||||
// PolicyAuthority defines the public interface for the Boulder PA
|
||||
// TODO(#5891): Move this interface to a more appropriate location.
|
||||
type PolicyAuthority interface {
|
||||
WillingToIssueWildcards([]identifier.ACMEIdentifier) error
|
||||
WillingToIssue([]string) error
|
||||
ChallengesFor(identifier.ACMEIdentifier) ([]Challenge, error)
|
||||
ChallengeTypeEnabled(AcmeChallenge) bool
|
||||
CheckAuthz(*Authorization) error
|
||||
|
||||
27
vendor/github.com/letsencrypt/boulder/core/objects.go
generated
vendored
27
vendor/github.com/letsencrypt/boulder/core/objects.go
generated
vendored
@ -10,8 +10,8 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-jose/go-jose/v4"
|
||||
"golang.org/x/crypto/ocsp"
|
||||
"gopkg.in/go-jose/go-jose.v2"
|
||||
|
||||
"github.com/letsencrypt/boulder/identifier"
|
||||
"github.com/letsencrypt/boulder/probs"
|
||||
@ -119,7 +119,7 @@ type Registration struct {
|
||||
}
|
||||
|
||||
// ValidationRecord represents a validation attempt against a specific URL/hostname
|
||||
// and the IP addresses that were resolved and used
|
||||
// and the IP addresses that were resolved and used.
|
||||
type ValidationRecord struct {
|
||||
// SimpleHTTP only
|
||||
URL string `json:"url,omitempty"`
|
||||
@ -144,6 +144,17 @@ type ValidationRecord struct {
|
||||
// ...
|
||||
// }
|
||||
AddressesTried []net.IP `json:"addressesTried,omitempty"`
|
||||
// ResolverAddrs is the host:port of the DNS resolver(s) that fulfilled the
|
||||
// lookup for AddressUsed. During recursive A and AAAA lookups, a record may
|
||||
// instead look like A:host:port or AAAA:host:port
|
||||
ResolverAddrs []string `json:"resolverAddrs,omitempty"`
|
||||
// UsedRSAKEX is a *temporary* addition to the validation record, so we can
|
||||
// see how many servers that we reach out to during HTTP-01 and TLS-ALPN-01
|
||||
// validation are only willing to negotiate RSA key exchange mechanisms. The
|
||||
// field is not included in the serialized json to avoid cluttering the
|
||||
// database and log lines.
|
||||
// TODO(#7321): Remove this when we have collected sufficient data.
|
||||
UsedRSAKEX bool `json:"-"`
|
||||
}
|
||||
|
||||
func looksLikeKeyAuthorization(str string) error {
|
||||
@ -225,6 +236,8 @@ func (ch Challenge) RecordsSane() bool {
|
||||
switch ch.Type {
|
||||
case ChallengeTypeHTTP01:
|
||||
for _, rec := range ch.ValidationRecord {
|
||||
// TODO(#7140): Add a check for ResolverAddress == "" only after the
|
||||
// core.proto change has been deployed.
|
||||
if rec.URL == "" || rec.Hostname == "" || rec.Port == "" || rec.AddressUsed == nil ||
|
||||
len(rec.AddressesResolved) == 0 {
|
||||
return false
|
||||
@ -237,6 +250,8 @@ func (ch Challenge) RecordsSane() bool {
|
||||
if ch.ValidationRecord[0].URL != "" {
|
||||
return false
|
||||
}
|
||||
// TODO(#7140): Add a check for ResolverAddress == "" only after the
|
||||
// core.proto change has been deployed.
|
||||
if ch.ValidationRecord[0].Hostname == "" || ch.ValidationRecord[0].Port == "" ||
|
||||
ch.ValidationRecord[0].AddressUsed == nil || len(ch.ValidationRecord[0].AddressesResolved) == 0 {
|
||||
return false
|
||||
@ -245,6 +260,8 @@ func (ch Challenge) RecordsSane() bool {
|
||||
if len(ch.ValidationRecord) > 1 {
|
||||
return false
|
||||
}
|
||||
// TODO(#7140): Add a check for ResolverAddress == "" only after the
|
||||
// core.proto change has been deployed.
|
||||
if ch.ValidationRecord[0].Hostname == "" {
|
||||
return false
|
||||
}
|
||||
@ -483,6 +500,12 @@ type SuggestedWindow struct {
|
||||
End time.Time `json:"end"`
|
||||
}
|
||||
|
||||
// IsWithin returns true if the given time is within the suggested window,
|
||||
// inclusive of the start time and exclusive of the end time.
|
||||
func (window SuggestedWindow) IsWithin(now time.Time) bool {
|
||||
return !now.Before(window.Start) && now.Before(window.End)
|
||||
}
|
||||
|
||||
// RenewalInfo is a type which is exposed to clients which query the renewalInfo
|
||||
// endpoint specified in draft-aaron-ari.
|
||||
type RenewalInfo struct {
|
||||
|
||||
80
vendor/github.com/letsencrypt/boulder/core/util.go
generated
vendored
80
vendor/github.com/letsencrypt/boulder/core/util.go
generated
vendored
@ -25,7 +25,9 @@ import (
|
||||
"time"
|
||||
"unicode"
|
||||
|
||||
"gopkg.in/go-jose/go-jose.v2"
|
||||
"github.com/go-jose/go-jose/v4"
|
||||
"google.golang.org/protobuf/types/known/durationpb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
)
|
||||
|
||||
const Unspecified = "Unspecified"
|
||||
@ -92,8 +94,7 @@ func Fingerprint256(data []byte) string {
|
||||
|
||||
type Sha256Digest [sha256.Size]byte
|
||||
|
||||
// KeyDigest produces a Base64-encoded SHA256 digest of a
|
||||
// provided public key.
|
||||
// KeyDigest produces the SHA256 digest of a provided public key.
|
||||
func KeyDigest(key crypto.PublicKey) (Sha256Digest, error) {
|
||||
switch t := key.(type) {
|
||||
case *jose.JSONWebKey:
|
||||
@ -212,10 +213,83 @@ func IsAnyNilOrZero(vals ...interface{}) bool {
|
||||
switch v := val.(type) {
|
||||
case nil:
|
||||
return true
|
||||
case bool:
|
||||
if !v {
|
||||
return true
|
||||
}
|
||||
case string:
|
||||
if v == "" {
|
||||
return true
|
||||
}
|
||||
case []string:
|
||||
if len(v) == 0 {
|
||||
return true
|
||||
}
|
||||
case byte:
|
||||
// Byte is an alias for uint8 and will cover that case.
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case []byte:
|
||||
if len(v) == 0 {
|
||||
return true
|
||||
}
|
||||
case int:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case int8:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case int16:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case int32:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case int64:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case uint:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case uint16:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case uint32:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case uint64:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case float32:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case float64:
|
||||
if v == 0 {
|
||||
return true
|
||||
}
|
||||
case time.Time:
|
||||
if v.IsZero() {
|
||||
return true
|
||||
}
|
||||
case *timestamppb.Timestamp:
|
||||
if v == nil || v.AsTime().IsZero() {
|
||||
return true
|
||||
}
|
||||
case *durationpb.Duration:
|
||||
if v == nil || v.AsDuration() == time.Duration(0) {
|
||||
return true
|
||||
}
|
||||
default:
|
||||
if reflect.ValueOf(v).IsZero() {
|
||||
return true
|
||||
|
||||
6
vendor/github.com/letsencrypt/boulder/probs/probs.go
generated
vendored
6
vendor/github.com/letsencrypt/boulder/probs/probs.go
generated
vendored
@ -20,6 +20,8 @@ const (
|
||||
BadRevocationReasonProblem = ProblemType("badRevocationReason")
|
||||
BadSignatureAlgorithmProblem = ProblemType("badSignatureAlgorithm")
|
||||
CAAProblem = ProblemType("caa")
|
||||
// ConflictProblem is a problem type that is not defined in RFC8555.
|
||||
ConflictProblem = ProblemType("conflict")
|
||||
ConnectionProblem = ProblemType("connection")
|
||||
DNSProblem = ProblemType("dns")
|
||||
InvalidContactProblem = ProblemType("invalidContact")
|
||||
@ -290,11 +292,11 @@ func Canceled(detail string, a ...any) *ProblemDetails {
|
||||
}
|
||||
}
|
||||
|
||||
// Conflict returns a ProblemDetails with a MalformedProblem and a 409 Conflict
|
||||
// Conflict returns a ProblemDetails with a ConflictProblem and a 409 Conflict
|
||||
// status code.
|
||||
func Conflict(detail string) *ProblemDetails {
|
||||
return &ProblemDetails{
|
||||
Type: MalformedProblem,
|
||||
Type: ConflictProblem,
|
||||
Detail: detail,
|
||||
HTTPStatus: http.StatusConflict,
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user