diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ac612983..99a49ebe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -76,6 +76,7 @@ jobs: run: | echo '127.0.0.1 oidc.provider.example.com' | sudo tee -a /etc/hosts echo '127.0.0.1 auth.trustbloc.local' | sudo tee -a /etc/hosts + echo '127.0.0.1 testnet.orb.local' | sudo tee -a /etc/hosts make bdd-test Publish: diff --git a/README.md b/README.md index 902cf100..13bc28f6 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ $ ./build/bin/kms-server start --host localhost:8076 --database-type mongodb --d | --secret-lock-aws-key-uri | KMS_SECRET_LOCK_AWS_KEY_URI | The URI of AWS key to be used by server secret lock if the secret lock type is "aws". | | --secret-lock-aws-access-key | KMS_SECRET_LOCK_AWS_ACCESS_KEY | The AWS access key ID to be used by server secret lock if the secret lock type is "aws". | | --secret-lock-aws-secret-key | KMS_SECRET_LOCK_AWS_SECRET_KEY | The AWS secret access key to be used by server secret lock if the secret lock type is "aws". | -| --auth-server-url | KMS_AUTH_SERVER_URL | The URL of Auth server to use for fetching secret share for Shamir secret lock. | +| --auth-server-url | KMS_AUTH_SERVER_URL | The URL of Auth server. | | --auth-server-token | KMS_AUTH_SERVER_TOKEN | A static token used to protect the GET /secrets API in Auth server. | | --secret-lock-aws-endpoint | KMS_SECRET_LOCK_AWS_ENDPOINT | The endpoint of AWS KMS service. Should be set only in a test environment. | | --tls-cacerts | KMS_TLS_CACERTS | Comma-separated list of CA certs path. | @@ -67,7 +67,7 @@ $ ./build/bin/kms-server start --host localhost:8076 --database-type mongodb --d | --shamir-secret-cache-ttl | KMS_SHAMIR_SECRET_CACHE_TTL | An optional value for Shamir secrets cache TTL. Defaults to 10m if caching is enabled. If set to 0, keys are never cached. | | --kms-cache-ttl | KMS_KMS_CACHE_TTL | An optional value for cache TTL for keys stored in server kms. Defaults to 10m if caching is enabled. If set to 0, keys are never cached. | | --enable-cors | KMS_CORS_ENABLE | Enables CORS. Possible values: [true] [false]. Defaults to false. | -| --enable-zcap | KMS_ZCAP_ENABLE | Enables ZCAPs authorization. Possible values: [true] [false]. Defaults to false. | +| --disable-auth | KMS_AUTH_DISABLE | Disables authorization. Possible values: [true] [false]. Defaults to false. | | --log-level | KMS_LOG_LEVEL | Logging level. Supported options: critical, error, warning, info, debug. Defaults to info. | ## Running tests diff --git a/cmd/kms-server/go.mod b/cmd/kms-server/go.mod index 00f01d42..c30398e7 100644 --- a/cmd/kms-server/go.mod +++ b/cmd/kms-server/go.mod @@ -17,14 +17,17 @@ require ( github.com/hyperledger/aries-framework-go-ext/component/storage/mongodb v0.0.0-20220330151152-6bbd64bde42e github.com/hyperledger/aries-framework-go-ext/component/vdr/orb v1.0.0-rc.1 github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220516154446-0ba34929e05b - github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b + github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b github.com/lafriks/go-shamir v1.1.0 github.com/ory/dockertest/v3 v3.8.1 github.com/piprate/json-gold v0.4.1 github.com/prometheus/client_golang v1.11.0 github.com/rs/cors v1.8.2 github.com/spf13/cobra v1.3.0 - github.com/stretchr/testify v1.7.0 + github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 + github.com/stretchr/testify v1.7.1 + github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1 + github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 github.com/trustbloc/edge-core v0.1.8 github.com/trustbloc/kms v0.1.8 ) @@ -33,14 +36,18 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Microsoft/go-winio v0.5.1 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect + github.com/PuerkitoBio/purell v1.1.1 // indirect + github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/VictoriaMetrics/fastcache v1.5.7 // indirect + github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bluele/gcache v0.0.2 // indirect - github.com/btcsuite/btcd v0.22.0-beta // indirect + github.com/btcsuite/btcd v0.22.1 // indirect github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe // indirect + github.com/coreos/go-oidc/v3 v3.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/cli v20.10.11+incompatible // indirect github.com/docker/docker v20.10.7+incompatible // indirect @@ -51,6 +58,16 @@ require ( github.com/fxamacker/cbor/v2 v2.3.0 // indirect github.com/go-kivik/couchdb/v3 v3.2.6 // indirect github.com/go-kivik/kivik/v3 v3.2.3 // indirect + github.com/go-openapi/analysis v0.20.0 // indirect + github.com/go-openapi/errors v0.20.1 // indirect + github.com/go-openapi/jsonpointer v0.19.5 // indirect + github.com/go-openapi/jsonreference v0.19.5 // indirect + github.com/go-openapi/loads v0.20.2 // indirect + github.com/go-openapi/runtime v0.19.31 // indirect + github.com/go-openapi/spec v0.20.3 // indirect + github.com/go-openapi/strfmt v0.20.2 // indirect + github.com/go-openapi/swag v0.19.15 // indirect + github.com/go-openapi/validate v0.20.2 // indirect github.com/go-stack/stack v1.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect @@ -68,8 +85,10 @@ require ( github.com/ipfs/go-cid v0.0.7 // indirect github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69 // indirect github.com/klauspost/compress v1.13.6 // indirect + github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect github.com/minio/sha256-simd v0.1.1 // indirect @@ -81,10 +100,12 @@ require ( github.com/multiformats/go-multibase v0.0.3 // indirect github.com/multiformats/go-multihash v0.0.14 // indirect github.com/multiformats/go-varint v0.0.6 // indirect + github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.2 // indirect github.com/opencontainers/runc v1.0.2 // indirect - github.com/opentracing/opentracing-go v1.1.0 // indirect + github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/ory/hydra-client-go v1.10.6 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect @@ -95,7 +116,6 @@ require ( github.com/sirupsen/logrus v1.8.1 // indirect github.com/spaolacci/murmur3 v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 // indirect github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 // indirect github.com/trustbloc/orb v1.0.0-rc.1 // indirect github.com/trustbloc/sidetree-core-go v1.0.0-rc.1 // indirect @@ -109,15 +129,18 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect go.mongodb.org/mongo-driver v1.8.0 // indirect - golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce // indirect + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect + golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf // indirect google.golang.org/grpc v1.44.0 // indirect google.golang.org/protobuf v1.27.1 // indirect + gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) diff --git a/cmd/kms-server/go.sum b/cmd/kms-server/go.sum index c7beaec9..5eb0bab9 100644 --- a/cmd/kms-server/go.sum +++ b/cmd/kms-server/go.sum @@ -139,6 +139,11 @@ github.com/PaesslerAG/gval v1.1.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= +github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/SAP/go-hdb v0.14.1/go.mod h1:7fdQLVC2lER3urZLjZCm0AuMQfApof92n3aylBPEkMo= github.com/Sectorbob/mlab-ns2 v0.0.0-20171030222938-d3aa0c295a8a/go.mod h1:D73UAuEPckrDorYZdtlCu2ySOLuPB5W4rhIkmmc/XbI= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -155,6 +160,7 @@ github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/ github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -167,6 +173,7 @@ github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f/go.mod github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= +github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= @@ -193,6 +200,11 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg= +github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aslakhellesoy/gox v1.0.100/go.mod h1:AJl542QsKKG96COVsv0N74HHzVQgDIQPceVUh1aeU2M= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= @@ -204,6 +216,7 @@ github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.35.1/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.35.7/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.36.29/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= @@ -231,8 +244,11 @@ github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx2 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/briankassouf/jose v0.9.2-0.20180619214549-d2569464773f/go.mod h1:HQhVmdUf7dBNwIIdBTivnCDxcf6IZY3/zrb+uKSJz6Y= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= -github.com/btcsuite/btcd v0.22.0-beta h1:LTDpDKUM5EeOFBPM8IXpinEcmZ6FWfNZbE3lfrfdnWo= github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA= +github.com/btcsuite/btcd v0.22.1 h1:CnwP9LM/M9xuRrGSCGeMVs9iv09uMqwsVX7EeIpgV2c= +github.com/btcsuite/btcd v0.22.1/go.mod h1:wqgTSL29+50LRkmOVknEdmt8ZojIzhuWvgu/iptuN7Y= +github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U= +github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc= github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= github.com/btcsuite/btcutil v1.0.1/go.mod h1:j9HUFwoQRsZL3V4n+qG+CUnEGHOarIxfC3Le2Yhbcts= @@ -317,7 +333,10 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.0.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw= +github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -433,6 +452,8 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi/v5 v5.0.4/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= @@ -462,6 +483,99 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= +github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= +github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= +github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= +github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= +github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= +github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= +github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ= +github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk= +github.com/go-openapi/analysis v0.20.0 h1:UN09o0kNhleunxW7LR+KnltD0YrJ8FF03pSqvAN3Vro= +github.com/go-openapi/analysis v0.20.0/go.mod h1:BMchjvaHDykmRMsK40iPtvyOfFdMMxlOmQr9FBZk+Og= +github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= +github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= +github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= +github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= +github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.1 h1:j23mMDtRxMwIobkpId7sWh7Ddcx4ivaoqUbfXx5P+a8= +github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= +github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= +github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= +github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= +github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= +github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= +github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= +github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM= +github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= +github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= +github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= +github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= +github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= +github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI= +github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY= +github.com/go-openapi/loads v0.19.6/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= +github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= +github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4= +github.com/go-openapi/loads v0.20.2 h1:z5p5Xf5wujMxS1y8aP+vxwW5qYT2zdJBbXKmQUG3lcc= +github.com/go-openapi/loads v0.20.2/go.mod h1:hTVUotJ+UonAMMZsvakEgmWKgtulweO9vYP2bQYKA/o= +github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= +github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= +github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= +github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= +github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98= +github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= +github.com/go-openapi/runtime v0.19.31 h1:GX+MgBxN12s/tQiHNJpvHDIoZiEXAz6j6Rqg0oJcnpg= +github.com/go-openapi/runtime v0.19.31/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M= +github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= +github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= +github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= +github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= +github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= +github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= +github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= +github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= +github.com/go-openapi/spec v0.20.1/go.mod h1:93x7oh+d+FQsmsieroS4cmR3u0p/ywH649a3qwC9OsQ= +github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ= +github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg= +github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= +github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= +github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= +github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= +github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= +github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= +github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= +github.com/go-openapi/strfmt v0.19.11/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= +github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= +github.com/go-openapi/strfmt v0.20.2 h1:6XZL+fF4VZYFxKQGLAUB358hOrRh/wS51uWEtlONADE= +github.com/go-openapi/strfmt v0.20.2/go.mod h1:43urheQI9dNtE5lTZQfuFJvjYJKPrxicATpEfZwHUNk= +github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= +github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= +github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= +github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= +github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= +github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= +github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= +github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= +github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= +github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8= +github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0waH08tGe6kAQ4= +github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= +github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= +github.com/go-openapi/validate v0.20.2 h1:AhqDegYV3J3iQkMPJSXkvzymHKMTw0BST3RK3hTT4ts= +github.com/go-openapi/validate v0.20.2/go.mod h1:e7OJoKNgd0twXZwIn0A43tHbvIcr/rZIVCbJBpTUoY0= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -476,6 +590,30 @@ github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0= +github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= +github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= +github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= +github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= +github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= +github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= +github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= +github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= +github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= +github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= +github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= +github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= +github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= +github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= +github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= +github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= +github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= +github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= +github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= +github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= @@ -631,6 +769,7 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -845,10 +984,9 @@ github.com/hyperledger/aries-framework-go/spi v0.0.0-20220217153004-1622c70e5767 github.com/hyperledger/aries-framework-go/spi v0.0.0-20220308060532-714cd5c18552/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220324201531-18c87667df19/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330133350-1c2d9d65aea4/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330140627-07042d78580c/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b h1:FKKAVz3KHByOxGyy6akY1T8RHlDuYPXiq+OeZB0NL8Q= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b h1:LedxlWFewGn/z2w5ahGc9Opt9x6mbgvLBM2KCDRI9kU= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210324232048-34ff560ed041/go.mod h1:eKGEEe+PJNDQo7kVif3sUKBWwnsQDkE3gD/QlpmukcQ= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210409151411-eeeb8508bd87/go.mod h1:JHzDtgJLd0134iLFXLxGBjJF+Z+TgiElA/5oVgMazts= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210421203733-b5dfd703a8fc/go.mod h1:asiCVCtH/nocWKhZRMz12aFgdUh8lRHqKis0M8Ei/4I= @@ -957,6 +1095,8 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -977,6 +1117,8 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= +github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e h1:Eh/0JuXDdcBHc39j4tFXKTy/AKiK7IQkGJXQxyryXiU= github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e/go.mod h1:dz00yqWNWlKa9ff7RJzpnHPAPUazsid3yhVzXcsok94= github.com/kelseyhightower/envconfig v1.3.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= @@ -992,6 +1134,7 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.10.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= @@ -1003,8 +1146,10 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -1042,6 +1187,15 @@ github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0Q github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= +github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= +github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= +github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/martini-contrib/render v0.0.0-20150707142108-ec18f8345a11/go.mod h1:Ah2dBMoxZEqk118as2T4u4fjfXarE0pPnMJaArZQZsI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= @@ -1102,6 +1256,7 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -1159,7 +1314,6 @@ github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxzi github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= @@ -1202,8 +1356,9 @@ github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xA github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= +github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= @@ -1218,6 +1373,8 @@ github.com/ory/dockertest/v3 v3.6.3/go.mod h1:EFLcVUOl8qCwp9NyDAcCDtq/QviLtYswW/ github.com/ory/dockertest/v3 v3.7.0/go.mod h1:PvCCgnP7AfBZeVrzwiUTjZx/IUXlGLC1zQlUQrLIlUE= github.com/ory/dockertest/v3 v3.8.1 h1:vU/8d1We4qIad2YM0kOwRVtnyue7ExvacPiw1yDm17g= github.com/ory/dockertest/v3 v3.8.1/go.mod h1:wSRQ3wmkz+uSARYMk7kVJFDBGm8x5gSxIhI7NDc+BAQ= +github.com/ory/hydra-client-go v1.10.6 h1:w+uPgePbmztyLzwxWxOF89E/AG6wZuWTteHILn57BoQ= +github.com/ory/hydra-client-go v1.10.6/go.mod h1:HK2SkwXHKFC2TxHd+Ll9Xq2kJIYTQf2JTkqiC+sKcuA= github.com/otiai10/copy v1.0.2/go.mod h1:c7RpqBkwMom4bYTSkLSym4VSJz/XtncWRAj/J4PEIMY= github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= @@ -1236,6 +1393,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTK github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= +github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= @@ -1315,6 +1474,8 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqn github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.2 h1:KCooALfAYGs415Cwu5ABvv9n9509fSiG5SQJn/AQo4U= @@ -1351,6 +1512,7 @@ github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhr github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= @@ -1416,8 +1578,9 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tencentcloud/tencentcloud-sdk-go v3.0.171+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4= @@ -1443,6 +1606,11 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/transparency-dev/merkle v0.0.0-20220208131541-728dc2de1344/go.mod h1:B8FIw5LTq6DaULoHsVFRzYIUDkl8yuSwCdZnOZGKL/A= +github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1 h1:i69SajbXTDCL3Aaxkq8HZ2mtD+QW3amhaGCBRLjOkHI= +github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1/go.mod h1:FcKbsDtehwj5bQHhmufjy/8oAvzVNBLAicgFMwLe2AM= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220518152301-fe6ea3ada1af/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 h1:XzE9MktZsZyDvWUUY+vMctgmpvIwacPNdCBlfLWuPaA= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= github.com/trustbloc/edge-core v0.1.7/go.mod h1:nQnH3CcEHTRXsWZe/vgj+J0JxxjwFK9IvY3u0Sr/2XY= github.com/trustbloc/edge-core v0.1.8 h1:m4X5XNDwiHJjGf8gHnpo6aLkBYuqDyNRq+npjxLc5cY= github.com/trustbloc/edge-core v0.1.8/go.mod h1:gfoyG/xquRXyHkww0ldM2jwOTuKKZpHYn+87f+TBQ8M= @@ -1462,6 +1630,7 @@ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijb github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/valyala/fastjson v1.6.3/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= +github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/whyrusleeping/tar-utils v0.0.0-20180509141711-8c6c8ba81d5c h1:GGsyl0dZ2jJgVT+VvWBf/cNijrHRhkrTjkmp5wg7li0= @@ -1477,6 +1646,7 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+ github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= +github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -1521,7 +1691,15 @@ go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Ox go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= +go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= +go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.2.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= +go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= +go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= +go.mongodb.org/mongo-driver v1.4.3/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= +go.mongodb.org/mongo-driver v1.4.4/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= +go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= +go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw= go.mongodb.org/mongo-driver v1.8.0 h1:R/P/JJzu8LJvJ1lDfph9GLNIKQxEtIHFfnUUUve35zY= go.mongodb.org/mongo-driver v1.8.0/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= @@ -1564,14 +1742,18 @@ golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= +golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1593,8 +1775,9 @@ golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI= golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1638,6 +1821,7 @@ golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1649,6 +1833,7 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1660,6 +1845,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191003171128-d98b1b443823/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1674,6 +1860,7 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200519113804-d87ec0cfa476/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -1723,6 +1910,7 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1753,16 +1941,20 @@ golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190302025703-b6889370fb10/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1845,10 +2037,10 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1875,11 +2067,15 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181219222714-6e267b5cc78e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= @@ -1887,6 +2083,8 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= @@ -2014,6 +2212,7 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -2165,8 +2364,9 @@ gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUy gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -2187,6 +2387,7 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.3.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= @@ -2205,6 +2406,8 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= diff --git a/cmd/kms-server/startcmd/params.go b/cmd/kms-server/startcmd/params.go index 4db01bca..1ff339ac 100644 --- a/cmd/kms-server/startcmd/params.go +++ b/cmd/kms-server/startcmd/params.go @@ -80,8 +80,7 @@ const ( authServerURLEnvKey = "KMS_AUTH_SERVER_URL" authServerURLFlagName = "auth-server-url" - authServerURLFlagUsage = "The URL of Auth server to use for fetching secret share for shamir secret lock. " + - "If not specified secret lock based on key is used. " + commonEnvVarUsageText + authServerURLEnvKey + authServerURLFlagUsage = "The URL of Auth server. " + commonEnvVarUsageText + authServerURLEnvKey authServerTokenEnvKey = "KMS_AUTH_SERVER_TOKEN" //nolint:gosec // not hard-coded credentials authServerTokenFlagName = "auth-server-token" //nolint:gosec // not hard-coded credentials @@ -108,10 +107,10 @@ const ( shamirSecretCacheTTLFlagUsage = "An optional value cache TTL (time to live) for keys in server kms. Defaults to 10m if " + "caching is enabled. If set to 0, keys are never cached. " + commonEnvVarUsageText + shamirSecretCacheTTLEnvKey - enableZCAPsEnvKey = "KMS_ZCAP_ENABLE" - enableZCAPsFlagName = "enable-zcap" - enableZCAPsFlagUsage = "Enables ZCAPs authorization. Possible values: [true] [false]. Defaults to false. " + - commonEnvVarUsageText + enableZCAPsEnvKey + disableAuthEnvKey = "KMS_AUTH_DISABLE" + disableAuthFlagName = "disable-auth" + disableAuthFlagUsage = "Disables authorization. Possible values: [true] [false]. Defaults to false. " + + commonEnvVarUsageText + disableAuthEnvKey enableCORSEnvKey = "KMS_CORS_ENABLE" enableCORSFlagName = "enable-cors" @@ -152,6 +151,11 @@ const ( secretLockAWSEndpointEnvKey = "KMS_SECRET_LOCK_AWS_ENDPOINT" //nolint:gosec // not hard-coded credentials secretLockAWSEndpointFlagUsage = "The endpoint of AWS KMS service. Should be set only in test environment. " + commonEnvVarUsageText + secretLockAWSEndpointEnvKey + + gnapSigningKeyPathEnvKey = "KMS_GNAP_SIGNING_KEY" + gnapSigningKeyPathFlagName = "gnap-signing-key" + gnapSigningKeyPathFlagUsage = "The path to the private key to use when signing GNAP introspection requests. " + + commonEnvVarUsageText + gnapSigningKeyPathEnvKey ) const ( @@ -175,10 +179,11 @@ type serverParameters struct { kmsCacheTTL time.Duration shamirSecretCacheTTL time.Duration enableCache bool - enableZCAPs bool + disableAuth bool enableCORS bool logLevel string secretLockParams *secretLockParameters + gnapSigningKeyPath string } type tlsParameters struct { @@ -215,7 +220,7 @@ func getParameters(cmd *cobra.Command) (*serverParameters, error) { //nolint:fun kmsCacheTTLStr := getUserSetVarOptional(cmd, kmsCacheTTLFlagName, kmsCacheTTLEnvKey) shamirSecretCacheTTLStr := getUserSetVarOptional(cmd, shamirSecretCacheTTLFlagName, shamirSecretCacheTTLEnvKey) enableCacheStr := getUserSetVarOptional(cmd, enableCacheFlagName, enableCacheEnvKey) - enableZCAPsStr := getUserSetVarOptional(cmd, enableZCAPsFlagName, enableZCAPsEnvKey) + disableAuthStr := getUserSetVarOptional(cmd, disableAuthFlagName, disableAuthEnvKey) enableCORSStr := getUserSetVarOptional(cmd, enableCORSFlagName, enableCORSEnvKey) logLevel := getUserSetVarOptional(cmd, logLevelFlagName, logLevelEnvKey) @@ -254,15 +259,14 @@ func getParameters(cmd *cobra.Command) (*serverParameters, error) { //nolint:fun } } - enableCache, err := strconv.ParseBool(enableCacheStr) if err != nil { return nil, fmt.Errorf("parse enableCache: %w", err) } - enableZCAPs, err := strconv.ParseBool(enableZCAPsStr) + disableAuth, err := strconv.ParseBool(disableAuthStr) if err != nil { - return nil, fmt.Errorf("parse enableZCAPs: %w", err) + return nil, fmt.Errorf("parse disableAuth: %w", err) } enableCORS, err := strconv.ParseBool(enableCORSStr) @@ -275,26 +279,32 @@ func getParameters(cmd *cobra.Command) (*serverParameters, error) { //nolint:fun return nil, err } + gnapSigningKeyPath, err := getUserSetVar(cmd, gnapSigningKeyPathFlagName, gnapSigningKeyPathEnvKey, true) + if err != nil { + return nil, fmt.Errorf("get GNAP signing key path: %w", err) + } + return &serverParameters{ - host: host, - metricsHost: metricsHost, - baseURL: baseURL, - tlsParams: tlsParams, - databaseType: databaseType, - databaseURL: databaseURL, - databasePrefix: databasePrefix, - databaseTimeout: databaseTimeout, - didDomain: didDomain, - authServerURL: authServerURL, - authServerToken: authServerToken, - keyStoreCacheTTL: keyStoreCacheTTL, - kmsCacheTTL: kmsCacheTTL, + host: host, + metricsHost: metricsHost, + baseURL: baseURL, + tlsParams: tlsParams, + databaseType: databaseType, + databaseURL: databaseURL, + databasePrefix: databasePrefix, + databaseTimeout: databaseTimeout, + didDomain: didDomain, + authServerURL: authServerURL, + authServerToken: authServerToken, + keyStoreCacheTTL: keyStoreCacheTTL, + kmsCacheTTL: kmsCacheTTL, shamirSecretCacheTTL: shamirSecretCacheTTL, - enableCache: enableCache, - enableZCAPs: enableZCAPs, - enableCORS: enableCORS, - logLevel: logLevel, - secretLockParams: secretLockParams, + enableCache: enableCache, + disableAuth: disableAuth, + enableCORS: enableCORS, + logLevel: logLevel, + secretLockParams: secretLockParams, + gnapSigningKeyPath: gnapSigningKeyPath, }, nil } @@ -397,7 +407,7 @@ func createFlags(startCmd *cobra.Command) { startCmd.Flags().String(kmsCacheTTLFlagName, "10m", kmsCacheTTLFlagUsage) startCmd.Flags().String(shamirSecretCacheTTLFlagName, "10m", shamirSecretCacheTTLFlagUsage) startCmd.Flags().String(enableCacheFlagName, "true", enableCacheFlagUsage) - startCmd.Flags().String(enableZCAPsFlagName, "false", enableZCAPsFlagUsage) + startCmd.Flags().String(disableAuthFlagName, "false", disableAuthFlagUsage) startCmd.Flags().String(enableCORSFlagName, "false", enableCORSFlagUsage) startCmd.Flags().String(logLevelFlagName, "info", logLevelFlagUsage) startCmd.Flags().String(secretLockTypeFlagName, "", secretLockTypeFlagUsage) @@ -406,4 +416,5 @@ func createFlags(startCmd *cobra.Command) { startCmd.Flags().String(secretLockAWSAccessKeyFlagName, "", secretLockAWSAccessKeyFlagUsage) startCmd.Flags().String(secretLockAWSSecretKeyFlagName, "", secretLockAWSSecretKeyFlagUsage) startCmd.Flags().String(secretLockAWSEndpointFlagName, "", secretLockAWSEndpointFlagUsage) + startCmd.Flags().String(gnapSigningKeyPathFlagName, "", gnapSigningKeyPathFlagUsage) } diff --git a/cmd/kms-server/startcmd/start.go b/cmd/kms-server/startcmd/start.go index b651f589..fcad976f 100644 --- a/cmd/kms-server/startcmd/start.go +++ b/cmd/kms-server/startcmd/start.go @@ -9,7 +9,10 @@ package startcmd import ( "crypto/sha256" "crypto/tls" + "crypto/x509" + "encoding/pem" "fmt" + "io/ioutil" "net/http" "strings" "time" @@ -28,6 +31,7 @@ import ( "github.com/hyperledger/aries-framework-go/component/storageutil/mem" "github.com/hyperledger/aries-framework-go/pkg/common/log" "github.com/hyperledger/aries-framework-go/pkg/crypto/tinkcrypto" + "github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk" "github.com/hyperledger/aries-framework-go/pkg/doc/ld" "github.com/hyperledger/aries-framework-go/pkg/kms" "github.com/hyperledger/aries-framework-go/pkg/kms/localkms" @@ -45,11 +49,18 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/rs/cors" "github.com/spf13/cobra" + "github.com/square/go-jose/v3" + "github.com/trustbloc/auth/component/gnap/rs" + "github.com/trustbloc/auth/spi/gnap/proof/httpsig" tlsutil "github.com/trustbloc/edge-core/pkg/utils/tls" "github.com/trustbloc/edge-core/pkg/zcapld" "github.com/trustbloc/kms/pkg/controller/command" "github.com/trustbloc/kms/pkg/controller/mw" + "github.com/trustbloc/kms/pkg/controller/mw/authmw" + "github.com/trustbloc/kms/pkg/controller/mw/authmw/gnapmw" + "github.com/trustbloc/kms/pkg/controller/mw/authmw/oauthmw" + "github.com/trustbloc/kms/pkg/controller/mw/authmw/zcapmw" "github.com/trustbloc/kms/pkg/controller/rest" kmscache "github.com/trustbloc/kms/pkg/kms/cache" "github.com/trustbloc/kms/pkg/metrics" @@ -200,7 +211,7 @@ func startServer(srv server, params *serverParameters) error { //nolint:funlen var shamirProvider shamirprovider.Provider - if params.authServerURL != "" { + if params.authServerURL != "" && params.authServerToken != "" { shamirProvider = shamirprovider.CreateProvider(&shamirprovider.ProviderConfig{ HTTPClient: httpClient, AuthServerURL: params.authServerURL, @@ -223,7 +234,7 @@ func startServer(srv server, params *serverParameters) error { //nolint:funlen ShamirSecretLockCreator: &shamirSecretLockCreator{}, CryptBoxCreator: &cryptoBoxCreator{}, ZCAPService: zcapService, - EnableZCAPs: params.enableZCAPs, + EnableZCAPs: !params.disableAuth, HeaderSigner: zcapService, TLSConfig: tlsConfig, BaseKeyStoreURL: baseKeyStoreURL, @@ -246,7 +257,7 @@ func startServer(srv server, params *serverParameters) error { //nolint:funlen router := mux.NewRouter() - zcapConfig := &mw.ZCAPConfig{ + zcapConfig := &zcapmw.ZCAPConfig{ AuthService: zcapService, JSONLDLoader: documentLoader, Logger: logger, @@ -255,13 +266,43 @@ func startServer(srv server, params *serverParameters) error { //nolint:funlen ResourceIDQueryParam: rest.KeyStoreVarName, } + var ( + privateJWK, publicJWK *jwk.JWK + gnapRSClient *rs.Client + ) + + if !params.disableAuth { + privateJWK, publicJWK, err = createGNAPSigningJWK(params.gnapSigningKeyPath) + if err != nil { + return fmt.Errorf("create gnap signing jwk: %w", err) + } + + gnapRSClient, err = rs.NewClient( + &httpsig.Signer{SigningKey: privateJWK}, + httpClient, + params.authServerURL, + ) + } + for _, h := range rest.New(cmd).GetRESTHandlers() { - var handler http.Handler - handler = h.Handle() + var handler http.Handler = h.Handler() + + if !params.disableAuth && !h.Auth().HasFlag(rest.AuthNone) { + middlewares := make([]authmw.Middleware, 0) + + if h.Auth().HasFlag(rest.AuthOAuth2) { + middlewares = append(middlewares, &oauthmw.Middleware{}) + } + + if h.Auth().HasFlag(rest.AuthZCAP) { + middlewares = append(middlewares, &zcapmw.Middleware{Config: zcapConfig, Action: h.Action()}) + } + + if h.Auth().HasFlag(rest.AuthGNAP) { + middlewares = append(middlewares, &gnapmw.Middleware{Client: gnapRSClient, RSPubKey: publicJWK}) + } - if params.enableZCAPs && h.ZCAPProtect() { - zcapMiddleware := mw.ZCAPLDMiddleware(zcapConfig, h.Action()) - handler = zcapMiddleware(handler) + handler = authmw.Wrap(middlewares...)(handler) } router.Handle(h.Path(), handler).Methods(h.Method()) @@ -483,6 +524,41 @@ func createJSONLDDocumentLoader(store storage.Provider) (jsonld.DocumentLoader, return documentLoader, nil } +func createGNAPSigningJWK(keyFilePath string) (*jwk.JWK, *jwk.JWK, error) { + b, err := ioutil.ReadFile(keyFilePath) + if err != nil { + return nil, nil, fmt.Errorf("read file: %w", err) + } + + block, _ := pem.Decode(b) + if block == nil || block.Type != "EC PRIVATE KEY" { + return nil, nil, fmt.Errorf("invalid pem") + } + + key, err := x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return nil, nil, fmt.Errorf("parse private key: %w", err) + } + + // TODO: make key type configurable + privateJWK := &jwk.JWK{ + JSONWebKey: jose.JSONWebKey{ + Key: key, + Algorithm: "ES256", + }, + Kty: "EC", + Crv: "P-256", + } + + publicJWK := &jwk.JWK{ + JSONWebKey: privateJWK.Public(), + Kty: "EC", + Crv: "P-256", + } + + return privateJWK, publicJWK, nil +} + type keyStoreCreator struct{} func (c *keyStoreCreator) Create(keyURI string, provider kms.Provider) (kms.KeyManager, error) { diff --git a/cmd/kms-server/startcmd/start_test.go b/cmd/kms-server/startcmd/start_test.go index 481467b8..136eb035 100644 --- a/cmd/kms-server/startcmd/start_test.go +++ b/cmd/kms-server/startcmd/start_test.go @@ -7,9 +7,13 @@ SPDX-License-Identifier: Apache-2.0 package startcmd //nolint:testpackage import ( + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/sha256" + "crypto/x509" "encoding/base64" + "encoding/pem" "io/ioutil" "net/http" "os" @@ -32,7 +36,10 @@ const ( logLevelDebug = "debug" ) -var secretLockKeyFile string +var ( + secretLockKeyFile string + gnapSigningKeyFile string +) type mockServer struct{} @@ -478,7 +485,6 @@ func TestStartCmdWithKMSCacheTTLParam(t *testing.T) { args = append(args, "--"+kmsCacheTTLFlagName, "0s") args = append(args, "--"+enableCacheFlagName, "true") - startCmd.SetArgs(args) err = startCmd.Execute() @@ -486,13 +492,11 @@ func TestStartCmdWithKMSCacheTTLParam(t *testing.T) { }) } - func TestStartKMSService(t *testing.T) { const invalidStorageOption = "invalid" t.Run("Success with default args", func(t *testing.T) { params := kmsServerParams(t) - params.enableZCAPs = true err := startServer(&mockServer{}, params) require.NoError(t, err) @@ -528,6 +532,7 @@ func requiredArgsWithLockType(databaseType, lockType string) []string { "--" + hostFlagName, "localhost:8080", "--" + databaseTypeFlagName, databaseType, "--" + secretLockTypeFlagName, lockType, + "--" + gnapSigningKeyPathFlagName, gnapSigningKeyFile, } if lockType == secretLockTypeLocalOption { @@ -573,6 +578,9 @@ func setEnvVars(t *testing.T) { err = os.Setenv(secretLockKeyPathEnvKey, secretLockKeyFile) require.NoError(t, err) + + err = os.Setenv(disableAuthEnvKey, "true") + require.NoError(t, err) } func unsetEnvVars(t *testing.T) { @@ -589,6 +597,9 @@ func unsetEnvVars(t *testing.T) { err = os.Unsetenv(secretLockKeyPathEnvKey) require.NoError(t, err) + + err = os.Unsetenv(disableAuthEnvKey) + require.NoError(t, err) } func checkFlagPropertiesCorrect(t *testing.T, cmd *cobra.Command, flagName, flagShorthand, flagUsage string) { @@ -607,12 +618,17 @@ func checkFlagPropertiesCorrect(t *testing.T, cmd *cobra.Command, flagName, flag } func TestMain(m *testing.M) { - file, closeFunc := createSecretLockKeyFile() - secretLockKeyFile = file + lockKeyFile, lockKeyFileClose := createSecretLockKeyFile() + secretLockKeyFile = lockKeyFile + + gnapKeyFile, gnapKeyFileClose := createGNAPSigningKeyFile() + gnapSigningKeyFile = gnapKeyFile code := m.Run() - closeFunc() + lockKeyFileClose() + gnapKeyFileClose() + os.Exit(code) } @@ -648,3 +664,41 @@ func createSecretLockKeyFile() (string, func()) { return f.Name(), closeFunc } + +func createGNAPSigningKeyFile() (string, func()) { + f, err := ioutil.TempFile("", "gnap-priv-key.pem") + if err != nil { + panic(err) + } + + closeFunc := func() { + if closeErr := f.Close(); closeErr != nil { + panic(closeErr) + } + + if removeErr := os.Remove(f.Name()); removeErr != nil { + panic(removeErr) + } + } + + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + panic(err) + } + + der, err := x509.MarshalECPrivateKey(key) + if err != nil { + panic(err) + } + + b := pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: der, + } + + if err = pem.Encode(f, &b); err != nil { + panic(err) + } + + return f.Name(), closeFunc +} diff --git a/go.mod b/go.mod index bf7cf16a..246ddde8 100644 --- a/go.mod +++ b/go.mod @@ -14,12 +14,13 @@ require ( github.com/hyperledger/aries-framework-go v0.1.8 github.com/hyperledger/aries-framework-go/component/storage/edv v0.0.0-20220330133350-1c2d9d65aea4 github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220330133350-1c2d9d65aea4 - github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330133350-1c2d9d65aea4 + github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b github.com/igor-pavlenko/httpsignatures-go v0.0.23 github.com/piprate/json-gold v0.4.1 github.com/prometheus/client_golang v1.11.0 github.com/rs/xid v1.3.0 - github.com/stretchr/testify v1.7.0 + github.com/stretchr/testify v1.7.1 + github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 github.com/trustbloc/edge-core v0.1.8 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f ) @@ -28,7 +29,7 @@ require ( github.com/VictoriaMetrics/fastcache v1.5.7 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bluele/gcache v0.0.2 // indirect - github.com/btcsuite/btcd v0.22.0-beta // indirect + github.com/btcsuite/btcd v0.22.1 // indirect github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce // indirect github.com/cenkalti/backoff/v4 v4.1.2 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect @@ -61,8 +62,8 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce // indirect - golang.org/x/sys v0.0.0-20220111092808-5a964db01320 // indirect + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index ff09a6c3..18ce411d 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,11 @@ github.com/bluele/gcache v0.0.0-20190518031135-bc40bd653833/go.mod h1:8c4/i2Vlov github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw= github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0= github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ= -github.com/btcsuite/btcd v0.22.0-beta h1:LTDpDKUM5EeOFBPM8IXpinEcmZ6FWfNZbE3lfrfdnWo= github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA= +github.com/btcsuite/btcd v0.22.1 h1:CnwP9LM/M9xuRrGSCGeMVs9iv09uMqwsVX7EeIpgV2c= +github.com/btcsuite/btcd v0.22.1/go.mod h1:wqgTSL29+50LRkmOVknEdmt8ZojIzhuWvgu/iptuN7Y= +github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U= +github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc= github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA= github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg= github.com/btcsuite/btcutil v1.0.1/go.mod h1:j9HUFwoQRsZL3V4n+qG+CUnEGHOarIxfC3Le2Yhbcts= @@ -344,8 +347,8 @@ github.com/hyperledger/aries-framework-go/spi v0.0.0-20220217153004-1622c70e5767 github.com/hyperledger/aries-framework-go/spi v0.0.0-20220308060532-714cd5c18552/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220322085443-50e8f9bd208b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220324201531-18c87667df19/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330133350-1c2d9d65aea4 h1:YYAxW8jgFXm+FOpE7hI/GWzNLIHf4R2tzJXozUYDYik= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330133350-1c2d9d65aea4/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b h1:LedxlWFewGn/z2w5ahGc9Opt9x6mbgvLBM2KCDRI9kU= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210324232048-34ff560ed041/go.mod h1:eKGEEe+PJNDQo7kVif3sUKBWwnsQDkE3gD/QlpmukcQ= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210409151411-eeeb8508bd87/go.mod h1:JHzDtgJLd0134iLFXLxGBjJF+Z+TgiElA/5oVgMazts= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210421203733-b5dfd703a8fc/go.mod h1:asiCVCtH/nocWKhZRMz12aFgdUh8lRHqKis0M8Ei/4I= @@ -541,8 +544,9 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/teserakt-io/golang-ed25519 v0.0.0-20200315192543-8255be791ce4/go.mod h1:9PdLyPiZIiW3UopXyRnPYyjUXSpiQNHRLu8fOsR3o8M= github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 h1:RBkacARv7qY5laaXGlF4wFB/tk5rnthhPb8oIBGoagY= @@ -555,6 +559,8 @@ github.com/tidwall/pretty v1.0.2 h1:Z7S3cePv9Jwm1KwS0513MRaoUe3S01WPbLNV40pwWZU= github.com/tidwall/pretty v1.0.2/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/sjson v1.1.4 h1:bTSsPLdAYF5QNLSwYsKfBKKTnlGbIuhqL3CpRsjzGhg= github.com/tidwall/sjson v1.1.4/go.mod h1:wXpKXu8CtDjKAZ+3DrKY5ROCorDFahq8l0tey/Lx1fg= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 h1:XzE9MktZsZyDvWUUY+vMctgmpvIwacPNdCBlfLWuPaA= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= github.com/trustbloc/edge-core v0.1.8 h1:m4X5XNDwiHJjGf8gHnpo6aLkBYuqDyNRq+npjxLc5cY= github.com/trustbloc/edge-core v0.1.8/go.mod h1:gfoyG/xquRXyHkww0ldM2jwOTuKKZpHYn+87f+TBQ8M= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= @@ -602,8 +608,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI= -golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -789,8 +795,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220111092808-5a964db01320 h1:0jf+tOCoZ3LyutmCOWpVni1chK4VfFLhRsDK7MhqGRY= -golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/pkg/controller/mw/authmw/gnapmw/gnap_middleware.go b/pkg/controller/mw/authmw/gnapmw/gnap_middleware.go new file mode 100644 index 00000000..ca496b50 --- /dev/null +++ b/pkg/controller/mw/authmw/gnapmw/gnap_middleware.go @@ -0,0 +1,106 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +//nolint:lll +//go:generate mockgen -destination gomocks_test.go -self_package mocks -package gnapmw_test -source=gnap_middleware.go -mock_names HTTPHandler=MockHTTPHandler,gnapRSClient=MockGNAPRSClient + +package gnapmw + +import ( + "fmt" + "net/http" + "strings" + + "github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk" + "github.com/trustbloc/auth/spi/gnap" +) + +const ( + proofType = "httpsig" + gnapToken = "GNAP" +) + +type gnapRSClient interface { + Introspect(req *gnap.IntrospectRequest) (*gnap.IntrospectResponse, error) +} + +// Middleware is a GNAP auth middleware. +type Middleware struct { + Client gnapRSClient + RSPubKey *jwk.JWK +} + +// HTTPHandler is an HTTP handler (used by GoMock to generate a mock). +type HTTPHandler interface { + http.Handler +} + +// Accept checks if the request can be handled by the GNAP middleware. +func (mw *Middleware) Accept(req *http.Request) bool { + if v, ok := req.Header["Authorization"]; ok { + for _, h := range v { + if strings.Contains(h, gnapToken) { + return true + } + } + } + + return false +} + +// Middleware returns middleware func. +func (mw *Middleware) Middleware() func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return &gnapHandler{ + client: mw.Client, + clientKey: &gnap.ClientKey{ + Proof: proofType, + JWK: *mw.RSPubKey, + }, + next: next, + } + } +} + +type gnapHandler struct { + client gnapRSClient + clientKey *gnap.ClientKey + next http.Handler +} + +// ServeHTTP authorizes an incoming HTTP request using GNAP. +func (h *gnapHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { + tokenHeader := strings.Split(strings.Trim(req.Header.Get("Authorization"), " "), " ") + + if len(tokenHeader) < 2 || tokenHeader[0] != gnapToken { + http.Error(w, "unauthorized", http.StatusUnauthorized) + + return + } + + introspectReq := &gnap.IntrospectRequest{ + ResourceServer: &gnap.RequestClient{ + Key: h.clientKey, + }, + Proof: proofType, + AccessToken: tokenHeader[1], + } + + resp, err := h.client.Introspect(introspectReq) + if err != nil { + http.Error(w, fmt.Sprintf("introspect token: %s", err.Error()), http.StatusInternalServerError) + + return + } + + if !resp.Active { + http.Error(w, "unauthorized", http.StatusUnauthorized) + + return + } + + h.next.ServeHTTP(w, req) +} diff --git a/pkg/controller/mw/authmw/gnapmw/gnap_middleware_test.go b/pkg/controller/mw/authmw/gnapmw/gnap_middleware_test.go new file mode 100644 index 00000000..0ef934af --- /dev/null +++ b/pkg/controller/mw/authmw/gnapmw/gnap_middleware_test.go @@ -0,0 +1,161 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package gnapmw_test + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/golang/mock/gomock" + "github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk" + "github.com/stretchr/testify/require" + "github.com/trustbloc/auth/spi/gnap" + + "github.com/trustbloc/kms/pkg/controller/mw/authmw/gnapmw" +) + +func TestAccept(t *testing.T) { + tests := []struct { + name string + headers []string + accepted bool + }{ + { + "no authorization header", + []string{}, + false, + }, + { + "bearer token", + []string{"Authorization: Bearer token"}, + false, + }, + { + "gnap token", + []string{"Authorization: GNAP token"}, + true, + }, + { + "multiple authorization headers", + []string{"Authorization: GNAP token", "Authorization: Bearer token"}, + true, + }, + } + + mw := gnapmw.Middleware{} + + for _, tt := range tests { + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + for _, header := range tt.headers { + v := strings.Split(header, ":") + + req.Header.Add(v[0], v[1]) + } + + require.Equal(t, tt.accepted, mw.Accept(req)) + } +} + +func TestMiddleware(t *testing.T) { + t.Run("should call next handler if request is authorized", func(t *testing.T) { + ctrl := gomock.NewController(t) + + client := NewMockGNAPRSClient(ctrl) + client.EXPECT().Introspect(gomock.Any()).Return(&gnap.IntrospectResponse{Active: true}, nil) + + mw := gnapmw.Middleware{Client: client, RSPubKey: &jwk.JWK{}} + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(1) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + req.Header.Add("Authorization", "GNAP token") + + rr := httptest.NewRecorder() + + mw.Middleware()(next).ServeHTTP(rr, req) + + require.Equal(t, http.StatusOK, rr.Code) + }) + + t.Run("should return 401 Unauthorized if no gnap token", func(t *testing.T) { + ctrl := gomock.NewController(t) + + client := NewMockGNAPRSClient(ctrl) + client.EXPECT().Introspect(gomock.Any()).Times(0) + + mw := gnapmw.Middleware{Client: client, RSPubKey: &jwk.JWK{}} + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(0) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + req.Header.Add("Authorization", "Bearer token") + + rr := httptest.NewRecorder() + + mw.Middleware()(next).ServeHTTP(rr, req) + + require.Equal(t, http.StatusUnauthorized, rr.Code) + }) + + t.Run("should return 500 StatusInternalServerError if introspect call fails", func(t *testing.T) { + ctrl := gomock.NewController(t) + + client := NewMockGNAPRSClient(ctrl) + client.EXPECT().Introspect(gomock.Any()).Return(nil, errors.New("introspect error")) + + mw := gnapmw.Middleware{Client: client, RSPubKey: &jwk.JWK{}} + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(0) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + req.Header.Add("Authorization", "GNAP token") + + rr := httptest.NewRecorder() + + mw.Middleware()(next).ServeHTTP(rr, req) + + require.Equal(t, http.StatusInternalServerError, rr.Code) + }) + + t.Run("should return 401 Unauthorized if token is inactive", func(t *testing.T) { + ctrl := gomock.NewController(t) + + client := NewMockGNAPRSClient(ctrl) + client.EXPECT().Introspect(gomock.Any()).Return(&gnap.IntrospectResponse{Active: false}, nil) + + mw := gnapmw.Middleware{Client: client, RSPubKey: &jwk.JWK{}} + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(0) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + req.Header.Add("Authorization", "GNAP token") + + rr := httptest.NewRecorder() + + mw.Middleware()(next).ServeHTTP(rr, req) + + require.Equal(t, http.StatusUnauthorized, rr.Code) + }) +} diff --git a/pkg/controller/mw/authmw/oauthmw/oauth_middleware.go b/pkg/controller/mw/authmw/oauthmw/oauth_middleware.go new file mode 100644 index 00000000..519a1738 --- /dev/null +++ b/pkg/controller/mw/authmw/oauthmw/oauth_middleware.go @@ -0,0 +1,52 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +//go:generate mockgen -destination gomocks_test.go -package oauthmw_test . HTTPHandler + +package oauthmw + +import ( + "net/http" + "strings" +) + +// Middleware is an OAuth2 auth middleware. +type Middleware struct{} + +// HTTPHandler is an alias for http.Handler (used by GoMock to generate a mock). +type HTTPHandler = http.Handler + +// Accept accepts requests with Bearer token in Authorization header. Token introspection is done by third-party +// service, e.g. Oathkeeper reverse proxy. +func (mw *Middleware) Accept(req *http.Request) bool { + if v, ok := req.Header["Authorization"]; ok { + for _, h := range v { + if strings.Contains(h, "Bearer") { + return true + } + } + } + + return false +} + +// Middleware returns middleware func. +func (mw *Middleware) Middleware() func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return &oauthHandler{ + next: next, + } + } +} + +type oauthHandler struct { + next http.Handler +} + +// ServeHTTP calls the next handler assuming that authorization was already done by third-party service. +func (h *oauthHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { + h.next.ServeHTTP(w, req) +} diff --git a/pkg/controller/mw/authmw/oauthmw/oauth_middleware_test.go b/pkg/controller/mw/authmw/oauthmw/oauth_middleware_test.go new file mode 100644 index 00000000..8457a105 --- /dev/null +++ b/pkg/controller/mw/authmw/oauthmw/oauth_middleware_test.go @@ -0,0 +1,83 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package oauthmw_test + +import ( + "context" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/require" + + "github.com/trustbloc/kms/pkg/controller/mw/authmw/oauthmw" +) + +func TestAccept(t *testing.T) { + tests := []struct { + name string + headers []string + accepted bool + }{ + { + "no authorization header", + []string{}, + false, + }, + { + "gnap token", + []string{"Authorization: GNAP token"}, + false, + }, + { + "bearer token", + []string{"Authorization: Bearer token"}, + true, + }, + { + "multiple authorization headers", + []string{"Authorization: GNAP token", "Authorization: Bearer token"}, + true, + }, + } + + mw := oauthmw.Middleware{} + + for _, tt := range tests { + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + for _, header := range tt.headers { + v := strings.Split(header, ":") + + req.Header.Add(v[0], v[1]) + } + + require.Equal(t, tt.accepted, mw.Accept(req)) + } +} + +func TestMiddleware(t *testing.T) { + t.Run("should call next handler", func(t *testing.T) { + ctrl := gomock.NewController(t) + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(1) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + rr := httptest.NewRecorder() + + mw := oauthmw.Middleware{} + mw.Middleware()(next).ServeHTTP(rr, req) + + require.Equal(t, http.StatusOK, rr.Code) + }) +} diff --git a/pkg/controller/mw/authmw/wrap_auth_middleware.go b/pkg/controller/mw/authmw/wrap_auth_middleware.go new file mode 100644 index 00000000..fb809cad --- /dev/null +++ b/pkg/controller/mw/authmw/wrap_auth_middleware.go @@ -0,0 +1,48 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +//go:generate mockgen -destination gomocks_test.go -package authmw_test . HTTPHandler,Middleware + +package authmw + +import "net/http" + +// Middleware represents an auth middleware that can handle authorization for the given HTTP request. +type Middleware interface { + Accept(req *http.Request) bool + Middleware() func(http.Handler) http.Handler +} + +// HTTPHandler is an alias for http.Handler (used by GoMock to generate a mock). +type HTTPHandler = http.Handler + +// Wrap returns middleware that combines other auth middlewares. +func Wrap(mw ...Middleware) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return &authHandler{ + middlewares: mw, + next: next, + } + } +} + +type authHandler struct { + middlewares []Middleware + next http.Handler +} + +// ServeHTTP authorizes incoming HTTP requests. +func (h *authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { + for _, mw := range h.middlewares { + if mw.Accept(req) { + mw.Middleware()(h.next).ServeHTTP(w, req) + + return + } + } + + http.Error(w, "unauthorized", http.StatusUnauthorized) +} diff --git a/pkg/controller/mw/authmw/wrap_auth_middleware_test.go b/pkg/controller/mw/authmw/wrap_auth_middleware_test.go new file mode 100644 index 00000000..0165d8bd --- /dev/null +++ b/pkg/controller/mw/authmw/wrap_auth_middleware_test.go @@ -0,0 +1,63 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package authmw_test + +import ( + "context" + "net/http" + "net/http/httptest" + "testing" + + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/require" + + "github.com/trustbloc/kms/pkg/controller/mw/authmw" +) + +func TestWrapMiddleware(t *testing.T) { + t.Run("should return 401 Unauthorized by default", func(t *testing.T) { + ctrl := gomock.NewController(t) + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(0) + + auth := authmw.Wrap()(next) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + rr := httptest.NewRecorder() + + auth.ServeHTTP(rr, req) + + require.Equal(t, http.StatusUnauthorized, rr.Code) + }) + + t.Run("should call next handler if request is authorized", func(t *testing.T) { + ctrl := gomock.NewController(t) + + next := NewMockHTTPHandler(ctrl) + next.EXPECT().ServeHTTP(gomock.Any(), gomock.Any()).Times(1) + + mw := NewMockMiddleware(ctrl) + mw.EXPECT().Accept(gomock.Any()).Return(true) + mw.EXPECT().Middleware().Return(func(h http.Handler) http.Handler { + return h + }) + + auth := authmw.Wrap(mw)(next) + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + rr := httptest.NewRecorder() + + auth.ServeHTTP(rr, req) + + require.Equal(t, http.StatusOK, rr.Code) + }) +} diff --git a/pkg/controller/mw/zcap_middleware.go b/pkg/controller/mw/authmw/zcapmw/zcap_middleware.go similarity index 80% rename from pkg/controller/mw/zcap_middleware.go rename to pkg/controller/mw/authmw/zcapmw/zcap_middleware.go index cded1d55..61acc828 100644 --- a/pkg/controller/mw/zcap_middleware.go +++ b/pkg/controller/mw/authmw/zcapmw/zcap_middleware.go @@ -4,9 +4,9 @@ Copyright SecureKey Technologies Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package mw +package zcapmw -//go:generate mockgen -destination gomocks_test.go -package mw . DocumentLoader,CapabilityResolver,VDRResolver +//go:generate mockgen -destination gomocks_test.go -package zcapmw . DocumentLoader,CapabilityResolver,VDRResolver import ( "context" @@ -36,6 +36,14 @@ type CapabilityResolver = zcapld.CapabilityResolver // VDRResolver is an alias for zcapld.VDRResolver. type VDRResolver = zcapld.VDRResolver +type authService interface { + CreateDIDKey(context.Context) (string, error) + NewCapability(ctx context.Context, options ...zcapld.CapabilityOption) (*zcapld.Capability, error) + KMS() kms.KeyManager + Crypto() crypto.Crypto + Resolve(string) (*zcapld.Capability, error) +} + // ZCAPConfig is a configuration for zcapld middleware. type ZCAPConfig struct { AuthService authService @@ -46,22 +54,40 @@ type ZCAPConfig struct { ResourceIDQueryParam string } -type authService interface { - CreateDIDKey(context.Context) (string, error) - NewCapability(ctx context.Context, options ...zcapld.CapabilityOption) (*zcapld.Capability, error) - KMS() kms.KeyManager - Crypto() crypto.Crypto - Resolve(string) (*zcapld.Capability, error) +// Middleware is a zcapld auth middleware. +type Middleware struct { + Config *ZCAPConfig + Action string } -type namer interface { - GetName() string +// Accept checks if middleware can handle auth for the given request. +func (mw *Middleware) Accept(req *http.Request) bool { + _, ok := req.Header["Capability-Invocation"] + + return ok } -type muxNamer struct{} +// Middleware returns middleware func. +func (mw *Middleware) Middleware() func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return &mwHandler{ + next: next, + zcaps: &capabilityResolverMetrics{wrapped: mw.Config.AuthService}, + keys: mw.Config.AuthService.KMS(), + crpto: mw.Config.AuthService.Crypto(), + jsonLDLoader: &documentLoaderMetrics{wrapped: mw.Config.JSONLDLoader}, + logger: mw.Config.Logger, + routeFunc: (&muxNamer{}).GetName, + vdrResolver: &vdrResolverMetrics{wrapped: mw.Config.VDRResolver}, + baseResourceURL: mw.Config.BaseResourceURL, + resourceIDQueryParam: mw.Config.ResourceIDQueryParam, + handlerAction: mw.Action, + } + } +} -func (m *muxNamer) GetName(r *http.Request) namer { - return mux.CurrentRoute(r) +type namer interface { + GetName() string } type mwHandler struct { @@ -78,25 +104,6 @@ type mwHandler struct { handlerAction string } -// ZCAPLDMiddleware returns the ZCAPLD middleware that authorizes requests. -func ZCAPLDMiddleware(c *ZCAPConfig, handlerAction string) mux.MiddlewareFunc { - return func(h http.Handler) http.Handler { - return &mwHandler{ - next: h, - zcaps: &capabilityResolverMetrics{wrapped: c.AuthService}, - keys: c.AuthService.KMS(), - crpto: c.AuthService.Crypto(), - jsonLDLoader: &documentLoaderMetrics{wrapped: c.JSONLDLoader}, - logger: c.Logger, - routeFunc: (&muxNamer{}).GetName, - vdrResolver: &vdrResolverMetrics{wrapped: c.VDRResolver}, - baseResourceURL: c.BaseResourceURL, - resourceIDQueryParam: c.ResourceIDQueryParam, - handlerAction: handlerAction, - } - } -} - func (h *mwHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { h.logger.Debugf("handling request: %s %s", r.Method, r.URL.String()) @@ -149,6 +156,12 @@ func (h *mwHandler) logError(err error) { h.logger.Errorf("unauthorized capability invocation: %s", err.Error()) } +type muxNamer struct{} + +func (m *muxNamer) GetName(r *http.Request) namer { + return mux.CurrentRoute(r) +} + type capabilityResolverMetrics struct { wrapped zcapld.CapabilityResolver } diff --git a/pkg/controller/mw/zcap_middleware_test.go b/pkg/controller/mw/authmw/zcapmw/zcap_middleware_test.go similarity index 83% rename from pkg/controller/mw/zcap_middleware_test.go rename to pkg/controller/mw/authmw/zcapmw/zcap_middleware_test.go index 70592987..0ffd46c0 100644 --- a/pkg/controller/mw/zcap_middleware_test.go +++ b/pkg/controller/mw/authmw/zcapmw/zcap_middleware_test.go @@ -4,7 +4,7 @@ Copyright SecureKey Technologies Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package mw // nolint:testpackage // mocking internal implementation details +package zcapmw //nolint:testpackage // mocking internal implementation details import ( "context" @@ -25,12 +25,12 @@ import ( func TestMiddleware(t *testing.T) { t.Run("authz: zcaps", func(t *testing.T) { t.Run("protects endpoints", func(t *testing.T) { - handler := &handler{} + h := &handler{} config := newConfig() - mwFactory := ZCAPLDMiddleware(config, "createKey") + mwFactory := Middleware{Config: config, Action: "createKey"} - mw := mwFactory(handler) + mw := mwFactory.Middleware()(h) require.IsType(t, &mwHandler{}, mw) (mw).(*mwHandler).routeFunc = func(r *http.Request) namer { return &mockNamer{name: r.URL.Path} @@ -48,16 +48,16 @@ func TestMiddleware(t *testing.T) { require.Equal(t, http.StatusUnauthorized, response.StatusCode) // we're not sending zcaps - require.Len(t, handler.requestsCaptured, 0) // we're not sending zcaps + require.Len(t, h.requestsCaptured, 0) // we're not sending zcaps }) t.Run("badrequest if endpoint is not valid", func(t *testing.T) { - handler := &handler{} + h := &handler{} config := newConfig() - mwFactory := ZCAPLDMiddleware(config, "") + mwFactory := Middleware{Config: config, Action: ""} - mw := mwFactory(handler) + mw := mwFactory.Middleware()(h) require.IsType(t, &mwHandler{}, mw) (mw).(*mwHandler).routeFunc = func(r *http.Request) namer { return &mockNamer{name: r.URL.Path} @@ -70,7 +70,19 @@ func TestMiddleware(t *testing.T) { require.NoError(t, err) require.Equal(t, http.StatusBadRequest, response.StatusCode) // we're not sending zcaps - require.Len(t, handler.requestsCaptured, 0) // we're not sending zcaps + require.Len(t, h.requestsCaptured, 0) // we're not sending zcaps + }) + + t.Run("should handle request with Capability-Invocation header", func(t *testing.T) { + config := newConfig() + mwFactory := Middleware{Config: config, Action: "createKey"} + + req, err := http.NewRequestWithContext(context.Background(), "", "", nil) + require.NoError(t, err) + + req.Header.Add("Capability-Invocation", "zcap") + + require.True(t, mwFactory.Accept(req)) }) }) } diff --git a/pkg/controller/rest/handler.go b/pkg/controller/rest/handler.go index 010a50ad..66ff3d57 100644 --- a/pkg/controller/rest/handler.go +++ b/pkg/controller/rest/handler.go @@ -13,47 +13,66 @@ var _ Handler = (*HTTPHandler)(nil) // Handler represents an HTTP handler for controller API endpoint. type Handler interface { Path() string - Action() string - ZCAPProtect() bool Method() string - Handle() http.HandlerFunc + Handler() http.HandlerFunc + Action() string + Auth() AuthMethod } -// NewHTTPHandler returns an instance of HTTPHandler that shouldn't be zcap protected. -func NewHTTPHandler(path, method string, handle http.HandlerFunc, action string, zcapProtected bool) *HTTPHandler { - return &HTTPHandler{path: path, action: action, zcapProtected: zcapProtected, method: method, handle: handle} +// NewHTTPHandler returns a configured instance of HTTPHandler. +func NewHTTPHandler(path, method string, handler http.HandlerFunc, action string, auth AuthMethod) *HTTPHandler { + return &HTTPHandler{path: path, method: method, handler: handler, action: action, auth: auth} +} + +// AuthMethod represents an authorization method. +type AuthMethod int + +const ( + // AuthNone defines that auth is not handled by the service. + AuthNone AuthMethod = 1 << iota + // AuthOAuth2 defines OAuth2 as a supported auth method for the handler. + AuthOAuth2 + // AuthZCAP defines ZCAP as a supported auth method for the handler. + AuthZCAP + // AuthGNAP defines GNAP as a supported auth method for the handler. + AuthGNAP +) + +// HasFlag checks if the given auth method is set. +func (a AuthMethod) HasFlag(flag AuthMethod) bool { + return a&flag != 0 } // HTTPHandler is an HTTP handler for the given path and method. type HTTPHandler struct { - path string - action string - zcapProtected bool - method string - handle http.HandlerFunc + path string + method string + handler http.HandlerFunc + action string + auth AuthMethod } -// Path returns HTTP request path. +// Path returns an HTTP request path. func (h *HTTPHandler) Path() string { return h.path } -// Action returns action associated with request path. -func (h *HTTPHandler) Action() string { - return h.action +// Method returns an HTTP request method. +func (h *HTTPHandler) Method() string { + return h.method } -// ZCAPProtect indicates should the path be protected by zcap. -func (h *HTTPHandler) ZCAPProtect() bool { - return h.zcapProtected +// Handler returns an HTTP request handler func. +func (h *HTTPHandler) Handler() http.HandlerFunc { + return h.handler } -// Method returns HTTP request method type. -func (h *HTTPHandler) Method() string { - return h.method +// Action returns an action associated with the request path. +func (h *HTTPHandler) Action() string { + return h.action } -// Handle returns HTTP request handler func. -func (h *HTTPHandler) Handle() http.HandlerFunc { - return h.handle +// Auth returns supported authorization method. +func (h *HTTPHandler) Auth() AuthMethod { + return h.auth } diff --git a/pkg/controller/rest/operation.go b/pkg/controller/rest/operation.go index a6a8060a..df9bb05f 100644 --- a/pkg/controller/rest/operation.go +++ b/pkg/controller/rest/operation.go @@ -98,29 +98,29 @@ func New(cmd Cmd) *Operation { // GetRESTHandlers returns list of all handlers supported by this controller. func (o *Operation) GetRESTHandlers() []Handler { return []Handler{ - NewHTTPHandler(DIDPath, http.MethodPost, o.CreateDID, command.ActionCreateDID, false), - NewHTTPHandler(KeyStorePath, http.MethodPost, o.CreateKeyStore, command.ActionCreateKeyStore, false), - NewHTTPHandler(KeyPath, http.MethodPost, o.CreateKey, command.ActionCreateKey, true), - NewHTTPHandler(KeyPath, http.MethodPut, o.ImportKey, command.ActionImportKey, true), - NewHTTPHandler(ExportKeyPath, http.MethodGet, o.ExportKey, command.ActionExportKey, true), - NewHTTPHandler(RotateKeyPath, http.MethodPost, o.RotateKey, command.ActionRotateKey, true), - NewHTTPHandler(SignPath, http.MethodPost, o.Sign, command.ActionSign, true), - NewHTTPHandler(VerifyPath, http.MethodPost, o.Verify, command.ActionVerify, true), - NewHTTPHandler(EncryptPath, http.MethodPost, o.Encrypt, command.ActionEncrypt, true), - NewHTTPHandler(DecryptPath, http.MethodPost, o.Decrypt, command.ActionDecrypt, true), - NewHTTPHandler(ComputeMACPath, http.MethodPost, o.ComputeMAC, command.ActionComputeMac, true), - NewHTTPHandler(VerifyMACPath, http.MethodPost, o.VerifyMAC, command.ActionVerifyMAC, true), - NewHTTPHandler(SignMultiPath, http.MethodPost, o.SignMulti, command.ActionSignMulti, true), - NewHTTPHandler(VerifyMultiPath, http.MethodPost, o.VerifyMulti, command.ActionVerifyMulti, true), - NewHTTPHandler(DeriveProofPath, http.MethodPost, o.DeriveProof, command.ActionDeriveProof, true), - NewHTTPHandler(VerifyProofPath, http.MethodPost, o.VerifyProof, command.ActionVerifyProof, true), - NewHTTPHandler(EasyPath, http.MethodPost, o.Easy, command.ActionEasy, true), - NewHTTPHandler(EasyOpenPath, http.MethodPost, o.EasyOpen, command.ActionEasyOpen, true), - NewHTTPHandler(SealOpenPath, http.MethodPost, o.SealOpen, command.ActionSealOpen, true), - NewHTTPHandler(WrapKeyPath, http.MethodPost, o.WrapKey, command.ActionWrap, true), - NewHTTPHandler(WrapKeyAEPath, http.MethodPost, o.WrapKeyAE, command.ActionWrap, true), - NewHTTPHandler(UnwrapKeyPath, http.MethodPost, o.UnwrapKey, command.ActionUnwrap, true), - NewHTTPHandler(HealthCheckPath, http.MethodGet, o.HealthCheck, "", false), + NewHTTPHandler(DIDPath, http.MethodPost, o.CreateDID, command.ActionCreateDID, AuthOAuth2), + NewHTTPHandler(KeyStorePath, http.MethodPost, o.CreateKeyStore, command.ActionCreateKeyStore, AuthOAuth2|AuthGNAP), //nolint:lll + NewHTTPHandler(KeyPath, http.MethodPost, o.CreateKey, command.ActionCreateKey, AuthZCAP|AuthGNAP), + NewHTTPHandler(KeyPath, http.MethodPut, o.ImportKey, command.ActionImportKey, AuthZCAP|AuthGNAP), + NewHTTPHandler(ExportKeyPath, http.MethodGet, o.ExportKey, command.ActionExportKey, AuthZCAP|AuthGNAP), + NewHTTPHandler(RotateKeyPath, http.MethodPost, o.RotateKey, command.ActionRotateKey, AuthZCAP|AuthGNAP), + NewHTTPHandler(SignPath, http.MethodPost, o.Sign, command.ActionSign, AuthZCAP|AuthGNAP), + NewHTTPHandler(VerifyPath, http.MethodPost, o.Verify, command.ActionVerify, AuthZCAP|AuthGNAP), + NewHTTPHandler(EncryptPath, http.MethodPost, o.Encrypt, command.ActionEncrypt, AuthZCAP|AuthGNAP), + NewHTTPHandler(DecryptPath, http.MethodPost, o.Decrypt, command.ActionDecrypt, AuthZCAP|AuthGNAP), + NewHTTPHandler(ComputeMACPath, http.MethodPost, o.ComputeMAC, command.ActionComputeMac, AuthZCAP|AuthGNAP), + NewHTTPHandler(VerifyMACPath, http.MethodPost, o.VerifyMAC, command.ActionVerifyMAC, AuthZCAP|AuthGNAP), + NewHTTPHandler(SignMultiPath, http.MethodPost, o.SignMulti, command.ActionSignMulti, AuthZCAP|AuthGNAP), + NewHTTPHandler(VerifyMultiPath, http.MethodPost, o.VerifyMulti, command.ActionVerifyMulti, AuthZCAP|AuthGNAP), + NewHTTPHandler(DeriveProofPath, http.MethodPost, o.DeriveProof, command.ActionDeriveProof, AuthZCAP|AuthGNAP), + NewHTTPHandler(VerifyProofPath, http.MethodPost, o.VerifyProof, command.ActionVerifyProof, AuthZCAP|AuthGNAP), + NewHTTPHandler(EasyPath, http.MethodPost, o.Easy, command.ActionEasy, AuthZCAP|AuthGNAP), + NewHTTPHandler(EasyOpenPath, http.MethodPost, o.EasyOpen, command.ActionEasyOpen, AuthZCAP|AuthGNAP), + NewHTTPHandler(SealOpenPath, http.MethodPost, o.SealOpen, command.ActionSealOpen, AuthZCAP|AuthGNAP), + NewHTTPHandler(WrapKeyPath, http.MethodPost, o.WrapKey, command.ActionWrap, AuthZCAP|AuthGNAP), + NewHTTPHandler(WrapKeyAEPath, http.MethodPost, o.WrapKeyAE, command.ActionWrap, AuthZCAP|AuthGNAP), + NewHTTPHandler(UnwrapKeyPath, http.MethodPost, o.UnwrapKey, command.ActionUnwrap, AuthZCAP|AuthGNAP), + NewHTTPHandler(HealthCheckPath, http.MethodGet, o.HealthCheck, "", AuthNone), } } diff --git a/pkg/controller/rest/operation_test.go b/pkg/controller/rest/operation_test.go index e3de567d..3691e758 100644 --- a/pkg/controller/rest/operation_test.go +++ b/pkg/controller/rest/operation_test.go @@ -619,7 +619,7 @@ func handleRequest(t *testing.T, op *Operation, path, method string, body io.Rea router := mux.NewRouter() - router.HandleFunc(handler.Path(), handler.Handle()).Methods(handler.Method()) + router.HandleFunc(handler.Path(), handler.Handler()).Methods(handler.Method()) rr := httptest.NewRecorder() diff --git a/scripts/generate_test_keys.sh b/scripts/generate_test_keys.sh index 83e7dbf2..f66eabfc 100755 --- a/scripts/generate_test_keys.sh +++ b/scripts/generate_test_keys.sh @@ -38,4 +38,7 @@ openssl rand -out test/bdd/fixtures/keys/session_cookies/enc.key 32 #create master key for secret lock openssl rand 32 | base64 | sed 's/+/-/g; s/\//_/g' > test/bdd/fixtures/keys/tls/secret-lock.key +#create private key for GNAP signer +openssl ecparam -name prime256v1 -genkey -noout -out test/bdd/fixtures/keys/gnap-priv-key.pem + echo "done generating kms PKI" diff --git a/test/bdd/features/kms-cli.feature b/test/bdd/features/kms_cli.feature similarity index 100% rename from test/bdd/features/kms-cli.feature rename to test/bdd/features/kms_cli.feature diff --git a/test/bdd/features/kms_gnap.feature b/test/bdd/features/kms_gnap.feature index 3366d94f..9ec1e2be 100644 --- a/test/bdd/features/kms_gnap.feature +++ b/test/bdd/features/kms_gnap.feature @@ -6,11 +6,11 @@ @all @gnap -@wip Feature: KMS authorization with GNAP - Scenario: User authorizes with GNAP to create a key store + Scenario: User authorizes with GNAP for KMS operations Given "Alice" has been granted with GNAP access token to Key Server - When an HTTP POST with GNAP access token and "(request-target),authorization,digest" headers signed by "Alice" is sent to "https://localhost:4466/v1/keystores" + # create a key store + When an HTTP POST with GNAP access token and "(request-target),authorization,digest" headers signed by "Alice" is sent to "https://localhost:8076/v1/keystores" """ { "controller": "{{ .GetDID "Alice" }}" @@ -18,3 +18,22 @@ Feature: KMS authorization with GNAP """ Then response status is "200 OK" And response contains non-empty "key_store_url" + # create a key + When an HTTP POST with GNAP access token and "(request-target),authorization,digest" headers signed by "Alice" is sent to "https://localhost:8076/v1/keystores/{keystoreID}/keys" + """ + { + "key_type": "ED25519" + } + """ + Then response status is "200 OK" + And response contains non-empty "key_url" + # sign a message + When an HTTP POST with GNAP access token and "(request-target),authorization,digest" headers signed by "Alice" is sent to "https://localhost:8076/v1/keystores/{keystoreID}/keys/{keyID}/sign" + """ + { + "message": "{{ .ToBase64 "test message" }}" + } + """ + Then response status is "200 OK" + And response contains non-empty "signature" + diff --git a/test/bdd/fixtures/docker-compose.yml b/test/bdd/fixtures/docker-compose.yml index 82fb05ce..1cea9b18 100644 --- a/test/bdd/fixtures/docker-compose.yml +++ b/test/bdd/fixtures/docker-compose.yml @@ -34,18 +34,19 @@ services: - KMS_DATABASE_URL=mongodb://mongodb.example.com:27017 - KMS_DATABASE_PREFIX=opskms_ - KMS_CACHE_ENABLE=true - - KMS_ZCAP_ENABLE=true - KMS_LOG_LEVEL=debug - KMS_SECRET_LOCK_TYPE=aws - KMS_SECRET_LOCK_AWS_KEY_URI=aws-kms://arn:aws:kms:ca-central-1:111122223333:key/bc436485-5092-42b8-92a3-0aa8b93536dc - KMS_SECRET_LOCK_AWS_ENDPOINT=http://aws-kms.trustbloc.local:8020 - AWS_ACCESS_KEY_ID=mock - AWS_SECRET_ACCESS_KEY=mock + - KMS_GNAP_SIGNING_KEY=/etc/gnap-priv-key.pem + - KMS_AUTH_SERVER_URL=https://auth.trustbloc.local:8070 ports: - 8074:8074 - 48831:48831 volumes: - - ./keys/tls:/etc/tls + - ./keys:/etc command: start depends_on: - mongodb.example.com @@ -67,18 +68,19 @@ services: - KMS_DATABASE_URL=mongodb://mongodb.example.com:27017 - KMS_DATABASE_PREFIX=opskms_ - KMS_CACHE_ENABLE=true - - KMS_ZCAP_ENABLE=true - KMS_LOG_LEVEL=debug - KMS_SECRET_LOCK_TYPE=aws - KMS_SECRET_LOCK_AWS_KEY_URI=aws-kms://arn:aws:kms:ca-central-1:111122223333:key/bc436485-5092-42b8-92a3-0aa8b93536dc - KMS_SECRET_LOCK_AWS_ENDPOINT=http://aws-kms.trustbloc.local:8020 - AWS_ACCESS_KEY_ID=mock - AWS_SECRET_ACCESS_KEY=mock + - KMS_GNAP_SIGNING_KEY=/etc/gnap-priv-key.pem + - KMS_AUTH_SERVER_URL=https://auth.trustbloc.local:8070 ports: - 8075:8075 - 48832:48832 volumes: - - ./keys/tls:/etc/tls + - ./keys:/etc command: start depends_on: - mongodb.example.com @@ -116,6 +118,7 @@ services: - KMS_DATABASE_PREFIX=authzkms_ - KMS_AUTH_SERVER_URL=https://auth.trustbloc.local:8070 - KMS_AUTH_SERVER_TOKEN=test_token + - KMS_AUTH_DISABLE=true - KMS_CACHE_ENABLE=true - KMS_LOG_LEVEL=debug - KMS_SECRET_LOCK_TYPE=local @@ -144,6 +147,7 @@ services: - KMS_DATABASE_TYPE=mongodb - KMS_DATABASE_URL=mongodb://mongodb.example.com:27017 - KMS_DATABASE_PREFIX=orbkms_ + - KMS_AUTH_DISABLE=true - KMS_CACHE_ENABLE=true - KMS_LOG_LEVEL=debug - KMS_SECRET_LOCK_TYPE=aws diff --git a/test/bdd/go.mod b/test/bdd/go.mod index 637394af..3f3b0cfa 100644 --- a/test/bdd/go.mod +++ b/test/bdd/go.mod @@ -14,7 +14,7 @@ require ( github.com/hyperledger/aries-framework-go v0.1.9-0.20220412155017-81442062e607 github.com/hyperledger/aries-framework-go-ext/component/vdr/orb v1.0.0-rc.1 github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20220516154446-0ba34929e05b - github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b + github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b github.com/igor-pavlenko/httpsignatures-go v0.0.23 github.com/lafriks/go-shamir v1.1.0 github.com/ory/hydra-client-go v1.10.6 @@ -22,8 +22,8 @@ require ( github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 github.com/tidwall/gjson v1.6.7 - github.com/trustbloc/auth v0.1.9-0.20220519150427-c3450267252e - github.com/trustbloc/auth/spi/gnap v0.0.0-20220519150427-c3450267252e + github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1 + github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 github.com/trustbloc/edge-core v0.1.8 github.com/trustbloc/edv v0.1.8 github.com/trustbloc/kms v0.1.8 @@ -101,9 +101,9 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect go.mongodb.org/mongo-driver v1.8.0 // indirect - golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 // indirect + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect - golang.org/x/sys v0.0.0-20220519141025-dcacdad47464 // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf // indirect diff --git a/test/bdd/go.sum b/test/bdd/go.sum index 0cb79f4c..f58d397a 100644 --- a/test/bdd/go.sum +++ b/test/bdd/go.sum @@ -983,8 +983,8 @@ github.com/hyperledger/aries-framework-go/spi v0.0.0-20220322085443-50e8f9bd208b github.com/hyperledger/aries-framework-go/spi v0.0.0-20220324201531-18c87667df19/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330133350-1c2d9d65aea4/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/spi v0.0.0-20220330140627-07042d78580c/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b h1:FKKAVz3KHByOxGyy6akY1T8RHlDuYPXiq+OeZB0NL8Q= -github.com/hyperledger/aries-framework-go/spi v0.0.0-20220516154446-0ba34929e05b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b h1:LedxlWFewGn/z2w5ahGc9Opt9x6mbgvLBM2KCDRI9kU= +github.com/hyperledger/aries-framework-go/spi v0.0.0-20220531182402-04bfea80427b/go.mod h1:4bD5c5fj5K7rkQurVa/8I8+TfNcI4bxIBzaUNcxTOTg= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210324232048-34ff560ed041/go.mod h1:eKGEEe+PJNDQo7kVif3sUKBWwnsQDkE3gD/QlpmukcQ= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210409151411-eeeb8508bd87/go.mod h1:JHzDtgJLd0134iLFXLxGBjJF+Z+TgiElA/5oVgMazts= github.com/hyperledger/aries-framework-go/test/component v0.0.0-20210421203733-b5dfd703a8fc/go.mod h1:asiCVCtH/nocWKhZRMz12aFgdUh8lRHqKis0M8Ei/4I= @@ -1591,11 +1591,11 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/transparency-dev/merkle v0.0.0-20220208131541-728dc2de1344/go.mod h1:B8FIw5LTq6DaULoHsVFRzYIUDkl8yuSwCdZnOZGKL/A= -github.com/trustbloc/auth v0.1.9-0.20220519150427-c3450267252e h1:r6XDI56NZPaVv5O7azZHTN9huJ7sPPQz+9tRk18Zuf4= -github.com/trustbloc/auth v0.1.9-0.20220519150427-c3450267252e/go.mod h1:FcKbsDtehwj5bQHhmufjy/8oAvzVNBLAicgFMwLe2AM= +github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1 h1:i69SajbXTDCL3Aaxkq8HZ2mtD+QW3amhaGCBRLjOkHI= +github.com/trustbloc/auth v0.1.9-0.20220603134109-0b87579ddcf1/go.mod h1:FcKbsDtehwj5bQHhmufjy/8oAvzVNBLAicgFMwLe2AM= github.com/trustbloc/auth/spi/gnap v0.0.0-20220518152301-fe6ea3ada1af/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= -github.com/trustbloc/auth/spi/gnap v0.0.0-20220519150427-c3450267252e h1:/BfKq8jk/CWmyaGeXBELNLPLhr/agq/npYUIIQf3IIs= -github.com/trustbloc/auth/spi/gnap v0.0.0-20220519150427-c3450267252e/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13 h1:XzE9MktZsZyDvWUUY+vMctgmpvIwacPNdCBlfLWuPaA= +github.com/trustbloc/auth/spi/gnap v0.0.0-20220524155711-5c72fe155c13/go.mod h1:BPAXixzwWfMHm55daYibYOD4Aq6UO0wCIKZMZYAvsTk= github.com/trustbloc/edge-core v0.1.7/go.mod h1:nQnH3CcEHTRXsWZe/vgj+J0JxxjwFK9IvY3u0Sr/2XY= github.com/trustbloc/edge-core v0.1.8 h1:m4X5XNDwiHJjGf8gHnpo6aLkBYuqDyNRq+npjxLc5cY= github.com/trustbloc/edge-core v0.1.8/go.mod h1:gfoyG/xquRXyHkww0ldM2jwOTuKKZpHYn+87f+TBQ8M= @@ -1762,8 +1762,8 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0= -golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -2024,11 +2024,10 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220519141025-dcacdad47464 h1:MpIuURY70f0iKp/oooEFtB2oENcHITo/z1b6u41pKCw= -golang.org/x/sys v0.0.0-20220519141025-dcacdad47464/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff --git a/test/bdd/pkg/gnap/gnap_steps.go b/test/bdd/pkg/gnap/gnap_steps.go index 47ffbf53..24e8f5f9 100644 --- a/test/bdd/pkg/gnap/gnap_steps.go +++ b/test/bdd/pkg/gnap/gnap_steps.go @@ -12,6 +12,7 @@ import ( "crypto/ecdsa" "crypto/tls" "crypto/x509" + "encoding/base64" "encoding/pem" "fmt" "net/http" @@ -61,6 +62,8 @@ type Steps struct { vdr vdrapi.Registry users map[string]*DIDOwner gnapToken string + keyStoreID string + keyID string responseStatus string responseStatusCode int responseBody []byte @@ -313,6 +316,11 @@ func (s *Steps) httpDo(ctx context.Context, method, url string, bodyTemplate *go opts = append(opts, httputil.WithBody(buf.Bytes())) } + url = strings.NewReplacer( + "{keystoreID}", s.keyStoreID, + "{keyID}", s.keyID, + ).Replace(url) + r, err := httputil.DoRequest(ctx, url, opts...) if err != nil { return fmt.Errorf("do request: %w", err) @@ -340,9 +348,22 @@ func (s *Steps) checkNonEmptyResponseValue(path string) error { return fmt.Errorf("got empty value") } + switch path { + case "key_store_url": + s.keyStoreID = getLastSegment(val.Str) + case "key_url": + s.keyID = getLastSegment(val.Str) + } + return nil } +func getLastSegment(url string) string { + s := strings.Split(url, "/") + + return s[len(s)-1] +} + type requestSigner struct { Headers []string KeyID string @@ -389,3 +410,8 @@ func (r *secretRetriever) Get(_ string) (httpsignatures.Secret, error) { func (s *Steps) GetDID(userName string) string { return s.users[userName].DID } + +// ToBase64 is a helper function used in template to encode string value into base64. +func (s *Steps) ToBase64(str string) string { + return base64.StdEncoding.EncodeToString([]byte(str)) +}