TUN-5675: Remove github.com/dgrijalva/jwt-go dependency by upgrading coredns version

2025-07-28 12:09:57 +00:00 · 2022-01-25 13:15:24 +00:00
parent a84cbcde7e
commit 8a5343d0a5
530 changed files with 33042 additions and 14229 deletions
--- a/vendor/google.golang.org/grpc/internal/credentials/credentials.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/credentials.go
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2021 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package credentials
+
+import (
+	"context"
+)
+
+// requestInfoKey is a struct to be used as the key to store RequestInfo in a
+// context.
+type requestInfoKey struct{}
+
+// NewRequestInfoContext creates a context with ri.
+func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context {
+	return context.WithValue(ctx, requestInfoKey{}, ri)
+}
+
+// RequestInfoFromContext extracts the RequestInfo from ctx.
+func RequestInfoFromContext(ctx context.Context) interface{} {
+	return ctx.Value(requestInfoKey{})
+}
+
+// clientHandshakeInfoKey is a struct used as the key to store
+// ClientHandshakeInfo in a context.
+type clientHandshakeInfoKey struct{}
+
+// ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx.
+func ClientHandshakeInfoFromContext(ctx context.Context) interface{} {
+	return ctx.Value(clientHandshakeInfoKey{})
+}
+
+// NewClientHandshakeInfoContext creates a context with chi.
+func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context {
+	return context.WithValue(ctx, clientHandshakeInfoKey{}, chi)
+}
--- a/vendor/google.golang.org/grpc/internal/credentials/spiffe.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/spiffe.go
@@ -23,6 +23,7 @@ package credentials

 import (
 	"crypto/tls"
+	"crypto/x509"
 	"net/url"

 	"google.golang.org/grpc/grpclog"
@@ -36,8 +37,17 @@ func SPIFFEIDFromState(state tls.ConnectionState) *url.URL {
 	if len(state.PeerCertificates) == 0 || len(state.PeerCertificates[0].URIs) == 0 {
 		return nil
 	}
+	return SPIFFEIDFromCert(state.PeerCertificates[0])
+}
+
+// SPIFFEIDFromCert parses the SPIFFE ID from x509.Certificate. If the SPIFFE
+// ID format is invalid, return nil with warning.
+func SPIFFEIDFromCert(cert *x509.Certificate) *url.URL {
+	if cert == nil || cert.URIs == nil {
+		return nil
+	}
 	var spiffeID *url.URL
-	for _, uri := range state.PeerCertificates[0].URIs {
+	for _, uri := range cert.URIs {
 		if uri == nil || uri.Scheme != "spiffe" || uri.Opaque != "" || (uri.User != nil && uri.User.Username() != "") {
 			continue
 		}
@@ -46,7 +56,7 @@ func SPIFFEIDFromState(state tls.ConnectionState) *url.URL {
 			logger.Warning("invalid SPIFFE ID: total ID length larger than 2048 bytes")
 			return nil
 		}
-		if len(uri.Host) == 0 || len(uri.RawPath) == 0 || len(uri.Path) == 0 {
+		if len(uri.Host) == 0 || len(uri.Path) == 0 {
 			logger.Warning("invalid SPIFFE ID: domain or workload ID is empty")
 			return nil
 		}
@@ -55,7 +65,7 @@ func SPIFFEIDFromState(state tls.ConnectionState) *url.URL {
 			return nil
 		}
 		// A valid SPIFFE certificate can only have exactly one URI SAN field.
-		if len(state.PeerCertificates[0].URIs) > 1 {
+		if len(cert.URIs) > 1 {
 			logger.Warning("invalid SPIFFE ID: multiple URI SANs")
 			return nil
 		}
--- a/vendor/google.golang.org/grpc/internal/credentials/spiffe_appengine.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/spiffe_appengine.go
@@ -1,31 +0,0 @@
-// +build appengine
-
-/*
- *
- * Copyright 2020 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package credentials
-
-import (
-	"crypto/tls"
-	"net/url"
-)
-
-// SPIFFEIDFromState is a no-op for appengine builds.
-func SPIFFEIDFromState(state tls.ConnectionState) *url.URL {
-	return nil
-}
--- a/vendor/google.golang.org/grpc/internal/credentials/util.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/util.go
@@ -18,7 +18,9 @@

 package credentials

-import "crypto/tls"
+import (
+	"crypto/tls"
+)

 const alpnProtoStrH2 = "h2"