diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 534edea15f1..8943485f50d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -164,15 +164,3 @@ jobs: packages: write id-token: write security-events: write - - dependency-review: - name: Dependency review - runs-on: ubuntu-latest - if: github.event_name == 'pull_request' - - steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Dependency Review - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/connector/cert/cert.go b/connector/cert/cert.go index c0b2ba0117a..3bfa8da35f2 100644 --- a/connector/cert/cert.go +++ b/connector/cert/cert.go @@ -14,9 +14,9 @@ import ( type Config struct { // ClientCAPath is the path of the CA certificate used to validate client certificates - ClientCAPath string `json:"clientCAPath"` + ClientCAPath string `json:"clientCAPath"` // CertHeader is the name of the HTTP header containing the client certificate (if using a proxy) - CertHeader string `json:"certHeader"` + CertHeader string `json:"certHeader"` UserIDKey string `json:"userIDKey"` UserNameKey string `json:"userNameKey"` @@ -35,10 +35,6 @@ type CertConnector struct { logger *slog.Logger } -var ( - _ connector.CertificateConnector = (*CertConnector)(nil) -) - // loadCACert loads the CA certificate from the file func loadCACert(caCertFile string) (*x509.CertPool, error) { clientCA := x509.NewCertPool() @@ -66,7 +62,7 @@ func (c *Config) Open(id string, logger *slog.Logger) (connector.Connector, erro return nil, fmt.Errorf("failed to load CA certificate: %v", err) } - return &CertConnector { + return &CertConnector{ clientCA: clientCA, certHeader: c.CertHeader, userIDKey: c.UserIDKey, @@ -132,7 +128,7 @@ func (c *CertConnector) ValidateCertificate(cert *x509.Certificate) (identity co if c.userIDKey != "" { userID = getValueFromCertificate(cert, c.userIDKey) } else { - defaultUserIDKey := "0.9.2342.19200300.100.1.1" // OID for UID + defaultUserIDKey := "0.9.2342.19200300.100.1.1" // OID for UID userID = getValueFromCertificate(cert, defaultUserIDKey) } // safe guard @@ -167,7 +163,7 @@ func (c *CertConnector) ValidateCertificate(cert *x509.Certificate) (identity co if c.groupKey != "" { groups = append(groups, getValueFromCertificate(cert, c.groupKey)) } else { - defaultGroupKey := "2.5.4.10" // OID for Organization + defaultGroupKey := "2.5.4.10" // OID for Organization groups = append(groups, getValueFromCertificate(cert, defaultGroupKey)) } diff --git a/connector/cert/cert_test.go b/connector/cert/cert_test.go index fcc24f6852c..5dbf1256910 100644 --- a/connector/cert/cert_test.go +++ b/connector/cert/cert_test.go @@ -68,9 +68,9 @@ func TestExtractValidateCertificate(t *testing.T) { caPool.AddCert(caCert) certConnector := &CertConnector{ - clientCA: caPool, + clientCA: caPool, certHeader: "X-Client-Cert", - logger: slog.New(slog.NewTextHandler(os.Stdout, nil)), + logger: slog.New(slog.NewTextHandler(os.Stdout, nil)), } // Test with valid certificate in TLS @@ -118,16 +118,16 @@ func generateCACertificate() (*x509.Certificate, *rsa.PrivateKey, error) { caTemplate := x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{ - Country: []string{"FR"}, + Country: []string{"FR"}, Organization: []string{"Orange CA"}, - CommonName: "Test CA", + CommonName: "Test CA", }, - NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour * 24), - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + NotBefore: time.Now(), + NotAfter: time.Now().Add(time.Hour * 24), + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, - IsCA: true, + IsCA: true, } caBytes, err := x509.CreateCertificate(rand.Reader, &caTemplate, &caTemplate, &caPrivKey.PublicKey, caPrivKey) @@ -152,9 +152,9 @@ func generateClientCertificate(caCert *x509.Certificate, caPrivKey *rsa.PrivateK clientTemplate := x509.Certificate{ SerialNumber: big.NewInt(2), Subject: pkix.Name{ - Country: []string{"FR"}, + Country: []string{"FR"}, Organization: []string{"Orange"}, - CommonName: "Test Client", + CommonName: "Test Client", ExtraNames: []pkix.AttributeTypeAndValue{ { Type: []int{0, 9, 2342, 19200300, 100, 1, 1}, // OID for UID @@ -162,9 +162,9 @@ func generateClientCertificate(caCert *x509.Certificate, caPrivKey *rsa.PrivateK }, }, }, - NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour * 24), - KeyUsage: x509.KeyUsageDigitalSignature, + NotBefore: time.Now(), + NotAfter: time.Now().Add(time.Hour * 24), + KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }