Switch to modules

author: Niall Sheridan <nsheridan@gmail.com> 2019-07-07 21:33:44 +0100
committer: Niall Sheridan <nsheridan@gmail.com> 2019-07-07 21:33:44 +0100
commit: 8c12c6939aab9106db14ec2d11d983bc5b29fb2c (patch)
tree: f9dc8a7d167c6355e47a65c52d4eb7b9ea03e6c8 /vendor/github.com/stripe
parent: 0bd454cc448b812da6c693b451d86ff4cadbb6b2 (diff)
5 files changed, 0 insertions, 799 deletions
diff --git a/vendor/github.com/stripe/krl/LICENSE b/vendor/github.com/stripe/krl/LICENSE
deleted file mode 100644
index f3241a2..0000000
--- a/vendor/github.com/stripe/krl/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (c) 2015, 2016 Stripe, Inc.
-
-MIT License
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/stripe/krl/README.md b/vendor/github.com/stripe/krl/README.md
deleted file mode 100644
index 6402e63..0000000
--- a/vendor/github.com/stripe/krl/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-krl
-===
-
-[![GoDoc](https://godoc.org/github.com/stripe/krl?status.svg)](https://godoc.org/github.com/stripe/krl)
-
-Package krl provides functionality for reading and writing SSH Key Revocation
-Lists (KRLs).
diff --git a/vendor/github.com/stripe/krl/format.go b/vendor/github.com/stripe/krl/format.go
deleted file mode 100644
index 4a4b822..0000000
--- a/vendor/github.com/stripe/krl/format.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package krl
-
-import "math/big"
-
-// We (unfortunately) make extensive use of x/crypto/ssh.Unmarshal's "rest"
-// parameter here. The KRL specification makes extensive use of sections placed
-// back-to-back, and there's no other way to get x/crypto/ssh.Unmarshal to emit
-// the portion of the input that has not yet been parsed.
-
-const krlMagic = 0x5353484b524c0a00
-
-/*
-#define KRL_MAGIC		0x5353484b524c0a00ULL  /* "SSHKRL\n\0" * /
-#define KRL_FORMAT_VERSION	1
-
-	uint64	KRL_MAGIC
-	uint32	KRL_FORMAT_VERSION
-	uint64	krl_version
-	uint64	generated_date
-	uint64	flags
-	string	reserved
-	string	comment
-*/
-type krlHeader struct {
-	KRLMagic         uint64
-	KRLFormatVersion uint32
-	KRLVersion       uint64
-	GeneratedDate    uint64
-	Flags            uint64
-	Reserved         []byte
-	Comment          string
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	byte	section_type
-	string	section_data
-
-#define KRL_SECTION_CERTIFICATES		1
-#define KRL_SECTION_EXPLICIT_KEY		2
-#define KRL_SECTION_FINGERPRINT_SHA1		3
-#define KRL_SECTION_SIGNATURE			4
-*/
-type krlSection struct {
-	SectionType byte
-	SectionData []byte
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	string ca_key
-	string reserved
-*/
-type krlCertificateSectionHeader struct {
-	CAKey    []byte
-	Reserved []byte
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	byte	cert_section_type
-	string	cert_section_data
-
-#define KRL_SECTION_CERT_SERIAL_LIST	0x20
-#define KRL_SECTION_CERT_SERIAL_RANGE	0x21
-#define KRL_SECTION_CERT_SERIAL_BITMAP	0x22
-#define KRL_SECTION_CERT_KEY_ID		0x23
-*/
-type krlCertificateSection struct {
-	CertSectionType byte
-	CertSectionData []byte
-
-	Rest []byte `ssh:"rest"`
-}
-
-const (
-	krlSectionCertSerialList   = 0x20
-	krlSectionCertSerialRange  = 0x21
-	krlSectionCertSerialBitmap = 0x22
-	krlSectionCertKeyId        = 0x23
-)
-
-/*
-	uint64	revoked_cert_serial
-	uint64	...
-*/
-type krlSerialList struct {
-	RevokedCertSerial uint64
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	uint64	serial_min
-	uint64	serial_max
-*/
-type krlSerialRange struct {
-	SerialMin uint64
-	SerialMax uint64
-}
-
-/*
-	uint64	serial_offset
-	mpint	revoked_keys_bitmap
-*/
-type krlSerialBitmap struct {
-	SerialOffset      uint64
-	RevokedKeysBitmap *big.Int
-}
-
-/*
-	string	key_id[0]
-	...
-*/
-type krlKeyID struct {
-	KeyID string
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	string	public_key_blob[0]
-	....
-*/
-type krlExplicitKey struct {
-	PublicKeyBlob []byte
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	string	public_key_hash[0]
-	....
-*/
-type krlFingerprintSHA1 struct {
-	PublicKeyHash []byte
-
-	Rest []byte `ssh:"rest"`
-}
-
-/*
-	byte	KRL_SECTION_SIGNATURE
-	string	signature_key
-	string	signature
-
-We split this struct into two parts: krlSignatureHeader is included in the
-signature, and so the inverse of its "Rest" key is the data coverd by the
-signature.
-*/
-type krlSignatureHeader struct {
-	SignatureKey []byte `sshtype:"4"`
-
-	Rest []byte `ssh:"rest"`
-}
-
-type krlSignature struct {
-	Signature []byte
-
-	Rest []byte `ssh:"rest"`
-}
diff --git a/vendor/github.com/stripe/krl/krl.go b/vendor/github.com/stripe/krl/krl.go
deleted file mode 100644
index e3457f8..0000000
--- a/vendor/github.com/stripe/krl/krl.go
+++ /dev/null
@@ -1,372 +0,0 @@
-// Package krl provides functionality for reading and writing SSH Key Revocation
-// Lists (KRLs).
-//
-// References:
-// 	https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.krl
-package krl
-
-import (
-	"bytes"
-	"crypto/sha1"
-	"io"
-	"math/big"
-	"sort"
-	"time"
-
-	"golang.org/x/crypto/ssh"
-)
-
-// KRL, or Key Revocation List, is a list of revoked keys, certificates, and
-// identities, possibly signed by some authority. The zero value of KRL is
-// appropriate for use, and represents an empty list.
-type KRL struct {
-	// Version is a number that increases every time the KRL is modified.
-	// When marshaling a KRL, if Version is zero GeneratedDate will be used
-	// instead.
-	Version uint64
-	// GeneratedDate is the Unix timestamp the KRL was generated at. When
-	// marshaling a KRL, if GeneratedDate is zero the current Unix timestamp
-	// will be used instead.
-	GeneratedDate uint64
-	// Comment is an optional comment for the KRL.
-	Comment string
-	// Sections is a list of public key and certificate selectors that this
-	// KRL applies to.
-	Sections []KRLSection
-	// SigningKeys is set by ParseKRL and Marshal to the list of Signers
-	// that signed (or which claimed to sign) the KRL in the order they
-	// appeared (i.e., innermost-first).
-	SigningKeys []ssh.PublicKey
-}
-
-/*
-KRLSection describes a section of a KRL, which selects certain certificates and
-keys for revocation. The concrete types KRLCertificateSection,
-KRLExplicitKeySection, and KRLFingerprintSection satisfy this interface, and
-correspond to the three types of KRL sections currently defined.
-*/
-type KRLSection interface {
-	isRevoked(key ssh.PublicKey) bool
-	marshal() []byte
-}
-
-/*
-KRLCertificateSection revokes SSH certificates by certificate authority and
-either serial numbers or key ids.
-*/
-type KRLCertificateSection struct {
-	// CA is the certificate authority whose keys are being revoked by this
-	// section. If CA is nil, this section applies to keys signed by any
-	// certificate authority.
-	CA ssh.PublicKey
-	// Sections is a list of certificate selectors.
-	Sections []KRLCertificateSubsection
-}
-
-func (k *KRLCertificateSection) isRevoked(key ssh.PublicKey) bool {
-	cert, ok := key.(*ssh.Certificate)
-	if !ok {
-		return false
-	}
-
-	if k.CA != nil {
-		sk := cert.SignatureKey.Marshal()
-		ca := k.CA.Marshal()
-		if !bytes.Equal(sk, ca) {
-			return false
-		}
-	}
-
-	for _, section := range k.Sections {
-		if section.isRevoked(cert) {
-			return true
-		}
-	}
-	return false
-}
-
-func (k *KRLCertificateSection) marshal() []byte {
-	var buf bytes.Buffer
-	var ca []byte
-	if k.CA != nil {
-		ca = k.CA.Marshal()
-	}
-	buf.Write(ssh.Marshal(krlCertificateSectionHeader{CAKey: ca}))
-	headerLen := buf.Len()
-	for _, section := range k.Sections {
-		buf.Write(section.marshal())
-	}
-	// All subsections were empty; we should be empty too.
-	if buf.Len() == headerLen {
-		return nil
-	}
-	return ssh.Marshal(krlSection{
-		SectionType: 1,
-		SectionData: buf.Bytes(),
-	})
-}
-
-/*
-KRLCertificateSubsection describes a subsection of a KRL certificate selection,
-and selects certain certificates for revocation. The concrete types
-KRLCertificateSerialList, KRLCertificateSerialRange, KRLCertificateSerialBitmap,
-and KRLCertificateSerialBitmap satisfy this interface, and correspond to the
-four subsections currently defined.
-*/
-type KRLCertificateSubsection interface {
-	isRevoked(cert *ssh.Certificate) bool
-	marshal() []byte
-}
-
-// KRLCertificateSerialList revokes certificates by listing their serial
-// numbers.
-type KRLCertificateSerialList []uint64
-
-func (k *KRLCertificateSerialList) isRevoked(cert *ssh.Certificate) bool {
-	for _, serial := range *k {
-		if serial == cert.Serial {
-			return true
-		}
-	}
-	return false
-}
-
-func (k *KRLCertificateSerialList) marshal() []byte {
-	if len(*k) == 0 {
-		return nil
-	}
-
-	var buf bytes.Buffer
-	for _, serial := range *k {
-		buf.Write(ssh.Marshal(krlSerialList{
-			RevokedCertSerial: serial,
-		}))
-	}
-	return ssh.Marshal(krlCertificateSection{
-		CertSectionType: krlSectionCertSerialList,
-		CertSectionData: buf.Bytes(),
-	})
-}
-
-// KRLCertificateSerialRange revokes all certificates with serial numbers in the
-// range between Min and Max, inclusive.
-type KRLCertificateSerialRange struct {
-	Min, Max uint64
-}
-
-func (k *KRLCertificateSerialRange) isRevoked(cert *ssh.Certificate) bool {
-	return k.Min <= cert.Serial && cert.Serial <= k.Max
-}
-
-func (k *KRLCertificateSerialRange) marshal() []byte {
-	return ssh.Marshal(krlCertificateSection{
-		CertSectionType: krlSectionCertSerialRange,
-		CertSectionData: ssh.Marshal(krlSerialRange{
-			SerialMin: k.Min,
-			SerialMax: k.Max,
-		}),
-	})
-}
-
-// KRLCertificateSerialBitmap revokes certificates densely using a bitmap. If
-// bit N of the bitmap is set, the certificate with serial Offset + N is
-// revoked.
-type KRLCertificateSerialBitmap struct {
-	Offset uint64
-	Bitmap *big.Int
-}
-
-func (k *KRLCertificateSerialBitmap) isRevoked(cert *ssh.Certificate) bool {
-	if cert.Serial < k.Offset {
-		return false
-	}
-	if cert.Serial-k.Offset > krlMaxBitmapSize {
-		return false
-	}
-	return k.Bitmap.Bit(int(cert.Serial-k.Offset)) == 1
-}
-
-func (k *KRLCertificateSerialBitmap) marshal() []byte {
-	return ssh.Marshal(krlCertificateSection{
-		CertSectionType: krlSectionCertSerialBitmap,
-		CertSectionData: ssh.Marshal(krlSerialBitmap{
-			SerialOffset:      k.Offset,
-			RevokedKeysBitmap: k.Bitmap,
-		}),
-	})
-}
-
-// KRLCertificateKeyID revokes certificates by listing key ids. This may be
-// useful in revoking all certificates associated with a particular identity,
-// for instance hosts or users.
-type KRLCertificateKeyID []string
-
-func (k *KRLCertificateKeyID) isRevoked(cert *ssh.Certificate) bool {
-	for _, id := range *k {
-		if id == cert.KeyId {
-			return true
-		}
-	}
-	return false
-}
-
-func (k *KRLCertificateKeyID) marshal() []byte {
-	if len(*k) == 0 {
-		return nil
-	}
-
-	var buf bytes.Buffer
-	for _, id := range *k {
-		buf.Write(ssh.Marshal(krlKeyID{
-			KeyID: id,
-		}))
-	}
-	return ssh.Marshal(krlCertificateSection{
-		CertSectionType: krlSectionCertKeyId,
-		CertSectionData: buf.Bytes(),
-	})
-}
-
-// ssh.PublicKey objects might be certificates, which have a different wire
-// format.
-func marshalPubkey(key ssh.PublicKey) []byte {
-	switch v := key.(type) {
-	case *ssh.Certificate:
-		return marshalPubkey(v.Key)
-	default:
-		return key.Marshal()
-	}
-}
-
-// KRLExplicitKeySection revokes keys by explicitly listing them.
-type KRLExplicitKeySection []ssh.PublicKey
-
-func (k *KRLExplicitKeySection) isRevoked(key ssh.PublicKey) bool {
-	kbuf := marshalPubkey(key)
-	for _, key := range *k {
-		if bytes.Equal(kbuf, marshalPubkey(key)) {
-			return true
-		}
-	}
-	return false
-}
-
-func (k *KRLExplicitKeySection) marshal() []byte {
-	if len(*k) == 0 {
-		return nil
-	}
-
-	var buf bytes.Buffer
-	for _, key := range *k {
-		buf.Write(ssh.Marshal(krlExplicitKey{
-			PublicKeyBlob: marshalPubkey(key),
-		}))
-	}
-	return ssh.Marshal(krlSection{
-		SectionType: 2,
-		SectionData: buf.Bytes(),
-	})
-}
-
-// KRLFingerprintSection revokes keys by their SHA1 fingerprints. It is
-// semantically equivalent to--but is more space efficient than--
-// KRLExplicitKeySection.
-type KRLFingerprintSection [][sha1.Size]byte
-
-func (k *KRLFingerprintSection) isRevoked(key ssh.PublicKey) bool {
-	sha := sha1.Sum(marshalPubkey(key))
-	for _, hash := range *k {
-		if hash == sha {
-			return true
-		}
-	}
-	return false
-}
-
-type bigEndian [][sha1.Size]byte
-
-func (b bigEndian) Len() int {
-	return len(b)
-}
-func (b bigEndian) Less(i, j int) bool {
-	return bytes.Compare(b[i][:], b[j][:]) == -1
-}
-func (b bigEndian) Swap(i, j int) {
-	b[i], b[j] = b[j], b[i]
-}
-
-func (k *KRLFingerprintSection) marshal() []byte {
-	if len(*k) == 0 {
-		return nil
-	}
-
-	// For some reason SSH insists that keys revoked by fingerprint must be
-	// sorted as if they were big-endian integers (i.e., lexicographically).
-	be := make(bigEndian, len(*k))
-	for i, hash := range *k {
-		be[i] = hash
-	}
-	sort.Sort(be)
-
-	var buf bytes.Buffer
-	for _, hash := range be {
-		buf.Write(ssh.Marshal(krlFingerprintSHA1{
-			PublicKeyHash: hash[:],
-		}))
-	}
-	return ssh.Marshal(krlSection{
-		SectionType: 3,
-		SectionData: buf.Bytes(),
-	})
-}
-
-// Marshal serializes the KRL and optionally signs it with one or more authority
-// keys.
-func (k *KRL) Marshal(rand io.Reader, keys ...ssh.Signer) ([]byte, error) {
-	if k.GeneratedDate == 0 {
-		k.GeneratedDate = uint64(time.Now().Unix())
-	}
-	if k.Version == 0 {
-		k.Version = k.GeneratedDate
-	}
-	k.SigningKeys = nil
-
-	var buf bytes.Buffer
-	buf.Write(ssh.Marshal(krlHeader{
-		KRLMagic:         krlMagic,
-		KRLFormatVersion: 1,
-		KRLVersion:       k.Version,
-		GeneratedDate:    k.GeneratedDate,
-		Comment:          k.Comment,
-	}))
-
-	for _, section := range k.Sections {
-		buf.Write(section.marshal())
-	}
-
-	for _, key := range keys {
-		buf.Write(ssh.Marshal(krlSignatureHeader{
-			SignatureKey: key.PublicKey().Marshal(),
-		}))
-		sig, err := key.Sign(rand, buf.Bytes())
-		if err != nil {
-			return nil, err
-		}
-		buf.Write(ssh.Marshal(krlSignature{
-			Signature: ssh.Marshal(sig),
-		}))
-		k.SigningKeys = append(k.SigningKeys, key.PublicKey())
-	}
-
-	return buf.Bytes(), nil
-}
-
-// IsRevoked returns true if the given key has been revoked by this KRL.
-func (k *KRL) IsRevoked(key ssh.PublicKey) bool {
-	for _, section := range k.Sections {
-		if section.isRevoked(key) {
-			return true
-		}
-	}
-	return false
-}
diff --git a/vendor/github.com/stripe/krl/parse.go b/vendor/github.com/stripe/krl/parse.go
deleted file mode 100644
index 75f2551..0000000
--- a/vendor/github.com/stripe/krl/parse.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package krl
-
-import (
-	"crypto/sha1"
-	"fmt"
-
-	"golang.org/x/crypto/ssh"
-)
-
-// Hundreds of millions, or 32MB of bitmap
-const krlMaxBitmapSize = 0x10000000
-
-// KRLSigningErrors is a slice of error messages which correspond one-to-one
-// with KRL.SigningKeys.
-type KRLSigningErrors []error
-
-func (k KRLSigningErrors) Error() string {
-	return fmt.Sprintf("krl: bad signatures: %v", []error(k))
-}
-
-func (k KRLSigningErrors) err() error {
-	for _, err := range k {
-		if err != nil {
-			return k
-		}
-	}
-	return nil
-}
-
-// ParseKRL parses a KRL. If the KRL was signed by one or more authorities,
-// those signatures will be checked, and any verification errors will be
-// returned.
-func ParseKRL(in []byte) (*KRL, error) {
-	orig := in
-
-	var header krlHeader
-	if err := ssh.Unmarshal(in, &header); err != nil {
-		return nil, fmt.Errorf("krl: while parsing header: %v", err)
-	}
-	if header.KRLMagic != krlMagic {
-		return nil, fmt.Errorf("krl: bad magic value %x", header.KRLMagic)
-	}
-	if header.KRLFormatVersion != 1 {
-		return nil, fmt.Errorf("krl: bad format version %v", header.KRLFormatVersion)
-	}
-	krl := &KRL{
-		Version:       header.KRLVersion,
-		GeneratedDate: header.GeneratedDate,
-		Comment:       header.Comment,
-	}
-	in = header.Rest
-
-	for len(in) > 0 && in[0] != 4 { // // KRL_SECTION_SIGNATURE
-		var sdata krlSection
-		if err := ssh.Unmarshal(in, &sdata); err != nil {
-			return nil, fmt.Errorf("krl: malformed section: %v", err)
-		}
-		in = sdata.Rest
-
-		var err error
-		var section KRLSection
-		switch sdata.SectionType {
-		case 1: // KRL_SECTION_CERTIFICATES
-			section, err = parseCertificateSection(sdata.SectionData)
-		case 2: // KRL_SECTION_EXPLICIT_KEY
-			section, err = parseExplicitKeySection(sdata.SectionData)
-		case 3: // KRL_SECTION_FINGERPRINT_SHA1
-			section, err = parseFingerprintSection(sdata.SectionData)
-		default:
-			return nil, fmt.Errorf("krl: unexpected section type %d", sdata.SectionType)
-		}
-		if err != nil {
-			return nil, err
-		}
-		krl.Sections = append(krl.Sections, section)
-	}
-
-	var signingErrors KRLSigningErrors
-	for len(in) > 0 {
-		var sigHeader krlSignatureHeader
-		if err := ssh.Unmarshal(in, &sigHeader); err != nil {
-			return nil, fmt.Errorf("krl: malfored signature header: %v", err)
-		}
-		in = sigHeader.Rest
-
-		key, err := ssh.ParsePublicKey(sigHeader.SignatureKey)
-		if err != nil {
-			return nil, fmt.Errorf("krl: malformed signing key: %v", err)
-		}
-
-		var sig krlSignature
-		if err := ssh.Unmarshal(in, &sig); err != nil {
-			return nil, fmt.Errorf("krl: malfored signature wrapper: %v", err)
-		}
-		in = sig.Rest
-
-		sshsig := new(ssh.Signature)
-		if err := ssh.Unmarshal(sig.Signature, sshsig); err != nil {
-			return nil, fmt.Errorf("krl: malformed signature: %v", err)
-		}
-
-		// The entire KRL up until immediately after the signature
-		// header is signed.
-		data := orig[:len(orig)-len(sigHeader.Rest)]
-
-		krl.SigningKeys = append(krl.SigningKeys, key)
-		signingErrors = append(signingErrors, key.Verify(data, sshsig))
-	}
-
-	return krl, signingErrors.err()
-}
-
-func parseCertificateSection(in []byte) (*KRLCertificateSection, error) {
-	var header krlCertificateSectionHeader
-	if err := ssh.Unmarshal(in, &header); err != nil {
-		return nil, fmt.Errorf("krl: while parsing certificate section header: %v", err)
-	}
-	ca, err := ssh.ParsePublicKey(header.CAKey)
-	if err != nil {
-		return nil, fmt.Errorf("krl: while parsing CA key: %v", err)
-	}
-	k := &KRLCertificateSection{CA: ca}
-	in = header.Rest
-	for len(in) > 0 {
-		var section krlCertificateSection
-		if err := ssh.Unmarshal(in, &section); err != nil {
-			return nil, fmt.Errorf("krl: malformed certificate section: %v", err)
-		}
-		in = section.Rest
-		var err error
-		var subsection KRLCertificateSubsection
-		switch section.CertSectionType {
-		case krlSectionCertSerialList:
-			subsection, err = parseCertSerialList(section.CertSectionData)
-		case krlSectionCertSerialRange:
-			subsection, err = parseCertSerialRange(section.CertSectionData)
-		case krlSectionCertSerialBitmap:
-			subsection, err = parseCertSerialBitmap(section.CertSectionData)
-		case krlSectionCertKeyId:
-			subsection, err = parseCertKeyID(section.CertSectionData)
-		default:
-			return nil, fmt.Errorf("krl: unexpected cert section type %x", in[0])
-		}
-		if err != nil {
-			return nil, err
-		}
-		k.Sections = append(k.Sections, subsection)
-	}
-
-	return k, nil
-}
-
-func parseCertSerialList(in []byte) (*KRLCertificateSerialList, error) {
-	s := &KRLCertificateSerialList{}
-	for len(in) > 0 {
-		var list krlSerialList
-		if err := ssh.Unmarshal(in, &list); err != nil {
-			return nil, fmt.Errorf("krl: while parsing serial in list: %v", err)
-		}
-		in = list.Rest
-		*s = append(*s, list.RevokedCertSerial)
-	}
-	return s, nil
-}
-
-func parseCertSerialRange(in []byte) (*KRLCertificateSerialRange, error) {
-	var s krlSerialRange
-	if err := ssh.Unmarshal(in, &s); err != nil {
-		return nil, fmt.Errorf("krl: while parsing serial range: %v", err)
-	}
-	return &KRLCertificateSerialRange{
-		Min: s.SerialMin,
-		Max: s.SerialMax,
-	}, nil
-}
-
-func parseCertSerialBitmap(in []byte) (*KRLCertificateSerialBitmap, error) {
-	var s krlSerialBitmap
-	if err := ssh.Unmarshal(in, &s); err != nil {
-		return nil, fmt.Errorf("krl: while parsing serial bitmap: %v", err)
-	}
-	if bl := s.RevokedKeysBitmap.BitLen(); bl > krlMaxBitmapSize {
-		return nil, fmt.Errorf("krl: serial bitmap too wide: %v", bl)
-	}
-	return &KRLCertificateSerialBitmap{
-		Offset: s.SerialOffset,
-		Bitmap: s.RevokedKeysBitmap,
-	}, nil
-}
-
-func parseCertKeyID(in []byte) (*KRLCertificateKeyID, error) {
-	s := &KRLCertificateKeyID{}
-	for len(in) > 0 {
-		var list krlKeyID
-		if err := ssh.Unmarshal(in, &list); err != nil {
-			return nil, fmt.Errorf("krl: while parsing key id in list: %v", err)
-		}
-		in = list.Rest
-		*s = append(*s, list.KeyID)
-	}
-	return s, nil
-}
-
-func parseExplicitKeySection(in []byte) (*KRLExplicitKeySection, error) {
-	s := &KRLExplicitKeySection{}
-	for len(in) > 0 {
-		var list krlExplicitKey
-		if err := ssh.Unmarshal(in, &list); err != nil {
-			return nil, fmt.Errorf("krl: while parsing explicit key in list: %v", err)
-		}
-		in = list.Rest
-		key, err := ssh.ParsePublicKey(list.PublicKeyBlob)
-		if err != nil {
-			return nil, fmt.Errorf("krl: while parsing explicit key: %v", err)
-		}
-		*s = append(*s, key)
-	}
-	return s, nil
-}
-
-func parseFingerprintSection(in []byte) (*KRLFingerprintSection, error) {
-	s := &KRLFingerprintSection{}
-	for len(in) > 0 {
-		var list krlFingerprintSHA1
-		if err := ssh.Unmarshal(in, &list); err != nil {
-			return nil, fmt.Errorf("krl: while parsing fingerprint in list: %v", err)
-		}
-		in = list.Rest
-		if len(list.PublicKeyHash) != sha1.Size {
-			return nil, fmt.Errorf("krl: key fingerprint wrong length for SHA1: %x", list.PublicKeyHash)
-		}
-		var sha [sha1.Size]byte
-		copy(sha[:], list.PublicKeyHash)
-		*s = append(*s, sha)
-	}
-	return s, nil
-}
author	Niall Sheridan <nsheridan@gmail.com>	2019-07-07 21:33:44 +0100
committer	Niall Sheridan <nsheridan@gmail.com>	2019-07-07 21:33:44 +0100
commit	8c12c6939aab9106db14ec2d11d983bc5b29fb2c (patch)
tree	f9dc8a7d167c6355e47a65c52d4eb7b9ea03e6c8 /vendor/github.com/stripe
parent	0bd454cc448b812da6c693b451d86ff4cadbb6b2 (diff)