upgrade to latest dependencies (#751)

bumping knative.dev/pkg dfb4bf0...a170a07:%0A > a170a07 Eventing TLS: validate that Destination.CACerts is a PEM encoded cert (# 2743) Signed-off-by: Knative Automation <automation@knative.team>
2023-05-19 14:43:13 -04:00 · 2023-05-19 14:43:13 -04:00 · 3697970bb9
parent e66a491977
commit 3697970bb9
4 changed files with 27 additions and 4 deletions
--- a/go.mod
+++ b/go.mod
@ -12,7 +12,7 @@ require (
 	k8s.io/code-generator v0.25.4
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1
 	knative.dev/hack v0.0.0-20230501013555-7d81248b4638
-	knative.dev/pkg v0.0.0-20230518105712-dfb4bf04635d
+	knative.dev/pkg v0.0.0-20230518144313-a170a07b346d
 )

 require (
--- a/go.sum
+++ b/go.sum
@ -800,8 +800,8 @@ k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJ
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 knative.dev/hack v0.0.0-20230501013555-7d81248b4638 h1:9IuXHdwp5jNmIg+0LVTQr8o4u0FYD99uCfynM9tS0XY=
 knative.dev/hack v0.0.0-20230501013555-7d81248b4638/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/pkg v0.0.0-20230518105712-dfb4bf04635d h1:jGvqcYwyh7O1V2PZfd0poheaOOvy6x0z+KQxHXOgskc=
-knative.dev/pkg v0.0.0-20230518105712-dfb4bf04635d/go.mod h1:WLTHHHc/dhrDmhx03nm5F8AeqpNx3RQGggMI2N0/oks=
+knative.dev/pkg v0.0.0-20230518144313-a170a07b346d h1:/FRiyfiNBVIuBUFio56ReL0/GCiU50OxXLJ+7eByMVQ=
+knative.dev/pkg v0.0.0-20230518144313-a170a07b346d/go.mod h1:WLTHHHc/dhrDmhx03nm5F8AeqpNx3RQGggMI2N0/oks=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/vendor/knative.dev/pkg/apis/duck/v1/destination.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/destination.go
@ -18,6 +18,8 @@ package v1

 import (
 	"context"
+	"crypto/x509"
+	"encoding/pem"

 	"knative.dev/pkg/apis"
 )
@ -53,6 +55,7 @@ func (d *Destination) Validate(ctx context.Context) *apis.FieldError {
 func ValidateDestination(ctx context.Context, dest Destination) *apis.FieldError {
 	ref := dest.Ref
 	uri := dest.URI
+	caCerts := dest.CACerts
 	if ref == nil && uri == nil {
 		return apis.ErrGeneric("expected at least one, got none", "ref", "uri")
 	}
@ -67,6 +70,9 @@ func ValidateDestination(ctx context.Context, dest Destination) *apis.FieldError
 	if ref != nil && uri == nil {
 		return ref.Validate(ctx).ViaField("ref")
 	}
+	if caCerts != nil {
+		return validateCACerts(caCerts)
+	}
 	return nil
 }

@ -88,3 +94,20 @@ func (d *Destination) SetDefaults(ctx context.Context) {
 		d.Ref.Namespace = apis.ParentMeta(ctx).Namespace
 	}
 }
+
+func validateCACerts(CACert *string) *apis.FieldError {
+	// Check the object.
+	var errs *apis.FieldError
+
+	block, err := pem.Decode([]byte(*CACert))
+	if err != nil && block == nil {
+		errs = errs.Also(apis.ErrInvalidValue("CA Cert provided is invalid", "caCert"))
+		return errs
+	}
+	if block.Type != "CERTIFICATE" {
+		errs = errs.Also(apis.ErrInvalidValue("CA Cert provided is not a certificate", "caCert"))
+	} else if _, err := x509.ParseCertificate(block.Bytes); err != nil {
+		errs = errs.Also(apis.ErrInvalidValue("CA Cert provided is invalid", "caCert"))
+	}
+	return errs
+}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -684,7 +684,7 @@ k8s.io/utils/trace
 # knative.dev/hack v0.0.0-20230501013555-7d81248b4638
 ## explicit; go 1.18
 knative.dev/hack
-# knative.dev/pkg v0.0.0-20230518105712-dfb4bf04635d
+# knative.dev/pkg v0.0.0-20230518144313-a170a07b346d
 ## explicit; go 1.18
 knative.dev/pkg/apis
 knative.dev/pkg/apis/duck