From 14ca3dc8905baa9bf09ef5b06c8c5d2a0be895b1 Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Mon, 24 Jun 2024 17:14:36 +0200
Subject: [PATCH] replace gopkg.in/square/go-jose.v2 to
 github.com/go-jose/go-jose/v4 (#1686)

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 go.mod                         |  3 +-
 go.sum                         |  2 -
 pkg/server/grpc_server.go      |  9 ++--
 pkg/server/grpc_server_test.go | 76 +++++++++++++++++-----------------
 4 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/go.mod b/go.mod
index e3d3a3034..05cf24829 100644
--- a/go.mod
+++ b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/fsnotify/fsnotify v1.7.0
+	github.com/go-jose/go-jose/v4 v4.0.2
 	github.com/goadesign/goa v2.2.5+incompatible
 	github.com/golang/protobuf v1.5.4
 	github.com/google/certificate-transparency-go v1.2.1
@@ -39,7 +40,6 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3
 	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.34.2
-	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v3 v3.0.1
 	sigs.k8s.io/release-utils v0.8.2
 )
@@ -83,7 +83,6 @@ require (
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
diff --git a/go.sum b/go.sum
index e72e029f8..71dc3ca48 100644
--- a/go.sum
+++ b/go.sum
@@ -528,8 +528,6 @@ gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKK
 gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
diff --git a/pkg/server/grpc_server.go b/pkg/server/grpc_server.go
index 73e8b4072..9b0cb5991 100644
--- a/pkg/server/grpc_server.go
+++ b/pkg/server/grpc_server.go
@@ -22,9 +22,13 @@ import (
 	"errors"
 	"fmt"
 
+	ctclient "github.com/google/certificate-transparency-go/client"
 	health "google.golang.org/grpc/health/grpc_health_v1"
 
-	ctclient "github.com/google/certificate-transparency-go/client"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+
 	certauth "github.com/sigstore/fulcio/pkg/ca"
 	"github.com/sigstore/fulcio/pkg/challenges"
 	"github.com/sigstore/fulcio/pkg/config"
@@ -33,9 +37,6 @@ import (
 	"github.com/sigstore/fulcio/pkg/identity"
 	"github.com/sigstore/fulcio/pkg/log"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/status"
 )
 
 type GRPCCAServer interface {
diff --git a/pkg/server/grpc_server_test.go b/pkg/server/grpc_server_test.go
index 854a70c6f..06d6c9e2e 100644
--- a/pkg/server/grpc_server_test.go
+++ b/pkg/server/grpc_server_test.go
@@ -39,22 +39,24 @@ import (
 	"testing"
 	"time"
 
+	"github.com/go-jose/go-jose/v4"
+	"github.com/go-jose/go-jose/v4/jwt"
 	ctclient "github.com/google/certificate-transparency-go/client"
 	"github.com/google/certificate-transparency-go/jsonclient"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/status"
+	"google.golang.org/grpc/test/bufconn"
+
 	"github.com/sigstore/fulcio/pkg/ca"
 	"github.com/sigstore/fulcio/pkg/ca/ephemeralca"
 	"github.com/sigstore/fulcio/pkg/config"
 	"github.com/sigstore/fulcio/pkg/generated/protobuf"
 	"github.com/sigstore/fulcio/pkg/identity"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/resolver"
-	"google.golang.org/grpc/status"
-	"google.golang.org/grpc/test/bufconn"
-	"gopkg.in/square/go-jose.v2"
-	"gopkg.in/square/go-jose.v2/jwt"
 )
 
 const (
@@ -521,9 +523,9 @@ func TestAPIWithEmail(t *testing.T) {
 			Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 			Subject:  c.Subject,
 			Audience: jwt.Audience{"sigstore"},
-		}).Claims(customClaims{Email: c.Subject, EmailVerified: true}).CompactSerialize()
+		}).Claims(customClaims{Email: c.Subject, EmailVerified: true}).Serialize()
 		if err != nil {
-			t.Fatalf("CompactSerialize() = %v", err)
+			t.Fatalf("Serialize() = %v", err)
 		}
 
 		ctClient, eca := createCA(cfg, t)
@@ -610,9 +612,9 @@ func TestAPIWithUsername(t *testing.T) {
 			Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 			Subject:  c.Subject,
 			Audience: jwt.Audience{"sigstore"},
-		}).Claims(customClaims{Email: c.Subject, EmailVerified: true}).CompactSerialize()
+		}).Claims(customClaims{Email: c.Subject, EmailVerified: true}).Serialize()
 		if err != nil {
-			t.Fatalf("CompactSerialize() = %v", err)
+			t.Fatalf("Serialize() = %v", err)
 		}
 
 		ctClient, eca := createCA(cfg, t)
@@ -708,9 +710,9 @@ func TestAPIWithUriSubject(t *testing.T) {
 			Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 			Subject:  c.Subject,
 			Audience: jwt.Audience{"sigstore"},
-		}).CompactSerialize()
+		}).Serialize()
 		if err != nil {
-			t.Fatalf("CompactSerialize() = %v", err)
+			t.Fatalf("Serialize() = %v", err)
 		}
 
 		ctClient, eca := createCA(cfg, t)
@@ -801,9 +803,9 @@ func TestAPIWithKubernetes(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  k8sSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(&claims).CompactSerialize()
+	}).Claims(&claims).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -890,9 +892,9 @@ func TestAPIWithBuildkite(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  buildkiteSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(&claims).CompactSerialize()
+	}).Claims(&claims).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1008,9 +1010,9 @@ func TestAPIWithGitHub(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  githubSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(&claims).CompactSerialize()
+	}).Claims(&claims).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1176,9 +1178,9 @@ func TestAPIWithGitLab(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  gitLabSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(&claims).CompactSerialize()
+	}).Claims(&claims).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1319,9 +1321,9 @@ func TestAPIWithCodefresh(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  codefreshSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(&claims).CompactSerialize()
+	}).Claims(&claims).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1427,9 +1429,9 @@ func TestAPIWithIssuerClaimConfig(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true, OtherIssuer: otherIssuerVal}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true, OtherIssuer: otherIssuerVal}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1503,9 +1505,9 @@ func TestAPIWithCSRChallenge(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1585,9 +1587,9 @@ func TestAPIWithInsecurePublicKey(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1660,9 +1662,9 @@ func TestAPIWithoutPublicKey(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1736,9 +1738,9 @@ func TestAPIWithInvalidChallenge(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1804,9 +1806,9 @@ func TestAPIWithInvalidCSR(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)
@@ -1865,9 +1867,9 @@ func TestAPIWithInvalidCSRSignature(t *testing.T) {
 		Expiry:   jwt.NewNumericDate(time.Now().Add(30 * time.Minute)),
 		Subject:  emailSubject,
 		Audience: jwt.Audience{"sigstore"},
-	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).CompactSerialize()
+	}).Claims(customClaims{Email: emailSubject, EmailVerified: true}).Serialize()
 	if err != nil {
-		t.Fatalf("CompactSerialize() = %v", err)
+		t.Fatalf("Serialize() = %v", err)
 	}
 
 	ctClient, eca := createCA(cfg, t)