kairoaraujo · necheffa · Dec 2, 2023 · Sep 28, 2022 · Nov 28, 2023 · Nov 28, 2023
diff --git a/.github/workflows/goca-rest-api-docker-dev.yml b/.github/workflows/goca-rest-api-docker-dev.yml
@@ -7,15 +7,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Set up Go 1.17
-      uses: actions/setup-go@v1
+    - name: Set up Go 1.21
+      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
       with:
-        go-version: 1.17
+        go-version: 1.21
       id: go
 
-    - name: Set up Docker
-      uses: docker-practice/actions-setup-docker@v1
-
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 

diff --git a/.github/workflows/goca-rest-api-docker-release.yml b/.github/workflows/goca-rest-api-docker-release.yml
@@ -3,45 +3,42 @@ name: GoCA REST API Docker test
 on:
   push:
     tags:
-      - '*'
+      - 'v*'
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Set up Go 1.17
-      uses: actions/setup-go@v1
+    - name: Set up Go 1.21
+      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
       with:
-        go-version: 1.17
+        go-version: 1.21
       id: go
 
-    - name: Set up Docker
-      uses: docker-practice/actions-setup-docker@v1
-
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
+      uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
 
     - name: Login to DockerHub
-      uses: docker/login-action@v1
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
     - name: Build and push
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
       with:
         push: true
         tags: kairoaraujo/goca:latest
 
     - name: Update repo description
-      uses: peter-evans/dockerhub-description@v2
+      uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}

diff --git a/.github/workflows/goca-tests.yml b/.github/workflows/goca-tests.yml
@@ -7,29 +7,19 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-    - name: Set up Go 1.17
-      uses: actions/setup-go@v1
+    - name: Set up Go 1.21
+      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
       with:
-        go-version: 1.17
+        go-version: 1.21
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
-    - name: Get dependencies
-      run: go mod download
+    - name: Tests
+      run: |
+        go install github.com/swaggo/swag/cmd/swag@latest
+        make test
 
-    - name: Lint
-      run: make lint
-
-    - name: Test
-      run: make test
-
-    # TODO: Implement a more consistent test for the docs issue #14
-    # - name: Check if API Docs are updated
-    #   run: |
-    #     export PATH=$PATH:$(go env GOPATH)/bin
-    #     cd rest-api
-    #     make doc
-    #     api_docs=$(git diff --name-only | grep ^docs || true )
-    #     if [[ $api_docs != "" ]]; then echo $api_docs; exit 1; fi
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,5 @@ bin/
 count.out
 coverage.out
 DoNotUseThisCAPATHTestOnly/
+docs-test/
+cover.out
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,38 @@
+## How to contribute to GoCA
+
+#### **Did you find a bug?**
+
+* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/kairoaraujo/goca/issues).
+
+* If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/kairoaraujo/goca/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
+
+
+#### **Did you write a patch that fixes a bug?**
+
+* Update the documentation and run tests
+
+  - Update the documentation
+
+    ```shell
+    make docs
+    ```
+
+  - Run the tests
+
+    ```shell
+    make test
+    ```
+
+* Open a new GitHub pull request with the patch.
+
+* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+
+
+#### **Do you intend to add a new feature or change an existing one?**
+
+* Suggest changes in the opening a [new issue](https://github.com/kairoaraujo/goca/issues/new) to discuss the details.
+
+
+Thanks! :heart:
+
+GoCA Team
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17-alpine as builder
+FROM golang:1.21-alpine as builder
 
 RUN mkdir /goca-builder
 
@@ -7,7 +7,7 @@ WORKDIR /goca-builder/rest-api
 
 RUN go build -o main .
 
-FROM golang:1.17-alpine
+FROM golang:1.21-alpine
 
 RUN mkdir -p /goca/data
 

diff --git a/Makefile b/Makefile
@@ -1,14 +1,17 @@
-lint:
-	if [ ! -f ./bin/golangci-lint ] ; \
-	then \
-		curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.32.2; \
-	fi;
-	./bin/golangci-lint run -e gosec
+.PHONY: test docs docker-image
 
 test:
-	go test -covermode=count -coverprofile=count.out -v ./...
+	go test -race -covermode atomic -coverprofile=cover.out ./... -v
+
+	export PATH=$$PATH:`go env GOPATH`/bin; make -C rest-api test-doc
+	diff docs-test/swagger.json docs/swagger.json
+	diff docs-test/swagger.yaml docs/swagger.yaml
+
+docs:
+	export PATH=$$PATH:`go env GOPATH`/bin; make -C rest-api doc
 
 docker-image:
 	docker build -t goca-rest-api:latest .
 
-.PHONY: lint test mock
+lint:
+	golangci-lint run -e gosec
diff --git a/README.md b/README.md
@@ -17,9 +17,11 @@ Certificates Request List (CRL).
 
 **Content**:
 
-- [GoCA Docker Container](#GoCA-Docker-Container)
-- [GoCA Package](#GoCA-Package)
-- [GoCA HTTP REST API package](#GoCA-HTTP-REST-API)
+- [Go Certificate Authority management package](#go-certificate-authority-management-package)
+  - [GoCA Package](#goca-package)
+  - [GoCA HTTP REST API](#goca-http-rest-api)
+  - [GoCA Docker Container](#goca-docker-container)
+- [Contributing](#contributing)
 
 ## GoCA Package
 
@@ -133,3 +135,7 @@ The API Documentation is online available at http://kairoaraujo.github.io/goca/.
 More details in [Docker README](DOCKER_README.md).
 
 GoCA Docker Image is available at https://hub.docker.com/r/kairoaraujo/goca/
+
+# Contributing
+
+See [CONTRIBUTING](CONTRIBUTING.md).
diff --git a/ca.go b/ca.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"crypto/rsa"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"io/fs"
@@ -50,7 +49,7 @@ type CAData struct {
 	certificate    *x509.Certificate
 	publicKey      rsa.PublicKey
 	csr            *x509.CertificateRequest
-	crl            *pkix.CertificateList
+	crl            *x509.RevocationList
 	IsIntermediate bool
 }
 
@@ -187,9 +186,9 @@ func (c *CA) create(commonName, parentCommonName string, id Identity) error {
 	caData.certificate = certificate
 	caData.Certificate = string(certString)
 
-	crlBytes, err := cert.RevokeCertificate(c.CommonName, []pkix.RevokedCertificate{}, certificate, privKey)
+	crlBytes, err := cert.RevokeCertificate(c.CommonName, []x509.RevocationListEntry{}, certificate, privKey)
 	if err != nil {
-		crl, err := x509.ParseCRL(crlBytes)
+		crl, err := x509.ParseRevocationList(crlBytes)
 		if err != nil {
 			caData.crl = crl
 		}
@@ -452,22 +451,22 @@ func (c *CA) loadCertificate(commonName string) (certificate Certificate, err er
 
 func (c *CA) revokeCertificate(certificate *x509.Certificate) error {
 
-	var revokedCerts []pkix.RevokedCertificate
+	var revokedCerts []x509.RevocationListEntry
 	var caDir string = filepath.Join(c.CommonName, "ca")
 	var crlString []byte
 
 	currentCRL := c.GoCRL()
 	if currentCRL != nil {
-		for _, serialNumber := range currentCRL.TBSCertList.RevokedCertificates {
+		for _, serialNumber := range currentCRL.RevokedCertificateEntries {
 			if serialNumber.SerialNumber.String() == certificate.SerialNumber.String() {
 				return ErrCertRevoked
 			}
 		}
 
-		revokedCerts = currentCRL.TBSCertList.RevokedCertificates
+		revokedCerts = currentCRL.RevokedCertificateEntries
 	}
 
-	newCertRevoke := pkix.RevokedCertificate{
+	newCertRevoke := x509.RevocationListEntry{
 		SerialNumber:   certificate.SerialNumber,
 		RevocationTime: time.Now(),
 	}
@@ -479,7 +478,7 @@ func (c *CA) revokeCertificate(certificate *x509.Certificate) error {
 		return err
 	}
 
-	crl, err := x509.ParseCRL(crlByte)
+	crl, err := x509.ParseRevocationList(crlByte)
 	if err != nil {
 		return err
 	}

diff --git a/cert/cert.go b/cert/cert.go
@@ -133,9 +133,9 @@ func LoadCSR(csrString []byte) (*x509.CertificateRequest, error) {
 // LoadCRL loads a Certificate Revocation List from a read file.
 //
 // Using ioutil.ReadFile() satisfyies the read file.
-func LoadCRL(crlString []byte) (*pkix.CertificateList, error) {
+func LoadCRL(crlString []byte) (*x509.RevocationList, error) {
 	block, _ := pem.Decode([]byte(string(crlString)))
-	crl, _ := x509.ParseCRL(block.Bytes)
+	crl, _ := x509.ParseRevocationList(block.Bytes)
 
 	return crl, nil
 }
@@ -369,14 +369,14 @@ func CASignCSR(CACommonName string, csr x509.CertificateRequest, caCert *x509.Ce
 }
 
 // RevokeCertificate is used to revoke a certificate (added to the revoked list)
-func RevokeCertificate(CACommonName string, certificateList []pkix.RevokedCertificate, caCert *x509.Certificate, privKey *rsa.PrivateKey) (crl []byte, err error) {
+func RevokeCertificate(CACommonName string, certificateList []x509.RevocationListEntry, caCert *x509.Certificate, privKey *rsa.PrivateKey) (crl []byte, err error) {
 
 	crlTemplate := x509.RevocationList{
-		SignatureAlgorithm:  caCert.SignatureAlgorithm,
-		RevokedCertificates: certificateList,
-		Number:              newSerialNumber(),
-		ThisUpdate:          time.Now(),
-		NextUpdate:          time.Now().AddDate(0, 0, 1),
+		SignatureAlgorithm:        caCert.SignatureAlgorithm,
+		RevokedCertificateEntries: certificateList,
+		Number:                    newSerialNumber(),
+		ThisUpdate:                time.Now(),
+		NextUpdate:                time.Now().AddDate(0, 0, 1),
 	}
 
 	crlByte, err := x509.CreateRevocationList(rand.Reader, &crlTemplate, caCert, privKey)