Bump mellium.im/sasl from 0.2.1 to 0.3.1

go.mod

@@ -3,36 +3,28 @@ module github.com/devtron-labs/central-api
 go 1.16
 
 require (
-	cloud.google.com/go v0.100.2 // indirect
-	github.com/antihax/optional v1.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.42.37 // indirect
 	github.com/caarlos0/env v3.5.0+incompatible
-	github.com/coreos/clair v2.0.1-0.20171220021131-30bd568d8361+incompatible // indirect
 	github.com/go-pg/pg v6.15.1+incompatible
+	github.com/google/go-cmp v0.5.6 // indirect
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/wire v0.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/juju/errors v0.0.0-20210818161939-5560c4c073ff
-	github.com/nats-io/nats-server/v2 v2.7.0 // indirect
-	github.com/nats-io/nats-streaming-server v0.23.2 // indirect
-	github.com/nats-io/nats.go v1.13.1-0.20211122170419-d7c1d78a50fc // indirect
-	github.com/nats-io/stan.go v0.10.2 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/onsi/gomega v1.17.0 // indirect
-	github.com/optiopay/klar v2.4.0+incompatible // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.20.0
+	golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce // indirect
 	golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
 	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
 	golang.org/x/text v0.3.7 // indirect
-	google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 // indirect
-	google.golang.org/grpc v1.43.0 // indirect
-	gopkg.in/src-d/go-git.v4 v4.13.1 // indirect
-	mellium.im/sasl v0.2.1 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	mellium.im/sasl v0.3.1 // indirect
 )

vendor/mellium.im/sasl/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+
+##  v0.3.1 — 2022-12-28
+
+### Fixed
+
+- Sometimes the nonce was not set on the SASL state machine, resulting in
+  authentication failing
+
+
+##  v0.3.0 — 2022-08-15
+
+### Added
+
+- Support for tls-exporter channel binding method as defined in [RFC 9266]
+- Support for fast XOR using SIMD/VSX on more architectures
+
+
+### Fixed
+
+- Return an error if no tls-unique channel binding (CB) data is present in the
+  TLS connection state (or no connection state exists) and we use SCRAM with CB
+
+
+[RFC 9266]: https://datatracker.ietf.org/doc/html/rfc9266

vendor/mellium.im/sasl/DCO

@@ -0,0 +1,37 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.

vendor/mellium.im/sasl/LICENSE.md → vendor/mellium.im/sasl/LICENSE

@@ -1,5 +1,3 @@
-## The BSD 2-Clause License
-
 Copyright © 2014 The Mellium Contributors.
 All rights reserved.
 

vendor/mellium.im/sasl/README.md

@@ -1,22 +1,21 @@
 # SASL
 
-[![GoDoc](https://godoc.org/mellium.im/sasl?status.svg)](https://godoc.org/mellium.im/sasl)
+[![Issue Tracker][badge]](https://mellium.im/issue)
+[![Docs](https://pkg.go.dev/badge/mellium.im/sasl)](https://pkg.go.dev/mellium.im/sasl)
+[![Chat](https://img.shields.io/badge/[email protected])](https://mellium.chat)
 [![License](https://img.shields.io/badge/license-FreeBSD-blue.svg)](https://opensource.org/licenses/BSD-2-Clause)
 
-[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/purple_img.png)](https://www.buymeacoffee.com/samwhited)
+<a href="https://opencollective.com/mellium" alt="Donate on Open Collective"><img src="https://opencollective.com/mellium/donate/[email protected]?color=blue" width="200"/></a>
 
 A Go library implementing the Simple Authentication and Security Layer (SASL) as
 defined by [RFC 4422][rfc4422].
 
-## Issues and feature requests
-
-To file a bug report, please use the [issue tracker][issues].
 
 ## License
 
 The package may be used under the terms of the BSD 2-Clause License a copy of
 which may be found in the file [LICENSE.md][LICENSE].
 
+[badge]: https://img.shields.io/badge/style-mellium%2fxmpp-green.svg?longCache=true&style=popout-square&label=issues
 [rfc4422]: https://tools.ietf.org/html/rfc4422
-[issues]: https://bitbucket.org/mellium/sasl/issues?status=new&status=open
-[LICENSE]: ./LICENSE.md
+[LICENSE]: https://codeberg.org/mellium/xmpp/src/branch/main/LICENSE

vendor/mellium.im/sasl/doc.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 // Package sasl implements the Simple Authentication and Security Layer (SASL)
 // as defined by RFC 4422.

vendor/mellium.im/sasl/go.mod

@@ -1,3 +1,5 @@
 module mellium.im/sasl
 
-require golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b
+require golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576
+
+go 1.18

vendor/mellium.im/sasl/go.sum

@@ -1,2 +1,3 @@
-golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b h1:2b9XGzhjiYsYPnKXoEfL7klWZQIt8IfyRCz62gCqqlQ=
-golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576 h1:aUX/1G2gFSs4AsJJg2cL3HuoRhCSCz733FE5GUSuaT4=
+golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

vendor/mellium.im/sasl/mechanism.go

@@ -1,21 +1,22 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
 import (
+	/* #nosec */
 	"crypto/sha1"
 	"crypto/sha256"
 	"errors"
 )
 
 // Define common errors used by SASL mechanisms and negotiators.
 var (
-	ErrInvalidState     = errors.New("Invalid state")
-	ErrInvalidChallenge = errors.New("Invalid or missing challenge")
-	ErrAuthn            = errors.New("Authentication error")
-	ErrTooManySteps     = errors.New("Step called too many times")
+	ErrInvalidState     = errors.New("invalid state")
+	ErrInvalidChallenge = errors.New("invalid or missing challenge")
+	ErrAuthn            = errors.New("authentication error")
+	ErrTooManySteps     = errors.New("step called too many times")
 )
 
 var (
@@ -24,17 +25,19 @@ var (
 	Plain Mechanism = plain
 
 	// ScramSha256Plus is a Mechanism that implements the SCRAM-SHA-256-PLUS
-	// authentication mechanism defined in RFC 7677. The only supported channel
-	// binding type is tls-unique as defined in RFC 5929.
+	// authentication mechanism defined in RFC 7677.
+	// The only supported channel binding types are tls-unique as defined in RFC
+	// 5929 and tls-exporter defined in RFC 9266.
 	ScramSha256Plus Mechanism = scram("SCRAM-SHA-256-PLUS", sha256.New)
 
 	// ScramSha256 is a Mechanism that implements the SCRAM-SHA-256
 	// authentication mechanism defined in RFC 7677.
 	ScramSha256 Mechanism = scram("SCRAM-SHA-256", sha256.New)
 
 	// ScramSha1Plus is a Mechanism that implements the SCRAM-SHA-1-PLUS
-	// authentication mechanism defined in RFC 5802. The only supported channel
-	// binding type is tls-unique as defined in RFC 5929.
+	// authentication mechanism defined in RFC 5802.
+	// The only supported channel binding types are tls-unique as defined in RFC
+	// 5929 and tls-exporter defined in RFC 9266.
 	ScramSha1Plus Mechanism = scram("SCRAM-SHA-1-PLUS", sha1.New)
 
 	// ScramSha1 is a Mechanism that implements the SCRAM-SHA-1 authentication

vendor/mellium.im/sasl/negotiator.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
@@ -44,16 +44,18 @@ const (
 func NewClient(m Mechanism, opts ...Option) *Negotiator {
 	machine := &Negotiator{
 		mechanism: m,
-		nonce:     nonce(noncerandlen, rand.Reader),
 	}
 	getOpts(machine, opts...)
 	for _, rname := range machine.remoteMechanisms {
 		lname := m.Name
 		if lname == rname && strings.HasSuffix(lname, "-PLUS") {
 			machine.state |= RemoteCB
-			return machine
+			break
 		}
 	}
+	if len(machine.nonce) == 0 {
+		machine.nonce = nonce(noncerandlen, rand.Reader)
+	}
 	return machine
 }
 
@@ -64,7 +66,6 @@ func NewClient(m Mechanism, opts ...Option) *Negotiator {
 func NewServer(m Mechanism, permissions func(*Negotiator) bool, opts ...Option) *Negotiator {
 	machine := &Negotiator{
 		mechanism: m,
-		nonce:     nonce(noncerandlen, rand.Reader),
 		state:     AuthTextSent | Receiving,
 	}
 	getOpts(machine, opts...)
@@ -75,9 +76,12 @@ func NewServer(m Mechanism, permissions func(*Negotiator) bool, opts ...Option)
 		lname := m.Name
 		if lname == rname && strings.HasSuffix(lname, "-PLUS") {
 			machine.state |= RemoteCB
-			return machine
+			break
 		}
 	}
+	if len(machine.nonce) == 0 {
+		machine.nonce = nonce(noncerandlen, rand.Reader)
+	}
 	return machine
 }
 

vendor/mellium.im/sasl/nonce.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 

vendor/mellium.im/sasl/options.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl
 
@@ -31,6 +31,14 @@ func TLSState(cs tls.ConnectionState) Option {
 	}
 }
 
+// nonce overrides the nonce used for authentication attempts.
+// This defaults to a random value and should not be changed.
+func setNonce(v []byte) Option {
+	return func(n *Negotiator) {
+		n.nonce = v
+	}
+}
+
 // RemoteMechanisms sets a list of mechanisms supported by the remote client or
 // server with which the state machine will be negotiating.
 // It is used to determine if the server supports channel binding.

vendor/mellium.im/sasl/plain.go

@@ -1,6 +1,6 @@
 // Copyright 2016 The Mellium Contributors.
-// Use of this source code is governed by the BSD 2-clause license that can be
-// found in the LICENSE file.
+// Use of this source code is governed by the BSD 2-clause
+// license that can be found in the LICENSE file.
 
 package sasl