Upgrade to Go 1.18 and update dependencies (#239)

Author: amarpal

.github/workflows/tests.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go: [1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x]
+        go: [1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x]
     steps:
       - uses: actions/checkout@v2
 

apns2/main.go

@@ -7,9 +7,9 @@ import (
 	"os"
 	"strings"
 
+	"github.com/alecthomas/kingpin"
 	"github.com/sideshow/apns2"
 	"github.com/sideshow/apns2/certificate"
-	"gopkg.in/alecthomas/kingpin.v2"
 )
 
 var (

certificate/_fixtures/certificate-valid-encrypted.pem renamed to certificate/_fixtures/certificate-legacy-encrypted-unsupported.pem

@@ -16,7 +16,6 @@ import (
 
 // Possible errors when parsing a certificate.
 var (
-	ErrFailedToDecryptKey       = errors.New("failed to decrypt private key")
 	ErrFailedToParsePrivateKey  = errors.New("failed to parse private key")
 	ErrFailedToParseCertificate = errors.New("failed to parse certificate PEM data")
 	ErrNoPrivateKey             = errors.New("no private key")
@@ -56,11 +55,10 @@ func FromP12Bytes(bytes []byte, password string) (tls.Certificate, error) {
 // FromPemFile loads a PEM certificate from a local file and returns a
 // tls.Certificate. This function is similar to the crypto/tls LoadX509KeyPair
 // function, however it supports PEM files with the cert and key combined
-// in the same file, as well as password protected key files which are both
-// common with APNs certificates.
+// in the same file. It does not support password-protected key files due
+// to security concerns with the deprecated PEM encryption method.
 //
-// Use "" as the password argument if the PEM certificate is not password
-// protected.
+// The password argument is kept for backwards compatibility but is no longer used.
 func FromPemFile(filename string, password string) (tls.Certificate, error) {
 	bytes, err := os.ReadFile(filename)
 	if err != nil {
@@ -109,13 +107,6 @@ func FromPemBytes(bytes []byte, password string) (tls.Certificate, error) {
 }
 
 func unencryptPrivateKey(block *pem.Block, password string) (crypto.PrivateKey, error) {
-	if x509.IsEncryptedPEMBlock(block) {
-		bytes, err := x509.DecryptPEMBlock(block, []byte(password))
-		if err != nil {
-			return nil, ErrFailedToDecryptKey
-		}
-		return parsePrivateKey(bytes)
-	}
 	return parsePrivateKey(block.Bytes)
 }
 

certificate/certificate.go

@@ -70,11 +70,10 @@ func TestValidCertificateFromPemBytesWithPKCS8PrivateKey(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotEqual(t, tls.Certificate{}, cer)
 }
-
-func TestEncryptedValidCertificateFromPemFile(t *testing.T) {
-	cer, err := certificate.FromPemFile("_fixtures/certificate-valid-encrypted.pem", "password")
-	assert.NoError(t, err)
-	assert.NotEqual(t, tls.Certificate{}, cer)
+func TestUnsupportedEncryptedCertificateFromPemFile(t *testing.T) {
+	cer, err := certificate.FromPemFile("_fixtures/certificate-legacy-encrypted-unsupported.pem", "password")
+	assert.Equal(t, tls.Certificate{}, cer)
+	assert.Equal(t, certificate.ErrFailedToParsePrivateKey, err)
 }
 
 func TestNoSuchFilePemFile(t *testing.T) {
@@ -83,12 +82,6 @@ func TestNoSuchFilePemFile(t *testing.T) {
 	assert.Equal(t, errors.New("open : no such file or directory").Error(), err.Error())
 }
 
-func TestBadPasswordPemFile(t *testing.T) {
-	cer, err := certificate.FromPemFile("_fixtures/certificate-valid-encrypted.pem", "badpassword")
-	assert.Equal(t, tls.Certificate{}, cer)
-	assert.Equal(t, certificate.ErrFailedToDecryptKey, err)
-}
-
 func TestBadKeyPemFile(t *testing.T) {
 	cer, err := certificate.FromPemFile("_fixtures/certificate-bad-key.pem", "")
 	assert.Equal(t, tls.Certificate{}, cer)

certificate/certificate_test.go

@@ -92,9 +92,6 @@ func NewClient(certificate tls.Certificate) *Client {
 	tlsConfig := &tls.Config{
 		Certificates: []tls.Certificate{certificate},
 	}
-	if len(certificate.Certificate) > 0 {
-		tlsConfig.BuildNameToCertificate()
-	}
 	transport := &http2.Transport{
 		TLSClientConfig: tlsConfig,
 		DialTLS:         DialTLS,

client.go

@@ -12,7 +12,6 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
 	"time"
 
@@ -116,33 +115,52 @@ func TestClientBadDeviceToken(t *testing.T) {
 func TestClientNameToCertificate(t *testing.T) {
 	crt, _ := certificate.FromP12File("certificate/_fixtures/certificate-valid.p12", "")
 	client := apns.NewClient(crt)
-	name := client.HTTPClient.Transport.(*http2.Transport).TLSClientConfig.NameToCertificate
-	assert.Len(t, name, 1)
 
+	// Check if the client's certificate is set correctly
+	clientCerts := client.HTTPClient.Transport.(*http2.Transport).TLSClientConfig.Certificates
+	assert.Len(t, clientCerts, 1)
+	assert.Equal(t, crt, clientCerts[0])
+
+	// Test with an empty certificate
 	certificate2 := tls.Certificate{}
 	client2 := apns.NewClient(certificate2)
-	name2 := client2.HTTPClient.Transport.(*http2.Transport).TLSClientConfig.NameToCertificate
-	assert.Len(t, name2, 0)
+
+	// Check if the client's certificate is empty
+	clientCerts2 := client2.HTTPClient.Transport.(*http2.Transport).TLSClientConfig.Certificates
+	assert.Len(t, clientCerts2, 1)
+	assert.Equal(t, certificate2, clientCerts2[0])
 }
 
 func TestDialTLSTimeout(t *testing.T) {
 	apns.TLSDialTimeout = 10 * time.Millisecond
 	crt, _ := certificate.FromP12File("certificate/_fixtures/certificate-valid.p12", "")
 	client := apns.NewClient(crt)
-	dialTLS := client.HTTPClient.Transport.(*http2.Transport).DialTLS
+
+	// Replace the DialTLS with DialTLSContext
+	transport := client.HTTPClient.Transport.(*http2.Transport)
+	transport.DialTLSContext = func(ctx context.Context, network, addr string, cfg *tls.Config) (net.Conn, error) {
+		dialer := &net.Dialer{
+			Timeout: apns.TLSDialTimeout,
+		}
+		return tls.DialWithDialer(dialer, network, addr, nil)
+	}
+
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatal(err)
 	}
 	address := listener.Addr().String()
 	defer listener.Close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), apns.TLSDialTimeout)
+	defer cancel()
+
 	var e error
-	if _, e = dialTLS("tcp", address, nil); e == nil {
+	if _, e = transport.DialTLSContext(ctx, "tcp", address, nil); e == nil {
 		t.Fatal("Dial completed successfully")
 	}
-	// Go 1.7.x and later will return a context deadline exceeded error
-	// Previous versions will return a time out
-	if !strings.Contains(e.Error(), "timed out") && !errors.Is(e, context.DeadlineExceeded) {
+
+	if !errors.Is(e, context.DeadlineExceeded) {
 		t.Errorf("Unexpected error: %s", e)
 	}
 }

client_test.go

@@ -1,13 +1,20 @@
 module github.com/sideshow/apns2
 
-go 1.15
+go 1.18
+
+require (
+	github.com/alecthomas/kingpin v2.2.6+incompatible
+	github.com/golang-jwt/jwt/v5 v5.2.1
+	golang.org/x/crypto v0.31.0
+	golang.org/x/net v0.33.0
+)
 
 require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
-	github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.1
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/crypto v0.0.0-20170512130425-ab89591268e0
-	golang.org/x/net v0.0.0-20220403103023-749bd193bc2b
-	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.mod

@@ -1,31 +1,33 @@
+github.com/alecthomas/kingpin v2.2.6+incompatible h1:5svnBTFgJjZvGKyYBtMB0+m5wvrbUHiqye8wRJMlnYI=
+github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 h1:EBTWhcAX7rNQ80RLwLCpHZBBrJuzallFHnF+yMXo928=
-github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b h1:mimo19zliBX/vSQ6PWWSL9lK8qwHozUj03+zLoEB8O0=
+github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b/go.mod h1:fvzegU4vN3H1qMT+8wDmzjAcDONcgo2/SZ/TyfdUOFs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
-github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-golang.org/x/crypto v0.0.0-20170512130425-ab89591268e0 h1:Kv0JVjoWyBVkLETNHnV/PxoZcMP3J7+WTc6+QQnzZmY=
-golang.org/x/crypto v0.0.0-20170512130425-ab89591268e0/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/net v0.0.0-20220403103023-749bd193bc2b h1:vI32FkLJNAWtGD4BwkThwEy6XS7ZLLMHkSkYfF8M0W0=
-golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

go.sum

@@ -9,7 +9,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 const (