mirror of
https://github.com/outbackdingo/certificates.git
synced 2026-01-27 10:18:34 +00:00
Fix linter warnings
This commit is contained in:
max furman
@@ -110,7 +110,7 @@ func newLinkedCAClient(token string) (*linkedCaClient, error) {
|
||||
tlsConfig.GetClientCertificate = renewer.GetClientCertificate
|
||||
|
||||
// Start mTLS client
|
||||
conn, err := grpc.Dial(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
|
||||
conn, err := grpc.NewClient(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)))
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error connecting %s", u.Host)
|
||||
}
|
||||
@@ -478,10 +478,7 @@ func getAuthority(sans []string) (string, error) {
|
||||
// getRootCertificate creates an insecure majordomo client and returns the
|
||||
// verified root certificate.
|
||||
func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) {
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
|
||||
conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
|
||||
//nolint:gosec // used in bootstrap protocol
|
||||
InsecureSkipVerify: true, // lgtm[go/disabled-certificate-check]
|
||||
})))
|
||||
@@ -489,7 +486,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error)
|
||||
return nil, errors.Wrapf(err, "error connecting %s", endpoint)
|
||||
}
|
||||
|
||||
ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
||||
defer cancel()
|
||||
|
||||
client := linkedca.NewMajordomoClient(conn)
|
||||
@@ -531,11 +528,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error)
|
||||
// login creates a new majordomo client with just the root ca pool and returns
|
||||
// the signed certificate and tls configuration.
|
||||
func login(authority, token string, csr *x509.CertificateRequest, signer crypto.PrivateKey, endpoint string, rootCAs *x509.CertPool) (*tls.Certificate, *tls.Config, error) {
|
||||
// Connect to majordomo
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
|
||||
conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
RootCAs: rootCAs,
|
||||
})))
|
||||
@@ -544,7 +537,7 @@ func login(authority, token string, csr *x509.CertificateRequest, signer crypto.
|
||||
}
|
||||
|
||||
// Login to get the signed certificate
|
||||
ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
||||
defer cancel()
|
||||
|
||||
client := linkedca.NewMajordomoClient(conn)
|
||||
|
||||
@@ -234,24 +234,24 @@ func (c *Claimer) IsSSHCAEnabled() bool {
|
||||
// Validate validates and modifies the Claims with default values.
|
||||
func (c *Claimer) Validate() error {
|
||||
var (
|
||||
min = c.MinTLSCertDuration()
|
||||
max = c.MaxTLSCertDuration()
|
||||
def = c.DefaultTLSCertDuration()
|
||||
minDur = c.MinTLSCertDuration()
|
||||
maxDur = c.MaxTLSCertDuration()
|
||||
defDur = c.DefaultTLSCertDuration()
|
||||
)
|
||||
switch {
|
||||
case min <= 0:
|
||||
case minDur <= 0:
|
||||
return errors.Errorf("claims: MinTLSCertDuration must be greater than 0")
|
||||
case max <= 0:
|
||||
case maxDur <= 0:
|
||||
return errors.Errorf("claims: MaxTLSCertDuration must be greater than 0")
|
||||
case def <= 0:
|
||||
case defDur <= 0:
|
||||
return errors.Errorf("claims: DefaultTLSCertDuration must be greater than 0")
|
||||
case max < min:
|
||||
case maxDur < minDur:
|
||||
return errors.Errorf("claims: MaxCertDuration cannot be less "+
|
||||
"than MinCertDuration: MaxCertDuration - %v, MinCertDuration - %v", max, min)
|
||||
case def < min:
|
||||
return errors.Errorf("claims: DefaultCertDuration cannot be less than MinCertDuration: DefaultCertDuration - %v, MinCertDuration - %v", def, min)
|
||||
case max < def:
|
||||
return errors.Errorf("claims: MaxCertDuration cannot be less than DefaultCertDuration: MaxCertDuration - %v, DefaultCertDuration - %v", max, def)
|
||||
"than MinCertDuration: MaxCertDuration - %v, MinCertDuration - %v", maxDur, minDur)
|
||||
case defDur < minDur:
|
||||
return errors.Errorf("claims: DefaultCertDuration cannot be less than MinCertDuration: DefaultCertDuration - %v, MinCertDuration - %v", defDur, minDur)
|
||||
case maxDur < defDur:
|
||||
return errors.Errorf("claims: MaxCertDuration cannot be less than DefaultCertDuration: MaxCertDuration - %v, DefaultCertDuration - %v", maxDur, defDur)
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -369,8 +369,8 @@ type validityValidator struct {
|
||||
}
|
||||
|
||||
// newValidityValidator return a new validity validator.
|
||||
func newValidityValidator(min, max time.Duration) *validityValidator {
|
||||
return &validityValidator{min: min, max: max}
|
||||
func newValidityValidator(minDur, maxDur time.Duration) *validityValidator {
|
||||
return &validityValidator{min: minDur, max: maxDur}
|
||||
}
|
||||
|
||||
// Valid validates the certificate validity settings (notBefore/notAfter) and
|
||||
|
||||
@@ -276,14 +276,14 @@ func (v *sshCertValidityValidator) Valid(cert *ssh.Certificate, opts SignSSHOpti
|
||||
return errs.BadRequest("ssh certificate validBefore cannot be before validAfter")
|
||||
}
|
||||
|
||||
var min, max time.Duration
|
||||
var minDur, maxDur time.Duration
|
||||
switch cert.CertType {
|
||||
case ssh.UserCert:
|
||||
min = v.MinUserSSHCertDuration()
|
||||
max = v.MaxUserSSHCertDuration()
|
||||
minDur = v.MinUserSSHCertDuration()
|
||||
maxDur = v.MaxUserSSHCertDuration()
|
||||
case ssh.HostCert:
|
||||
min = v.MinHostSSHCertDuration()
|
||||
max = v.MaxHostSSHCertDuration()
|
||||
minDur = v.MinHostSSHCertDuration()
|
||||
maxDur = v.MaxHostSSHCertDuration()
|
||||
case 0:
|
||||
return errs.BadRequest("ssh certificate type has not been set")
|
||||
default:
|
||||
@@ -295,10 +295,10 @@ func (v *sshCertValidityValidator) Valid(cert *ssh.Certificate, opts SignSSHOpti
|
||||
dur := time.Duration(cert.ValidBefore-cert.ValidAfter) * time.Second
|
||||
|
||||
switch {
|
||||
case dur < min:
|
||||
return errs.Forbidden("requested duration of %s is less than minimum accepted duration for selected provisioner of %s", dur, min)
|
||||
case dur > max+opts.Backdate:
|
||||
return errs.Forbidden("requested duration of %s is greater than maximum accepted duration for selected provisioner of %s", dur, max+opts.Backdate)
|
||||
case dur < minDur:
|
||||
return errs.Forbidden("requested duration of %s is less than minimum accepted duration for selected provisioner of %s", dur, minDur)
|
||||
case dur > maxDur+opts.Backdate:
|
||||
return errs.Forbidden("requested duration of %s is greater than maximum accepted duration for selected provisioner of %s", dur, maxDur+opts.Backdate)
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -426,25 +426,25 @@ func ValidateClaims(c *linkedca.Claims) error {
|
||||
// ValidateDurations validates the Durations type.
|
||||
func ValidateDurations(d *linkedca.Durations) error {
|
||||
var (
|
||||
err error
|
||||
min, max, def *provisioner.Duration
|
||||
err error
|
||||
minDur, maxDur, def *provisioner.Duration
|
||||
)
|
||||
|
||||
if d.Min != "" {
|
||||
min, err = provisioner.NewDuration(d.Min)
|
||||
minDur, err = provisioner.NewDuration(d.Min)
|
||||
if err != nil {
|
||||
return admin.WrapError(admin.ErrorBadRequestType, err, "min duration '%s' is invalid", d.Min)
|
||||
}
|
||||
if min.Value() < 0 {
|
||||
if minDur.Value() < 0 {
|
||||
return admin.WrapError(admin.ErrorBadRequestType, err, "min duration '%s' cannot be less than 0", d.Min)
|
||||
}
|
||||
}
|
||||
if d.Max != "" {
|
||||
max, err = provisioner.NewDuration(d.Max)
|
||||
maxDur, err = provisioner.NewDuration(d.Max)
|
||||
if err != nil {
|
||||
return admin.WrapError(admin.ErrorBadRequestType, err, "max duration '%s' is invalid", d.Max)
|
||||
}
|
||||
if max.Value() < 0 {
|
||||
if maxDur.Value() < 0 {
|
||||
return admin.WrapError(admin.ErrorBadRequestType, err, "max duration '%s' cannot be less than 0", d.Max)
|
||||
}
|
||||
}
|
||||
@@ -457,15 +457,15 @@ func ValidateDurations(d *linkedca.Durations) error {
|
||||
return admin.WrapError(admin.ErrorBadRequestType, err, "default duration '%s' cannot be less than 0", d.Default)
|
||||
}
|
||||
}
|
||||
if d.Min != "" && d.Max != "" && min.Value() > max.Value() {
|
||||
if d.Min != "" && d.Max != "" && minDur.Value() > maxDur.Value() {
|
||||
return admin.NewError(admin.ErrorBadRequestType,
|
||||
"min duration '%s' cannot be greater than max duration '%s'", d.Min, d.Max)
|
||||
}
|
||||
if d.Min != "" && d.Default != "" && min.Value() > def.Value() {
|
||||
if d.Min != "" && d.Default != "" && minDur.Value() > def.Value() {
|
||||
return admin.NewError(admin.ErrorBadRequestType,
|
||||
"min duration '%s' cannot be greater than default duration '%s'", d.Min, d.Default)
|
||||
}
|
||||
if d.Default != "" && d.Max != "" && min.Value() > def.Value() {
|
||||
if d.Default != "" && d.Max != "" && minDur.Value() > def.Value() {
|
||||
return admin.NewError(admin.ErrorBadRequestType,
|
||||
"default duration '%s' cannot be greater than max duration '%s'", d.Default, d.Max)
|
||||
}
|
||||
@@ -608,15 +608,15 @@ func provisionerWebhookToLinkedca(pwh *provisioner.Webhook) *linkedca.Webhook {
|
||||
return lwh
|
||||
}
|
||||
|
||||
func durationsToCertificates(d *linkedca.Durations) (min, max, def *provisioner.Duration, err error) {
|
||||
func durationsToCertificates(d *linkedca.Durations) (minDur, maxDur, def *provisioner.Duration, err error) {
|
||||
if d.Min != "" {
|
||||
min, err = provisioner.NewDuration(d.Min)
|
||||
minDur, err = provisioner.NewDuration(d.Min)
|
||||
if err != nil {
|
||||
return nil, nil, nil, admin.WrapErrorISE(err, "error parsing minimum duration '%s'", d.Min)
|
||||
}
|
||||
}
|
||||
if d.Max != "" {
|
||||
max, err = provisioner.NewDuration(d.Max)
|
||||
maxDur, err = provisioner.NewDuration(d.Max)
|
||||
if err != nil {
|
||||
return nil, nil, nil, admin.WrapErrorISE(err, "error parsing maximum duration '%s'", d.Max)
|
||||
}
|
||||
|
||||
@@ -248,6 +248,7 @@ func mustParseECKey(t *testing.T, pemKey string) *ecdsa.PrivateKey {
|
||||
block, _ := pem.Decode([]byte(pemKey))
|
||||
if block == nil {
|
||||
t.Fatal("failed to parse key")
|
||||
return nil
|
||||
}
|
||||
key, err := x509.ParseECPrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
@@ -882,7 +883,7 @@ func TestCloudCAS_CreateCertificateAuthority(t *testing.T) {
|
||||
defer srv.Stop()
|
||||
|
||||
// Create fake privateca client
|
||||
conn, err := grpc.DialContext(context.Background(), "", grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
conn, err := grpc.NewClient("localhost", grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) {
|
||||
return lis.Dial()
|
||||
}))
|
||||
|
||||
Reference in New Issue
Block a user