github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 02:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix new golangci-lint v2 linter issues

Browse Source
This commit is contained in:
Herman Slatman
2025-05-21 12:21:47 +02:00
parent 3367a61bcc
commit acf4387180
18 changed files with 56 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
acme/api/eab.go
View File

@@ -129,7 +129,7 @@ func validateEABJWS(ctx context.Context, jws *jose.JSONWebSignature) (string, *a
keyID := header.KeyID
nonce := header.Nonce
if !(algorithm == jose.HS256 || algorithm == jose.HS384 || algorithm == jose.HS512) {
if algorithm != jose.HS256 && algorithm != jose.HS384 && algorithm != jose.HS512 {
return "", acme.NewError(acme.ErrorMalformedType, "'alg' field set to invalid algorithm '%s'", algorithm)
}

4
api/sshRenew.go
View File

@@ -21,8 +21,8 @@ type SSHRenewRequest struct {
// Validate validates the SSHSignRequest.
func (s *SSHRenewRequest) Validate() error {
switch {
case s.OTT == "":
switch s.OTT {
case "":
return errs.BadRequest("missing or empty ott")
default:
return nil

2
authority/provisioner/acme.go
View File

@@ -17,7 +17,7 @@ import (
// ACMEChallenge represents the supported acme challenges.
type ACMEChallenge string
//nolint:stylecheck,revive // better names
//nolint:staticcheck,revive // better names
const (
// HTTP_01 is the http-01 ACME challenge.
HTTP_01 ACMEChallenge = "http-01"

6
authority/provisioner/utils_test.go
View File

@@ -1042,10 +1042,12 @@ func generateAzureToken(sub, iss, aud, tenantID, subscriptionID, resourceGroup,
if err != nil {
return "", err
}
var xmsMirID string
if resourceType == "vm" {
switch resourceType {
case "vm":
xmsMirID = fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/virtualMachines/%s", subscriptionID, resourceGroup, resourceName)
} else if resourceType == "uai" {
case "uai":
xmsMirID = fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ManagedIdentity/userAssignedIdentities/%s", subscriptionID, resourceGroup, resourceName)
}

2
authority/tls.go
View File

@@ -610,7 +610,7 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error
}
// If not mTLS nor ACME, then get the TokenID of the token.
if !(revokeOpts.MTLS || revokeOpts.ACME) {
if !revokeOpts.MTLS && !revokeOpts.ACME {
token, err := jose.ParseSigned(revokeOpts.OTT)
if err != nil {
return errs.Wrap(http.StatusUnauthorized, err, "authority.Revoke; error parsing token", opts...)

6
ca/acmeClient_test.go
View File

@@ -112,11 +112,11 @@ func TestNewACMEClient(t *testing.T) {
i := 0
srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equals(t, "step-http-client/1.0", r.Header.Get("User-Agent")) // check default User-Agent header
switch {
case i == 0:
switch i {
case 0:
render.JSONStatus(w, r, tc.r1, tc.rc1)
i++
case i == 1:
case 1:
w.Header().Set("Replay-Nonce", "abc123")
render.JSONStatus(w, r, []byte{}, 200)
i++

4
cas/stepcas/issuer.go
View File

@@ -91,8 +91,8 @@ func validateX5CIssuer(iss *apiv1.CertificateIssuer) error {
// not given, then it will download it from the CA. If the password is not set
// it will be prompted.
func validateJWKIssuer(iss *apiv1.CertificateIssuer) error {
switch {
case iss.Provisioner == "":
switch iss.Provisioner {
case "":
return errors.New("stepCAS `certificateIssuer.provisioner` cannot be empty")
default:
return nil

14
cas/stepcas/stepcas_test.go
View File

@@ -130,13 +130,13 @@ func testCAHelper(t *testing.T) (*url.URL, *ca.Client) {
_ = json.NewDecoder(r.Body).Decode(v)
}
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.RequestURI == "/root/"+testRootFingerprint:
switch r.RequestURI {
case "/root/" + testRootFingerprint:
w.WriteHeader(http.StatusOK)
writeJSON(w, api.RootResponse{
RootPEM: api.NewCertificate(testRootCrt),
})
case r.RequestURI == "/sign":
case "/sign":
var msg api.SignRequest
parseJSON(r, &msg)
if msg.CsrPEM.DNSNames[0] == "fail.doe.org" {
@@ -148,7 +148,7 @@ func testCAHelper(t *testing.T) (*url.URL, *ca.Client) {
writeJSON(w, api.SignResponse{
CertChainPEM: []api.Certificate{api.NewCertificate(testCrt), api.NewCertificate(testIssCrt)},
})
case r.RequestURI == "/renew":
case "/renew":
if r.Header.Get("Authorization") == "Bearer fail" {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(w, `{"error":"fail","message":"fail"}`)
@@ -158,7 +158,7 @@ func testCAHelper(t *testing.T) (*url.URL, *ca.Client) {
writeJSON(w, api.SignResponse{
CertChainPEM: []api.Certificate{api.NewCertificate(testCrt), api.NewCertificate(testIssCrt)},
})
case r.RequestURI == "/revoke":
case "/revoke":
var msg api.RevokeRequest
parseJSON(r, &msg)
if msg.Serial == "fail" {
@@ -170,7 +170,7 @@ func testCAHelper(t *testing.T) (*url.URL, *ca.Client) {
writeJSON(w, api.RevokeResponse{
Status: "ok",
})
case r.RequestURI == "/provisioners":
case "/provisioners":
w.WriteHeader(http.StatusOK)
writeJSON(w, api.ProvisionersResponse{
NextCursor: "cursor",
@@ -188,7 +188,7 @@ func testCAHelper(t *testing.T) (*url.URL, *ca.Client) {
},
},
})
case r.RequestURI == "/provisioners?cursor=cursor":
case "/provisioners?cursor=cursor":
w.WriteHeader(http.StatusOK)
writeJSON(w, api.ProvisionersResponse{})
default:

6
cas/vaultcas/auth/approle/approle_test.go
View File

@@ -16,15 +16,15 @@ func testCAHelper(t *testing.T) (*url.URL, *vault.Client) {
t.Helper()
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.RequestURI == "/v1/auth/approle/login":
switch r.RequestURI {
case "/v1/auth/approle/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {
"client_token": "hvs.0000"
}
}`)
case r.RequestURI == "/v1/auth/custom-approle/login":
case "/v1/auth/custom-approle/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {

6
cas/vaultcas/auth/aws/aws_test.go
View File

@@ -16,15 +16,15 @@ func testCAHelper(t *testing.T) (*url.URL, *vault.Client) {
t.Helper()
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.RequestURI == "/v1/auth/aws/login":
switch r.RequestURI {
case "/v1/auth/aws/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {
"client_token": "hvs.0000"
}
}`)
case r.RequestURI == "/v1/auth/custom-aws/login":
case "/v1/auth/custom-aws/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {

6
cas/vaultcas/auth/kubernetes/kubernetes_test.go
View File

@@ -19,15 +19,15 @@ func testCAHelper(t *testing.T) (*url.URL, *vault.Client) {
t.Helper()
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.RequestURI == "/v1/auth/kubernetes/login":
switch r.RequestURI {
case "/v1/auth/kubernetes/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {
"client_token": "hvs.0000"
}
}`)
case r.RequestURI == "/v1/auth/custom-kubernetes/login":
case "/v1/auth/custom-kubernetes/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {

8
cas/vaultcas/vaultcas.go
View File

@@ -212,12 +212,12 @@ func (v *VaultCAS) RevokeCertificate(req *apiv1.RevokeCertificateRequest) (*apiv
func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, lifetime time.Duration) (*x509.Certificate, []*x509.Certificate, error) {
var vaultPKIRole string
switch {
case cr.PublicKeyAlgorithm == x509.RSA:
switch cr.PublicKeyAlgorithm {
case x509.RSA:
vaultPKIRole = v.config.PKIRoleRSA
case cr.PublicKeyAlgorithm == x509.ECDSA:
case x509.ECDSA:
vaultPKIRole = v.config.PKIRoleEC
case cr.PublicKeyAlgorithm == x509.Ed25519:
case x509.Ed25519:
vaultPKIRole = v.config.PKIRoleEd25519
default:
return nil, nil, fmt.Errorf("unsupported public key algorithm %v", cr.PublicKeyAlgorithm)

22
cas/vaultcas/vaultcas_test.go
View File

@@ -97,48 +97,48 @@ func testCAHelper(t *testing.T) (*url.URL, *vault.Client) {
}
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch {
case r.RequestURI == "/v1/auth/approle/login":
switch r.RequestURI {
case "/v1/auth/approle/login":
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `{
"auth": {
"client_token": "98a4c7ab-b1fe-361b-ba0b-e307aacfd587"
}
}`)
case r.RequestURI == "/v1/pki/sign/ec":
case "/v1/pki/sign/ec":
w.WriteHeader(http.StatusOK)
cert := map[string]interface{}{"data": map[string]interface{}{"certificate": testCertificateSigned + "\n" + testRootCertificate}}
writeJSON(w, cert)
return
case r.RequestURI == "/v1/pki/sign/rsa":
case "/v1/pki/sign/rsa":
w.WriteHeader(http.StatusOK)
cert := map[string]interface{}{"data": map[string]interface{}{"certificate": testCertificateSigned + "\n" + testRootCertificate}}
writeJSON(w, cert)
return
case r.RequestURI == "/v1/pki/sign/ed25519":
case "/v1/pki/sign/ed25519":
w.WriteHeader(http.StatusOK)
cert := map[string]interface{}{"data": map[string]interface{}{"certificate": testCertificateSigned + "\n" + testRootCertificate}}
writeJSON(w, cert)
return
case r.RequestURI == "/v1/pki/cert/ca_chain":
case "/v1/pki/cert/ca_chain":
w.WriteHeader(http.StatusOK)
cert := map[string]interface{}{"data": map[string]interface{}{"certificate": testCertificateSigned + "\n" + testRootCertificate}}
writeJSON(w, cert)
return
case r.RequestURI == "/v1/pki/revoke":
case "/v1/pki/revoke":
buf := new(bytes.Buffer)
buf.ReadFrom(r.Body)
m := make(map[string]string)
json.Unmarshal(buf.Bytes(), &m)
switch {
case m["serial_number"] == "1c-71-6e-18-cc-f4-70-29-5f-75-ee-64-a8-fe-69-ad":
switch m["serial_number"] {
case "1c-71-6e-18-cc-f4-70-29-5f-75-ee-64-a8-fe-69-ad":
w.WriteHeader(http.StatusOK)
return
case m["serial_number"] == "01-e2-40":
case "01-e2-40":
w.WriteHeader(http.StatusOK)
return
// both
case m["serial_number"] == "01-34-3e":
case "01-34-3e":
w.WriteHeader(http.StatusOK)
return
default:

6
examples/basic-client/client.go
View File

@@ -1,3 +1,4 @@
//nolint:govet // example code; allow unused variables
package main
import (
@@ -95,10 +96,11 @@ func main() {
// An http server will use the tls.Config like:
_ = &http.Server{
Addr: ":443",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Handler: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.Write([]byte("Hello world"))
}),
TLSConfig: tlsConfig,
TLSConfig: tlsConfig,
ReadHeaderTimeout: 30 * time.Second,
}
// Get tls.Config for a client

4
examples/basic-federation/server/main.go
View File

@@ -31,9 +31,9 @@ func main() {
name = r.TLS.PeerCertificates[0].Subject.CommonName
issuer = r.TLS.PeerCertificates[len(r.TLS.PeerCertificates)-1].Issuer.CommonName
}
w.Write([]byte(fmt.Sprintf("Hello %s (cert issued by '%s') at %s", name, issuer, time.Now().UTC())))
fmt.Fprintf(w, "Hello %s (cert issued by '%s') at %s", name, issuer, time.Now().UTC())
}),
ReadHeaderTimeout: 30 * time.Second,
}, ca.AddFederationToClientCAs(), ListTrustedRoots())
if err != nil {
panic(err)

3
examples/bootstrap-mtls-server/server.go
View File

@@ -29,8 +29,9 @@ func main() {
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
name = r.TLS.PeerCertificates[0].Subject.CommonName
}
w.Write([]byte(fmt.Sprintf("Hello %s at %s!!!", name, time.Now().UTC())))
fmt.Fprintf(w, "Hello %s at %s!!!", name, time.Now().UTC())
}),
ReadHeaderTimeout: 30 * time.Second,
})
if err != nil {
panic(err)

3
examples/bootstrap-tls-server/server.go
View File

@@ -29,8 +29,9 @@ func main() {
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
name = r.TLS.PeerCertificates[0].Subject.CommonName
}
w.Write([]byte(fmt.Sprintf("Hello %s at %s!!!", name, time.Now().UTC())))
fmt.Fprintf(w, "Hello %s at %s!!!", name, time.Now().UTC())
}),
ReadHeaderTimeout: 30 * time.Second,
}, ca.VerifyClientCertIfGiven())
if err != nil {
panic(err)

2
test/integration/scep/internal/x509/oid.go
View File

@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//nolint:stylecheck,revive,gocritic // code copied from crypto/x509
//nolint:staticcheck,revive,gocritic // code copied from crypto/x509
package legacyx509
import (