forked from TrueCloudLab/certificates
Merge branch 'master' into name-constraints
This commit is contained in:
commit
325d8bca4f
128 changed files with 1308 additions and 1288 deletions
12
.github/workflows/codeql-analysis.yml
vendored
12
.github/workflows/codeql-analysis.yml
vendored
|
@ -18,7 +18,11 @@ on:
|
|||
# The branches below must be a subset of the branches above
|
||||
branches: [ "master" ]
|
||||
schedule:
|
||||
- cron: '30 3 * * 3'
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
|
@ -48,11 +52,11 @@ jobs:
|
|||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
|
||||
|
||||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
||||
# queries: security-extended,security-and-quality
|
||||
|
||||
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
|
@ -61,7 +65,7 @@ jobs:
|
|||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
|
||||
# If the Autobuild fails above, remove it and uncomment the following three lines.
|
||||
# If the Autobuild fails above, remove it and uncomment the following three lines.
|
||||
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
|
||||
|
||||
# - run: |
|
||||
|
|
38
.github/workflows/release.yml
vendored
38
.github/workflows/release.yml
vendored
|
@ -7,41 +7,13 @@ on:
|
|||
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
|
||||
|
||||
jobs:
|
||||
test:
|
||||
name: Lint, Test, Build
|
||||
runs-on: ubuntu-20.04
|
||||
strategy:
|
||||
matrix:
|
||||
go: [ '1.18', '1.19' ]
|
||||
outputs:
|
||||
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Setup Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: ${{ matrix.go }}
|
||||
-
|
||||
name: Install Deps
|
||||
id: install-deps
|
||||
run: sudo apt-get -y install libpcsclite-dev
|
||||
-
|
||||
name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@v2
|
||||
with:
|
||||
version: ${{ secrets.GOLANGCI_LINT_VERSION }}
|
||||
args: --timeout=30m
|
||||
-
|
||||
name: Test, Build
|
||||
id: lint_test_build
|
||||
run: V=1 make ci
|
||||
ci:
|
||||
uses: smallstep/workflows/.github/workflows/goCI.yml@main
|
||||
|
||||
|
||||
create_release:
|
||||
name: Create Release
|
||||
needs: test
|
||||
needs: ci
|
||||
runs-on: ubuntu-20.04
|
||||
outputs:
|
||||
debversion: ${{ steps.extract-tag.outputs.DEB_VERSION }}
|
||||
|
@ -132,7 +104,7 @@ jobs:
|
|||
build_upload_docker:
|
||||
name: Build & Upload Docker Images
|
||||
runs-on: ubuntu-20.04
|
||||
needs: test
|
||||
needs: ci
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
|
|
48
.github/workflows/test.yml
vendored
48
.github/workflows/test.yml
vendored
|
@ -1,4 +1,4 @@
|
|||
name: Lint, Test, Build
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
|
@ -7,43 +7,13 @@ on:
|
|||
branches:
|
||||
- "**"
|
||||
pull_request:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
lintTestBuild:
|
||||
name: Lint, Test, Build
|
||||
runs-on: ubuntu-20.04
|
||||
strategy:
|
||||
matrix:
|
||||
go: [ '1.18', '1.19' ]
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Setup Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: ${{ matrix.go }}
|
||||
-
|
||||
name: Install Deps
|
||||
id: install-deps
|
||||
run: sudo apt-get -y install libpcsclite-dev
|
||||
-
|
||||
name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@v2
|
||||
with:
|
||||
version: ${{ secrets.GOLANGCI_LINT_VERSION }}
|
||||
args: --timeout=30m
|
||||
-
|
||||
name: Test, Build
|
||||
id: lint_test_build
|
||||
run: V=1 make ci
|
||||
-
|
||||
name: Codecov
|
||||
if: matrix.go == '1.19'
|
||||
uses: codecov/codecov-action@v2
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
files: ./coverage.out # optional
|
||||
name: codecov-umbrella # optional
|
||||
fail_ci_if_error: true # optional (default = false)
|
||||
ci:
|
||||
uses: smallstep/workflows/.github/workflows/goCI.yml@main
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
linters-settings:
|
||||
govet:
|
||||
check-shadowing: true
|
||||
settings:
|
||||
printf:
|
||||
funcs:
|
||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
|
||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
|
||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
|
||||
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
|
||||
revive:
|
||||
min-confidence: 0
|
||||
gocyclo:
|
||||
min-complexity: 10
|
||||
maligned:
|
||||
suggest-new: true
|
||||
dupl:
|
||||
threshold: 100
|
||||
goconst:
|
||||
min-len: 2
|
||||
min-occurrences: 2
|
||||
depguard:
|
||||
list-type: blacklist
|
||||
packages:
|
||||
# logging is allowed only by logutils.Log, logrus
|
||||
# is allowed to use only in logutils package
|
||||
- github.com/sirupsen/logrus
|
||||
misspell:
|
||||
locale: US
|
||||
lll:
|
||||
line-length: 140
|
||||
goimports:
|
||||
local-prefixes: github.com/golangci/golangci-lint
|
||||
gocritic:
|
||||
enabled-tags:
|
||||
- performance
|
||||
- style
|
||||
- experimental
|
||||
- diagnostic
|
||||
disabled-checks:
|
||||
- commentFormatting
|
||||
- commentedOutCode
|
||||
- evalOrder
|
||||
- hugeParam
|
||||
- octalLiteral
|
||||
- rangeValCopy
|
||||
- tooManyResultsChecker
|
||||
- unnamedResult
|
||||
|
||||
linters:
|
||||
disable-all: true
|
||||
enable:
|
||||
- gocritic
|
||||
- gofmt
|
||||
- gosimple
|
||||
- govet
|
||||
- ineffassign
|
||||
- misspell
|
||||
- revive
|
||||
- staticcheck
|
||||
- unused
|
||||
|
||||
run:
|
||||
skip-dirs:
|
||||
- pkg
|
||||
|
||||
issues:
|
||||
exclude:
|
||||
- can't lint
|
||||
- declaration of "err" shadows declaration at line
|
||||
- should have a package comment, unless it's in another file for this package
|
||||
- error strings should not be capitalized or end with punctuation or a newline
|
||||
- Wrapf call needs 1 arg but has 2 args
|
||||
- cs.NegotiatedProtocolIsMutual is deprecated
|
23
Makefile
23
Makefile
|
@ -28,8 +28,9 @@ ci: testcgo build
|
|||
#########################################
|
||||
|
||||
bootstra%:
|
||||
# Using a released version of golangci-lint to take into account custom replacements in their go.mod
|
||||
$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.42.0
|
||||
$Q curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin latest
|
||||
$Q go install golang.org/x/vuln/cmd/govulncheck@latest
|
||||
$Q go install gotest.tools/gotestsum@latest
|
||||
|
||||
.PHONY: bootstra%
|
||||
|
||||
|
@ -132,17 +133,18 @@ generate:
|
|||
# Test
|
||||
#########################################
|
||||
test:
|
||||
$Q $(GOFLAGS) go test -short -coverprofile=coverage.out ./...
|
||||
$Q $(GOFLAGS) gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
|
||||
|
||||
|
||||
testcgo:
|
||||
$Q go test -short -coverprofile=coverage.out ./...
|
||||
$Q gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
|
||||
|
||||
.PHONY: test testcgo
|
||||
|
||||
integrate: integration
|
||||
|
||||
integration: bin/$(BINNAME)
|
||||
$Q $(GOFLAGS) go test -tags=integration ./integration/...
|
||||
$Q $(GOFLAGS) gotestsum -- -tags=integration ./integration/...
|
||||
|
||||
.PHONY: integrate integration
|
||||
|
||||
|
@ -151,15 +153,14 @@ integration: bin/$(BINNAME)
|
|||
#########################################
|
||||
|
||||
fmt:
|
||||
$Q gofmt -l -s -w $(SRC)
|
||||
$Q goimports -l -w $(SRC)
|
||||
|
||||
lint: SHELL:=/bin/bash
|
||||
lint:
|
||||
$Q golangci-lint run --timeout=30m
|
||||
$Q LOG_LEVEL=error golangci-lint run --config <(curl -s https://raw.githubusercontent.com/smallstep/workflows/master/.golangci.yml) --timeout=30m
|
||||
$Q govulncheck ./...
|
||||
|
||||
lintcgo:
|
||||
$Q LOG_LEVEL=error golangci-lint run --timeout=30m
|
||||
|
||||
.PHONY: fmt lint lintcgo
|
||||
.PHONY: fmt lint
|
||||
|
||||
#########################################
|
||||
# Install
|
||||
|
|
|
@ -33,7 +33,7 @@ func (a *Account) ToLog() (interface{}, error) {
|
|||
|
||||
// IsValid returns true if the Account is valid.
|
||||
func (a *Account) IsValid() bool {
|
||||
return Status(a.Status) == StatusValid
|
||||
return a.Status == StatusValid
|
||||
}
|
||||
|
||||
// KeyToID converts a JWK to a thumbprint.
|
||||
|
|
|
@ -46,14 +46,14 @@ func TestKeyToID(t *testing.T) {
|
|||
tc := run(t)
|
||||
if id, err := KeyToID(tc.jwk); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -131,12 +131,13 @@ func TestExternalAccountKey_BindTo(t *testing.T) {
|
|||
}
|
||||
if wantErr {
|
||||
assert.NotNil(t, err)
|
||||
assert.Type(t, &Error{}, err)
|
||||
ae, _ := err.(*Error)
|
||||
assert.Equals(t, ae.Type, tt.err.Type)
|
||||
assert.Equals(t, ae.Detail, tt.err.Detail)
|
||||
assert.Equals(t, ae.Identifier, tt.err.Identifier)
|
||||
assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
|
||||
var ae *Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.Equals(t, ae.Type, tt.err.Type)
|
||||
assert.Equals(t, ae.Detail, tt.err.Detail)
|
||||
assert.Equals(t, ae.Identifier, tt.err.Identifier)
|
||||
assert.Equals(t, ae.Subproblems, tt.err.Subproblems)
|
||||
}
|
||||
} else {
|
||||
assert.Equals(t, eak.AccountID, acct.ID)
|
||||
assert.Equals(t, eak.HmacKey, []byte{})
|
||||
|
|
|
@ -2,6 +2,7 @@ package api
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
|
@ -97,8 +98,8 @@ func NewAccount(w http.ResponseWriter, r *http.Request) {
|
|||
httpStatus := http.StatusCreated
|
||||
acc, err := accountFromContext(ctx)
|
||||
if err != nil {
|
||||
acmeErr, ok := err.(*acme.Error)
|
||||
if !ok || acmeErr.Status != http.StatusBadRequest {
|
||||
var acmeErr *acme.Error
|
||||
if !errors.As(err, &acmeErr) || acmeErr.Status != http.StatusBadRequest {
|
||||
// Something went wrong ...
|
||||
render.Error(w, err)
|
||||
return
|
||||
|
|
|
@ -197,11 +197,12 @@ func TestNewAccountRequest_Validate(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
if err := tc.nar.Validate(); err != nil {
|
||||
if assert.NotNil(t, err) {
|
||||
ae, ok := err.(*acme.Error)
|
||||
assert.True(t, ok)
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
var ae *acme.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, tc.err)
|
||||
|
@ -268,11 +269,12 @@ func TestUpdateAccountRequest_Validate(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
if err := tc.uar.Validate(); err != nil {
|
||||
if assert.NotNil(t, err) {
|
||||
ae, ok := err.(*acme.Error)
|
||||
assert.True(t, ok)
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
var ae *acme.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, tc.err)
|
||||
|
|
|
@ -3,6 +3,7 @@ package api
|
|||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
|
||||
"go.step.sm/crypto/jose"
|
||||
|
||||
|
@ -24,6 +25,7 @@ func validateExternalAccountBinding(ctx context.Context, nar *NewAccountRequest)
|
|||
}
|
||||
|
||||
if !acmeProv.RequireEAB {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -51,7 +53,8 @@ func validateExternalAccountBinding(ctx context.Context, nar *NewAccountRequest)
|
|||
db := acme.MustDatabaseFromContext(ctx)
|
||||
externalAccountKey, err := db.GetExternalAccountKey(ctx, acmeProv.ID, keyID)
|
||||
if err != nil {
|
||||
if _, ok := err.(*acme.Error); ok {
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
return nil, acme.WrapError(acme.ErrorUnauthorizedType, err, "the field 'kid' references an unknown key")
|
||||
}
|
||||
return nil, acme.WrapErrorISE(err, "error retrieving external account key")
|
||||
|
|
|
@ -860,13 +860,15 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
|
|||
if wantErr {
|
||||
assert.NotNil(t, err)
|
||||
assert.Type(t, &acme.Error{}, err)
|
||||
ae, _ := err.(*acme.Error)
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
assert.Equals(t, ae.Status, tc.err.Status)
|
||||
assert.HasPrefix(t, ae.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.err.Detail)
|
||||
assert.Equals(t, ae.Identifier, tc.err.Identifier)
|
||||
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
|
||||
var ae *acme.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
assert.Equals(t, ae.Status, tc.err.Status)
|
||||
assert.HasPrefix(t, ae.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.err.Detail)
|
||||
assert.Equals(t, ae.Identifier, tc.err.Identifier)
|
||||
assert.Equals(t, ae.Subproblems, tc.err.Subproblems)
|
||||
}
|
||||
} else {
|
||||
if got == nil {
|
||||
assert.Nil(t, tc.eak)
|
||||
|
|
|
@ -518,9 +518,6 @@ func TestHandler_verifyAndExtractJWSPayload(t *testing.T) {
|
|||
}
|
||||
},
|
||||
"ok/empty-algorithm-in-jwk": func(t *testing.T) test {
|
||||
_pub := *pub
|
||||
clone := &_pub
|
||||
clone.Algorithm = ""
|
||||
ctx := context.WithValue(context.Background(), jwsContextKey, parsedJWS)
|
||||
ctx = context.WithValue(ctx, jwkContextKey, pub)
|
||||
return test{
|
||||
|
|
|
@ -179,11 +179,12 @@ func TestNewOrderRequest_Validate(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
if err := tc.nor.Validate(); err != nil {
|
||||
if assert.NotNil(t, err) {
|
||||
ae, ok := err.(*acme.Error)
|
||||
assert.True(t, ok)
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
var ae *acme.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if assert.Nil(t, tc.err) {
|
||||
|
@ -253,11 +254,12 @@ func TestFinalizeRequestValidate(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
if err := tc.fr.Validate(); err != nil {
|
||||
if assert.NotNil(t, err) {
|
||||
ae, ok := err.(*acme.Error)
|
||||
assert.True(t, ok)
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
var ae *acme.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.HasPrefix(t, ae.Error(), tc.err.Error())
|
||||
assert.Equals(t, ae.StatusCode(), tc.err.StatusCode())
|
||||
assert.Equals(t, ae.Type, tc.err.Type)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if assert.Nil(t, tc.err) {
|
||||
|
@ -756,19 +758,22 @@ func TestHandler_newAuthorization(t *testing.T) {
|
|||
}
|
||||
for name, run := range tests {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
if name == "ok/permanent-identifier-enabled" {
|
||||
println(1)
|
||||
}
|
||||
tc := run(t)
|
||||
ctx := newBaseContext(context.Background(), tc.db)
|
||||
ctx = acme.NewProvisionerContext(ctx, tc.prov)
|
||||
if err := newAuthorization(ctx, tc.az); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var k *acme.Error
|
||||
if assert.True(t, errors.As(err, &k)) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -130,14 +130,14 @@ func TestAuthorization_UpdateStatus(t *testing.T) {
|
|||
tc := run(t)
|
||||
if err := tc.az.UpdateStatus(context.Background(), tc.db); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -162,7 +162,7 @@ func tlsalpn01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSON
|
|||
// [RFC5246] or higher when connecting to clients for validation.
|
||||
MinVersion: tls.VersionTLS12,
|
||||
ServerName: serverName(ch),
|
||||
InsecureSkipVerify: true, // nolint:gosec // we expect a self-signed challenge certificate
|
||||
InsecureSkipVerify: true, //nolint:gosec // we expect a self-signed challenge certificate
|
||||
}
|
||||
|
||||
hostPort := net.JoinHostPort(ch.Value, "443")
|
||||
|
|
|
@ -188,14 +188,14 @@ func Test_storeError(t *testing.T) {
|
|||
tc := run(t)
|
||||
if err := storeError(context.Background(), tc.db, tc.ch, tc.markInvalid, err); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -243,14 +243,14 @@ func TestKeyAuthorization(t *testing.T) {
|
|||
tc := run(t)
|
||||
if ka, err := KeyAuthorization(tc.token, tc.jwk); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -533,14 +533,14 @@ func TestChallenge_Validate(t *testing.T) {
|
|||
ctx := NewClientContext(context.Background(), tc.vc)
|
||||
if err := tc.ch.Validate(ctx, tc.db, tc.jwk, nil); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -928,14 +928,14 @@ func TestHTTP01Validate(t *testing.T) {
|
|||
ctx := NewClientContext(context.Background(), tc.vc)
|
||||
if err := http01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -1228,14 +1228,14 @@ func TestDNS01Validate(t *testing.T) {
|
|||
ctx := NewClientContext(context.Background(), tc.vc)
|
||||
if err := dns01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -2298,14 +2298,14 @@ func TestTLSALPN01Validate(t *testing.T) {
|
|||
ctx := NewClientContext(context.Background(), tc.vc)
|
||||
if err := tlsalpn01Validate(ctx, tc.ch, tc.db, tc.jwk); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ func NewClient() Client {
|
|||
Timeout: 30 * time.Second,
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
// nolint:gosec // used on tls-alpn-01 challenge
|
||||
//nolint:gosec // used on tls-alpn-01 challenge
|
||||
InsecureSkipVerify: true, // lgtm[go/disabled-certificate-check]
|
||||
},
|
||||
},
|
||||
|
|
|
@ -95,16 +95,16 @@ func TestDB_getDBAccount(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if dbacc, err := d.getDBAccount(context.Background(), accID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -174,16 +174,16 @@ func TestDB_getAccountIDByKeyID(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if retAccID, err := d.getAccountIDByKeyID(context.Background(), kid); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -248,16 +248,16 @@ func TestDB_GetAccount(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if acc, err := d.GetAccount(context.Background(), accID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -354,16 +354,16 @@ func TestDB_GetAccountByKeyID(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if acc, err := d.GetAccountByKeyID(context.Background(), kid); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -101,16 +101,16 @@ func TestDB_getDBAuthz(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if dbaz, err := d.getDBAuthz(context.Background(), azID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -295,16 +295,16 @@ func TestDB_GetAuthorization(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if az, err := d.GetAuthorization(context.Background(), azID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -745,16 +745,16 @@ func TestDB_GetAuthorizationsByAccountID(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if azs, err := d.GetAuthorizationsByAccountID(context.Background(), accountID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -138,5 +138,4 @@ func parseBundle(b []byte) ([]*x509.Certificate, error) {
|
|||
return nil, errors.New("error decoding PEM: unexpected data")
|
||||
}
|
||||
return bundle, nil
|
||||
|
||||
}
|
||||
|
|
|
@ -250,16 +250,16 @@ func TestDB_GetCertificate(t *testing.T) {
|
|||
d := DB{db: tc.db}
|
||||
cert, err := d.GetCertificate(context.Background(), certID)
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var acmeErr *acme.Error
|
||||
if errors.As(err, &acmeErr) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, acmeErr.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, acmeErr.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, acmeErr.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -444,16 +444,16 @@ func TestDB_GetCertificateBySerial(t *testing.T) {
|
|||
d := DB{db: tc.db}
|
||||
cert, err := d.GetCertificateBySerial(context.Background(), serial)
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -94,16 +94,16 @@ func TestDB_getDBChallenge(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if ch, err := d.getDBChallenge(context.Background(), chID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -286,16 +286,16 @@ func TestDB_GetChallenge(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if ch, err := d.GetChallenge(context.Background(), chID, azID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -54,7 +54,6 @@ func (db *DB) getDBExternalAccountKey(ctx context.Context, id string) (*dbExtern
|
|||
|
||||
// CreateExternalAccountKey creates a new External Account Binding key with a name
|
||||
func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerID, reference string) (*acme.ExternalAccountKey, error) {
|
||||
|
||||
externalAccountKeyMutex.Lock()
|
||||
defer externalAccountKeyMutex.Unlock()
|
||||
|
||||
|
@ -210,6 +209,7 @@ func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, provisionerI
|
|||
defer externalAccountKeyMutex.RUnlock()
|
||||
|
||||
if reference == "" {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -228,6 +228,7 @@ func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, provisionerI
|
|||
}
|
||||
|
||||
func (db *DB) GetExternalAccountKeyByAccountID(ctx context.Context, provisionerID, accountID string) (*acme.ExternalAccountKey, error) {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -371,7 +372,6 @@ func sliceIndex(slice []string, item string) int {
|
|||
// removeElement deletes the item if it exists in the
|
||||
// slice. It returns a new slice, keeping the old one intact.
|
||||
func removeElement(slice []string, item string) []string {
|
||||
|
||||
newSlice := make([]string, 0)
|
||||
index := sliceIndex(slice, item)
|
||||
if index < 0 {
|
||||
|
|
|
@ -93,16 +93,16 @@ func TestDB_getDBExternalAccountKey(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if dbeak, err := d.getDBExternalAccountKey(context.Background(), keyID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -210,16 +210,16 @@ func TestDB_GetExternalAccountKey(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if eak, err := d.GetExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -374,16 +374,16 @@ func TestDB_GetExternalAccountKeyByReference(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if eak, err := d.GetExternalAccountKeyByReference(context.Background(), provID, tc.ref); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -580,16 +580,16 @@ func TestDB_GetExternalAccountKeys(t *testing.T) {
|
|||
cursor, limit := "", 0
|
||||
if eaks, nextCursor, err := d.GetExternalAccountKeys(context.Background(), provID, cursor, limit); err != nil {
|
||||
assert.Equals(t, "", nextCursor)
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.Equals(t, tc.err.Error(), err.Error())
|
||||
}
|
||||
|
@ -672,7 +672,7 @@ func TestDB_DeleteExternalAccountKey(t *testing.T) {
|
|||
return errors.New("force default")
|
||||
}
|
||||
},
|
||||
MCmpAndSwap: func(bucket, key, old, new []byte) ([]byte, bool, error) {
|
||||
MCmpAndSwap: func(bucket, key, old, nu []byte) ([]byte, bool, error) {
|
||||
fmt.Println(string(bucket))
|
||||
switch string(bucket) {
|
||||
case string(externalAccountKeyIDsByReferenceTable):
|
||||
|
@ -882,16 +882,16 @@ func TestDB_DeleteExternalAccountKey(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if err := d.DeleteExternalAccountKey(context.Background(), provID, keyID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.Equals(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -146,16 +146,16 @@ func TestDB_DeleteNonce(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if err := d.DeleteNonce(context.Background(), acme.Nonce(nonceID)); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -102,16 +102,16 @@ func TestDB_getDBOrder(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if dbo, err := d.getDBOrder(context.Background(), orderID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -206,16 +206,16 @@ func TestDB_GetOrder(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if o, err := d.GetOrder(context.Background(), orderID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -1003,16 +1003,16 @@ func TestDB_updateAddOrderIDs(t *testing.T) {
|
|||
}
|
||||
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *acme.Error:
|
||||
var ae *acme.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.acmeErr) {
|
||||
assert.Equals(t, k.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.acmeErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.acmeErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.acmeErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.acmeErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -310,10 +310,11 @@ func NewErrorISE(msg string, args ...interface{}) *Error {
|
|||
|
||||
// WrapError attempts to wrap the internal error.
|
||||
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
||||
switch e := err.(type) {
|
||||
case nil:
|
||||
var e *Error
|
||||
switch {
|
||||
case err == nil:
|
||||
return nil
|
||||
case *Error:
|
||||
case errors.As(err, &e):
|
||||
if e.Err == nil {
|
||||
e.Err = errors.Errorf(msg+"; "+e.Detail, args...)
|
||||
} else {
|
||||
|
|
|
@ -324,7 +324,6 @@ func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int {
|
|||
// addresses or DNS names slice, depending on whether it can be parsed as an IP
|
||||
// or not. This might result in an additional SAN in the final certificate.
|
||||
func canonicalize(csr *x509.CertificateRequest) (canonicalized *x509.CertificateRequest) {
|
||||
|
||||
// for clarity only; we're operating on the same object by pointer
|
||||
canonicalized = csr
|
||||
|
||||
|
|
|
@ -247,14 +247,14 @@ func TestOrder_UpdateStatus(t *testing.T) {
|
|||
tc := run(t)
|
||||
if err := tc.o.UpdateStatus(context.Background(), tc.db); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -812,14 +812,14 @@ func TestOrder_Finalize(t *testing.T) {
|
|||
tc := run(t)
|
||||
if err := tc.o.Finalize(context.Background(), tc.db, tc.csr, tc.ca, tc.prov); err != nil {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tc.err.Type)
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
assert.Equals(t, k.Status, tc.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
}
|
||||
|
@ -1474,14 +1474,14 @@ func TestOrder_sans(t *testing.T) {
|
|||
t.Errorf("Order.sans() = %v, want error; got none", got)
|
||||
return
|
||||
}
|
||||
switch k := err.(type) {
|
||||
case *Error:
|
||||
var k *Error
|
||||
if errors.As(err, &k) {
|
||||
assert.Equals(t, k.Type, tt.err.Type)
|
||||
assert.Equals(t, k.Detail, tt.err.Detail)
|
||||
assert.Equals(t, k.Status, tt.err.Status)
|
||||
assert.Equals(t, k.Err.Error(), tt.err.Err.Error())
|
||||
assert.Equals(t, k.Detail, tt.err.Detail)
|
||||
default:
|
||||
} else {
|
||||
assert.FatalError(t, errors.New("unexpected error type"))
|
||||
}
|
||||
return
|
||||
|
|
|
@ -3,7 +3,7 @@ package api
|
|||
import (
|
||||
"context"
|
||||
"crypto"
|
||||
"crypto/dsa" //nolint
|
||||
"crypto/dsa" //nolint:staticcheck // support legacy algorithms
|
||||
"crypto/ecdsa"
|
||||
"crypto/ed25519"
|
||||
"crypto/rsa"
|
||||
|
|
|
@ -41,8 +41,8 @@ func TestJSON(t *testing.T) {
|
|||
}
|
||||
|
||||
if tt.wantErr {
|
||||
e, ok := err.(*errs.Error)
|
||||
if ok {
|
||||
var e *errs.Error
|
||||
if errors.As(err, &e) {
|
||||
if code := e.StatusCode(); code != 400 {
|
||||
t.Errorf("error.StatusCode() = %v, wants 400", code)
|
||||
}
|
||||
|
@ -102,14 +102,15 @@ func TestProtoJSON(t *testing.T) {
|
|||
}
|
||||
|
||||
if tt.wantErr {
|
||||
switch err.(type) {
|
||||
case badProtoJSONError:
|
||||
var (
|
||||
ee *errs.Error
|
||||
bpe badProtoJSONError
|
||||
)
|
||||
switch {
|
||||
case errors.As(err, &bpe):
|
||||
assert.Contains(t, err.Error(), "syntax error")
|
||||
case *errs.Error:
|
||||
var ee *errs.Error
|
||||
if errors.As(err, &ee) {
|
||||
assert.Equal(t, http.StatusBadRequest, ee.Status)
|
||||
}
|
||||
case errors.As(err, &ee):
|
||||
assert.Equal(t, http.StatusBadRequest, ee.Status)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@ const (
|
|||
// Renew uses the information of certificate in the TLS connection to create a
|
||||
// new one.
|
||||
func Renew(w http.ResponseWriter, r *http.Request) {
|
||||
//nolint:contextcheck // the reqest has the context
|
||||
cert, err := getPeerCertificate(r)
|
||||
if err != nil {
|
||||
render.Error(w, err)
|
||||
|
|
|
@ -62,12 +62,12 @@ func TestRevokeRequestValidate(t *testing.T) {
|
|||
for name, tc := range tests {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
if err := tc.rr.Validate(); err != nil {
|
||||
switch v := err.(type) {
|
||||
case *errs.Error:
|
||||
assert.HasPrefix(t, v.Error(), tc.err.Error())
|
||||
assert.Equals(t, v.StatusCode(), tc.err.Status)
|
||||
default:
|
||||
t.Errorf("unexpected error type: %T", v)
|
||||
var ee *errs.Error
|
||||
if errors.As(err, &ee) {
|
||||
assert.HasPrefix(t, ee.Error(), tc.err.Error())
|
||||
assert.Equals(t, ee.StatusCode(), tc.err.Status)
|
||||
} else {
|
||||
t.Errorf("unexpected error type: %T", err)
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, tc.err)
|
||||
|
|
|
@ -83,6 +83,7 @@ func SSHRekey(w http.ResponseWriter, r *http.Request) {
|
|||
notBefore := time.Unix(int64(oldCert.ValidAfter), 0)
|
||||
notAfter := time.Unix(int64(oldCert.ValidBefore), 0)
|
||||
|
||||
//nolint:contextcheck // the reqest has the context
|
||||
identity, err := renewIdentityCertificate(r, notBefore, notAfter)
|
||||
if err != nil {
|
||||
render.Error(w, errs.ForbiddenErr(err, "error renewing identity certificate"))
|
||||
|
|
|
@ -75,6 +75,7 @@ func SSHRenew(w http.ResponseWriter, r *http.Request) {
|
|||
notBefore := time.Unix(int64(oldCert.ValidAfter), 0)
|
||||
notAfter := time.Unix(int64(oldCert.ValidBefore), 0)
|
||||
|
||||
//nolint:contextcheck // the reqest has the context
|
||||
identity, err := renewIdentityCertificate(r, notBefore, notAfter)
|
||||
if err != nil {
|
||||
render.Error(w, errs.ForbiddenErr(err, "error renewing identity certificate"))
|
||||
|
|
|
@ -84,7 +84,6 @@ func (h *acmeAdminResponder) DeleteExternalAccountKey(w http.ResponseWriter, r *
|
|||
}
|
||||
|
||||
func eakToLinked(k *acme.ExternalAccountKey) *linkedca.EABKey {
|
||||
|
||||
if k == nil {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -229,11 +229,13 @@ func TestCreateAdminRequest_Validate(t *testing.T) {
|
|||
|
||||
if err != nil {
|
||||
assert.Type(t, &admin.Error{}, err)
|
||||
adminErr, _ := err.(*admin.Error)
|
||||
assert.Equals(t, tt.err.Type, adminErr.Type)
|
||||
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
||||
assert.Equals(t, tt.err.Status, adminErr.Status)
|
||||
assert.Equals(t, tt.err.Message, adminErr.Message)
|
||||
var adminErr *admin.Error
|
||||
if assert.True(t, errors.As(err, &adminErr)) {
|
||||
assert.Equals(t, tt.err.Type, adminErr.Type)
|
||||
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
||||
assert.Equals(t, tt.err.Status, adminErr.Status)
|
||||
assert.Equals(t, tt.err.Message, adminErr.Message)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
@ -278,11 +280,13 @@ func TestUpdateAdminRequest_Validate(t *testing.T) {
|
|||
|
||||
if err != nil {
|
||||
assert.Type(t, &admin.Error{}, err)
|
||||
adminErr, _ := err.(*admin.Error)
|
||||
assert.Equals(t, tt.err.Type, adminErr.Type)
|
||||
assert.Equals(t, tt.err.Detail, adminErr.Detail)
|
||||
assert.Equals(t, tt.err.Status, adminErr.Status)
|
||||
assert.Equals(t, tt.err.Message, adminErr.Message)
|
||||
var ae *admin.Error
|
||||
if assert.True(t, errors.As(err, &ae)) {
|
||||
assert.Equals(t, tt.err.Type, ae.Type)
|
||||
assert.Equals(t, tt.err.Detail, ae.Detail)
|
||||
assert.Equals(t, tt.err.Status, ae.Status)
|
||||
assert.Equals(t, tt.err.Message, ae.Message)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -30,7 +30,6 @@ func requireAPIEnabled(next http.HandlerFunc) http.HandlerFunc {
|
|||
// extractAuthorizeTokenAdmin is a middleware that extracts and caches the bearer token.
|
||||
func extractAuthorizeTokenAdmin(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
tok := r.Header.Get("Authorization")
|
||||
if tok == "" {
|
||||
render.Error(w, admin.NewError(admin.ErrorUnauthorizedType,
|
||||
|
|
|
@ -50,7 +50,8 @@ func (par *policyAdminResponder) GetAuthorityPolicy(w http.ResponseWriter, r *ht
|
|||
|
||||
auth := mustAuthority(ctx)
|
||||
authorityPolicy, err := auth.GetAuthorityPolicy(r.Context())
|
||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
||||
return
|
||||
}
|
||||
|
@ -74,7 +75,8 @@ func (par *policyAdminResponder) CreateAuthorityPolicy(w http.ResponseWriter, r
|
|||
auth := mustAuthority(ctx)
|
||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||
|
||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
||||
return
|
||||
}
|
||||
|
@ -125,7 +127,8 @@ func (par *policyAdminResponder) UpdateAuthorityPolicy(w http.ResponseWriter, r
|
|||
auth := mustAuthority(ctx)
|
||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||
|
||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
render.Error(w, admin.WrapErrorISE(err, "error retrieving authority policy"))
|
||||
return
|
||||
}
|
||||
|
@ -175,7 +178,8 @@ func (par *policyAdminResponder) DeleteAuthorityPolicy(w http.ResponseWriter, r
|
|||
auth := mustAuthority(ctx)
|
||||
authorityPolicy, err := auth.GetAuthorityPolicy(ctx)
|
||||
|
||||
if ae, ok := err.(*admin.Error); ok && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) && !ae.IsType(admin.ErrorNotFoundType) {
|
||||
render.Error(w, admin.WrapErrorISE(ae, "error retrieving authority policy"))
|
||||
return
|
||||
}
|
||||
|
@ -468,7 +472,6 @@ func isBadRequest(err error) bool {
|
|||
}
|
||||
|
||||
func validatePolicy(p *linkedca.Policy) error {
|
||||
|
||||
// convert the policy; return early if nil
|
||||
options := policy.LinkedToCertificates(p)
|
||||
if options == nil {
|
||||
|
|
|
@ -111,14 +111,14 @@ func (db *DB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) {
|
|||
for _, entry := range dbEntries {
|
||||
adm, err := db.unmarshalAdmin(entry.Value, string(entry.Key))
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
if k.IsType(admin.ErrorDeletedType) || k.IsType(admin.ErrorAuthorityMismatchType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if ae.IsType(admin.ErrorDeletedType) || ae.IsType(admin.ErrorAuthorityMismatchType) {
|
||||
continue
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
|
|
@ -68,16 +68,16 @@ func TestDB_getDBAdminBytes(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if b, err := d.getDBAdminBytes(context.Background(), adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -192,16 +192,16 @@ func TestDB_getDBAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if dba, err := d.getDBAdmin(context.Background(), adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -280,16 +280,16 @@ func TestDB_unmarshalDBAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||
if dba, err := d.unmarshalDBAdmin(tc.in, adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -355,16 +355,16 @@ func TestDB_unmarshalAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||
if adm, err := d.unmarshalAdmin(tc.in, adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -509,16 +509,16 @@ func TestDB_GetAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if adm, err := d.GetAdmin(context.Background(), adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -661,16 +661,16 @@ func TestDB_DeleteAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.DeleteAdmin(context.Background(), adminID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -812,16 +812,16 @@ func TestDB_UpdateAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.UpdateAdmin(context.Background(), tc.adm); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -910,16 +910,16 @@ func TestDB_CreateAdmin(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.CreateAdmin(context.Background(), tc.adm); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -1086,16 +1086,16 @@ func TestDB_GetAdmins(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if admins, err := d.GetAdmins(context.Background()); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -83,6 +83,7 @@ func (db *DB) getDBAuthorityPolicyBytes(ctx context.Context, authorityID string)
|
|||
|
||||
func (db *DB) unmarshalDBAuthorityPolicy(data []byte) (*dbAuthorityPolicy, error) {
|
||||
if len(data) == 0 {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
var dba = new(dbAuthorityPolicy)
|
||||
|
@ -102,6 +103,7 @@ func (db *DB) getDBAuthorityPolicy(ctx context.Context, authorityID string) (*db
|
|||
return nil, err
|
||||
}
|
||||
if dbap == nil {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
if dbap.AuthorityID != authorityID {
|
||||
|
@ -112,7 +114,6 @@ func (db *DB) getDBAuthorityPolicy(ctx context.Context, authorityID string) (*db
|
|||
}
|
||||
|
||||
func (db *DB) CreateAuthorityPolicy(ctx context.Context, policy *linkedca.Policy) error {
|
||||
|
||||
dbap := &dbAuthorityPolicy{
|
||||
ID: db.authorityID,
|
||||
AuthorityID: db.authorityID,
|
||||
|
@ -228,7 +229,6 @@ func dbToLinked(p *dbPolicy) *linkedca.Policy {
|
|||
}
|
||||
|
||||
func linkedToDB(p *linkedca.Policy) *dbPolicy {
|
||||
|
||||
if p == nil {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -72,16 +72,16 @@ func TestDB_getDBAuthorityPolicyBytes(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if b, err := d.getDBAuthorityPolicyBytes(tc.ctx, tc.authorityID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -208,16 +208,16 @@ func TestDB_getDBAuthorityPolicy(t *testing.T) {
|
|||
dbp, err := d.getDBAuthorityPolicy(tc.ctx, tc.authorityID)
|
||||
switch {
|
||||
case err != nil:
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -309,16 +309,16 @@ func TestDB_CreateAuthorityPolicy(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||
if err := d.CreateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -406,16 +406,16 @@ func TestDB_GetAuthorityPolicy(t *testing.T) {
|
|||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||
got, err := d.GetAuthorityPolicy(tc.ctx)
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -578,16 +578,16 @@ func TestDB_UpdateAuthorityPolicy(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||
if err := d.UpdateAuthorityPolicy(tc.ctx, tc.policy); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -718,16 +718,16 @@ func TestDB_DeleteAuthorityPolicy(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: tc.authorityID}
|
||||
if err := d.DeleteAuthorityPolicy(tc.ctx); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -122,14 +122,14 @@ func (db *DB) GetProvisioners(ctx context.Context) ([]*linkedca.Provisioner, err
|
|||
for _, entry := range dbEntries {
|
||||
prov, err := db.unmarshalProvisioner(entry.Value, string(entry.Key))
|
||||
if err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
if k.IsType(admin.ErrorDeletedType) || k.IsType(admin.ErrorAuthorityMismatchType) {
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if ae.IsType(admin.ErrorDeletedType) || ae.IsType(admin.ErrorAuthorityMismatchType) {
|
||||
continue
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
|
|
@ -67,16 +67,16 @@ func TestDB_getDBProvisionerBytes(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db}
|
||||
if b, err := d.getDBProvisionerBytes(context.Background(), provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -189,16 +189,16 @@ func TestDB_getDBProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if dbp, err := d.getDBProvisioner(context.Background(), provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -275,16 +275,16 @@ func TestDB_unmarshalDBProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||
if dbp, err := d.unmarshalDBProvisioner(tc.in, provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -397,16 +397,16 @@ func TestDB_unmarshalProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{authorityID: admin.DefaultAuthorityID}
|
||||
if prov, err := d.unmarshalProvisioner(tc.in, provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -535,16 +535,16 @@ func TestDB_GetProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if prov, err := d.GetProvisioner(context.Background(), provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -683,16 +683,16 @@ func TestDB_DeleteProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.DeleteProvisioner(context.Background(), provID); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -844,16 +844,16 @@ func TestDB_GetProvisioners(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if provs, err := d.GetProvisioners(context.Background()); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -952,16 +952,16 @@ func TestDB_CreateProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.CreateProvisioner(context.Background(), tc.prov); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
@ -1188,16 +1188,16 @@ func TestDB_UpdateProvisioner(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
d := DB{db: tc.db, authorityID: admin.DefaultAuthorityID}
|
||||
if err := d.UpdateProvisioner(context.Background(), tc.prov); err != nil {
|
||||
switch k := err.(type) {
|
||||
case *admin.Error:
|
||||
var ae *admin.Error
|
||||
if errors.As(err, &ae) {
|
||||
if assert.NotNil(t, tc.adminErr) {
|
||||
assert.Equals(t, k.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, k.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, k.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, k.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Type, tc.adminErr.Type)
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
assert.Equals(t, ae.Status, tc.adminErr.Status)
|
||||
assert.Equals(t, ae.Err.Error(), tc.adminErr.Err.Error())
|
||||
assert.Equals(t, ae.Detail, tc.adminErr.Detail)
|
||||
}
|
||||
default:
|
||||
} else {
|
||||
if assert.NotNil(t, tc.err) {
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
}
|
||||
|
|
|
@ -156,16 +156,17 @@ func NewErrorISE(msg string, args ...interface{}) *Error {
|
|||
|
||||
// WrapError attempts to wrap the internal error.
|
||||
func WrapError(typ ProblemType, err error, msg string, args ...interface{}) *Error {
|
||||
switch e := err.(type) {
|
||||
case nil:
|
||||
var ee *Error
|
||||
switch {
|
||||
case err == nil:
|
||||
return nil
|
||||
case *Error:
|
||||
if e.Err == nil {
|
||||
e.Err = errors.Errorf(msg+"; "+e.Detail, args...)
|
||||
case errors.As(err, &ee):
|
||||
if ee.Err == nil {
|
||||
ee.Err = errors.Errorf(msg+"; "+ee.Detail, args...)
|
||||
} else {
|
||||
e.Err = errors.Wrapf(e.Err, msg, args...)
|
||||
ee.Err = errors.Wrapf(ee.Err, msg, args...)
|
||||
}
|
||||
return e
|
||||
return ee
|
||||
default:
|
||||
return newError(typ, errors.Wrapf(err, msg, args...))
|
||||
}
|
||||
|
|
|
@ -372,7 +372,7 @@ func (a *Authority) init() error {
|
|||
}
|
||||
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
SigningKey: a.config.IntermediateKey,
|
||||
Password: []byte(a.password),
|
||||
Password: a.password,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -443,7 +443,7 @@ func (a *Authority) init() error {
|
|||
if a.config.SSH.HostKey != "" {
|
||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
SigningKey: a.config.SSH.HostKey,
|
||||
Password: []byte(a.sshHostPassword),
|
||||
Password: a.sshHostPassword,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -469,7 +469,7 @@ func (a *Authority) init() error {
|
|||
if a.config.SSH.UserKey != "" {
|
||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
SigningKey: a.config.SSH.UserKey,
|
||||
Password: []byte(a.sshUserPassword),
|
||||
Password: a.sshUserPassword,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -554,7 +554,7 @@ func (a *Authority) init() error {
|
|||
options.CertificateChain = append(options.CertificateChain, a.rootX509Certs...)
|
||||
options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
SigningKey: a.config.IntermediateKey,
|
||||
Password: []byte(a.password),
|
||||
Password: a.password,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -563,7 +563,7 @@ func (a *Authority) init() error {
|
|||
if km, ok := a.keyManager.(kmsapi.Decrypter); ok {
|
||||
options.Decrypter, err = km.CreateDecrypter(&kmsapi.CreateDecrypterRequest{
|
||||
DecryptionKey: a.config.IntermediateKey,
|
||||
Password: []byte(a.password),
|
||||
Password: a.password,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/certificates/authority/admin"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/errs"
|
||||
|
@ -416,16 +417,16 @@ func (a *Authority) AuthorizeRenewToken(ctx context.Context, ott string) (*x509.
|
|||
Subject: leaf.Subject.CommonName,
|
||||
Time: time.Now().UTC(),
|
||||
}, time.Minute); err != nil {
|
||||
switch err {
|
||||
case jose.ErrInvalidIssuer:
|
||||
switch {
|
||||
case errors.Is(err, jose.ErrInvalidIssuer):
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid issuer claim (iss)"))
|
||||
case jose.ErrInvalidSubject:
|
||||
case errors.Is(err, jose.ErrInvalidSubject):
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: invalid subject claim (sub)"))
|
||||
case jose.ErrNotValidYet:
|
||||
case errors.Is(err, jose.ErrNotValidYet):
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token not valid yet (nbf)"))
|
||||
case jose.ErrExpired:
|
||||
case errors.Is(err, jose.ErrExpired):
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token is expired (exp)"))
|
||||
case jose.ErrIssuedInTheFuture:
|
||||
case errors.Is(err, jose.ErrIssuedInTheFuture):
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token: token issued in the future (iat)"))
|
||||
default:
|
||||
return nil, errs.UnauthorizedErr(err, errs.WithMessage("error validating renew token"))
|
||||
|
|
|
@ -748,8 +748,8 @@ func TestAuthority_Authorize(t *testing.T) {
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["token"], tc.token)
|
||||
}
|
||||
} else {
|
||||
|
@ -884,8 +884,8 @@ func TestAuthority_authorizeRenew(t *testing.T) {
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -169,7 +169,7 @@ func (t *TLSOptions) TLSConfig() *tls.Config {
|
|||
rs = tls.RenegotiateNever
|
||||
}
|
||||
|
||||
// nolint:gosec // default MinVersion 1.2, if defined but empty 1.3 is used
|
||||
//nolint:gosec // default MinVersion 1.2, if defined but empty 1.3 is used
|
||||
return &tls.Config{
|
||||
CipherSuites: t.CipherSuites.Value(),
|
||||
MinVersion: t.MinVersion.Value(),
|
||||
|
|
|
@ -461,7 +461,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error)
|
|||
defer cancel()
|
||||
|
||||
conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{
|
||||
// nolint:gosec // used in bootstrap protocol
|
||||
//nolint:gosec // used in bootstrap protocol
|
||||
InsecureSkipVerify: true, // lgtm[go/disabled-certificate-check]
|
||||
})))
|
||||
if err != nil {
|
||||
|
|
|
@ -119,7 +119,6 @@ func (a *Authority) RemoveAuthorityPolicy(ctx context.Context) error {
|
|||
}
|
||||
|
||||
func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdmin *linkedca.Admin, p *linkedca.Policy) error {
|
||||
|
||||
// no policy and thus nothing to evaluate; return early
|
||||
if p == nil {
|
||||
return nil
|
||||
|
@ -138,7 +137,6 @@ func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdmin *link
|
|||
}
|
||||
|
||||
func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName string, p *linkedca.Policy) error {
|
||||
|
||||
// no policy and thus nothing to evaluate; return early
|
||||
if p == nil {
|
||||
return nil
|
||||
|
@ -157,7 +155,6 @@ func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName string,
|
|||
// checkPolicy checks if a new or updated policy configuration results in the user
|
||||
// locking themselves or other admins out of the CA.
|
||||
func (a *Authority) checkPolicy(ctx context.Context, currentAdmin *linkedca.Admin, otherAdmins []*linkedca.Admin, p *linkedca.Policy) error {
|
||||
|
||||
// convert the policy; return early if nil
|
||||
policyOptions := authPolicy.LinkedToCertificates(p)
|
||||
if policyOptions == nil {
|
||||
|
@ -216,7 +213,6 @@ func (a *Authority) reloadPolicyEngines(ctx context.Context) error {
|
|||
)
|
||||
|
||||
if a.config.AuthorityConfig.EnableAdmin {
|
||||
|
||||
// temporarily disable policy loading when LinkedCA is in use
|
||||
if _, ok := a.adminDB.(*linkedCaClient); ok {
|
||||
return nil
|
||||
|
|
|
@ -17,9 +17,9 @@ type Engine struct {
|
|||
|
||||
// New returns a new Engine using Options.
|
||||
func New(options *Options) (*Engine, error) {
|
||||
|
||||
// if no options provided, return early
|
||||
if options == nil {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
@ -56,7 +56,6 @@ func New(options *Options) (*Engine, error) {
|
|||
// the X.509 policy (if available) and returns an error if one of the
|
||||
// names in the certificate is not allowed.
|
||||
func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error {
|
||||
|
||||
// return early if there's no policy to evaluate
|
||||
if e == nil || e.x509Policy == nil {
|
||||
return nil
|
||||
|
@ -69,7 +68,6 @@ func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error {
|
|||
// AreSANsAllowed evaluates the slice of SANs against the X.509 policy
|
||||
// (if available) and returns an error if one of the SANs is not allowed.
|
||||
func (e *Engine) AreSANsAllowed(sans []string) error {
|
||||
|
||||
// return early if there's no policy to evaluate
|
||||
if e == nil || e.x509Policy == nil {
|
||||
return nil
|
||||
|
@ -83,7 +81,6 @@ func (e *Engine) AreSANsAllowed(sans []string) error {
|
|||
// user or host policy (if configured) and returns an error if one of the
|
||||
// principals in the certificate is not allowed.
|
||||
func (e *Engine) IsSSHCertificateAllowed(cert *ssh.Certificate) error {
|
||||
|
||||
// return early if there's no policy to evaluate
|
||||
if e == nil || (e.sshHostPolicy == nil && e.sshUserPolicy == nil) {
|
||||
return nil
|
||||
|
|
|
@ -19,7 +19,6 @@ type HostPolicy policy.SSHNamePolicyEngine
|
|||
|
||||
// NewX509PolicyEngine creates a new x509 name policy engine
|
||||
func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509Policy, error) {
|
||||
|
||||
// return early if no policy engine options to configure
|
||||
if policyOptions == nil {
|
||||
return nil, nil
|
||||
|
@ -92,7 +91,6 @@ func NewSSHHostPolicyEngine(policyOptions SSHPolicyOptionsInterface) (HostPolicy
|
|||
|
||||
// newSSHPolicyEngine creates a new SSH name policy engine
|
||||
func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEngineType) (policy.SSHNamePolicyEngine, error) {
|
||||
|
||||
// return early if no policy engine options to configure
|
||||
if policyOptions == nil {
|
||||
return nil, nil
|
||||
|
@ -143,7 +141,6 @@ func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ sshPolicyEn
|
|||
}
|
||||
|
||||
func LinkedToCertificates(p *linkedca.Policy) *Options {
|
||||
|
||||
// return early
|
||||
if p == nil {
|
||||
return nil
|
||||
|
|
|
@ -185,11 +185,11 @@ func TestAuthority_checkPolicy(t *testing.T) {
|
|||
} else {
|
||||
assert.IsType(t, &PolicyError{}, err)
|
||||
|
||||
pe, ok := err.(*PolicyError)
|
||||
assert.True(t, ok)
|
||||
|
||||
assert.Equal(t, tc.err.Typ, pe.Typ)
|
||||
assert.Equal(t, tc.err.Error(), pe.Error())
|
||||
var pe *PolicyError
|
||||
if assert.True(t, errors.As(err, &pe)) {
|
||||
assert.Equal(t, tc.err.Typ, pe.Typ)
|
||||
assert.Equal(t, tc.err.Error(), pe.Error())
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
@ -1179,10 +1179,11 @@ func TestAuthority_RemoveAuthorityPolicy(t *testing.T) {
|
|||
}
|
||||
err := a.RemoveAuthorityPolicy(tt.args.ctx)
|
||||
if err != nil {
|
||||
pe, ok := err.(*PolicyError)
|
||||
assert.True(t, ok)
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
var pe *PolicyError
|
||||
if assert.True(t, errors.As(err, &pe)) {
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
})
|
||||
|
@ -1250,10 +1251,11 @@ func TestAuthority_GetAuthorityPolicy(t *testing.T) {
|
|||
}
|
||||
got, err := a.GetAuthorityPolicy(tt.args.ctx)
|
||||
if err != nil {
|
||||
pe, ok := err.(*PolicyError)
|
||||
assert.True(t, ok)
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
var pe *PolicyError
|
||||
if assert.True(t, errors.As(err, &pe)) {
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
if !reflect.DeepEqual(got, tt.want) {
|
||||
|
@ -1429,10 +1431,11 @@ func TestAuthority_CreateAuthorityPolicy(t *testing.T) {
|
|||
}
|
||||
got, err := a.CreateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
||||
if err != nil {
|
||||
pe, ok := err.(*PolicyError)
|
||||
assert.True(t, ok)
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
var pe *PolicyError
|
||||
if assert.True(t, errors.As(err, &pe)) {
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
if !reflect.DeepEqual(got, tt.want) {
|
||||
|
@ -1611,10 +1614,11 @@ func TestAuthority_UpdateAuthorityPolicy(t *testing.T) {
|
|||
}
|
||||
got, err := a.UpdateAuthorityPolicy(tt.args.ctx, tt.args.adm, tt.args.p)
|
||||
if err != nil {
|
||||
pe, ok := err.(*PolicyError)
|
||||
assert.True(t, ok)
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
var pe *PolicyError
|
||||
if assert.True(t, errors.As(err, &pe)) {
|
||||
assert.Equal(t, tt.wantErr.Typ, pe.Typ)
|
||||
assert.Equal(t, tt.wantErr.Err.Error(), pe.Err.Error())
|
||||
}
|
||||
return
|
||||
}
|
||||
if !reflect.DeepEqual(got, tt.want) {
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
// ACMEChallenge represents the supported acme challenges.
|
||||
type ACMEChallenge string
|
||||
|
||||
// nolint:revive // better names
|
||||
//nolint:stylecheck,revive // better names
|
||||
const (
|
||||
// HTTP_01 is the http-01 ACME challenge.
|
||||
HTTP_01 ACMEChallenge = "http-01"
|
||||
|
@ -217,7 +217,6 @@ type ACMEIdentifier struct {
|
|||
// AuthorizeOrderIdentifier verifies the provisioner is allowed to issue a
|
||||
// certificate for an ACME Order Identifier.
|
||||
func (p *ACME) AuthorizeOrderIdentifier(ctx context.Context, identifier ACMEIdentifier) error {
|
||||
|
||||
x509Policy := p.ctl.getPolicy().getX509()
|
||||
|
||||
// identifier is allowed if no policy is configured
|
||||
|
|
82
authority/provisioner/acme_118_test.go
Normal file
82
authority/provisioner/acme_118_test.go
Normal file
|
@ -0,0 +1,82 @@
|
|||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package provisioner
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestACME_GetAttestationRoots(t *testing.T) {
|
||||
appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(appleCA)
|
||||
pool.AppendCertsFromPEM(yubicoCA)
|
||||
|
||||
type fields struct {
|
||||
Type string
|
||||
Name string
|
||||
AttestationRoots []byte
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
want *x509.CertPool
|
||||
want1 bool
|
||||
}{
|
||||
{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
|
||||
{"nil", fields{"ACME", "acme", nil}, nil, false},
|
||||
{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
p := &ACME{
|
||||
Type: tt.fields.Type,
|
||||
Name: tt.fields.Name,
|
||||
AttestationRoots: tt.fields.AttestationRoots,
|
||||
}
|
||||
if err := p.Init(Config{
|
||||
Claims: globalProvisionerClaims,
|
||||
Audiences: testAudiences,
|
||||
}); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
got, got1 := p.GetAttestationRoots()
|
||||
switch {
|
||||
case tt.want == nil && got == nil:
|
||||
break
|
||||
case tt.want == nil && got != nil, tt.want != nil && got == nil:
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
default:
|
||||
//nolint:staticcheck // this file only runs in go1.18
|
||||
gotSubjects := got.Subjects()
|
||||
//nolint:staticcheck // this file only runs in go1.18
|
||||
wantSubjects := tt.want.Subjects()
|
||||
if len(gotSubjects) != len(wantSubjects) {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
} else {
|
||||
for i, gotSub := range gotSubjects {
|
||||
if !bytes.Equal(gotSub, wantSubjects[i]) {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if got1 != tt.want1 {
|
||||
t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
66
authority/provisioner/acme_119_test.go
Normal file
66
authority/provisioner/acme_119_test.go
Normal file
|
@ -0,0 +1,66 @@
|
|||
//go:build !go1.18
|
||||
// +build !go1.18
|
||||
|
||||
package provisioner
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/x509"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestACME_GetAttestationRoots(t *testing.T) {
|
||||
appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(appleCA)
|
||||
pool.AppendCertsFromPEM(yubicoCA)
|
||||
|
||||
type fields struct {
|
||||
Type string
|
||||
Name string
|
||||
AttestationRoots []byte
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
want *x509.CertPool
|
||||
want1 bool
|
||||
}{
|
||||
{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
|
||||
{"nil", fields{"ACME", "acme", nil}, nil, false},
|
||||
{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
p := &ACME{
|
||||
Type: tt.fields.Type,
|
||||
Name: tt.fields.Name,
|
||||
AttestationRoots: tt.fields.AttestationRoots,
|
||||
}
|
||||
if err := p.Init(Config{
|
||||
Claims: globalProvisionerClaims,
|
||||
Audiences: testAudiences,
|
||||
}); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
got, got1 := p.GetAttestationRoots()
|
||||
if tt.want == nil && got != nil {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
} else if !tt.want.Equal(got) {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
}
|
||||
if got1 != tt.want1 {
|
||||
t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
|
@ -1,3 +1,6 @@
|
|||
//go:build !go1.18
|
||||
// +build !go1.18
|
||||
|
||||
package provisioner
|
||||
|
||||
import (
|
||||
|
@ -371,58 +374,3 @@ func TestACME_IsAttestationFormatEnabled(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestACME_GetAttestationRoots(t *testing.T) {
|
||||
appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
pool := x509.NewCertPool()
|
||||
pool.AppendCertsFromPEM(appleCA)
|
||||
pool.AppendCertsFromPEM(yubicoCA)
|
||||
|
||||
type fields struct {
|
||||
Type string
|
||||
Name string
|
||||
AttestationRoots []byte
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
fields fields
|
||||
want *x509.CertPool
|
||||
want1 bool
|
||||
}{
|
||||
{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
|
||||
{"nil", fields{"ACME", "acme", nil}, nil, false},
|
||||
{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
p := &ACME{
|
||||
Type: tt.fields.Type,
|
||||
Name: tt.fields.Name,
|
||||
AttestationRoots: tt.fields.AttestationRoots,
|
||||
}
|
||||
if err := p.Init(Config{
|
||||
Claims: globalProvisionerClaims,
|
||||
Audiences: testAudiences,
|
||||
}); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
got, got1 := p.GetAttestationRoots()
|
||||
if tt.want == nil && got != nil {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
} else if !tt.want.Equal(got) {
|
||||
t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
|
||||
}
|
||||
if got1 != tt.want1 {
|
||||
t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,20 +35,17 @@ const awsIdentityURL = "http://169.254.169.254/latest/dynamic/instance-identity/
|
|||
const awsSignatureURL = "http://169.254.169.254/latest/dynamic/instance-identity/signature"
|
||||
|
||||
// awsAPITokenURL is the url used to get the IMDSv2 API token
|
||||
// nolint:gosec // no credentials here
|
||||
const awsAPITokenURL = "http://169.254.169.254/latest/api/token"
|
||||
const awsAPITokenURL = "http://169.254.169.254/latest/api/token" //nolint:gosec // no credentials here
|
||||
|
||||
// awsAPITokenTTL is the default TTL to use when requesting IMDSv2 API tokens
|
||||
// -- we keep this short-lived since we get a new token with every call to readURL()
|
||||
const awsAPITokenTTL = "30"
|
||||
|
||||
// awsMetadataTokenHeader is the header that must be passed with every IMDSv2 request
|
||||
// nolint:gosec // no credentials here
|
||||
const awsMetadataTokenHeader = "X-aws-ec2-metadata-token"
|
||||
const awsMetadataTokenHeader = "X-aws-ec2-metadata-token" //nolint:gosec // no credentials here
|
||||
|
||||
// awsMetadataTokenTTLHeader is the header used to indicate the token TTL requested
|
||||
// nolint:gosec // no credentials here
|
||||
const awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds"
|
||||
const awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds" //nolint:gosec // no credentials here
|
||||
|
||||
// awsCertificate is the certificate used to validate the instance identity
|
||||
// signature.
|
||||
|
|
|
@ -748,7 +748,7 @@ func TestAWS_AuthorizeSSHSign(t *testing.T) {
|
|||
pub := key.Public().Key
|
||||
rsa2048, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.FatalError(t, err)
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
rsa1024, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
|
|
|
@ -24,8 +24,7 @@ import (
|
|||
// azureOIDCBaseURL is the base discovery url for Microsoft Azure tokens.
|
||||
const azureOIDCBaseURL = "https://login.microsoftonline.com"
|
||||
|
||||
// azureIdentityTokenURL is the URL to get the identity token for an instance.
|
||||
// nolint:gosec // no credentials here
|
||||
//nolint:gosec // azureIdentityTokenURL is the URL to get the identity token for an instance.
|
||||
const azureIdentityTokenURL = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F"
|
||||
|
||||
// azureDefaultAudience is the default audience used.
|
||||
|
|
|
@ -624,7 +624,7 @@ func TestAzure_AuthorizeSSHSign(t *testing.T) {
|
|||
pub := key.Public().Key
|
||||
rsa2048, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.FatalError(t, err)
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
rsa1024, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
|
|
|
@ -38,7 +38,8 @@ type Claimer struct {
|
|||
// NewClaimer initializes a new claimer with the given claims.
|
||||
func NewClaimer(claims *Claims, global Claims) (*Claimer, error) {
|
||||
c := &Claimer{global: global, claims: claims}
|
||||
return c, c.Validate()
|
||||
err := c.Validate()
|
||||
return c, err
|
||||
}
|
||||
|
||||
// Claims returns the merge of the inner and global claims.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package provisioner
|
||||
|
||||
import (
|
||||
"crypto/sha1" // nolint:gosec // not used for cryptographic security
|
||||
"crypto/sha1" //nolint:gosec // not used for cryptographic security
|
||||
"crypto/x509"
|
||||
"encoding/asn1"
|
||||
"encoding/binary"
|
||||
|
@ -319,7 +319,7 @@ func loadProvisioner(m *sync.Map, key string) (Interface, bool) {
|
|||
// provisionerSum returns the SHA1 of the provisioners ID. From this we will
|
||||
// create the unique and sorted id.
|
||||
func provisionerSum(p Interface) []byte {
|
||||
// nolint:gosec // not used for cryptographic security
|
||||
//nolint:gosec // not used for cryptographic security
|
||||
sum := sha1.Sum([]byte(p.GetID()))
|
||||
return sum[:]
|
||||
}
|
||||
|
|
|
@ -102,7 +102,6 @@ func (p *GCP) GetID() string {
|
|||
return p.ID
|
||||
}
|
||||
return p.GetIDForToken()
|
||||
|
||||
}
|
||||
|
||||
// GetIDForToken returns an identifier that will be used to load the provisioner
|
||||
|
|
|
@ -623,7 +623,7 @@ func TestGCP_AuthorizeSSHSign(t *testing.T) {
|
|||
pub := key.Public().Key
|
||||
rsa2048, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.FatalError(t, err)
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
rsa1024, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
|
|
|
@ -411,7 +411,7 @@ func TestJWK_AuthorizeSSHSign(t *testing.T) {
|
|||
pub := key.Public().Key
|
||||
rsa2048, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.FatalError(t, err)
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
rsa1024, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
|
|
|
@ -93,7 +93,6 @@ func (p *K8sSA) GetEncryptedKey() (string, string, bool) {
|
|||
|
||||
// Init initializes and validates the fields of a K8sSA type.
|
||||
func (p *K8sSA) Init(config Config) (err error) {
|
||||
|
||||
switch {
|
||||
case p.Type == "":
|
||||
return errors.New("provisioner type cannot be empty")
|
||||
|
|
|
@ -85,14 +85,14 @@ func (ks *keyStore) reload() {
|
|||
// 0 it will randomly rotate between 0-12 hours, but every time we call to Get
|
||||
// it will automatically rotate.
|
||||
func (ks *keyStore) nextReloadDuration(age time.Duration) time.Duration {
|
||||
n := rand.Int63n(int64(ks.jitter)) // nolint:gosec // not used for cryptographic security
|
||||
n := rand.Int63n(int64(ks.jitter)) //nolint:gosec // not used for cryptographic security
|
||||
age -= time.Duration(n)
|
||||
return abs(age)
|
||||
}
|
||||
|
||||
func getKeysFromJWKsURI(uri string) (jose.JSONWebKeySet, time.Duration, error) {
|
||||
var keys jose.JSONWebKeySet
|
||||
resp, err := http.Get(uri) // nolint:gosec // openid-configuration jwks_uri
|
||||
resp, err := http.Get(uri) //nolint:gosec // openid-configuration jwks_uri
|
||||
if err != nil {
|
||||
return keys, 0, errors.Wrapf(err, "failed to connect to %s", uri)
|
||||
}
|
||||
|
|
|
@ -54,6 +54,7 @@ func (p *noop) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
|||
}
|
||||
|
||||
func (p *noop) AuthorizeSSHRenew(ctx context.Context, token string) (*ssh.Certificate, error) {
|
||||
//nolint:nilnil // fine for noop
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -479,7 +479,7 @@ func (o *OIDC) AuthorizeSSHRevoke(ctx context.Context, token string) error {
|
|||
}
|
||||
|
||||
func getAndDecode(uri string, v interface{}) error {
|
||||
resp, err := http.Get(uri) // nolint:gosec // openid-configuration uri
|
||||
resp, err := http.Get(uri) //nolint:gosec // openid-configuration uri
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to connect to %s", uri)
|
||||
}
|
||||
|
|
|
@ -540,7 +540,7 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
|
|||
pub := key.Public().Key
|
||||
rsa2048, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
assert.FatalError(t, err)
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
rsa1024, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
assert.FatalError(t, err)
|
||||
|
||||
|
|
|
@ -254,7 +254,7 @@ func TestCustomTemplateOptions(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_unsafeParseSigned(t *testing.T) {
|
||||
// nolint:gosec // no credentials here
|
||||
//nolint:gosec // no credentials here
|
||||
okToken := "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJqYW5lQGRvZS5jb20iLCJpc3MiOiJodHRwczovL2RvZS5jb20iLCJqdGkiOiI4ZmYzMjQ4MS1mZDVmLTRlMmUtOTZkZi05MDhjMTI3Yzg1ZjciLCJpYXQiOjE1OTUzNjAwMjgsImV4cCI6MTU5NTM2MzYyOH0.aid8UuhFucJOFHXaob9zpNtVvhul9ulTGsA52mU6XIw"
|
||||
type args struct {
|
||||
s string
|
||||
|
|
|
@ -9,8 +9,8 @@ type policyEngine struct {
|
|||
}
|
||||
|
||||
func newPolicyEngine(options *Options) (*policyEngine, error) {
|
||||
|
||||
if options == nil {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -310,7 +310,6 @@ func (v profileDefaultDuration) Modify(cert *x509.Certificate, so SignOptions) e
|
|||
if notBefore.IsZero() {
|
||||
notBefore = now()
|
||||
backdate = -1 * so.Backdate
|
||||
|
||||
}
|
||||
notAfter := so.NotAfter.RelativeTime(notBefore)
|
||||
if notAfter.IsZero() {
|
||||
|
|
|
@ -287,7 +287,7 @@ func Test_sshCertTypeModifier_Modify(t *testing.T) {
|
|||
t.Run(name, func(t *testing.T) {
|
||||
tc := run()
|
||||
if assert.Nil(t, tc.modifier.Modify(tc.cert, SignSSHOptions{})) {
|
||||
assert.Equals(t, tc.cert.CertType, uint32(tc.expected))
|
||||
assert.Equals(t, tc.cert.CertType, tc.expected)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@ package provisioner
|
|||
|
||||
import (
|
||||
"crypto"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"reflect"
|
||||
|
@ -84,9 +85,10 @@ func signSSHCertificate(key crypto.PublicKey, opts SignSSHOptions, signOpts []Si
|
|||
// Create certificate from template.
|
||||
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
||||
if err != nil {
|
||||
if _, ok := err.(*sshutil.TemplateError); ok {
|
||||
return nil, errs.NewErr(http.StatusBadRequest, err,
|
||||
errs.WithMessage(err.Error()),
|
||||
var templErr *sshutil.TemplateError
|
||||
if errors.As(err, &templErr) {
|
||||
return nil, errs.NewErr(http.StatusBadRequest, templErr,
|
||||
errs.WithMessage(templErr.Error()),
|
||||
errs.WithKeyVal("signOptions", signOpts),
|
||||
)
|
||||
}
|
||||
|
|
|
@ -100,7 +100,7 @@ func generateJSONWebKey() (*jose.JSONWebKey, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
jwk.KeyID = string(hex.EncodeToString(fp))
|
||||
jwk.KeyID = hex.EncodeToString(fp)
|
||||
return jwk, nil
|
||||
}
|
||||
|
||||
|
@ -449,7 +449,7 @@ func generateAWSWithServer() (*AWS, *httptest.Server, error) {
|
|||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "error signing document")
|
||||
}
|
||||
// nolint:gosec // tests minimum size of the key
|
||||
//nolint:gosec // tests minimum size of the key
|
||||
token := "AQAEAEEO9-7Z88ewKFpboZuDlFYWz9A3AN-wMOVzjEhfAyXW31BvVw=="
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
switch r.URL.Path {
|
||||
|
|
|
@ -120,7 +120,7 @@ M46l92gdOozT
|
|||
return ProvisionerValidateTest{
|
||||
p: p,
|
||||
extraValid: func(p *X5C) error {
|
||||
// nolint:staticcheck // We don't have a different way to
|
||||
//nolint:staticcheck // We don't have a different way to
|
||||
// check the number of certificates in the pool.
|
||||
numCerts := len(p.rootPool.Subjects())
|
||||
if numCerts != 2 {
|
||||
|
|
|
@ -145,7 +145,6 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner.
|
|||
AuthorizeRenewFunc: a.authorizeRenewFunc,
|
||||
AuthorizeSSHRenewFunc: a.authorizeSSHRenewFunc,
|
||||
}, nil
|
||||
|
||||
}
|
||||
|
||||
// StoreProvisioner stores a provisioner to the authority.
|
||||
|
@ -530,6 +529,7 @@ func durationsToLinkedca(d *provisioner.Duration) string {
|
|||
// certifictes claims type.
|
||||
func claimsToCertificates(c *linkedca.Claims) (*provisioner.Claims, error) {
|
||||
if c == nil {
|
||||
//nolint:nilnil // nil claims do not pose an issue.
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -140,6 +140,7 @@ func (a *Authority) GetSSHBastion(ctx context.Context, user, hostname string) (*
|
|||
return a.config.SSH.Bastion, nil
|
||||
}
|
||||
}
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
return nil, errs.NotFound("authority.GetSSHBastion; ssh is not configured")
|
||||
|
@ -202,7 +203,8 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
|
|||
// Create certificate from template.
|
||||
certificate, err := sshutil.NewCertificate(cr, certOptions...)
|
||||
if err != nil {
|
||||
if _, ok := err.(*sshutil.TemplateError); ok {
|
||||
var te *sshutil.TemplateError
|
||||
if errors.As(err, &te) {
|
||||
return nil, errs.ApplyOptions(
|
||||
errs.BadRequestErr(err, err.Error()),
|
||||
errs.WithKeyVal("signOptions", signOpts),
|
||||
|
@ -281,7 +283,7 @@ func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts provisi
|
|||
}
|
||||
}
|
||||
|
||||
if err = a.storeSSHCertificate(prov, cert); err != nil && err != db.ErrNotImplemented {
|
||||
if err = a.storeSSHCertificate(prov, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.SignSSH: error storing certificate in db")
|
||||
}
|
||||
|
||||
|
@ -351,7 +353,7 @@ func (a *Authority) RenewSSH(ctx context.Context, oldCert *ssh.Certificate) (*ss
|
|||
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSH: error signing certificate")
|
||||
}
|
||||
|
||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && err != db.ErrNotImplemented {
|
||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "renewSSH: error storing certificate in db")
|
||||
}
|
||||
|
||||
|
@ -434,7 +436,7 @@ func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certificate, pub
|
|||
}
|
||||
}
|
||||
|
||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && err != db.ErrNotImplemented {
|
||||
if err = a.storeRenewedSSHCertificate(prov, oldCert, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "rekeySSH; error storing certificate in db")
|
||||
}
|
||||
|
||||
|
@ -570,7 +572,7 @@ func (a *Authority) SignSSHAddUser(ctx context.Context, key ssh.PublicKey, subje
|
|||
}
|
||||
cert.Signature = sig
|
||||
|
||||
if err = a.storeRenewedSSHCertificate(prov, subject, cert); err != nil && err != db.ErrNotImplemented {
|
||||
if err = a.storeRenewedSSHCertificate(prov, subject, cert); err != nil && !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "signSSHAddUser: error storing certificate in db")
|
||||
}
|
||||
|
||||
|
@ -589,7 +591,7 @@ func (a *Authority) CheckSSHHost(ctx context.Context, principal, token string) (
|
|||
}
|
||||
exists, err := a.db.IsSSHHost(principal)
|
||||
if err != nil {
|
||||
if err == db.ErrNotImplemented {
|
||||
if errors.Is(err, db.ErrNotImplemented) {
|
||||
return false, errs.Wrap(http.StatusNotImplemented, err,
|
||||
"checkSSHHost: isSSHHost is not implemented")
|
||||
}
|
||||
|
|
|
@ -142,7 +142,8 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
|||
|
||||
cert, err := x509util.NewCertificate(csr, certOptions...)
|
||||
if err != nil {
|
||||
if _, ok := err.(*x509util.TemplateError); ok {
|
||||
var te *x509util.TemplateError
|
||||
if errors.As(err, &te) {
|
||||
return nil, errs.ApplyOptions(
|
||||
errs.BadRequestErr(err, err.Error()),
|
||||
errs.WithKeyVal("csr", csr),
|
||||
|
@ -244,7 +245,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Sign
|
|||
|
||||
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
||||
if err = a.storeCertificate(prov, fullchain); err != nil {
|
||||
if err != db.ErrNotImplemented {
|
||||
if !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err,
|
||||
"authority.Sign; error storing certificate in db", opts...)
|
||||
}
|
||||
|
@ -371,7 +372,7 @@ func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x5
|
|||
|
||||
fullchain := append([]*x509.Certificate{resp.Certificate}, resp.CertificateChain...)
|
||||
if err = a.storeRenewedCertificate(oldCert, fullchain); err != nil {
|
||||
if err != db.ErrNotImplemented {
|
||||
if !errors.Is(err, db.ErrNotImplemented) {
|
||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "authority.Rekey; error storing certificate in db", opts...)
|
||||
}
|
||||
}
|
||||
|
@ -551,12 +552,12 @@ func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOptions) error
|
|||
// Save as revoked in the Db.
|
||||
err = a.revoke(revokedCert, rci)
|
||||
}
|
||||
switch err {
|
||||
case nil:
|
||||
switch {
|
||||
case err == nil:
|
||||
return nil
|
||||
case db.ErrNotImplemented:
|
||||
case errors.Is(err, db.ErrNotImplemented):
|
||||
return errs.NotImplemented("authority.Revoke; no persistence layer configured", opts...)
|
||||
case db.ErrAlreadyExists:
|
||||
case errors.Is(err, db.ErrAlreadyExists):
|
||||
return errs.ApplyOptions(
|
||||
errs.BadRequest("certificate with serial number '%s' is already revoked", rci.Serial),
|
||||
opts...,
|
||||
|
@ -676,7 +677,7 @@ func templatingError(err error) error {
|
|||
)
|
||||
if errors.As(err, &syntaxError) {
|
||||
// offset is arguably not super clear to the user, but it's the best we can do here
|
||||
cause = fmt.Errorf("%s at offset %d", cause.Error(), syntaxError.Offset)
|
||||
cause = fmt.Errorf("%w at offset %d", cause, syntaxError.Offset)
|
||||
} else if errors.As(err, &typeError) {
|
||||
// slightly rewriting the default error message to include the offset
|
||||
cause = fmt.Errorf("cannot unmarshal %s at offset %d into Go value of type %s", typeError.Value, typeError.Offset, typeError.Type)
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/sha1" // nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
"crypto/sha1" //nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/asn1"
|
||||
|
@ -200,7 +200,7 @@ func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
|
|||
if _, err = asn1.Unmarshal(b, &info); err != nil {
|
||||
return nil, fmt.Errorf("error unmarshaling public key: %w", err)
|
||||
}
|
||||
// nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
//nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
hash := sha1.Sum(info.SubjectPublicKey.Bytes)
|
||||
return hash[:], nil
|
||||
}
|
||||
|
@ -578,7 +578,7 @@ ZYtQ9Ot36qc=
|
|||
{Id: stepOIDProvisioner, Value: []byte("foo")},
|
||||
{Id: []int{1, 1, 1}, Value: []byte("bar")}}))
|
||||
now := time.Now().UTC()
|
||||
// nolint:gocritic
|
||||
//nolint:gocritic
|
||||
enforcedExtraOptions := append(extraOpts, &certificateDurationEnforcer{
|
||||
NotBefore: now,
|
||||
NotAfter: now.Add(365 * 24 * time.Hour),
|
||||
|
@ -736,8 +736,8 @@ ZYtQ9Ot36qc=
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["csr"], tc.csr)
|
||||
assert.Equals(t, ctxErr.Details["signOptions"], tc.signOpts)
|
||||
}
|
||||
|
@ -935,8 +935,8 @@ func TestAuthority_Renew(t *testing.T) {
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||
}
|
||||
} else {
|
||||
|
@ -1142,8 +1142,8 @@ func TestAuthority_Rekey(t *testing.T) {
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.cert.SerialNumber.String())
|
||||
}
|
||||
} else {
|
||||
|
@ -1572,8 +1572,8 @@ func TestAuthority_Revoke(t *testing.T) {
|
|||
assert.Equals(t, sc.StatusCode(), tc.code)
|
||||
assert.HasPrefix(t, err.Error(), tc.err.Error())
|
||||
|
||||
ctxErr, ok := err.(*errs.Error)
|
||||
assert.Fatal(t, ok, "error is not of type *errs.Error")
|
||||
var ctxErr *errs.Error
|
||||
assert.Fatal(t, errors.As(err, &ctxErr), "error is not of type *errs.Error")
|
||||
assert.Equals(t, ctxErr.Details["serialNumber"], tc.opts.Serial)
|
||||
assert.Equals(t, ctxErr.Details["reasonCode"], tc.opts.ReasonCode)
|
||||
assert.Equals(t, ctxErr.Details["reason"], tc.opts.Reason)
|
||||
|
|
|
@ -52,6 +52,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC
|
|||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "client GET %s failed", endpoint)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -80,6 +81,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -111,6 +113,7 @@ func (c *ACMEClient) GetNonce() (string, error) {
|
|||
if err != nil {
|
||||
return "", errors.Wrapf(err, "client GET %s failed", c.dir.NewNonce)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return "", readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -198,6 +201,7 @@ func (c *ACMEClient) NewOrder(payload []byte) (*acme.Order, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -218,6 +222,7 @@ func (c *ACMEClient) GetChallenge(url string) (*acme.Challenge, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -237,6 +242,7 @@ func (c *ACMEClient) ValidateChallenge(url string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -250,6 +256,7 @@ func (c *ACMEClient) ValidateWithPayload(url string, payload []byte) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -262,6 +269,7 @@ func (c *ACMEClient) GetAuthz(url string) (*acme.Authorization, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -279,6 +287,7 @@ func (c *ACMEClient) GetOrder(url string) (*acme.Order, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -302,6 +311,7 @@ func (c *ACMEClient) FinalizeOrder(url string, csr *x509.CertificateRequest) err
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -314,6 +324,7 @@ func (c *ACMEClient) GetCertificate(url string) (*x509.Certificate, []*x509.Cert
|
|||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
@ -350,6 +361,7 @@ func (c *ACMEClient) GetAccountOrders() ([]string, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode >= 400 {
|
||||
return nil, readACMEError(resp.Body)
|
||||
}
|
||||
|
|
|
@ -1359,7 +1359,7 @@ func TestACMEClient_GetCertificate(t *testing.T) {
|
|||
Type: "Certificate",
|
||||
Bytes: leaf.Raw,
|
||||
})
|
||||
// nolint:gocritic
|
||||
//nolint:gocritic
|
||||
certBytes := append(leafb, leafb...)
|
||||
certBytes = append(certBytes, leafb...)
|
||||
ac := &ACMEClient{
|
||||
|
|
|
@ -116,7 +116,6 @@ func (c *AdminClient) generateAdminToken(aud *url.URL) (string, error) {
|
|||
}
|
||||
|
||||
return tok.SignedString(c.x5cJWK.Algorithm, c.x5cJWK.Key)
|
||||
|
||||
}
|
||||
|
||||
func (c *AdminClient) retryOnError(r *http.Response) bool {
|
||||
|
|
|
@ -200,7 +200,7 @@ func TestBootstrap(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // insecure test servers
|
||||
//nolint:gosec // insecure test servers
|
||||
func TestBootstrapServerWithoutMTLS(t *testing.T) {
|
||||
srv := startCABootstrapServer()
|
||||
defer srv.Close()
|
||||
|
@ -246,6 +246,7 @@ func TestBootstrapServerWithoutMTLS(t *testing.T) {
|
|||
expected := &http.Server{
|
||||
TLSConfig: got.TLSConfig,
|
||||
}
|
||||
//nolint:govet // not comparing errors
|
||||
if !reflect.DeepEqual(got, expected) {
|
||||
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
||||
}
|
||||
|
@ -257,7 +258,7 @@ func TestBootstrapServerWithoutMTLS(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // insecure test servers
|
||||
//nolint:gosec // insecure test servers
|
||||
func TestBootstrapServerWithMTLS(t *testing.T) {
|
||||
srv := startCABootstrapServer()
|
||||
defer srv.Close()
|
||||
|
@ -303,6 +304,7 @@ func TestBootstrapServerWithMTLS(t *testing.T) {
|
|||
expected := &http.Server{
|
||||
TLSConfig: got.TLSConfig,
|
||||
}
|
||||
//nolint:govet // not comparing errors
|
||||
if !reflect.DeepEqual(got, expected) {
|
||||
t.Errorf("BootstrapServer() = %v, want %v", got, expected)
|
||||
}
|
||||
|
@ -407,7 +409,7 @@ func TestBootstrapClientServerRotation(t *testing.T) {
|
|||
|
||||
// Create bootstrap server
|
||||
token := generateBootstrapToken(caURL, "127.0.0.1", "ef742f95dc0d8aa82d3cca4017af6dac3fce84290344159891952d18c53eefe7")
|
||||
// nolint:gosec // insecure test server
|
||||
//nolint:gosec // insecure test server
|
||||
server, err := BootstrapServer(context.Background(), token, &http.Server{
|
||||
Addr: ":0",
|
||||
Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
|
@ -526,7 +528,7 @@ func TestBootstrapClientServerFederation(t *testing.T) {
|
|||
|
||||
// Create bootstrap server
|
||||
token := generateBootstrapToken(caURL1, "127.0.0.1", "ef742f95dc0d8aa82d3cca4017af6dac3fce84290344159891952d18c53eefe7")
|
||||
// nolint:gosec // insecure test server
|
||||
//nolint:gosec // insecure test server
|
||||
server, err := BootstrapServer(context.Background(), token, &http.Server{
|
||||
Addr: ":0",
|
||||
Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
|
|
4
ca/ca.go
4
ca/ca.go
|
@ -529,9 +529,9 @@ func (ca *CA) shouldServeSCEPEndpoints() bool {
|
|||
return ca.auth.GetSCEPService() != nil
|
||||
}
|
||||
|
||||
// nolint // ignore linters to allow keeping this function around for debugging
|
||||
//nolint:unused // useful for debugging
|
||||
func dumpRoutes(mux chi.Routes) {
|
||||
// helpful routine for logging all routes //
|
||||
// helpful routine for logging all routes
|
||||
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
|
||||
fmt.Printf("%s %s\n", method, route)
|
||||
return nil
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"context"
|
||||
"crypto"
|
||||
"crypto/rand"
|
||||
"crypto/sha1" // nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
"crypto/sha1" //nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
|
@ -66,7 +66,7 @@ func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) {
|
|||
return nil, errors.Wrap(err, "error unmarshaling public key")
|
||||
}
|
||||
|
||||
// nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
//nolint:gosec // used to create the Subject Key Identifier by RFC 5280
|
||||
hash := sha1.Sum(info.SubjectPublicKey.Bytes)
|
||||
return hash[:], nil
|
||||
}
|
||||
|
|
24
ca/client.go
24
ca/client.go
|
@ -56,7 +56,7 @@ func newClient(transport http.RoundTripper) *uaClient {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // used in bootstrap protocol
|
||||
//nolint:gosec // used in bootstrap protocol
|
||||
func newInsecureClient() *uaClient {
|
||||
return &uaClient{
|
||||
Client: &http.Client{
|
||||
|
@ -120,9 +120,7 @@ type clientOptions struct {
|
|||
}
|
||||
|
||||
func (o *clientOptions) apply(opts []ClientOption) (err error) {
|
||||
if err = o.applyDefaultIdentity(); err != nil {
|
||||
return
|
||||
}
|
||||
o.applyDefaultIdentity()
|
||||
for _, fn := range opts {
|
||||
if err = fn(o); err != nil {
|
||||
return
|
||||
|
@ -133,26 +131,25 @@ func (o *clientOptions) apply(opts []ClientOption) (err error) {
|
|||
|
||||
// applyDefaultIdentity sets the options for the default identity if the
|
||||
// identity file is present. The identity is enabled by default.
|
||||
func (o *clientOptions) applyDefaultIdentity() error {
|
||||
func (o *clientOptions) applyDefaultIdentity() {
|
||||
if DisableIdentity {
|
||||
return nil
|
||||
return
|
||||
}
|
||||
|
||||
// Do not load an identity if something fails
|
||||
i, err := identity.LoadDefaultIdentity()
|
||||
if err != nil {
|
||||
return nil
|
||||
return
|
||||
}
|
||||
if err := i.Validate(); err != nil {
|
||||
return nil
|
||||
return
|
||||
}
|
||||
crt, err := i.TLSCertificate()
|
||||
if err != nil {
|
||||
return nil
|
||||
return
|
||||
}
|
||||
o.certificate = crt
|
||||
o.getClientCertificate = i.GetClientCertificateFunc()
|
||||
return nil
|
||||
}
|
||||
|
||||
// checkTransport checks if other ways to set up a transport have been provided.
|
||||
|
@ -241,13 +238,13 @@ func WithTransport(tr http.RoundTripper) ClientOption {
|
|||
}
|
||||
|
||||
// WithInsecure adds a insecure transport that bypasses TLS verification.
|
||||
// nolint:gosec // insecure option
|
||||
func WithInsecure() ClientOption {
|
||||
return func(o *clientOptions) error {
|
||||
o.transport = &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
TLSClientConfig: &tls.Config{
|
||||
MinVersion: tls.VersionTLS12,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
//nolint:gosec // insecure option
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
|
@ -1139,7 +1136,7 @@ retry:
|
|||
var check api.SSHCheckPrincipalResponse
|
||||
if err := readJSON(resp.Body, &check); err != nil {
|
||||
return nil, errs.Wrapf(http.StatusInternalServerError, err, "error reading %s response",
|
||||
[]interface{}{u, errs.WithMessage("Failed to parse response from /ssh/check-host endpoint")})
|
||||
[]any{u, errs.WithMessage("Failed to parse response from /ssh/check-host endpoint")}...)
|
||||
}
|
||||
return &check, nil
|
||||
}
|
||||
|
@ -1203,6 +1200,7 @@ func (c *Client) RootFingerprint() (string, error) {
|
|||
if err != nil {
|
||||
return "", errors.Wrapf(err, "client GET %s failed", u)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.TLS == nil || len(resp.TLS.VerifiedChains) == 0 {
|
||||
return "", errors.New("missing verified chains")
|
||||
}
|
||||
|
|
|
@ -82,7 +82,6 @@ func LoadClient() (*Client, error) {
|
|||
Transport: tr,
|
||||
},
|
||||
}, nil
|
||||
|
||||
}
|
||||
|
||||
type defaultsConfig struct {
|
||||
|
|
|
@ -242,7 +242,7 @@ func Test_defaultsConfig_Validate(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:staticcheck,gocritic
|
||||
//nolint:staticcheck,gocritic
|
||||
func equalPools(a, b *x509.CertPool) bool {
|
||||
if reflect.DeepEqual(a, b) {
|
||||
return true
|
||||
|
|
|
@ -261,6 +261,7 @@ func (i *Identity) GetClientCertificateFunc() func(*tls.CertificateRequestInfo)
|
|||
// GetCertPool returns a x509.CertPool if the identity defines a custom root.
|
||||
func (i *Identity) GetCertPool() (*x509.CertPool, error) {
|
||||
if i.Root == "" {
|
||||
//nolint:nilnil // legacy
|
||||
return nil, nil
|
||||
}
|
||||
b, err := os.ReadFile(i.Root)
|
||||
|
|
|
@ -345,7 +345,7 @@ func TestIdentity_GetCertPool(t *testing.T) {
|
|||
return
|
||||
}
|
||||
if got != nil {
|
||||
// nolint:staticcheck // we don't have a different way to check
|
||||
//nolint:staticcheck // we don't have a different way to check
|
||||
// the certificates in the pool.
|
||||
subjects := got.Subjects()
|
||||
if !reflect.DeepEqual(subjects, tt.wantSubjects) {
|
||||
|
|
|
@ -182,19 +182,17 @@ func loadProvisionerJWKByKid(client *Client, kid string, password []byte) (*jose
|
|||
// loadProvisionerJWKByName retrieves the list of provisioners and encrypted key then
|
||||
// returns the key of the first provisioner with a matching name that can be successfully
|
||||
// decrypted with the specified password.
|
||||
func loadProvisionerJWKByName(client *Client, name string, password []byte) (key *jose.JSONWebKey, err error) {
|
||||
func loadProvisionerJWKByName(client *Client, name string, password []byte) (*jose.JSONWebKey, error) {
|
||||
provisioners, err := getProvisioners(client)
|
||||
if err != nil {
|
||||
err = errors.Wrap(err, "error getting the provisioners")
|
||||
return
|
||||
return nil, errors.Wrap(err, "error getting the provisioners")
|
||||
}
|
||||
|
||||
for _, provisioner := range provisioners {
|
||||
if provisioner.GetName() == name {
|
||||
if _, encryptedKey, ok := provisioner.GetEncryptedKey(); ok {
|
||||
key, err = decryptProvisionerJWK(encryptedKey, password)
|
||||
if err == nil {
|
||||
return
|
||||
if key, err := decryptProvisionerJWK(encryptedKey, password); err == nil {
|
||||
return key, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -193,7 +193,7 @@ func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
|
|||
return d
|
||||
}
|
||||
|
||||
// nolint:gosec // not used for cryptographic security
|
||||
//nolint:gosec // not used for cryptographic security
|
||||
func mathRandInt63n(n int64) int64 {
|
||||
return rand.Int63n(n)
|
||||
}
|
||||
|
|
14
ca/tls.go
14
ca/tls.go
|
@ -105,8 +105,8 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
}
|
||||
|
||||
tr := getDefaultTransport(tlsConfig)
|
||||
// Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx) // nolint:staticcheck,gocritic
|
||||
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
|
||||
|
@ -153,8 +153,8 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
|
||||
// Update renew function with transport
|
||||
tr := getDefaultTransport(tlsConfig)
|
||||
// Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx) // nolint:staticcheck,gocritic
|
||||
//nolint:staticcheck // Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
// tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
|
||||
|
@ -194,8 +194,7 @@ func (c *Client) buildDialTLS(ctx *TLSOptionCtx) func(network, addr string) (net
|
|||
}
|
||||
}
|
||||
|
||||
// buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
|
||||
// nolint:unused,gocritic
|
||||
//nolint:unused // buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
|
||||
func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
d := getDefaultDialer()
|
||||
|
@ -253,8 +252,7 @@ func TLSCertificate(sign *api.SignResponse, pk crypto.PrivateKey) (*tls.Certific
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// nolint:gocritic
|
||||
// using a new variable for clarity
|
||||
//nolint:gocritic // using a new variable for clarity
|
||||
chain := append(certPEM, caPEM...)
|
||||
cert, err := tls.X509KeyPair(chain, keyPEM)
|
||||
if err != nil {
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
"github.com/smallstep/certificates/api"
|
||||
)
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func Test_newTLSOptionCtx(t *testing.T) {
|
||||
client, err := NewClient("https://ca.smallstep.com", WithTransport(http.DefaultTransport))
|
||||
if err != nil {
|
||||
|
@ -41,7 +41,7 @@ func Test_newTLSOptionCtx(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestTLSOptionCtx_apply(t *testing.T) {
|
||||
fail := func() TLSOption {
|
||||
return func(ctx *TLSOptionCtx) error {
|
||||
|
@ -78,7 +78,7 @@ func TestTLSOptionCtx_apply(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestRequireAndVerifyClientCert(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
@ -103,7 +103,7 @@ func TestRequireAndVerifyClientCert(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestVerifyClientCertIfGiven(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
@ -128,7 +128,7 @@ func TestVerifyClientCertIfGiven(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddRootCA(t *testing.T) {
|
||||
cert := parseCertificate(rootPEM)
|
||||
pool := x509.NewCertPool()
|
||||
|
@ -161,7 +161,7 @@ func TestAddRootCA(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddClientCA(t *testing.T) {
|
||||
cert := parseCertificate(rootPEM)
|
||||
pool := x509.NewCertPool()
|
||||
|
@ -194,7 +194,7 @@ func TestAddClientCA(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddRootsToRootCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -249,7 +249,7 @@ func TestAddRootsToRootCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddRootsToClientCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -304,7 +304,7 @@ func TestAddRootsToClientCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddFederationToRootCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -369,7 +369,7 @@ func TestAddFederationToRootCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddFederationToClientCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -434,7 +434,7 @@ func TestAddFederationToClientCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddRootsToCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -489,7 +489,7 @@ func TestAddRootsToCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:gosec // test tls config
|
||||
//nolint:gosec // test tls config
|
||||
func TestAddFederationToCAs(t *testing.T) {
|
||||
ca := startCATestServer()
|
||||
defer ca.Close()
|
||||
|
@ -554,7 +554,7 @@ func TestAddFederationToCAs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// nolint:staticcheck,gocritic
|
||||
//nolint:staticcheck,gocritic
|
||||
func equalPools(a, b *x509.CertPool) bool {
|
||||
if reflect.DeepEqual(a, b) {
|
||||
return true
|
||||
|
|
|
@ -59,14 +59,13 @@ func (t Type) String() string {
|
|||
return strings.ToLower(string(t))
|
||||
}
|
||||
|
||||
// ErrNotImplemented is the type of error returned if an operation is not
|
||||
// implemented.
|
||||
type ErrNotImplemented struct {
|
||||
// NotImplementedError is the type of error returned if an operation is not implemented.
|
||||
type NotImplementedError struct {
|
||||
Message string
|
||||
}
|
||||
|
||||
// ErrNotImplemented implements the error interface.
|
||||
func (e ErrNotImplemented) Error() string {
|
||||
// NotImplementedError implements the error interface.
|
||||
func (e NotImplementedError) Error() string {
|
||||
if e.Message != "" {
|
||||
return e.Message
|
||||
}
|
||||
|
@ -75,6 +74,6 @@ func (e ErrNotImplemented) Error() string {
|
|||
|
||||
// StatusCode implements the StatusCoder interface and returns the HTTP 501
|
||||
// error.
|
||||
func (e ErrNotImplemented) StatusCode() int {
|
||||
func (e NotImplementedError) StatusCode() int {
|
||||
return http.StatusNotImplemented
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue