Merge pull request #954 from shuLhan/shulhan-gofmt

all: reformat all go files with the next gofmt (Go 1.19)
This commit is contained in:
Mariano Cano 2022-06-15 18:11:51 -07:00 committed by GitHub
commit 34f926804d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 102 additions and 78 deletions

View file

@ -107,10 +107,11 @@ func keysAreEqual(x, y *jose.JSONWebKey) bool {
// validateEABJWS verifies the contents of the External Account Binding JWS. // validateEABJWS verifies the contents of the External Account Binding JWS.
// The protected header of the JWS MUST meet the following criteria: // The protected header of the JWS MUST meet the following criteria:
// o The "alg" field MUST indicate a MAC-based algorithm //
// o The "kid" field MUST contain the key identifier provided by the CA // - The "alg" field MUST indicate a MAC-based algorithm
// o The "nonce" field MUST NOT be present // - The "kid" field MUST contain the key identifier provided by the CA
// o The "url" field MUST be set to the same value as the outer JWS // - The "nonce" field MUST NOT be present
// - The "url" field MUST be set to the same value as the outer JWS
func validateEABJWS(ctx context.Context, jws *jose.JSONWebSignature) (string, *acme.Error) { func validateEABJWS(ctx context.Context, jws *jose.JSONWebSignature) (string, *acme.Error) {
if jws == nil { if jws == nil {
return "", acme.NewErrorISE("no JWS provided") return "", acme.NewErrorISE("no JWS provided")

View file

@ -119,13 +119,13 @@ func parseJWS(next nextHTTP) nextHTTP {
// The JWS Unprotected Header [RFC7515] MUST NOT be used // The JWS Unprotected Header [RFC7515] MUST NOT be used
// The JWS Payload MUST NOT be detached // The JWS Payload MUST NOT be detached
// The JWS Protected Header MUST include the following fields: // The JWS Protected Header MUST include the following fields:
// * “alg” (Algorithm) // - “alg” (Algorithm).
// * This field MUST NOT contain “none” or a Message Authentication Code // This field MUST NOT contain “none” or a Message Authentication Code
// (MAC) algorithm (e.g. one in which the algorithm registry description // (MAC) algorithm (e.g. one in which the algorithm registry description
// mentions MAC/HMAC). // mentions MAC/HMAC).
// * “nonce” (defined in Section 6.5) // - “nonce” (defined in Section 6.5)
// * “url” (defined in Section 6.4) // - “url” (defined in Section 6.4)
// * Either “jwk” (JSON Web Key) or “kid” (Key ID) as specified below<Paste> // - Either “jwk” (JSON Web Key) or “kid” (Key ID) as specified below<Paste>
func validateJWS(next nextHTTP) nextHTTP { func validateJWS(next nextHTTP) nextHTTP {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context() ctx := r.Context()

View file

@ -51,21 +51,26 @@ const awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds"
// signature. // signature.
// //
// The first certificate is used in: // The first certificate is used in:
//
// ap-northeast-2, ap-south-1, ap-southeast-1, ap-southeast-2 // ap-northeast-2, ap-south-1, ap-southeast-1, ap-southeast-2
// eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3 // eu-central-1, eu-north-1, eu-west-1, eu-west-2, eu-west-3
// us-east-1, us-east-2, us-west-1, us-west-2 // us-east-1, us-east-2, us-west-1, us-west-2
// ca-central-1, sa-east-1 // ca-central-1, sa-east-1
// //
// The second certificate is used in: // The second certificate is used in:
//
// eu-south-1 // eu-south-1
// //
// The third certificate is used in: // The third certificate is used in:
//
// ap-east-1 // ap-east-1
// //
// The fourth certificate is used in: // The fourth certificate is used in:
//
// af-south-1 // af-south-1
// //
// The fifth certificate is used in: // The fifth certificate is used in:
//
// me-south-1 // me-south-1
const awsCertificate = `-----BEGIN CERTIFICATE----- const awsCertificate = `-----BEGIN CERTIFICATE-----
MIIDIjCCAougAwIBAgIJAKnL4UEDMN/FMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV MIIDIjCCAougAwIBAgIJAKnL4UEDMN/FMA0GCSqGSIb3DQEBBQUAMGoxCzAJBgNV

View file

@ -48,6 +48,7 @@ func Bootstrap(token string) (*Client, error) {
// certificate after 2/3rd of the certificate's lifetime has expired. // certificate after 2/3rd of the certificate's lifetime has expired.
// //
// Usage: // Usage:
//
// // Default example with certificate rotation. // // Default example with certificate rotation.
// client, err := ca.BootstrapClient(ctx.Background(), token) // client, err := ca.BootstrapClient(ctx.Background(), token)
// //
@ -96,6 +97,7 @@ func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*
// ca.AddClientCA(*x509.Certificate). // ca.AddClientCA(*x509.Certificate).
// //
// Usage: // Usage:
//
// // Default example with certificate rotation. // // Default example with certificate rotation.
// srv, err := ca.BootstrapServer(context.Background(), token, &http.Server{ // srv, err := ca.BootstrapServer(context.Background(), token, &http.Server{
// Addr: ":443", // Addr: ":443",
@ -152,6 +154,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
// ca.AddClientCA(*x509.Certificate). // ca.AddClientCA(*x509.Certificate).
// //
// Usage: // Usage:
//
// inner, err := net.Listen("tcp", ":443") // inner, err := net.Listen("tcp", ":443")
// if err != nil { // if err != nil {
// return nil // return nil

View file

@ -523,7 +523,7 @@ func (ca *CA) shouldServeSCEPEndpoints() bool {
return ca.auth.GetSCEPService() != nil return ca.auth.GetSCEPService() != nil
} }
//nolint // ignore linters to allow keeping this function around for debugging // nolint // ignore linters to allow keeping this function around for debugging
func dumpRoutes(mux chi.Routes) { func dumpRoutes(mux chi.Routes) {
// helpful routine for logging all routes // // helpful routine for logging all routes //
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error { walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {

View file

@ -32,7 +32,9 @@ func init() {
var now = time.Now var now = time.Now
// The actual regular expression that matches a certificate authority is: // The actual regular expression that matches a certificate authority is:
//
// ^projects/[a-z][a-z0-9-]{4,28}[a-z0-9]/locations/[a-z0-9-]+/caPools/[a-zA-Z0-9-_]+/certificateAuthorities/[a-zA-Z0-9-_]+$ // ^projects/[a-z][a-z0-9-]{4,28}[a-z0-9]/locations/[a-z0-9-]+/caPools/[a-zA-Z0-9-_]+/certificateAuthorities/[a-zA-Z0-9-_]+$
//
// But we will allow a more flexible one to fail if this changes. // But we will allow a more flexible one to fail if this changes.
var caRegexp = regexp.MustCompile("^projects/[^/]+/locations/[^/]+/caPools/[^/]+/certificateAuthorities/[^/]+$") var caRegexp = regexp.MustCompile("^projects/[^/]+/locations/[^/]+/caPools/[^/]+/certificateAuthorities/[^/]+$")

View file

@ -5,12 +5,13 @@
package cloudcas package cloudcas
import ( import (
privateca "cloud.google.com/go/security/privateca/apiv1"
context "context" context "context"
reflect "reflect"
privateca "cloud.google.com/go/security/privateca/apiv1"
gomock "github.com/golang/mock/gomock" gomock "github.com/golang/mock/gomock"
gax "github.com/googleapis/gax-go/v2" gax "github.com/googleapis/gax-go/v2"
privateca0 "google.golang.org/genproto/googleapis/cloud/security/privateca/v1" privateca0 "google.golang.org/genproto/googleapis/cloud/security/privateca/v1"
reflect "reflect"
) )
// MockCertificateAuthorityClient is a mock of CertificateAuthorityClient interface // MockCertificateAuthorityClient is a mock of CertificateAuthorityClient interface

View file

@ -6,10 +6,11 @@ package cloudcas
import ( import (
context "context" context "context"
reflect "reflect"
gomock "github.com/golang/mock/gomock" gomock "github.com/golang/mock/gomock"
longrunning "google.golang.org/genproto/googleapis/longrunning" longrunning "google.golang.org/genproto/googleapis/longrunning"
emptypb "google.golang.org/protobuf/types/known/emptypb" emptypb "google.golang.org/protobuf/types/known/emptypb"
reflect "reflect"
) )
// MockOperationsServer is a mock of OperationsServer interface // MockOperationsServer is a mock of OperationsServer interface

View file

@ -23,6 +23,7 @@ import (
// defaultOnboardingURL is the production onboarding url, to use a development // defaultOnboardingURL is the production onboarding url, to use a development
// url use: // url use:
//
// export STEP_CA_ONBOARDING_URL=http://localhost:3002/onboarding/ // export STEP_CA_ONBOARDING_URL=http://localhost:3002/onboarding/
const defaultOnboardingURL = "https://api.smallstep.com/onboarding/" const defaultOnboardingURL = "https://api.smallstep.com/onboarding/"

View file

@ -6,9 +6,10 @@ package mock
import ( import (
context "context" context "context"
reflect "reflect"
keyvault "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault" keyvault "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.1/keyvault"
gomock "github.com/golang/mock/gomock" gomock "github.com/golang/mock/gomock"
reflect "reflect"
) )
// KeyVaultClient is a mock of KeyVaultClient interface // KeyVaultClient is a mock of KeyVaultClient interface

View file

@ -279,6 +279,7 @@ func (k *CloudKMS) createKeyRingIfNeeded(name string) error {
// GetPublicKey gets from Google's Cloud KMS a public key by name. Key names // GetPublicKey gets from Google's Cloud KMS a public key by name. Key names
// follow the pattern: // follow the pattern:
//
// projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63}) // projects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})/cryptoKeyVersions/([a-zA-Z0-9_-]{1,63})
func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) { func (k *CloudKMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
if req.Name == "" { if req.Name == "" {

View file

@ -14,8 +14,11 @@ var softHSM2Once sync.Once
// mustPKCS11 configures a *PKCS11 KMS to be used with OpenSC, using for example // mustPKCS11 configures a *PKCS11 KMS to be used with OpenSC, using for example
// a Nitrokey HSM. To initialize these tests we should run: // a Nitrokey HSM. To initialize these tests we should run:
//
// sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 123456 // sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 123456
//
// Or: // Or:
//
// pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so \ // pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so \
// --init-token --init-pin \ // --init-token --init-pin \
// --so-pin=3537363231383830 --new-pin=123456 --pin=123456 \ // --so-pin=3537363231383830 --new-pin=123456 --pin=123456 \

View file

@ -14,11 +14,13 @@ var softHSM2Once sync.Once
// mustPKCS11 configures a *PKCS11 KMS to be used with SoftHSM2. To initialize // mustPKCS11 configures a *PKCS11 KMS to be used with SoftHSM2. To initialize
// these tests, we should run: // these tests, we should run:
//
// softhsm2-util --init-token --free \ // softhsm2-util --init-token --free \
// --token pkcs11-test --label pkcs11-test \ // --token pkcs11-test --label pkcs11-test \
// --so-pin password --pin password // --so-pin password --pin password
// //
// To delete we should run: // To delete we should run:
//
// softhsm2-util --delete-token --token pkcs11-test // softhsm2-util --delete-token --token pkcs11-test
func mustPKCS11(t TBTesting) *PKCS11 { func mustPKCS11(t TBTesting) *PKCS11 {
t.Helper() t.Helper()

View file

@ -14,6 +14,7 @@ var yubiHSM2Once sync.Once
// mustPKCS11 configures a *PKCS11 KMS to be used with YubiHSM2. To initialize // mustPKCS11 configures a *PKCS11 KMS to be used with YubiHSM2. To initialize
// these tests, we should run: // these tests, we should run:
//
// yubihsm-connector -d // yubihsm-connector -d
func mustPKCS11(t TBTesting) *PKCS11 { func mustPKCS11(t TBTesting) *PKCS11 {
t.Helper() t.Helper()

View file

@ -19,7 +19,9 @@ type CommonLogFormat struct{}
// Format implements the logrus.Formatter interface. It returns the given // Format implements the logrus.Formatter interface. It returns the given
// logrus entry as a CLF line with the following format: // logrus entry as a CLF line with the following format:
//
// <request-id> <remote-address> <name> <user-id> <time> <duration> "<method> <path> <protocol>" <status> <size> // <request-id> <remote-address> <name> <user-id> <time> <duration> "<method> <path> <protocol>" <status> <size>
//
// If a field is not known, the hyphen symbol (-) will be used. // If a field is not known, the hyphen symbol (-) will be used.
func (f *CommonLogFormat) Format(entry *logrus.Entry) ([]byte, error) { func (f *CommonLogFormat) Format(entry *logrus.Entry) ([]byte, error) {
data := make([]string, len(clfFields)) data := make([]string, len(clfFields))