From 9147356d8afd01dcc4553a2574db36f236b79ba8 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 2 May 2022 18:47:47 -0700 Subject: [PATCH] Fix linter errors --- acme/api/handler.go | 4 ++-- acme/api/handler_test.go | 2 +- acme/client.go | 6 ++--- authority/admin/api/handler.go | 4 ---- ca/ca.go | 5 ++-- scep/api/api.go | 42 +++++++++++++++++----------------- scep/authority.go | 14 ------------ 7 files changed, 29 insertions(+), 48 deletions(-) diff --git a/acme/api/handler.go b/acme/api/handler.go index f6d79031..d00f8275 100644 --- a/acme/api/handler.go +++ b/acme/api/handler.go @@ -40,7 +40,7 @@ type payloadInfo struct { // HandlerOptions required to create a new ACME API request handler. type HandlerOptions struct { - // DB storage backend that impements the acme.DB interface. + // DB storage backend that implements the acme.DB interface. // // Deprecated: use acme.NewContex(context.Context, acme.DB) DB acme.DB @@ -50,7 +50,7 @@ type HandlerOptions struct { // Deprecated: use authority.NewContext(context.Context, *authority.Authority) CA acme.CertificateAuthority - // Backdate is the duration that the CA will substract from the current time + // Backdate is the duration that the CA will subtract from the current time // to set the NotBefore in the certificate. Backdate provisioner.Duration diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go index 2ac41228..bd88c96f 100644 --- a/acme/api/handler_test.go +++ b/acme/api/handler_test.go @@ -31,7 +31,7 @@ type mockClient struct { tlsDial func(network, addr string, config *tls.Config) (*tls.Conn, error) } -func (m *mockClient) Get(url string) (*http.Response, error) { return m.get(url) } +func (m *mockClient) Get(u string) (*http.Response, error) { return m.get(u) } func (m *mockClient) LookupTxt(name string) ([]string, error) { return m.lookupTxt(name) } func (m *mockClient) TLSDial(network, addr string, config *tls.Config) (*tls.Conn, error) { return m.tlsDial(network, addr, config) diff --git a/acme/client.go b/acme/client.go index 2b200e45..31f4c975 100644 --- a/acme/client.go +++ b/acme/client.go @@ -37,11 +37,11 @@ func ClientFromContext(ctx context.Context) (c Client, ok bool) { // MustClientFromContext returns the current client from the given context. It will // return a new instance of the client if it does not exist. func MustClientFromContext(ctx context.Context) Client { - if c, ok := ClientFromContext(ctx); !ok { + c, ok := ClientFromContext(ctx) + if !ok { return NewClient() - } else { - return c } + return c } type client struct { diff --git a/authority/admin/api/handler.go b/authority/admin/api/handler.go index 0acd3ca9..95b9cd9c 100644 --- a/authority/admin/api/handler.go +++ b/authority/admin/api/handler.go @@ -40,10 +40,6 @@ func Route(r api.Router, acmeResponder acmeAdminResponderInterface) { return extractAuthorizeTokenAdmin(requireAPIEnabled(next)) } - requireEABEnabled := func(next nextHTTP) nextHTTP { - return requireEABEnabled(next) - } - // Provisioners r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner)) r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners)) diff --git a/ca/ca.go b/ca/ca.go index e910da74..d7943a6c 100644 --- a/ca/ca.go +++ b/ca/ca.go @@ -230,13 +230,12 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) { if err != nil { return nil, errors.Wrap(err, "error creating SCEP authority") } - scepRouterHandler := scepAPI.New(scepAuthority) // According to the RFC (https://tools.ietf.org/html/rfc8894#section-7.10), // SCEP operations are performed using HTTP, so that's why the API is mounted // to the insecure mux. insecureMux.Route("/"+scepPrefix, func(r chi.Router) { - scepRouterHandler.Route(r) + scepAPI.Route(r) }) // The RFC also mentions usage of HTTPS, but seems to advise @@ -246,7 +245,7 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) { // as well as HTTPS can be used to request certificates // using SCEP. mux.Route("/"+scepPrefix, func(r chi.Router) { - scepRouterHandler.Route(r) + scepAPI.Route(r) }) } diff --git a/scep/api/api.go b/scep/api/api.go index 0d62904d..e513aa43 100644 --- a/scep/api/api.go +++ b/scep/api/api.go @@ -38,8 +38,8 @@ type request struct { Message []byte } -// response is a SCEP server response. -type response struct { +// Response is a SCEP server Response. +type Response struct { Operation string CACertNum int Data []byte @@ -81,7 +81,7 @@ func Get(w http.ResponseWriter, r *http.Request) { } ctx := r.Context() - var res response + var res Response switch req.Operation { case opnGetCACert: @@ -110,7 +110,7 @@ func Post(w http.ResponseWriter, r *http.Request) { return } - var res response + var res Response switch req.Operation { case opnPKIOperation: res, err = PKIOperation(r.Context(), req) @@ -207,18 +207,18 @@ func lookupProvisioner(next http.HandlerFunc) http.HandlerFunc { } // GetCACert returns the CA certificates in a SCEP response -func GetCACert(ctx context.Context) (response, error) { +func GetCACert(ctx context.Context) (Response, error) { auth := scep.MustFromContext(ctx) certs, err := auth.GetCACertificates(ctx) if err != nil { - return response{}, err + return Response{}, err } if len(certs) == 0 { - return response{}, errors.New("missing CA cert") + return Response{}, errors.New("missing CA cert") } - res := response{ + res := Response{ Operation: opnGetCACert, CACertNum: len(certs), } @@ -231,7 +231,7 @@ func GetCACert(ctx context.Context) (response, error) { // not signed or encrypted data has to be returned. data, err := microscep.DegenerateCertificates(certs) if err != nil { - return response{}, err + return Response{}, err } res.Data = data } @@ -240,11 +240,11 @@ func GetCACert(ctx context.Context) (response, error) { } // GetCACaps returns the CA capabilities in a SCEP response -func GetCACaps(ctx context.Context) (response, error) { +func GetCACaps(ctx context.Context) (Response, error) { auth := scep.MustFromContext(ctx) caps := auth.GetCACaps(ctx) - res := response{ + res := Response{ Operation: opnGetCACaps, Data: formatCapabilities(caps), } @@ -253,12 +253,12 @@ func GetCACaps(ctx context.Context) (response, error) { } // PKIOperation performs PKI operations and returns a SCEP response -func PKIOperation(ctx context.Context, req request) (response, error) { +func PKIOperation(ctx context.Context, req request) (Response, error) { // parse the message using microscep implementation microMsg, err := microscep.ParsePKIMessage(req.Message) if err != nil { // return the error, because we can't use the msg for creating a CertRep - return response{}, err + return Response{}, err } // this is essentially doing the same as microscep.ParsePKIMessage, but @@ -266,7 +266,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) { // wrapper for the microscep implementation. p7, err := pkcs7.Parse(microMsg.Raw) if err != nil { - return response{}, err + return Response{}, err } // copy over properties to our internal PKIMessage @@ -280,7 +280,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) { auth := scep.MustFromContext(ctx) if err := auth.DecryptPKIEnvelope(ctx, msg); err != nil { - return response{}, err + return Response{}, err } // NOTE: at this point we have sufficient information for returning nicely signed CertReps @@ -315,7 +315,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) { return createFailureResponse(ctx, csr, msg, microscep.BadRequest, fmt.Errorf("error when signing new certificate: %w", err)) } - res := response{ + res := Response{ Operation: opnPKIOperation, Data: certRep.Raw, Certificate: certRep.Certificate, @@ -329,7 +329,7 @@ func formatCapabilities(caps []string) []byte { } // writeResponse writes a SCEP response back to the SCEP client. -func writeResponse(w http.ResponseWriter, res response) { +func writeResponse(w http.ResponseWriter, res Response) { if res.Error != nil { log.Error(w, res.Error) @@ -349,20 +349,20 @@ func fail(w http.ResponseWriter, err error) { http.Error(w, err.Error(), http.StatusInternalServerError) } -func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (response, error) { +func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (Response, error) { auth := scep.MustFromContext(ctx) certRepMsg, err := auth.CreateFailureResponse(ctx, csr, msg, scep.FailInfoName(info), failError.Error()) if err != nil { - return response{}, err + return Response{}, err } - return response{ + return Response{ Operation: opnPKIOperation, Data: certRepMsg.Raw, Error: failError, }, nil } -func contentHeader(r response) string { +func contentHeader(r Response) string { switch r.Operation { default: return "text/plain" diff --git a/scep/authority.go b/scep/authority.go index 946fa948..7fe01c1d 100644 --- a/scep/authority.go +++ b/scep/authority.go @@ -63,20 +63,6 @@ type AuthorityOptions struct { Prefix string } -type optionsKey struct{} - -func newOptionsContext(ctx context.Context, o *AuthorityOptions) context.Context { - return context.WithValue(ctx, optionsKey{}, o) -} - -func optionsFromContext(ctx context.Context) *AuthorityOptions { - o, ok := ctx.Value(optionsKey{}).(*AuthorityOptions) - if !ok { - panic("scep options are not in the context") - } - return o -} - // SignAuthority is the interface for a signing authority type SignAuthority interface { Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)