Fix linter errors

acme/api/handler.go

@@ -40,7 +40,7 @@ type payloadInfo struct {
 
 // HandlerOptions required to create a new ACME API request handler.
 type HandlerOptions struct {
-	// DB storage backend that impements the acme.DB interface.
+	// DB storage backend that implements the acme.DB interface.
 	//
 	// Deprecated: use acme.NewContex(context.Context, acme.DB)
 	DB acme.DB
@@ -50,7 +50,7 @@ type HandlerOptions struct {
 	// Deprecated: use authority.NewContext(context.Context, *authority.Authority)
 	CA acme.CertificateAuthority
 
-	// Backdate is the duration that the CA will substract from the current time
+	// Backdate is the duration that the CA will subtract from the current time
 	// to set the NotBefore in the certificate.
 	Backdate provisioner.Duration
 

acme/api/handler_test.go

@@ -31,7 +31,7 @@ type mockClient struct {
 	tlsDial   func(network, addr string, config *tls.Config) (*tls.Conn, error)
 }
 
-func (m *mockClient) Get(url string) (*http.Response, error)  { return m.get(url) }
+func (m *mockClient) Get(u string) (*http.Response, error)    { return m.get(u) }
 func (m *mockClient) LookupTxt(name string) ([]string, error) { return m.lookupTxt(name) }
 func (m *mockClient) TLSDial(network, addr string, config *tls.Config) (*tls.Conn, error) {
 	return m.tlsDial(network, addr, config)

acme/client.go

@@ -37,11 +37,11 @@ func ClientFromContext(ctx context.Context) (c Client, ok bool) {
 // MustClientFromContext returns the current client from the given context. It will
 // return a new instance of the client if it does not exist.
 func MustClientFromContext(ctx context.Context) Client {
-	if c, ok := ClientFromContext(ctx); !ok {
+	c, ok := ClientFromContext(ctx)
+	if !ok {
 		return NewClient()
-	} else {
-		return c
 	}
+	return c
 }
 
 type client struct {

authority/admin/api/handler.go

@@ -40,10 +40,6 @@ func Route(r api.Router, acmeResponder acmeAdminResponderInterface) {
 		return extractAuthorizeTokenAdmin(requireAPIEnabled(next))
 	}
 
-	requireEABEnabled := func(next nextHTTP) nextHTTP {
-		return requireEABEnabled(next)
-	}
-
 	// Provisioners
 	r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))
 	r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))

ca/ca.go

@@ -230,13 +230,12 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
 		if err != nil {
 			return nil, errors.Wrap(err, "error creating SCEP authority")
 		}
-		scepRouterHandler := scepAPI.New(scepAuthority)
 
 		// According to the RFC (https://tools.ietf.org/html/rfc8894#section-7.10),
 		// SCEP operations are performed using HTTP, so that's why the API is mounted
 		// to the insecure mux.
 		insecureMux.Route("/"+scepPrefix, func(r chi.Router) {
-			scepRouterHandler.Route(r)
+			scepAPI.Route(r)
 		})
 
 		// The RFC also mentions usage of HTTPS, but seems to advise
@@ -246,7 +245,7 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
 		// as well as HTTPS can be used to request certificates
 		// using SCEP.
 		mux.Route("/"+scepPrefix, func(r chi.Router) {
-			scepRouterHandler.Route(r)
+			scepAPI.Route(r)
 		})
 	}
 

scep/api/api.go

@@ -38,8 +38,8 @@ type request struct {
 	Message   []byte
 }
 
-// response is a SCEP server response.
+// Response is a SCEP server Response.
-type response struct {
+type Response struct {
 	Operation   string
 	CACertNum   int
 	Data        []byte
@@ -81,7 +81,7 @@ func Get(w http.ResponseWriter, r *http.Request) {
 	}
 
 	ctx := r.Context()
-	var res response
+	var res Response
 
 	switch req.Operation {
 	case opnGetCACert:
@@ -110,7 +110,7 @@ func Post(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var res response
+	var res Response
 	switch req.Operation {
 	case opnPKIOperation:
 		res, err = PKIOperation(r.Context(), req)
@@ -207,18 +207,18 @@ func lookupProvisioner(next http.HandlerFunc) http.HandlerFunc {
 }
 
 // GetCACert returns the CA certificates in a SCEP response
-func GetCACert(ctx context.Context) (response, error) {
+func GetCACert(ctx context.Context) (Response, error) {
 	auth := scep.MustFromContext(ctx)
 	certs, err := auth.GetCACertificates(ctx)
 	if err != nil {
-		return response{}, err
+		return Response{}, err
 	}
 
 	if len(certs) == 0 {
-		return response{}, errors.New("missing CA cert")
+		return Response{}, errors.New("missing CA cert")
 	}
 
-	res := response{
+	res := Response{
 		Operation: opnGetCACert,
 		CACertNum: len(certs),
 	}
@@ -231,7 +231,7 @@ func GetCACert(ctx context.Context) (response, error) {
 		// not signed or encrypted data has to be returned.
 		data, err := microscep.DegenerateCertificates(certs)
 		if err != nil {
-			return response{}, err
+			return Response{}, err
 		}
 		res.Data = data
 	}
@@ -240,11 +240,11 @@ func GetCACert(ctx context.Context) (response, error) {
 }
 
 // GetCACaps returns the CA capabilities in a SCEP response
-func GetCACaps(ctx context.Context) (response, error) {
+func GetCACaps(ctx context.Context) (Response, error) {
 	auth := scep.MustFromContext(ctx)
 	caps := auth.GetCACaps(ctx)
 
-	res := response{
+	res := Response{
 		Operation: opnGetCACaps,
 		Data:      formatCapabilities(caps),
 	}
@@ -253,12 +253,12 @@ func GetCACaps(ctx context.Context) (response, error) {
 }
 
 // PKIOperation performs PKI operations and returns a SCEP response
-func PKIOperation(ctx context.Context, req request) (response, error) {
+func PKIOperation(ctx context.Context, req request) (Response, error) {
 	// parse the message using microscep implementation
 	microMsg, err := microscep.ParsePKIMessage(req.Message)
 	if err != nil {
 		// return the error, because we can't use the msg for creating a CertRep
-		return response{}, err
+		return Response{}, err
 	}
 
 	// this is essentially doing the same as microscep.ParsePKIMessage, but
@@ -266,7 +266,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
 	// wrapper for the microscep implementation.
 	p7, err := pkcs7.Parse(microMsg.Raw)
 	if err != nil {
-		return response{}, err
+		return Response{}, err
 	}
 
 	// copy over properties to our internal PKIMessage
@@ -280,7 +280,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
 
 	auth := scep.MustFromContext(ctx)
 	if err := auth.DecryptPKIEnvelope(ctx, msg); err != nil {
-		return response{}, err
+		return Response{}, err
 	}
 
 	// NOTE: at this point we have sufficient information for returning nicely signed CertReps
@@ -315,7 +315,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
 		return createFailureResponse(ctx, csr, msg, microscep.BadRequest, fmt.Errorf("error when signing new certificate: %w", err))
 	}
 
-	res := response{
+	res := Response{
 		Operation:   opnPKIOperation,
 		Data:        certRep.Raw,
 		Certificate: certRep.Certificate,
@@ -329,7 +329,7 @@ func formatCapabilities(caps []string) []byte {
 }
 
 // writeResponse writes a SCEP response back to the SCEP client.
-func writeResponse(w http.ResponseWriter, res response) {
+func writeResponse(w http.ResponseWriter, res Response) {
 
 	if res.Error != nil {
 		log.Error(w, res.Error)
@@ -349,20 +349,20 @@ func fail(w http.ResponseWriter, err error) {
 	http.Error(w, err.Error(), http.StatusInternalServerError)
 }
 
-func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (response, error) {
+func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (Response, error) {
 	auth := scep.MustFromContext(ctx)
 	certRepMsg, err := auth.CreateFailureResponse(ctx, csr, msg, scep.FailInfoName(info), failError.Error())
 	if err != nil {
-		return response{}, err
+		return Response{}, err
 	}
-	return response{
+	return Response{
 		Operation: opnPKIOperation,
 		Data:      certRepMsg.Raw,
 		Error:     failError,
 	}, nil
 }
 
-func contentHeader(r response) string {
+func contentHeader(r Response) string {
 	switch r.Operation {
 	default:
 		return "text/plain"

scep/authority.go

@@ -63,20 +63,6 @@ type AuthorityOptions struct {
 	Prefix string
 }
 
-type optionsKey struct{}
-
-func newOptionsContext(ctx context.Context, o *AuthorityOptions) context.Context {
-	return context.WithValue(ctx, optionsKey{}, o)
-}
-
-func optionsFromContext(ctx context.Context) *AuthorityOptions {
-	o, ok := ctx.Value(optionsKey{}).(*AuthorityOptions)
-	if !ok {
-		panic("scep options are not in the context")
-	}
-	return o
-}
-
 // SignAuthority is the interface for a signing authority
 type SignAuthority interface {
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)