linter fixes.

certlib/certgen/config.go

@@ -158,7 +158,11 @@ func (p Profile) templateFromRequest(req *x509.CertificateRequest) (*x509.Certif
 	return certTemplate, nil
 }
 
-func (p Profile) SignRequest(parent *x509.Certificate, req *x509.CertificateRequest, priv crypto.PrivateKey) (*x509.Certificate, error) {
+func (p Profile) SignRequest(
+	parent *x509.Certificate,
+	req *x509.CertificateRequest,
+	priv crypto.PrivateKey,
+) (*x509.Certificate, error) {
 	tpl, err := p.templateFromRequest(req)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create certificate template: %w", err)

certlib/certgen/keygen.go

@@ -8,14 +8,13 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
-	"encoding/asn1"
 	"errors"
 	"fmt"
 )
 
-var (
-	oidEd25519 = asn1.ObjectIdentifier{1, 3, 101, 110}
-)
+// var (
+//	oidEd25519 = asn1.ObjectIdentifier{1, 3, 101, 110}
+//)
 
 func GenerateKey(algorithm x509.PublicKeyAlgorithm, bitSize int) (crypto.PublicKey, crypto.PrivateKey, error) {
 	var key crypto.PrivateKey
@@ -28,7 +27,12 @@ func GenerateKey(algorithm x509.PublicKeyAlgorithm, bitSize int) (crypto.PublicK
 	case x509.Ed25519:
 		key, err = rsa.GenerateKey(rand.Reader, bitSize)
 		if err == nil {
-			pub = key.(*rsa.PrivateKey).Public()
+			rsaPriv, ok := key.(*rsa.PrivateKey)
+			if !ok {
+				panic("failed to cast RSA private key to *rsa.PrivateKey")
+			}
+
+			pub = rsaPriv.Public()
 		}
 	case x509.ECDSA:
 		var curve elliptic.Curve
@@ -46,8 +50,17 @@ func GenerateKey(algorithm x509.PublicKeyAlgorithm, bitSize int) (crypto.PublicK
 
 		key, err = ecdsa.GenerateKey(curve, rand.Reader)
 		if err == nil {
-			pub = key.(*ecdsa.PrivateKey).Public()
+			ecPriv, ok := key.(*ecdsa.PrivateKey)
+			if !ok {
+				panic("failed to cast ECDSA private key to *ecdsa.PrivateKey")
+			}
+
+			pub = ecPriv.Public()
 		}
+	case x509.DSA:
+		fallthrough
+	case x509.UnknownPublicKeyAlgorithm:
+		fallthrough
 	default:
 		err = errors.New("unsupported algorithm")
 	}

certlib/dump/dump.go

@@ -54,8 +54,6 @@ var extKeyUsages = map[x509.ExtKeyUsage]string{
 	x509.ExtKeyUsageMicrosoftKernelCodeSigning:     "microsoft kernel code signing",
 }
 
-
-
 func sigAlgoPK(a x509.SignatureAlgorithm) string {
 	switch a {
 	case x509.MD2WithRSA, x509.MD5WithRSA, x509.SHA1WithRSA, x509.SHA256WithRSA, x509.SHA384WithRSA, x509.SHA512WithRSA:

certlib/keymatch_test.go

@@ -1,6 +1,10 @@
-package certlib
+package certlib_test
 
-import "testing"
+import (
+	"testing"
+
+	"git.wntrmute.dev/kyle/goutils/certlib"
+)
 
 var (
 	testCert1 = "testdata/cert1.pem"
@@ -16,25 +20,25 @@ type testCase struct {
 }
 
 var testCases = []testCase{
-	{"testdata/cert1.pem", "testdata/priv1.pem", true},
-	{"testdata/cert2.pem", "testdata/priv2.pem", true},
-	{"testdata/cert1.pem", "testdata/priv2.pem", false},
-	{"testdata/cert2.pem", "testdata/priv1.pem", false},
+	{testCert1, testPriv1, true},
+	{testCert2, testPriv2, true},
+	{testCert1, testPriv2, false},
+	{testCert2, testPriv1, false},
 }
 
 func TestMatchKeys(t *testing.T) {
 	for i, tc := range testCases {
-		cert, err := LoadCertificate(tc.cert)
+		cert, err := certlib.LoadCertificate(tc.cert)
 		if err != nil {
 			t.Fatalf("failed to load cert %d: %v", i, err)
 		}
 
-		priv, err := LoadPrivateKey(tc.key)
+		priv, err := certlib.LoadPrivateKey(tc.key)
 		if err != nil {
 			t.Fatalf("failed to load key %d: %v", i, err)
 		}
 
-		ok, _ := MatchKeys(cert, priv)
+		ok, _ := certlib.MatchKeys(cert, priv)
 		switch {
 		case ok && !tc.match:
 			t.Fatalf("case %d: cert %s/key %s should not match", i, tc.cert, tc.key)