Fix all errcheck linter issues
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -95,7 +95,7 @@ func (h *Handler) writeACMEError(w http.ResponseWriter, status int, typ, detail
|
||||
h.addNonceHeader(w)
|
||||
w.Header().Set("Content-Type", "application/problem+json")
|
||||
w.WriteHeader(status)
|
||||
json.NewEncoder(w).Encode(map[string]string{
|
||||
_ = json.NewEncoder(w).Encode(map[string]string{
|
||||
"type": typ,
|
||||
"detail": detail,
|
||||
})
|
||||
@@ -106,7 +106,7 @@ func (h *Handler) writeJSON(w http.ResponseWriter, status int, v interface{}) {
|
||||
h.addNonceHeader(w)
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(status)
|
||||
json.NewEncoder(w).Encode(v)
|
||||
_ = json.NewEncoder(w).Encode(v)
|
||||
}
|
||||
|
||||
// loadConfig loads the ACME config for this mount from the barrier.
|
||||
|
||||
@@ -23,7 +23,7 @@ func (h *Handler) validateChallenge(ctx context.Context, chall *Challenge, accou
|
||||
h.logger.Error("acme: load authz for validation", "id", chall.AuthzID, "error", err)
|
||||
chall.Status = StatusInvalid
|
||||
chall.Error = &ProblemDetail{Type: ProblemServerInternal, Detail: "failed to load authorization"}
|
||||
h.saveChallenge(ctx, chall)
|
||||
_ = h.saveChallenge(ctx, chall)
|
||||
return
|
||||
}
|
||||
// Inject the identifier value into the context for validators.
|
||||
@@ -202,7 +202,7 @@ func validateHTTP01(ctx context.Context, chall *Challenge, accountJWK []byte) er
|
||||
if err != nil {
|
||||
return fmt.Errorf("HTTP-01 fetch failed: %w", err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return fmt.Errorf("HTTP-01: unexpected status %d", resp.StatusCode)
|
||||
|
||||
@@ -21,7 +21,7 @@ func setupBarrier(t *testing.T) (*AESGCMBarrier, func()) {
|
||||
t.Fatalf("migrate: %v", err)
|
||||
}
|
||||
b := NewAESGCMBarrier(database)
|
||||
return b, func() { database.Close() }
|
||||
return b, func() { _ = database.Close() }
|
||||
}
|
||||
|
||||
func TestBarrierSealUnseal(t *testing.T) {
|
||||
@@ -54,7 +54,7 @@ func TestBarrierPutGet(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
|
||||
data := []byte("test value")
|
||||
if err := b.Put(ctx, "test/path", data); err != nil {
|
||||
@@ -76,7 +76,7 @@ func TestBarrierGetNotFound(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
|
||||
_, err := b.Get(ctx, "nonexistent")
|
||||
if !errors.Is(err, ErrNotFound) {
|
||||
@@ -90,9 +90,9 @@ func TestBarrierDelete(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
|
||||
b.Put(ctx, "test/delete-me", []byte("data"))
|
||||
_ = b.Put(ctx, "test/delete-me", []byte("data"))
|
||||
if err := b.Delete(ctx, "test/delete-me"); err != nil {
|
||||
t.Fatalf("Delete: %v", err)
|
||||
}
|
||||
@@ -108,11 +108,11 @@ func TestBarrierList(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
|
||||
b.Put(ctx, "engine/ca/default/config", []byte("cfg"))
|
||||
b.Put(ctx, "engine/ca/default/dek", []byte("key"))
|
||||
b.Put(ctx, "engine/transit/main/config", []byte("cfg"))
|
||||
_ = b.Put(ctx, "engine/ca/default/config", []byte("cfg"))
|
||||
_ = b.Put(ctx, "engine/ca/default/dek", []byte("key"))
|
||||
_ = b.Put(ctx, "engine/transit/main/config", []byte("cfg"))
|
||||
|
||||
paths, err := b.List(ctx, "engine/ca/")
|
||||
if err != nil {
|
||||
@@ -148,10 +148,10 @@ func TestBarrierOverwrite(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
|
||||
b.Put(ctx, "test/overwrite", []byte("v1"))
|
||||
b.Put(ctx, "test/overwrite", []byte("v2"))
|
||||
_ = b.Put(ctx, "test/overwrite", []byte("v1"))
|
||||
_ = b.Put(ctx, "test/overwrite", []byte("v2"))
|
||||
|
||||
got, _ := b.Get(ctx, "test/overwrite")
|
||||
if string(got) != "v2" {
|
||||
|
||||
@@ -21,7 +21,7 @@ server_url = "https://mcias.example.com"
|
||||
`
|
||||
dir := t.TempDir()
|
||||
path := filepath.Join(dir, "test.toml")
|
||||
os.WriteFile(path, []byte(content), 0600)
|
||||
_ = os.WriteFile(path, []byte(content), 0600)
|
||||
|
||||
cfg, err := Load(path)
|
||||
if err != nil {
|
||||
@@ -48,7 +48,7 @@ listen_addr = ":8443"
|
||||
`
|
||||
dir := t.TempDir()
|
||||
path := filepath.Join(dir, "test.toml")
|
||||
os.WriteFile(path, []byte(content), 0600)
|
||||
_ = os.WriteFile(path, []byte(content), 0600)
|
||||
|
||||
_, err := Load(path)
|
||||
if err == nil {
|
||||
|
||||
@@ -13,7 +13,7 @@ func TestOpenAndMigrate(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("Open: %v", err)
|
||||
}
|
||||
defer database.Close()
|
||||
defer func() { _ = database.Close() }()
|
||||
|
||||
if err := Migrate(database); err != nil {
|
||||
t.Fatalf("Migrate: %v", err)
|
||||
@@ -37,7 +37,7 @@ func TestOpenAndMigrate(t *testing.T) {
|
||||
|
||||
// Check migration version.
|
||||
var version int
|
||||
database.QueryRow("SELECT MAX(version) FROM schema_migrations").Scan(&version)
|
||||
_ = database.QueryRow("SELECT MAX(version) FROM schema_migrations").Scan(&version)
|
||||
if version != 1 {
|
||||
t.Errorf("migration version: got %d, want 1", version)
|
||||
}
|
||||
|
||||
@@ -79,7 +79,7 @@ func userCaller() *engine.CallerInfo {
|
||||
func setupEngine(t *testing.T) (*CAEngine, *memBarrier) {
|
||||
t.Helper()
|
||||
b := newMemBarrier()
|
||||
eng := NewCAEngine().(*CAEngine)
|
||||
eng := NewCAEngine().(*CAEngine) //nolint:errcheck
|
||||
ctx := context.Background()
|
||||
|
||||
config := map[string]interface{}{
|
||||
@@ -130,7 +130,7 @@ func TestInitializeWithImportedRoot(t *testing.T) {
|
||||
|
||||
// Now initialize a new engine with the imported root.
|
||||
b := newMemBarrier()
|
||||
eng := NewCAEngine().(*CAEngine)
|
||||
eng := NewCAEngine().(*CAEngine) //nolint:errcheck
|
||||
ctx := context.Background()
|
||||
|
||||
config := map[string]interface{}{
|
||||
@@ -230,7 +230,7 @@ func TestCreateIssuer(t *testing.T) {
|
||||
}
|
||||
|
||||
// Verify the issuer cert is an intermediate CA signed by root.
|
||||
certPEM := resp.Data["cert_pem"].(string)
|
||||
certPEM := resp.Data["cert_pem"].(string) //nolint:errcheck
|
||||
block, _ := pem.Decode([]byte(certPEM))
|
||||
if block == nil {
|
||||
t.Fatal("failed to decode issuer cert PEM")
|
||||
@@ -342,7 +342,7 @@ func TestIssueCertificate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Verify the leaf cert.
|
||||
certPEM := resp.Data["cert_pem"].(string)
|
||||
certPEM := resp.Data["cert_pem"].(string) //nolint:errcheck
|
||||
block, _ := pem.Decode([]byte(certPEM))
|
||||
leafCert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
@@ -389,7 +389,7 @@ func TestIssueCertificateWithOverrides(t *testing.T) {
|
||||
t.Fatalf("issue with overrides: %v", err)
|
||||
}
|
||||
|
||||
certPEM := resp.Data["cert_pem"].(string)
|
||||
certPEM := resp.Data["cert_pem"].(string) //nolint:errcheck
|
||||
block, _ := pem.Decode([]byte(certPEM))
|
||||
leafCert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err != nil {
|
||||
@@ -459,7 +459,7 @@ func TestPrivateKeyNotStoredInBarrier(t *testing.T) {
|
||||
t.Fatalf("issue: %v", err)
|
||||
}
|
||||
|
||||
serial := resp.Data["serial"].(string)
|
||||
serial := resp.Data["serial"].(string) //nolint:errcheck
|
||||
|
||||
// Check that the cert record does not contain a private key.
|
||||
recordData, err := b.Get(ctx, "engine/ca/test/certs/"+serial+".json")
|
||||
@@ -499,7 +499,7 @@ func TestRenewCertificate(t *testing.T) {
|
||||
t.Fatalf("issue: %v", err)
|
||||
}
|
||||
|
||||
origSerial := issueResp.Data["serial"].(string)
|
||||
origSerial := issueResp.Data["serial"].(string) //nolint:errcheck
|
||||
|
||||
// Renew.
|
||||
renewResp, err := eng.HandleRequest(ctx, &engine.Request{
|
||||
@@ -513,7 +513,7 @@ func TestRenewCertificate(t *testing.T) {
|
||||
t.Fatalf("renew: %v", err)
|
||||
}
|
||||
|
||||
newSerial := renewResp.Data["serial"].(string)
|
||||
newSerial := renewResp.Data["serial"].(string) //nolint:errcheck
|
||||
if newSerial == origSerial {
|
||||
t.Error("renewed cert should have different serial")
|
||||
}
|
||||
@@ -575,7 +575,7 @@ func TestGetAndListCerts(t *testing.T) {
|
||||
}
|
||||
|
||||
// Get a specific cert.
|
||||
serial := certs[0]["serial"].(string)
|
||||
serial := certs[0]["serial"].(string) //nolint:errcheck
|
||||
getResp, err := eng.HandleRequest(ctx, &engine.Request{
|
||||
Operation: "get-cert",
|
||||
CallerInfo: userCaller(),
|
||||
@@ -607,7 +607,7 @@ func TestUnsealRestoresIssuers(t *testing.T) {
|
||||
}
|
||||
|
||||
// Seal.
|
||||
eng.Seal()
|
||||
_ = eng.Seal()
|
||||
|
||||
// Unseal.
|
||||
if err := eng.Unseal(ctx, b, mountPath); err != nil {
|
||||
|
||||
@@ -98,7 +98,7 @@ func TestRegistryHandleRequest(t *testing.T) {
|
||||
})
|
||||
|
||||
ctx := context.Background()
|
||||
reg.Mount(ctx, "test", EngineTypeTransit, nil)
|
||||
_ = reg.Mount(ctx, "test", EngineTypeTransit, nil)
|
||||
|
||||
resp, err := reg.HandleRequest(ctx, "test", &Request{Operation: "encrypt"})
|
||||
if err != nil {
|
||||
@@ -121,8 +121,8 @@ func TestRegistrySealAll(t *testing.T) {
|
||||
})
|
||||
|
||||
ctx := context.Background()
|
||||
reg.Mount(ctx, "eng1", EngineTypeTransit, nil)
|
||||
reg.Mount(ctx, "eng2", EngineTypeTransit, nil)
|
||||
_ = reg.Mount(ctx, "eng1", EngineTypeTransit, nil)
|
||||
_ = reg.Mount(ctx, "eng2", EngineTypeTransit, nil)
|
||||
|
||||
if err := reg.SealAll(); err != nil {
|
||||
t.Fatalf("SealAll: %v", err)
|
||||
|
||||
@@ -22,9 +22,9 @@ func setupPolicy(t *testing.T) (*Engine, func()) {
|
||||
}
|
||||
b := barrier.NewAESGCMBarrier(database)
|
||||
mek, _ := crypto.GenerateKey()
|
||||
b.Unseal(mek)
|
||||
_ = b.Unseal(mek)
|
||||
e := NewEngine(b)
|
||||
return e, func() { database.Close() }
|
||||
return e, func() { _ = database.Close() }
|
||||
}
|
||||
|
||||
func TestAdminBypass(t *testing.T) {
|
||||
@@ -113,7 +113,7 @@ func TestPolicyPriorityOrder(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
// Lower priority number = higher priority. Deny should win.
|
||||
e.CreateRule(ctx, &Rule{
|
||||
_ = e.CreateRule(ctx, &Rule{
|
||||
ID: "allow-rule",
|
||||
Priority: 200,
|
||||
Effect: EffectAllow,
|
||||
@@ -121,7 +121,7 @@ func TestPolicyPriorityOrder(t *testing.T) {
|
||||
Resources: []string{"engine/transit/*"},
|
||||
Actions: []string{"write"},
|
||||
})
|
||||
e.CreateRule(ctx, &Rule{
|
||||
_ = e.CreateRule(ctx, &Rule{
|
||||
ID: "deny-rule",
|
||||
Priority: 100,
|
||||
Effect: EffectDeny,
|
||||
@@ -146,7 +146,7 @@ func TestPolicyUsernameMatch(t *testing.T) {
|
||||
defer cleanup()
|
||||
ctx := context.Background()
|
||||
|
||||
e.CreateRule(ctx, &Rule{
|
||||
_ = e.CreateRule(ctx, &Rule{
|
||||
ID: "user-specific",
|
||||
Priority: 100,
|
||||
Effect: EffectAllow,
|
||||
|
||||
@@ -24,7 +24,7 @@ func setupSeal(t *testing.T) (*Manager, func()) {
|
||||
}
|
||||
b := barrier.NewAESGCMBarrier(database)
|
||||
mgr := NewManager(database, b, slog.Default())
|
||||
return mgr, func() { database.Close() }
|
||||
return mgr, func() { _ = database.Close() }
|
||||
}
|
||||
|
||||
func TestSealInitializeAndUnseal(t *testing.T) {
|
||||
@@ -69,11 +69,11 @@ func TestSealInitializeAndUnseal(t *testing.T) {
|
||||
func TestSealWrongPassword(t *testing.T) {
|
||||
mgr, cleanup := setupSeal(t)
|
||||
defer cleanup()
|
||||
mgr.CheckInitialized()
|
||||
_ = mgr.CheckInitialized()
|
||||
|
||||
params := crypto.Argon2Params{Time: 1, Memory: 64 * 1024, Threads: 1}
|
||||
mgr.Initialize(context.Background(), []byte("correct"), params)
|
||||
mgr.Seal()
|
||||
_ = mgr.Initialize(context.Background(), []byte("correct"), params)
|
||||
_ = mgr.Seal()
|
||||
|
||||
err := mgr.Unseal([]byte("wrong"))
|
||||
if !errors.Is(err, ErrInvalidPassword) {
|
||||
@@ -84,10 +84,10 @@ func TestSealWrongPassword(t *testing.T) {
|
||||
func TestSealDoubleInitialize(t *testing.T) {
|
||||
mgr, cleanup := setupSeal(t)
|
||||
defer cleanup()
|
||||
mgr.CheckInitialized()
|
||||
_ = mgr.CheckInitialized()
|
||||
|
||||
params := crypto.Argon2Params{Time: 1, Memory: 64 * 1024, Threads: 1}
|
||||
mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
_ = mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
|
||||
err := mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
if !errors.Is(err, ErrAlreadyInitialized) {
|
||||
@@ -101,20 +101,20 @@ func TestSealCheckInitializedPersists(t *testing.T) {
|
||||
|
||||
// First: initialize.
|
||||
database, _ := db.Open(dbPath)
|
||||
db.Migrate(database)
|
||||
_ = db.Migrate(database)
|
||||
b := barrier.NewAESGCMBarrier(database)
|
||||
mgr := NewManager(database, b, slog.Default())
|
||||
mgr.CheckInitialized()
|
||||
_ = mgr.CheckInitialized()
|
||||
params := crypto.Argon2Params{Time: 1, Memory: 64 * 1024, Threads: 1}
|
||||
mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
database.Close()
|
||||
_ = mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
_ = database.Close()
|
||||
|
||||
// Second: reopen and check.
|
||||
database2, _ := db.Open(dbPath)
|
||||
defer database2.Close()
|
||||
defer func() { _ = database2.Close() }()
|
||||
b2 := barrier.NewAESGCMBarrier(database2)
|
||||
mgr2 := NewManager(database2, b2, slog.Default())
|
||||
mgr2.CheckInitialized()
|
||||
_ = mgr2.CheckInitialized()
|
||||
if mgr2.State() != StateSealed {
|
||||
t.Fatalf("state after reopen: got %v, want Sealed", mgr2.State())
|
||||
}
|
||||
|
||||
@@ -32,12 +32,12 @@ func setupTestServer(t *testing.T) (*Server, *seal.Manager, chi.Router) {
|
||||
if err != nil {
|
||||
t.Fatalf("open db: %v", err)
|
||||
}
|
||||
t.Cleanup(func() { database.Close() })
|
||||
db.Migrate(database)
|
||||
t.Cleanup(func() { _ = database.Close() })
|
||||
_ = db.Migrate(database)
|
||||
|
||||
b := barrier.NewAESGCMBarrier(database)
|
||||
sealMgr := seal.NewManager(database, b, slog.Default())
|
||||
sealMgr.CheckInitialized()
|
||||
_ = sealMgr.CheckInitialized()
|
||||
|
||||
// Auth requires MCIAS client which we can't create in tests easily,
|
||||
// so we pass nil and avoid auth-dependent routes in these tests.
|
||||
@@ -80,7 +80,7 @@ func TestStatusEndpoint(t *testing.T) {
|
||||
}
|
||||
|
||||
var resp map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
_ = json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
if resp["state"] != "uninitialized" {
|
||||
t.Errorf("state: got %q, want %q", resp["state"], "uninitialized")
|
||||
}
|
||||
@@ -99,7 +99,7 @@ func TestInitEndpoint(t *testing.T) {
|
||||
}
|
||||
|
||||
var resp map[string]interface{}
|
||||
json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
_ = json.Unmarshal(w.Body.Bytes(), &resp)
|
||||
if resp["state"] != "unsealed" {
|
||||
t.Errorf("state: got %q, want %q", resp["state"], "unsealed")
|
||||
}
|
||||
@@ -118,8 +118,8 @@ func TestUnsealEndpoint(t *testing.T) {
|
||||
|
||||
// Initialize first.
|
||||
params := crypto.Argon2Params{Time: 1, Memory: 64 * 1024, Threads: 1}
|
||||
sealMgr.Initialize(context.Background(), []byte("password"), params)
|
||||
sealMgr.Seal()
|
||||
_ = sealMgr.Initialize(context.Background(), []byte("password"), params)
|
||||
_ = sealMgr.Seal()
|
||||
|
||||
// Unseal with wrong password.
|
||||
body := `{"password":"wrong"}`
|
||||
|
||||
@@ -82,7 +82,7 @@ func (ws *WebServer) handleInit(w http.ResponseWriter, r *http.Request) {
|
||||
ws.renderTemplate(w, "init.html", nil)
|
||||
case http.MethodPost:
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
password := r.FormValue("password")
|
||||
if password == "" {
|
||||
ws.renderTemplate(w, "init.html", map[string]interface{}{"Error": "Password is required"})
|
||||
@@ -113,7 +113,7 @@ func (ws *WebServer) handleUnseal(w http.ResponseWriter, r *http.Request) {
|
||||
ws.renderTemplate(w, "unseal.html", nil)
|
||||
case http.MethodPost:
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
password := r.FormValue("password")
|
||||
if err := ws.vault.Unseal(r.Context(), password); err != nil {
|
||||
msg := "Invalid password"
|
||||
@@ -140,7 +140,7 @@ func (ws *WebServer) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
ws.renderTemplate(w, "login.html", nil)
|
||||
case http.MethodPost:
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
token, err := ws.vault.Login(r.Context(),
|
||||
r.FormValue("username"),
|
||||
r.FormValue("password"),
|
||||
@@ -188,7 +188,7 @@ func (ws *WebServer) handleDashboardMountCA(w http.ResponseWriter, r *http.Reque
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
if err := r.ParseMultipartForm(1 << 20); err != nil {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
}
|
||||
|
||||
mountName := r.FormValue("name")
|
||||
@@ -204,12 +204,12 @@ func (ws *WebServer) handleDashboardMountCA(w http.ResponseWriter, r *http.Reque
|
||||
|
||||
var certPEM, keyPEM string
|
||||
if f, _, err := r.FormFile("cert_file"); err == nil {
|
||||
defer f.Close()
|
||||
defer func() { _ = f.Close() }()
|
||||
data, _ := io.ReadAll(io.LimitReader(f, 1<<20))
|
||||
certPEM = string(data)
|
||||
}
|
||||
if f, _, err := r.FormFile("key_file"); err == nil {
|
||||
defer f.Close()
|
||||
defer func() { _ = f.Close() }()
|
||||
data, _ := io.ReadAll(io.LimitReader(f, 1<<20))
|
||||
keyPEM = string(data)
|
||||
}
|
||||
@@ -291,21 +291,21 @@ func (ws *WebServer) handleImportRoot(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
if err := r.ParseMultipartForm(1 << 20); err != nil {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
}
|
||||
|
||||
certPEM := r.FormValue("cert_pem")
|
||||
keyPEM := r.FormValue("key_pem")
|
||||
if certPEM == "" {
|
||||
if f, _, err := r.FormFile("cert_file"); err == nil {
|
||||
defer f.Close()
|
||||
defer func() { _ = f.Close() }()
|
||||
data, _ := io.ReadAll(io.LimitReader(f, 1<<20))
|
||||
certPEM = string(data)
|
||||
}
|
||||
}
|
||||
if keyPEM == "" {
|
||||
if f, _, err := r.FormFile("key_file"); err == nil {
|
||||
defer f.Close()
|
||||
defer func() { _ = f.Close() }()
|
||||
data, _ := io.ReadAll(io.LimitReader(f, 1<<20))
|
||||
keyPEM = string(data)
|
||||
}
|
||||
@@ -342,7 +342,7 @@ func (ws *WebServer) handleCreateIssuer(w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20)
|
||||
r.ParseForm()
|
||||
_ = r.ParseForm()
|
||||
name := r.FormValue("name")
|
||||
if name == "" {
|
||||
ws.renderPKIWithError(w, r, mountName, info, "Issuer name is required")
|
||||
@@ -391,7 +391,7 @@ func (ws *WebServer) handlePKIIssuer(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
w.Header().Set("Content-Type", "application/x-pem-file")
|
||||
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.pem", issuerName))
|
||||
w.Write(certPEM)
|
||||
_, _ = w.Write(certPEM) //nolint:gosec
|
||||
}
|
||||
|
||||
func (ws *WebServer) renderPKIWithError(w http.ResponseWriter, r *http.Request, mountName string, info *TokenInfo, errMsg string) {
|
||||
|
||||
Reference in New Issue
Block a user