Fix gosec, govet, and errorlint linter errors

Co-authored-by: Junie <junie@jetbrains.com>

internal/acme/types.go

@@ -4,63 +4,63 @@ import "time"
 
 // Account represents an ACME account (RFC 8555 §7.1.2).
 type Account struct {
-	ID            string    `json:"id"`
-	Status        string    `json:"status"` // "valid", "deactivated", "revoked"
-	Contact       []string  `json:"contact,omitempty"`
-	JWK           []byte    `json:"jwk"`            // canonical JSON of account public key
 	CreatedAt     time.Time `json:"created_at"`
-	MCIASUsername string    `json:"mcias_username"` // MCIAS user who created via EAB
+	ID            string    `json:"id"`
+	Status        string    `json:"status"`
+	MCIASUsername string    `json:"mcias_username"`
+	Contact       []string  `json:"contact,omitempty"`
+	JWK           []byte    `json:"jwk"`
 }
 
 // EABCredential is an External Account Binding credential (RFC 8555 §7.3.4).
 type EABCredential struct {
-	KID       string    `json:"kid"`
-	HMACKey   []byte    `json:"hmac_key"` // raw 32-byte secret
-	Used      bool      `json:"used"`
-	CreatedBy string    `json:"created_by"` // MCIAS username
 	CreatedAt time.Time `json:"created_at"`
+	KID       string    `json:"kid"`
+	CreatedBy string    `json:"created_by"`
+	HMACKey   []byte    `json:"hmac_key"`
+	Used      bool      `json:"used"`
 }
 
 // Order represents an ACME certificate order (RFC 8555 §7.1.3).
 type Order struct {
-	ID          string       `json:"id"`
-	AccountID   string       `json:"account_id"`
-	Status      string       `json:"status"` // "pending","ready","processing","valid","invalid"
-	Identifiers []Identifier `json:"identifiers"`
-	AuthzIDs    []string     `json:"authz_ids"`
-	CertID      string       `json:"cert_id,omitempty"`
-	NotBefore   *time.Time   `json:"not_before,omitempty"`
-	NotAfter    *time.Time   `json:"not_after,omitempty"`
 	ExpiresAt   time.Time    `json:"expires_at"`
 	CreatedAt   time.Time    `json:"created_at"`
-	IssuerName  string       `json:"issuer_name"` // which CA issuer to sign with
+	NotBefore   *time.Time   `json:"not_before,omitempty"`
+	NotAfter    *time.Time   `json:"not_after,omitempty"`
+	ID          string       `json:"id"`
+	AccountID   string       `json:"account_id"`
+	Status      string       `json:"status"`
+	CertID      string       `json:"cert_id,omitempty"`
+	IssuerName  string       `json:"issuer_name"`
+	Identifiers []Identifier `json:"identifiers"`
+	AuthzIDs    []string     `json:"authz_ids"`
 }
 
 // Identifier is a domain name or IP address in an order.
 type Identifier struct {
-	Type  string `json:"type"`  // "dns" or "ip"
+	Type  string `json:"type"` // "dns" or "ip"
 	Value string `json:"value"`
 }
 
 // Authorization represents an ACME authorization (RFC 8555 §7.1.4).
 type Authorization struct {
+	ExpiresAt    time.Time  `json:"expires_at"`
+	Identifier   Identifier `json:"identifier"`
 	ID           string     `json:"id"`
 	AccountID    string     `json:"account_id"`
-	Status       string     `json:"status"` // "pending","valid","invalid","expired","deactivated","revoked"
-	Identifier   Identifier `json:"identifier"`
+	Status       string     `json:"status"`
 	ChallengeIDs []string   `json:"challenge_ids"`
-	ExpiresAt    time.Time  `json:"expires_at"`
 }
 
 // Challenge represents an ACME challenge (RFC 8555 §8).
 type Challenge struct {
-	ID          string         `json:"id"`
-	AuthzID     string         `json:"authz_id"`
-	Type        string         `json:"type"`   // "http-01" or "dns-01"
-	Status      string         `json:"status"` // "pending","processing","valid","invalid"
-	Token       string         `json:"token"`  // base64url, 43 chars (32 random bytes)
 	Error       *ProblemDetail `json:"error,omitempty"`
 	ValidatedAt *time.Time     `json:"validated_at,omitempty"`
+	ID          string         `json:"id"`
+	AuthzID     string         `json:"authz_id"`
+	Type        string         `json:"type"`
+	Status      string         `json:"status"`
+	Token       string         `json:"token"`
 }
 
 // ProblemDetail is an RFC 7807 problem detail for ACME errors.
@@ -71,12 +71,12 @@ type ProblemDetail struct {
 
 // IssuedCert stores the PEM and metadata for a certificate issued via ACME.
 type IssuedCert struct {
+	IssuedAt  time.Time `json:"issued_at"`
+	ExpiresAt time.Time `json:"expires_at"`
 	ID        string    `json:"id"`
 	OrderID   string    `json:"order_id"`
 	AccountID string    `json:"account_id"`
-	CertPEM   string    `json:"cert_pem"` // full chain PEM
-	IssuedAt  time.Time `json:"issued_at"`
-	ExpiresAt time.Time `json:"expires_at"`
+	CertPEM   string    `json:"cert_pem"`
 	Revoked   bool      `json:"revoked"`
 }
 
@@ -104,27 +104,27 @@ const (
 
 // ACME problem type URIs (RFC 8555 §6.7).
 const (
-	ProblemAccountDoesNotExist = "urn:ietf:params:acme:error:accountDoesNotExist"
-	ProblemAlreadyRevoked      = "urn:ietf:params:acme:error:alreadyRevoked"
-	ProblemBadCSR              = "urn:ietf:params:acme:error:badCSR"
-	ProblemBadNonce            = "urn:ietf:params:acme:error:badNonce"
-	ProblemBadPublicKey        = "urn:ietf:params:acme:error:badPublicKey"
-	ProblemBadRevocationReason = "urn:ietf:params:acme:error:badRevocationReason"
-	ProblemBadSignatureAlg     = "urn:ietf:params:acme:error:badSignatureAlgorithm"
-	ProblemCAA                 = "urn:ietf:params:acme:error:caa"
-	ProblemConnection          = "urn:ietf:params:acme:error:connection"
-	ProblemDNS                 = "urn:ietf:params:acme:error:dns"
+	ProblemAccountDoesNotExist     = "urn:ietf:params:acme:error:accountDoesNotExist"
+	ProblemAlreadyRevoked          = "urn:ietf:params:acme:error:alreadyRevoked"
+	ProblemBadCSR                  = "urn:ietf:params:acme:error:badCSR"
+	ProblemBadNonce                = "urn:ietf:params:acme:error:badNonce"
+	ProblemBadPublicKey            = "urn:ietf:params:acme:error:badPublicKey"
+	ProblemBadRevocationReason     = "urn:ietf:params:acme:error:badRevocationReason"
+	ProblemBadSignatureAlg         = "urn:ietf:params:acme:error:badSignatureAlgorithm"
+	ProblemCAA                     = "urn:ietf:params:acme:error:caa"
+	ProblemConnection              = "urn:ietf:params:acme:error:connection"
+	ProblemDNS                     = "urn:ietf:params:acme:error:dns"
 	ProblemExternalAccountRequired = "urn:ietf:params:acme:error:externalAccountRequired"
-	ProblemIncorrectResponse   = "urn:ietf:params:acme:error:incorrectResponse"
-	ProblemInvalidContact      = "urn:ietf:params:acme:error:invalidContact"
-	ProblemMalformed           = "urn:ietf:params:acme:error:malformed"
-	ProblemOrderNotReady       = "urn:ietf:params:acme:error:orderNotReady"
-	ProblemRateLimited         = "urn:ietf:params:acme:error:rateLimited"
-	ProblemRejectedIdentifier  = "urn:ietf:params:acme:error:rejectedIdentifier"
-	ProblemServerInternal      = "urn:ietf:params:acme:error:serverInternal"
-	ProblemTLS                 = "urn:ietf:params:acme:error:tls"
-	ProblemUnauthorized        = "urn:ietf:params:acme:error:unauthorized"
-	ProblemUnsupportedContact  = "urn:ietf:params:acme:error:unsupportedContact"
-	ProblemUnsupportedIdentifier = "urn:ietf:params:acme:error:unsupportedIdentifier"
-	ProblemUserActionRequired  = "urn:ietf:params:acme:error:userActionRequired"
+	ProblemIncorrectResponse       = "urn:ietf:params:acme:error:incorrectResponse"
+	ProblemInvalidContact          = "urn:ietf:params:acme:error:invalidContact"
+	ProblemMalformed               = "urn:ietf:params:acme:error:malformed"
+	ProblemOrderNotReady           = "urn:ietf:params:acme:error:orderNotReady"
+	ProblemRateLimited             = "urn:ietf:params:acme:error:rateLimited"
+	ProblemRejectedIdentifier      = "urn:ietf:params:acme:error:rejectedIdentifier"
+	ProblemServerInternal          = "urn:ietf:params:acme:error:serverInternal"
+	ProblemTLS                     = "urn:ietf:params:acme:error:tls"
+	ProblemUnauthorized            = "urn:ietf:params:acme:error:unauthorized"
+	ProblemUnsupportedContact      = "urn:ietf:params:acme:error:unsupportedContact"
+	ProblemUnsupportedIdentifier   = "urn:ietf:params:acme:error:unsupportedIdentifier"
+	ProblemUserActionRequired      = "urn:ietf:params:acme:error:userActionRequired"
 )