Fix gosec, govet, and errorlint linter errors
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -42,13 +42,13 @@ type issuerState struct {
|
||||
|
||||
// CAEngine implements the CA (PKI) engine.
|
||||
type CAEngine struct {
|
||||
mu sync.RWMutex
|
||||
barrier barrier.Barrier
|
||||
mountPath string
|
||||
rootKey crypto.PrivateKey
|
||||
config *CAConfig
|
||||
rootCert *x509.Certificate
|
||||
rootKey crypto.PrivateKey
|
||||
issuers map[string]*issuerState
|
||||
mountPath string
|
||||
mu sync.RWMutex
|
||||
}
|
||||
|
||||
// NewCAEngine creates a new CA engine instance.
|
||||
@@ -788,13 +788,13 @@ func (e *CAEngine) handleIssue(ctx context.Context, req *engine.Request) (*engin
|
||||
|
||||
return &engine.Response{
|
||||
Data: map[string]interface{}{
|
||||
"serial": serial,
|
||||
"cert_pem": string(leafCertPEM),
|
||||
"key_pem": string(leafKeyPEM),
|
||||
"chain_pem": string(chainPEM),
|
||||
"cn": cn,
|
||||
"sans": allSANs,
|
||||
"issued_by": req.CallerInfo.Username,
|
||||
"serial": serial,
|
||||
"cert_pem": string(leafCertPEM),
|
||||
"key_pem": string(leafKeyPEM),
|
||||
"chain_pem": string(chainPEM),
|
||||
"cn": cn,
|
||||
"sans": allSANs,
|
||||
"issued_by": req.CallerInfo.Username,
|
||||
"expires_at": leafCert.NotAfter,
|
||||
},
|
||||
}, nil
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
@@ -15,8 +16,8 @@ import (
|
||||
|
||||
// memBarrier is an in-memory barrier for testing.
|
||||
type memBarrier struct {
|
||||
mu sync.RWMutex
|
||||
data map[string][]byte
|
||||
mu sync.RWMutex
|
||||
}
|
||||
|
||||
func newMemBarrier() *memBarrier {
|
||||
@@ -82,7 +83,7 @@ func setupEngine(t *testing.T) (*CAEngine, *memBarrier) {
|
||||
ctx := context.Background()
|
||||
|
||||
config := map[string]interface{}{
|
||||
"organization": "TestOrg",
|
||||
"organization": "TestOrg",
|
||||
"key_algorithm": "ecdsa",
|
||||
"key_size": float64(256),
|
||||
"root_expiry": "87600h",
|
||||
@@ -133,7 +134,7 @@ func TestInitializeWithImportedRoot(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
config := map[string]interface{}{
|
||||
"organization": "ImportOrg",
|
||||
"organization": "ImportOrg",
|
||||
"root_cert_pem": string(rootPEM),
|
||||
"root_key_pem": string(srcKeyPEM),
|
||||
}
|
||||
@@ -272,7 +273,7 @@ func TestCreateIssuerRejectsNonAdmin(t *testing.T) {
|
||||
if err == nil {
|
||||
t.Fatal("expected error for non-admin create-issuer")
|
||||
}
|
||||
if err != ErrForbidden {
|
||||
if !errors.Is(err, ErrForbidden) {
|
||||
t.Errorf("expected ErrForbidden, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -289,7 +290,7 @@ func TestCreateIssuerRejectsNilCallerInfo(t *testing.T) {
|
||||
}
|
||||
|
||||
_, err := eng.HandleRequest(ctx, req)
|
||||
if err != ErrUnauthorized {
|
||||
if !errors.Is(err, ErrUnauthorized) {
|
||||
t.Errorf("expected ErrUnauthorized, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -427,7 +428,7 @@ func TestIssueRejectsNilCallerInfo(t *testing.T) {
|
||||
"common_name": "test.example.com",
|
||||
},
|
||||
})
|
||||
if err != ErrUnauthorized {
|
||||
if !errors.Is(err, ErrUnauthorized) {
|
||||
t.Errorf("expected ErrUnauthorized, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -746,7 +747,7 @@ func TestImportRootRequiresAdmin(t *testing.T) {
|
||||
"key_pem": "fake",
|
||||
},
|
||||
})
|
||||
if err != ErrForbidden {
|
||||
if !errors.Is(err, ErrForbidden) {
|
||||
t.Errorf("expected ErrForbidden, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -798,7 +799,7 @@ func TestPublicMethods(t *testing.T) {
|
||||
|
||||
// Test nonexistent issuer.
|
||||
_, err = eng.GetIssuerCertPEM("nonexistent")
|
||||
if err != ErrIssuerNotFound {
|
||||
if !errors.Is(err, ErrIssuerNotFound) {
|
||||
t.Errorf("expected ErrIssuerNotFound, got: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,32 +6,32 @@ import "time"
|
||||
type CAConfig struct {
|
||||
Organization string `json:"organization"`
|
||||
Country string `json:"country,omitempty"`
|
||||
KeyAlgorithm string `json:"key_algorithm"` // "ecdsa", "rsa", "ed25519"
|
||||
KeySize int `json:"key_size"` // e.g. 384 for ECDSA, 4096 for RSA
|
||||
RootExpiry string `json:"root_expiry"` // e.g. "87600h" (10 years)
|
||||
KeyAlgorithm string `json:"key_algorithm"`
|
||||
RootExpiry string `json:"root_expiry"`
|
||||
KeySize int `json:"key_size"`
|
||||
}
|
||||
|
||||
// IssuerConfig is per-issuer configuration stored in the barrier.
|
||||
type IssuerConfig struct {
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
Name string `json:"name"`
|
||||
KeyAlgorithm string `json:"key_algorithm"`
|
||||
KeySize int `json:"key_size"`
|
||||
Expiry string `json:"expiry"` // issuer cert expiry, e.g. "26280h" (3 years)
|
||||
MaxTTL string `json:"max_ttl"` // max leaf cert TTL, e.g. "8760h" (1 year)
|
||||
Expiry string `json:"expiry"`
|
||||
MaxTTL string `json:"max_ttl"`
|
||||
CreatedBy string `json:"created_by"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
KeySize int `json:"key_size"`
|
||||
}
|
||||
|
||||
// CertRecord is metadata for an issued certificate, stored in the barrier.
|
||||
// The private key is NOT stored.
|
||||
type CertRecord struct {
|
||||
IssuedAt time.Time `json:"issued_at"`
|
||||
ExpiresAt time.Time `json:"expires_at"`
|
||||
Serial string `json:"serial"`
|
||||
Issuer string `json:"issuer"`
|
||||
CN string `json:"cn"`
|
||||
SANs []string `json:"sans,omitempty"`
|
||||
Profile string `json:"profile"`
|
||||
CertPEM string `json:"cert_pem"`
|
||||
IssuedBy string `json:"issued_by"`
|
||||
IssuedAt time.Time `json:"issued_at"`
|
||||
ExpiresAt time.Time `json:"expires_at"`
|
||||
SANs []string `json:"sans,omitempty"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user