diff --git a/api/api_test.go b/api/api_test.go index 78ebb77d3..c569c2708 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -16,8 +16,8 @@ const ( func simpleHandle(w http.ResponseWriter, r *http.Request) error { _, _, err := ProcessRequestOneOf(r, [][]string{ - []string{"compliment"}, - []string{"critique"}, + {"compliment"}, + {"critique"}, }) if err != nil { return err @@ -29,8 +29,8 @@ func simpleHandle(w http.ResponseWriter, r *http.Request) error { func cleverHandle(w http.ResponseWriter, r *http.Request) error { _, matched, err := ProcessRequestFirstMatchOf(r, [][]string{ - []string{"compliment"}, - []string{"critique"}, + {"compliment"}, + {"critique"}, }) if err != nil { return err diff --git a/api/bundle/bundle.go b/api/bundle/bundle.go index a5ca6c2a6..3f048306b 100644 --- a/api/bundle/bundle.go +++ b/api/bundle/bundle.go @@ -35,8 +35,8 @@ func NewHandler(caBundleFile, intBundleFile string) (http.Handler, error) { func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error { blob, matched, err := api.ProcessRequestFirstMatchOf(r, [][]string{ - []string{"certificate"}, - []string{"domain"}, + {"certificate"}, + {"domain"}, }) if err != nil { log.Warningf("invalid request: %v", err) diff --git a/api/certinfo/certinfo.go b/api/certinfo/certinfo.go index b3bae9a80..75bde07ac 100644 --- a/api/certinfo/certinfo.go +++ b/api/certinfo/certinfo.go @@ -24,8 +24,8 @@ func NewHandler() http.Handler { func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) (err error) { blob, matched, err := api.ProcessRequestFirstMatchOf(r, [][]string{ - []string{"certificate"}, - []string{"domain"}, + {"certificate"}, + {"domain"}, }) if err != nil { log.Warningf("invalid request: %v", err) diff --git a/api/client/client_test.go b/api/client/client_test.go index 799c5e6de..559f22c98 100644 --- a/api/client/client_test.go +++ b/api/client/client_test.go @@ -71,7 +71,7 @@ func TestDefaultAuthSign(t *testing.T) { s := NewAuthServer(".X", testProvider) testRequest := []byte(`testing 1 2 3`) as, err := s.Sign(testRequest) - if as != nil || err == nil{ + if as != nil || err == nil { t.Fatal("expected error with auth sign function") } } diff --git a/api/generator/generator_test.go b/api/generator/generator_test.go index 8667c728c..86ac7ee1c 100644 --- a/api/generator/generator_test.go +++ b/api/generator/generator_test.go @@ -100,7 +100,7 @@ func TestNewCertGeneratorHandlerFromSigner(t *testing.T) { var CAConfig = &config.Config{ Signing: &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "signature": &config.SigningProfile{ + "signature": { Usage: []string{"digital signature"}, Expiry: expiry, }, diff --git a/bundler/bundler.go b/bundler/bundler.go index e7e04c518..c1cf31f69 100644 --- a/bundler/bundler.go +++ b/bundler/bundler.go @@ -478,7 +478,7 @@ func (b *Bundler) fetchIntermediates(certs []*x509.Certificate) (err error) { name = constructCertFileName(cert) } - chain = append([]*fetchedIntermediate{&fetchedIntermediate{cert, name}}, chain...) + chain = append([]*fetchedIntermediate{{cert, name}}, chain...) seen[string(cert.Signature)] = true } diff --git a/bundler/bundler_test.go b/bundler/bundler_test.go index e1587310b..959a2c2dc 100644 --- a/bundler/bundler_test.go +++ b/bundler/bundler_test.go @@ -300,7 +300,7 @@ func TestRebundleExpiring(t *testing.T) { expiry := 1 * time.Hour policy := &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "expireIn1Hour": &config.SigningProfile{ + "expireIn1Hour": { Usage: []string{"cert sign"}, Expiry: expiry, CA: true, diff --git a/cli/ocspdump/ocspdump.go b/cli/ocspdump/ocspdump.go index bbb5d566f..7a45a7b83 100644 --- a/cli/ocspdump/ocspdump.go +++ b/cli/ocspdump/ocspdump.go @@ -6,8 +6,8 @@ import ( "errors" "fmt" - "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/certdb/dbconf" + "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/cli" ) diff --git a/cli/ocsprefresh/ocsprefresh.go b/cli/ocsprefresh/ocsprefresh.go index f654695f7..aa0879baa 100644 --- a/cli/ocsprefresh/ocsprefresh.go +++ b/cli/ocsprefresh/ocsprefresh.go @@ -5,8 +5,8 @@ import ( "errors" "time" - "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/certdb/dbconf" + "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/cli" "github.com/cloudflare/cfssl/helpers" "github.com/cloudflare/cfssl/log" diff --git a/cli/revoke/revoke.go b/cli/revoke/revoke.go index 4d858d7c0..9d891478c 100644 --- a/cli/revoke/revoke.go +++ b/cli/revoke/revoke.go @@ -4,8 +4,8 @@ package revoke import ( "errors" - "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/certdb/dbconf" + "github.com/cloudflare/cfssl/certdb/sql" "github.com/cloudflare/cfssl/cli" "github.com/cloudflare/cfssl/log" "github.com/cloudflare/cfssl/ocsp" diff --git a/crl/crl.go b/crl/crl.go index e4f01b3b9..73ca186ad 100644 --- a/crl/crl.go +++ b/crl/crl.go @@ -56,10 +56,10 @@ func NewCRLFromFile(serialList, issuerFile, keyFile []byte, expiryTime string) ( } revokedCerts = append(revokedCerts, tempCert) } - + strPassword := os.Getenv("CFSSL_CA_PK_PASSWORD") password := []byte(strPassword) - if (strPassword == "") { + if strPassword == "" { password = nil } diff --git a/helpers/helpers.go b/helpers/helpers.go index 2cbf67c46..74d768134 100644 --- a/helpers/helpers.go +++ b/helpers/helpers.go @@ -348,7 +348,7 @@ func GetKeyDERFromPEM(in []byte, password []byte) ([]byte, error) { if keyDER != nil { if procType, ok := keyDER.Headers["Proc-Type"]; ok { if strings.Contains(procType, "ENCRYPTED") { - if (password != nil) { + if password != nil { return x509.DecryptPEMBlock(keyDER, password) } return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted) diff --git a/initca/initca_test.go b/initca/initca_test.go index 8b2300c44..1874a9c4b 100644 --- a/initca/initca_test.go +++ b/initca/initca_test.go @@ -180,11 +180,11 @@ var testValidations = []validation{ CN: "test CA", }, true}, {&csr.CertificateRequest{ - Names: []csr.Name{csr.Name{}}, + Names: []csr.Name{{}}, }, false}, {&csr.CertificateRequest{ Names: []csr.Name{ - csr.Name{O: "Example CA"}, + {O: "Example CA"}, }, }, true}, } diff --git a/ocsp/config/config.go b/ocsp/config/config.go index aeeb478af..fc19aa031 100644 --- a/ocsp/config/config.go +++ b/ocsp/config/config.go @@ -3,17 +3,17 @@ package config import ( - "time" "github.com/cloudflare/cfssl/crypto/pkcs11key" + "time" ) // Config contains configuration information required to set up an OCSP // signer. If PKCS11.Module is non-empty, PKCS11 signing will be used. // Otherwise signing from a key file will be used. type Config struct { - CACertFile string + CACertFile string ResponderCertFile string - KeyFile string - Interval time.Duration - PKCS11 pkcs11key.Config + KeyFile string + Interval time.Duration + PKCS11 pkcs11key.Config } diff --git a/ocsp/pkcs11/pkcs11.go b/ocsp/pkcs11/pkcs11.go index 3c950d49d..2b06ea688 100644 --- a/ocsp/pkcs11/pkcs11.go +++ b/ocsp/pkcs11/pkcs11.go @@ -5,13 +5,13 @@ package pkcs11 import ( - "io/ioutil" "github.com/cloudflare/cfssl/crypto/pkcs11key" "github.com/cloudflare/cfssl/errors" "github.com/cloudflare/cfssl/helpers" "github.com/cloudflare/cfssl/log" "github.com/cloudflare/cfssl/ocsp" ocspConfig "github.com/cloudflare/cfssl/ocsp/config" + "io/ioutil" ) // Enabled is set to true if PKCS #11 support is present. diff --git a/ocsp/responder_test.go b/ocsp/responder_test.go index e0d0e78de..dad5a6e71 100644 --- a/ocsp/responder_test.go +++ b/ocsp/responder_test.go @@ -31,18 +31,18 @@ type testCase struct { func TestOCSP(t *testing.T) { cases := []testCase{ - testCase{"OPTIONS", "/", http.StatusMethodNotAllowed}, - testCase{"GET", "/", http.StatusBadRequest}, + {"OPTIONS", "/", http.StatusMethodNotAllowed}, + {"GET", "/", http.StatusBadRequest}, // Bad URL encoding - testCase{"GET", "%ZZFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, + {"GET", "%ZZFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad URL encoding - testCase{"GET", "%%FQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, + {"GET", "%%FQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad base64 encoding - testCase{"GET", "==MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, + {"GET", "==MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Bad OCSP DER encoding - testCase{"GET", "AAAMFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, + {"GET", "AAAMFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest}, // Good encoding all around, including a double slash - testCase{"GET", "MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK}, + {"GET", "MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK}, } responder := Responder{ diff --git a/ocsp/universal/universal.go b/ocsp/universal/universal.go index a4a5159fb..8bf63ea05 100644 --- a/ocsp/universal/universal.go +++ b/ocsp/universal/universal.go @@ -14,4 +14,3 @@ func NewSignerFromConfig(cfg ocspConfig.Config) (ocsp.Signer, error) { return ocsp.NewSignerFromFile(cfg.CACertFile, cfg.ResponderCertFile, cfg.KeyFile, cfg.Interval) } - diff --git a/scan/tls_handshake.go b/scan/tls_handshake.go index 82c024bc9..af745e8c6 100644 --- a/scan/tls_handshake.go +++ b/scan/tls_handshake.go @@ -306,7 +306,7 @@ func cipherSuiteScan(addr, hostname string) (grade Grade, output Output, err err goto exists } } - cvList = append(cvList, cipherVersions{cipherID, []cipherDatum{cipherDatum{vers, supportedCurves}}}) + cvList = append(cvList, cipherVersions{cipherID, []cipherDatum{{vers, supportedCurves}}}) exists: ciphers = append(ciphers[:cipherIndex], ciphers[cipherIndex+1:]...) } diff --git a/signer/local/local_test.go b/signer/local/local_test.go index 2cccfcd5b..805a5ad3b 100644 --- a/signer/local/local_test.go +++ b/signer/local/local_test.go @@ -47,7 +47,7 @@ func TestNewSignerFromFilePolicy(t *testing.T) { var CAConfig = &config.Config{ Signing: &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "signature": &config.SigningProfile{ + "signature": { Usage: []string{"digital signature"}, Expiry: expiry, }, @@ -70,11 +70,11 @@ func TestNewSignerFromFileInvalidPolicy(t *testing.T) { var invalidConfig = &config.Config{ Signing: &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "invalid": &config.SigningProfile{ + "invalid": { Usage: []string{"wiretapping"}, Expiry: expiry, }, - "empty": &config.SigningProfile{}, + "empty": {}, }, Default: &config.SigningProfile{ Usage: []string{"digital signature"}, @@ -96,11 +96,11 @@ func TestNewSignerFromFileNoUsageInPolicy(t *testing.T) { var invalidConfig = &config.Config{ Signing: &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "invalid": &config.SigningProfile{ + "invalid": { Usage: []string{}, Expiry: expiry, }, - "empty": &config.SigningProfile{}, + "empty": {}, }, Default: &config.SigningProfile{ Usage: []string{"digital signature"}, @@ -642,8 +642,8 @@ func TestOverwriteHosts(t *testing.T) { for _, hosts := range [][]string{ nil, - []string{}, - []string{"127.0.0.1", "localhost", "xyz@example.com"}, + {}, + {"127.0.0.1", "localhost", "xyz@example.com"}, } { request := signer.SignRequest{ Hosts: hosts, @@ -914,7 +914,7 @@ func TestExtensionSign(t *testing.T) { request := signer.SignRequest{ Request: string(csrPEM), Extensions: []signer.Extension{ - signer.Extension{ID: config.OID(asn1.ObjectIdentifier{1, 2, 3, 4})}, + {ID: config.OID(asn1.ObjectIdentifier{1, 2, 3, 4})}, }, } @@ -939,7 +939,7 @@ func TestExtensionSign(t *testing.T) { request = signer.SignRequest{ Request: string(csrPEM), Extensions: []signer.Extension{ - signer.Extension{ID: config.OID(asn1.ObjectIdentifier{1, 2, 3, 5})}, + {ID: config.OID(asn1.ObjectIdentifier{1, 2, 3, 5})}, }, } @@ -955,7 +955,7 @@ func TestExtensionSign(t *testing.T) { request = signer.SignRequest{ Request: string(csrPEM), Extensions: []signer.Extension{ - signer.Extension{ + { ID: config.OID(asn1.ObjectIdentifier{1, 2, 3, 4}), Critical: false, Value: extValueHex, diff --git a/signer/remote/remote_test.go b/signer/remote/remote_test.go index fae9139e5..48c82c6fd 100644 --- a/signer/remote/remote_test.go +++ b/signer/remote/remote_test.go @@ -230,7 +230,7 @@ func newHandler(t *testing.T, caFile, caKeyFile, op string) (http.Handler, error var CAConfig = &config.Config{ Signing: &config.Signing{ Profiles: map[string]*config.SigningProfile{ - "signature": &config.SigningProfile{ + "signature": { Usage: []string{"digital signature"}, Expiry: expiry, }, diff --git a/signer/signer_test.go b/signer/signer_test.go index 45f11697a..1402c2a48 100644 --- a/signer/signer_test.go +++ b/signer/signer_test.go @@ -50,7 +50,7 @@ func TestSplitHosts(t *testing.T) { func TestAddPolicies(t *testing.T) { var cert x509.Certificate addPolicies(&cert, []config.CertificatePolicy{ - config.CertificatePolicy{ + { ID: config.OID([]int{1, 2, 3, 4}), }, }) @@ -75,14 +75,14 @@ func TestAddPolicies(t *testing.T) { func TestAddPoliciesWithQualifiers(t *testing.T) { var cert x509.Certificate addPolicies(&cert, []config.CertificatePolicy{ - config.CertificatePolicy{ + { ID: config.OID([]int{1, 2, 3, 4}), Qualifiers: []config.CertificatePolicyQualifier{ - config.CertificatePolicyQualifier{ + { Type: "id-qt-cps", Value: "http://example.com/cps", }, - config.CertificatePolicyQualifier{ + { Type: "id-qt-unotice", Value: "Do What Thou Wilt", }, diff --git a/transport/kp/key_provider_test.go b/transport/kp/key_provider_test.go index d0c0306ce..fe3218817 100644 --- a/transport/kp/key_provider_test.go +++ b/transport/kp/key_provider_test.go @@ -18,7 +18,7 @@ var testIdentity = &core.Identity{ CN: "localhost test certificate", }, Profiles: map[string]map[string]string{ - "paths": map[string]string{ + "paths": { "private_key": testKey, "certificate": testCert, }, diff --git a/transport/transport_test.go b/transport/transport_test.go index b23b2e5b3..c8c190025 100644 --- a/transport/transport_test.go +++ b/transport/transport_test.go @@ -94,10 +94,10 @@ var ( CN: "localhost test certificate", }, Roots: []*core.Root{ - &core.Root{ + { Type: "system", }, - &core.Root{ + { Type: "cfssl", Metadata: map[string]string{ "host": testRemote, @@ -107,7 +107,7 @@ var ( }, }, Profiles: map[string]map[string]string{ - "paths": map[string]string{ + "paths": { "private_key": testKey, "certificate": testCert, }, @@ -180,7 +180,7 @@ var ( Hosts: []string{"127.0.0.1"}, }, Profiles: map[string]map[string]string{ - "paths": map[string]string{ + "paths": { "private_key": testLKey, "certificate": testLCert, }, @@ -191,10 +191,10 @@ var ( }, }, Roots: []*core.Root{ - &core.Root{ + { Type: "system", }, - &core.Root{ + { Type: "cfssl", Metadata: map[string]string{ "host": testRemote, diff --git a/ubiquity/sha1.go b/ubiquity/sha1.go index a4131e636..2268166e9 100644 --- a/ubiquity/sha1.go +++ b/ubiquity/sha1.go @@ -46,7 +46,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ // Chrome: // if the leaf certificate expires between 01-01-2016 and 01-01-2017 // and the chain (excluding root) contains SHA-1 cert, show "minor errors". - SHA1DeprecationPolicy{ + { Platform: "Google Chrome", Description: "shows the SSL connection has minor problems", Severity: Medium, @@ -55,7 +55,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ // Chrome: // if the leaf certificate expires after Jan. 1st 2017 // and the chain (excluding root) contains SHA-1 cert, show "untrusted SSL". - SHA1DeprecationPolicy{ + { Platform: "Google Chrome", Description: "shows the SSL connection is untrusted", Severity: High, @@ -64,7 +64,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ // Mozilla Firefox: // if the leaf certificate expires after Jan. 1st 2017, and // the chain (excluding root) contains SHA-1 cert, show a warning in the developer console. - SHA1DeprecationPolicy{ + { Platform: "Mozilla Firefox", Description: "gives warning in the developer console", Severity: Low, @@ -73,7 +73,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ // Mozilla Firefox: // if a new certificate is issued after Jan. 1st 2016, and // it is a SHA-1 cert, reject it. - SHA1DeprecationPolicy{ + { Platform: "Mozilla Firefox", Description: "shows the SSL connection is untrusted", Severity: Medium, @@ -82,7 +82,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ }, // Mozilla Firefox: // deprecate all valid SHA-1 cert chain on Jan. 1st 2017 - SHA1DeprecationPolicy{ + { Platform: "Mozilla Firefox", Description: "shows the SSL connection is untrusted", Severity: High, @@ -91,7 +91,7 @@ var SHA1DeprecationPolicys = []SHA1DeprecationPolicy{ }, // Microsoft Windows: // deprecate all valid SHA-1 cert chain on Jan. 1st 2017 - SHA1DeprecationPolicy{ + { Platform: "Microsoft Windows Vista and later", Description: "shows the SSL connection is untrusted", Severity: High,