fix: misspelling words and remove tailing space

update wording

.github/ISSUE_TEMPLATE/feature_request.md

@@ -15,7 +15,7 @@ assignees: aead
 #### Additional context
 
 1. Are there alternative solutions?
-<!-- If yes, please elaborate -->   
+<!-- If yes, please elaborate -->
 
 2. Would your solution cause a major breaking API change?
 <!-- If yes, which part of the API? -->

.github/workflows/codeql.yml

@@ -24,7 +24,7 @@ jobs:
     # the head of the pull request instead of the merge commit.
     - run: git checkout HEAD^2
       if: ${{ github.event_name == 'pull_request' }}
-      
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1

CREDITS

@@ -4341,19 +4341,19 @@ gopkg.in/check.v1
 https://gopkg.in/check.v1
 ----------------------------------------------------------------
 Gocheck - A rich testing framework for Go
- 
+
 Copyright (c) 2010-2013 Gustavo Niemeyer <gustavo@niemeyer.net>
 
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met: 
+modification, are permitted provided that the following conditions are met:
 
 1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer. 
+   list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution. 
+   and/or other materials provided with the distribution.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -4782,4 +4782,3 @@ https://gopkg.in/yaml.v2
    limitations under the License.
 
 ================================================================
-

README.md

@@ -4,7 +4,7 @@ KES is a stateless and distributed key-management system for high-performance ap
 ## Architecture
 [![KES](https://raw.githubusercontent.com/minio/kes/master/.github/arch.png)](https://min.io)
 
-## Install 
+## Install
 
 ### Binary Releases
 
@@ -33,7 +33,7 @@ docker pull minio/kes
 ```
 GO111MODULE=on go get github.com/minio/kes/cmd/kes
 ```
-> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install). 
+> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
 > Minimum version required is go1.14
 
 ## Getting Started
@@ -47,7 +47,7 @@ If you instead want to run a KES server locally as your first steps then checkou
 
 #### 1. Fetch the root identity
 
-As an inital step, you will need to download the "private" key and certificate
+As an initial step, you will need to download the "private" key and certificate
 to authenticate to the KES server as the root identity.
 ```sh
 curl -sSL --tlsv1.2 \

client.go

@@ -61,7 +61,7 @@ type Client struct {
 }
 
 // NewClient returns a new KES client with the given
-// KES server endpoint that uses the given TLS certficate
+// KES server endpoint that uses the given TLS certificate
 // mTLS authentication.
 //
 // The TLS certificate must be valid for client authentication.
@@ -121,7 +121,7 @@ func NewClientWithConfig(endpoint string, config *tls.Config) *Client {
 // However, only the ciphertext representation gets
 // encoded. The plaintext should never be stored
 // anywhere.
-// Therefore, after unmarshaling there will be no
+// Therefore, after un-marshaling there will be no
 // plaintext representation. To obtain it the
 // ciphertext must be decrypted.
 type DEK struct {
@@ -333,7 +333,7 @@ func (c *Client) GenerateKey(name string, context []byte) (DEK, error) {
 	return DEK(response), nil
 }
 
-// Encrypt encrypts and authentictes the given plaintext
+// Encrypt encrypts and authenticates the given plaintext
 // with the specified key and returns the corresponding
 // ciphertext on success.
 //

cmd/kes/identity.go

@@ -14,7 +14,7 @@ import (
 )
 
 const identityCmdUsage = `usage: %s <command>
-  
+
   assign               Assign an identity to a policy.
   list                 List identities at the KES server.
   forget               Forget an identity.
@@ -50,7 +50,7 @@ func identity(args []string) error {
 
 const assignIdentityCmdUsage = `usage: %s <identity> <policy>
 
-  -k, --insecure       Skip X.509 certificate validation during TLS handshake  
+  -k, --insecure       Skip X.509 certificate validation during TLS handshake
 
   -h, --help           Show list of command-line options
 `
@@ -81,7 +81,7 @@ func assignIdentity(args []string) error {
 
 const listIdentityCmdUsage = `usage: %s [<pattern>]
 
-  -k, --insecure       Skip X.509 certificate validation during TLS handshake  
+  -k, --insecure       Skip X.509 certificate validation during TLS handshake
 
   -h, --help           Show list of command-line options
 `
@@ -140,8 +140,8 @@ func listIdentity(args []string) error {
 
 const forgetIdentityCmdUsage = `usage: %s <identity>
 
-  -k, --insecure       Skip X.509 certificate validation during TLS handshake  
-  
+  -k, --insecure       Skip X.509 certificate validation during TLS handshake
+
   -h, --help           Show list of command-line options
 `
 

cmd/kes/key.go

@@ -15,10 +15,10 @@ const keyCmdUsage = `usage: %s <command>
     create               Create a new secret key at a kes server.
     delete               Delete a secret key from a kes server.
 
-    derive               Derive a new key from a secret key.     
-    decrypt              Decrypt an encrypted key with a secret key. 
+    derive               Derive a new key from a secret key.
+    decrypt              Decrypt an encrypted key with a secret key.
 
-  -h, --help             Show this list of command line optios.
+  -h, --help             Show this list of command line options.
 `
 
 func key(args []string) error {

cmd/kes/log.go

@@ -58,7 +58,7 @@ usage: %s [flags]
 
   --type               Specify the log event type. (default: audit)
                        Valid options are:
-                          --type=audit  
+                          --type=audit
                           --type=error
 
   --json               Print log events as JSON.
@@ -250,20 +250,20 @@ func traceErrorLogWithUI(stream *kes.ErrorStream) error {
 	table.Draw()
 	for stream.Next() {
 		// An error event message has the following form: YY/MM/DD hh/mm/ss <message>.
-		// We split this message into 3 segements:
+		// We split this message into 3 segments:
 		//  1. YY/MM/DD
 		//  2. hh/mm/ss
 		//  3. <message>
 		// The 2nd segment is the day-time and 3rd segment is the actual error message.
 		// We replace any '\n' with a whitespace to avoid multi-line table rows.
-		segements := strings.SplitN(stream.Event().Message, " ", 3)
+		segments := strings.SplitN(stream.Event().Message, " ", 3)
 		var (
 			message *xterm.Cell
 			reqTime *xterm.Cell
 		)
-		if len(segements) == 3 {
-			message = xterm.NewCell(strings.ReplaceAll(segements[2], "\n", " "))
-			reqTime = xterm.NewCell(segements[1])
+		if len(segments) == 3 {
+			message = xterm.NewCell(strings.ReplaceAll(segments[2], "\n", " "))
+			reqTime = xterm.NewCell(segments[1])
 		} else {
 			hh, mm, ss := time.Now().Clock()
 

cmd/kes/policy.go

@@ -18,7 +18,7 @@ import (
 const policyCmdUsage = `Manage named KES policies.
 
 usage: %s <command>
-  
+
   add                  Add a new named policy.
   show                 Download and print a named policy.
   list                 List named policies.
@@ -60,7 +60,7 @@ It reads a JSON encoded policy from the specified file and
 adds it to the policy set of the KES server.
 
 usage: %s <policy> <file>
-  
+
   -k, --insecure       Skip X.509 certificate validation during TLS handshake
 
   -h, --help           Show list of command-line options
@@ -106,7 +106,7 @@ By default, the policy definition is printed in a human-readable
 format to a terminal or as JSON to a UNIX pipe / file.
 
 usage: %s <policy>
-   
+
   -k, --insecure       Skip X.509 certificate validation during TLS handshake
 
   -h, --help           Show list of command-line options

cmd/kes/server.go

@@ -45,15 +45,15 @@ const serverCmdUsage = `usage: %s [options]
   --addr               The address of the server (default: 127.0.0.1:7373)
   --config             Path to the server configuration file
   --root               The identity of root - who can perform any operation.
-                       A root identity must be specified - either via this 
-                       flag or within the config file. This flag takes 
+                       A root identity must be specified - either via this
+                       flag or within the config file. This flag takes
                        precedence over the config file.
 
   --mlock              Lock all allocated memory pages to prevent the OS from
                        swapping them to the disk and eventually leak secrets.
 
   --key                Path to the TLS private key. It takes precedence over
-                       the config file. 
+                       the config file.
   --cert               Path to the TLS certificate. It takes precedence over
                        the config file.
 
@@ -706,7 +706,7 @@ func (tw *timeoutWriter) WriteHeader(statusCode int) {
 func (tw *timeoutWriter) Write(p []byte) (int, error) {
 	// We must not hold the lock while writing to the
 	// underlying http.ResponseWriter (via Write([]byte))
-	// b/c e.g. a slow/malisious client would block the
+	// b/c e.g. a slow/malicious client would block the
 	// lock.Unlock.
 	// In this case we cannot accquire the lock when we
 	// want to mark the timeoutWriter as timed out (See: timeout()).

cmd/kes/tool-identity.go

@@ -59,7 +59,7 @@ func toolIdentity(args []string) error {
 	}
 }
 
-const newIdentityCmdUsage = `usage: %s [options] <name> 
+const newIdentityCmdUsage = `usage: %s [options] <name>
 
   --key                Path to the private key (default: ./private.key)
   --cert               Path to the certificate (default: ./public.cert)

cmd/kes/tool.go

@@ -11,7 +11,7 @@ import (
 )
 
 const toolCmdUsage = `usage: %s <command>
-  
+
   identity             Identity management tools.
 
   -h, --help           Show list of command-line options

error.go

@@ -78,7 +78,7 @@ func (e Error) Error() string { return e.message }
 //
 // If the response status code is < 400, e.g. 200 OK,
 // parseErrorResponse returns nil and does not attempt
-// to read or close the responde body.
+// to read or close the response body.
 //
 // If resp is an error response, parseErrorResponse reads
 // and closes the response body.

internal/auth/policy.go

@@ -200,7 +200,7 @@ func (r *Roles) Verify(req *http.Request) error {
 	return policy.Verify(req)
 }
 
-// Identify computes the idenitiy of the X.509
+// Identify computes the identity of the X.509
 // certificate presented by the peer who sent
 // the request.
 //

internal/auth/proxy.go

@@ -33,7 +33,7 @@ type TLSProxy struct {
 	CertHeader string
 
 	// The X.509 certificate verification options used when
-	// verifiying the certificate that has been sent by the
+	// verifying the certificate that has been sent by the
 	// actual kes client and forwarded by the TLS proxy as
 	// part of the request headers.
 	//

internal/auth/proxy_test.go

@@ -13,24 +13,24 @@ import (
 )
 
 var tlsProxyAddTests = []struct {
-	Identites []kes.Identity
+	Identities []kes.Identity
 }{
 	{
-		Identites: nil,
+		Identities: nil,
 	},
 	{
-		Identites: []kes.Identity{
+		Identities: []kes.Identity{
 			"57eb2da320a48ebe2750e95c50b3d64240aef4cd5d54c28a4f25155e88c98580",
 		},
 	},
 	{
-		Identites: []kes.Identity{
+		Identities: []kes.Identity{
 			kes.IdentityUnknown,
 			"57eb2da320a48ebe2750e95c50b3d64240aef4cd5d54c28a4f25155e88c98580",
 		},
 	},
 	{
-		Identites: []kes.Identity{
+		Identities: []kes.Identity{
 			kes.IdentityUnknown,
 			"57eb2da320a48ebe2750e95c50b3d64240aef4cd5d54c28a4f25155e88c98580",
 			"163d766f3e88f2a02b15a46bc541cc679c4cbb0a060405f298d5fc0d9d876bb3",
@@ -41,7 +41,7 @@ var tlsProxyAddTests = []struct {
 func TestTLSProxyAdd(t *testing.T) {
 	for i, test := range tlsProxyAddTests {
 		var proxy TLSProxy
-		for j, identity := range test.Identites {
+		for j, identity := range test.Identities {
 			proxy.Add(identity)
 			if !identity.IsUnknown() && !proxy.Is(identity) {
 				t.Fatalf("Test %d: %d-th identity '%s' should be a proxy but is not", i, j, identity)

internal/gemalto/client.go

@@ -46,7 +46,7 @@ type client struct {
 // from the given KeySecure endpoint via the given refresh
 // token.
 //
-// Athenticate should be called to obtain the first authentication
+// Authenticate should be called to obtain the first authentication
 // token. This token can then be renewed via RenewAuthToken.
 func (c *client) Authenticate(endpoint string, login Credentials) error {
 	type Request struct {

internal/http/handler.go

@@ -344,7 +344,7 @@ func HandleEncryptKey(store *secret.Store) http.HandlerFunc {
 }
 
 // HandleDecryptKey returns an http.HandlerFunc that decrypts
-// and verifies a ciphertext sent by the client procuded by
+// and verifies a ciphertext sent by the client produced by
 // HandleEncryptKey or HandleGenerateKey.
 //
 // If the client has provided a context value during

internal/http/proxy.go

@@ -30,7 +30,7 @@ func TLSProxy(proxy *auth.TLSProxy, f http.HandlerFunc) http.HandlerFunc {
 		// However, there is no simple and clean solution
 		// that does not require some extended changes.
 		// (One option may be another http.HandlerFunc type)
-		// For now, we can keep this until we've sattled
+		// For now, we can keep this until we've settled
 		// on a cleaner solution.
 
 		aw, ok := w.(*log.AuditResponseWriter)

internal/http/retry.go

@@ -17,7 +17,7 @@ import (
 )
 
 // RetryReader returns an io.ReadSeeker that can be
-// used as request body for retriable requests via
+// used as request body for retryable requests via
 // Seek(0, io.SeekStart).
 // The returned io.ReadSeeker implements io.Closer.
 //
@@ -44,7 +44,7 @@ func (nopCloser) Close() error { return nil }
 //
 // If a request contains a non-nil body then this
 // body must implement io.Seeker. Any io.ReadSeeker
-// can be turned into a requst body via the RetryReader
+// can be turned into a request body via the RetryReader
 // function.
 //
 // Retry retries a request at most N times and waits
@@ -181,7 +181,7 @@ func (r *Retry) Do(req *http.Request) (*http.Response, error) {
 			return nil, &url.Error{
 				Op:  req.Method,
 				URL: req.URL.String(),
-				Err: errors.New("http: request body does not implemement io.Seeker"),
+				Err: errors.New("http: request body does not implement io.Seeker"),
 			}
 		}
 	}

internal/log/json.go

@@ -23,7 +23,7 @@ import (
 //     "message":"<content>"
 //   }
 //
-// Note that a JSONWriter does not try to concatinate
+// Note that a JSONWriter does not try to concatenate
 // multiple Write calls into the same JSON object.
 // The main purpose of a JSONWriter is to convert
 // the output of a log.Logger into JSON.

internal/log/json_test.go

@@ -54,7 +54,7 @@ func TestJSONWriterWrite(t *testing.T) {
 		}
 
 		// Apart from testing that the JSONWriter produces expected output
-		// we also test that the output can be unmarshaled to an ErrorEvent.
+		// we also test that the output can be un-marshaled to an ErrorEvent.
 		// This ensures that the JSONWriter actually implements JSON marshaling
 		// of the ErrorEvent type.