Upgrade certificate 0.26.0 | fix linter warnings (#1140)

* Update certificates to 0.26.0

* Fix linter warnings

command/ca/admin/list.go

@@ -97,7 +97,7 @@ func listAction(ctx *cli.Context) (err error) {
 		if isNotSuperAdmin && a.Type == linkedca.Admin_SUPER_ADMIN {
 			return false
 		}
-		if len(provName) > 0 && a.ProvisionerName != provName {
+		if provName != "" && a.ProvisionerName != provName {
 			return false
 		}
 		return true

command/ca/init.go

@@ -39,10 +39,10 @@ func initCommand() cli.Command {
 		UsageText: `**step ca init**
 [**--root**=<file>] [**--key**=<file>] [**--key-password-file**=<file>] [**--pki**] [**--ssh**]
 [**--helm**] [**--deployment-type**=<name>] [**--name**=<name>]
-[**--dns**=<dns>] [**--address**=<address>] [**--provisioner**=<name>] 
-[**--admin-subject**=<string>] [**--provisioner-password-file**=<file>] 
-[**--password-file**=<file>] [**--ra**=<type>] [**--kms**=<type>] 
-[**--with-ca-url**=<url>] [**--no-db**] [**--remote-management**] 
+[**--dns**=<dns>] [**--address**=<address>] [**--provisioner**=<name>]
+[**--admin-subject**=<string>] [**--provisioner-password-file**=<file>]
+[**--password-file**=<file>] [**--ra**=<type>] [**--kms**=<type>]
+[**--with-ca-url**=<url>] [**--no-db**] [**--remote-management**]
 [**--acme**] [**--context**=<name>] [**--profile**=<name>] [**--authority**=<name>]`,
 		Description: `**step ca init** command initializes a public key infrastructure (PKI) to be
  used by the Certificate Authority.`,
@@ -476,7 +476,7 @@ func initAction(ctx *cli.Context) (err error) {
 			if v, ok := keyManager.(interface{ ValidateName(s string) error }); ok {
 				validateFunc = v.ValidateName
 			} else {
-				validateFunc = func(s string) error {
+				validateFunc = func(_ string) error {
 					return nil
 				}
 			}

command/ca/provisioner/add.go

@@ -99,9 +99,9 @@ SCEP
 **step ca provisioner add** <name> **--type**=SCEP [**--force-cn**] [**--challenge**=<challenge>]
 [**--capabilities**=<capabilities>] [**--include-root**] [**--exclude-intermediate**]
 [**--min-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
-[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-key-file**=<file>] 
+[**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-key-file**=<file>]
 [**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
-[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>] 
+[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
 [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] [**--ca-config**=<file>]`,
 		Flags: []cli.Flag{
@@ -449,7 +449,7 @@ func createJWKDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) {
 		password string
 	)
 
-	if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 {
+	if passwordFile := ctx.String("password-file"); passwordFile != "" {
 		password, err = utils.ReadStringPasswordFromFile(passwordFile)
 		if err != nil {
 			return nil, err

command/ca/provisioner/update.go

@@ -90,7 +90,7 @@ SCEP
 [**--minimum-public-key-length**=<length>] [**--encryption-algorithm-identifier**=<id>]
 [**--scep-decrypter-certificate-file**=<file>] [**--scep-decrypter-key-file**=<file>]
 [**--scep-decrypter-key-uri**=<uri>] [**--scep-decrypter-key-password-file**=<file>]
-[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>] 
+[**--admin-cert**=<file>] [**--admin-key**=<file>] [**--admin-subject**=<subject>]
 [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
 [**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] [**--ca-config**=<file>]`,
 		Flags: []cli.Flag{
@@ -486,7 +486,7 @@ func updateJWKDetails(ctx *cli.Context, p *linkedca.Provisioner) error {
 		err      error
 		password string
 	)
-	if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 {
+	if passwordFile := ctx.String("password-file"); passwordFile != "" {
 		password, err = utils.ReadStringPasswordFromFile(passwordFile)
 		if err != nil {
 			return err

command/ca/rekey.go

@@ -239,12 +239,12 @@ func rekeyCertificateAction(ctx *cli.Context) error {
 	}
 
 	var expiresIn, rekeyPeriod time.Duration
-	if s := ctx.String("expires-in"); len(s) > 0 {
+	if s := ctx.String("expires-in"); s != "" {
 		if expiresIn, err = time.ParseDuration(s); err != nil {
 			return errs.InvalidFlagValue(ctx, "expires-in", s, "")
 		}
 	}
-	if s := ctx.String("rekey-period"); len(s) > 0 {
+	if s := ctx.String("rekey-period"); s != "" {
 		if rekeyPeriod, err = time.ParseDuration(s); err != nil {
 			return errs.InvalidFlagValue(ctx, "rekey-period", s, "")
 		}
@@ -265,7 +265,7 @@ func rekeyCertificateAction(ctx *cli.Context) error {
 	}
 
 	pidFile := ctx.String("pid-file")
-	if len(pidFile) > 0 {
+	if pidFile != "" {
 		pidB, err := os.ReadFile(pidFile)
 		if err != nil {
 			return errs.FileError(err, pidFile)

command/ca/renew.go

@@ -243,12 +243,12 @@ func renewCertificateAction(ctx *cli.Context) error {
 	}
 
 	var expiresIn, renewPeriod time.Duration
-	if s := ctx.String("expires-in"); len(s) > 0 {
+	if s := ctx.String("expires-in"); s != "" {
 		if expiresIn, err = time.ParseDuration(s); err != nil {
 			return errs.InvalidFlagValue(ctx, "expires-in", s, "")
 		}
 	}
-	if s := ctx.String("renew-period"); len(s) > 0 {
+	if s := ctx.String("renew-period"); s != "" {
 		if renewPeriod, err = time.ParseDuration(s); err != nil {
 			return errs.InvalidFlagValue(ctx, "renew-period", s, "")
 		}
@@ -269,7 +269,7 @@ func renewCertificateAction(ctx *cli.Context) error {
 	}
 
 	pidFile := ctx.String("pid-file")
-	if len(pidFile) > 0 {
+	if pidFile != "" {
 		pidB, err := os.ReadFile(pidFile)
 		if err != nil {
 			return errs.FileError(err, pidFile)

command/ca/revoke.go

@@ -231,7 +231,7 @@ func revokeCertificateAction(ctx *cli.Context) error {
 
 	// If cert and key are passed then infer the serial number and certificate
 	// that should be revoked.
-	if len(certFile) > 0 || len(keyFile) > 0 {
+	if certFile != "" || keyFile != "" {
 		// Must be using cert/key flags for mTLS revoke so should be 0 cmd line args.
 		if ctx.NArg() > 0 {
 			return errors.Errorf("'%s %s --cert <certificate> --key <key>' expects no additional positional arguments", ctx.App.Name, ctx.Command.Name)
@@ -242,10 +242,10 @@ func revokeCertificateAction(ctx *cli.Context) error {
 		if keyFile == "" {
 			return errs.RequiredWithFlag(ctx, "cert", "key")
 		}
-		if len(token) > 0 {
+		if token != "" {
 			errs.IncompatibleFlagWithFlag(ctx, "cert", "token")
 		}
-		if len(serial) > 0 {
+		if serial != "" {
 			errs.IncompatibleFlagWithFlag(ctx, "cert", "serial")
 		}
 		var cert []*x509.Certificate
@@ -306,7 +306,7 @@ func newRevokeFlow(ctx *cli.Context, certFile, keyFile string) (*revokeFlow, err
 		if err != nil {
 			return nil, err
 		}
-		if len(certFile) > 0 || len(keyFile) > 0 {
+		if certFile != "" || keyFile != "" {
 			if err := offlineClient.VerifyClientCert(certFile, keyFile); err != nil {
 				return nil, err
 			}
@@ -332,7 +332,7 @@ func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils.
 	rootFile := ctx.String("root")
 	var options []ca.ClientOption
 
-	if len(token) > 0 {
+	if token != "" {
 		tok, err := jose.ParseSigned(token)
 		if err != nil {
 			return nil, errors.Wrap(err, "error parsing flag '--token'")
@@ -346,7 +346,7 @@ func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils.
 		}
 
 		// Prepare client for bootstrap or provisioning tokens
-		if len(claims.SHA) > 0 && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") {
+		if claims.SHA != "" && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") {
 			if caURL == "" {
 				caURL = claims.Audience[0]
 			}

command/ca/token.go

@@ -332,7 +332,7 @@ func tokenAction(ctx *cli.Context) error {
 			return err
 		}
 	}
-	if len(outputFile) > 0 {
+	if outputFile != "" {
 		return utils.WriteFile(outputFile, []byte(token), 0600)
 	}
 	fmt.Println(token)

command/certificate/install.go

@@ -227,7 +227,7 @@ func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) {
 
 	prefix := ctx.String("prefix")
 	if prefix == "" {
-		if len(cert.Subject.CommonName) > 0 {
+		if cert.Subject.CommonName != "" {
 			prefix = cert.Subject.CommonName + " "
 		} else {
 			prefix = "Smallstep Development CA "

command/certificate/key.go

@@ -77,7 +77,7 @@ func keyAction(ctx *cli.Context) error {
 		return err
 	}
 
-	if outputFile := ctx.String("output-file"); len(outputFile) > 0 {
+	if outputFile := ctx.String("output-file"); outputFile != "" {
 		if err := utils.WriteFile(outputFile, pem.EncodeToMemory(block), 0600); err != nil {
 			return err
 		}

command/crl/inspect.go

@@ -387,7 +387,7 @@ func printCRL(crl *CRL) {
 	fmt.Println("Certificate Revocation List (CRL):")
 	fmt.Println("    Data:")
 	fmt.Printf("        Valid: %v\n", crl.Signature.Valid)
-	if len(crl.Signature.Reason) > 0 {
+	if crl.Signature.Reason != "" {
 		fmt.Printf("        Reason: %s\n", crl.Signature.Reason)
 	}
 	fmt.Printf("        Version: %d (0x%x)\n", crl.Version, crl.Version.Add(crl.Version, big.NewInt(-1)))

command/crypto/change-pass.go

@@ -115,7 +115,7 @@ func changePassAction(ctx *cli.Context) error {
 
 	if bytes.HasPrefix(b, []byte("-----BEGIN ")) {
 		opts := []pemutil.Options{pemutil.WithFilename(keyPath)}
-		if len(decryptPassFile) > 0 {
+		if decryptPassFile != "" {
 			opts = append(opts, pemutil.WithPasswordFile(decryptPassFile))
 		}
 		key, err := pemutil.Parse(b, opts...)
@@ -124,7 +124,7 @@ func changePassAction(ctx *cli.Context) error {
 		}
 		opts = []pemutil.Options{}
 		if !noPass {
-			if len(encryptPassFile) > 0 {
+			if encryptPassFile != "" {
 				opts = append(opts, pemutil.WithPasswordFile(encryptPassFile))
 			} else {
 				pass, err := ui.PromptPassword(fmt.Sprintf("Please enter the password to encrypt %s", newKeyPath))
@@ -140,7 +140,7 @@ func changePassAction(ctx *cli.Context) error {
 		}
 	} else {
 		opts := []jose.Option{}
-		if len(decryptPassFile) > 0 {
+		if decryptPassFile != "" {
 			opts = append(opts, jose.WithPasswordFile(decryptPassFile))
 		}
 		jwk, err := jose.ReadKey(keyPath, opts...)
@@ -157,7 +157,7 @@ func changePassAction(ctx *cli.Context) error {
 					return ui.PromptPassword(s)
 				}),
 			}
-			if len(encryptPassFile) > 0 {
+			if encryptPassFile != "" {
 				opts = append(opts, jose.WithPasswordFile(encryptPassFile))
 			}
 			jwe, err := jose.Encrypt(b, opts...)

command/crypto/jwe/decrypt.go

@@ -99,7 +99,7 @@ func decryptAction(ctx *cli.Context) error {
 	// Add parse options
 	var options []jose.Option
 	options = append(options, jose.WithUse("enc"))
-	if len(kid) > 0 {
+	if kid != "" {
 		options = append(options, jose.WithKid(kid))
 	}
 
@@ -113,7 +113,7 @@ func decryptAction(ctx *cli.Context) error {
 		jwk, err = jose.ReadKeySet(jwks, options...)
 	case isPBES2:
 		var password string
-		if len(passwordFile) > 0 {
+		if passwordFile != "" {
 			password, err = utils.ReadStringPasswordFromFile(passwordFile)
 			if err != nil {
 				return err

command/crypto/jwe/encrypt.go

@@ -206,7 +206,7 @@ func encryptAction(ctx *cli.Context) error {
 	if len(alg) > 0 {
 		options = append(options, jose.WithAlg(string(alg)))
 	}
-	if len(kid) > 0 {
+	if kid != "" {
 		options = append(options, jose.WithKid(kid))
 	}
 	if isSubtle {

command/crypto/jwk/create.go

@@ -394,7 +394,7 @@ func createAction(ctx *cli.Context) (err error) {
 	usePassword := true
 	passwordFile := ctx.String("password-file")
 	if ctx.Bool("no-password") {
-		if len(passwordFile) > 0 {
+		if passwordFile != "" {
 			return errs.IncompatibleFlag(ctx, "no-password", "password-file")
 		}
 		if ctx.Bool("insecure") {
@@ -412,7 +412,7 @@ func createAction(ctx *cli.Context) (err error) {
 
 	// Read password if necessary
 	var password string
-	if len(passwordFile) > 0 {
+	if passwordFile != "" {
 		password, err = utils.ReadStringPasswordFromFile(passwordFile)
 		if err != nil {
 			return err

command/crypto/jws/sign.go

@@ -189,34 +189,34 @@ func signAction(ctx *cli.Context) error {
 	jwks := ctx.String("jwks")
 	kid := ctx.String("kid")
 	var isX5C bool
-	if len(x5cCertFile) > 0 {
+	if x5cCertFile != "" {
 		if x5cKeyFile == "" {
 			return errs.RequiredWithOrFlag(ctx, "x5c-cert", "key", "x5c-key")
 		}
-		if len(x5tCertFile) > 0 {
+		if x5tCertFile != "" {
 			return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "x5t-cert")
 		}
 		if ctx.IsSet("jwk") {
 			return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwk")
 		}
-		if len(jwks) > 0 {
+		if jwks != "" {
 			return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwks")
 		}
 		isX5C = true
 	}
 
 	var isX5T bool
-	if len(x5tCertFile) > 0 {
+	if x5tCertFile != "" {
 		if x5tKeyFile == "" {
 			return errs.RequiredWithOrFlag(ctx, "x5t-cert", "key", "x5t-key")
 		}
-		if len(x5cCertFile) > 0 {
+		if x5cCertFile != "" {
 			return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "x5c-cert")
 		}
 		if ctx.IsSet("jwk") {
 			return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwk")
 		}
-		if len(jwks) > 0 {
+		if jwks != "" {
 			return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwks")
 		}
 		isX5T = true
@@ -237,10 +237,10 @@ func signAction(ctx *cli.Context) error {
 	// Add parse options
 	var options []jose.Option
 	options = append(options, jose.WithUse("sig"))
-	if len(alg) > 0 {
+	if alg != "" {
 		options = append(options, jose.WithAlg(alg))
 	}
-	if len(kid) > 0 {
+	if kid != "" {
 		options = append(options, jose.WithKid(kid))
 	}
 	if isSubtle {

command/crypto/jws/verify.go

@@ -121,10 +121,10 @@ func verifyAction(ctx *cli.Context) error {
 	// Add parse options
 	var options []jose.Option
 	options = append(options, jose.WithUse("sig"))
-	if len(alg) > 0 {
+	if alg != "" {
 		options = append(options, jose.WithAlg(alg))
 	}
-	if len(kid) > 0 {
+	if kid != "" {
 		options = append(options, jose.WithKid(kid))
 	}
 	if !ctx.Bool("insecure") {