From 05f95e5b1e9110ea0235dbd4346329fc5aa57eff Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 28 Mar 2024 19:12:36 -0700 Subject: [PATCH] Upgrade certificate 0.26.0 | fix linter warnings (#1140) * Update certificates to 0.26.0 * Fix linter warnings --- command/ca/admin/list.go | 2 +- command/ca/init.go | 10 +++++----- command/ca/provisioner/add.go | 6 +++--- command/ca/provisioner/update.go | 4 ++-- command/ca/rekey.go | 6 +++--- command/ca/renew.go | 6 +++--- command/ca/revoke.go | 12 ++++++------ command/ca/token.go | 2 +- command/certificate/install.go | 2 +- command/certificate/key.go | 2 +- command/crl/inspect.go | 2 +- command/crypto/change-pass.go | 8 ++++---- command/crypto/jwe/decrypt.go | 4 ++-- command/crypto/jwe/encrypt.go | 2 +- command/crypto/jwk/create.go | 4 ++-- command/crypto/jws/sign.go | 16 ++++++++-------- command/crypto/jws/verify.go | 4 ++-- command/crypto/jwt/sign.go | 18 +++++++++--------- command/crypto/jwt/verify.go | 6 +++--- command/crypto/key/public.go | 2 +- command/crypto/keypair.go | 6 +++--- command/crypto/otp/verify.go | 6 +++--- command/fileserver/fileserver.go | 2 +- command/ssh/certificate.go | 2 +- go.mod | 2 +- go.sum | 4 ++-- internal/kdf/phc.go | 2 +- token/parse.go | 2 +- utils/cautils/acmeutils.go | 8 ++++---- utils/cautils/certificate_flow.go | 2 +- utils/cautils/client.go | 2 +- utils/cautils/offline.go | 2 +- utils/cautils/token_generator.go | 4 ++-- 33 files changed, 81 insertions(+), 81 deletions(-) diff --git a/command/ca/admin/list.go b/command/ca/admin/list.go index e3a3e7e1e..890f646d6 100644 --- a/command/ca/admin/list.go +++ b/command/ca/admin/list.go @@ -97,7 +97,7 @@ func listAction(ctx *cli.Context) (err error) { if isNotSuperAdmin && a.Type == linkedca.Admin_SUPER_ADMIN { return false } - if len(provName) > 0 && a.ProvisionerName != provName { + if provName != "" && a.ProvisionerName != provName { return false } return true diff --git a/command/ca/init.go b/command/ca/init.go index e255e17fc..94aadd747 100644 --- a/command/ca/init.go +++ b/command/ca/init.go @@ -39,10 +39,10 @@ func initCommand() cli.Command { UsageText: `**step ca init** [**--root**=] [**--key**=] [**--key-password-file**=] [**--pki**] [**--ssh**] [**--helm**] [**--deployment-type**=] [**--name**=] -[**--dns**=] [**--address**=
] [**--provisioner**=] -[**--admin-subject**=] [**--provisioner-password-file**=] -[**--password-file**=] [**--ra**=] [**--kms**=] -[**--with-ca-url**=] [**--no-db**] [**--remote-management**] +[**--dns**=] [**--address**=
] [**--provisioner**=] +[**--admin-subject**=] [**--provisioner-password-file**=] +[**--password-file**=] [**--ra**=] [**--kms**=] +[**--with-ca-url**=] [**--no-db**] [**--remote-management**] [**--acme**] [**--context**=] [**--profile**=] [**--authority**=]`, Description: `**step ca init** command initializes a public key infrastructure (PKI) to be used by the Certificate Authority.`, @@ -476,7 +476,7 @@ func initAction(ctx *cli.Context) (err error) { if v, ok := keyManager.(interface{ ValidateName(s string) error }); ok { validateFunc = v.ValidateName } else { - validateFunc = func(s string) error { + validateFunc = func(_ string) error { return nil } } diff --git a/command/ca/provisioner/add.go b/command/ca/provisioner/add.go index c6a200457..2b24d2b70 100644 --- a/command/ca/provisioner/add.go +++ b/command/ca/provisioner/add.go @@ -99,9 +99,9 @@ SCEP **step ca provisioner add** **--type**=SCEP [**--force-cn**] [**--challenge**=] [**--capabilities**=] [**--include-root**] [**--exclude-intermediate**] [**--min-public-key-length**=] [**--encryption-algorithm-identifier**=] -[**--scep-decrypter-certificate-file**=] [**--scep-decrypter-key-file**=] +[**--scep-decrypter-certificate-file**=] [**--scep-decrypter-key-file**=] [**--scep-decrypter-key-uri**=] [**--scep-decrypter-key-password-file**=] -[**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] +[**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] [**--admin-provisioner**=] [**--admin-password-file**=] [**--ca-url**=] [**--root**=] [**--context**=] [**--ca-config**=]`, Flags: []cli.Flag{ @@ -449,7 +449,7 @@ func createJWKDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) { password string ) - if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 { + if passwordFile := ctx.String("password-file"); passwordFile != "" { password, err = utils.ReadStringPasswordFromFile(passwordFile) if err != nil { return nil, err diff --git a/command/ca/provisioner/update.go b/command/ca/provisioner/update.go index 526aef6b2..ff836405d 100644 --- a/command/ca/provisioner/update.go +++ b/command/ca/provisioner/update.go @@ -90,7 +90,7 @@ SCEP [**--minimum-public-key-length**=] [**--encryption-algorithm-identifier**=] [**--scep-decrypter-certificate-file**=] [**--scep-decrypter-key-file**=] [**--scep-decrypter-key-uri**=] [**--scep-decrypter-key-password-file**=] -[**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] +[**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] [**--admin-provisioner**=] [**--admin-password-file**=] [**--ca-url**=] [**--root**=] [**--context**=] [**--ca-config**=]`, Flags: []cli.Flag{ @@ -486,7 +486,7 @@ func updateJWKDetails(ctx *cli.Context, p *linkedca.Provisioner) error { err error password string ) - if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 { + if passwordFile := ctx.String("password-file"); passwordFile != "" { password, err = utils.ReadStringPasswordFromFile(passwordFile) if err != nil { return err diff --git a/command/ca/rekey.go b/command/ca/rekey.go index dfb9b9e94..d72d84c6b 100644 --- a/command/ca/rekey.go +++ b/command/ca/rekey.go @@ -239,12 +239,12 @@ func rekeyCertificateAction(ctx *cli.Context) error { } var expiresIn, rekeyPeriod time.Duration - if s := ctx.String("expires-in"); len(s) > 0 { + if s := ctx.String("expires-in"); s != "" { if expiresIn, err = time.ParseDuration(s); err != nil { return errs.InvalidFlagValue(ctx, "expires-in", s, "") } } - if s := ctx.String("rekey-period"); len(s) > 0 { + if s := ctx.String("rekey-period"); s != "" { if rekeyPeriod, err = time.ParseDuration(s); err != nil { return errs.InvalidFlagValue(ctx, "rekey-period", s, "") } @@ -265,7 +265,7 @@ func rekeyCertificateAction(ctx *cli.Context) error { } pidFile := ctx.String("pid-file") - if len(pidFile) > 0 { + if pidFile != "" { pidB, err := os.ReadFile(pidFile) if err != nil { return errs.FileError(err, pidFile) diff --git a/command/ca/renew.go b/command/ca/renew.go index cbe4ef51b..952526e38 100644 --- a/command/ca/renew.go +++ b/command/ca/renew.go @@ -243,12 +243,12 @@ func renewCertificateAction(ctx *cli.Context) error { } var expiresIn, renewPeriod time.Duration - if s := ctx.String("expires-in"); len(s) > 0 { + if s := ctx.String("expires-in"); s != "" { if expiresIn, err = time.ParseDuration(s); err != nil { return errs.InvalidFlagValue(ctx, "expires-in", s, "") } } - if s := ctx.String("renew-period"); len(s) > 0 { + if s := ctx.String("renew-period"); s != "" { if renewPeriod, err = time.ParseDuration(s); err != nil { return errs.InvalidFlagValue(ctx, "renew-period", s, "") } @@ -269,7 +269,7 @@ func renewCertificateAction(ctx *cli.Context) error { } pidFile := ctx.String("pid-file") - if len(pidFile) > 0 { + if pidFile != "" { pidB, err := os.ReadFile(pidFile) if err != nil { return errs.FileError(err, pidFile) diff --git a/command/ca/revoke.go b/command/ca/revoke.go index 1aa104c06..0f3d2fbfd 100644 --- a/command/ca/revoke.go +++ b/command/ca/revoke.go @@ -231,7 +231,7 @@ func revokeCertificateAction(ctx *cli.Context) error { // If cert and key are passed then infer the serial number and certificate // that should be revoked. - if len(certFile) > 0 || len(keyFile) > 0 { + if certFile != "" || keyFile != "" { // Must be using cert/key flags for mTLS revoke so should be 0 cmd line args. if ctx.NArg() > 0 { return errors.Errorf("'%s %s --cert --key ' expects no additional positional arguments", ctx.App.Name, ctx.Command.Name) @@ -242,10 +242,10 @@ func revokeCertificateAction(ctx *cli.Context) error { if keyFile == "" { return errs.RequiredWithFlag(ctx, "cert", "key") } - if len(token) > 0 { + if token != "" { errs.IncompatibleFlagWithFlag(ctx, "cert", "token") } - if len(serial) > 0 { + if serial != "" { errs.IncompatibleFlagWithFlag(ctx, "cert", "serial") } var cert []*x509.Certificate @@ -306,7 +306,7 @@ func newRevokeFlow(ctx *cli.Context, certFile, keyFile string) (*revokeFlow, err if err != nil { return nil, err } - if len(certFile) > 0 || len(keyFile) > 0 { + if certFile != "" || keyFile != "" { if err := offlineClient.VerifyClientCert(certFile, keyFile); err != nil { return nil, err } @@ -332,7 +332,7 @@ func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils. rootFile := ctx.String("root") var options []ca.ClientOption - if len(token) > 0 { + if token != "" { tok, err := jose.ParseSigned(token) if err != nil { return nil, errors.Wrap(err, "error parsing flag '--token'") @@ -346,7 +346,7 @@ func (f *revokeFlow) getClient(ctx *cli.Context, serial, token string) (cautils. } // Prepare client for bootstrap or provisioning tokens - if len(claims.SHA) > 0 && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") { + if claims.SHA != "" && len(claims.Audience) > 0 && strings.HasPrefix(strings.ToLower(claims.Audience[0]), "http") { if caURL == "" { caURL = claims.Audience[0] } diff --git a/command/ca/token.go b/command/ca/token.go index 8212b6319..84d6ffb68 100644 --- a/command/ca/token.go +++ b/command/ca/token.go @@ -332,7 +332,7 @@ func tokenAction(ctx *cli.Context) error { return err } } - if len(outputFile) > 0 { + if outputFile != "" { return utils.WriteFile(outputFile, []byte(token), 0600) } fmt.Println(token) diff --git a/command/certificate/install.go b/command/certificate/install.go index 314bc3c96..d07a465e1 100644 --- a/command/certificate/install.go +++ b/command/certificate/install.go @@ -227,7 +227,7 @@ func getTruststoreOptions(ctx *cli.Context) ([]truststore.Option, error) { prefix := ctx.String("prefix") if prefix == "" { - if len(cert.Subject.CommonName) > 0 { + if cert.Subject.CommonName != "" { prefix = cert.Subject.CommonName + " " } else { prefix = "Smallstep Development CA " diff --git a/command/certificate/key.go b/command/certificate/key.go index 582d7ed2b..d3cd2d3ac 100644 --- a/command/certificate/key.go +++ b/command/certificate/key.go @@ -77,7 +77,7 @@ func keyAction(ctx *cli.Context) error { return err } - if outputFile := ctx.String("output-file"); len(outputFile) > 0 { + if outputFile := ctx.String("output-file"); outputFile != "" { if err := utils.WriteFile(outputFile, pem.EncodeToMemory(block), 0600); err != nil { return err } diff --git a/command/crl/inspect.go b/command/crl/inspect.go index ca2a6198a..215de538a 100644 --- a/command/crl/inspect.go +++ b/command/crl/inspect.go @@ -387,7 +387,7 @@ func printCRL(crl *CRL) { fmt.Println("Certificate Revocation List (CRL):") fmt.Println(" Data:") fmt.Printf(" Valid: %v\n", crl.Signature.Valid) - if len(crl.Signature.Reason) > 0 { + if crl.Signature.Reason != "" { fmt.Printf(" Reason: %s\n", crl.Signature.Reason) } fmt.Printf(" Version: %d (0x%x)\n", crl.Version, crl.Version.Add(crl.Version, big.NewInt(-1))) diff --git a/command/crypto/change-pass.go b/command/crypto/change-pass.go index 6e4e15b5b..e47f51c21 100644 --- a/command/crypto/change-pass.go +++ b/command/crypto/change-pass.go @@ -115,7 +115,7 @@ func changePassAction(ctx *cli.Context) error { if bytes.HasPrefix(b, []byte("-----BEGIN ")) { opts := []pemutil.Options{pemutil.WithFilename(keyPath)} - if len(decryptPassFile) > 0 { + if decryptPassFile != "" { opts = append(opts, pemutil.WithPasswordFile(decryptPassFile)) } key, err := pemutil.Parse(b, opts...) @@ -124,7 +124,7 @@ func changePassAction(ctx *cli.Context) error { } opts = []pemutil.Options{} if !noPass { - if len(encryptPassFile) > 0 { + if encryptPassFile != "" { opts = append(opts, pemutil.WithPasswordFile(encryptPassFile)) } else { pass, err := ui.PromptPassword(fmt.Sprintf("Please enter the password to encrypt %s", newKeyPath)) @@ -140,7 +140,7 @@ func changePassAction(ctx *cli.Context) error { } } else { opts := []jose.Option{} - if len(decryptPassFile) > 0 { + if decryptPassFile != "" { opts = append(opts, jose.WithPasswordFile(decryptPassFile)) } jwk, err := jose.ReadKey(keyPath, opts...) @@ -157,7 +157,7 @@ func changePassAction(ctx *cli.Context) error { return ui.PromptPassword(s) }), } - if len(encryptPassFile) > 0 { + if encryptPassFile != "" { opts = append(opts, jose.WithPasswordFile(encryptPassFile)) } jwe, err := jose.Encrypt(b, opts...) diff --git a/command/crypto/jwe/decrypt.go b/command/crypto/jwe/decrypt.go index cb02014b7..960a29f56 100644 --- a/command/crypto/jwe/decrypt.go +++ b/command/crypto/jwe/decrypt.go @@ -99,7 +99,7 @@ func decryptAction(ctx *cli.Context) error { // Add parse options var options []jose.Option options = append(options, jose.WithUse("enc")) - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } @@ -113,7 +113,7 @@ func decryptAction(ctx *cli.Context) error { jwk, err = jose.ReadKeySet(jwks, options...) case isPBES2: var password string - if len(passwordFile) > 0 { + if passwordFile != "" { password, err = utils.ReadStringPasswordFromFile(passwordFile) if err != nil { return err diff --git a/command/crypto/jwe/encrypt.go b/command/crypto/jwe/encrypt.go index f71148945..f0fd7fad4 100644 --- a/command/crypto/jwe/encrypt.go +++ b/command/crypto/jwe/encrypt.go @@ -206,7 +206,7 @@ func encryptAction(ctx *cli.Context) error { if len(alg) > 0 { options = append(options, jose.WithAlg(string(alg))) } - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } if isSubtle { diff --git a/command/crypto/jwk/create.go b/command/crypto/jwk/create.go index 59aee24b7..090bbb3b4 100644 --- a/command/crypto/jwk/create.go +++ b/command/crypto/jwk/create.go @@ -394,7 +394,7 @@ func createAction(ctx *cli.Context) (err error) { usePassword := true passwordFile := ctx.String("password-file") if ctx.Bool("no-password") { - if len(passwordFile) > 0 { + if passwordFile != "" { return errs.IncompatibleFlag(ctx, "no-password", "password-file") } if ctx.Bool("insecure") { @@ -412,7 +412,7 @@ func createAction(ctx *cli.Context) (err error) { // Read password if necessary var password string - if len(passwordFile) > 0 { + if passwordFile != "" { password, err = utils.ReadStringPasswordFromFile(passwordFile) if err != nil { return err diff --git a/command/crypto/jws/sign.go b/command/crypto/jws/sign.go index 1729ed183..2f284f58a 100644 --- a/command/crypto/jws/sign.go +++ b/command/crypto/jws/sign.go @@ -189,34 +189,34 @@ func signAction(ctx *cli.Context) error { jwks := ctx.String("jwks") kid := ctx.String("kid") var isX5C bool - if len(x5cCertFile) > 0 { + if x5cCertFile != "" { if x5cKeyFile == "" { return errs.RequiredWithOrFlag(ctx, "x5c-cert", "key", "x5c-key") } - if len(x5tCertFile) > 0 { + if x5tCertFile != "" { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "x5t-cert") } if ctx.IsSet("jwk") { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwk") } - if len(jwks) > 0 { + if jwks != "" { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwks") } isX5C = true } var isX5T bool - if len(x5tCertFile) > 0 { + if x5tCertFile != "" { if x5tKeyFile == "" { return errs.RequiredWithOrFlag(ctx, "x5t-cert", "key", "x5t-key") } - if len(x5cCertFile) > 0 { + if x5cCertFile != "" { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "x5c-cert") } if ctx.IsSet("jwk") { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwk") } - if len(jwks) > 0 { + if jwks != "" { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwks") } isX5T = true @@ -237,10 +237,10 @@ func signAction(ctx *cli.Context) error { // Add parse options var options []jose.Option options = append(options, jose.WithUse("sig")) - if len(alg) > 0 { + if alg != "" { options = append(options, jose.WithAlg(alg)) } - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } if isSubtle { diff --git a/command/crypto/jws/verify.go b/command/crypto/jws/verify.go index 89ba85a07..f18a69237 100644 --- a/command/crypto/jws/verify.go +++ b/command/crypto/jws/verify.go @@ -121,10 +121,10 @@ func verifyAction(ctx *cli.Context) error { // Add parse options var options []jose.Option options = append(options, jose.WithUse("sig")) - if len(alg) > 0 { + if alg != "" { options = append(options, jose.WithAlg(alg)) } - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } if !ctx.Bool("insecure") { diff --git a/command/crypto/jwt/sign.go b/command/crypto/jwt/sign.go index f5fd85b87..9b6a4c4c5 100644 --- a/command/crypto/jwt/sign.go +++ b/command/crypto/jwt/sign.go @@ -239,34 +239,34 @@ func signAction(ctx *cli.Context) error { jwks := ctx.String("jwks") kid := ctx.String("kid") var isX5C bool - if len(x5cCertFile) > 0 { + if x5cCertFile != "" { if x5cKeyFile == "" { return errs.RequiredWithOrFlag(ctx, "x5c-cert", "key", "x5c-key") } - if len(x5tCertFile) > 0 { + if x5tCertFile != "" { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "x5t-cert") } if ctx.IsSet("jwk") { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwk") } - if len(jwks) > 0 { + if jwks != "" { return errs.MutuallyExclusiveFlags(ctx, "x5c-cert", "jwks") } isX5C = true } var isX5T bool - if len(x5tCertFile) > 0 { + if x5tCertFile != "" { if x5tKeyFile == "" { return errs.RequiredWithOrFlag(ctx, "x5t-cert", "key", "x5t-key") } - if len(x5cCertFile) > 0 { + if x5cCertFile != "" { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "x5c-cert") } if ctx.IsSet("jwk") { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwk") } - if len(jwks) > 0 { + if jwks != "" { return errs.MutuallyExclusiveFlags(ctx, "x5t-cert", "jwks") } isX5T = true @@ -289,16 +289,16 @@ func signAction(ctx *cli.Context) error { // Add parse options var options []jose.Option options = append(options, jose.WithUse("sig")) - if len(alg) > 0 { + if alg != "" { options = append(options, jose.WithAlg(alg)) } - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } if isSubtle { options = append(options, jose.WithSubtle(true)) } - if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 { + if passwordFile := ctx.String("password-file"); passwordFile != "" { options = append(options, jose.WithPasswordFile(passwordFile)) } diff --git a/command/crypto/jwt/verify.go b/command/crypto/jwt/verify.go index d03673365..60ebc9fa0 100644 --- a/command/crypto/jwt/verify.go +++ b/command/crypto/jwt/verify.go @@ -162,10 +162,10 @@ func verifyAction(ctx *cli.Context) error { // Add parse options var options []jose.Option options = append(options, jose.WithUse("sig")) - if len(alg) > 0 { + if alg != "" { options = append(options, jose.WithAlg(alg)) } - if len(kid) > 0 { + if kid != "" { options = append(options, jose.WithKid(kid)) } if isSubtle { @@ -174,7 +174,7 @@ func verifyAction(ctx *cli.Context) error { if !ctx.Bool("insecure") { options = append(options, jose.WithNoDefaults(true)) } - if passwordFile := ctx.String("password-file"); len(passwordFile) > 0 { + if passwordFile := ctx.String("password-file"); passwordFile != "" { options = append(options, jose.WithPasswordFile(passwordFile)) } diff --git a/command/crypto/key/public.go b/command/crypto/key/public.go index 5f11bd4d7..670956845 100644 --- a/command/crypto/key/public.go +++ b/command/crypto/key/public.go @@ -95,7 +95,7 @@ func publicAction(ctx *cli.Context) error { return err } - if out := ctx.String("out"); len(out) > 0 { + if out := ctx.String("out"); out != "" { if err := utils.WriteFile(out, pem.EncodeToMemory(block), 0600); err != nil { return err } diff --git a/command/crypto/keypair.go b/command/crypto/keypair.go index b74f9b15f..3129e24d7 100644 --- a/command/crypto/keypair.go +++ b/command/crypto/keypair.go @@ -106,7 +106,7 @@ func createAction(ctx *cli.Context) (err error) { insecureMode := ctx.Bool("insecure") noPass := ctx.Bool("no-password") passwordFile := ctx.String("password-file") - if noPass && len(passwordFile) > 0 { + if noPass && passwordFile != "" { return errs.IncompatibleFlag(ctx, "no-password", "password-file") } if noPass && !insecureMode { @@ -115,7 +115,7 @@ func createAction(ctx *cli.Context) (err error) { // Read password if necessary var password string - if len(passwordFile) > 0 { + if passwordFile != "" { password, err = utils.ReadStringPasswordFromFile(passwordFile) if err != nil { return err @@ -124,7 +124,7 @@ func createAction(ctx *cli.Context) (err error) { var pub, priv interface{} fromJWK := ctx.String("from-jwk") - if len(fromJWK) > 0 { + if fromJWK != "" { switch { case ctx.IsSet("kty"): return errs.IncompatibleFlagWithFlag(ctx, "from-jwk", "kty") diff --git a/command/crypto/otp/verify.go b/command/crypto/otp/verify.go index a2d1cb380..df41ef738 100644 --- a/command/crypto/otp/verify.go +++ b/command/crypto/otp/verify.go @@ -104,7 +104,7 @@ func verifyAction(ctx *cli.Context) error { secret = otpKey.Secret() // period query param - if periodStr := q.Get("period"); len(periodStr) > 0 { + if periodStr := q.Get("period"); periodStr != "" { period64, err := strconv.ParseUint(periodStr, 10, 0) if err != nil { return errors.Wrap(err, "error parsing period from url") @@ -112,7 +112,7 @@ func verifyAction(ctx *cli.Context) error { period = uint(period64) } // digits query param - if digitStr := q.Get("digits"); len(digitStr) > 0 { + if digitStr := q.Get("digits"); digitStr != "" { digits64, err := strconv.ParseInt(digitStr, 10, 0) if err != nil { return errors.Wrap(err, "error parsing period from url") @@ -121,7 +121,7 @@ func verifyAction(ctx *cli.Context) error { } // algorithm query param algFromQuery := q.Get("algorithm") - if len(algFromQuery) > 0 { + if algFromQuery != "" { algStr = algFromQuery } } diff --git a/command/fileserver/fileserver.go b/command/fileserver/fileserver.go index dc1406c0a..76f18288c 100644 --- a/command/fileserver/fileserver.go +++ b/command/fileserver/fileserver.go @@ -257,7 +257,7 @@ func (r *tlsRenewer) Reload() error { ClientCAs: clientCAs, ClientAuth: clientAuth, MinVersion: tls.VersionTLS12, - GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) { + GetCertificate: func(_ *tls.ClientHelloInfo) (*tls.Certificate, error) { return &cert, nil }, } diff --git a/command/ssh/certificate.go b/command/ssh/certificate.go index bf28ec7ce..11c0ca642 100644 --- a/command/ssh/certificate.go +++ b/command/ssh/certificate.go @@ -367,7 +367,7 @@ func certificateAction(ctx *cli.Context) error { if err != nil { return errors.Wrap(err, "error parsing ssh public key") } - if len(sshPrivKeyFile) > 0 { + if sshPrivKeyFile != "" { if priv, err = pemutil.Read(sshPrivKeyFile); err != nil { return errors.Wrap(err, "error parsing private key") } diff --git a/go.mod b/go.mod index 07868a4d9..fd9ef6a46 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/pquerna/otp v1.4.0 github.com/slackhq/nebula v1.8.2 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 - github.com/smallstep/certificates v0.26.0-rc2 + github.com/smallstep/certificates v0.26.0 github.com/smallstep/certinfo v1.12.2 github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 github.com/smallstep/truststore v0.13.0 diff --git a/go.sum b/go.sum index a8c7691dd..cb3366399 100644 --- a/go.sum +++ b/go.sum @@ -373,8 +373,8 @@ github.com/slackhq/nebula v1.8.2 h1:9lpJlivzjBPWxs9Y2tQqmJ1cP6hq+3kIodw021t3LrQ= github.com/slackhq/nebula v1.8.2/go.mod h1:SVVwnlGdmLg387U0XQMOSHRrD3VlJeXqd2/x/w/vxPs= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.26.0-rc2 h1:wZnjw1WeJO+2iipkKMI3S57XHYjzGp7ffZFwfQQivuk= -github.com/smallstep/certificates v0.26.0-rc2/go.mod h1:ADVR8NwUP1ulFu+6XcayMshrvPCHrRZvcq/ldYsU4jI= +github.com/smallstep/certificates v0.26.0 h1:Ub4fH80GpisjsOu6XzU7GD3hyMZGybUNU+ygnvaYi2c= +github.com/smallstep/certificates v0.26.0/go.mod h1:bWaopBOh6ZNwmrvEb48q69oSI6xJURY3UuJUjFj9Xzg= github.com/smallstep/certinfo v1.12.2 h1:cuyiPNo86yekliQduAGP/5BDR4JA/8S1UCtDtpKl8fQ= github.com/smallstep/certinfo v1.12.2/go.mod h1:J8E+AF8ZPEaCqG+eM3gAKGGfo7Zb9DSghjf9VG96x/0= github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 h1:kjYvkvS/Wdy0PVRDUAA0gGJIVSEZYhiAJtfwYgOYoGA= diff --git a/internal/kdf/phc.go b/internal/kdf/phc.go index 179ccafee..ab2d4660b 100644 --- a/internal/kdf/phc.go +++ b/internal/kdf/phc.go @@ -41,7 +41,7 @@ func phcParamsToMap(s string) map[string]string { // phcEncode creates a string using the PHC format. func phcEncode(identifier, params string, salt, hash []byte) string { ret := "$" + identifier - if len(params) > 0 { + if params != "" { ret += "$" + params } if len(salt) > 0 { diff --git a/token/parse.go b/token/parse.go index 3da26a211..f3f43ac37 100644 --- a/token/parse.go +++ b/token/parse.go @@ -72,7 +72,7 @@ func (p Payload) Type() Type { return Azure case p.Issuer == "kubernetes/serviceaccount": return K8sSA - case len(p.SHA) > 0 || len(p.SANs) > 0: + case p.SHA != "" || len(p.SANs) > 0: return JWK case len(p.Audience) > 0 && p.Issuer != "" && p.Subject != "" && !p.Expiry.Time().IsZero() && !p.IssuedAt.Time().IsZero(): return OIDC diff --git a/utils/cautils/acmeutils.go b/utils/cautils/acmeutils.go index 51b71eff8..c7e1bc602 100644 --- a/utils/cautils/acmeutils.go +++ b/utils/cautils/acmeutils.go @@ -49,7 +49,7 @@ func startHTTPServer(addr, token, keyAuth string) *http.Server { ReadHeaderTimeout: 15 * time.Second, } - http.HandleFunc(fmt.Sprintf("/.well-known/acme-challenge/%s", token), func(w http.ResponseWriter, r *http.Request) { + http.HandleFunc(fmt.Sprintf("/.well-known/acme-challenge/%s", token), func(w http.ResponseWriter, _ *http.Request) { w.Header().Set("Content-Type", "application/octet-stream") w.Write([]byte(keyAuth)) }) @@ -629,7 +629,7 @@ func newACMEFlow(ctx *cli.Context, ops ...acmeFlowOp) (*acmeFlow, error) { // One of --standalone or --webroot must be selected for use with ACME protocol. isStandalone, webroot := ctx.Bool("standalone"), ctx.String("webroot") switch { - case isStandalone && len(webroot) > 0: + case isStandalone && webroot != "": return nil, errs.MutuallyExclusiveFlags(ctx, "standalone", "webroot") case !isStandalone && webroot == "": if err := ctx.Set("standalone", "true"); err != nil { @@ -674,7 +674,7 @@ func (af *acmeFlow) getClientTruststoreOption(mergeRootCAs bool) (ca.ClientOptio } // 1. Merge local RootCA with system store - if mergeRootCAs && len(root) > 0 { + if mergeRootCAs && root != "" { rootCAs, err := x509.SystemCertPool() if err != nil || rootCAs == nil { rootCAs = x509.NewCertPool() @@ -698,7 +698,7 @@ func (af *acmeFlow) getClientTruststoreOption(mergeRootCAs bool) (ca.ClientOptio } // Use local Root CA only - if len(root) > 0 { + if root != "" { return ca.WithRootFile(root), nil } diff --git a/utils/cautils/certificate_flow.go b/utils/cautils/certificate_flow.go index 81fe2caf0..f3973bf05 100644 --- a/utils/cautils/certificate_flow.go +++ b/utils/cautils/certificate_flow.go @@ -81,7 +81,7 @@ func (f *CertificateFlow) GetClient(ctx *cli.Context, tok string, options ...ca. return nil, errors.Wrap(err, "error parsing flag '--token'") } // Prepare client for bootstrap or provisioning tokens - if len(jwt.Payload.SHA) > 0 && len(jwt.Payload.Audience) > 0 && strings.HasPrefix(strings.ToLower(jwt.Payload.Audience[0]), "http") { + if jwt.Payload.SHA != "" && len(jwt.Payload.Audience) > 0 && strings.HasPrefix(strings.ToLower(jwt.Payload.Audience[0]), "http") { if caURL == "" { caURL = jwt.Payload.Audience[0] } diff --git a/utils/cautils/client.go b/utils/cautils/client.go index 9149d5636..1d2ce4975 100644 --- a/utils/cautils/client.go +++ b/utils/cautils/client.go @@ -115,7 +115,7 @@ func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient, adminCert []*x509.Certificate adminKey interface{} ) - if len(adminCertFile) > 0 || len(adminKeyFile) > 0 { + if adminCertFile != "" || adminKeyFile != "" { if adminCertFile == "" { return nil, errs.RequiredWithFlag(ctx, "admin-key", "admin-cert") } diff --git a/utils/cautils/offline.go b/utils/cautils/offline.go index 1aa750f29..7a62a6472 100644 --- a/utils/cautils/offline.go +++ b/utils/cautils/offline.go @@ -285,7 +285,7 @@ func (c *OfflineCA) Revoke(req *api.RevokeRequest, rt http.RoundTripper) (*api.R ctx = provisioner.NewContextWithMethod(context.Background(), provisioner.RevokeMethod) err error ) - if len(req.OTT) > 0 { + if req.OTT != "" { opts.OTT = req.OTT opts.MTLS = false if _, err = c.authority.Authorize(ctx, opts.OTT); err != nil { diff --git a/utils/cautils/token_generator.go b/utils/cautils/token_generator.go index 465dbcc18..0557de9e8 100644 --- a/utils/cautils/token_generator.go +++ b/utils/cautils/token_generator.go @@ -64,7 +64,7 @@ func (t *TokenGenerator) Token(sub string, opts ...token.Options) (string, error token.WithIssuer(t.iss), token.WithAudience(t.aud), } - if len(t.root) > 0 { + if t.root != "" { tokOptions = append(tokOptions, token.WithRootCA(t.root)) } @@ -396,7 +396,7 @@ func loadJWK(ctx *cli.Context, p *provisioner.JWK, tokAttrs tokenAttrs) (jwk *jo switch { case p != nil: kid = p.Key.KeyID - case len(tokAttrs.kid) > 0: + case tokAttrs.kid != "": kid = tokAttrs.kid default: if kid, err = jose.Thumbprint(jwk); err != nil {