Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix gocritic warnings.

Browse Source
pull/717/head
Mariano Cano 3 years ago
parent 2aee71b4c0
commit a2b03083c8
3 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File

5
kms/azurekms/key_vault.go
Unescape Escape View File

@ -24,7 +24,7 @@ const Scheme = "azurekms"
// keyIDRegexp is the regular expression that Key Vault uses on the kid. We can // keyIDRegexp is the regular expression that Key Vault uses on the kid. We can
// extract the vault, name and version of the key. // extract the vault, name and version of the key.
var keyIDRegexp = regexp.MustCompile("^https://([0-9a-zA-Z-]+).vault.azure.net/keys/([0-9a-zA-Z-]+)/([0-9a-zA-Z-]+)$") var keyIDRegexp = regexp.MustCompile(`^https://([0-9a-zA-Z-]+)\.vault\.azure\.net/keys/([0-9a-zA-Z-]+)/([0-9a-zA-Z-]+)$`)
var ( var (
valueTrue = true valueTrue = true
@ -162,8 +162,7 @@ func New(ctx context.Context, opts apiv1.Options) (*KeyVault, error) {
// GetPublicKey loads a public key from Azure Key Vault by its resource name. // GetPublicKey loads a public key from Azure Key Vault by its resource name.
func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) { func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error) {
switch { if req.Name == "" {
case req.Name == "":
return nil, errors.New("getPublicKeyRequest 'name' cannot be empty") return nil, errors.New("getPublicKeyRequest 'name' cannot be empty")
} }

31
kms/azurekms/signer_test.go
Unescape Escape View File

@ -134,6 +134,7 @@ func TestSigner_Sign(t *testing.T) {
sBytes := s.Bytes() sBytes := s.Bytes()
sBytesPadded := make([]byte, keyBytes) sBytesPadded := make([]byte, keyBytes)
copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
// nolint:gocritic
resultSig = append(rBytesPadded, sBytesPadded...) resultSig = append(rBytesPadded, sBytesPadded...)
var b cryptobyte.Builder var b cryptobyte.Builder
@ -256,61 +257,61 @@ func TestSigner_Sign(t *testing.T) {
wantErr bool wantErr bool
}{ }{
{"ok P-256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{ {"ok P-256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{
rand.Reader, p256Digest[:], crypto.SHA256, rand.Reader, p256Digest, crypto.SHA256,
}, p256Sig, false}, }, p256Sig, false},
{"ok P-384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "my-version", p384}, args{ {"ok P-384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "my-version", p384}, args{
rand.Reader, p384Digest[:], crypto.SHA384, rand.Reader, p384Digest, crypto.SHA384,
}, p384Sig, false}, }, p384Sig, false},
{"ok P-521", fields{client, "https://my-vault.vault.azure.net/", "my-key", "my-version", p521}, args{ {"ok P-521", fields{client, "https://my-vault.vault.azure.net/", "my-key", "my-version", p521}, args{
rand.Reader, p521Digest[:], crypto.SHA512, rand.Reader, p521Digest, crypto.SHA512,
}, p521Sig, false}, }, p521Sig, false},
{"ok RSA SHA256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{ {"ok RSA SHA256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{
rand.Reader, rsaSHA256Digest[:], crypto.SHA256, rand.Reader, rsaSHA256Digest, crypto.SHA256,
}, rsaSHA256Sig, false}, }, rsaSHA256Sig, false},
{"ok RSA SHA384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA384}, args{ {"ok RSA SHA384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA384}, args{
rand.Reader, rsaSHA384Digest[:], crypto.SHA384, rand.Reader, rsaSHA384Digest, crypto.SHA384,
}, rsaSHA384Sig, false}, }, rsaSHA384Sig, false},
{"ok RSA SHA512", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA512}, args{ {"ok RSA SHA512", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA512}, args{
rand.Reader, rsaSHA512Digest[:], crypto.SHA512, rand.Reader, rsaSHA512Digest, crypto.SHA512,
}, rsaSHA512Sig, false}, }, rsaSHA512Sig, false},
{"ok RSA-PSS SHA256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA256}, args{ {"ok RSA-PSS SHA256", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA256}, args{
rand.Reader, rsaPSSSHA256Digest[:], &rsa.PSSOptions{ rand.Reader, rsaPSSSHA256Digest, &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthAuto, SaltLength: rsa.PSSSaltLengthAuto,
Hash: crypto.SHA256, Hash: crypto.SHA256,
}, },
}, rsaPSSSHA256Sig, false}, }, rsaPSSSHA256Sig, false},
{"ok RSA-PSS SHA384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA384}, args{ {"ok RSA-PSS SHA384", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA384}, args{
rand.Reader, rsaPSSSHA384Digest[:], &rsa.PSSOptions{ rand.Reader, rsaPSSSHA384Digest, &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthEqualsHash, SaltLength: rsa.PSSSaltLengthEqualsHash,
Hash: crypto.SHA384, Hash: crypto.SHA384,
}, },
}, rsaPSSSHA384Sig, false}, }, rsaPSSSHA384Sig, false},
{"ok RSA-PSS SHA512", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA512}, args{ {"ok RSA-PSS SHA512", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA512}, args{
rand.Reader, rsaPSSSHA512Digest[:], &rsa.PSSOptions{ rand.Reader, rsaPSSSHA512Digest, &rsa.PSSOptions{
SaltLength: 64, SaltLength: 64,
Hash: crypto.SHA512, Hash: crypto.SHA512,
}, },
}, rsaPSSSHA512Sig, false}, }, rsaPSSSHA512Sig, false},
{"fail Sign", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{ {"fail Sign", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{
rand.Reader, rsaSHA256Digest[:], crypto.SHA256, rand.Reader, rsaSHA256Digest, crypto.SHA256,
}, nil, true}, }, nil, true},
{"fail sign length", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{ {"fail sign length", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{
rand.Reader, p256Digest[:], crypto.SHA256, rand.Reader, p256Digest, crypto.SHA256,
}, nil, true}, }, nil, true},
{"fail base64", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{ {"fail base64", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{
rand.Reader, p256Digest[:], crypto.SHA256, rand.Reader, p256Digest, crypto.SHA256,
}, nil, true}, }, nil, true},
{"fail RSA-PSS salt length", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA256}, args{ {"fail RSA-PSS salt length", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaPSSSHA256}, args{
rand.Reader, rsaPSSSHA256Digest[:], &rsa.PSSOptions{ rand.Reader, rsaPSSSHA256Digest, &rsa.PSSOptions{
SaltLength: 64, SaltLength: 64,
Hash: crypto.SHA256, Hash: crypto.SHA256,
}, },
}, nil, true}, }, nil, true},
{"fail RSA Hash", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{ {"fail RSA Hash", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", rsaSHA256}, args{
rand.Reader, rsaSHA256Digest[:], crypto.SHA1, rand.Reader, rsaSHA256Digest, crypto.SHA1,
}, nil, true}, }, nil, true},
{"fail ECDSA Hash", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{ {"fail ECDSA Hash", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", p256}, args{
rand.Reader, p256Digest[:], crypto.MD5, rand.Reader, p256Digest, crypto.MD5,
}, nil, true}, }, nil, true},
{"fail Ed25519", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", ed25519Key}, args{ {"fail Ed25519", fields{client, "https://my-vault.vault.azure.net/", "my-key", "", ed25519Key}, args{
rand.Reader, []byte("message"), crypto.Hash(0), rand.Reader, []byte("message"), crypto.Hash(0),

2
pki/pki.go
Unescape Escape View File

@ -792,7 +792,7 @@ func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error) {
// Enable KMS if necessary // Enable KMS if necessary
if p.Kms != nil { if p.Kms != nil {
config.KMS = &kmsapi.Options{ cfg.KMS = &kmsapi.Options{
Type: strings.ToLower(p.Kms.Type.String()), Type: strings.ToLower(p.Kms.Type.String()),
} }
} }

Write Preview
Loading…
Cancel
Save