fix: Fix go lint violations (#98)

googleapis · Sep 21, 2023 · 8122ff2 · 8122ff2
1 parent de52690
commit 8122ff2
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 38 deletions.
diff --git a/darwin/client_test.go b/darwin/client_test.go
@@ -20,10 +20,10 @@ import (
 	"testing"
 )
 
-const TEST_CREDENTIALS = "TestIssuer"
+const testIssuer = "TestIssuer"
 
 func TestClientEncrypt(t *testing.T) {
-	secureKey, err := NewSecureKey(TEST_CREDENTIALS)
+	secureKey, err := NewSecureKey(testIssuer)
 	if err != nil {
 		t.Errorf("Cred: got %v, want nil err", err)
 		return
@@ -37,14 +37,14 @@ func TestClientEncrypt(t *testing.T) {
 }
 
 func TestClientDecrypt(t *testing.T) {
-	secureKey, err :=  NewSecureKey(TEST_CREDENTIALS)
+	secureKey, err := NewSecureKey(testIssuer)
 	if err != nil {
 		t.Errorf("Cred: got %v, want nil err", err)
 		return
 	}
 	byteSlice := []byte("Plain text to encrypt")
 	ciphertext, _ := secureKey.Encrypt(nil, byteSlice, crypto.SHA256)
-	plaintext, err := secureKey.Decrypt(nil, ciphertext, &rsa.OAEPOptions{Hash:crypto.SHA256})
+	plaintext, err := secureKey.Decrypt(nil, ciphertext, &rsa.OAEPOptions{Hash: crypto.SHA256})
 	if err != nil {
 		t.Errorf("Client API decryption: got %v, want nil err", err)
 		return

diff --git a/internal/signer/darwin/keychain/keychain.go b/internal/signer/darwin/keychain/keychain.go
@@ -69,8 +69,8 @@ var (
 	}
 )
 
-const UNKNOWN_SECKEY_ALGORITHM = C.CFStringRef(0)
-const INVALID_KEY = C.SecKeyRef(0)
+const unknownSecKeyAlgorithm = C.CFStringRef(0)
+const invalidKey = C.SecKeyRef(0)
 
 // cfStringToString returns a Go string given a CFString.
 func cfStringToString(cfStr C.CFStringRef) string {
@@ -420,7 +420,7 @@ func identityToPublicSecKeyRef(ident C.SecIdentityRef) (C.SecKeyRef, error) {
 
 	key = C.SecCertificateCopyKey(certRef)
 
-	if key == INVALID_KEY {
+	if key == invalidKey {
 		return 0, fmt.Errorf("public key was NULL. Key might have an encoding issue or use an unsupported algorithm")
 	}
 	return key, nil
@@ -443,10 +443,6 @@ func certIn(xc *x509.Certificate, xcs []*x509.Certificate) bool {
 	}
 	return false
 }
-func (k *Key) WithHash(hash crypto.Hash) *Key {
-	k.hash = hash
-	return k
-}
 
 func (k *Key) getPaddingSize() int {
 	algorithms, algoErr := k.getEncryptAlgorithm()
@@ -471,7 +467,7 @@ func (k *Key) getPaddingSize() int {
 		C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512:
 		return pkcsPaddingBytes
 	default:
-		return int(UNKNOWN_SECKEY_ALGORITHM)
+		return int(unknownSecKeyAlgorithm)
 	}
 }
 
@@ -495,10 +491,10 @@ func (k *Key) getRSAEncryptAlgorithm() (C.SecKeyAlgorithm, error) {
 		} else if C.SecKeyIsAlgorithmSupported(k.publicKeyRef, C.kSecKeyOperationTypeEncrypt, C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256) == 1 {
 			algorithms = rsaPKCS1v15Algorithms
 		} else {
-			return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub)
+			return unknownSecKeyAlgorithm, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub)
 		}
 	default:
-		return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub)
+		return unknownSecKeyAlgorithm, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub)
 	}
 	return algorithms[k.hash], nil
 }
@@ -521,10 +517,10 @@ func (k *Key) getRSADecryptAlgorithm() (C.SecKeyAlgorithm, error) {
 		} else if C.SecKeyIsAlgorithmSupported(k.publicKeyRef, C.kSecKeyOperationTypeDecrypt, C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256) == 1 {
 			algorithms = rsaPKCS1v15Algorithms
 		} else {
-			return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub)
+			return unknownSecKeyAlgorithm, fmt.Errorf("unknown RSA argument. Only supports PSS, OAEP, and PKCS1v1.5 %T", pub)
 		}
 	default:
-		return UNKNOWN_SECKEY_ALGORITHM, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub)
+		return unknownSecKeyAlgorithm, fmt.Errorf("algorithm is unsupported. only RSA algorithms are supported. %T", pub)
 	}
 	return algorithms[k.hash], nil
 }

diff --git a/internal/signer/darwin/keychain/keychain_test.go b/internal/signer/darwin/keychain/keychain_test.go
@@ -24,7 +24,7 @@ import (
 	"unsafe"
 )
 
-const TEST_CREDENTIALS = "TestIssuer"
+const testIssuer = "TestIssuer"
 
 func TestKeychainError(t *testing.T) {
 	tests := []struct {
@@ -52,7 +52,7 @@ func TestBytesToCFDataRoundTrip(t *testing.T) {
 }
 
 func TestEncrypt(t *testing.T) {
-	key, err := Cred(TEST_CREDENTIALS)
+	key, err := Cred(testIssuer)
 	if err != nil {
 		t.Errorf("Cred: got %v, want nil err", err)
 		return
@@ -66,7 +66,7 @@ func TestEncrypt(t *testing.T) {
 }
 
 func BenchmarkEncrypt(b *testing.B) {
-	key, err := Cred(TEST_CREDENTIALS)
+	key, err := Cred(testIssuer)
 	if err != nil {
 		b.Errorf("Cred: got %v, want nil err", err)
 		return
@@ -81,7 +81,7 @@ func BenchmarkEncrypt(b *testing.B) {
 }
 
 func TestDecrypt(t *testing.T) {
-	key, err := Cred(TEST_CREDENTIALS)
+	key, err := Cred(testIssuer)
 	if err != nil {
 		t.Errorf("Cred: got %v, want nil err", err)
 		return
@@ -99,7 +99,7 @@ func TestDecrypt(t *testing.T) {
 }
 
 func BenchmarkDecrypt(b *testing.B) {
-	key, err := Cred(TEST_CREDENTIALS)
+	key, err := Cred(testIssuer)
 	if err != nil {
 		b.Errorf("Cred: got %v, want nil err", err)
 		return

diff --git a/internal/signer/linux/pkcs11/pkcs11.go b/internal/signer/linux/pkcs11/pkcs11.go
@@ -216,11 +216,6 @@ func (k *Key) decryptRSAWithPKCS11(encryptedData []byte) ([]byte, error) {
 	return k.decrypter.Decrypt(nil, encryptedData, opts)
 }
 
-func (k *Key) WithHash(hash crypto.Hash) *Key {
-	k.hash = hash
-	return k
-}
-
 func cryptoHashToHash(hash crypto.Hash) (hash.Hash, error) {
 	switch hash {
 	case crypto.SHA256:

diff --git a/internal/signer/linux/signer.go b/internal/signer/linux/signer.go
@@ -138,7 +138,6 @@ func main() {
 	if err != nil {
 		log.Fatalf("Failed to initialize enterprise cert signer using pkcs11: %v", err)
 	}
-	enterpriseCertSigner.key = enterpriseCertSigner.key.WithHash(crypto.SHA1)
 
 	if err := rpc.Register(enterpriseCertSigner); err != nil {
 		log.Fatalf("Failed to register enterprise cert signer with net/rpc: %v", err)

diff --git a/internal/signer/test/signer.go b/internal/signer/test/signer.go
@@ -17,35 +17,27 @@ package main
 
 import (
 	"crypto"
-	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/gob"
 	"io"
 	"log"
 	"net/rpc"
 	"os"
 	"time"
 )
 
-func init() {
-	gob.Register(crypto.SHA256)
-	gob.Register(crypto.SHA384)
-	gob.Register(crypto.SHA512)
-	gob.Register(&rsa.PSSOptions{})
-	gob.Register(&rsa.OAEPOptions{})
-}
-
 // SignArgs encapsulate the parameters for the Sign method.
 type SignArgs struct {
 	Digest []byte
 	Opts   crypto.SignerOpts
 }
 
+// EncryptArgs encapsulate the parameters for the Encrypt method.
 type EncryptArgs struct {
 	Plaintext []byte
 }
 
+// DecryptArgs encapsulate the parameters for the Decrypt method.
 type DecryptArgs struct {
 	Ciphertext []byte
 }
@@ -91,17 +83,19 @@ func (k *EnterpriseCertSigner) Public(ignored struct{}, publicKey *[]byte) (err
 	return err
 }
 
-// Sign signs a message digest.
+// Sign signs a message digest. For testing, we return the input as-is.
 func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
 	*resp = args.Digest
 	return nil
 }
 
+// Encrypt encrypts a plaintext msg. For testing, we return the input as-is.
 func (k *EnterpriseCertSigner) Encrypt(args EncryptArgs, plaintext *[]byte) (err error) {
 	*plaintext = args.Plaintext
 	return nil
 }
 
+// Decrypt decrypts a ciphertext msg. For testing, we return the input as-is.
 func (k *EnterpriseCertSigner) Decrypt(args DecryptArgs, ciphertext *[]byte) (err error) {
 	*ciphertext = args.Ciphertext
 	return nil