linting

ca/ca.go

@@ -9,6 +9,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/asn1"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"log"
 	"math"
@@ -110,8 +111,8 @@ func (ca *CAImpl) makeRootCert(
 	subjectKey crypto.Signer,
 	subject pkix.Name,
 	subjectKeyID []byte,
-	signer *issuer) (*core.Certificate, error) {
-
+	signer *issuer,
+) (*core.Certificate, error) {
 	serial := makeSerial()
 	template := &x509.Certificate{
 		Subject:      subject,
@@ -187,7 +188,7 @@ func (ca *CAImpl) newRootIssuer(name string) (*issuer, error) {
 
 func (ca *CAImpl) newIntermediateIssuer(root *issuer, intermediateKey crypto.Signer, subject pkix.Name, subjectKeyID []byte) (*issuer, error) {
 	if root == nil {
-		return nil, fmt.Errorf("Internal error: root must not be nil")
+		return nil, errors.New("internal error: root must not be nil")
 	}
 	// Make an intermediate certificate with the root issuer
 	ic, err := ca.makeRootCert(intermediateKey, subject, subjectKeyID, root)
@@ -253,12 +254,12 @@ func (ca *CAImpl) newChain(intermediateKey crypto.Signer, intermediateSubject pk
 
 func (ca *CAImpl) newCertificate(domains []string, ips []net.IP, key crypto.PublicKey, accountID, notBefore, notAfter string) (*core.Certificate, error) {
 	if len(domains) == 0 && len(ips) == 0 {
-		return nil, fmt.Errorf("must specify at least one domain name or IP address")
+		return nil, errors.New("must specify at least one domain name or IP address")
 	}
 
 	defaultChain := ca.chains[0].intermediates
 	if len(defaultChain) == 0 || defaultChain[0].cert == nil {
-		return nil, fmt.Errorf("cannot sign certificate - nil issuer")
+		return nil, errors.New("cannot sign certificate - nil issuer")
 	}
 	issuer := defaultChain[0]
 
@@ -443,7 +444,7 @@ func (ca *CAImpl) GetRootKey(no int) *rsa.PrivateKey {
 	return nil
 }
 
-// GetIntermediateCert returns the first (closest the the leaf) issuer certificate
+// GetIntermediateCert returns the first (closest the leaf) issuer certificate
 // in the chain identified by `no`.
 func (ca *CAImpl) GetIntermediateCert(no int) *core.Certificate {
 	chain := ca.getChain(no)

cmd/pebble-challtestsrv/history.go

@@ -103,7 +103,8 @@ func requestHost(r *http.Request) (string, error) {
 // writeHistory writes the provided list of challtestsrv.RequestEvents to the
 // provided http.ResponseWriter in JSON form.
 func (srv *managementServer) writeHistory(
-	history []challtestsrv.RequestEvent, w http.ResponseWriter) {
+	history []challtestsrv.RequestEvent, w http.ResponseWriter,
+) {
 	// Always write an empty JSON list instead of `null`
 	if history == nil {
 		history = []challtestsrv.RequestEvent{}

cmd/pebble-challtestsrv/httpone.go

@@ -7,7 +7,9 @@ import "net/http"
 //
 // The POST body is expected to have two non-empty parameters:
 // "token" - the HTTP-01 challenge token to add the mock HTTP-01 response under
-//           in the `/.well-known/acme-challenge/` path.
+//
+//	in the `/.well-known/acme-challenge/` path.
+//
 // "content" - the key authorization value to return in the HTTP response.
 //
 // A successful POST will write http.StatusOK to the client.
@@ -40,7 +42,8 @@ func (srv *managementServer) addHTTP01(w http.ResponseWriter, r *http.Request) {
 //
 // The POST body is expected to have one non-empty parameter:
 // "token" - the HTTP-01 challenge token to remove the mock HTTP-01 response
-//           from.
+//
+//	from.
 //
 // A successful POST will write http.StatusOK to the client.
 func (srv *managementServer) delHTTP01(w http.ResponseWriter, r *http.Request) {
@@ -70,9 +73,12 @@ func (srv *managementServer) delHTTP01(w http.ResponseWriter, r *http.Request) {
 //
 // The POST body is expected to have two non-empty parameters:
 // "path" - the path that when matched in an HTTP request will return the
-//          redirect.
+//
+//	redirect.
+//
 // "targetURL" - the URL that the client will be redirected to when making HTTP
-//          requests for the redirected path.
+//
+//	requests for the redirected path.
 //
 // A successful POST will write http.StatusOK to the client.
 func (srv *managementServer) addHTTPRedirect(w http.ResponseWriter, r *http.Request) {

cmd/pebble-challtestsrv/mockdns.go

@@ -14,7 +14,8 @@ import (
 //
 // The POST body is expected to have one parameter:
 // "ip" - the string representation of an IPv4 address to use for all A queries
-//        that do not match more specific mocks.
+//
+//	that do not match more specific mocks.
 //
 // Providing an empty string as the IP value will disable the default
 // A responses.
@@ -30,7 +31,7 @@ func (srv *managementServer) setDefaultDNSIPv4(w http.ResponseWriter, r *http.Re
 	}
 
 	// Set the challenge server's default IPv4 address - we allow request.IP to be
-	// the empty string so that the default can be be cleared using the same
+	// the empty string so that the default can be cleared using the same
 	// method.
 	srv.challSrv.SetDefaultDNSIPv4(request.IP)
 	srv.log.Printf("Set default IPv4 address for DNS A queries to %q\n", request.IP)
@@ -43,7 +44,8 @@ func (srv *managementServer) setDefaultDNSIPv4(w http.ResponseWriter, r *http.Re
 //
 // The POST body is expected to have one parameter:
 // "ip" - the string representation of an IPv6 address to use for all AAAA
-//        queries that do not match more specific mocks.
+//
+//	queries that do not match more specific mocks.
 //
 // Providing an empty string as the IP value will disable the default
 // A responses.
@@ -59,7 +61,7 @@ func (srv *managementServer) setDefaultDNSIPv6(w http.ResponseWriter, r *http.Re
 	}
 
 	// Set the challenge server's default IPv6 address - we allow request.IP to be
-	// the empty string so that the default can be be cleared using the same
+	// the empty string so that the default can be cleared using the same
 	// method.
 	srv.challSrv.SetDefaultDNSIPv6(request.IP)
 	srv.log.Printf("Set default IPv6 address for DNS AAAA queries to %q\n", request.IP)

cmd/pebble/main.go

@@ -30,7 +30,7 @@ type config struct {
 		DomainBlocklist []string
 
 		CertificateValidityPeriod uint64
-		RetryAfter struct {
+		RetryAfter                struct {
 			Authz int
 			Order int
 		}

core/types.go

@@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"sync"
 	"time"
@@ -80,8 +81,8 @@ func (o *Order) GetStatus() (string, error) {
 	// early. Somehow we made it this far but also don't have the correct number
 	// of valid authzs.
 	if !fullyAuthorized {
-		return "", fmt.Errorf(
-			"Order has the incorrect number of valid authorizations & no pending, " +
+		return "", errors.New(
+			"order has the incorrect number of valid authorizations & no pending, " +
 				"deactivated or invalid authorizations")
 	}
 
@@ -104,7 +105,7 @@ func (o *Order) GetStatus() (string, error) {
 	}
 
 	// If none of the above cases match something weird & unexpected has happened.
-	return "", fmt.Errorf("Order is in an unknown state")
+	return "", errors.New("order is in an unknown state")
 }
 
 type Account struct {

db/memorystore.go

@@ -117,7 +117,7 @@ func (m *MemoryStore) AddAccount(acct *core.Account) (int, error) {
 	defer m.Unlock()
 
 	if acct.Key == nil {
-		return 0, fmt.Errorf("account must not have a nil Key")
+		return 0, errors.New("account must not have a nil Key")
 	}
 
 	keyID, err := keyToID(acct.Key)
@@ -134,7 +134,7 @@ func (m *MemoryStore) AddAccount(acct *core.Account) (int, error) {
 	}
 
 	if _, present := m.accountsByKeyID[keyID]; present {
-		return 0, fmt.Errorf("account with key already exists")
+		return 0, errors.New("account with key already exists")
 	}
 
 	acct.ID = acctID
@@ -177,7 +177,7 @@ func (m *MemoryStore) AddOrder(order *core.Order) (int, error) {
 	accountID := order.AccountID
 	order.RUnlock()
 	if len(orderID) == 0 {
-		return 0, fmt.Errorf("order must have a non-empty ID to add to MemoryStore")
+		return 0, errors.New("order must have a non-empty ID to add to MemoryStore")
 	}
 
 	if _, present := m.ordersByID[orderID]; present {
@@ -238,7 +238,7 @@ func (m *MemoryStore) AddAuthorization(authz *core.Authorization) (int, error) {
 	authz.RLock()
 	authzID := authz.ID
 	if len(authzID) == 0 {
-		return 0, fmt.Errorf("authz must have a non-empty ID to add to MemoryStore")
+		return 0, errors.New("authz must have a non-empty ID to add to MemoryStore")
 	}
 	authz.RUnlock()
 
@@ -285,7 +285,7 @@ func (m *MemoryStore) AddChallenge(chal *core.Challenge) (int, error) {
 	chalID := chal.ID
 	chal.RUnlock()
 	if len(chalID) == 0 {
-		return 0, fmt.Errorf("challenge must have a non-empty ID to add to MemoryStore")
+		return 0, errors.New("challenge must have a non-empty ID to add to MemoryStore")
 	}
 
 	if _, present := m.challengesByID[chalID]; present {
@@ -308,7 +308,7 @@ func (m *MemoryStore) AddCertificate(cert *core.Certificate) (int, error) {
 
 	certID := cert.ID
 	if len(certID) == 0 {
-		return 0, fmt.Errorf("cert must have a non-empty ID to add to MemoryStore")
+		return 0, errors.New("cert must have a non-empty ID to add to MemoryStore")
 	}
 
 	if _, present := m.certificatesByID[certID]; present {
@@ -372,7 +372,7 @@ func keyToID(key crypto.PublicKey) (string, error) {
 	switch t := key.(type) {
 	case *jose.JSONWebKey:
 		if t == nil {
-			return "", fmt.Errorf("Cannot compute ID of nil key")
+			return "", errors.New("cannot compute ID of nil key")
 		}
 		return keyToID(t.Key)
 	case jose.JSONWebKey:
@@ -426,7 +426,7 @@ func (m *MemoryStore) AddExternalAccountKeyByID(keyID, key string) error {
 
 	keyDecoded, err := base64.RawURLEncoding.DecodeString(key)
 	if err != nil {
-		return fmt.Errorf("failed to decode base64 URL encoded key %q: %s", key, err)
+		return fmt.Errorf("failed to decode base64 URL encoded key %q: %w", key, err)
 	}
 
 	m.Lock()

va/va.go

@@ -110,7 +110,8 @@ type VAImpl struct {
 func New(
 	log *log.Logger,
 	httpPort, tlsPort int,
-	strict bool, customResolverAddr string) *VAImpl {
+	strict bool, customResolverAddr string,
+) *VAImpl {
 	va := &VAImpl{
 		log:                log,
 		httpPort:           httpPort,
@@ -215,7 +216,8 @@ func (va VAImpl) setOrderError(order *core.Order, err *acme.ProblemDetails) {
 func (va VAImpl) setAuthzInvalid(
 	authz *core.Authorization,
 	chal *core.Challenge,
-	err *acme.ProblemDetails) {
+	err *acme.ProblemDetails,
+) {
 	authz.Lock()
 	defer authz.Unlock()
 	// Update the authz status
@@ -268,9 +270,9 @@ func (va VAImpl) process(task *vaTask) {
 func (va VAImpl) performValidation(task *vaTask, results chan<- *core.ValidationRecord) {
 	if va.sleep {
 		// Sleep for a random amount of time between 0 and va.sleepTime seconds
-		len := time.Duration(rand.Intn(va.sleepTime))
-		va.log.Printf("Sleeping for %s seconds before validating", time.Second*len)
-		time.Sleep(time.Second * len)
+		length := time.Duration(rand.Intn(va.sleepTime)) * time.Second
+		va.log.Printf("Sleeping for %s seconds before validating", length)
+		time.Sleep(length)
 	}
 
 	// If `alwaysValid` is true then return a validation record immediately
@@ -318,7 +320,7 @@ func (va VAImpl) validateDNS01(task *vaTask) *core.ValidationRecord {
 	}
 
 	if len(txts) == 0 {
-		msg := fmt.Sprintf("No TXT records found for DNS challenge")
+		msg := "No TXT records found for DNS challenge"
 		result.Error = acme.UnauthorizedProblem(msg)
 		return result
 	}
@@ -335,7 +337,7 @@ func (va VAImpl) validateDNS01(task *vaTask) *core.ValidationRecord {
 		}
 	}
 
-	msg := fmt.Sprintf("Correct value not found for DNS challenge")
+	msg := "Correct value not found for DNS challenge"
 	result.Error = acme.UnauthorizedProblem(msg)
 	return result
 }
@@ -356,7 +358,6 @@ func (va VAImpl) validateTLSALPN01(task *vaTask) *core.ValidationRecord {
 	}
 
 	addrs, err := va.resolveIP(task.Identifier.Value)
-
 	if err != nil {
 		result.Error = acme.MalformedProblem(
 			fmt.Sprintf("Error occurred while resolving URL %q: %q", task.Identifier.Value, err))
@@ -451,7 +452,6 @@ func (va VAImpl) validateTLSALPN01(task *vaTask) *core.ValidationRecord {
 
 func (va VAImpl) fetchConnectionState(hostPort string, config *tls.Config) (*tls.ConnectionState, *acme.ProblemDetails) {
 	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: validationTimeout}, "tcp", hostPort, config)
-
 	if err != nil {
 		// TODO(@cpu): Return better err - see parseHTTPConnError from boulder
 		return nil, acme.UnauthorizedProblem(
@@ -505,7 +505,7 @@ func (va VAImpl) fetchHTTP(identifier string, token string) ([]byte, string, *ac
 	}
 
 	va.log.Printf("Attempting to validate w/ HTTP: %s\n", url)
-	httpRequest, err := http.NewRequest("GET", url.String(), nil)
+	httpRequest, err := http.NewRequest(http.MethodGet, url.String(), nil)
 	if err != nil {
 		return nil, url.String(), acme.MalformedProblem(
 			fmt.Sprintf("Invalid URL %q\n", url.String()))
@@ -535,7 +535,7 @@ func (va VAImpl) fetchHTTP(identifier string, token string) ([]byte, string, *ac
 			// Control specifically which IP will be used for this request
 			addrs, err := va.resolveIP(host)
 			if err != nil {
-				return nil, fmt.Errorf("error occurred while resolving URL %q: %q", url.String(), err)
+				return nil, fmt.Errorf("error occurred while resolving URL %q: %w", url.String(), err)
 			}
 			if len(addrs) == 0 {
 				return nil, fmt.Errorf("could not resolve URL %q", url.String())
@@ -567,7 +567,7 @@ func (va VAImpl) fetchHTTP(identifier string, token string) ([]byte, string, *ac
 		return nil, url.String(), acme.InternalErrorProblem(err.Error())
 	}
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return nil, url.String(), acme.UnauthorizedProblem(
 			fmt.Sprintf("Non-200 status code from HTTP: %s returned %d",
 				url.String(), resp.StatusCode))
@@ -590,7 +590,6 @@ func (va VAImpl) getTXTEntry(name string) ([]string, error) {
 	message := new(dns.Msg)
 	message.SetQuestion(dns.Fqdn(name), dns.TypeTXT)
 	in, _, err := va.dnsClient.ExchangeContext(ctx, message, va.customResolverAddr)
-
 	if err != nil {
 		return nil, err
 	}
@@ -629,7 +628,6 @@ func (va VAImpl) resolveIP(name string) ([]string, error) {
 	messageAAAA := new(dns.Msg)
 	messageAAAA.SetQuestion(dns.Fqdn(name), dns.TypeAAAA)
 	inAAAA, _, err := va.dnsClient.ExchangeContext(ctx, messageAAAA, va.customResolverAddr)
-
 	if err != nil {
 		return nil, err
 	}
@@ -643,7 +641,6 @@ func (va VAImpl) resolveIP(name string) ([]string, error) {
 	messageA := new(dns.Msg)
 	messageA.SetQuestion(dns.Fqdn(name), dns.TypeA)
 	inA, _, err := va.dnsClient.ExchangeContext(ctx, messageA, va.customResolverAddr)
-
 	if err != nil {
 		return nil, err
 	}

va/va_test.go

@@ -11,7 +11,7 @@ import (
 	"github.com/letsencrypt/pebble/v2/db"
 )
 
-func TestAuthzRace(t *testing.T) {
+func TestAuthzRace(_ *testing.T) {
 	// Exercises a specific (fixed) race condition:
 	// WARNING: DATA RACE
 	// Read at 0x00c00040cde8 by goroutine 55:

wfe/jose.go

@@ -7,6 +7,7 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
+	"errors"
 	"fmt"
 
 	"github.com/letsencrypt/pebble/v2/acme"
@@ -61,7 +62,7 @@ func keyDigest(key crypto.PublicKey) (string, error) {
 	switch t := key.(type) {
 	case *jose.JSONWebKey:
 		if t == nil {
-			return "", fmt.Errorf("Cannot compute digest of nil key")
+			return "", errors.New("cannot compute digest of nil key")
 		}
 		return keyDigest(t.Key)
 	case jose.JSONWebKey: