diff --git a/.golangci.yml b/.golangci.yml index cd1bbcf29..d0904f7b0 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,13 +4,27 @@ linters: - errcheck - gofmt - gosec + - gosimple - govet - ineffassign - misspell - staticcheck + - stylecheck + - unused linters-settings: errcheck: ignore: fmt:[FS]?[Pp]rint*,io:Write,os:Remove,net/http:Write,github.com/miekg/dns:WriteMsg,net:Write,encoding/binary:Write + gosimple: + # S1029: Range over the string directly + checks: ["all", "-S1029"] + staticcheck: + # SA1019: Using a deprecated function, variable, constant or field + # SA6003: Converting a string to a slice of runes before ranging over it + checks: ["all", "-SA1019", "-SA6003"] + stylecheck: + # ST1003: Poorly chosen identifier + # ST1005: Incorrectly formatted error string + checks: ["all", "-ST1003", "-ST1005"] issues: exclude-rules: - linters: @@ -29,6 +43,3 @@ issues: # G501: Blacklisted import `crypto/md5`: weak cryptographic primitive # G505: Blacklisted import `crypto/sha1`: weak cryptographic primitive text: "G(101|102|107|201|202|306|401|402|403|404|501|505)" - - linters: - - staticcheck - text: "(SA1019|ST1005|ST1013|SA6003|SA5011|S1029|SA2002):" diff --git a/akamai/cache-client.go b/akamai/cache-client.go index f03eb03c0..61e1bf487 100644 --- a/akamai/cache-client.go +++ b/akamai/cache-client.go @@ -96,9 +96,7 @@ func NewCachePurgeClient( }, []string{"type"}) stats.MustRegister(purges) - if strings.HasSuffix(endpoint, "/") { - endpoint = endpoint[:len(endpoint)-1] - } + endpoint = strings.TrimSuffix(endpoint, "/") apiURL, err := url.Parse(endpoint) if err != nil { return nil, err diff --git a/ca/ocsp.go b/ca/ocsp.go index bb32b2272..6522d68d7 100644 --- a/ca/ocsp.go +++ b/ca/ocsp.go @@ -206,7 +206,7 @@ func newOCSPLogQueue( wg: sync.WaitGroup{}, depth: depth, logger: logger, - clk: clock.Default(), + clk: clock.New(), } olq.wg.Add(1) return &olq diff --git a/canceled/canceled.go b/canceled/canceled.go index 963aea4a8..405cacd3e 100644 --- a/canceled/canceled.go +++ b/canceled/canceled.go @@ -3,8 +3,8 @@ package canceled import ( "context" - "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) // Is returns true if err is non-nil and is either context.Canceled, or has a @@ -12,5 +12,5 @@ import ( // gRPC boundaries, and if we choose to treat in-process cancellations a certain // way, we usually want to treat cross-process cancellations the same way. func Is(err error) bool { - return err == context.Canceled || grpc.Code(err) == codes.Canceled + return err == context.Canceled || status.Code(err) == codes.Canceled } diff --git a/canceled/canceled_test.go b/canceled/canceled_test.go index 62de8ed35..251072d8e 100644 --- a/canceled/canceled_test.go +++ b/canceled/canceled_test.go @@ -5,15 +5,15 @@ import ( "errors" "testing" - "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) func TestCanceled(t *testing.T) { if !Is(context.Canceled) { t.Errorf("Expected context.Canceled to be canceled, but wasn't.") } - if !Is(grpc.Errorf(codes.Canceled, "hi")) { + if !Is(status.Errorf(codes.Canceled, "hi")) { t.Errorf("Expected gRPC cancellation to be cancelled, but wasn't.") } if Is(errors.New("hi")) { diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go index 05854989c..edcb8c589 100644 --- a/cmd/boulder-wfe2/main.go +++ b/cmd/boulder-wfe2/main.go @@ -18,7 +18,6 @@ import ( "github.com/letsencrypt/boulder/cmd" "github.com/letsencrypt/boulder/features" "github.com/letsencrypt/boulder/goodkey" - "github.com/letsencrypt/boulder/grpc" bgrpc "github.com/letsencrypt/boulder/grpc" "github.com/letsencrypt/boulder/issuance" blog "github.com/letsencrypt/boulder/log" @@ -286,23 +285,23 @@ func setupWFE(c Config, logger blog.Logger, stats prometheus.Registerer, clk clo tlsConfig, err := c.WFE.TLS.Load() cmd.FailOnError(err, "TLS config") clientMetrics := bgrpc.NewClientMetrics(stats) - raConn, err := bgrpc.ClientSetup(c.WFE.RAService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor) + raConn, err := bgrpc.ClientSetup(c.WFE.RAService, tlsConfig, clientMetrics, clk, bgrpc.CancelTo408Interceptor) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac := rapb.NewRegistrationAuthorityClient(raConn) - saConn, err := bgrpc.ClientSetup(c.WFE.SAService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor) + saConn, err := bgrpc.ClientSetup(c.WFE.SAService, tlsConfig, clientMetrics, clk, bgrpc.CancelTo408Interceptor) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(saConn) var rns noncepb.NonceServiceClient npm := map[string]noncepb.NonceServiceClient{} if c.WFE.GetNonceService != nil { - rnsConn, err := bgrpc.ClientSetup(c.WFE.GetNonceService, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor) + rnsConn, err := bgrpc.ClientSetup(c.WFE.GetNonceService, tlsConfig, clientMetrics, clk, bgrpc.CancelTo408Interceptor) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to get nonce service") rns = noncepb.NewNonceServiceClient(rnsConn) for prefix, serviceConfig := range c.WFE.RedeemNonceServices { serviceConfig := serviceConfig - conn, err := bgrpc.ClientSetup(&serviceConfig, tlsConfig, clientMetrics, clk, grpc.CancelTo408Interceptor) + conn, err := bgrpc.ClientSetup(&serviceConfig, tlsConfig, clientMetrics, clk, bgrpc.CancelTo408Interceptor) cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to redeem nonce service") npm[prefix] = noncepb.NewNonceServiceClient(conn) } diff --git a/cmd/contact-auditor/main_test.go b/cmd/contact-auditor/main_test.go index 5d5763e7a..c3eaaf33d 100644 --- a/cmd/contact-auditor/main_test.go +++ b/cmd/contact-auditor/main_test.go @@ -130,7 +130,7 @@ type testCtx struct { cleanUp func() } -func (c testCtx) addRegistrations(t *testing.T) { +func (tc testCtx) addRegistrations(t *testing.T) { emailA := "mailto:" + emailARaw emailB := "mailto:" + emailBRaw emailC := "mailto:" + emailCRaw @@ -189,17 +189,17 @@ func (c testCtx) addRegistrations(t *testing.T) { // Add the four test registrations ctx := context.Background() - regA, err = c.ssa.NewRegistration(ctx, regA) + regA, err = tc.ssa.NewRegistration(ctx, regA) test.AssertNotError(t, err, "Couldn't store regA") - regB, err = c.ssa.NewRegistration(ctx, regB) + regB, err = tc.ssa.NewRegistration(ctx, regB) test.AssertNotError(t, err, "Couldn't store regB") - regC, err = c.ssa.NewRegistration(ctx, regC) + regC, err = tc.ssa.NewRegistration(ctx, regC) test.AssertNotError(t, err, "Couldn't store regC") - regD, err = c.ssa.NewRegistration(ctx, regD) + regD, err = tc.ssa.NewRegistration(ctx, regD) test.AssertNotError(t, err, "Couldn't store regD") } -func (ctx testCtx) addCertificates(t *testing.T) { +func (tc testCtx) addCertificates(t *testing.T) { serial1 := big.NewInt(1336) serial1String := core.SerialToString(serial1) serial2 := big.NewInt(1337) @@ -238,9 +238,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertA.NotAfter, DER: certDerA, } - err := ctx.dbMap.Insert(certA) + err := tc.dbMap.Insert(certA) test.AssertNotError(t, err, "Couldn't add certA") - _, err = ctx.dbMap.Exec( + _, err = tc.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-a", serial1String, @@ -263,9 +263,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertB.NotAfter, DER: certDerB, } - err = ctx.dbMap.Insert(certB) + err = tc.dbMap.Insert(certB) test.AssertNotError(t, err, "Couldn't add certB") - _, err = ctx.dbMap.Exec( + _, err = tc.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-b", serial2String, @@ -288,9 +288,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertC.NotAfter, DER: certDerC, } - err = ctx.dbMap.Insert(certC) + err = tc.dbMap.Insert(certC) test.AssertNotError(t, err, "Couldn't add certC") - _, err = ctx.dbMap.Exec( + _, err = tc.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-c", serial3String, @@ -313,9 +313,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertD.NotAfter, DER: certDerD, } - err = ctx.dbMap.Insert(certD) + err = tc.dbMap.Insert(certD) test.AssertNotError(t, err, "Couldn't add certD") - _, err = ctx.dbMap.Exec( + _, err = tc.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-d", serial4String, diff --git a/cmd/id-exporter/main_test.go b/cmd/id-exporter/main_test.go index 00f9e545e..49f817ca7 100644 --- a/cmd/id-exporter/main_test.go +++ b/cmd/id-exporter/main_test.go @@ -244,7 +244,7 @@ type testCtx struct { cleanUp func() } -func (c testCtx) addRegistrations(t *testing.T) { +func (tc testCtx) addRegistrations(t *testing.T) { emailA := "mailto:" + emailARaw emailB := "mailto:" + emailBRaw emailC := "mailto:" + emailCRaw @@ -304,17 +304,17 @@ func (c testCtx) addRegistrations(t *testing.T) { // Add the four test registrations ctx := context.Background() - regA, err = c.ssa.NewRegistration(ctx, regA) + regA, err = tc.ssa.NewRegistration(ctx, regA) test.AssertNotError(t, err, "Couldn't store regA") - regB, err = c.ssa.NewRegistration(ctx, regB) + regB, err = tc.ssa.NewRegistration(ctx, regB) test.AssertNotError(t, err, "Couldn't store regB") - regC, err = c.ssa.NewRegistration(ctx, regC) + regC, err = tc.ssa.NewRegistration(ctx, regC) test.AssertNotError(t, err, "Couldn't store regC") - regD, err = c.ssa.NewRegistration(ctx, regD) + regD, err = tc.ssa.NewRegistration(ctx, regD) test.AssertNotError(t, err, "Couldn't store regD") } -func (ctx testCtx) addCertificates(t *testing.T) { +func (tc testCtx) addCertificates(t *testing.T) { serial1 := big.NewInt(1336) serial1String := core.SerialToString(serial1) serial2 := big.NewInt(1337) @@ -353,9 +353,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertA.NotAfter, DER: certDerA, } - err := ctx.c.dbMap.Insert(certA) + err := tc.c.dbMap.Insert(certA) test.AssertNotError(t, err, "Couldn't add certA") - _, err = ctx.c.dbMap.Exec( + _, err = tc.c.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-a", serial1String, @@ -378,9 +378,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertB.NotAfter, DER: certDerB, } - err = ctx.c.dbMap.Insert(certB) + err = tc.c.dbMap.Insert(certB) test.AssertNotError(t, err, "Couldn't add certB") - _, err = ctx.c.dbMap.Exec( + _, err = tc.c.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-b", serial2String, @@ -403,9 +403,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertC.NotAfter, DER: certDerC, } - err = ctx.c.dbMap.Insert(certC) + err = tc.c.dbMap.Insert(certC) test.AssertNotError(t, err, "Couldn't add certC") - _, err = ctx.c.dbMap.Exec( + _, err = tc.c.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-c", serial3String, @@ -428,9 +428,9 @@ func (ctx testCtx) addCertificates(t *testing.T) { Expires: rawCertD.NotAfter, DER: certDerD, } - err = ctx.c.dbMap.Insert(certD) + err = tc.c.dbMap.Insert(certD) test.AssertNotError(t, err, "Couldn't add certD") - _, err = ctx.c.dbMap.Exec( + _, err = tc.c.dbMap.Exec( "INSERT INTO issuedNames (reversedName, serial, notBefore) VALUES (?,?,0)", "com.example-d", serial4String, diff --git a/cmd/log-validator/main.go b/cmd/log-validator/main.go index dea218f46..7d04ffbc8 100644 --- a/cmd/log-validator/main.go +++ b/cmd/log-validator/main.go @@ -19,7 +19,7 @@ import ( blog "github.com/letsencrypt/boulder/log" ) -var invalidChecksumErr = errors.New("invalid checksum length") +var errInvalidChecksum = errors.New("invalid checksum length") func lineValid(text string) error { // Line format should match the following rsyslog omfile template: @@ -53,7 +53,7 @@ func lineValid(text string) error { "%s expected a 7 character base64 raw URL decodable string, got %q: %w", errorPrefix, checksum, - invalidChecksumErr, + errInvalidChecksum, ) } @@ -186,7 +186,7 @@ func main() { continue } if err := lineValid(line.Text); err != nil { - if errors.Is(err, invalidChecksumErr) { + if errors.Is(err, errInvalidChecksum) { lineCounter.WithLabelValues(t.Filename, "invalid checksum length").Inc() } else { lineCounter.WithLabelValues(t.Filename, "bad").Inc() diff --git a/cmd/log-validator/main_test.go b/cmd/log-validator/main_test.go index f4802a328..fc7806d5c 100644 --- a/cmd/log-validator/main_test.go +++ b/cmd/log-validator/main_test.go @@ -19,7 +19,7 @@ func TestLineValidRejects(t *testing.T) { func TestLineValidRejectsNotAChecksum(t *testing.T) { err := lineValid("2020-07-06T18:07:43.109389+00:00 70877f679c72 datacenter 6 boulder-wfe[1595]: xxxx Caught SIGTERM") test.AssertError(t, err, "didn't error on invalid checksum") - test.AssertErrorIs(t, err, invalidChecksumErr) + test.AssertErrorIs(t, err, errInvalidChecksum) } func TestLineValidNonOurobouros(t *testing.T) { diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go index e45980573..cd1bb860a 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -55,8 +55,8 @@ func newFilter(issuerCerts []string, serialPrefixes []string) (*ocspFilter, erro if len(issuerCerts) < 1 { return nil, errors.New("Filter must include at least 1 issuer cert") } - issuerKeyHashes := make(map[issuance.IssuerID][]byte, 0) - issuerNameKeyHashes := make(map[issuance.IssuerNameID][]byte, 0) + issuerKeyHashes := make(map[issuance.IssuerID][]byte) + issuerNameKeyHashes := make(map[issuance.IssuerNameID][]byte) for _, issuerCert := range issuerCerts { // Load the certificate from the file path. cert, err := core.LoadCert(issuerCert) diff --git a/core/util.go b/core/util.go index 96a609031..bc0500353 100644 --- a/core/util.go +++ b/core/util.go @@ -148,7 +148,7 @@ func PublicKeysEqual(a, b interface{}) (bool, error) { if err != nil { return false, err } - return bytes.Compare(aBytes, bBytes) == 0, nil + return bytes.Equal(aBytes, bBytes), nil } // SerialToString converts a certificate serial number (big.Int) to a String diff --git a/grpc/errors.go b/grpc/errors.go index 19cb1edde..3d3e83836 100644 --- a/grpc/errors.go +++ b/grpc/errors.go @@ -10,6 +10,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" berrors "github.com/letsencrypt/boulder/errors" ) @@ -48,9 +49,9 @@ func wrapError(ctx context.Context, err error) error { // fails, we'll still return an error, but it will be interpreted on the // other side as an InternalServerError instead of a more specific one. _ = grpc.SetTrailer(ctx, metadata.Pairs(pairs...)) - return grpc.Errorf(codes.Unknown, err.Error()) + return status.Errorf(codes.Unknown, err.Error()) } - return grpc.Errorf(codes.Unknown, err.Error()) + return status.Errorf(codes.Unknown, err.Error()) } // unwrapError unwraps errors returned from gRPC client calls which were wrapped @@ -61,50 +62,60 @@ func unwrapError(err error, md metadata.MD) error { if err == nil { return nil } - if errTypeStrs, ok := md["errortype"]; ok { - unwrappedErr := grpc.ErrorDesc(err) - if len(errTypeStrs) != 1 { - return berrors.InternalServerError( - "multiple errorType metadata, wrapped error %q", - unwrappedErr, - ) - } - errType, decErr := strconv.Atoi(errTypeStrs[0]) - if decErr != nil { - return berrors.InternalServerError( - "failed to decode error type, decoding error %q, wrapped error %q", - decErr, - unwrappedErr, - ) - } - outErr := berrors.New(berrors.ErrorType(errType), unwrappedErr) - if subErrsJSON, ok := md["suberrors"]; ok { - if len(subErrsJSON) != 1 { - return berrors.InternalServerError( - "multiple suberrors metadata, wrapped error %q", - unwrappedErr, - ) - } - var suberrs []berrors.SubBoulderError - if err := json.Unmarshal([]byte(subErrsJSON[0]), &suberrs); err != nil { - return berrors.InternalServerError( - "error unmarshaling suberrs JSON %q, wrapped error %q", - subErrsJSON[0], - unwrappedErr, - ) - } - var berr *berrors.BoulderError - if errors.As(outErr, &berr) { - outErr = berr.WithSubErrors(suberrs) - } else { - return fmt.Errorf( - "expected type of outErr to be %T got %T: %q", - berr, outErr, - outErr.Error(), - ) - } - } + + unwrappedErr := status.Convert(err).Message() + + errTypeStrs, ok := md["errortype"] + if !ok { + return err + } + if len(errTypeStrs) != 1 { + return berrors.InternalServerError( + "multiple errorType metadata, wrapped error %q", + unwrappedErr, + ) + } + + errType, decErr := strconv.Atoi(errTypeStrs[0]) + if decErr != nil { + return berrors.InternalServerError( + "failed to decode error type, decoding error %q, wrapped error %q", + decErr, + unwrappedErr, + ) + } + outErr := berrors.New(berrors.ErrorType(errType), unwrappedErr) + + subErrsJSON, ok := md["suberrors"] + if !ok { return outErr } - return err + if len(subErrsJSON) != 1 { + return berrors.InternalServerError( + "multiple suberrors metadata, wrapped error %q", + unwrappedErr, + ) + } + + var suberrs []berrors.SubBoulderError + err2 := json.Unmarshal([]byte(subErrsJSON[0]), &suberrs) + if err2 != nil { + return berrors.InternalServerError( + "error unmarshaling suberrs JSON %q, wrapped error %q", + subErrsJSON[0], + unwrappedErr, + ) + } + + var berr *berrors.BoulderError + if errors.As(outErr, &berr) { + outErr = berr.WithSubErrors(suberrs) + } else { + return fmt.Errorf( + "expected type of outErr to be %T got %T: %q", + berr, outErr, + outErr.Error(), + ) + } + return outErr } diff --git a/grpc/errors_test.go b/grpc/errors_test.go index 19116dae6..41ee7fa36 100644 --- a/grpc/errors_test.go +++ b/grpc/errors_test.go @@ -12,7 +12,6 @@ import ( "github.com/jmhodges/clock" berrors "github.com/letsencrypt/boulder/errors" "github.com/letsencrypt/boulder/grpc/test_proto" - testproto "github.com/letsencrypt/boulder/grpc/test_proto" "github.com/letsencrypt/boulder/identifier" "github.com/letsencrypt/boulder/metrics" "github.com/letsencrypt/boulder/test" @@ -23,7 +22,7 @@ type errorServer struct { err error } -func (s *errorServer) Chill(_ context.Context, _ *testproto.Time) (*testproto.Time, error) { +func (s *errorServer) Chill(_ context.Context, _ *test_proto.Time) (*test_proto.Time, error) { return nil, s.err } @@ -33,7 +32,7 @@ func TestErrorWrapping(t *testing.T) { ci := clientInterceptor{time.Second, NewClientMetrics(metrics.NoopRegisterer), clock.NewFake()} srv := grpc.NewServer(grpc.UnaryInterceptor(si.intercept)) es := &errorServer{} - testproto.RegisterChillerServer(srv, es) + test_proto.RegisterChillerServer(srv, es) lis, err := net.Listen("tcp", "127.0.0.1:") test.AssertNotError(t, err, "Failed to create listener") go func() { _ = srv.Serve(lis) }() @@ -45,10 +44,10 @@ func TestErrorWrapping(t *testing.T) { grpc.WithUnaryInterceptor(ci.intercept), ) test.AssertNotError(t, err, "Failed to dial grpc test server") - client := testproto.NewChillerClient(conn) + client := test_proto.NewChillerClient(conn) es.err = berrors.MalformedError("yup") - _, err = client.Chill(context.Background(), &testproto.Time{}) + _, err = client.Chill(context.Background(), &test_proto.Time{}) test.Assert(t, err != nil, fmt.Sprintf("nil error returned, expected: %s", err)) test.AssertDeepEquals(t, err, es.err) @@ -64,7 +63,7 @@ func TestSubErrorWrapping(t *testing.T) { ci := clientInterceptor{time.Second, NewClientMetrics(metrics.NoopRegisterer), clock.NewFake()} srv := grpc.NewServer(grpc.UnaryInterceptor(si.intercept)) es := &errorServer{} - testproto.RegisterChillerServer(srv, es) + test_proto.RegisterChillerServer(srv, es) lis, err := net.Listen("tcp", "127.0.0.1:") test.AssertNotError(t, err, "Failed to create listener") go func() { _ = srv.Serve(lis) }() @@ -76,7 +75,7 @@ func TestSubErrorWrapping(t *testing.T) { grpc.WithUnaryInterceptor(ci.intercept), ) test.AssertNotError(t, err, "Failed to dial grpc test server") - client := testproto.NewChillerClient(conn) + client := test_proto.NewChillerClient(conn) subErrors := []berrors.SubBoulderError{ { @@ -93,7 +92,7 @@ func TestSubErrorWrapping(t *testing.T) { Detail: "malformed chill req", }).WithSubErrors(subErrors) - _, err = client.Chill(context.Background(), &testproto.Time{}) + _, err = client.Chill(context.Background(), &test_proto.Time{}) test.Assert(t, err != nil, fmt.Sprintf("nil error returned, expected: %s", err)) test.AssertDeepEquals(t, err, es.err) } diff --git a/grpc/interceptors.go b/grpc/interceptors.go index cf08786a4..2df43b2e4 100644 --- a/grpc/interceptors.go +++ b/grpc/interceptors.go @@ -88,7 +88,7 @@ func (si *serverInterceptor) intercept(ctx context.Context, req interface{}, inf deadline = deadline.Add(-returnOverhead) remaining := time.Until(deadline) if remaining < meaningfulWorkOverhead { - return nil, grpc.Errorf(codes.DeadlineExceeded, "not enough time left on clock: %s", remaining) + return nil, status.Errorf(codes.DeadlineExceeded, "not enough time left on clock: %s", remaining) } var cancel func() ctx, cancel = context.WithDeadline(ctx, deadline) @@ -166,7 +166,7 @@ func (ci *clientInterceptor) intercept( defer cancel() // Disable fail-fast so RPCs will retry until deadline, even if all backends // are down. - opts = append(opts, grpc.FailFast(false)) + opts = append(opts, grpc.WaitForReady(true)) // Convert the current unix nano timestamp to a string for embedding in the grpc metadata nowTS := strconv.FormatInt(ci.clk.Now().UnixNano(), 10) diff --git a/grpc/interceptors_test.go b/grpc/interceptors_test.go index 9782eb2e0..c1c4ba663 100644 --- a/grpc/interceptors_test.go +++ b/grpc/interceptors_test.go @@ -138,7 +138,7 @@ func (s *testServer) Chill(ctx context.Context, in *test_proto.Time) (*test_prot spent := int64(time.Since(start) / time.Nanosecond) return &test_proto.Time{Time: spent}, nil case <-ctx.Done(): - return nil, grpc.Errorf(codes.DeadlineExceeded, "the chiller overslept") + return nil, status.Errorf(codes.DeadlineExceeded, "the chiller overslept") } } @@ -244,7 +244,7 @@ func TestRequestTimeTagging(t *testing.T) { // requested ChillerServer delay so that the RPC completes normally ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - var delayTime int64 = (time.Second * 5).Nanoseconds() + delayTime := (time.Second * 5).Nanoseconds() if _, err := c.Chill(ctx, &test_proto.Time{Time: delayTime}); err != nil { t.Fatalf("Unexpected error calling Chill RPC: %s", err) } diff --git a/grpc/server.go b/grpc/server.go index 659086344..470cafb71 100644 --- a/grpc/server.go +++ b/grpc/server.go @@ -13,10 +13,11 @@ import ( "github.com/prometheus/client_golang/prometheus" "google.golang.org/grpc" "google.golang.org/grpc/keepalive" + "google.golang.org/grpc/status" ) // CodedError is a alias required to appease go vet -var CodedError = grpc.Errorf +var CodedError = status.Errorf var errNilTLS = errors.New("boulder/grpc: received nil tls.Config") diff --git a/issuance/issuance.go b/issuance/issuance.go index 417f31484..4acc4697f 100644 --- a/issuance/issuance.go +++ b/issuance/issuance.go @@ -136,11 +136,11 @@ func loadSigner(location IssuerLoc, cert *Certificate) (crypto.Signer, error) { // us early-return once we successfully parse once. signer, err := x509.ParsePKCS8PrivateKey(keyDER.Bytes) if err == nil { - switch signer.(type) { + switch signer := signer.(type) { case *rsa.PrivateKey: - return signer.(*rsa.PrivateKey), nil + return signer, nil case *ecdsa.PrivateKey: - return signer.(*ecdsa.PrivateKey), nil + return signer, nil } } rsaSigner, err := x509.ParsePKCS1PrivateKey(keyDER.Bytes) diff --git a/linter/lints/common.go b/linter/lints/common.go index 87dc43390..4fef6c4c5 100644 --- a/linter/lints/common.go +++ b/linter/lints/common.go @@ -11,7 +11,7 @@ const ( // For the purpose of calculations, a day is measured as 86,400 seconds. // Any amount of time greater than this, including fractional seconds and/or // leap seconds, shall represent an additional day. - DaySeconds time.Duration = 86400 * time.Second + BRDay time.Duration = 86400 * time.Second // Declare our own Sources for use in zlint registry filtering. LetsEncryptCPSAll lint.LintSource = "LECPSAll" diff --git a/linter/lints/intermediate/e_validity_period_greater_than_8_years.go b/linter/lints/intermediate/e_validity_period_greater_than_8_years.go index 14f1e7391..939e3334e 100644 --- a/linter/lints/intermediate/e_validity_period_greater_than_8_years.go +++ b/linter/lints/intermediate/e_validity_period_greater_than_8_years.go @@ -33,7 +33,7 @@ func (l *certValidityTooLong) CheckApplies(c *x509.Certificate) bool { func (l *certValidityTooLong) Execute(c *x509.Certificate) *lint.LintResult { // CPS 7.1: "Intermediate CA Certificate Validity Period: Up to 8 years." - maxValidity := 8 * 365 * lints.DaySeconds + maxValidity := 8 * 365 * lints.BRDay // RFC 5280 4.1.2.5: "The validity period for a certificate is the period // of time from notBefore through notAfter, inclusive." diff --git a/linter/lints/root/e_validity_period_greater_than_25_years.go b/linter/lints/root/e_validity_period_greater_than_25_years.go index 376ec4cfc..78bc89bd8 100644 --- a/linter/lints/root/e_validity_period_greater_than_25_years.go +++ b/linter/lints/root/e_validity_period_greater_than_25_years.go @@ -33,7 +33,7 @@ func (l *certValidityTooLong) CheckApplies(c *x509.Certificate) bool { func (l *certValidityTooLong) Execute(c *x509.Certificate) *lint.LintResult { // CPS 7.1: "Root CA Certificate Validity Period: Up to 25 years." - maxValidity := 25 * 365 * lints.DaySeconds + maxValidity := 25 * 365 * lints.BRDay // RFC 5280 4.1.2.5: "The validity period for a certificate is the period // of time from notBefore through notAfter, inclusive." diff --git a/linter/lints/subscriber/e_validity_period_greater_than_100_days.go b/linter/lints/subscriber/e_validity_period_greater_than_100_days.go index af34d4e60..c57f73ab7 100644 --- a/linter/lints/subscriber/e_validity_period_greater_than_100_days.go +++ b/linter/lints/subscriber/e_validity_period_greater_than_100_days.go @@ -33,7 +33,7 @@ func (l *certValidityTooLong) CheckApplies(c *x509.Certificate) bool { func (l *certValidityTooLong) Execute(c *x509.Certificate) *lint.LintResult { // CPS 7.1: "DV SSL End Entity Certificate Validity Period: Up to 100 days." - maxValidity := 100 * lints.DaySeconds + maxValidity := 100 * lints.BRDay // RFC 5280 4.1.2.5: "The validity period for a certificate is the period // of time from notBefore through notAfter, inclusive." diff --git a/observer/monitor.go b/observer/monitor.go index a8f2b3bc9..37c2bc977 100644 --- a/observer/monitor.go +++ b/observer/monitor.go @@ -19,22 +19,19 @@ func (m monitor) start(logger blog.Logger) { ticker := time.NewTicker(m.period) timeout := m.period / 2 go func() { - for { - select { - case <-ticker.C: - // Attempt to probe the configured target. - success, dur := m.prober.Probe(timeout) + for range ticker.C { + // Attempt to probe the configured target. + success, dur := m.prober.Probe(timeout) - // Produce metrics to be scraped by Prometheus. - histObservations.WithLabelValues( - m.prober.Name(), m.prober.Kind(), strconv.FormatBool(success), - ).Observe(dur.Seconds()) + // Produce metrics to be scraped by Prometheus. + histObservations.WithLabelValues( + m.prober.Name(), m.prober.Kind(), strconv.FormatBool(success), + ).Observe(dur.Seconds()) - // Log the outcome of the probe attempt. - logger.Infof( - "kind=[%s] success=[%v] duration=[%f] name=[%s]", - m.prober.Kind(), success, dur.Seconds(), m.prober.Name()) - } + // Log the outcome of the probe attempt. + logger.Infof( + "kind=[%s] success=[%v] duration=[%f] name=[%s]", + m.prober.Kind(), success, dur.Seconds(), m.prober.Name()) } }() } diff --git a/ocsp/responder_test.go b/ocsp/responder_test.go index 9799bec72..0352126de 100644 --- a/ocsp/responder_test.go +++ b/ocsp/responder_test.go @@ -259,7 +259,7 @@ func TestCacheHeaders(t *testing.T) { {"Etag", "\"8169FB0843B081A76E9F6F13FD70C8411597BEACF8B182136FFDD19FBD26140A\""}, } for _, tc := range testCases { - headers, ok := rw.HeaderMap[tc.header] + headers, ok := rw.Result().Header[tc.header] if !ok { t.Errorf("Header %s missing from HTTP response", tc.header) continue diff --git a/ocsp_updater/updater_test.go b/ocsp_updater/updater_test.go index f4ed2bcef..a00ddbe0d 100644 --- a/ocsp_updater/updater_test.go +++ b/ocsp_updater/updater_test.go @@ -47,7 +47,7 @@ func (ca *mockOCSP) GenerateOCSP(_ context.Context, req *capb.GenerateOCSPReques type noopROCSP struct { } -func (_ noopROCSP) StoreResponse(_ context.Context, _ []byte, _ byte, _ time.Duration) error { +func (noopROCSP) StoreResponse(_ context.Context, _ []byte, _ byte, _ time.Duration) error { return nil } diff --git a/ra/ra_test.go b/ra/ra_test.go index ccc107642..8bd29febe 100644 --- a/ra/ra_test.go +++ b/ra/ra_test.go @@ -2179,18 +2179,18 @@ func (msa *mockSAUnsafeAuthzReuse) GetAuthorizations2(ctx context.Context, req * } -func (sa *mockSAUnsafeAuthzReuse) NewAuthorizations2(_ context.Context, _ *sapb.AddPendingAuthorizationsRequest, _ ...grpc.CallOption) (*sapb.Authorization2IDs, error) { +func (msa *mockSAUnsafeAuthzReuse) NewAuthorizations2(_ context.Context, _ *sapb.AddPendingAuthorizationsRequest, _ ...grpc.CallOption) (*sapb.Authorization2IDs, error) { return &sapb.Authorization2IDs{ Ids: []int64{5}, }, nil } -func (sa *mockSAUnsafeAuthzReuse) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest, _ ...grpc.CallOption) (*corepb.Order, error) { +func (msa *mockSAUnsafeAuthzReuse) NewOrderAndAuthzs(ctx context.Context, req *sapb.NewOrderAndAuthzsRequest, _ ...grpc.CallOption) (*corepb.Order, error) { r := req.NewOrder for range req.NewAuthzs { r.V2Authorizations = append(r.V2Authorizations, mrand.Int63()) } - return sa.NewOrder(ctx, r) + return msa.NewOrder(ctx, r) } // TestNewOrderAuthzReuseSafety checks that the RA's safety check for reusing an diff --git a/rocsp/config/rocsp_config.go b/rocsp/config/rocsp_config.go index 9af033cb2..a47fe8aa0 100644 --- a/rocsp/config/rocsp_config.go +++ b/rocsp/config/rocsp_config.go @@ -174,7 +174,7 @@ func LoadIssuers(input map[string]int) ([]ShortIDIssuer, error) { if err != nil { return nil, fmt.Errorf("parsing issuer.RawSubject: %w", err) } - var shortID byte = byte(shortID) + shortID := byte(shortID) for _, issuer := range issuers { if issuer.shortID == shortID { return nil, fmt.Errorf("duplicate shortID '%d' in (for %q and %q) in config file", shortID, issuer.subject, subject) diff --git a/rocsp/rocsp.go b/rocsp/rocsp.go index 910677845..dbc11e88d 100644 --- a/rocsp/rocsp.go +++ b/rocsp/rocsp.go @@ -37,7 +37,7 @@ func (m Metadata) String() string { func (m Metadata) Marshal() []byte { var output [9]byte output[0] = m.ShortIssuerID - var epochSeconds uint64 = uint64(m.ThisUpdate.Unix()) + epochSeconds := uint64(m.ThisUpdate.Unix()) binary.LittleEndian.PutUint64(output[1:], epochSeconds) return output[:] } diff --git a/sa/database.go b/sa/database.go index 60202da0f..fa5e6e532 100644 --- a/sa/database.go +++ b/sa/database.go @@ -186,8 +186,7 @@ func (log *SQLLogger) Printf(format string, v ...interface{}) { // autoincremented value that resulted from the insert. See // https://godoc.org/github.com/coopernurse/gorp#DbMap.Insert func initTables(dbMap *gorp.DbMap) { - var regTable *gorp.TableMap - regTable = dbMap.AddTableWithName(regModel{}, "registrations").SetKeys(true, "ID") + regTable := dbMap.AddTableWithName(regModel{}, "registrations").SetKeys(true, "ID") regTable.SetVersionCol("LockCol") regTable.ColMap("Key").SetNotNull(true) diff --git a/sa/precertificates_test.go b/sa/precertificates_test.go index c0918640c..ed7ea34a5 100644 --- a/sa/precertificates_test.go +++ b/sa/precertificates_test.go @@ -56,7 +56,7 @@ func TestAddPrecertificate(t *testing.T) { test.AssertNotError(t, err, "Couldn't get status for test cert") test.Assert( t, - bytes.Compare(certStatus.OcspResponse, ocspResp) == 0, + bytes.Equal(certStatus.OcspResponse, ocspResp), fmt.Sprintf("OCSP responses don't match, expected: %x, got %x", certStatus.OcspResponse, ocspResp), ) test.AssertEquals(t, clk.Now().UnixNano(), certStatus.OcspLastUpdated) @@ -159,5 +159,5 @@ func TestAddPrecertificateKeyHash(t *testing.T) { test.AssertEquals(t, keyHashes[0].CertSerial, serial) test.AssertEquals(t, keyHashes[0].CertNotAfter, testCert.NotAfter) spkiHash := sha256.Sum256(testCert.RawSubjectPublicKeyInfo) - test.Assert(t, bytes.Compare(keyHashes[0].KeyHash, spkiHash[:]) == 0, "spki hash mismatch") + test.Assert(t, bytes.Equal(keyHashes[0].KeyHash, spkiHash[:]), "spki hash mismatch") } diff --git a/test/mail-test-srv/http.go b/test/mail-test-srv/http.go index df6191698..d822fb623 100644 --- a/test/mail-test-srv/http.go +++ b/test/mail-test-srv/http.go @@ -32,33 +32,33 @@ func (f *toFilter) Match(m rcvdMail) bool { /mail/1?to=foo@bar.com - second mail for foo@bar.com */ -func (s *mailSrv) setupHTTP(serveMux *http.ServeMux) { - serveMux.HandleFunc("/count", s.httpCount) - serveMux.HandleFunc("/clear", s.httpClear) - serveMux.Handle("/mail/", http.StripPrefix("/mail/", http.HandlerFunc(s.httpGetMail))) +func (srv *mailSrv) setupHTTP(serveMux *http.ServeMux) { + serveMux.HandleFunc("/count", srv.httpCount) + serveMux.HandleFunc("/clear", srv.httpClear) + serveMux.Handle("/mail/", http.StripPrefix("/mail/", http.HandlerFunc(srv.httpGetMail))) } -func (s *mailSrv) httpClear(w http.ResponseWriter, r *http.Request) { +func (srv *mailSrv) httpClear(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { - s.allMailMutex.Lock() - s.allReceivedMail = nil - s.allMailMutex.Unlock() + srv.allMailMutex.Lock() + srv.allReceivedMail = nil + srv.allMailMutex.Unlock() w.WriteHeader(200) } else { w.WriteHeader(405) } } -func (s *mailSrv) httpCount(w http.ResponseWriter, r *http.Request) { +func (srv *mailSrv) httpCount(w http.ResponseWriter, r *http.Request) { count := 0 - s.iterMail(extractFilter(r), func(m rcvdMail) bool { + srv.iterMail(extractFilter(r), func(m rcvdMail) bool { count++ return false }) fmt.Fprintf(w, "%d\n", count) } -func (s *mailSrv) httpGetMail(w http.ResponseWriter, r *http.Request) { +func (srv *mailSrv) httpGetMail(w http.ResponseWriter, r *http.Request) { mailNum, err := strconv.Atoi(strings.Trim(r.URL.Path, "/")) if err != nil { w.WriteHeader(400) @@ -66,7 +66,7 @@ func (s *mailSrv) httpGetMail(w http.ResponseWriter, r *http.Request) { return } idx := 0 - found := s.iterMail(extractFilter(r), func(m rcvdMail) bool { + found := srv.iterMail(extractFilter(r), func(m rcvdMail) bool { if mailNum == idx { printMail(w, m) return true @@ -85,10 +85,10 @@ func extractFilter(r *http.Request) toFilter { return toFilter{To: to} } -func (s *mailSrv) iterMail(f toFilter, cb func(rcvdMail) bool) bool { - s.allMailMutex.Lock() - defer s.allMailMutex.Unlock() - for _, v := range s.allReceivedMail { +func (srv *mailSrv) iterMail(f toFilter, cb func(rcvdMail) bool) bool { + srv.allMailMutex.Lock() + defer srv.allMailMutex.Unlock() + for _, v := range srv.allReceivedMail { if !f.Match(v) { continue } diff --git a/va/tlsalpn.go b/va/tlsalpn.go index 8db740f52..8185cea3c 100644 --- a/va/tlsalpn.go +++ b/va/tlsalpn.go @@ -185,7 +185,7 @@ func (va *ValidationAuthorityImpl) validateTLSALPN01(ctx context.Context, identi return validationRecords, problem } - if !cs.NegotiatedProtocolIsMutual || cs.NegotiatedProtocol != ACMETLS1Protocol { + if cs.NegotiatedProtocol != ACMETLS1Protocol { errText := fmt.Sprintf( "Cannot negotiate ALPN protocol %q for %s challenge", ACMETLS1Protocol, diff --git a/va/va.go b/va/va.go index c3fc32e13..704a0e467 100644 --- a/va/va.go +++ b/va/va.go @@ -266,7 +266,7 @@ func detailedError(err error) *probs.ProblemDetails { } var tlsErr tls.RecordHeaderError - if errors.As(err, &tlsErr) && bytes.Compare(tlsErr.RecordHeader[:], badTLSHeader) == 0 { + if errors.As(err, &tlsErr) && bytes.Equal(tlsErr.RecordHeader[:], badTLSHeader) { return probs.Malformed("Server only speaks HTTP, not TLS") } diff --git a/web/context.go b/web/context.go index 217d61e2d..43b1f2b0e 100644 --- a/web/context.go +++ b/web/context.go @@ -124,11 +124,8 @@ func (th *TopHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // We unconditionally strip :443 even when r.TLS is nil because the WFE/WFE2 // may be deployed HTTP-only behind another service that terminates HTTPS on // its behalf. - if strings.HasSuffix(r.Host, ":443") { - r.Host = strings.TrimSuffix(r.Host, ":443") - } else if strings.HasSuffix(r.Host, ":80") { - r.Host = strings.TrimSuffix(r.Host, ":80") - } + r.Host = strings.TrimSuffix(r.Host, ":443") + r.Host = strings.TrimSuffix(r.Host, ":80") begin := time.Now() rwws := &responseWriterWithStatus{w, 0} diff --git a/web/send_error.go b/web/send_error.go index 72a605438..87dcfb62f 100644 --- a/web/send_error.go +++ b/web/send_error.go @@ -7,8 +7,8 @@ import ( "net/http" "strings" - "google.golang.org/grpc" "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" blog "github.com/letsencrypt/boulder/log" "github.com/letsencrypt/boulder/probs" @@ -48,7 +48,7 @@ func SendError( // auditable events. Also, skip the audit log for deadline exceeded errors // since we don't need to keep those long-term. Note that they are still // included in the request logs. - deadlineExceeded := ierr == context.DeadlineExceeded || grpc.Code(ierr) == codes.DeadlineExceeded + deadlineExceeded := ierr == context.DeadlineExceeded || status.Code(ierr) == codes.DeadlineExceeded if prob.Type == probs.ServerInternalProblem && !deadlineExceeded { if ierr != nil { log.AuditErrf("Internal error - %s - %s", prob.Detail, ierr) diff --git a/wfe2/prod_aia.go b/wfe2/prod_aia.go index 0b997e26e..49cc8cbdf 100644 --- a/wfe2/prod_aia.go +++ b/wfe2/prod_aia.go @@ -17,5 +17,4 @@ func (wfe *WebFrontEndImpl) Issuer(ctx context.Context, logEvent *web.RequestEve logEvent.AddError("AIA Issuer URL requested") http.NotFound(response, request) response.Header().Set("Content-Type", "application/problem+json") - return } diff --git a/wfe2/wfe.go b/wfe2/wfe.go index 207cfcc9b..d19741dc1 100644 --- a/wfe2/wfe.go +++ b/wfe2/wfe.go @@ -22,7 +22,6 @@ import ( berrors "github.com/letsencrypt/boulder/errors" "github.com/letsencrypt/boulder/features" "github.com/letsencrypt/boulder/goodkey" - "github.com/letsencrypt/boulder/grpc" bgrpc "github.com/letsencrypt/boulder/grpc" "github.com/letsencrypt/boulder/identifier" "github.com/letsencrypt/boulder/issuance" @@ -162,11 +161,11 @@ func NewWebFrontEndImpl( sac sapb.StorageAuthorityClient, accountGetter AccountGetter, ) (WebFrontEndImpl, error) { - if issuerCertificates == nil || len(issuerCertificates) == 0 { + if len(issuerCertificates) == 0 { return WebFrontEndImpl{}, errors.New("must provide at least one issuer certificate") } - if certificateChains == nil || len(certificateChains) == 0 { + if len(certificateChains) == 0 { return WebFrontEndImpl{}, errors.New("must provide at least one certificate chain") } @@ -627,7 +626,7 @@ func (wfe *WebFrontEndImpl) NewAccount( beeline.AddFieldToTrace(ctx, "acct.id", acctPB.Id) addRequesterHeader(response, acctPB.Id) - acct, err := grpc.PbToRegistration(acctPB) + acct, err := bgrpc.PbToRegistration(acctPB) if err != nil { wfe.sendError(response, logEvent, probs.ServerInternal("Error marshaling account"), err) return diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go index 2fd27d0b5..38276fd23 100644 --- a/wfe2/wfe_test.go +++ b/wfe2/wfe_test.go @@ -155,36 +155,6 @@ EulwPw0CgYAMSzsWOt6vU+y/G5NyhUCHvY50TdnGOj2btBk9rYVwWGWxCpg2QF0R pcKXgGzXEVZKFAqB8V1c/mmCo8ojPgmqGM+GzX2Bj4seVBW7PsTeZUjrHpADshjV F7o5b7y92NlxO5kwQzRKEAhwS5PbKJdx90iCuG+JlI1YgWlA1VcJMw== -----END RSA PRIVATE KEY----- -` - - test4KeyPrivatePEM = ` ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqih+cx32M0wq8MhhN+kBi2xPE+wnw4/iIg1hWO5wtBfpt2Pt -WikgPuBT6jvK9oyQwAWbSfwqlVZatMPY/+3IyytMNb9R9OatNr6o5HROBoyZnDVS -iC4iMRd7bRl/PWSIqj/MjhPNa9cYwBdW5iC3jM5TaOgmp0+YFm4tkLGirDcIBDkQ -Ylnv9NKILvuwqkapZ7XBixeqdCcikUcTRXW5unqygO6bnapzw+YtPsPPlj4Ih3Sv -K4doyziPV96U8u5lbNYYEzYiW1mbu9n0KLvmKDikGcdOpf6+yRa/10kMZyYQatY1 -eclIKI0xb54kbluEl0GQDaL5FxLmiKeVnsapzwIDAQABAoIBAQCYWNsmTHwjX53O -qUnJ2jfE0ftXNghAIvHvVRWEny+PPx3FUZWwNMQnJ4haXqCQ8DelhR+NNVYXERLz -Z6pBMm+l4CVCtgI2B9ar/jaPHMbDPF1IK8GyJcP9Oi4K91oh6IIoFCkcSASS+imx -yvPF5SMR0aWCduAsyqm743euZizkjIZ4ZzjJzhvtO17BLXpjD2Al8CBfeaaPFfPB -X86BRH5khuNaRbjG9MVg4h+D752/PuivE6+wBW+F2CYCbFMCYTFSFyHzrVdkw59C -RbHl6Pk7aTA9z0CR3zNI5k0bGd6z/o0rMei6tWO5OBTQRq5tpW9Gim0uVLH/XJlf -XmJoze+RAoGBAMNrcbPlWlSpd3C1fwYiztXwIe7TaaJIpQ+UhCZE2NuXmEZFGqD5 -5mrZYV3iIq1cDdeV/BkzkB8ggEuQusZ4d7JfEw/j6I8C3ZRmw4W/bb8LPJMX3Ea7 -SgzFv9e+PqqX/3oHZvUN+kH1FSI+UDpkIdegqUBUyWPvd98SDH0/HaY5AoGBAN7o -SfwWExIPEYQvpPjiSVxPuuv50z0BZB+vrQL6U2y4FIohuYSfBVvMiy/Q3Coo2yej -Js4M2bj79lGG86/E+ejdN/YExKWK7qiVnVkOjKnQeJ+bm0+aQWxgetN7RCosqu4T -Dp+Ih2fmhH9r5CInWjbY8js41c/KmYeMa9ZsehBHAoGAdNGg6eJ8KkoYDXdh1MAw -FvHyxvr4lbuJeJPWn63eWP75V2Bt97cLx+nk66OICUwTNkIBrusFB6Z9Ky78iDJx -k16EXaZnWj5jSRhZX3W83EySTHgiBOJm9NWtxgGDIqW0YjVUlb9iT9V7aboIaa98 -D5OKOdu1fBkl9mKqtqBpT/kCgYAugjT9nfV4rSAwfmhjbYN0+UW8+rEyZ1nmqpbk -qipB4t6WO5cjrrJFhxX7cg6d1Ux0prvv/gpnaFrqg8fQgr7J8W49rJ0DFUvabO0Z -qcl7nP2t/5+WKk9AN5kpCu0cB5nadqt0ad4mtZgrpe1BmwhdrUJNTPx/kHwcJhZR -9Ow6/QKBgGzypcqehhIKPjOR7PR8uf0Lb8j5hlLH5akfxVDlUozr5j68cZA3nPW9 -ikuuM4LqU1dlaAp+c51nye7t4hhIw+JtGSWI2fl5NXxB71LOTvN/sN6sGCbNG3pe -xxBoTncDuGtTpubGbzBrY5W1SlNm1gqu9oQa23WNViN2Rc4aIVm3 ------END RSA PRIVATE KEY----- ` testE1KeyPrivatePEM = ` @@ -1979,7 +1949,7 @@ func TestGetCertificate(t *testing.T) { if len(tc.ExpectedCert) > 0 { // If the expectation was to return a certificate, check that it was the one expected bodyBytes := responseWriter.Body.Bytes() - test.Assert(t, bytes.Compare(bodyBytes, tc.ExpectedCert) == 0, "Certificates don't match") + test.Assert(t, bytes.Equal(bodyBytes, tc.ExpectedCert), "Certificates don't match") // Successful requests should be logged as such reqlogs := mockLog.GetAllMatching(`INFO: [^ ]+ [^ ]+ [^ ]+ 200 .*`)