Merge pull request #1304 from testwill/master

nickysemenza · web-flow · commit 50f87890035e · 2023-06-12T08:18:57.000-07:00
diff --git a/bundler/bundler.go b/bundler/bundler.go
@@ -399,10 +399,7 @@ func isSelfSigned(cert *x509.Certificate) bool {
 }
 
 func isChainRootNode(cert *x509.Certificate) bool {
-	if isSelfSigned(cert) {
-		return true
-	}
-	return false
+	return isSelfSigned(cert)
 }
 
 func (b *Bundler) verifyChain(chain []*fetchedIntermediate) bool {
diff --git a/config/config.go b/config/config.go
@@ -19,6 +19,7 @@ import (
 	"github.com/cloudflare/cfssl/helpers"
 	"github.com/cloudflare/cfssl/log"
 	ocspConfig "github.com/cloudflare/cfssl/ocsp/config"
+
 	// empty import of zlint/v3 required to have lints registered.
 	_ "github.com/zmap/zlint/v3"
 	"github.com/zmap/zlint/v3/lint"
@@ -296,7 +297,7 @@ func (p *SigningProfile) populate(cfg *Config) error {
 
 	if p.AuthRemote.AuthKeyName != "" {
 		log.Debug("match auth remote key in profile to auth_keys section")
-		if key, ok := cfg.AuthKeys[p.AuthRemote.AuthKeyName]; ok == true {
+		if key, ok := cfg.AuthKeys[p.AuthRemote.AuthKeyName]; ok {
 			if key.Type == "standard" {
 				p.RemoteProvider, err = auth.New(key.Key, nil)
 				if err != nil {
@@ -441,11 +442,7 @@ func (p *Signing) NeedsRemoteSigner() bool {
 		}
 	}
 
-	if p.Default.RemoteServer != "" {
-		return true
-	}
-
-	return false
+	return p.Default.RemoteServer != ""
 }
 
 // NeedsLocalSigner returns true if one of the profiles doe not have a remote set
@@ -456,11 +453,7 @@ func (p *Signing) NeedsLocalSigner() bool {
 		}
 	}
 
-	if p.Default.RemoteServer == "" {
-		return true
-	}
-
-	return false
+	return p.Default.RemoteServer == ""
 }
 
 // Usages parses the list of key uses in the profile, translating them
@@ -559,7 +552,7 @@ func (p *SigningProfile) hasLocalConfig() bool {
 		p.OCSP != "" ||
 		p.ExpiryString != "" ||
 		p.BackdateString != "" ||
-		p.CAConstraint.IsCA != false ||
+		p.CAConstraint.IsCA ||
 		!p.NotBefore.IsZero() ||
 		!p.NotAfter.IsZero() ||
 		p.NameWhitelistString != "" ||
diff --git a/csr/csr.go b/csr/csr.go
@@ -311,16 +311,11 @@ func getHosts(cert *x509.Certificate) []string {
 	for _, ip := range cert.IPAddresses {
 		hosts = append(hosts, ip.String())
 	}
-	for _, dns := range cert.DNSNames {
-		hosts = append(hosts, dns)
-	}
-	for _, email := range cert.EmailAddresses {
-		hosts = append(hosts, email)
-	}
+	hosts = append(hosts, cert.DNSNames...)
+	hosts = append(hosts, cert.EmailAddresses...)
 	for _, uri := range cert.URIs {
 		hosts = append(hosts, uri.String())
 	}
-
 	return hosts
 }
 
@@ -504,8 +499,6 @@ func appendCAInfoToCSR(reqConf *CAConfig, csr *x509.CertificateRequest) error {
 
 // appendCAInfoToCSR appends user-defined extension to a CSR
 func appendExtensionsToCSR(extensions []pkix.Extension, csr *x509.CertificateRequest) error {
-	for _, extension := range extensions {
-		csr.ExtraExtensions = append(csr.ExtraExtensions, extension)
-	}
+	csr.ExtraExtensions = append(csr.ExtraExtensions, extensions...)
 	return nil
 }
diff --git a/helpers/derhelpers/derhelpers.go b/helpers/derhelpers/derhelpers.go
@@ -34,13 +34,13 @@ func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
 		}
 	}
 
-	switch generalKey.(type) {
+	switch generalKey := generalKey.(type) {
 	case *rsa.PrivateKey:
-		return generalKey.(*rsa.PrivateKey), nil
+		return generalKey, nil
 	case *ecdsa.PrivateKey:
-		return generalKey.(*ecdsa.PrivateKey), nil
+		return generalKey, nil
 	case ed25519.PrivateKey:
-		return generalKey.(ed25519.PrivateKey), nil
+		return generalKey, nil
 	}
 
 	// should never reach here
diff --git a/helpers/helpers.go b/helpers/helpers.go
@@ -123,10 +123,7 @@ func ValidExpiry(c *x509.Certificate) bool {
 		maxMonths = 120
 	}
 
-	if MonthsValid(c) > maxMonths {
-		return false
-	}
-	return true
+	return MonthsValid(c) <= maxMonths
 }
 
 // SignatureString returns the TLS signature string corresponding to
diff --git a/helpers/testsuite/testing_helpers.go b/helpers/testsuite/testing_helpers.go
@@ -352,7 +352,7 @@ func cleanCLIOutput(CLIOutput []byte, item string) (cleanedOutput []byte, err er
 	eligibleSearchIndex := strings.Index(outputString, "{")
 	outputString = outputString[eligibleSearchIndex:]
 	// Make sure the item is present in the output.
-	if strings.Index(outputString, itemString) == -1 {
+	if !strings.Contains(outputString, itemString) {
 		return nil, errors.New("Item " + item + " not found in CLI Output")
 	}
 	// We add 2 for the [:"] that follows the item
diff --git a/initca/initca.go b/initca/initca.go
@@ -158,7 +158,7 @@ func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPE
 		}
 
 		policy.Default.CAConstraint.MaxPathLen = req.CA.PathLength
-		if req.CA.PathLength != 0 && req.CA.PathLenZero == true {
+		if req.CA.PathLength != 0 && req.CA.PathLenZero {
 			log.Infof("ignore invalid 'pathlenzero' value")
 		} else {
 			policy.Default.CAConstraint.MaxPathLenZero = req.CA.PathLenZero

Original file line number	Diff line number	Diff line change
`@@ -399,10 +399,7 @@ func isSelfSigned(cert *x509.Certificate) bool {`
`399`	`399`	`}`
`400`	`400`
`401`	`401`	`func isChainRootNode(cert *x509.Certificate) bool {`
`402`		`- if isSelfSigned(cert) {`
`403`		`- return true`
`404`		`- }`
`405`		`- return false`
	`402`	`+ return isSelfSigned(cert)`
`406`	`403`	`}`
`407`	`404`
`408`	`405`	`func (b Bundler) verifyChain(chain []fetchedIntermediate) bool {`
Original file line number	Diff line number	Diff line change
`@@ -34,13 +34,13 @@ func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`
`37`		`- switch generalKey.(type) {`
	`37`	`+ switch generalKey := generalKey.(type) {`
`38`	`38`	`case *rsa.PrivateKey:`
`39`		`- return generalKey.(*rsa.PrivateKey), nil`
	`39`	`+ return generalKey, nil`
`40`	`40`	`case *ecdsa.PrivateKey:`
`41`		`- return generalKey.(*ecdsa.PrivateKey), nil`
	`41`	`+ return generalKey, nil`
`42`	`42`	`case ed25519.PrivateKey:`
`43`		`- return generalKey.(ed25519.PrivateKey), nil`
	`43`	`+ return generalKey, nil`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`// should never reach here`
Original file line number	Diff line number	Diff line change
`@@ -123,10 +123,7 @@ func ValidExpiry(c *x509.Certificate) bool {`
`123`	`123`	`maxMonths = 120`
`124`	`124`	`}`
`125`	`125`
`126`		`- if MonthsValid(c) > maxMonths {`
`127`		`- return false`
`128`		`- }`
`129`		`- return true`
	`126`	`+ return MonthsValid(c) <= maxMonths`
`130`	`127`	`}`
`131`	`128`
`132`	`129`	`// SignatureString returns the TLS signature string corresponding to`
Original file line number	Diff line number	Diff line change
`@@ -352,7 +352,7 @@ func cleanCLIOutput(CLIOutput []byte, item string) (cleanedOutput []byte, err er`
`352`	`352`	`eligibleSearchIndex := strings.Index(outputString, "{")`
`353`	`353`	`outputString = outputString[eligibleSearchIndex:]`
`354`	`354`	`// Make sure the item is present in the output.`
`355`		`- if strings.Index(outputString, itemString) == -1 {`
	`355`	`+ if !strings.Contains(outputString, itemString) {`
`356`	`356`	`return nil, errors.New("Item " + item + " not found in CLI Output")`
`357`	`357`	`}`
`358`	`358`	`// We add 2 for the [:"] that follows the item`
Original file line number	Diff line number	Diff line change
`@@ -158,7 +158,7 @@ func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPE`
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`policy.Default.CAConstraint.MaxPathLen = req.CA.PathLength`
`161`		`- if req.CA.PathLength != 0 && req.CA.PathLenZero == true {`
	`161`	`+ if req.CA.PathLength != 0 && req.CA.PathLenZero {`
`162`	`162`	`log.Infof("ignore invalid 'pathlenzero' value")`
`163`	`163`	`} else {`
`164`	`164`	`policy.Default.CAConstraint.MaxPathLenZero = req.CA.PathLenZero`