diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42db3a0..571ca53 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,12 +19,3 @@ jobs: run: test -z $(go fmt ./...) - name: Test run: go test -v ./... - staticcheck: - name: "Run staticcheck" - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 - with: - version: "latest" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..3771754 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,17 @@ +name: golangci-lint +on: [push, pull_request] +permissions: read-all +jobs: + golangci: + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 + with: + go-version: '1.24' + cache: true + - name: golangci-lint + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 + with: + version: latest diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..6bb1dcf --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,33 @@ +version: "2" +run: + issues-exit-code: 1 +linters: + enable: + - asciicheck + - errorlint + - gocritic + - gosec + - importas + - misspell + - prealloc + - revive + - staticcheck + - tparallel + - unconvert + - unparam + - whitespace + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling +issues: + uniq-by-line: false +formatters: + enable: + - gofmt + - goimports + exclusions: + generated: lax diff --git a/cjson/canonicaljson.go b/cjson/canonicaljson.go index abc860a..a94e739 100644 --- a/cjson/canonicaljson.go +++ b/cjson/canonicaljson.go @@ -96,7 +96,6 @@ func encodeCanonical(obj interface{}, result *strings.Builder) (err error) { if i < (len(mapKeys) - 1) { result.WriteString(",") } - i++ } result.WriteString("}") diff --git a/cjson/canonicaljson_test.go b/cjson/canonicaljson_test.go index 9449150..2ebef4d 100644 --- a/cjson/canonicaljson_test.go +++ b/cjson/canonicaljson_test.go @@ -135,7 +135,7 @@ func BenchmarkEncodeCanonical(b *testing.B) { for _, v := range table { b.Run(fmt.Sprintf("input_size_%d", len(v.input)), func(b *testing.B) { for i := 0; i < b.N; i++ { - EncodeCanonical(v.input) + EncodeCanonical(v.input) //nolint:errcheck } }) } diff --git a/dsse/envelope.go b/dsse/envelope.go index ed223e9..8e48cc6 100644 --- a/dsse/envelope.go +++ b/dsse/envelope.go @@ -38,7 +38,7 @@ type Signature struct { } /* -PAE implementes the DSSE Pre-Authentic Encoding +PAE implements the DSSE Pre-Authentic Encoding https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition */ func PAE(payloadType string, payload []byte) []byte { diff --git a/dsse/sign.go b/dsse/sign.go index 244a806..427ef56 100644 --- a/dsse/sign.go +++ b/dsse/sign.go @@ -47,7 +47,7 @@ algorithms to sign the data. The threshold parameter is legacy and is ignored. Deprecated: This function simply calls NewEnvelopeSigner, and that function should be preferred. */ -func NewMultiEnvelopeSigner(threshold int, p ...Signer) (*EnvelopeSigner, error) { +func NewMultiEnvelopeSigner(_ int, p ...Signer) (*EnvelopeSigner, error) { return NewEnvelopeSigner(p...) } diff --git a/dsse/sign_test.go b/dsse/sign_test.go index c4abb73..c26e97e 100644 --- a/dsse/sign_test.go +++ b/dsse/sign_test.go @@ -41,11 +41,11 @@ func TestPAE(t *testing.T) { type nilSignerVerifier int -func (n nilSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (n nilSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { return data, nil } -func (n nilSignerVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (n nilSignerVerifier) Verify(_ context.Context, data, sig []byte) error { if len(data) != len(sig) { return errLength } @@ -69,11 +69,11 @@ func (n nilSignerVerifier) Public() crypto.PublicKey { type nullSignerVerifier int -func (n nullSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (n nullSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { return data, nil } -func (n nullSignerVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (n nullSignerVerifier) Verify(_ context.Context, data, sig []byte) error { if len(data) != len(sig) { return errLength } @@ -97,11 +97,11 @@ func (n nullSignerVerifier) Public() crypto.PublicKey { type errsigner int -func (n errsigner) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (n errsigner) Sign(_ context.Context, _ []byte) ([]byte, error) { return nil, fmt.Errorf("signing error") } -func (n errsigner) Verify(ctx context.Context, data, sig []byte) error { +func (n errsigner) Verify(_ context.Context, _, _ []byte) error { return errVerify } @@ -118,11 +118,11 @@ type errSignerVerifier int var errVerify = fmt.Errorf("accepted signatures do not match threshold, Found: 0, Expected 1") var errThreshold = fmt.Errorf("invalid threshold") -func (n errSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (n errSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { return data, nil } -func (n errSignerVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (n errSignerVerifier) Verify(_ context.Context, _, _ []byte) error { return errVerify } @@ -136,12 +136,11 @@ func (n errSignerVerifier) Public() crypto.PublicKey { type badverifier int -func (n badverifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (n badverifier) Sign(_ context.Context, data []byte) ([]byte, error) { return append(data, byte(0)), nil } -func (n badverifier) Verify(ctx context.Context, data, sig []byte) error { - +func (n badverifier) Verify(_ context.Context, data, sig []byte) error { if len(data) != len(sig) { return errLength } @@ -186,7 +185,7 @@ func TestNilSign(t *testing.T) { pae := PAE(payloadType, payload) want := Envelope{ - Payload: base64.StdEncoding.EncodeToString([]byte(payload)), + Payload: base64.StdEncoding.EncodeToString(payload), PayloadType: payloadType, Signatures: []Signature{ { @@ -200,7 +199,7 @@ func TestNilSign(t *testing.T) { signer, err := NewEnvelopeSigner(ns) assert.Nil(t, err, "unexpected error") - got, err := signer.SignPayload(context.TODO(), payloadType, []byte(payload)) + got, err := signer.SignPayload(context.TODO(), payloadType, payload) assert.Nil(t, err, "sign failed") assert.Equal(t, &want, got, "bad signature") } @@ -253,7 +252,7 @@ type ecdsaSignerVerifier struct { verified bool } -func (es *ecdsaSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (es *ecdsaSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { // Data is complete message, hash it and sign the digest digest := sha256.Sum256(data) r, s, err := rfc6979.SignECDSA(es.key, digest[:], sha256.New) @@ -264,12 +263,12 @@ func (es *ecdsaSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, e rb := r.Bytes() sb := s.Bytes() es.rLen = len(rb) - rawSig := append(rb, sb...) + rawSig := append(rb, sb...) //nolint:gocritic return rawSig, nil } -func (es *ecdsaSignerVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (es *ecdsaSignerVerifier) Verify(_ context.Context, data, sig []byte) error { var r big.Int var s big.Int digest := sha256.Sum256(data) diff --git a/dsse/verify.go b/dsse/verify.go index d042467..034e4fa 100644 --- a/dsse/verify.go +++ b/dsse/verify.go @@ -43,8 +43,8 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted // If *any* signature is found to be incorrect, it is skipped var acceptedKeys []AcceptedKey usedKeyids := make(map[string]string) - unverified_providers := make([]Verifier, len(ev.providers)) - copy(unverified_providers, ev.providers) + unverifiedProviders := make([]Verifier, len(ev.providers)) + copy(unverifiedProviders, ev.providers) for _, s := range e.Signatures { sig, err := b64Decode(s.Sig) if err != nil { @@ -55,7 +55,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted // If provider and signature include key IDs but do not match skip. // If a provider recognizes the key, we exit // the loop and use the result. - providers := unverified_providers + providers := unverifiedProviders for i, v := range providers { keyID, err := v.KeyID() @@ -81,7 +81,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted KeyID: keyID, Sig: s, } - unverified_providers = removeIndex(providers, i) + unverifiedProviders = removeIndex(providers, i) // See https://github.com/in-toto/in-toto/pull/251 if _, ok := usedKeyids[keyID]; ok { diff --git a/dsse/verify_test.go b/dsse/verify_test.go index 05fa172..aabd776 100644 --- a/dsse/verify_test.go +++ b/dsse/verify_test.go @@ -23,7 +23,7 @@ type mockVerifier struct { returnErr error } -func (m *mockVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (m *mockVerifier) Verify(_ context.Context, _, _ []byte) error { if m.returnErr != nil { return m.returnErr } @@ -71,7 +71,6 @@ func TestVerify(t *testing.T) { // Now verify assert.Error(t, err) - } func TestVerifyOneProvider(t *testing.T) { @@ -247,11 +246,11 @@ type interceptSignerVerifier struct { verifyCalled bool } -func (i *interceptSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (i *interceptSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { return data, nil } -func (i *interceptSignerVerifier) Verify(ctx context.Context, data, sig []byte) error { +func (i *interceptSignerVerifier) Verify(_ context.Context, _, _ []byte) error { i.verifyCalled = true if i.verifyRes { diff --git a/signerverifier/ecdsa.go b/signerverifier/ecdsa.go index 691091a..4227941 100644 --- a/signerverifier/ecdsa.go +++ b/signerverifier/ecdsa.go @@ -57,7 +57,7 @@ func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, er } // Sign creates a signature for `data`. -func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *ECDSASignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if sv.private == nil { return nil, ErrNotPrivateKey } @@ -68,7 +68,7 @@ func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, e } // Verify verifies the `sig` value passed in against `data`. -func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *ECDSASignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { hashedData := getECDSAHashedData(data, sv.curveSize) if ok := ecdsa.VerifyASN1(sv.public, hashedData, sig); !ok { @@ -93,8 +93,7 @@ func (sv *ECDSASignerVerifier) Public() crypto.PublicKey { // LoadECDSAKeyFromFile returns an SSLibKey instance for an ECDSA key stored in // a file in the custom securesystemslib format. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadECDSAKeyFromFile(path string) (*SSLibKey, error) { diff --git a/signerverifier/ed25519.go b/signerverifier/ed25519.go index d954e14..348351e 100644 --- a/signerverifier/ed25519.go +++ b/signerverifier/ed25519.go @@ -57,7 +57,7 @@ func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier } // Sign creates a signature for `data`. -func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *ED25519SignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if len(sv.private) == 0 { return nil, ErrNotPrivateKey } @@ -67,7 +67,7 @@ func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, } // Verify verifies the `sig` value passed in against `data`. -func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *ED25519SignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { if ok := ed25519.Verify(sv.public, data, sig); ok { return nil } @@ -89,8 +89,7 @@ func (sv *ED25519SignerVerifier) Public() crypto.PublicKey { // LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored // in a file in the custom securesystemslib format. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadED25519KeyFromFile(path string) (*SSLibKey, error) { diff --git a/signerverifier/rsa.go b/signerverifier/rsa.go index 2abfcb2..8aaa531 100644 --- a/signerverifier/rsa.go +++ b/signerverifier/rsa.go @@ -59,7 +59,7 @@ func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, } // Sign creates a signature for `data`. -func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) { +func (sv *RSAPSSSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) { if sv.private == nil { return nil, ErrNotPrivateKey } @@ -70,7 +70,7 @@ func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, } // Verify verifies the `sig` value passed in against `data`. -func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error { +func (sv *RSAPSSSignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error { hashedData := hashBeforeSigning(data, sha256.New()) if err := rsa.VerifyPSS(sv.public, crypto.SHA256, hashedData, sig, &rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}); err != nil { @@ -95,8 +95,7 @@ func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey { // LoadRSAPSSKeyFromFile returns an SSLibKey instance for an RSA key stored in a // file. // -// Deprecated: use LoadKey(). The custom serialization format has been -// deprecated. Use +// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py // to convert your key. func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error) { diff --git a/signerverifier/rsa_test.go b/signerverifier/rsa_test.go index 1ca3412..84d8cd4 100644 --- a/signerverifier/rsa_test.go +++ b/signerverifier/rsa_test.go @@ -50,7 +50,7 @@ func TestLoadRSAPSSKeyFromFile(t *testing.T) { assert.Equal(t, "4e8d20af09fcaed6c388a186427f94a5f7ff5591ec295f4aab2cff49ffe39e9b", key.KeyID) assert.Equal(t, "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA04egZRic+dZMVtiQc56D\nejU4FF1q3aOkUKnD+Q4lTbj1zp6ODKJTcktupmrad68jqtMiSGG8he6ELFs377q8\nbbgEUMWgAf+06Q8oFvUSfOXzZNFI7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJX\nxxTOVS3UAIk5umO7Y7t7yXr8O/C4u78krGazCnoblcekMLJZV4O/5BloWNAe/B1c\nvZdaZUf3brD4ZZrxEtXw/tefhn1aHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN\n6+hlS6A7rJfiWpKIRHj0vh2SXLDmmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaT\nVQSgMzSxC43/2fINb2fyt8SbUHJ3Ct+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c\n2CmCxMPQG2BwmAWXaaumeJcXVPBlMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwn\nEm53T13mZzYUvbLJ0q3aljZVLIC3IZn3ZwA2yCWchBkVAgMBAAE=\n-----END PUBLIC KEY-----", key.KeyVal.Public) - expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----" + expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----" //nolint:gosec assert.Equal(t, expectedPrivateKey, key.KeyVal.Private) assert.Equal(t, RSAKeyScheme, key.Scheme) assert.Equal(t, RSAKeyType, key.KeyType) diff --git a/signerverifier/utils_test.go b/signerverifier/utils_test.go index ccb22c2..308610d 100644 --- a/signerverifier/utils_test.go +++ b/signerverifier/utils_test.go @@ -33,7 +33,7 @@ func TestLoadKeyFromSSLibBytes(t *testing.T) { assert.Equal(t, "4e8d20af09fcaed6c388a186427f94a5f7ff5591ec295f4aab2cff49ffe39e9b", key.KeyID) assert.Equal(t, "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA04egZRic+dZMVtiQc56D\nejU4FF1q3aOkUKnD+Q4lTbj1zp6ODKJTcktupmrad68jqtMiSGG8he6ELFs377q8\nbbgEUMWgAf+06Q8oFvUSfOXzZNFI7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJX\nxxTOVS3UAIk5umO7Y7t7yXr8O/C4u78krGazCnoblcekMLJZV4O/5BloWNAe/B1c\nvZdaZUf3brD4ZZrxEtXw/tefhn1aHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN\n6+hlS6A7rJfiWpKIRHj0vh2SXLDmmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaT\nVQSgMzSxC43/2fINb2fyt8SbUHJ3Ct+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c\n2CmCxMPQG2BwmAWXaaumeJcXVPBlMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwn\nEm53T13mZzYUvbLJ0q3aljZVLIC3IZn3ZwA2yCWchBkVAgMBAAE=\n-----END PUBLIC KEY-----", key.KeyVal.Public) - expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----" + expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----" //nolint:gosec assert.Equal(t, expectedPrivateKey, key.KeyVal.Private) assert.Equal(t, RSAKeyScheme, key.Scheme) assert.Equal(t, RSAKeyType, key.KeyType)