wip

Gopkg.toml

@@ -29,7 +29,7 @@
   name = "github.com/go-chi/chi"
 
 [[override]]
-  branch = "x5c"
+  branch = "master"
   name = "github.com/smallstep/cli"
 
 [[constraint]]

acme/api/account.go

@@ -128,7 +128,6 @@ func (h *Handler) NewAccount(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Location", h.Auth.GetLink(acme.AccountLink,
 		acme.URLSafeProvisionerName(prov), true, acc.GetID()))
 	api.JSONStatus(w, acc, httpStatus)
-	return
 }
 
 // GetUpdateAccount is the api for updating an ACME account.
@@ -172,7 +171,6 @@ func (h *Handler) GetUpdateAccount(w http.ResponseWriter, r *http.Request) {
 	}
 	w.Header().Set("Location", h.Auth.GetLink(acme.AccountLink, acme.URLSafeProvisionerName(prov), true, acc.GetID()))
 	api.JSON(w, acc)
-	return
 }
 
 func logOrdersByAccount(w http.ResponseWriter, oids []string) {
@@ -209,5 +207,4 @@ func (h *Handler) GetOrdersByAccount(w http.ResponseWriter, r *http.Request) {
 	}
 	api.JSON(w, orders)
 	logOrdersByAccount(w, orders)
-	return
 }

acme/api/handler.go

@@ -113,7 +113,6 @@ func (h *Handler) GetNonce(w http.ResponseWriter, r *http.Request) {
 	} else {
 		w.WriteHeader(http.StatusNoContent)
 	}
-	return
 }
 
 // GetDirectory is the ACME resource for returning a directory configuration
@@ -126,7 +125,6 @@ func (h *Handler) GetDirectory(w http.ResponseWriter, r *http.Request) {
 	}
 	dir := h.Auth.GetDirectory(prov)
 	api.JSON(w, dir)
-	return
 }
 
 // GetAuthz ACME api for retrieving an Authz.
@@ -149,7 +147,6 @@ func (h *Handler) GetAuthz(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Location", h.Auth.GetLink(acme.AuthzLink, acme.URLSafeProvisionerName(prov), true, authz.GetID()))
 	api.JSON(w, authz)
-	return
 }
 
 // GetChallenge ACME api for retrieving a Challenge.
@@ -191,7 +188,6 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Link", link(getLink(acme.AuthzLink, acme.URLSafeProvisionerName(prov), true, ch.GetAuthzID()), "up"))
 	w.Header().Set("Location", getLink(acme.ChallengeLink, acme.URLSafeProvisionerName(prov), true, ch.GetID()))
 	api.JSON(w, ch)
-	return
 }
 
 // GetCertificate ACME api for retrieving a Certificate.
@@ -210,5 +206,4 @@ func (h *Handler) GetCertificate(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/pem-certificate-chain; charset=utf-8")
 	w.Write(certBytes)
-	return
 }

acme/api/middleware.go

@@ -42,7 +42,6 @@ func (h *Handler) addNonce(next nextHTTP) nextHTTP {
 		w.Header().Set("Cache-Control", "no-store")
 		logNonce(w, nonce)
 		next(w, r)
-		return
 	}
 }
 
@@ -57,7 +56,6 @@ func (h *Handler) addDirLink(next nextHTTP) nextHTTP {
 		}
 		w.Header().Add("Link", link(h.Auth.GetLink(acme.DirectoryLink, acme.URLSafeProvisionerName(prov), true), "index"))
 		next(w, r)
-		return
 	}
 }
 
@@ -87,7 +85,6 @@ func (h *Handler) verifyContentType(next nextHTTP) nextHTTP {
 		}
 		api.WriteError(w, acme.MalformedErr(errors.Errorf(
 			"expected content-type to be in %s, but got %s", expected, ct)))
-		return
 	}
 }
 
@@ -106,7 +103,6 @@ func (h *Handler) parseJWS(next nextHTTP) nextHTTP {
 		}
 		ctx := context.WithValue(r.Context(), jwsContextKey, jws)
 		next(w, r.WithContext(ctx))
-		return
 	}
 }
 
@@ -202,7 +198,6 @@ func (h *Handler) validateJWS(next nextHTTP) nextHTTP {
 			return
 		}
 		next(w, r)
-		return
 	}
 }
 
@@ -248,7 +243,6 @@ func (h *Handler) extractJWK(next nextHTTP) nextHTTP {
 			ctx = context.WithValue(ctx, accContextKey, acc)
 		}
 		next(w, r.WithContext(ctx))
-		return
 	}
 }
 
@@ -275,7 +269,6 @@ func (h *Handler) lookupProvisioner(next nextHTTP) nextHTTP {
 		}
 		ctx = context.WithValue(ctx, provisionerContextKey, p)
 		next(w, r.WithContext(ctx))
-		return
 	}
 }
 
@@ -355,7 +348,6 @@ func (h *Handler) verifyAndExtractJWSPayload(next nextHTTP) nextHTTP {
 			isEmptyJSON: string(payload) == "{}",
 		})
 		next(w, r.WithContext(ctx))
-		return
 	}
 }
 
@@ -372,6 +364,5 @@ func (h *Handler) isPostAsGet(next nextHTTP) nextHTTP {
 			return
 		}
 		next(w, r)
-		return
 	}
 }

acme/api/middleware_test.go

@@ -26,7 +26,6 @@ var testBody = []byte("foo")
 
 func testNext(w http.ResponseWriter, r *http.Request) {
 	w.Write(testBody)
-	return
 }
 
 func TestHandlerAddNonce(t *testing.T) {
@@ -471,7 +470,6 @@ func TestHandlerParseJWS(t *testing.T) {
 					assert.FatalError(t, err)
 					assert.Equals(t, gotRaw, expRaw)
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -923,7 +921,6 @@ func TestHandlerLookupJWK(t *testing.T) {
 					assert.FatalError(t, err)
 					assert.Equals(t, _jwk, jwk)
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -1114,7 +1111,6 @@ func TestHandlerExtractJWK(t *testing.T) {
 					assert.FatalError(t, err)
 					assert.Equals(t, _jwk.KeyID, pub.KeyID)
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -1139,7 +1135,6 @@ func TestHandlerExtractJWK(t *testing.T) {
 					assert.FatalError(t, err)
 					assert.Equals(t, _jwk.KeyID, pub.KeyID)
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -1448,7 +1443,6 @@ func TestHandlerValidateJWS(t *testing.T) {
 				ctx: context.WithValue(context.Background(), jwsContextKey, jws),
 				next: func(w http.ResponseWriter, r *http.Request) {
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -1479,7 +1473,6 @@ func TestHandlerValidateJWS(t *testing.T) {
 				ctx: context.WithValue(context.Background(), jwsContextKey, jws),
 				next: func(w http.ResponseWriter, r *http.Request) {
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}
@@ -1510,7 +1503,6 @@ func TestHandlerValidateJWS(t *testing.T) {
 				ctx: context.WithValue(context.Background(), jwsContextKey, jws),
 				next: func(w http.ResponseWriter, r *http.Request) {
 					w.Write(testBody)
-					return
 				},
 				statusCode: 200,
 			}

acme/api/order.go

@@ -97,7 +97,6 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Location", h.Auth.GetLink(acme.OrderLink, acme.URLSafeProvisionerName(prov), true, o.GetID()))
 	api.JSONStatus(w, o, http.StatusCreated)
-	return
 }
 
 // GetOrder ACME api for retrieving an order.
@@ -121,7 +120,6 @@ func (h *Handler) GetOrder(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Location", h.Auth.GetLink(acme.OrderLink, acme.URLSafeProvisionerName(prov), true, o.GetID()))
 	api.JSON(w, o)
-	return
 }
 
 // FinalizeOrder attemptst to finalize an order and create a certificate.
@@ -160,5 +158,4 @@ func (h *Handler) FinalizeOrder(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Location", h.Auth.GetLink(acme.OrderLink, acme.URLSafeProvisionerName(prov), true, o.ID))
 	api.JSON(w, o)
-	return
 }

authority/provisioner/aws.go

@@ -274,8 +274,8 @@ func (p *AWS) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
 	}
 
 	// Check for the sign ssh method, default to sign X.509
-	if m := MethodFromContext(ctx); m == SignSSHMethod {
-		if p.claimer.IsSSHCAEnabled() == false {
+	if MethodFromContext(ctx) == SignSSHMethod {
+		if !p.claimer.IsSSHCAEnabled() {
 			return nil, errors.Errorf("ssh ca is disabled for provisioner %s", p.GetID())
 		}
 		return p.authorizeSSHSign(payload)

authority/provisioner/jwk.go

@@ -143,7 +143,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
 
 	// Check for SSH sign-ing request.
 	if MethodFromContext(ctx) == SignSSHMethod {
-		if p.claimer.IsSSHCAEnabled() == false {
+		if !p.claimer.IsSSHCAEnabled() {
 			return nil, errors.Errorf("ssh ca is disabled for provisioner %s", p.GetID())
 		}
 		return p.authorizeSSHSign(claims)

ca/renew.go

@@ -178,7 +178,7 @@ func (r *TLSRenewer) renewCertificate() {
 }
 
 func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
-	d := notAfter.Sub(time.Now()) - r.renewBefore
+	d := time.Until(notAfter) - r.renewBefore
 	n := rand.Int63n(int64(r.renewJitter))
 	d -= time.Duration(n)
 	if d < 0 {

ca/signal.go

@@ -28,20 +28,17 @@ func StopHandler(servers ...Stopper) {
 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)
 	defer signal.Stop(signals)
 
-	for {
-		select {
-		case sig := <-signals:
-			switch sig {
-			case syscall.SIGINT, syscall.SIGTERM:
-				log.Println("shutting down ...")
-				for _, server := range servers {
-					err := server.Stop()
-					if err != nil {
-						log.Printf("error stopping server: %s", err.Error())
-					}
+	for sig := range signals {
+		switch sig {
+		case syscall.SIGINT, syscall.SIGTERM:
+			log.Println("shutting down ...")
+			for _, server := range servers {
+				err := server.Stop()
+				if err != nil {
+					log.Printf("error stopping server: %s", err.Error())
 				}
-				return
 			}
+			return
 		}
 	}
 }
@@ -54,28 +51,25 @@ func StopReloaderHandler(servers ...StopReloader) {
 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
 	defer signal.Stop(signals)
 
-	for {
-		select {
-		case sig := <-signals:
-			switch sig {
-			case syscall.SIGHUP:
-				log.Println("reloading ...")
-				for _, server := range servers {
-					err := server.Reload()
-					if err != nil {
-						log.Printf("error reloading server: %+v", err)
-					}
+	for sig := range signals {
+		switch sig {
+		case syscall.SIGHUP:
+			log.Println("reloading ...")
+			for _, server := range servers {
+				err := server.Reload()
+				if err != nil {
+					log.Printf("error reloading server: %+v", err)
 				}
-			case syscall.SIGINT, syscall.SIGTERM:
-				log.Println("shutting down ...")
-				for _, server := range servers {
-					err := server.Stop()
-					if err != nil {
-						log.Printf("error stopping server: %s", err.Error())
-					}
+			}
+		case syscall.SIGINT, syscall.SIGTERM:
+			log.Println("shutting down ...")
+			for _, server := range servers {
+				err := server.Stop()
+				if err != nil {
+					log.Printf("error stopping server: %s", err.Error())
 				}
-				return
 			}
+			return
 		}
 	}
 }

ca/tls_options_test.go

@@ -553,7 +553,7 @@ func equalPools(a, b *x509.CertPool) bool {
 	for i := range subjects {
 		sB[i] = string(subjects[i])
 	}
-	sort.Sort(sort.StringSlice(sA))
-	sort.Sort(sort.StringSlice(sB))
+	sort.Strings(sA)
+	sort.Strings(sB)
 	return reflect.DeepEqual(sA, sB)
 }

logging/handler.go

@@ -32,7 +32,7 @@ func (l *LoggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	t := time.Now()
 	rw := NewResponseLogger(w)
 	l.next.ServeHTTP(rw, r)
-	d := time.Now().Sub(t)
+	d := time.Since(t)
 	l.writeEntry(rw, r, t, d)
 }