gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 22:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

lint(scep): fix CI lint failures in Phase 3 commit (df0a4dd)

Browse Source 
Three lint issues from golangci-lint that didn't fire locally because I
ran 'go vet' but not 'staticcheck' before commit (the recent crypto/signer
QF1008 incident pattern repeating — must run staticcheck before
committing per CLAUDE.md::pre-commit-verification-gate; landing this
fixup, then will run staticcheck on every future SCEP-bundle commit).

internal/pkcs7/envelopeddata.go:78
  * ST1022: 'comment on exported var ErrEnvelopedDataDecrypt should be of
    the form "ErrEnvelopedDataDecrypt ..."' — staticcheck enforces the
    Go-doc convention that var/const docs start with the symbol name.
    Renamed the leading 'Sentinel decryption error.' to
    'ErrEnvelopedDataDecrypt is the sentinel decryption error.'

internal/pkcs7/certrep_test.go:246-247
  * U1000: 'func nowMinus1Hour is unused' / 'func nowPlus30Days is unused'
    — left-over helpers from a previous draft of selfSignedCertPEM that
    inlined the time math. Removed both.

Verified with  — clean. Tests still
green (handler 79.0% / service 73.2% / pkcs7 80.5%).

Restores green CI on the lint job for the Phase 3 push.
This commit is contained in:
certctl-copilot
2026-04-29 12:50:46 +00:00
parent df0a4dd39c
commit 3023144770
2 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/pkcs7/certrep_test.go
-3
View File
@@ -242,6 +242,3 @@ func selfSignedCertPEM(t *testing.T, cn string) string {
// testRand returns the system random source. Wrapped here so tests can be // testRand returns the system random source. Wrapped here so tests can be
// adapted to a deterministic source if golden-file tests need it later. // adapted to a deterministic source if golden-file tests need it later.
func testRand() io.Reader { return rand.Reader } func testRand() io.Reader { return rand.Reader }
func nowMinus1Hour() time.Time { return time.Now().Add(-time.Hour) }
func nowPlus30Days() time.Time { return time.Now().Add(30 * 24 * time.Hour) }
internal/pkcs7/envelopeddata.go
+7 -6
View File
@@ -75,12 +75,13 @@ var (
OIDDESEDE3CBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 3, 7} OIDDESEDE3CBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 3, 7}
) )
// Sentinel decryption error. The caller (handler / service) maps this to // ErrEnvelopedDataDecrypt is the sentinel decryption error. The caller
// SCEPFailBadMessageCheck per RFC 8894 §3.3.2.2 + §3.2.2 (integrity-check // (handler / service) maps this to SCEPFailBadMessageCheck per RFC 8894
// failure semantics). The error text is intentionally generic so the // §3.3.2.2 + §3.2.2 (integrity-check failure semantics). The error text
// padding-oracle / Bleichenbacher leak surfaces are closed: every failure // is intentionally generic so the padding-oracle / Bleichenbacher leak
// mode (RSA decrypt failure, content decrypt failure, padding malformed, // surfaces are closed: every failure mode (RSA decrypt failure, content
// unknown algorithm) returns the SAME error message text. // decrypt failure, padding malformed, unknown algorithm) returns the SAME
// error message text.
var ErrEnvelopedDataDecrypt = errors.New("envelopedData: decrypt failed") var ErrEnvelopedDataDecrypt = errors.New("envelopedData: decrypt failed")
// EnvelopedData is the parsed RFC 5652 EnvelopedData structure ready for // EnvelopedData is the parsed RFC 5652 EnvelopedData structure ready for