diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index ffc6f17..3ff8d24 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -10,7 +10,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: '1.17.10' + go-version: '1.22.7' - name: Fmt run: go fmt github.com/pavlo-v-chernykh/keystore-go/v4/... lint: @@ -20,10 +20,10 @@ jobs: - name: Clone repository uses: actions/checkout@v2 - name: Lint - uses: golangci/golangci-lint-action@v2.5.2 + uses: golangci/golangci-lint-action@v6 with: args: --timeout=5m0s -c .golangci.yaml - version: v1.54.2 + version: v1.61.0 test: name: Test runs-on: ubuntu-latest @@ -33,6 +33,6 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: '1.17.10' + go-version: '1.22.7' - name: Test run: go test -cover -count=1 -v github.com/pavlo-v-chernykh/keystore-go/v4/... diff --git a/.golangci.yaml b/.golangci.yaml index 40a0fcd..62b3373 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,28 +5,24 @@ linters: disable: - gochecknoglobals - funlen - - goerr113 + - err113 - gofumpt - - exhaustivestruct - gomoddirectives - - scopelint - makezero - - golint - - interfacer - - maligned - varnamelen - exhaustruct + - gomnd # because WARN The linter 'gomnd' is deprecated (since v1.58.0) due to: The linter has been renamed. Replaced by mnd. + - exportloopref # because WARN The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar. + - execinquery # because WARN The linter 'execinquery' is deprecated (since v1.58.0) due to: The repository of the linter has been archived by the owner. linters-settings: - gomnd: - settings: - mnd: - checks: [case, condition, return] cyclop: max-complexity: 15 issues: + exclude: + - import '.*' is not allowed from list 'Main' exclude-rules: - path: _test\.go linters: diff --git a/common.go b/common.go index f66c19d..9a406b7 100644 --- a/common.go +++ b/common.go @@ -19,7 +19,7 @@ var byteOrder = binary.BigEndian var whitenerMessage = []byte("Mighty Aphrodite") func passwordBytes(password []byte) []byte { - result := make([]byte, 0, len(password)*2) + result := make([]byte, 0, len(password)*2) //nolint:gomnd,mnd for _, b := range password { result = append(result, 0, b) } diff --git a/common_test.go b/common_test.go index f061363..d036a7e 100644 --- a/common_test.go +++ b/common_test.go @@ -2,29 +2,30 @@ package keystore import ( "crypto/rand" - "reflect" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestZeroing(t *testing.T) { - var table [][]byte + const tableLength = 20 + + var table = make([][]byte, tableLength) - for i := 0; i < 20; i++ { + for i := range tableLength { buf := make([]byte, 4096) - if _, err := rand.Read(buf); err != nil { - t.Errorf("read random bytes: %v", err) - } + _, err := rand.Read(buf) + require.NoError(t, err) - table = append(table, buf) + table[i] = buf } for _, tt := range table { zeroing(tt) for i := range tt { - if tt[i] != 0 { - t.Errorf("fill input with zeros '%v'", tt) - } + assert.Equalf(t, uint8(0), tt[i], "fill input with zeros '%v'", tt) } } } @@ -35,13 +36,14 @@ func TestPasswordBytes(t *testing.T) { output []byte } - var table []item + const tableLength = 20 - for i := 0; i < 20; i++ { + var table = make([]item, tableLength) + + for i := range tableLength { input := make([]byte, 1024) - if _, err := rand.Read(input); err != nil { - t.Errorf("read random bytes: %v", err) - } + _, err := rand.Read(input) + require.NoError(t, err) output := make([]byte, len(input)*2) @@ -50,13 +52,11 @@ func TestPasswordBytes(t *testing.T) { output[j+1] = input[k] } - table = append(table, item{input: input, output: output}) + table[i] = item{input: input, output: output} } for _, tt := range table { output := passwordBytes(tt.input) - if !reflect.DeepEqual(output, tt.output) { - t.Errorf("convert password bytes '%v', '%v'", output, tt.output) - } + assert.Equal(t, tt.output, output, "convert password bytes") } } diff --git a/decoder.go b/decoder.go index b746c23..79225c1 100644 --- a/decoder.go +++ b/decoder.go @@ -16,19 +16,19 @@ type decoder struct { } func (d decoder) readUint16() (uint16, error) { - b, err := d.readBytes(2) + b, err := d.readBytes(2) //nolint:gomnd,mnd return byteOrder.Uint16(b), err } func (d decoder) readUint32() (uint32, error) { - b, err := d.readBytes(4) + b, err := d.readBytes(4) //nolint:gomnd,mnd return byteOrder.Uint32(b), err } func (d decoder) readUint64() (uint64, error) { - b, err := d.readBytes(8) + b, err := d.readBytes(8) //nolint:gomnd,mnd return byteOrder.Uint64(b), err } @@ -119,7 +119,7 @@ func (d decoder) readPrivateKeyEntry(version uint32) (PrivateKeyEntry, error) { chain := make([]Certificate, 0, certNum) - for i := uint32(0); i < certNum; i++ { + for i := range certNum { cert, err := d.readCertificate(version) if err != nil { return PrivateKeyEntry{}, fmt.Errorf("read %d certificate: %w", i, err) @@ -128,7 +128,7 @@ func (d decoder) readPrivateKeyEntry(version uint32) (PrivateKeyEntry, error) { chain = append(chain, cert) } - creationDateTime := time.UnixMilli(int64(creationTimeStamp)) + creationDateTime := time.UnixMilli(int64(creationTimeStamp)) //nolint:gosec privateKeyEntry := PrivateKeyEntry{ PrivateKey: encryptedPrivateKey, CreationTime: creationDateTime, @@ -149,7 +149,7 @@ func (d decoder) readTrustedCertificateEntry(version uint32) (TrustedCertificate return TrustedCertificateEntry{}, fmt.Errorf("read certificate: %w", err) } - creationDateTime := time.UnixMilli(int64(creationTimeStamp)) + creationDateTime := time.UnixMilli(int64(creationTimeStamp)) //nolint:gosec trustedCertificateEntry := TrustedCertificateEntry{ CreationTime: creationDateTime, Certificate: certificate, diff --git a/decoder_test.go b/decoder_test.go index 9c68b4d..4a9bbf8 100644 --- a/decoder_test.go +++ b/decoder_test.go @@ -8,8 +8,10 @@ import ( "errors" "fmt" "io" - "reflect" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestReadUint16(t *testing.T) { @@ -69,20 +71,14 @@ func TestReadUint16(t *testing.T) { } number, err := d.readUint16() - if !reflect.DeepEqual(err, tt.err) { - t.Errorf("invalid error '%v' '%v'", err, tt.err) - } + assert.Equal(t, tt.err, err) if err == nil { - if number != tt.number { - t.Errorf("invalid number '%v' '%v'", number, tt.number) - } + assert.Equal(t, tt.number, number) } hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } @@ -143,20 +139,14 @@ func TestReadUint32(t *testing.T) { } number, err := d.readUint32() - if !reflect.DeepEqual(err, tt.err) { - t.Errorf("invalid error '%v' '%v'", err, tt.err) - } + assert.Equal(t, tt.err, err) if err == nil { - if number != tt.number { - t.Errorf("invalid uint32 '%v' '%v'", number, tt.number) - } + assert.Equal(t, tt.number, number) } hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } @@ -221,20 +211,14 @@ func TestReadUint64(t *testing.T) { } number, err := d.readUint64() - if !reflect.DeepEqual(err, tt.err) { - t.Errorf("invalid error '%v' '%v'", err, tt.err) - } + assert.Equal(t, tt.err, err) if err == nil { - if number != tt.number { - t.Errorf("invalid uint64 '%v' '%v'", number, tt.number) - } + assert.Equal(t, tt.number, number) } hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } @@ -268,9 +252,8 @@ func TestReadBytes(t *testing.T) { }) buf := func() []byte { buf := make([]byte, 10*1024) - if _, err := rand.Read(buf); err != nil { - t.Errorf("read random bytes: %v", err) - } + _, err := rand.Read(buf) + require.NoError(t, err) return buf }() @@ -292,18 +275,12 @@ func TestReadBytes(t *testing.T) { } bts, err := d.readBytes(tt.readLen) - if err != nil { - t.Errorf("got error '%v'", err) - } + require.NoError(t, err) - if !reflect.DeepEqual(bts, tt.bytes) { - t.Errorf("invalid bytes '%v' '%v'", bts, tt.bytes) - } + assert.Equal(t, tt.bytes, bts) hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } @@ -343,7 +320,7 @@ func TestReadString(t *testing.T) { }) str := "some string to read" buf := make([]byte, 2) - binary.BigEndian.PutUint16(buf, uint16(len(str))) + binary.BigEndian.PutUint16(buf, uint16(len(str))) //nolint:gosec buf = append(buf, []byte(str)...) table = append(table, item{ input: buf, @@ -362,18 +339,11 @@ func TestReadString(t *testing.T) { } str, err := d.readString() - if !reflect.DeepEqual(err, tt.err) { - t.Errorf("invalid error '%v' '%v'", err, tt.err) - } - - if str != tt.string { - t.Errorf("invalid string '%v' '%v'", str, tt.string) - } + assert.Equal(t, tt.err, err) + assert.Equal(t, tt.string, str) hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } @@ -468,17 +438,10 @@ func TestReadCertificate(t *testing.T) { } cert, err := d.readCertificate(tt.version) - if !reflect.DeepEqual(err, tt.err) { - t.Errorf("invalid error '%v' '%v'", err, tt.err) - } - - if !reflect.DeepEqual(cert, tt.cert) { - t.Errorf("invalid certificate '%v' '%v'", cert, tt.cert) - } + assert.Equal(t, tt.err, err) + assert.Equal(t, tt.cert, cert) hash := d.h.Sum(nil) - if !reflect.DeepEqual(hash, tt.hash[:]) { - t.Errorf("invalid hash '%v' '%v'", hash, tt.hash) - } + assert.Equal(t, tt.hash[:], hash) } } diff --git a/encoder.go b/encoder.go index 4047027..932055c 100644 --- a/encoder.go +++ b/encoder.go @@ -95,7 +95,7 @@ func (e encoder) writePrivateKeyEntry(alias string, pke PrivateKeyEntry) error { return fmt.Errorf("write alias: %w", err) } - if err := e.writeUint64(uint64(pke.CreationTime.UnixMilli())); err != nil { + if err := e.writeUint64(uint64(pke.CreationTime.UnixMilli())); err != nil { //nolint:gosec return fmt.Errorf("write creation timestamp: %w", err) } @@ -140,7 +140,7 @@ func (e encoder) writeTrustedCertificateEntry(alias string, tce TrustedCertifica return fmt.Errorf("write alias: %w", err) } - if err := e.writeUint64(uint64(tce.CreationTime.UnixMilli())); err != nil { + if err := e.writeUint64(uint64(tce.CreationTime.UnixMilli())); err != nil { //nolint:gosec return fmt.Errorf("write creation timestamp: %w", err) } diff --git a/examples/compare/go.mod b/examples/compare/go.mod index fe902b1..2c714b9 100644 --- a/examples/compare/go.mod +++ b/examples/compare/go.mod @@ -1,6 +1,6 @@ module github.com/pavlo-v-chernykh/keystore-go/v4/examples/compare -go 1.17 +go 1.22.7 require github.com/pavlo-v-chernykh/keystore-go/v4 v4.0.0 diff --git a/examples/keypass/go.mod b/examples/keypass/go.mod index 3bc6eb0..e74fd9f 100644 --- a/examples/keypass/go.mod +++ b/examples/keypass/go.mod @@ -1,6 +1,6 @@ module github.com/pavlo-v-chernykh/keystore-go/v4/examples/keypass -go 1.17 +go 1.22.7 require github.com/pavlo-v-chernykh/keystore-go/v4 v4.0.0 diff --git a/examples/pem/go.mod b/examples/pem/go.mod index 4a06e26..63980f9 100644 --- a/examples/pem/go.mod +++ b/examples/pem/go.mod @@ -1,6 +1,6 @@ module github.com/pavlo-v-chernykh/keystore-go/v4/examples/pem -go 1.17 +go 1.22.7 require github.com/pavlo-v-chernykh/keystore-go/v4 v4.0.0 diff --git a/examples/truststore/go.mod b/examples/truststore/go.mod index ddaed42..0dd13ba 100644 --- a/examples/truststore/go.mod +++ b/examples/truststore/go.mod @@ -1,6 +1,6 @@ module github.com/pavlo-v-chernykh/keystore-go/v4/examples/truststore -go 1.17 +go 1.22.7 require github.com/pavlo-v-chernykh/keystore-go/v4 v4.0.0 diff --git a/go.mod b/go.mod index 500eac7..430601f 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,11 @@ module github.com/pavlo-v-chernykh/keystore-go/v4 -go 1.17 +go 1.22.7 + +require github.com/stretchr/testify v1.9.0 + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..60ce688 --- /dev/null +++ b/go.sum @@ -0,0 +1,10 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/keyprotector.go b/keyprotector.go index bca71d2..a8ae6d7 100644 --- a/keyprotector.go +++ b/keyprotector.go @@ -133,7 +133,7 @@ func encrypt(rand io.Reader, plainKey []byte, password []byte) ([]byte, error) { } tmpKey := make([]byte, plainKeyLen) - for i := 0; i < plainKeyLen; i++ { + for i := range plainKeyLen { tmpKey[i] = plainKey[i] ^ xorKey[i] } @@ -159,7 +159,7 @@ func encrypt(rand io.Reader, plainKey []byte, password []byte) ([]byte, error) { keyInfo := keyInfo{ Algo: pkix.AlgorithmIdentifier{ Algorithm: supportedPrivateKeyAlgorithmOid, - Parameters: asn1.RawValue{Tag: 5}, + Parameters: asn1.RawValue{Tag: 5}, //nolint:gomnd,mnd }, PrivateKey: encryptedKey, } diff --git a/keystore.go b/keystore.go index 2c3f222..6567680 100644 --- a/keystore.go +++ b/keystore.go @@ -117,7 +117,7 @@ func (ks KeyStore) Store(w io.Writer, password []byte) error { return fmt.Errorf("write version: %w", err) } - if err := e.writeUint32(uint32(len(ks.m))); err != nil { + if err := e.writeUint32(uint32(len(ks.m))); err != nil { //nolint:gosec return fmt.Errorf("write number of entries: %w", err) } @@ -181,7 +181,7 @@ func (ks KeyStore) Load(r io.Reader, password []byte) error { return fmt.Errorf("read number of entries: %w", err) } - for i := uint32(0); i < entryNum; i++ { + for i := range entryNum { alias, entry, err := d.readEntry(version) if err != nil { return fmt.Errorf("read %d entry: %w", i, err) @@ -192,7 +192,7 @@ func (ks KeyStore) Load(r io.Reader, password []byte) error { computedDigest := d.h.Sum(nil) - actualDigest, err := d.readBytes(uint32(d.h.Size())) + actualDigest, err := d.readBytes(uint32(d.h.Size())) //nolint:gosec if err != nil { return fmt.Errorf("read digest: %w", err) } diff --git a/keystore_test.go b/keystore_test.go index c773bc3..ed70d89 100644 --- a/keystore_test.go +++ b/keystore_test.go @@ -2,12 +2,13 @@ package keystore import ( "encoding/pem" - "errors" "os" - "reflect" "sort" "testing" "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestSetGetMethods(t *testing.T) { @@ -38,48 +39,29 @@ func TestSetGetMethods(t *testing.T) { password := []byte("password") - if err := ks.SetPrivateKeyEntry(pkeAlias, pke, password); err != nil { - t.Fatal(err) - } + err := ks.SetPrivateKeyEntry(pkeAlias, pke, password) + require.NoError(t, err) - if err := ks.SetTrustedCertificateEntry(tceAlias, tce); err != nil { - t.Fatal(err) - } + err = ks.SetTrustedCertificateEntry(tceAlias, tce) + require.NoError(t, err) pkeGet, err := ks.GetPrivateKeyEntry(pkeAlias, password) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) + assert.Equal(t, pke, pkeGet) chainGet, err := ks.GetPrivateKeyEntryCertificateChain(pkeAlias) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) + assert.Equal(t, pke.CertificateChain, chainGet) tceGet, err := ks.GetTrustedCertificateEntry(tceAlias) - if err != nil { - t.Fatal(err) - } - - if !reflect.DeepEqual(pke, pkeGet) { - t.Fatal("private key entries not equal") - } - - if !reflect.DeepEqual(pke.CertificateChain, chainGet) { - t.Fatal("certificate chains of private key entries are not equal") - } + require.NoError(t, err) + assert.Equal(t, tce, tceGet) - if !reflect.DeepEqual(tce, tceGet) { - t.Fatal("private key entries not equal") - } + _, err = ks.GetPrivateKeyEntry(nonExistentAlias, password) + require.ErrorIs(t, err, ErrEntryNotFound) - if _, err := ks.GetPrivateKeyEntry(nonExistentAlias, password); !errors.Is(err, ErrEntryNotFound) { - t.Fatal(err) - } - - if _, err := ks.GetTrustedCertificateEntry(nonExistentAlias); !errors.Is(err, ErrEntryNotFound) { - t.Fatal(err) - } + _, err = ks.GetTrustedCertificateEntry(nonExistentAlias) + require.ErrorIs(t, err, ErrEntryNotFound) } func TestIsMethods(t *testing.T) { @@ -108,37 +90,18 @@ func TestIsMethods(t *testing.T) { nonExistentAlias = "nonExistentAlias" ) - if err := ks.SetPrivateKeyEntry(pkeAlias, pke, []byte("password")); err != nil { - t.Fatal(err) - } - - if err := ks.SetTrustedCertificateEntry(tceAlias, tce); err != nil { - t.Fatal(err) - } - - if !ks.IsPrivateKeyEntry(pkeAlias) { - t.Fatal("must be a private key entry") - } - - if ks.IsPrivateKeyEntry(tceAlias) { - t.Fatal("trusted certificate entry must be skipped") - } + err := ks.SetPrivateKeyEntry(pkeAlias, pke, []byte("password")) + require.NoError(t, err) - if ks.IsPrivateKeyEntry(nonExistentAlias) { - t.Fatal("non existent alias must be skipped") - } - - if !ks.IsTrustedCertificateEntry(tceAlias) { - t.Fatal("must be a trusted certificate entry") - } + err = ks.SetTrustedCertificateEntry(tceAlias, tce) + require.NoError(t, err) - if ks.IsTrustedCertificateEntry(pkeAlias) { - t.Fatal("private key entry must be skipped") - } - - if ks.IsTrustedCertificateEntry(nonExistentAlias) { - t.Fatal("non existent alias must be skipped") - } + assert.True(t, ks.IsPrivateKeyEntry(pkeAlias), "must be a private key entry") + assert.False(t, ks.IsPrivateKeyEntry(tceAlias), "trusted certificate entry must be skipped") + assert.False(t, ks.IsPrivateKeyEntry(nonExistentAlias), "non existent alias must be skipped") + assert.True(t, ks.IsTrustedCertificateEntry(tceAlias), "must be a trusted certificate entry") + assert.False(t, ks.IsTrustedCertificateEntry(pkeAlias), "private key entry must be skipped") + assert.False(t, ks.IsTrustedCertificateEntry(nonExistentAlias), "non existent alias must be skipped") } func TestAliases(t *testing.T) { @@ -166,25 +129,19 @@ func TestAliases(t *testing.T) { tceAlias = "tce-alias" ) - if err := ks.SetPrivateKeyEntry(pkeAlias, pke, []byte("password")); err != nil { - t.Fatal(err) - } + err := ks.SetPrivateKeyEntry(pkeAlias, pke, []byte("password")) + require.NoError(t, err) - if err := ks.SetTrustedCertificateEntry(tceAlias, tce); err != nil { - t.Fatal(err) - } + err = ks.SetTrustedCertificateEntry(tceAlias, tce) + require.NoError(t, err) expectedAliases := []string{pkeAlias, tceAlias} - sort.Strings(expectedAliases) actualAliases := ks.Aliases() - sort.Strings(actualAliases) - if !reflect.DeepEqual(expectedAliases, actualAliases) { - t.Fatal("aliases must be equal") - } + assert.Equal(t, expectedAliases, actualAliases) } func TestLoad(t *testing.T) { @@ -192,50 +149,35 @@ func TestLoad(t *testing.T) { defer zeroing(password) f, err := os.Open("./testdata/keystore.jks") - if err != nil { - t.Fatalf("open test data keystore file: %s", err) - } + require.NoError(t, err) defer func() { - if err := f.Close(); err != nil { - t.Fatalf("close test data keystore file: %s", err) - } + err := f.Close() + require.NoError(t, err) }() keyStore := New() - if err := keyStore.Load(f, password); err != nil { - t.Fatalf("decode test data keystore: %s", err) - } + err = keyStore.Load(f, password) + require.NoError(t, err) actualPKE, err := keyStore.GetPrivateKeyEntry("alias", password) - if err != nil { - t.Fatalf("get private key entry: %s", err) - } + require.NoError(t, err) expectedCT, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2017-09-19 17:41:00.016 +0300 EEST") - if err != nil { - t.Fatalf("parse creation time: %s", err) - } + require.NoError(t, err) - if !actualPKE.CreationTime.Equal(expectedCT) { - t.Errorf("unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT) - } + assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT), + "unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT) - if len(actualPKE.CertificateChain) != 0 { - t.Errorf("unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0) - } + assert.Empty(t, actualPKE.CertificateChain, "unexpected private key entry certificate chain length") pkPEM, err := os.ReadFile("./testdata/key.pem") - if err != nil { - t.Fatalf("read expected private key file: %s", err) - } + require.NoError(t, err) decodedPK, _ := pem.Decode(pkPEM) - if !reflect.DeepEqual(actualPKE.PrivateKey, decodedPK.Bytes) { - t.Errorf("unexpected private key") - } + assert.Equal(t, decodedPK.Bytes, actualPKE.PrivateKey, "unexpected private key") } func TestLoadKeyPassword(t *testing.T) { @@ -246,68 +188,47 @@ func TestLoadKeyPassword(t *testing.T) { defer zeroing(keyPassword) f, err := os.Open("./testdata/keystore_keypass.jks") - if err != nil { - t.Fatalf("open test data keystore file: %s", err) - } + require.NoError(t, err) defer func() { - if err := f.Close(); err != nil { - t.Fatalf("close test data keystore file: %s", err) - } + err := f.Close() + require.NoError(t, err) }() keyStore := New() - if err := keyStore.Load(f, password); err != nil { - t.Fatalf("decode test data keystore: %s", err) - } + err = keyStore.Load(f, password) + require.NoError(t, err) actualPKE, err := keyStore.GetPrivateKeyEntry("alias", keyPassword) - if err != nil { - t.Fatalf("get private key entry: %s", err) - } + require.NoError(t, err) expectedCT, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2020-10-26 12:01:38.387 +0200 EET") - if err != nil { - t.Fatalf("parse creation time: %s", err) - } + require.NoError(t, err) - if !actualPKE.CreationTime.Equal(expectedCT) { - t.Errorf("unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT) - } + assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT), + "unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT) - if len(actualPKE.CertificateChain) != 1 { - t.Errorf("unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0) - } + assert.Lenf(t, actualPKE.CertificateChain, 1, + "unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0) pkPEM, err := os.ReadFile("./testdata/key_keypass.pem") - if err != nil { - t.Fatalf("read expected private key file: %s", err) - } + require.NoError(t, err) decodedPK, _ := pem.Decode(pkPEM) - if !reflect.DeepEqual(actualPKE.PrivateKey, decodedPK.Bytes) { - t.Errorf("unexpected private key %v \n %v", actualPKE.PrivateKey, decodedPK.Bytes) - } + assert.Equal(t, decodedPK.Bytes, actualPKE.PrivateKey, "unexpected private key") } func readPrivateKey(t *testing.T) []byte { t.Helper() pkPEM, err := os.ReadFile("./testdata/key.pem") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) b, _ := pem.Decode(pkPEM) - if b == nil { - t.Fatal("should have at least one pem block") - } - - if b.Type != "PRIVATE KEY" { - t.Fatal("should be a private key") - } + assert.NotNil(t, b, "should have at least one pem block") + assert.Equal(t, "PRIVATE KEY", b.Type, "should be a private key") return b.Bytes } @@ -316,18 +237,11 @@ func readCertificate(t *testing.T) []byte { t.Helper() pkPEM, err := os.ReadFile("./testdata/cert.pem") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) b, _ := pem.Decode(pkPEM) - if b == nil { - t.Fatal("should have at least one pem block") - } - - if b.Type != "CERTIFICATE" { - t.Fatal("should be a certificate") - } + assert.NotNil(t, b, "should have at least one pem block") + assert.Equal(t, "CERTIFICATE", b.Type, "should be a certificate") return b.Bytes }