fix linter errors

.golangci.yaml

@@ -27,6 +27,8 @@ linters-settings:
 
 
 issues:
+  exclude:
+    - import '.*' is not allowed from list 'Main'
   exclude-rules:
     - path: _test\.go
       linters:

common_test.go

@@ -2,21 +2,24 @@ package keystore
 
 import (
 	"crypto/rand"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"reflect"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestZeroing(t *testing.T) {
-	var table [][]byte
+	const tableLength = 20
+
+	var table = make([][]byte, tableLength)
 
-	for i := 0; i < 20; i++ {
+	for i := range tableLength {
 		buf := make([]byte, 4096)
 		_, err := rand.Read(buf)
 		require.NoError(t, err)
 
-		table = append(table, buf)
+		table[i] = buf
 	}
 
 	for _, tt := range table {
@@ -34,9 +37,11 @@ func TestPasswordBytes(t *testing.T) {
 		output []byte
 	}
 
-	var table []item
+	const tableLength = 20
+
+	var table = make([]item, tableLength)
 
-	for i := 0; i < 20; i++ {
+	for i := range tableLength {
 		input := make([]byte, 1024)
 		_, err := rand.Read(input)
 		require.NoError(t, err)
@@ -48,7 +53,7 @@ func TestPasswordBytes(t *testing.T) {
 			output[j+1] = input[k]
 		}
 
-		table = append(table, item{input: input, output: output})
+		table[i] = item{input: input, output: output}
 	}
 
 	for _, tt := range table {

decoder.go

@@ -119,7 +119,7 @@ func (d decoder) readPrivateKeyEntry(version uint32) (PrivateKeyEntry, error) {
 
 	chain := make([]Certificate, 0, certNum)
 
-	for i := uint32(0); i < certNum; i++ {
+	for i := range certNum {
 		cert, err := d.readCertificate(version)
 		if err != nil {
 			return PrivateKeyEntry{}, fmt.Errorf("read %d certificate: %w", i, err)
@@ -128,7 +128,7 @@ func (d decoder) readPrivateKeyEntry(version uint32) (PrivateKeyEntry, error) {
 		chain = append(chain, cert)
 	}
 
-	creationDateTime := time.UnixMilli(int64(creationTimeStamp))
+	creationDateTime := time.UnixMilli(int64(creationTimeStamp)) //nolint:all
 	privateKeyEntry := PrivateKeyEntry{
 		PrivateKey:       encryptedPrivateKey,
 		CreationTime:     creationDateTime,
@@ -149,7 +149,7 @@ func (d decoder) readTrustedCertificateEntry(version uint32) (TrustedCertificate
 		return TrustedCertificateEntry{}, fmt.Errorf("read certificate: %w", err)
 	}
 
-	creationDateTime := time.UnixMilli(int64(creationTimeStamp))
+	creationDateTime := time.UnixMilli(int64(creationTimeStamp)) //nolint:all
 	trustedCertificateEntry := TrustedCertificateEntry{
 		CreationTime: creationDateTime,
 		Certificate:  certificate,

decoder_test.go

@@ -7,11 +7,12 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"io"
 	"reflect"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestReadUint16(t *testing.T) {
@@ -320,7 +321,7 @@ func TestReadString(t *testing.T) {
 		})
 		str := "some string to read"
 		buf := make([]byte, 2)
-		binary.BigEndian.PutUint16(buf, uint16(len(str)))
+		binary.BigEndian.PutUint16(buf, uint16(len(str))) //nolint:all
 		buf = append(buf, []byte(str)...)
 		table = append(table, item{
 			input:  buf,

encoder.go

@@ -95,7 +95,7 @@ func (e encoder) writePrivateKeyEntry(alias string, pke PrivateKeyEntry) error {
 		return fmt.Errorf("write alias: %w", err)
 	}
 
-	if err := e.writeUint64(uint64(pke.CreationTime.UnixMilli())); err != nil {
+	if err := e.writeUint64(uint64(pke.CreationTime.UnixMilli())); err != nil { //nolint:all
 		return fmt.Errorf("write creation timestamp: %w", err)
 	}
 
@@ -140,7 +140,7 @@ func (e encoder) writeTrustedCertificateEntry(alias string, tce TrustedCertifica
 		return fmt.Errorf("write alias: %w", err)
 	}
 
-	if err := e.writeUint64(uint64(tce.CreationTime.UnixMilli())); err != nil {
+	if err := e.writeUint64(uint64(tce.CreationTime.UnixMilli())); err != nil { //nolint:all
 		return fmt.Errorf("write creation timestamp: %w", err)
 	}
 

keyprotector.go

@@ -133,7 +133,7 @@ func encrypt(rand io.Reader, plainKey []byte, password []byte) ([]byte, error) {
 	}
 
 	tmpKey := make([]byte, plainKeyLen)
-	for i := 0; i < plainKeyLen; i++ {
+	for i := range plainKeyLen {
 		tmpKey[i] = plainKey[i] ^ xorKey[i]
 	}
 

keystore.go

@@ -117,7 +117,7 @@ func (ks KeyStore) Store(w io.Writer, password []byte) error {
 		return fmt.Errorf("write version: %w", err)
 	}
 
-	if err := e.writeUint32(uint32(len(ks.m))); err != nil {
+	if err := e.writeUint32(uint32(len(ks.m))); err != nil { //nolint:all
 		return fmt.Errorf("write number of entries: %w", err)
 	}
 
@@ -181,7 +181,7 @@ func (ks KeyStore) Load(r io.Reader, password []byte) error {
 		return fmt.Errorf("read number of entries: %w", err)
 	}
 
-	for i := uint32(0); i < entryNum; i++ {
+	for i := range entryNum {
 		alias, entry, err := d.readEntry(version)
 		if err != nil {
 			return fmt.Errorf("read %d entry: %w", i, err)
@@ -192,7 +192,7 @@ func (ks KeyStore) Load(r io.Reader, password []byte) error {
 
 	computedDigest := d.h.Sum(nil)
 
-	actualDigest, err := d.readBytes(uint32(d.h.Size()))
+	actualDigest, err := d.readBytes(uint32(d.h.Size())) //nolint:all
 	if err != nil {
 		return fmt.Errorf("read digest: %w", err)
 	}

keystore_test.go

@@ -2,13 +2,14 @@ package keystore
 
 import (
 	"encoding/pem"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"os"
 	"reflect"
 	"sort"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestSetGetMethods(t *testing.T) {
@@ -55,7 +56,8 @@ func TestSetGetMethods(t *testing.T) {
 	require.NoError(t, err)
 
 	assert.True(t, reflect.DeepEqual(pke, pkeGet), "private key entries not equal")
-	assert.True(t, reflect.DeepEqual(pke.CertificateChain, chainGet), "certificate chains of private key entries are not equal")
+	assert.True(t, reflect.DeepEqual(pke.CertificateChain, chainGet),
+		"certificate chains of private key entries are not equal")
 	assert.True(t, reflect.DeepEqual(tce, tceGet), "private key entries not equal")
 
 	_, err = ks.GetPrivateKeyEntry(nonExistentAlias, password)
@@ -170,9 +172,10 @@ func TestLoad(t *testing.T) {
 	expectedCT, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2017-09-19 17:41:00.016 +0300 EEST")
 	require.NoError(t, err)
 
-	assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT), "unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT)
+	assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT),
+		"unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT)
 
-	assert.Lenf(t, actualPKE.CertificateChain, 0, "unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0)
+	assert.Empty(t, actualPKE.CertificateChain, "unexpected private key entry certificate chain length")
 
 	pkPEM, err := os.ReadFile("./testdata/key.pem")
 	require.NoError(t, err)
@@ -208,16 +211,19 @@ func TestLoadKeyPassword(t *testing.T) {
 	expectedCT, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2020-10-26 12:01:38.387 +0200 EET")
 	require.NoError(t, err)
 
-	assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT), "unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT)
+	assert.Truef(t, actualPKE.CreationTime.Equal(expectedCT),
+		"unexpected private key entry creation time: '%v' '%v'", actualPKE.CreationTime, expectedCT)
 
-	assert.Lenf(t, actualPKE.CertificateChain, 1, "unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0)
+	assert.Lenf(t, actualPKE.CertificateChain, 1,
+		"unexpected private key entry certificate chain length: '%d' '%d'", len(actualPKE.CertificateChain), 0)
 
 	pkPEM, err := os.ReadFile("./testdata/key_keypass.pem")
 	require.NoError(t, err)
 
 	decodedPK, _ := pem.Decode(pkPEM)
 
-	assert.Truef(t, reflect.DeepEqual(actualPKE.PrivateKey, decodedPK.Bytes), "unexpected private key %v \n %v", actualPKE.PrivateKey, decodedPK.Bytes)
+	assert.Truef(t, reflect.DeepEqual(actualPKE.PrivateKey, decodedPK.Bytes),
+		"unexpected private key %v \n %v", actualPKE.PrivateKey, decodedPK.Bytes)
 }
 
 func readPrivateKey(t *testing.T) []byte {