From bd17eb205d6ac464c64eb888a6f4b57445b6c59c Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Sun, 22 Nov 2020 16:50:29 -0500 Subject: ci: Use golangci's github action for linting (#3794) * ci: Use golangci's github action for linting Signed-off-by: Dave Henderson * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson * Fix the prealloc lint errors Signed-off-by: Dave Henderson * Fix the misspell lint errors Signed-off-by: Dave Henderson * Fix the varcheck lint errors Signed-off-by: Dave Henderson * Fix the errcheck lint errors Signed-off-by: Dave Henderson * Fix the bodyclose lint errors Signed-off-by: Dave Henderson * Fix the deadcode lint errors Signed-off-by: Dave Henderson * Fix the unused lint errors Signed-off-by: Dave Henderson * Fix the gosec lint errors Signed-off-by: Dave Henderson * Fix the gosimple lint errors Signed-off-by: Dave Henderson * Fix the ineffassign lint errors Signed-off-by: Dave Henderson * Fix the staticcheck lint errors Signed-off-by: Dave Henderson * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf * single-line log message Co-authored-by: Matt Holt * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson * Ignore some of the write errors Signed-off-by: Dave Henderson * Remove blank line Signed-off-by: Dave Henderson * Use lifetime Signed-off-by: Dave Henderson * close immediately Co-authored-by: Matt Holt * Preallocate configVals Signed-off-by: Dave Henderson * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf Co-authored-by: Matt Holt --- modules/caddytls/internalissuer.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'modules/caddytls/internalissuer.go') diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 6f228ea..416369f 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/certmagic" "github.com/smallstep/certificates/authority/provisioner" + "go.uber.org/zap" ) func init() { @@ -51,7 +52,8 @@ type InternalIssuer struct { // validate certificate chains. SignWithRoot bool `json:"sign_with_root,omitempty"` - ca *caddypki.CA + ca *caddypki.CA + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -64,6 +66,8 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up the issuer. func (iss *InternalIssuer) Provision(ctx caddy.Context) error { + iss.logger = ctx.Logger(iss) + // get a reference to the configured CA appModule, err := ctx.App("pki") if err != nil { @@ -115,11 +119,15 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // ensure issued certificate does not expire later than its issuer lifetime := time.Duration(iss.Lifetime) if time.Now().Add(lifetime).After(issuerCert.NotAfter) { - // TODO: log this - lifetime = issuerCert.NotAfter.Sub(time.Now()) + lifetime = time.Until(issuerCert.NotAfter) + iss.logger.Warn("cert lifetime would exceed issuer NotAfter, clamping lifetime", + zap.Duration("orig_lifetime", time.Duration(iss.Lifetime)), + zap.Duration("lifetime", lifetime), + zap.Time("not_after", issuerCert.NotAfter), + ) } - certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(iss.Lifetime)) + certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(caddy.Duration(lifetime))) if err != nil { return nil, err } -- cgit v1.2.3