address linter warning for go 1.19

Author: dopey

acme/api/account_test.go

@@ -34,31 +34,24 @@ var (
 
 type fakeProvisioner struct{}
 
-func (*fakeProvisioner) AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error {
+func (*fakeProvisioner) AuthorizeOrderIdentifier(context.Context, provisioner.ACMEIdentifier) error {
 	return nil
 }
-
-func (*fakeProvisioner) AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error) {
+func (*fakeProvisioner) AuthorizeSign(context.Context, string) ([]provisioner.SignOption, error) {
 	return nil, nil
 }
-
-func (*fakeProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
+func (*fakeProvisioner) IsChallengeEnabled(context.Context, provisioner.ACMEChallenge) bool {
 	return true
 }
-
-func (*fakeProvisioner) IsAttestationFormatEnabled(ctx context.Context, format provisioner.ACMEAttestationFormat) bool {
+func (*fakeProvisioner) IsAttestationFormatEnabled(context.Context, provisioner.ACMEAttestationFormat) bool {
 	return true
 }
-
-func (*fakeProvisioner) GetAttestationRoots() (*x509.CertPool, bool) {
-	return nil, false
-}
-
-func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }
-func (*fakeProvisioner) GetID() string                                           { return "" }
-func (*fakeProvisioner) GetName() string                                         { return "" }
-func (*fakeProvisioner) DefaultTLSCertDuration() time.Duration                   { return 0 }
-func (*fakeProvisioner) GetOptions() *provisioner.Options                        { return nil }
+func (*fakeProvisioner) GetAttestationRoots() (*x509.CertPool, bool)   { return nil, false }
+func (*fakeProvisioner) AuthorizeRevoke(context.Context, string) error { return nil }
+func (*fakeProvisioner) GetID() string                                 { return "" }
+func (*fakeProvisioner) GetName() string                               { return "" }
+func (*fakeProvisioner) DefaultTLSCertDuration() time.Duration         { return 0 }
+func (*fakeProvisioner) GetOptions() *provisioner.Options              { return nil }
 
 func newProv() acme.Provisioner {
 	// Initialize provisioners

acme/api/handler.go

@@ -273,7 +273,7 @@ func shouldAddMetaObject(p *provisioner.ACME) bool {
 
 // NotImplemented returns a 501 and is generally a placeholder for functionality which
 // MAY be added at some point in the future but is not in any way a guarantee of such.
-func NotImplemented(w http.ResponseWriter, r *http.Request) {
+func NotImplemented(w http.ResponseWriter, _ *http.Request) {
 	render.Error(w, acme.NewError(acme.ErrorNotImplementedType, "this API is not implemented"))
 }
 

acme/api/middleware_test.go

@@ -24,7 +24,7 @@ import (
 
 var testBody = []byte("foo")
 
-func testNext(w http.ResponseWriter, r *http.Request) {
+func testNext(w http.ResponseWriter, _ *http.Request) {
 	w.Write(testBody)
 }
 
@@ -328,7 +328,7 @@ func TestHandler_isPostAsGet(t *testing.T) {
 
 type errReader int
 
-func (errReader) Read(p []byte) (n int, err error) {
+func (errReader) Read([]byte) (int, error) {
 	return 0, errors.New("force")
 }
 func (errReader) Close() error {

acme/api/revoke.go

@@ -151,7 +151,7 @@ func RevokeCert(w http.ResponseWriter, r *http.Request) {
 // the identifiers in the certificate are extracted and compared against the (valid) Authorizations
 // that are stored for the ACME Account. If these sets match, the Account is considered authorized
 // to revoke the certificate. If this check fails, the client will receive an unauthorized error.
-func isAccountAuthorized(ctx context.Context, dbCert *acme.Certificate, certToBeRevoked *x509.Certificate, account *acme.Account) *acme.Error {
+func isAccountAuthorized(_ context.Context, dbCert *acme.Certificate, certToBeRevoked *x509.Certificate, account *acme.Account) *acme.Error {
 	if !account.IsValid() {
 		return wrapUnauthorizedError(certToBeRevoked, nil, fmt.Sprintf("account '%s' has status '%s'", account.ID, account.Status), nil)
 	}

acme/api/revoke_test.go

@@ -258,7 +258,7 @@ func jwkEncode(pub crypto.PublicKey) (string, error) {
 // jwsFinal constructs the final JWS object.
 // Implementation taken from github.com/mholt/acmez, which seems to be based on
 // https://github.com/golang/crypto/blob/master/acme/jws.go.
-func jwsFinal(sha crypto.Hash, sig []byte, phead, payload string) ([]byte, error) {
+func jwsFinal(_ crypto.Hash, sig []byte, phead, payload string) ([]byte, error) {
 	enc := struct {
 		Protected string `json:"protected"`
 		Payload   string `json:"payload"`
@@ -281,7 +281,7 @@ type mockCA struct {
 	MockAreSANsallowed func(ctx context.Context, sans []string) error
 }
 
-func (m *mockCA) Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
+func (m *mockCA) Sign(*x509.CertificateRequest, provisioner.SignOptions, ...provisioner.SignOption) ([]*x509.Certificate, error) {
 	return nil, nil
 }
 

acme/challenge.go

@@ -520,7 +520,7 @@ const (
 	coseAlgRS256 coseAlgorithmIdentifier = -257
 )
 
-func doTPMAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*tpmAttestationData, error) {
+func doTPMAttestationFormat(_ context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*tpmAttestationData, error) {
 	ver, ok := att.AttStatement["ver"].(string)
 	if !ok {
 		return nil, NewError(ErrorBadAttestationStatementType, "ver not present")
@@ -742,11 +742,7 @@ func validateAKCertificate(c *x509.Certificate) error {
 	if err := validateAKCertificateExtendedKeyUsage(c); err != nil {
 		return err
 	}
-	if err := validateAKCertificateSubjectAlternativeNames(c); err != nil {
-		return err
-	}
-
-	return nil
+	return validateAKCertificateSubjectAlternativeNames(c)
 }
 
 // validateAKCertificateSubjectAlternativeNames checks if the AK certificate
@@ -828,7 +824,7 @@ type appleAttestationData struct {
 	Fingerprint  string
 }
 
-func doAppleAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, att *attestationObject) (*appleAttestationData, error) {
+func doAppleAttestationFormat(_ context.Context, prov Provisioner, _ *Challenge, att *attestationObject) (*appleAttestationData, error) {
 	// Use configured or default attestation roots if none is configured.
 	roots, ok := prov.GetAttestationRoots()
 	if !ok {
@@ -933,7 +929,7 @@ type stepAttestationData struct {
 	Fingerprint  string
 }
 
-func doStepAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*stepAttestationData, error) {
+func doStepAttestationFormat(_ context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*stepAttestationData, error) {
 	// Use configured or default attestation roots if none is configured.
 	roots, ok := prov.GetAttestationRoots()
 	if !ok {

acme/challenge_test.go

@@ -148,7 +148,7 @@ func mustAttestApple(t *testing.T, nonce string) ([]byte, *x509.Certificate, *x5
 	return payload, leaf, ca.Root
 }
 
-func mustAttestYubikey(t *testing.T, nonce, keyAuthorization string, serial int) ([]byte, *x509.Certificate, *x509.Certificate) {
+func mustAttestYubikey(t *testing.T, _, keyAuthorization string, serial int) ([]byte, *x509.Certificate, *x509.Certificate) {
 	ca, err := minica.New()
 	fatalError(t, err)
 
@@ -888,7 +888,7 @@ func TestChallenge_Validate(t *testing.T) {
 
 type errReader int
 
-func (errReader) Read(p []byte) (n int, err error) {
+func (errReader) Read([]byte) (int, error) {
 	return 0, errors.New("force")
 }
 func (errReader) Close() error {
@@ -1631,14 +1631,14 @@ func newTestTLSALPNServer(validationCert *tls.Certificate, opts ...func(*httptes
 // noopConn is a mock net.Conn that does nothing.
 type noopConn struct{}
 
-func (c *noopConn) Read(_ []byte) (n int, err error)   { return 0, io.EOF }
-func (c *noopConn) Write(_ []byte) (n int, err error)  { return 0, io.EOF }
-func (c *noopConn) Close() error                       { return nil }
-func (c *noopConn) LocalAddr() net.Addr                { return &net.IPAddr{IP: net.IPv4zero, Zone: ""} }
-func (c *noopConn) RemoteAddr() net.Addr               { return &net.IPAddr{IP: net.IPv4zero, Zone: ""} }
-func (c *noopConn) SetDeadline(t time.Time) error      { return nil }
-func (c *noopConn) SetReadDeadline(t time.Time) error  { return nil }
-func (c *noopConn) SetWriteDeadline(t time.Time) error { return nil }
+func (c *noopConn) Read(_ []byte) (n int, err error)  { return 0, io.EOF }
+func (c *noopConn) Write(_ []byte) (n int, err error) { return 0, io.EOF }
+func (c *noopConn) Close() error                      { return nil }
+func (c *noopConn) LocalAddr() net.Addr               { return &net.IPAddr{IP: net.IPv4zero, Zone: ""} }
+func (c *noopConn) RemoteAddr() net.Addr              { return &net.IPAddr{IP: net.IPv4zero, Zone: ""} }
+func (c *noopConn) SetDeadline(time.Time) error       { return nil }
+func (c *noopConn) SetReadDeadline(time.Time) error   { return nil }
+func (c *noopConn) SetWriteDeadline(time.Time) error  { return nil }
 
 func newTLSALPNValidationCert(keyAuthHash []byte, obsoleteOID, critical bool, names ...string) (*tls.Certificate, error) {
 	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)

acme/common.go

@@ -46,7 +46,7 @@ type PrerequisitesChecker func(ctx context.Context) (bool, error)
 
 // DefaultPrerequisitesChecker is the default PrerequisiteChecker and returns
 // always true.
-func DefaultPrerequisitesChecker(ctx context.Context) (bool, error) {
+func DefaultPrerequisitesChecker(context.Context) (bool, error) {
 	return true, nil
 }
 

acme/db/nosql/account.go

@@ -26,7 +26,7 @@ func (dba *dbAccount) clone() *dbAccount {
 	return &nu
 }
 
-func (db *DB) getAccountIDByKeyID(ctx context.Context, kid string) (string, error) {
+func (db *DB) getAccountIDByKeyID(_ context.Context, kid string) (string, error) {
 	id, err := db.db.Get(accountByKeyIDTable, []byte(kid))
 	if err != nil {
 		if nosqlDB.IsErrNotFound(err) {
@@ -38,7 +38,7 @@ func (db *DB) getAccountIDByKeyID(ctx context.Context, kid string) (string, erro
 }
 
 // getDBAccount retrieves and unmarshals dbAccount.
-func (db *DB) getDBAccount(ctx context.Context, id string) (*dbAccount, error) {
+func (db *DB) getDBAccount(_ context.Context, id string) (*dbAccount, error) {
 	data, err := db.db.Get(accountTable, []byte(id))
 	if err != nil {
 		if nosqlDB.IsErrNotFound(err) {

acme/db/nosql/authz.go

@@ -32,7 +32,7 @@ func (ba *dbAuthz) clone() *dbAuthz {
 
 // getDBAuthz retrieves and unmarshals a database representation of the
 // ACME Authorization type.
-func (db *DB) getDBAuthz(ctx context.Context, id string) (*dbAuthz, error) {
+func (db *DB) getDBAuthz(_ context.Context, id string) (*dbAuthz, error) {
 	data, err := db.db.Get(authzTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
 		return nil, acme.NewError(acme.ErrorMalformedType, "authz %s not found", id)
@@ -121,7 +121,7 @@ func (db *DB) UpdateAuthorization(ctx context.Context, az *acme.Authorization) e
 }
 
 // GetAuthorizationsByAccountID retrieves and unmarshals ACME authz types from the database.
-func (db *DB) GetAuthorizationsByAccountID(ctx context.Context, accountID string) ([]*acme.Authorization, error) {
+func (db *DB) GetAuthorizationsByAccountID(_ context.Context, accountID string) ([]*acme.Authorization, error) {
 	entries, err := db.db.List(authzTable)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error listing authz")

acme/db/nosql/certificate.go

@@ -69,7 +69,7 @@ func (db *DB) CreateCertificate(ctx context.Context, cert *acme.Certificate) err
 
 // GetCertificate retrieves and unmarshals an ACME certificate type from the
 // datastore.
-func (db *DB) GetCertificate(ctx context.Context, id string) (*acme.Certificate, error) {
+func (db *DB) GetCertificate(_ context.Context, id string) (*acme.Certificate, error) {
 	b, err := db.db.Get(certTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
 		return nil, acme.NewError(acme.ErrorMalformedType, "certificate %s not found", id)

acme/db/nosql/challenge.go

@@ -29,7 +29,7 @@ func (dbc *dbChallenge) clone() *dbChallenge {
 	return &u
 }
 
-func (db *DB) getDBChallenge(ctx context.Context, id string) (*dbChallenge, error) {
+func (db *DB) getDBChallenge(_ context.Context, id string) (*dbChallenge, error) {
 	data, err := db.db.Get(challengeTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
 		return nil, acme.NewError(acme.ErrorMalformedType, "challenge %s not found", id)
@@ -69,6 +69,7 @@ func (db *DB) CreateChallenge(ctx context.Context, ch *acme.Challenge) error {
 // GetChallenge retrieves and unmarshals an ACME challenge type from the database.
 // Implements the acme.DB GetChallenge interface.
 func (db *DB) GetChallenge(ctx context.Context, id, authzID string) (*acme.Challenge, error) {
+	_ = authzID // unused input
 	dbch, err := db.getDBChallenge(ctx, id)
 	if err != nil {
 		return nil, err

acme/db/nosql/eab.go

@@ -35,7 +35,7 @@ type dbExternalAccountKeyReference struct {
 }
 
 // getDBExternalAccountKey retrieves and unmarshals dbExternalAccountKey.
-func (db *DB) getDBExternalAccountKey(ctx context.Context, id string) (*dbExternalAccountKey, error) {
+func (db *DB) getDBExternalAccountKey(_ context.Context, id string) (*dbExternalAccountKey, error) {
 	data, err := db.db.Get(externalAccountKeyTable, []byte(id))
 	if err != nil {
 		if nosqlDB.IsErrNotFound(err) {
@@ -160,6 +160,8 @@ func (db *DB) DeleteExternalAccountKey(ctx context.Context, provisionerID, keyID
 
 // GetExternalAccountKeys retrieves all External Account Binding keys for a provisioner
 func (db *DB) GetExternalAccountKeys(ctx context.Context, provisionerID, cursor string, limit int) ([]*acme.ExternalAccountKey, string, error) {
+	_, _ = cursor, limit // unused input
+
 	externalAccountKeyMutex.RLock()
 	defer externalAccountKeyMutex.RUnlock()
 
@@ -227,7 +229,7 @@ func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, provisionerI
 	return db.GetExternalAccountKey(ctx, provisionerID, dbExternalAccountKeyReference.ExternalAccountKeyID)
 }
 
-func (db *DB) GetExternalAccountKeyByAccountID(ctx context.Context, provisionerID, accountID string) (*acme.ExternalAccountKey, error) {
+func (db *DB) GetExternalAccountKeyByAccountID(context.Context, string, string) (*acme.ExternalAccountKey, error) {
 	//nolint:nilnil // legacy
 	return nil, nil
 }

acme/db/nosql/nonce.go

@@ -39,7 +39,7 @@ func (db *DB) CreateNonce(ctx context.Context) (acme.Nonce, error) {
 
 // DeleteNonce verifies that the nonce is valid (by checking if it exists),
 // and if so, consumes the nonce resource by deleting it from the database.
-func (db *DB) DeleteNonce(ctx context.Context, nonce acme.Nonce) error {
+func (db *DB) DeleteNonce(_ context.Context, nonce acme.Nonce) error {
 	err := db.db.Update(&database.Tx{
 		Operations: []*database.TxEntry{
 			{

acme/db/nosql/nosql.go

@@ -48,7 +48,7 @@ func New(db nosqlDB.DB) (*DB, error) {
 
 // save writes the new data to the database, overwriting the old data if it
 // existed.
-func (db *DB) save(ctx context.Context, id string, nu, old interface{}, typ string, table []byte) error {
+func (db *DB) save(_ context.Context, id string, nu, old interface{}, typ string, table []byte) error {
 	var (
 		err  error
 		newB []byte

acme/db/nosql/order.go

@@ -35,7 +35,7 @@ func (a *dbOrder) clone() *dbOrder {
 }
 
 // getDBOrder retrieves and unmarshals an ACME Order type from the database.
-func (db *DB) getDBOrder(ctx context.Context, id string) (*dbOrder, error) {
+func (db *DB) getDBOrder(_ context.Context, id string) (*dbOrder, error) {
 	b, err := db.db.Get(orderTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
 		return nil, acme.NewError(acme.ErrorMalformedType, "order %s not found", id)

acme/order_test.go

@@ -301,7 +301,7 @@ func (m *mockSignAuth) LoadProvisionerByName(name string) (provisioner.Interface
 	return m.ret1.(provisioner.Interface), m.err
 }
 
-func (m *mockSignAuth) IsRevoked(sn string) (bool, error) {
+func (m *mockSignAuth) IsRevoked(string) (bool, error) {
 	return false, nil
 }
 

api/api.go

@@ -288,7 +288,7 @@ func (h *caHandler) Route(r Router) {
 // New creates a new RouterHandler with the CA endpoints.
 //
 // Deprecated: Use api.Route(r Router)
-func New(auth Authority) RouterHandler {
+func New(Authority) RouterHandler {
 	return &caHandler{}
 }
 
@@ -335,7 +335,7 @@ func Version(w http.ResponseWriter, r *http.Request) {
 }
 
 // Health is an HTTP handler that returns the status of the server.
-func Health(w http.ResponseWriter, r *http.Request) {
+func Health(w http.ResponseWriter, _ *http.Request) {
 	render.JSON(w, HealthResponse{Status: "ok"})
 }
 

authority/admin/api/acme.go

@@ -69,17 +69,17 @@ func NewACMEAdminResponder() ACMEAdminResponder {
 }
 
 // GetExternalAccountKeys writes the response for the EAB keys GET endpoint
-func (h *acmeAdminResponder) GetExternalAccountKeys(w http.ResponseWriter, r *http.Request) {
+func (h *acmeAdminResponder) GetExternalAccountKeys(w http.ResponseWriter, _ *http.Request) {
 	render.Error(w, admin.NewError(admin.ErrorNotImplementedType, "this functionality is currently only available in Certificate Manager: https://u.step.sm/cm"))
 }
 
 // CreateExternalAccountKey writes the response for the EAB key POST endpoint
-func (h *acmeAdminResponder) CreateExternalAccountKey(w http.ResponseWriter, r *http.Request) {
+func (h *acmeAdminResponder) CreateExternalAccountKey(w http.ResponseWriter, _ *http.Request) {
 	render.Error(w, admin.NewError(admin.ErrorNotImplementedType, "this functionality is currently only available in Certificate Manager: https://u.step.sm/cm"))
 }
 
 // DeleteExternalAccountKey writes the response for the EAB key DELETE endpoint
-func (h *acmeAdminResponder) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Request) {
+func (h *acmeAdminResponder) DeleteExternalAccountKey(w http.ResponseWriter, _ *http.Request) {
 	render.Error(w, admin.NewError(admin.ErrorNotImplementedType, "this functionality is currently only available in Certificate Manager: https://u.step.sm/cm"))
 }
 

authority/admin/db/nosql/admin.go

@@ -40,7 +40,7 @@ func (dba *dbAdmin) clone() *dbAdmin {
 	return &u
 }
 
-func (db *DB) getDBAdminBytes(ctx context.Context, id string) ([]byte, error) {
+func (db *DB) getDBAdminBytes(_ context.Context, id string) ([]byte, error) {
 	data, err := db.db.Get(adminsTable, []byte(id))
 	if nosql.IsErrNotFound(err) {
 		return nil, admin.NewError(admin.ErrorNotFoundType, "admin %s not found", id)
@@ -102,7 +102,7 @@ func (db *DB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin, error)
 // GetAdmins retrieves and unmarshals all active (not deleted) admins
 // from the database.
 // TODO should we be paginating?
-func (db *DB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) {
+func (db *DB) GetAdmins(context.Context) ([]*linkedca.Admin, error) {
 	dbEntries, err := db.db.List(adminsTable)
 	if err != nil {
 		return nil, errors.Wrap(err, "error loading admins")
@@ -115,12 +115,10 @@ func (db *DB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, error) {
 			if errors.As(err, &ae) {
 				if ae.IsType(admin.ErrorDeletedType) || ae.IsType(admin.ErrorAuthorityMismatchType) {
 					continue
-				} else {
-					return nil, err
 				}
-			} else {
 				return nil, err
 			}
+			return nil, err
 		}
 		if adm.AuthorityId != db.authorityID {
 			continue

authority/admin/db/nosql/nosql.go

@@ -36,7 +36,7 @@ func New(db nosqlDB.DB, authorityID string) (*DB, error) {
 
 // save writes the new data to the database, overwriting the old data if it
 // existed.
-func (db *DB) save(ctx context.Context, id string, nu, old interface{}, typ string, table []byte) error {
+func (db *DB) save(_ context.Context, id string, nu, old interface{}, typ string, table []byte) error {
 	var (
 		err  error
 		newB []byte

authority/admin/db/nosql/policy.go

@@ -71,7 +71,7 @@ func (dbap *dbAuthorityPolicy) convert() *linkedca.Policy {
 	return dbToLinked(dbap.Policy)
 }
 
-func (db *DB) getDBAuthorityPolicyBytes(ctx context.Context, authorityID string) ([]byte, error) {
+func (db *DB) getDBAuthorityPolicyBytes(_ context.Context, authorityID string) ([]byte, error) {
 	data, err := db.db.Get(authorityPoliciesTable, []byte(authorityID))
 	if nosql.IsErrNotFound(err) {
 		return nil, admin.NewError(admin.ErrorNotFoundType, "authority policy not found")