Start golangci-lint fixes

2022-03-28 21:28:41 +02:00 · 2022-03-28 21:28:41 +02:00 · a525cd0416
commit a525cd0416
parent b0a16bb85c
8 changed files with 135 additions and 22 deletions
--- a/cmd/cacertocsp/main.go
+++ b/cmd/cacertocsp/main.go
@ -32,12 +32,13 @@ import (
 	"syscall"
 	"time"

-	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 	"github.com/knadh/koanf"
 	"github.com/knadh/koanf/parsers/yaml"
 	"github.com/knadh/koanf/providers/file"
 	"github.com/sirupsen/logrus"

+	"git.cacert.org/cacert-goocsp/pkg/ocsp"
+
 	"git.cacert.org/cacert-goocsp/pkg/ocspsource"
 )

--- a/pkg/ocsp/doc.go
+++ b/pkg/ocsp/doc.go
@ -1,2 +1,19 @@
+/*
+Copyright 2022 CAcert Inc.
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 // Package ocsp contains adapted code from github.com/cloudflare/cfssl/ocsp and golang.org/x/crypto/ocsp
 package ocsp
--- a/pkg/ocsp/ocsp.go
+++ b/pkg/ocsp/ocsp.go
@ -1,3 +1,20 @@
+/*
+Copyright 2022 CAcert Inc.
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 // Copyright 2013 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
--- a/pkg/ocsp/responder.go
+++ b/pkg/ocsp/responder.go
@ -1,3 +1,20 @@
+/*
+Copyright 2022 CAcert Inc.
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 // Package ocsp implements an OCSP responder based on a generic storage backend.
 // It provides a couple of sample implementations.
 // Because OCSP responders handle high query volumes, we have to be careful
--- a/pkg/ocsp/responder_test.go
+++ b/pkg/ocsp/responder_test.go
@ -1,3 +1,20 @@
+/*
+Copyright 2022 CAcert Inc.
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package ocsp

 import (
@ -35,16 +52,22 @@ func TestOCSP(t *testing.T) {
 		{"OPTIONS", "/", http.StatusMethodNotAllowed},
 		{"GET", "/", http.StatusBadRequest},
 		// Bad URL encoding
+		// nolint:lll
 		{"GET", "%ZZFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
 		// Bad URL encoding
+		// nolint:lll
 		{"GET", "%%FQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
 		// Bad base64 encoding
+		// nolint:lll
 		{"GET", "==MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
 		// Bad OCSP DER encoding
+		// nolint:lll
 		{"GET", "AAAMFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
 		// Good encoding all around, including a double slash
+		// nolint:lll
 		{"GET", "MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK},
 		// Good request, leading slash
+		// nolint:lll
 		{"GET", "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK},
 	}

@ -68,6 +91,7 @@ func TestOCSP(t *testing.T) {
 	}
 }

+// nolint:lll
 var testResp = `308204f90a0100a08204f2308204ee06092b0601050507300101048204df308204db3081a7a003020100a121301f311d301b06035504030c146861707079206861636b65722066616b65204341180f32303135303932333231303630305a306c306a3042300906052b0e03021a0500041439e45eb0e3a861c7fa3a3973876be61f7b7d98860414fb784f12f96015832c9f177f3419b32e36ea41890209009cf1912ea8d509088000180f32303135303932333030303030305aa011180f32303330303832363030303030305a300d06092a864886f70d01010b05000382010100c17ed5f12c408d214092c86cb2d6ba9881637a9d5cafb8ddc05aed85806a554c37abdd83c2e00a4bb25b2d0dda1e1c0be65144377471bca53f14616f379ee0c0b436c697b400b7eba9513c5be6d92fbc817586d568156293cfa0099d64585146def907dee36eb650c424a00207b01813aa7ae90e65045339482eeef12b6fa8656315da8f8bb1375caa29ac3858f891adb85066c35b5176e154726ae746016e42e0d6016668ff10a8aa9637417d29be387a1bdba9268b13558034ab5f3e498a47fb096f2e1b39236b22956545884fbbed1884f1bc9686b834d8def4802bac8f79924a36867af87412f808977abaf6457f3cda9e7eccbd0731bcd04865b899ee41a08203193082031530820311308201f9a0030201020209009cf1912ea8d50908300d06092a864886f70d01010b0500301f311d301b06035504030c146861707079206861636b65722066616b65204341301e170d3135303430373233353033385a170d3235303430343233353033385a301f311d301b06035504030c146861707079206861636b65722066616b6520434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c20a47799a05c512b27717633413d770f936bf99de62f130c8774d476deac0029aa6c9d1bb519605df32d34b336394d48e9adc9bbeb48652767dafdb5241c2fc54ce9650e33cb672298888c403642407270cc2f46667f07696d3dd62cfd1f41a8dc0ed60d7c18366b1d2cd462d34a35e148e8695a9a3ec62b656bd129a211a9a534847992d005b0412bcdffdde23085eeca2c32c2693029b5a79f1090fe0b1cb4a154b5c36bc04c7d5a08fa2a58700d3c88d5059205bc5560dc9480f1732b1ad29b030ed3235f7fb868f904fdc79f98ffb5c4e7d4b831ce195f171729ec3f81294df54e66bd3f83d81843b640aea5d7ec64d0905a9dbb03e6ff0e6ac523d36ab0203010001a350304e301d0603551d0e04160414fb784f12f96015832c9f177f3419b32e36ea4189301f0603551d23041830168014fb784f12f96015832c9f177f3419b32e36ea4189300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101001df436be66ff938ccbfb353026962aa758763a777531119377845109e7c2105476c165565d5bbce1464b41bd1d392b079a7341c978af754ca9b3bd7976d485cbbe1d2070d2d4feec1e0f79e8fec9df741e0ea05a26a658d3866825cc1aa2a96a0a04942b2c203cc39501f917a899161dfc461717fe9301fce6ea1afffd7b7998f8941cf76f62def994c028bd1c4b49b17c4d243a6fb058c484968cf80501234da89347108b56b2640cb408e3c336fd72cd355c7f690a15405a7f4ba1e30a6be4a51d262b586f77f8472b207fdd194efab8d3a2683cc148abda7a11b9de1db9307b8ed5a9cd20226f668bd6ac5a3852fd449e42899b7bc915ee747891a110a971`

 type testHeaderSource struct {
@ -137,7 +161,7 @@ func TestCacheHeaders(t *testing.T) {
 		{"Etag", "\"8169FB0843B081A76E9F6F13FD70C8411597BEACF8B182136FFDD19FBD26140A\""},
 	}
 	for _, tc := range testCases {
-		headers, ok := rw.HeaderMap[tc.header]
+		headers, ok := rw.Header()[tc.header]
 		if !ok {
 			t.Errorf("Header %s missing from HTTP response", tc.header)
 			continue
--- a/pkg/ocspsource/ocspsource.go
+++ b/pkg/ocspsource/ocspsource.go
@ -30,8 +30,9 @@ import (
 	"net/http"
 	"time"

-	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 	"github.com/sirupsen/logrus"
+
+	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 )

 type CertificateUpdate struct {
--- a/pkg/ocspsource/opensslcertdb.go
+++ b/pkg/ocspsource/opensslcertdb.go
@ -30,9 +30,10 @@ import (
 	"strings"
 	"time"

-	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 	"github.com/fsnotify/fsnotify"
 	"github.com/sirupsen/logrus"
+
+	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 )

 const (
@ -55,7 +56,6 @@ const (
 type OpenSSLCertDB struct {
 	fileName string
 	content  map[string]*ocsp.Response
-	issuer   *CertificateIssuer
 }

 func (o *OpenSSLCertDB) UpdateCertificate(update *CertificateUpdate) {
@ -107,6 +107,7 @@ func (o *OpenSSLCertDB) update() error {
 	lastLine := false

 	count := 0
+
 	for {
 		line, err := b.ReadString('\n')
 		if err != nil {
@ -120,7 +121,7 @@ func (o *OpenSSLCertDB) update() error {
 		update := parseLine(strings.TrimSpace(line))
 		if update != nil {
 			o.UpdateCertificate(update)
-			count += 1
+			count++
 		}

 		if lastLine {
--- a/pkg/ocspsource/opensslcertdb_test.go
+++ b/pkg/ocspsource/opensslcertdb_test.go
@ -1,3 +1,20 @@
+/*
+Copyright 2022 CAcert Inc.
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package ocspsource

 import (
@ -15,9 +32,10 @@ import (
 	"testing"
 	"time"

-	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
+
+	"git.cacert.org/cacert-goocsp/pkg/ocsp"
 )

 type OcspSourceTestSuite struct {
@ -61,7 +79,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() {

 	testHandler := &OcspTestHandler{suite}
 	suite.Server = httptest.NewServer(testHandler)
-	baseUrl := suite.Server.URL
+
+	baseURL := suite.Server.URL

 	var (
 		startDate, endDate time.Time
@ -92,7 +111,7 @@ func (suite *OcspSourceTestSuite) SetupSuite() {
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
 		IsCA:                  true,
 		MaxPathLen:            3,
-		CRLDistributionPoints: []string{baseUrl + "/crl/root.crl"},
+		CRLDistributionPoints: []string{baseURL + "/crl/root.crl"},
 	}
 	suite.RootCertificate = suite.signCertificate(
 		template,
@ -120,8 +139,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() {
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
 		IsCA:                  true,
 		MaxPathLen:            2,
-		OCSPServer:            []string{baseUrl + "/ocsp"},
-		CRLDistributionPoints: []string{baseUrl + "/crl/intermediate.crl"},
+		OCSPServer:            []string{baseURL + "/ocsp"},
+		CRLDistributionPoints: []string{baseURL + "/crl/intermediate.crl"},
 	}
 	suite.IntermediateCertificate = suite.signCertificate(
 		template,
@ -150,8 +169,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() {
 		IsCA:                  false,
 		MaxPathLen:            0,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning},
-		OCSPServer:            []string{baseUrl + "/ocsp"},
-		CRLDistributionPoints: []string{baseUrl + "/crl/root.crl"},
+		OCSPServer:            []string{baseURL + "/ocsp"},
+		CRLDistributionPoints: []string{baseURL + "/crl/root.crl"},
 	}
 	suite.RootResponderCertificate = suite.signCertificate(
 		template,
@ -180,8 +199,8 @@ func (suite *OcspSourceTestSuite) SetupSuite() {
 		IsCA:                  false,
 		MaxPathLen:            0,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning},
-		OCSPServer:            []string{baseUrl + "/ocsp"},
-		CRLDistributionPoints: []string{baseUrl + "/crl/intermediate.crl"},
+		OCSPServer:            []string{baseURL + "/ocsp"},
+		CRLDistributionPoints: []string{baseURL + "/crl/intermediate.crl"},
 	}
 	suite.IntermediaResponderCertificate = suite.signCertificate(
 		template,
@ -201,6 +220,7 @@ func newTestCertDB() *testCertDB {

 func (t testCertDB) LookupResponseTemplate(serial *big.Int) *ocsp.Response {
 	serialText := serial.Text(hexBase)
+
 	if response, ok := t.content[serialText]; ok {
 		return response
 	}
@ -209,6 +229,7 @@ func (t testCertDB) LookupResponseTemplate(serial *big.Int) *ocsp.Response {
 		Status:       ocsp.Revoked,
 		SerialNumber: serial,
 	}
+
 	return response
 }

@ -267,6 +288,7 @@ func (suite *OcspSourceTestSuite) newRandomSerial() *big.Int {

 func (suite *OcspSourceTestSuite) deserializeKey(index int) crypto.Signer {
 	var (
+		// nolint:lll
 		pkcs8Keys = []string{
 			`MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0sI1pZMtN8MyKE2uO8Jx7nythIzQ6QtG07Tj+CwjdsTlrLYOjtmXl5NHaElAFcCdknX5TT/P+z+uBwbFUQbTsp0Z9Dd/SX4M5VXHFyPDFHLfBdAcRO/ECy7JxbntDBdS5skpDZzsFFDUXrKtAZoAUtRn8DsrHWoSDKpoMvkT5dRyJEv6AJGhV8853PGBWH59hcPqXYts/mYOPpfGcQ9JvePKTc2+Xp+OOYm0pG8D+tpDwLu5qy0NXjgRRUS1Gs2chpV4M+cvYEU0bfZ6j5ZzaaiqWHdKlRJxL9dHArI4Lx0A4r6lTbTbkheDqndYa4i+Nxcp7FxiJEsgahCfHmdRinY+9YpFaxT3v2925y+UWCW3CYD93iumbD1XwAwrVt5ipUpW00P5Dm0A623S0WPw2sN9dCKruQtj1rDHudi8lYw3hwpQu/mEJ5rvLDnq/yINFRnQTbRGvyjiVgppIwgNzC393nPXxy7MVkKvlxLqoXtkEtZHf37rT8mjsQFLV9o4U+rKl9Bw3MiuufEu3aL7UMZ7Y1VwRBEgpQVW1sN2ycpm6mR9UMRNUMQZlF5PcODKN1rSn0G49xiUTTHfzdql1xzmh37iuFXMju071ZLAOweHNZp6E61p6PyiPhlmoWToX/UpMsCjEqLmGv8odAZnvAn+dWsg+B0pkJn4qYGwOWQIDAQABAoICAQCFYwBBmYLr2qNkGsoAD2e1at8fKlnX2JPuuGCmSYcWAUqd8E+Jf5DhkXXJQlOIcC7ke89RuWgp51u3wkEiLg9d1G6YyrE8H/5DSOxgUeJL4NNWIE1HT7Svl6f3TNP5ukg7fX6NG5vaN/ypqXISbJiIsNip1lGjsRK5sa1fUuagMPAL0NXHyxiquvzj0NJdQaLqz/ht4TBxVuZkGOCvtvGWEPciGsl6bxnxdn+XJUHnxuZgKIUgmUTxUYmmbgK6ep3bnLQ9Z/ovWzZM4QNHgq20H0Oo5gMmteubt7BMSBXkZAbo0eRyDeHD+YD8MeBooCjyw9yh2X7nUdIeoQistMavdoyqCpp+3ppDTE4aXEDXEGvjlDrRyoxMu+IYTrONDICT1H+0UDyxHBMpMXslC5WiqqPaXaiE3APxQJlTViOSYfi1AIfn6XTMDDX7xrIFryAn3/YRU3BvGEQRPdAp/PioCl1pwYrGUPzN9dpngCTlJMaGNq689paQ7cqft/+WTi/0d2znrZvfjTD8ebtMi3JRvN6gWNGdipUZylcxk+3xFZwijDf4aiFQTDEWB9/ztDILU8umVdx3Pg+95/7H7/dGb27hmgGPdKhcL7LdHc0R/l1AVSI+ktkyVW4WuFgDtdxvfXaG9ueYIumHVETgGyezwMjhWr4jXanmdHti2ckoAQKCAQEA8KUNYVMxCFvHFqlu39tS8uhUuW/QlmZJntalbqJSDFMcfjVYIxWH/t0lmoNcql4gp+PizG9yPZEr1/hM6xfVBONdZRZkLYfgfpL4eIxeR3yKog/THyYY8ePpl9kMO985dV/iPGGttXPAy4KLF4/PAgR+yXTbQS6IGZK+m0ND4OfkNb1jL6FhyiyQQMoOzqaiixziVCctD28IFAj8X9/G1Lei/LkrZsTh2nUxrPQijuwoYjhd/mZkRiUXGRrqydniRRU0u5SEgTciriwaNp1KEMCJH2+tqddEU1OCd6I9fzs7d0M+6I3WVypZXq1o/zLQszuUSjTeHvDO+HPMwQC6QQKCAQEAwDghREsLkh9hvCi42DXE8aKClXwfEErk26ptGM0IKp4Vs/PyV8JUvb4sfYRz0XEz5gY5cFkwGJ8na9Jn6WlZhkJFPgjDrP1eUOM1XNvWcFaCFisjneV65wue2QgZuLFKGdSM2l08V2vkAYupe/ndWqbfuOiHX9uFtlwmTrq0csmr5Nj88xFsBCee3RZQn1mBWAXnZTGjvQqMuSMBr9Erqq6YVtsueQVOWS82dZPKO7YySaFWniN3ENe6YGEehlXsfwC21fAr6q0m383ZoaB5aIOhhZZSZIAy5tslXTSygkioyMt9t8fkYOq1FbKInpCb7Qg1qbvf8L78wKVjKXZeGQKCAQEAgJq0m96pxZ3GuAW0i03a9pXTMYbgIoBnt8tefdGhp5SDFa/MenN3Sm1FO14Yl7PWH+NZwYeNtflvROwdr0X9Qa+AqhVdVDfZcct5nnLlr66PKCzs1yi1DBCRNeV49EZHnsKvVTWeb+p8jkYlr2Hbb2iXmXIp+puzgHc8Bh3cmMVU4KNl7n6AlFtcfEN/xlCnbVDyY6bMHgNofcyPk200BVpecFFFMJbnXKhk89lE3ry2mEcndF2kGRiZT4FjGJyon+LFW7nzVlrw3cQT/jvw6SL8JSC53pp8mUt33heGZghxrzrw07d5ZPvs5vwlsLynbCHbDg1S55YqBf1c34hUAQKCAQAYvKB7W3UHvwYi4tK28GSB/Dn15t1QiXLeWhZkJK6yXVnJqNE9PgMN0BWFqbAF+h2FsrNdo/yujnzSQWeiAC7HOmwSyan07z5eBn9tjdUQ6/EdzTtuLIQei75Li+FThW1V2aauy2Tikz3qfQC4tbUo32TXNQWG7odMqps7coeaZh26+7nBxjIybq7hIOgLOceNfmUC/tplj6AAi2LCL5cBBisQsnBOnsIwdAT8KKLUAGSEWUD+ZO4Dut9/W8BD5Xbj+UGOUrQ0JUhlcOZbCH3XV2lH+cpsqJrkXrt2PTvjzFn8TUPGjPD1D/9x5WHzlgSbAn11dHojT1DTsfUK9vKxAoIBAEraanpXIJqzjt5wj8z8/OjbXFXOdH3njKe2ntwPCrzU9qN4yv2/a9GEqhnBHZp4s1kznM5hCoEG3TROOKmgp4iDyq/hFKx61wZQAOdHOjCuxvOr+TXSUYJ5lW41BkjZUhm+gWO5WK1nsstaGbOUBQkbOF41zAzUvyt3klaXRaoSJL2XmcVm0VHkpO9IDFIgJNXQpEWV+uiQcghp1K1KPm9sII18g0i0KeI8LllbcmrSvC5kZcv2r9XIKz7h6qvSWYS3wzBKZxeZgCMlMAbg5RNTn72qFvPtXdJBymRvRebxuwrsMhkwvtyxk8T8ym/fKHSJuHaLt46c+r4QjO4alY0`,
 			`MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC0Fi/9aWs4cezbKPZv8D2gXCvD/B/8tqCq3i+9gFcMGj9etBBXtxd0k4TIIbC+y3bbI5bo3AM0RPLsqeGEBnb0V+tfJ211xJaVqOMnUfKrRXjzUiENcO/qGfueh1pMV9KJ+ZUcbm+FQrTRnDShfZlcUZwyGxy6pCxGfQTHMdCSAA5XDj3gmRQxSJvYfZK7hIE9dmNG/yi+rw6Qoh+jGTROiuihY4Bi/w+KczWX74Y6N7vPEH5DTfxuNQxYzMsYBF3Pq+nNpwhB1Ntq7YPpFco8T4zzmh0RHIAGILxBjhcPvtnbSPF4BQATtquj/l2K30CelLCO5h9kPB+r73+di0Nk/d0TBat1PSTVfdZntreb8HhzZ2aSTtXTuNMk4zx0UeoTXKYDsSY9wJY1r5+Sy8XbBYUQJnDgut/ZmKEByV3fkqlJkKvyP/6RKKWAtq6uwZQcbQsEIhSn+V8rP4j20NkASL+KvETsIjr+sb/j8udiynshWML8lrcNVeeMxaYTpzpgUsX8FX58pE3u366zy2PMvYw94baeaxVwSjhXXQr1yDq6NEsqlx0FnWU5DCQWgO3WzRwu0cp0juxLuyPssEuPBz9yBMRKOnc2Own1+vO6q4h56dCR0QI1RuEobIXB/O89fA4dhAjYeBD4bjk3EkNYME1RQDQ+oZxDTbPx2PZ3XQIDAQABAoICAH1MCqvIUx98tI1vnLcZcedG+fRsUV0lO/hmitTQnMAA6yJbKhu9egZUNUiBmFXHfrTNuEvf+CK/7j0XnZ6cWNt86HjWF+SemR8b2KAc9jiQJ60z8WdGssYwuc784ajIWeZBzqtvcwxG80P76OqLVs7SwVhjYMPDQkLw7Qgi8rkCbPfJIuhH2bLIkBY6mIL7mGhJHJ3jHlg9uGaNRnHWMXyMTXssncFDMW7k5d8Gel+7M2LIWPE/K2kKY8LNCml1cEfzlsLNeoNDND7bbrIXxRPdTXaYPa0QJUseL5103TrJUQ6vW8JjyD/vEtERQ8hBuNYdIhLqreCxrF+WTTYyFPrc6UPXE55XTSr78cTZNe5w/u1eYwz/n24J6o6CLjp9XwY+Xb5dmm60TpjqDZl5NmQPvpIgH53l0wxLWg5C2QvKPRo1gBv/LHun2bflZG9eZ+mktYNkfcu4OsZZ86ry7/3tx2UUZaesmVZ8mDhAY2593DfJVQvGEJuOmzLfg4gRTRCAneAjORewLYGh2bRUW0CFrU284cxdFNZkdh3SO0ekpC95EgF2FeKFMI9nxcL+DtR9wTGFmzth9rzPXacGCoEI6a3eZvCXbBqOG0FrRM9KmuabVADiPUm4iFLTKDw6iPPiFZyIu+hpo+f4Seb80VgYLhDhjACmUuBqzzZtxVFJAoIBAQDBJso4sc2ZwWXQrnYnEhvKpaCw3y02/CX3v81j5v/JBO728MZ3KRZaHDzz2ZaTIY2GRRWl/wt6kdWegMlIwK+HHOBQGJXe4qwz+OkqMacN4vkc8cJbhohc9VA/UGJ+1jt2XQTD8oBUGk+5Lyh0YEeS9V2xequz19rXrNToi5vlbrVJL4um7h1wccJy50+07gGCE1AGUSQ4aaV9oTWXiUcsTvC6AYtltUKwsE3pJAilTAfuW4QD65aXux6Z7+bRjDmZAUJvYnDA8F2fPrYt7Ly3abX2cAO+2zGe7jHLURnge1r9ITZA+s2eV01FkJBDE+HsLoaTX39TwIDHn5mq8sdLAoIBAQDurx3IOoOoIS+lFvYoydlxfDFUJzEoQ5mDRSv4ql+Bgmld1jl9txBBC1oo+sA71NvuPZ8Ki9O3TLwcrJdVca9EzEP1dGryYaQ7genkkDoGC9eM31QFoWyYCBXKHychYseHeMBFFmdvk9Zn8uBjTN67i0HMMoPebzeHI/6ZgVLjk3KjXzZ/YJ93vcGlGAWzOXU3X/uISQGFBpyb2wSqRWholcOtPAhE9ToH/G4MdTsqjCJFyaSUPcmrOu337KbpcIxO0kZmRhwAfXtMS/njj88T35v0CUYvLWGPwFOBCofTH5+Od/RUfYY7g1X0lNk11cY6NF32XKgdhaqTMk55Bcr3AoIBADeCAEd+wYlYTPxFxuq/h4EbTCzIVmQg3oBufIYjUorgghQxabfA9Q18Y//oHh+2Wselfu0veIsG8g8VD8N6rHb103jxN9DP75EYDVn03v9cpR6uU56d8P5V+XPYlBXDV19SqBXv0PVagmLDrKqVKLyRCxYAHOwYMmoc3yrdRDYRNMQNh+K3N3qjFrCSzRM/+ur4xdyq4O/dXJPYCmC8MNoI7aFm5Dqcdsf0Qs+nbVyjlvvnDO9bevGr8sVmbjz2QW85L3B3J9Qqv50OFqjoCevj00k5M7pbn8z+wwydCAS9Lo7kRoUyDnlcuXYub2b3hcusKzybCyp0fg3gTfcUwjUCggEBALRNnt7ZrQj+AMLiZJONX3BGE/FxJcY3wqiSQVQ4R6tKu5PCN23LM0EfdT1NppfMBVOkQxcxZ36pPdUfX7aRCYicEZ5DEmME9Y5qZihd9ycIHQ1yy0LxnVn/iY5FGEc1GmsxAXVvJjX4ZNfjdjQtJnhgCxVY95q5QyYYP8TwF5CImunlDAMPF4fZ1YWEbxHjjrOFEzrxg29c/kMSISULB4Mx1z5vAgQth2fu/ab1i/tpHp6/Y08Emep6urc1kyT2+1azq7Cot5B7Of/5yMxpn1Fw8ptXwifzTSbNb4ckUFRhKCP0Y6LLq/IbFXyMUMVFNthTJMPtXKXoimFleDgd8yMCggEBAKc+Ro5kkEE7vIEOTkMZ88/X9eTRV7qk5FVEpllyGBDOYkrPP25UaS0I1CbXtqWMTqBz40tXcdAN69sHru6MlF5zioEcl51QYJUcrY9/4M5Rv/xIA5dWeuJ42Ly1A89U+Zzx+lTjuwgQR+R6Y8AyjHhkYF76JSEoFkCb28+uIsERHhCay7pevOLZYLbeHdANCtXceId80Yvh36+9/qzKoV4eTE6O8LWj1cDudc+vGAb97DCCeGi5vbh3XBf1Xzp88MnsnGFzC6azCrjr9TLW3/p66OESSmm1y1qnMwcq/h/9Bh9SjhFTab9ftOS9bO3pcvTygheHAywO212BOZ+I8h0`,
@ -282,6 +304,7 @@ func (suite *OcspSourceTestSuite) deserializeKey(index int) crypto.Signer {
 	)

 	assert.Less(suite.T(), index, len(pkcs8Keys))
+
 	keyBytes, err := base64.RawStdEncoding.DecodeString(pkcs8Keys[index])
 	if err != nil {
 		suite.FailNow("could not decode private key DER bytes: %v", err)
@ -309,10 +332,12 @@ func (suite *OcspSourceTestSuite) signCertificate(
 	if err != nil {
 		suite.FailNow("could not sign test root certificate %v", err)
 	}
+
 	certificate, err := x509.ParseCertificate(rootBytes)
 	if err != nil {
 		suite.FailNow("could not parse generated root certificate: %v", err)
 	}
+
 	return certificate
 }

@ -339,12 +364,14 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() {
 		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		OCSPServer:  suite.IntermediateCertificate.OCSPServer,
 	}
+
 	cert := suite.signCertificate(
 		template,
 		suite.IntermediateCertificate,
 		key.Public(),
 		suite.IntermediateKey,
 	)
+
 	suite.IntermediateIssuer.UpdateCert(&CertificateUpdate{
 		Serial:   serial,
 		Status:   ocsp.Good,
@ -352,17 +379,22 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() {
 	})

 	ocspClient := http.DefaultClient
+
 	request, err := ocsp.CreateRequest(cert, suite.IntermediateCertificate, nil)
 	if err != nil {
 		suite.FailNow("could not create OCSP request: %v", err)
 	}
-	response, err := ocspClient.Post(suite.IntermediateCertificate.OCSPServer[0], "application/ocsp-request", bytes.NewReader(request))
+
+	response, err := ocspClient.Post(
+		suite.IntermediateCertificate.OCSPServer[0],
+		"application/ocsp-request",
+		bytes.NewReader(request),
+	)
 	if err != nil {
 		suite.FailNow("could not retrieve response: %v", err)
 	}
-	defer func(Body io.ReadCloser) {
-		_ = Body.Close()
-	}(response.Body)
+
+	defer response.Body.Close()

 	assert.Equal(suite.T(), 200, response.StatusCode)

@ -370,13 +402,16 @@ func (suite *OcspSourceTestSuite) TestCertificateInIndexTxt() {
 	if err != nil {
 		suite.FailNow("could not read data from OCSP response: %v", err)
 	}
+
 	tempFile, _ := ioutil.TempFile("", "ocspresponse-*.der")
-	io.Copy(tempFile, bytes.NewReader(responseData))
+
+	_, _ = io.Copy(tempFile, bytes.NewReader(responseData))

 	data, err := ocsp.ParseResponse(responseData, suite.IntermediateCertificate)
 	if err != nil {
 		suite.FailNow("could not parse OCSP response: %v", err)
 	}
+
 	assert.Equal(suite.T(), serial, data.SerialNumber)
 	assert.Equal(suite.T(), ocsp.Good, data.Status)
 }
@ -391,6 +426,6 @@ const (
 	idxRootOcspKey
 	idxIntermediaryOcspKey
 	idxEndpointKey1
-	idxEndpointKey2
-	idxEndpointKey3
+	// idxEndpointKey2
+	// idxEndpointKey3
 )