Move internal code to internal packages

.golangci.yml

@@ -1,9 +1,9 @@
 ---
 run:
   skip-files:
-    - pkg/config/amd64.go
-    - pkg/config/arm64.go
-    - pkg/config/armhf.go
+    - internal/config/amd64.go
+    - internal/config/arm64.go
+    - internal/config/armhf.go
     - pkg/messages/resolver.msgpackgen.go
 
 output:

cmd/signer/main.go

@@ -25,13 +25,12 @@ import (
 
 	"github.com/sirupsen/logrus"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
-
-	"git.cacert.org/cacert-gosigner/pkg/config"
-	"git.cacert.org/cacert-gosigner/pkg/health"
-	"git.cacert.org/cacert-gosigner/pkg/hsm"
-	"git.cacert.org/cacert-gosigner/pkg/protocol"
-	"git.cacert.org/cacert-gosigner/pkg/seriallink"
+	"git.cacert.org/cacert-gosigner/internal/config"
+	"git.cacert.org/cacert-gosigner/internal/handler"
+	"git.cacert.org/cacert-gosigner/internal/health"
+	"git.cacert.org/cacert-gosigner/internal/hsm"
+	"git.cacert.org/cacert-gosigner/internal/serial"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
 )
 
 var (
@@ -93,16 +92,16 @@ func main() {
 
 	fetchCRLHandler := revoking.NewFetchCRLHandler(revokingRepositories)
 
-	proto, err := protocol.New(
+	proto, err := handler.New(
 		logger,
-		protocol.RegisterHealthHandler(healthHandler),
-		protocol.RegisterFetchCRLHandler(fetchCRLHandler),
+		handler.RegisterHealthHandler(healthHandler),
+		handler.RegisterFetchCRLHandler(fetchCRLHandler),
 	)
 	if err != nil {
 		logger.WithError(err).Fatal("could not setup protocol handler")
 	}
 
-	serialHandler, err := seriallink.New(caConfig.GetSerial(), logger, proto)
+	serialHandler, err := serial.New(caConfig.GetSerial(), logger, proto)
 	if err != nil {
 		logger.WithError(err).Fatal("could not setup serial link handler")
 	}

internal/config/config.go

@@ -31,9 +31,9 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/openssl"
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
-	"git.cacert.org/cacert-gosigner/pkg/x509/signing"
+	"git.cacert.org/cacert-gosigner/internal/x509/openssl"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
+	"git.cacert.org/cacert-gosigner/internal/x509/signing"
 )
 
 const minRSABits = 2048

internal/config/config_test.go

@@ -30,7 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"gopkg.in/yaml.v3"
 
-	"git.cacert.org/cacert-gosigner/pkg/config"
+	"git.cacert.org/cacert-gosigner/internal/config"
 )
 
 type TestCurve struct {

internal/handler/msgpack.go

@@ -15,7 +15,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package protocol
+package handler
 
 import (
 	"errors"
@@ -25,9 +25,11 @@ import (
 	"github.com/shamaton/msgpackgen/msgpack"
 	"github.com/sirupsen/logrus"
 
-	"git.cacert.org/cacert-gosigner/pkg/health"
+	"git.cacert.org/cacert-gosigner/pkg/protocol"
+
+	"git.cacert.org/cacert-gosigner/internal/health"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
 	"git.cacert.org/cacert-gosigner/pkg/messages"
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
 )
 
 // MsgPackHandler is a Handler implementation for the msgpack serialization format.
@@ -35,8 +37,8 @@ type MsgPackHandler struct {
 	logger          *logrus.Logger
 	healthHandler   *health.Handler
 	fetchCRLHandler *revoking.FetchCRLHandler
-	currentCommand  *Command
-	currentResponse *Response
+	currentCommand  *protocol.Command
+	currentResponse *protocol.Response
 	lock            sync.Mutex
 }
 
@@ -52,7 +54,7 @@ func (m *MsgPackHandler) HandleCommandAnnounce(frame []byte) error {
 
 	m.logger.WithField("announcement", &ann).Info("received command announcement")
 
-	m.currentCommand = &Command{Announce: &ann}
+	m.currentCommand = &protocol.Command{Announce: &ann}
 
 	return nil
 }
@@ -185,7 +187,7 @@ func (m *MsgPackHandler) handleCommand() error {
 		return fmt.Errorf("error from command handler: %w", err)
 	}
 
-	m.currentResponse = &Response{
+	m.currentResponse = &protocol.Response{
 		Announce: messages.BuildResponseAnnounce(responseCode, m.currentID()),
 		Response: responseData,
 	}
@@ -193,8 +195,8 @@ func (m *MsgPackHandler) handleCommand() error {
 	return nil
 }
 
-func (m *MsgPackHandler) buildErrorResponse(errMsg string) *Response {
-	return &Response{
+func (m *MsgPackHandler) buildErrorResponse(errMsg string) *protocol.Response {
+	return &protocol.Response{
 		Announce: messages.BuildResponseAnnounce(messages.RespError, m.currentID()),
 		Response: &messages.ErrorResponse{Message: errMsg},
 	}
@@ -253,7 +255,7 @@ func (m *MsgPackHandler) handleFetchCRLCommand() (*messages.FetchCRLResponse, er
 	return response, nil
 }
 
-func New(logger *logrus.Logger, handlers ...RegisterHandler) (Handler, error) {
+func New(logger *logrus.Logger, handlers ...RegisterHandler) (protocol.Handler, error) {
 	messages.RegisterGeneratedResolver()
 
 	h := &MsgPackHandler{

internal/hsm/context.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/ThalesIgnite/crypto11"
 
-	"git.cacert.org/cacert-gosigner/pkg/config"
+	"git.cacert.org/cacert-gosigner/internal/config"
 )
 
 type ConfigOption func(a *Access)

internal/hsm/context_test.go

@@ -29,8 +29,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"git.cacert.org/cacert-gosigner/pkg/config"
-	"git.cacert.org/cacert-gosigner/pkg/hsm"
+	"git.cacert.org/cacert-gosigner/internal/config"
+	"git.cacert.org/cacert-gosigner/internal/hsm"
 )
 
 func TestCaConfigOption(t *testing.T) {

internal/hsm/hsm.go

@@ -37,9 +37,8 @@ import (
 	"github.com/ThalesIgnite/crypto11"
 	"github.com/sirupsen/logrus"
 
-	"git.cacert.org/cacert-gosigner/pkg/health"
-
-	"git.cacert.org/cacert-gosigner/pkg/config"
+	"git.cacert.org/cacert-gosigner/internal/config"
+	"git.cacert.org/cacert-gosigner/internal/health"
 )
 
 var (

internal/hsm/hsm_test.go

@@ -26,8 +26,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"git.cacert.org/cacert-gosigner/pkg/config"
-	"git.cacert.org/cacert-gosigner/pkg/hsm"
+	"git.cacert.org/cacert-gosigner/internal/config"
+	"git.cacert.org/cacert-gosigner/internal/hsm"
 )
 
 func TestEnsureCAKeysAndCertificates_not_in_setup_mode(t *testing.T) {

internal/hsm/setup_test.go

@@ -24,7 +24,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 
-	"git.cacert.org/cacert-gosigner/pkg/hsm"
+	"git.cacert.org/cacert-gosigner/internal/hsm"
 )
 
 func TestEnsureCAKeysAndCertificates(t *testing.T) {

internal/serial/seriallink.go

@@ -16,7 +16,7 @@ limitations under the License.
 */
 
 // Package seriallink provides a handler for the serial connection of the signer machine.
-package seriallink
+package serial
 
 import (
 	"bytes"
@@ -30,7 +30,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/tarm/serial"
 
-	"git.cacert.org/cacert-gosigner/pkg/config"
+	"git.cacert.org/cacert-gosigner/internal/config"
 	"git.cacert.org/cacert-gosigner/pkg/protocol"
 )
 

internal/x509/helper/helper_test.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/helper"
+	"git.cacert.org/cacert-gosigner/internal/x509/helper"
 )
 
 func TestGenerateRandomSerial(t *testing.T) {

internal/x509/openssl/repository.go

@@ -31,7 +31,7 @@ import (
 	"sync"
 	"time"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
 )
 
 const TimeSpec = "060102030405Z"

internal/x509/openssl/repository_test.go

@@ -31,8 +31,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/openssl"
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
+	"git.cacert.org/cacert-gosigner/internal/x509/openssl"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
 )
 
 func TestStoreRevocation(t *testing.T) {

internal/x509/revoking/revoking_test.go

@@ -31,9 +31,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/helper"
+	"git.cacert.org/cacert-gosigner/internal/x509/helper"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
+	"git.cacert.org/cacert-gosigner/internal/x509/revoking"
 )
 
 func randomSerial(t *testing.T) *big.Int {
@@ -181,15 +181,15 @@ func TestX509Revoking_CreateCRL(t *testing.T) {
 	assert.NotNil(t, crl)
 	assert.NotEmpty(t, crl.CRL)
 
-	parsedCRL, err := x509.ParseCRL(crl.CRL)
+	parsedCRL, err := x509.ParseRevocationList(crl.CRL)
 
 	assert.NoError(t, err)
 
-	assert.ElementsMatch(t, certificate.Subject.ToRDNSequence(), parsedCRL.TBSCertList.Issuer)
+	assert.ElementsMatch(t, certificate.Subject.ToRDNSequence(), parsedCRL.Issuer.ToRDNSequence())
 
 	var found bool
 
-	for _, item := range parsedCRL.TBSCertList.RevokedCertificates {
+	for _, item := range parsedCRL.RevokedCertificates {
 		if item.SerialNumber.Cmp(serial) == 0 {
 			found = true
 

internal/x509/signing/signing_test.go

@@ -30,9 +30,8 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"git.cacert.org/cacert-gosigner/pkg/x509/helper"
-
-	"git.cacert.org/cacert-gosigner/pkg/x509/signing"
+	"git.cacert.org/cacert-gosigner/internal/x509/helper"
+	"git.cacert.org/cacert-gosigner/internal/x509/signing"
 )
 
 func randomSerial(t *testing.T) *big.Int {