backport: Update golangci lint (#679) (#680)

* Update golangci lint (#679)

* Update linter and rules

* silence errors in test tools

* fix forcetypeassert linting problems

* appease linter

* tweaks

* disable gomoddirectives

.github/workflows/lint.yml

@@ -8,7 +8,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: golangci/golangci-lint-action@v2
         with:
-          version: v1.41.1
+          version: v1.45.2
       - name: Run go vet
         run: |
           go vet ./...

.golangci.yml

@@ -28,11 +28,14 @@ linters:
     - gofumpt
     - golint #deprecated
     - gomnd
+    - gomoddirectives # I think it's broken
     - gosec
     - govet
     - interfacer # deprecated
     - ifshort
+    - ireturn # No, I _LIKE_ returning interfaces
     - lll
+    - maintidx # Do this in code review
     - maligned # deprecated
     - makezero
     - nakedret
@@ -42,7 +45,8 @@ linters:
     - scopelint # deprecated
     - tagliatelle
     - testpackage
-    - thelper
+    - thelper    # Tests are fine
+    - varnamelen # Short names are ok
     - wrapcheck
     - wsl
 
@@ -63,9 +67,15 @@ issues:
     - path: internal/codegen/codegen.go
       linters:
         - errcheck
+    - path: internal/jwxtest/jwxtest.go
+      linters:
+        - errcheck
+        - errchkjson
+        - forcetypeassert
     - path: /*_test.go
       linters:
         - errcheck
+        - errchkjson
         - forcetypeassert
     - path: /*_example_test.go
       linters:

cmd/jwx/key.jwk

@@ -0,0 +1,6 @@
+{
+  "crv": "Ed25519",
+  "d": "OJwlw3P0dqt7i7zInqap0ifDj0iVVSRmexe4lzNrXc4",
+  "kty": "OKP",
+  "x": "14sVO4wa1ZKZ5w5cbiZiwjXeDkEJia_7A6OvJEwGRHA"
+}

cmd/jwx/message.jws

@@ -0,0 +1 @@
+eyJhbGciOiJFZERTQSJ9.aGVsbG8.ttC4S9aCLoCFPzMpqJVMrcfE-Xc9_4bI6f79AD6ZheNBrSXwvJRS3SMK6LID8scZOvhdjv_iOF5t0KaX6kIFDw

examples/hoge.jwk

@@ -0,0 +1,11 @@
+     {"kty":"RSA",
+      "n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ",
+      "e":"AQAB",
+      "d":"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97IjlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYTCBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLhBOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ",
+      "p":"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdiYrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPGBY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc",
+"q":"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxaewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc",
+ "dp":"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3QCLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0",
+      "dq":"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-kyNlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU",
+      "qi":"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2oy26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLUW0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U"
+     }
+

go.mod

@@ -15,4 +15,4 @@ require (
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
 )
 
-retract v1.2.16
+retract v1.2.16 // Packaging problems.

internal/ecutil/ecutil.go

@@ -61,6 +61,7 @@ var ecpointBufferPool = sync.Pool{
 }
 
 func getCrvFixedBuffer(size int) []byte {
+	//nolint:forcetypeassert
 	buf := *(ecpointBufferPool.Get().(*[]byte))
 	if size > ec521BufferSize && cap(buf) < size {
 		buf = append(buf, make([]byte, size-cap(buf))...)

internal/iter/mapiter.go

@@ -22,6 +22,7 @@ func (fn MapVisitorFunc) Visit(s string, v interface{}) error {
 
 func WalkMap(ctx context.Context, src mapiter.Source, visitor MapVisitor) error {
 	return mapiter.Walk(ctx, src, mapiter.VisitorFunc(func(k, v interface{}) error {
+		//nolint:forcetypeassert
 		return visitor.Visit(k.(string), v)
 	}))
 }

internal/json/stdlib.go

@@ -1,3 +1,4 @@
+//go:build !jwx_goccy
 // +build !jwx_goccy
 
 package json

internal/jwxtest/jwxtest.go

@@ -88,7 +88,6 @@ func GenerateEcdsaPublicJwk() (jwk.Key, error) {
 
 func GenerateSymmetricKey() []byte {
 	sharedKey := make([]byte, 64)
-	//nolint:errcheck
 	rand.Read(sharedKey)
 	return sharedKey
 }

internal/pool/pool.go

@@ -15,6 +15,7 @@ func allocBytesBuffer() interface{} {
 }
 
 func GetBytesBuffer() *bytes.Buffer {
+	//nolint:forcetypeassert
 	return bytesBufferPool.Get().(*bytes.Buffer)
 }
 
@@ -32,6 +33,7 @@ func allocBigInt() interface{} {
 }
 
 func GetBigInt() *big.Int {
+	//nolint:forcetypeassert
 	return bigIntPool.Get().(*big.Int)
 }
 
@@ -48,6 +50,7 @@ func allocKeyToErrorMap() interface{} {
 }
 
 func GetKeyToErrorMap() map[string]error {
+	//nolint:forcetypeassert
 	return keyToErrorMapPool.Get().(map[string]error)
 }
 

jwe/encrypt.go

@@ -16,6 +16,7 @@ var encryptCtxPool = sync.Pool{
 }
 
 func getEncryptCtx() *encryptCtx {
+	//nolint:forcetypeassert
 	return encryptCtxPool.Get().(*encryptCtx)
 }
 

jwe/headers.go

@@ -71,8 +71,10 @@ func (h *stdHeaders) Clone(ctx context.Context) (Headers, error) {
 
 func (h *stdHeaders) Copy(ctx context.Context, dst Headers) error {
 	for _, pair := range h.makePairs() {
-		if err := dst.Set(pair.Key.(string), pair.Value); err != nil {
-			return errors.Wrapf(err, `failed to set header`)
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return errors.Wrapf(err, `failed to set header %q`, key)
 		}
 	}
 	return nil

jwe/internal/cipher/cipher.go

@@ -96,10 +96,8 @@ func (c AesContentCipher) Encrypt(cek, plaintext, aad []byte) (iv, ciphertext, t
 			switch e := e.(type) {
 			case error:
 				err = e
-			case string:
-				err = errors.New(e)
 			default:
-				err = fmt.Errorf("%s", e)
+				err = errors.Errorf("%s", e)
 			}
 			err = errors.Wrap(err, "failed to encrypt")
 		}
@@ -142,10 +140,8 @@ func (c AesContentCipher) Decrypt(cek, iv, ciphertxt, tag, aad []byte) (plaintex
 			switch e := e.(type) {
 			case error:
 				err = e
-			case string:
-				err = errors.New(e)
 			default:
-				err = fmt.Errorf("%s", e)
+				err = errors.Errorf("%s", e)
 			}
 			err = errors.Wrap(err, "failed to decrypt")
 			return

jwe/message.go

@@ -395,8 +395,10 @@ func (m *Message) UnmarshalJSON(buf []byte) error {
 		m.rawProtectedHeaders = base64.Encode(protectedHeadersRaw)
 	}
 
-	if !proxy.UnprotectedHeaders.(isZeroer).isZero() {
-		m.unprotectedHeaders = proxy.UnprotectedHeaders
+	if iz, ok := proxy.UnprotectedHeaders.(isZeroer); ok {
+		if !iz.isZero() {
+			m.unprotectedHeaders = proxy.UnprotectedHeaders
+		}
 	}
 
 	if len(m.recipients) == 0 {

jwk/ecdsa.go

@@ -149,8 +149,10 @@ func makeECDSAPublicKey(v interface {
 		case ECDSADKey:
 			continue
 		default:
-			if err := newKey.Set(pair.Key.(string), pair.Value); err != nil {
-				return nil, errors.Wrapf(err, `failed to set field %s`, pair.Key)
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, errors.Wrapf(err, `failed to set field %q`, key)
 			}
 		}
 	}

jwk/jwk.go

@@ -624,8 +624,10 @@ func cloneKey(src Key) (Key, error) {
 	}
 
 	for _, pair := range src.makePairs() {
-		if err := dst.Set(pair.Key.(string), pair.Value); err != nil {
-			return nil, errors.Wrapf(err, `failed to set %s`, pair.Key.(string))
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return nil, errors.Wrapf(err, `failed to set %q`, key)
 		}
 	}
 	return dst, nil

jwk/okp.go

@@ -85,6 +85,7 @@ func buildOKPPrivateKey(alg jwa.EllipticCurveAlgorithm, xbuf []byte, dbuf []byte
 	switch alg {
 	case jwa.Ed25519:
 		ret := ed25519.NewKeyFromSeed(dbuf)
+		//nolint:forcetypeassert
 		if !bytes.Equal(xbuf, ret.Public().(ed25519.PublicKey)) {
 			return nil, errors.Errorf(`invalid x value given d value`)
 		}
@@ -94,6 +95,7 @@ func buildOKPPrivateKey(alg jwa.EllipticCurveAlgorithm, xbuf []byte, dbuf []byte
 		if err != nil {
 			return nil, errors.Wrap(err, `unable to construct x25519 private key from seed`)
 		}
+		//nolint:forcetypeassert
 		if !bytes.Equal(xbuf, ret.Public().(x25519.PublicKey)) {
 			return nil, errors.Errorf(`invalid x value given d value`)
 		}
@@ -126,8 +128,10 @@ func makeOKPPublicKey(v interface {
 		case OKPDKey:
 			continue
 		default:
-			if err := newKey.Set(pair.Key.(string), pair.Value); err != nil {
-				return nil, errors.Wrapf(err, `failed to set field %s`, pair.Key)
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, errors.Wrapf(err, `failed to set field %q`, key)
 			}
 		}
 	}

jwk/rsa.go

@@ -183,8 +183,10 @@ func makeRSAPublicKey(v interface {
 		case RSADKey, RSADPKey, RSADQKey, RSAPKey, RSAQKey, RSAQIKey:
 			continue
 		default:
-			if err := newKey.Set(pair.Key.(string), pair.Value); err != nil {
-				return nil, errors.Wrapf(err, `failed to set field %s`, pair.Key)
+			//nolint:forcetypeassert
+			key := pair.Key.(string)
+			if err := newKey.Set(key, pair.Value); err != nil {
+				return nil, errors.Wrapf(err, `failed to set field %q`, key)
 			}
 		}
 	}

jwk/symmetric.go

@@ -51,8 +51,10 @@ func (k *symmetricKey) PublicKey() (Key, error) {
 	newKey := NewSymmetricKey()
 
 	for _, pair := range k.makePairs() {
-		if err := newKey.Set(pair.Key.(string), pair.Value); err != nil {
-			return nil, errors.Wrapf(err, `failed to set field %s`, pair.Key)
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := newKey.Set(key, pair.Value); err != nil {
+			return nil, errors.Wrapf(err, `failed to set field %q`, key)
 		}
 	}
 	return newKey, nil

jws/headers.go

@@ -36,8 +36,10 @@ func (h *stdHeaders) AsMap(ctx context.Context) (map[string]interface{}, error)
 
 func (h *stdHeaders) Copy(ctx context.Context, dst Headers) error {
 	for _, pair := range h.makePairs() {
-		if err := dst.Set(pair.Key.(string), pair.Value); err != nil {
-			return errors.Wrapf(err, `failed to set header`)
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return errors.Wrapf(err, `failed to set header %q`, key)
 		}
 	}
 	return nil

jws/jws.go

@@ -165,6 +165,7 @@ func Sign(payload []byte, alg jwa.SignatureAlgorithm, key interface{}, options .
 func SignMulti(payload []byte, options ...Option) ([]byte, error) {
 	var signers []*payloadSigner
 	for _, o := range options {
+		//nolint:forcetypeassert
 		switch o.Ident() {
 		case identPayloadSigner{}:
 			signers = append(signers, o.Value().(*payloadSigner))

jws/message.go

@@ -81,10 +81,12 @@ func (s *Signature) UnmarshalJSON(data []byte) error {
 		}
 
 		prt := NewHeaders()
+		//nolint:forcetypeassert
 		prt.(*stdHeaders).SetDecodeCtx(s.DecodeCtx())
 		if err := json.Unmarshal(src, prt); err != nil {
 			return errors.Wrap(err, `failed to unmarshal protected headers`)
 		}
+		//nolint:forcetypeassert
 		prt.(*stdHeaders).SetDecodeCtx(nil)
 		s.protected = prt
 	}
@@ -305,10 +307,12 @@ func (m *Message) UnmarshalJSON(buf []byte) error {
 				return errors.Wrap(err, `failed to base64 decode flattened protected headers`)
 			}
 			prt := NewHeaders()
+			//nolint:forcetypeassert
 			prt.(*stdHeaders).SetDecodeCtx(m.DecodeCtx())
 			if err := json.Unmarshal(decoded, prt); err != nil {
 				return errors.Wrap(err, `failed to unmarshal flattened protected headers`)
 			}
+			//nolint:forcetypeassert
 			prt.(*stdHeaders).SetDecodeCtx(nil)
 			sig.protected = prt
 		}

jwt/http.go

@@ -63,6 +63,7 @@ func ParseRequest(req *http.Request, options ...ParseOption) (Token, error) {
 	var formkeys []string
 	var parseOptions []ParseOption
 	for _, option := range options {
+		//nolint:forcetypeassert
 		switch option.Ident() {
 		case identHeaderKey{}:
 			hdrkeys = append(hdrkeys, option.Value().(string))

jwt/jwt.go

@@ -529,8 +529,10 @@ func (t *stdToken) Clone() (Token, error) {
 	dst := New()
 
 	for _, pair := range t.makePairs() {
-		if err := dst.Set(pair.Key.(string), pair.Value); err != nil {
-			return nil, errors.Wrapf(err, `failed to set %s`, pair.Key.(string))
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return nil, errors.Wrapf(err, `failed to set %s`, key)
 		}
 	}
 	return dst, nil

jwt/openid/openid.go

@@ -19,8 +19,10 @@ func (t *stdToken) Clone() (jwt.Token, error) {
 	var dst jwt.Token = New()
 
 	for _, pair := range t.makePairs() {
-		if err := dst.Set(pair.Key.(string), pair.Value); err != nil {
-			return nil, errors.Wrapf(err, `failed to set %s`, pair.Key.(string))
+		//nolint:forcetypeassert
+		key := pair.Key.(string)
+		if err := dst.Set(key, pair.Value); err != nil {
+			return nil, errors.Wrapf(err, `failed to set %s`, key)
 		}
 	}
 	return dst, nil

jwt/validate.go

@@ -204,6 +204,7 @@ func SetValidationCtxClock(ctx context.Context, cl Clock) context.Context {
 // the current validation context. This value will always be available
 // during validation of tokens.
 func ValidationCtxClock(ctx context.Context) Clock {
+	//nolint:forcetypeassert
 	return ctx.Value(identValidationCtxClock{}).(Clock)
 }
 
@@ -212,6 +213,7 @@ func SetValidationCtxSkew(ctx context.Context, dur time.Duration) context.Contex
 }
 
 func ValidationCtxSkew(ctx context.Context) time.Duration {
+	//nolint:forcetypeassert
 	return ctx.Value(identValidationCtxSkew{}).(time.Duration)
 }