chore: upgrade golangci-lint and config

kernle32dll · kernle32dll · commit 2005f73cfe71 · 2022-01-02T23:54:58.000+01:00
Also adds some clarifying documentation for usage of deprecated PEM encryption methods.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -10,4 +10,4 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v2
         with:
-          version: v1.41.1
+          version: v1.43.0
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -0,0 +1,8 @@
+run:
+  timeout: 10m
+  issues-exit-code: 0
+  tests: false
+  allow-parallel-runners: true
+
+issues:
+  exclude-use-default: false
diff --git a/certificate.go b/certificate.go
@@ -52,15 +52,18 @@ func ParseCertificateFromPEMBytes(pemBytes []byte) (*x509.Certificate, error) {
 // Will return ErrCertificateMustBePEMEncoded if the given byte array is not a valid PEM block, or
 // ErrUnknownEncryption if the byte array was encrypted in an unknown format, or not encrypted
 // at all.
+// Note: Usage of RFC 1423 encrypted PEM blocks is deprecated since Go 1.16!
 func ParseCertificateFromEncryptedPEMBytes(pemBytes []byte, password []byte) (*x509.Certificate, error) {
 	var block *pem.Block
 	if block, _ = pem.Decode(pemBytes); block == nil {
 		return nil, ErrCertificateMustBePEMEncoded
 	}
 
 	var blockDecrypted []byte
+	// nolint: staticcheck: Just passing through - deprecation is communicated in function signature
 	if x509.IsEncryptedPEMBlock(block) {
 		var err error
+		// nolint: staticcheck
 		if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {
 			return nil, err
 		}
diff --git a/privatekey.go b/privatekey.go
@@ -59,15 +59,18 @@ func ParsePrivateKeyFromPEMBytes(pemBytes []byte) (crypto.PrivateKey, error) {
 // Will return ErrKeyMustBePEMEncoded if the given byte array is not a valid PEM block, or
 // ErrUnknownEncryption if the byte array was encrypted in an unknown format, or not encrypted
 // at all.
+// Note: Usage of RFC 1423 encrypted PEM blocks is deprecated since Go 1.16! Use PKCS #8 instead.
 func ParsePrivateKeyFromEncryptedPEMBytes(pemBytes []byte, password []byte) (crypto.PrivateKey, error) {
 	var block *pem.Block
 	if block, _ = pem.Decode(pemBytes); block == nil {
 		return nil, ErrKeyMustBePEMEncoded
 	}
 
 	var blockDecrypted []byte
+	// nolint: staticcheck: Just passing through - deprecation is communicated in function signature
 	if x509.IsEncryptedPEMBlock(block) {
 		var err error
+		// nolint: staticcheck
 		if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {
 			return nil, err
 		}
diff --git a/publickey.go b/publickey.go
@@ -50,15 +50,18 @@ func ParsePublicKeyFromPEMBytes(pemBytes []byte) (crypto.PublicKey, error) {
 // Will return ErrKeyMustBePEMEncoded if the given byte array is not a valid PEM block, or
 // ErrUnknownEncryption if the byte array was encrypted in an unknown format, or not encrypted
 // at all.
+// Note: Usage of RFC 1423 encrypted PEM blocks is deprecated since Go 1.16!
 func ParsePublicKeyFromEncryptedPEMBytes(pemBytes []byte, password []byte) (crypto.PublicKey, error) {
 	var block *pem.Block
 	if block, _ = pem.Decode(pemBytes); block == nil {
 		return nil, ErrKeyMustBePEMEncoded
 	}
 
 	var blockDecrypted []byte
+	// nolint: staticcheck: Just passing through - deprecation is communicated in function signature
 	if x509.IsEncryptedPEMBlock(block) {
 		var err error
+		// nolint: staticcheck
 		if blockDecrypted, err = x509.DecryptPEMBlock(block, password); err != nil {
 			return nil, err
 		}
