diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 887591585..b09f3bf09 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -9,7 +9,7 @@ jobs: - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: "go.mod" - - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + - uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 - name: Run go vet run: | go vet ./... diff --git a/internal/jose/jose.go b/internal/jose/jose.go index 5c04191db..f9c84b841 100644 --- a/internal/jose/jose.go +++ b/internal/jose/jose.go @@ -125,7 +125,7 @@ func Algorithms(ctx context.Context, t *testing.T) (*AlgorithmSet, error) { func GenerateJwk(ctx context.Context, t *testing.T, template string) (string, func(), error) { t.Helper() - file, cleanup, err := jwxtest.CreateTempFile("jwx-jose-key-*.jwk") + file, cleanup, err := jwxtest.CreateTempFile(t.TempDir(), "jwx-jose-key-*.jwk") if err != nil { return "", nil, fmt.Errorf(`failed to create temporary file: %w`, err) } @@ -158,7 +158,7 @@ func EncryptJwe(ctx context.Context, t *testing.T, payload []byte, alg string, k var pfile string if len(payload) > 0 { - fn, pcleanup, perr := jwxtest.WriteFile("jwx-jose-payload-*", bytes.NewReader(payload)) + fn, pcleanup, perr := jwxtest.WriteFile(t.TempDir(), "jwx-jose-payload-*", bytes.NewReader(payload)) if perr != nil { return "", nil, fmt.Errorf(`failed to write payload to file: %w`, perr) } @@ -168,7 +168,7 @@ func EncryptJwe(ctx context.Context, t *testing.T, payload []byte, alg string, k defer pcleanup() } - ofile, ocleanup, oerr := jwxtest.CreateTempFile(`jwx-jose-key-*.jwe`) + ofile, ocleanup, oerr := jwxtest.CreateTempFile(t.TempDir(), `jwx-jose-key-*.jwe`) if oerr != nil { return "", nil, fmt.Errorf(`failed to create temporary file: %w`, oerr) } @@ -205,7 +205,7 @@ func DecryptJwe(ctx context.Context, t *testing.T, cfile, kfile string) ([]byte, func FmtJwe(ctx context.Context, t *testing.T, data []byte) ([]byte, error) { t.Helper() - fn, pcleanup, perr := jwxtest.WriteFile("jwx-jose-fmt-data-*", bytes.NewReader(data)) + fn, pcleanup, perr := jwxtest.WriteFile(t.TempDir(), "jwx-jose-fmt-data-*", bytes.NewReader(data)) if perr != nil { return nil, fmt.Errorf(`failed to write data to file: %w`, perr) } @@ -237,7 +237,7 @@ func SignJws(ctx context.Context, t *testing.T, payload []byte, keyfile string, var pfile string if len(payload) > 0 { - fn, pcleanup, perr := jwxtest.WriteFile("jwx-jose-payload-*", bytes.NewReader(payload)) + fn, pcleanup, perr := jwxtest.WriteFile(t.TempDir(), "jwx-jose-payload-*", bytes.NewReader(payload)) if perr != nil { return "", nil, fmt.Errorf(`failed to write payload to file: %w`, perr) } @@ -247,7 +247,7 @@ func SignJws(ctx context.Context, t *testing.T, payload []byte, keyfile string, defer pcleanup() } - ofile, ocleanup, oerr := jwxtest.CreateTempFile(`jwx-jose-sig-*.jws`) + ofile, ocleanup, oerr := jwxtest.CreateTempFile(t.TempDir(), `jwx-jose-sig-*.jws`) if oerr != nil { return "", nil, fmt.Errorf(`failed to create temporary file: %w`, oerr) } diff --git a/internal/jwxtest/jwxtest.go b/internal/jwxtest/jwxtest.go index 62fee9594..70240b8cb 100644 --- a/internal/jwxtest/jwxtest.go +++ b/internal/jwxtest/jwxtest.go @@ -135,8 +135,8 @@ func GenerateX25519Jwk() (jwk.Key, error) { return k, nil } -func WriteFile(template string, src io.Reader) (string, func(), error) { - file, cleanup, err := CreateTempFile(template) +func WriteFile(dir, template string, src io.Reader) (string, func(), error) { + file, cleanup, err := CreateTempFile(dir, template) if err != nil { return "", nil, fmt.Errorf(`failed to create temporary file: %w`, err) } @@ -153,14 +153,14 @@ func WriteFile(template string, src io.Reader) (string, func(), error) { return file.Name(), cleanup, nil } -func WriteJSONFile(template string, v interface{}) (string, func(), error) { +func WriteJSONFile(dir, template string, v interface{}) (string, func(), error) { var buf bytes.Buffer enc := json.NewEncoder(&buf) if err := enc.Encode(v); err != nil { return "", nil, fmt.Errorf(`failed to encode object to JSON: %w`, err) } - return WriteFile(template, &buf) + return WriteFile(dir, template, &buf) } func DumpFile(t *testing.T, file string) { @@ -206,8 +206,8 @@ func DumpFile(t *testing.T, file string) { t.Logf("=== END %s (formatted JSON) ===", file) } -func CreateTempFile(template string) (*os.File, func(), error) { - file, err := os.CreateTemp("", template) +func CreateTempFile(dir, template string) (*os.File, func(), error) { + file, err := os.CreateTemp(dir, template) if err != nil { return nil, nil, fmt.Errorf(`failed to create temporary file: %w`, err) } @@ -268,7 +268,7 @@ func DecryptJweFile(ctx context.Context, file string, alg jwa.KeyEncryptionAlgor return jwe.Decrypt(buf, jwe.WithKey(alg, rawkey)) } -func EncryptJweFile(ctx context.Context, payload []byte, keyalg jwa.KeyEncryptionAlgorithm, keyfile string, contentalg jwa.ContentEncryptionAlgorithm, compressalg jwa.CompressionAlgorithm) (string, func(), error) { +func EncryptJweFile(ctx context.Context, dir string, payload []byte, keyalg jwa.KeyEncryptionAlgorithm, keyfile string, contentalg jwa.ContentEncryptionAlgorithm, compressalg jwa.CompressionAlgorithm) (string, func(), error) { key, err := ParseJwkFile(ctx, keyfile) if err != nil { return "", nil, fmt.Errorf(`failed to parse keyfile %s: %w`, keyfile, err) @@ -302,7 +302,7 @@ func EncryptJweFile(ctx context.Context, payload []byte, keyalg jwa.KeyEncryptio return "", nil, fmt.Errorf(`failed to encrypt payload: %w`, err) } - return WriteFile("jwx-test-*.jwe", bytes.NewReader(buf)) + return WriteFile(dir, "jwx-test-*.jwe", bytes.NewReader(buf)) } func VerifyJwsFile(ctx context.Context, file string, alg jwa.SignatureAlgorithm, jwkfile string) ([]byte, error) { @@ -333,7 +333,7 @@ func VerifyJwsFile(ctx context.Context, file string, alg jwa.SignatureAlgorithm, return jws.Verify(buf, jws.WithKey(alg, pubkey)) } -func SignJwsFile(ctx context.Context, payload []byte, alg jwa.SignatureAlgorithm, keyfile string) (string, func(), error) { +func SignJwsFile(ctx context.Context, dir string, payload []byte, alg jwa.SignatureAlgorithm, keyfile string) (string, func(), error) { key, err := ParseJwkFile(ctx, keyfile) if err != nil { return "", nil, fmt.Errorf(`failed to parse keyfile %s: %w`, keyfile, err) @@ -344,5 +344,5 @@ func SignJwsFile(ctx context.Context, payload []byte, alg jwa.SignatureAlgorithm return "", nil, fmt.Errorf(`failed to sign payload: %w`, err) } - return WriteFile("jwx-test-*.jws", bytes.NewReader(buf)) + return WriteFile(dir, "jwx-test-*.jws", bytes.NewReader(buf)) } diff --git a/jwe/jwe_test.go b/jwe/jwe_test.go index 4bea6d761..f3b94b2eb 100644 --- a/jwe/jwe_test.go +++ b/jwe/jwe_test.go @@ -535,7 +535,7 @@ func TestGHIssue230(t *testing.T) { func TestReadFile(t *testing.T) { const s = `eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A.XFBoMYUZodetZdvTiFvSkQ` - f, err := os.CreateTemp("", "test-read-file-*.jwe") + f, err := os.CreateTemp(t.TempDir(), "test-read-file-*.jwe") require.NoError(t, err, `os.CreateTemp should succeed`) defer f.Close() diff --git a/jwe/speed_test.go b/jwe/speed_test.go index 9db6f6d8e..2468c3ffc 100644 --- a/jwe/speed_test.go +++ b/jwe/speed_test.go @@ -8,14 +8,14 @@ import ( var s = []byte(`eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A.XFBoMYUZodetZdvTiFvSkQ`) func BenchmarkSplitLib(b *testing.B) { - for i := 0; i < b.N; i++ { + for range b.N { SplitLib(s) } } func BenchmarkSplitManual(b *testing.B) { ret := make([][]byte, 5) - for i := 0; i < b.N; i++ { + for range b.N { SplitManual(ret, s) } } diff --git a/jws/jws_test.go b/jws/jws_test.go index d38e1b5bf..89d53b5b1 100644 --- a/jws/jws_test.go +++ b/jws/jws_test.go @@ -923,7 +923,7 @@ func TestDecode_ES384Compact_NoSigTrim(t *testing.T) { func TestReadFile(t *testing.T) { t.Parallel() - f, err := os.CreateTemp("", "test-read-file-*.jws") + f, err := os.CreateTemp(t.TempDir(), "test-read-file-*.jws") require.NoError(t, err, `io.CreateTemp should succeed`) defer f.Close() diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go index 95f0323d0..4b7b5cb8d 100644 --- a/jwt/jwt_test.go +++ b/jwt/jwt_test.go @@ -614,7 +614,7 @@ func TestSignTyp(t *testing.T) { func TestReadFile(t *testing.T) { t.Parallel() - f, err := os.CreateTemp("", "test-read-file-*.jwt") + f, err := os.CreateTemp(t.TempDir(), "test-read-file-*.jwt") require.NoError(t, err, `os.CreateTemp should succeed`) defer f.Close() diff --git a/jwx_test.go b/jwx_test.go index f7133fe49..ae88bbd21 100644 --- a/jwx_test.go +++ b/jwx_test.go @@ -78,8 +78,6 @@ func TestDecoderSetting(t *testing.T) { // Test compatibility against `jose` tool func TestJoseCompatibility(t *testing.T) { - t.Parallel() - if testing.Short() { t.Logf("Skipped during short tests") return @@ -90,8 +88,10 @@ func TestJoseCompatibility(t *testing.T) { return } + jwe.Settings(jwe.WithMaxPBES2Count(32768)) + t.Cleanup(func() { jwe.WithMaxPBES2Count(10000) }) + t.Run("jwk", func(t *testing.T) { - t.Parallel() testcases := []struct { Name string Raw interface{} @@ -127,8 +127,6 @@ func TestJoseCompatibility(t *testing.T) { for _, tc := range testcases { t.Run(tc.Name, func(t *testing.T) { - t.Parallel() - ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -152,8 +150,6 @@ func TestJoseCompatibility(t *testing.T) { // In order to avoid doing this in an ad-hoc way, we're just going to // ask our jose package for the algorithms that it supports, and generate // the list dynamically - - t.Parallel() ctx, cancel := context.WithCancel(context.Background()) defer cancel() set, err := jose.Algorithms(ctx, t) @@ -203,7 +199,6 @@ func TestJoseCompatibility(t *testing.T) { for _, test := range tests { t.Run(fmt.Sprintf("%s-%s", test.alg, test.enc), func(t *testing.T) { - t.Parallel() ctx, cancel := context.WithCancel(context.Background()) defer cancel() joseInteropTest(ctx, test, t) @@ -211,7 +206,6 @@ func TestJoseCompatibility(t *testing.T) { } }) t.Run("jws", func(t *testing.T) { - t.Parallel() tests := []jwa.SignatureAlgorithm{ jwa.ES256(), //jwa.ES256K, @@ -289,7 +283,7 @@ func joseInteropTest(ctx context.Context, spec interopTest, t *testing.T) { require.Equal(t, expected, payload, `decrypted payloads should match`) }) t.Run("Encrypt with jwx, Decrypt with jose", func(t *testing.T) { - jwxCryptFile, jwxCryptCleanup, err := jwxtest.EncryptJweFile(ctx, expected, spec.alg, joseJwkFile, spec.enc, jwa.NoCompress()) + jwxCryptFile, jwxCryptCleanup, err := jwxtest.EncryptJweFile(ctx, t.TempDir(), expected, spec.alg, joseJwkFile, spec.enc, jwa.NoCompress()) require.NoError(t, err, `jwxtest.EncryptJweFile should succeed`) defer jwxCryptCleanup() @@ -325,7 +319,7 @@ func joseJwsInteropTest(ctx context.Context, alg jwa.SignatureAlgorithm, t *test require.Equal(t, expected, payload, `decrypted payloads should match`) }) t.Run("Sign with jwx, Verify with jose", func(t *testing.T) { - jwxCryptFile, jwxCryptCleanup, err := jwxtest.SignJwsFile(ctx, expected, alg, joseJwkFile) + jwxCryptFile, jwxCryptCleanup, err := jwxtest.SignJwsFile(ctx, t.TempDir(), expected, alg, joseJwkFile) require.NoError(t, err, `jwxtest.SignJwsFile should succeed`) defer jwxCryptCleanup()