rinchsan · rinchsan · Oct 9, 2021 · Sep 20, 2021 · Oct 9, 2021 · Oct 9, 2021
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -19,7 +19,7 @@ jobs:
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v2
         with:
-          version: v1.37
+          version: v1.42
       - name: Run gosec
         run: go run github.com/securego/gosec/v2/cmd/gosec@latest ./...
 

diff --git a/.golangci.yml b/.golangci.yml
@@ -2,5 +2,12 @@ run:
   timeout: 1m
   tests: false
 
+linters-settings:
+  tagliatelle:
+    case:
+      use-field-name: true
+      rules:
+        json: snake
+
 linters:
   enable-all: true
diff --git a/credential.go b/credential.go
@@ -50,7 +50,12 @@ func NewCredentialBytes(raw []byte) Credential {
 }
 
 func (cred credentialBytes) key() (*ecdsa.PrivateKey, error) {
-	return ecc.ReadPrivate(cred.raw)
+	key, err := ecc.ReadPrivate(cred.raw)
+	if err != nil {
+		return nil, fmt.Errorf("ecc: %w", err)
+	}
+
+	return key, nil
 }
 
 type credentialString struct {

diff --git a/credential_test.go b/credential_test.go
@@ -124,9 +124,15 @@ func TestCredentialBytes_key(t *testing.T) {
 
 	cases := map[string]struct {
 		filename string
+		noErr    bool
 	}{
 		"valid filename": {
 			filename: "revoked_private_key.p8",
+			noErr:    true,
+		},
+		"invalid private key": {
+			filename: "invalid_private_key.p8",
+			noErr:    false,
 		},
 	}
 
@@ -143,11 +149,20 @@ func TestCredentialBytes_key(t *testing.T) {
 			cred := NewCredentialBytes(raw)
 			key, err := cred.key()
 
-			if err != nil {
-				t.Errorf("want 'nil', got '%+v'", err)
-			}
-			if key == nil {
-				t.Error("want 'not nil', got 'nil'")
+			if c.noErr {
+				if err != nil {
+					t.Errorf("want 'nil', got '%+v'", err)
+				}
+				if key == nil {
+					t.Error("want 'not nil', got 'nil'")
+				}
+			} else {
+				if err == nil {
+					t.Error("want 'not nil', got 'nil'")
+				}
+				if key != nil {
+					t.Errorf("want 'nil', got '%+v'", key)
+				}
 			}
 		})
 	}

diff --git a/invalid_private_key.p8 b/invalid_private_key.p8
@@ -0,0 +1,3 @@
+-----BEGIN EC PRIVATE KEY-----
+invalid
+-----END EC PRIVATE KEY-----
diff --git a/jwt.go b/jwt.go
@@ -3,6 +3,7 @@ package devicecheck
 import (
 	"crypto/ecdsa"
 	"encoding/json"
+	"fmt"
 	"time"
 
 	jose "github.com/dvsekhvalnov/jose2go"
@@ -34,5 +35,10 @@ func (jwt jwt) generate(key *ecdsa.PrivateKey) (string, error) {
 		"kid": jwt.keyID,
 	}
 
-	return jose.Sign(string(claimsJSON), jose.ES256, key, jose.Headers(headers))
+	token, err := jose.Sign(string(claimsJSON), jose.ES256, key, jose.Headers(headers))
+	if err != nil {
+		return "", fmt.Errorf("jose: %w", err)
+	}
+
+	return token, nil
 }
diff --git a/query.go b/query.go
@@ -33,7 +33,12 @@ type Time struct {
 const timeFormat = "2006-01"
 
 func (t Time) MarshalJSON() ([]byte, error) {
-	return json.Marshal(t.Format(timeFormat))
+	b, err := json.Marshal(t.Format(timeFormat))
+	if err != nil {
+		return nil, fmt.Errorf("json: %w", err)
+	}
+
+	return b, nil
 }
 
 func (t *Time) UnmarshalJSON(b []byte) error {
@@ -78,5 +83,9 @@ func (client *Client) QueryTwoBits(ctx context.Context, deviceToken string, resu
 		return fmt.Errorf("devicecheck: %w", ErrBitStateNotFound)
 	}
 
-	return json.NewDecoder(strings.NewReader(respBody)).Decode(result)
+	if err := json.NewDecoder(strings.NewReader(respBody)).Decode(result); err != nil {
+		return fmt.Errorf("json: %w", err)
+	}
+
+	return nil
 }