From 041b486c556017aac05a3dc12c1b5681190ac55d Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Tue, 27 Feb 2024 14:00:09 +0100
Subject: [PATCH] Remove usages of `Sign` without context

---
 acme/api/revoke_test.go        |  4 ----
 acme/common.go                 |  1 -
 acme/order_test.go             | 10 ----------
 api/api.go                     |  1 -
 api/api_test.go                |  8 --------
 authority/authority_test.go    |  3 ++-
 authority/authorize_test.go    |  2 +-
 authority/provisioners_test.go |  2 +-
 authority/tls_test.go          |  8 ++++----
 scep/authority.go              |  1 -
 10 files changed, 8 insertions(+), 32 deletions(-)

diff --git a/acme/api/revoke_test.go b/acme/api/revoke_test.go
index 5d274faf..85b9a032 100644
--- a/acme/api/revoke_test.go
+++ b/acme/api/revoke_test.go
@@ -281,10 +281,6 @@ type mockCA struct {
 	MockAreSANsallowed func(ctx context.Context, sans []string) error
 }
 
-func (m *mockCA) Sign(*x509.CertificateRequest, provisioner.SignOptions, ...provisioner.SignOption) ([]*x509.Certificate, error) {
-	return nil, nil
-}
-
 func (m *mockCA) SignWithContext(context.Context, *x509.CertificateRequest, provisioner.SignOptions, ...provisioner.SignOption) ([]*x509.Certificate, error) {
 	return nil, nil
 }
diff --git a/acme/common.go b/acme/common.go
index 46e86ae6..e86b23e9 100644
--- a/acme/common.go
+++ b/acme/common.go
@@ -21,7 +21,6 @@ var clock Clock
 
 // CertificateAuthority is the interface implemented by a CA authority.
 type CertificateAuthority interface {
-	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	AreSANsAllowed(ctx context.Context, sans []string) error
 	IsRevoked(sn string) (bool, error)
diff --git a/acme/order_test.go b/acme/order_test.go
index 17060f11..07372af0 100644
--- a/acme/order_test.go
+++ b/acme/order_test.go
@@ -271,7 +271,6 @@ func TestOrder_UpdateStatus(t *testing.T) {
 }
 
 type mockSignAuth struct {
-	sign                  func(csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	signWithContext       func(ctx context.Context, csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	areSANsAllowed        func(ctx context.Context, sans []string) error
 	loadProvisionerByName func(string) (provisioner.Interface, error)
@@ -279,15 +278,6 @@ type mockSignAuth struct {
 	err                   error
 }
 
-func (m *mockSignAuth) Sign(csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
-	if m.sign != nil {
-		return m.sign(csr, signOpts, extraOpts...)
-	} else if m.err != nil {
-		return nil, m.err
-	}
-	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
-}
-
 func (m *mockSignAuth) SignWithContext(ctx context.Context, csr *x509.CertificateRequest, signOpts provisioner.SignOptions, extraOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
 	if m.signWithContext != nil {
 		return m.signWithContext(ctx, csr, signOpts, extraOpts...)
diff --git a/api/api.go b/api/api.go
index 1d367f7d..a12e7e19 100644
--- a/api/api.go
+++ b/api/api.go
@@ -42,7 +42,6 @@ type Authority interface {
 	AuthorizeRenewToken(ctx context.Context, ott string) (*x509.Certificate, error)
 	GetTLSOptions() *config.TLSOptions
 	Root(shasum string) (*x509.Certificate, error)
-	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	Renew(peer *x509.Certificate) ([]*x509.Certificate, error)
 	RenewContext(ctx context.Context, peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
diff --git a/api/api_test.go b/api/api_test.go
index 4266dff3..cf988593 100644
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -189,7 +189,6 @@ type mockAuthority struct {
 	authorizeRenewToken          func(ctx context.Context, ott string) (*x509.Certificate, error)
 	getTLSOptions                func() *authority.TLSOptions
 	root                         func(shasum string) (*x509.Certificate, error)
-	sign                         func(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	signWithContext              func(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	renew                        func(cert *x509.Certificate) ([]*x509.Certificate, error)
 	rekey                        func(oldCert *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
@@ -252,13 +251,6 @@ func (m *mockAuthority) Root(shasum string) (*x509.Certificate, error) {
 	return m.ret1.(*x509.Certificate), m.err
 }
 
-func (m *mockAuthority) Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
-	if m.sign != nil {
-		return m.sign(cr, opts, signOpts...)
-	}
-	return []*x509.Certificate{m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate)}, m.err
-}
-
 func (m *mockAuthority) SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) {
 	if m.signWithContext != nil {
 		return m.signWithContext(ctx, cr, opts, signOpts...)
diff --git a/authority/authority_test.go b/authority/authority_test.go
index 45c7cd86..3787dab7 100644
--- a/authority/authority_test.go
+++ b/authority/authority_test.go
@@ -1,6 +1,7 @@
 package authority
 
 import (
+	"context"
 	"crypto"
 	"crypto/rand"
 	"crypto/sha256"
@@ -414,7 +415,7 @@ func TestNewEmbedded_Sign(t *testing.T) {
 	csr, err := x509.ParseCertificateRequest(cr)
 	assert.FatalError(t, err)
 
-	cert, err := a.Sign(csr, provisioner.SignOptions{})
+	cert, err := a.SignWithContext(context.Background(), csr, provisioner.SignOptions{})
 	assert.FatalError(t, err)
 	assert.Equals(t, []string{"foo.bar.zar"}, cert[0].DNSNames)
 	assert.Equals(t, crt, cert[1])
diff --git a/authority/authorize_test.go b/authority/authorize_test.go
index 3d748f69..8f3c1ae2 100644
--- a/authority/authorize_test.go
+++ b/authority/authorize_test.go
@@ -1375,7 +1375,7 @@ func TestAuthority_AuthorizeRenewToken(t *testing.T) {
 	}
 
 	generateX5cToken := func(a *Authority, key crypto.Signer, claims jose.Claims, opts ...provisioner.SignOption) (string, *x509.Certificate) {
-		chain, err := a.Sign(csr, provisioner.SignOptions{}, opts...)
+		chain, err := a.SignWithContext(ctx, csr, provisioner.SignOptions{}, opts...)
 		if err != nil {
 			t.Fatal(err)
 		}
diff --git a/authority/provisioners_test.go b/authority/provisioners_test.go
index f6af6f54..f62f8127 100644
--- a/authority/provisioners_test.go
+++ b/authority/provisioners_test.go
@@ -149,7 +149,7 @@ func TestAuthority_LoadProvisionerByCertificate(t *testing.T) {
 		opts, err := a.Authorize(ctx, token)
 		require.NoError(t, err)
 		opts = append(opts, extraOpts...)
-		certs, err := a.Sign(csr, provisioner.SignOptions{}, opts...)
+		certs, err := a.SignWithContext(ctx, csr, provisioner.SignOptions{}, opts...)
 		require.NoError(t, err)
 		return certs[0]
 	}
diff --git a/authority/tls_test.go b/authority/tls_test.go
index 1fb8411a..b481ca68 100644
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@@ -239,7 +239,7 @@ func (e *testEnforcer) Enforce(cert *x509.Certificate) error {
 	return nil
 }
 
-func TestAuthority_Sign(t *testing.T) {
+func TestAuthority_SignWithContext(t *testing.T) {
 	pub, priv, err := keyutil.GenerateDefaultKeyPair()
 	require.NoError(t, err)
 
@@ -848,7 +848,7 @@ ZYtQ9Ot36qc=
 		t.Run(name, func(t *testing.T) {
 			tc := genTestCase(t)
 
-			certChain, err := tc.auth.Sign(tc.csr, tc.signOpts, tc.extraOpts...)
+			certChain, err := tc.auth.SignWithContext(context.Background(), tc.csr, tc.signOpts, tc.extraOpts...)
 			if err != nil {
 				if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
 					assert.Nil(t, certChain)
@@ -1797,9 +1797,9 @@ func TestAuthority_constraints(t *testing.T) {
 				t.Fatal(err)
 			}
 
-			_, err = auth.Sign(csr, provisioner.SignOptions{}, templateOption)
+			_, err = auth.SignWithContext(context.Background(), csr, provisioner.SignOptions{}, templateOption)
 			if (err != nil) != tt.wantErr {
-				t.Errorf("Authority.Sign() error = %v, wantErr %v", err, tt.wantErr)
+				t.Errorf("Authority.SignWithContext() error = %v, wantErr %v", err, tt.wantErr)
 			}
 
 			_, err = auth.Renew(cert)
diff --git a/scep/authority.go b/scep/authority.go
index e2aa759e..8ed065fb 100644
--- a/scep/authority.go
+++ b/scep/authority.go
@@ -60,7 +60,6 @@ func MustFromContext(ctx context.Context) *Authority {
 
 // SignAuthority is the interface for a signing authority
 type SignAuthority interface {
-	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	LoadProvisionerByName(string) (provisioner.Interface, error)
 }