fix(keygen): correctly load token for validation

2024-01-05 11:12:27 +01:00 · 2024-01-05 11:12:27 +01:00 · b28a87cc5d
parent db06098fdd
commit b28a87cc5d
4 changed files with 65 additions and 6 deletions
--- a/11
+++ b/11
@ -1,6 +1,8 @@
 SHELL := /bin/bash

-test:
+test: go-test keygen-test
+
+go-test:
 	go clean -testcache
 	go test -cover -v ./...

@ -36,6 +38,13 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
 		GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
 		tools/gitea-release/bin/gitea-release.sh

+keygen-test: tools/bash_unit/bin/bash_unit
+	tools/bash_unit/bin/bash_unit misc/bash_unit/keygen_test.sh
+
+tools/bash_unit/bin/bash_unit:
+	mkdir -p tools/bash_unit/bin
+	cd tools/bash_unit/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
+
 .PHONY: mktools
 mktools:
 	rm -rf .mktools
--- a/cmd/keygen/util.go
+++ b/cmd/keygen/util.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"strings"
 	"syscall"

 	"forge.cadoles.com/Cadoles/go-http-peering/crypto"
@ -63,17 +64,17 @@ func loadPrivateKey() (*rsa.PrivateKey, error) {
 	return privateKey, nil
 }

-func loadToken() ([]byte, error) {
+func loadToken() (string, error) {
 	if tokenFile == "" {
-		return nil, errors.New("you must specify a token file to load")
+		return "", errors.New("you must specify a token file to load")
 	}

 	token, err := os.ReadFile(tokenFile)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return "", errors.WithStack(err)
 	}

-	return token, nil
+	return strings.TrimSpace(string(token)), nil
 }

 func handleError(err error) {
--- a/cmd/keygen/verify_token.go
+++ b/cmd/keygen/verify_token.go
@ -24,7 +24,7 @@ func verifyToken() {
 		return &privateKey.PublicKey, nil
 	}

-	token, err := jwt.ParseWithClaims(string(rawToken), &peering.ServerTokenClaims{}, fn)
+	token, err := jwt.ParseWithClaims(rawToken, &peering.ServerTokenClaims{}, fn)
 	if err != nil {
 		validationError, ok := err.(*jwt.ValidationError)
 		if ok {
--- a/misc/bash_unit/keygen_test.sh
+++ b/misc/bash_unit/keygen_test.sh
@ -0,0 +1,49 @@
+#!/bin/bash
+
+KEYGEN_BIN=${KEYGEN_BIN:-go run ../../cmd/keygen}
+
+test_create_key_without_passphrase() {
+    local workspace=$(mktemp -d)
+
+    # Generate a new private key without passphrase
+    local key_path="${workspace}/private.key"
+    KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
+}
+
+test_create_key_with_passphrase() {
+    local workspace=$(mktemp -d)
+
+    # Generate a new private key with passphrase
+    local key_path="${workspace}/private.key"
+    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
+}
+
+test_verify_token_without_passphrase() {
+    local workspace=$(mktemp -d)
+    
+    # Generate a new private key without passphrase
+    local key_path="${workspace}/private.key"
+    KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
+
+    # Generate a new token
+    local token_path="${workspace}/token.jwt"
+    KEY_PASSPHRASE= $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
+
+    # Verify token
+    KEY_PASSPHRASE= $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}"  1>/dev/null
+}
+
+test_verify_token_with_passphrase() {
+    local workspace=$(mktemp -d)
+    
+    # Generate a new private key with passphrase
+    local key_path="${workspace}/private.key"
+    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
+
+    # Generate a new token
+    local token_path="${workspace}/token.jwt"
+    KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
+
+    # Verify token
+    KEY_PASSPHRASE=foobar $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
+}