From b28a87cc5db1c98509831c02bed99a33c27e47f3 Mon Sep 17 00:00:00 2001 From: William Petit Date: Fri, 5 Jan 2024 11:12:27 +0100 Subject: [PATCH] fix(keygen): correctly load token for validation --- Makefile | 11 +++++++- cmd/keygen/util.go | 9 ++++--- cmd/keygen/verify_token.go | 2 +- misc/bash_unit/keygen_test.sh | 49 +++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 misc/bash_unit/keygen_test.sh diff --git a/Makefile b/Makefile index 3971860..1ae027e 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,8 @@ SHELL := /bin/bash -test: +test: go-test keygen-test + +go-test: go clean -testcache go test -cover -v ./... @@ -36,6 +38,13 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \ tools/gitea-release/bin/gitea-release.sh +keygen-test: tools/bash_unit/bin/bash_unit + tools/bash_unit/bin/bash_unit misc/bash_unit/keygen_test.sh + +tools/bash_unit/bin/bash_unit: + mkdir -p tools/bash_unit/bin + cd tools/bash_unit/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh) + .PHONY: mktools mktools: rm -rf .mktools diff --git a/cmd/keygen/util.go b/cmd/keygen/util.go index ddfe86a..ab0ac76 100644 --- a/cmd/keygen/util.go +++ b/cmd/keygen/util.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "os" + "strings" "syscall" "forge.cadoles.com/Cadoles/go-http-peering/crypto" @@ -63,17 +64,17 @@ func loadPrivateKey() (*rsa.PrivateKey, error) { return privateKey, nil } -func loadToken() ([]byte, error) { +func loadToken() (string, error) { if tokenFile == "" { - return nil, errors.New("you must specify a token file to load") + return "", errors.New("you must specify a token file to load") } token, err := os.ReadFile(tokenFile) if err != nil { - return nil, errors.WithStack(err) + return "", errors.WithStack(err) } - return token, nil + return strings.TrimSpace(string(token)), nil } func handleError(err error) { diff --git a/cmd/keygen/verify_token.go b/cmd/keygen/verify_token.go index c0d9da7..1bca11b 100644 --- a/cmd/keygen/verify_token.go +++ b/cmd/keygen/verify_token.go @@ -24,7 +24,7 @@ func verifyToken() { return &privateKey.PublicKey, nil } - token, err := jwt.ParseWithClaims(string(rawToken), &peering.ServerTokenClaims{}, fn) + token, err := jwt.ParseWithClaims(rawToken, &peering.ServerTokenClaims{}, fn) if err != nil { validationError, ok := err.(*jwt.ValidationError) if ok { diff --git a/misc/bash_unit/keygen_test.sh b/misc/bash_unit/keygen_test.sh new file mode 100644 index 0000000..d6b9008 --- /dev/null +++ b/misc/bash_unit/keygen_test.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +KEYGEN_BIN=${KEYGEN_BIN:-go run ../../cmd/keygen} + +test_create_key_without_passphrase() { + local workspace=$(mktemp -d) + + # Generate a new private key without passphrase + local key_path="${workspace}/private.key" + KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}" +} + +test_create_key_with_passphrase() { + local workspace=$(mktemp -d) + + # Generate a new private key with passphrase + local key_path="${workspace}/private.key" + KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}" +} + +test_verify_token_without_passphrase() { + local workspace=$(mktemp -d) + + # Generate a new private key without passphrase + local key_path="${workspace}/private.key" + KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}" + + # Generate a new token + local token_path="${workspace}/token.jwt" + KEY_PASSPHRASE= $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}" + + # Verify token + KEY_PASSPHRASE= $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null +} + +test_verify_token_with_passphrase() { + local workspace=$(mktemp -d) + + # Generate a new private key with passphrase + local key_path="${workspace}/private.key" + KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}" + + # Generate a new token + local token_path="${workspace}/token.jwt" + KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}" + + # Verify token + KEY_PASSPHRASE=foobar $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null +} \ No newline at end of file