fix(keygen): correctly load token for validation
Cadoles/go-http-peering/pipeline/head There was a failure building this commit
Details
Cadoles/go-http-peering/pipeline/head There was a failure building this commit
Details
This commit is contained in:
parent
db06098fdd
commit
b28a87cc5d
11
Makefile
11
Makefile
|
@ -1,6 +1,8 @@
|
||||||
SHELL := /bin/bash
|
SHELL := /bin/bash
|
||||||
|
|
||||||
test:
|
test: go-test keygen-test
|
||||||
|
|
||||||
|
go-test:
|
||||||
go clean -testcache
|
go clean -testcache
|
||||||
go test -cover -v ./...
|
go test -cover -v ./...
|
||||||
|
|
||||||
|
@ -36,6 +38,13 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
|
||||||
GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
|
GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
|
||||||
tools/gitea-release/bin/gitea-release.sh
|
tools/gitea-release/bin/gitea-release.sh
|
||||||
|
|
||||||
|
keygen-test: tools/bash_unit/bin/bash_unit
|
||||||
|
tools/bash_unit/bin/bash_unit misc/bash_unit/keygen_test.sh
|
||||||
|
|
||||||
|
tools/bash_unit/bin/bash_unit:
|
||||||
|
mkdir -p tools/bash_unit/bin
|
||||||
|
cd tools/bash_unit/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
|
||||||
|
|
||||||
.PHONY: mktools
|
.PHONY: mktools
|
||||||
mktools:
|
mktools:
|
||||||
rm -rf .mktools
|
rm -rf .mktools
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"forge.cadoles.com/Cadoles/go-http-peering/crypto"
|
"forge.cadoles.com/Cadoles/go-http-peering/crypto"
|
||||||
|
@ -63,17 +64,17 @@ func loadPrivateKey() (*rsa.PrivateKey, error) {
|
||||||
return privateKey, nil
|
return privateKey, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadToken() ([]byte, error) {
|
func loadToken() (string, error) {
|
||||||
if tokenFile == "" {
|
if tokenFile == "" {
|
||||||
return nil, errors.New("you must specify a token file to load")
|
return "", errors.New("you must specify a token file to load")
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := os.ReadFile(tokenFile)
|
token, err := os.ReadFile(tokenFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return "", errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return token, nil
|
return strings.TrimSpace(string(token)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleError(err error) {
|
func handleError(err error) {
|
||||||
|
|
|
@ -24,7 +24,7 @@ func verifyToken() {
|
||||||
return &privateKey.PublicKey, nil
|
return &privateKey.PublicKey, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := jwt.ParseWithClaims(string(rawToken), &peering.ServerTokenClaims{}, fn)
|
token, err := jwt.ParseWithClaims(rawToken, &peering.ServerTokenClaims{}, fn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
validationError, ok := err.(*jwt.ValidationError)
|
validationError, ok := err.(*jwt.ValidationError)
|
||||||
if ok {
|
if ok {
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
KEYGEN_BIN=${KEYGEN_BIN:-go run ../../cmd/keygen}
|
||||||
|
|
||||||
|
test_create_key_without_passphrase() {
|
||||||
|
local workspace=$(mktemp -d)
|
||||||
|
|
||||||
|
# Generate a new private key without passphrase
|
||||||
|
local key_path="${workspace}/private.key"
|
||||||
|
KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
|
||||||
|
}
|
||||||
|
|
||||||
|
test_create_key_with_passphrase() {
|
||||||
|
local workspace=$(mktemp -d)
|
||||||
|
|
||||||
|
# Generate a new private key with passphrase
|
||||||
|
local key_path="${workspace}/private.key"
|
||||||
|
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
|
||||||
|
}
|
||||||
|
|
||||||
|
test_verify_token_without_passphrase() {
|
||||||
|
local workspace=$(mktemp -d)
|
||||||
|
|
||||||
|
# Generate a new private key without passphrase
|
||||||
|
local key_path="${workspace}/private.key"
|
||||||
|
KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
|
||||||
|
|
||||||
|
# Generate a new token
|
||||||
|
local token_path="${workspace}/token.jwt"
|
||||||
|
KEY_PASSPHRASE= $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
|
||||||
|
|
||||||
|
# Verify token
|
||||||
|
KEY_PASSPHRASE= $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
test_verify_token_with_passphrase() {
|
||||||
|
local workspace=$(mktemp -d)
|
||||||
|
|
||||||
|
# Generate a new private key with passphrase
|
||||||
|
local key_path="${workspace}/private.key"
|
||||||
|
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
|
||||||
|
|
||||||
|
# Generate a new token
|
||||||
|
local token_path="${workspace}/token.jwt"
|
||||||
|
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
|
||||||
|
|
||||||
|
# Verify token
|
||||||
|
KEY_PASSPHRASE=foobar $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
|
||||||
|
}
|
Loading…
Reference in New Issue