fix(keygen): correctly load token for validation
Cadoles/go-http-peering/pipeline/head There was a failure building this commit Details

This commit is contained in:
wpetit 2024-01-05 11:12:27 +01:00
parent db06098fdd
commit b28a87cc5d
4 changed files with 65 additions and 6 deletions

View File

@ -1,6 +1,8 @@
SHELL := /bin/bash SHELL := /bin/bash
test: test: go-test keygen-test
go-test:
go clean -testcache go clean -testcache
go test -cover -v ./... go test -cover -v ./...
@ -36,6 +38,13 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh release
GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \ GITEA_RELEASE_ATTACHMENTS="$$(find release -type f -name '*.tar.gz')" \
tools/gitea-release/bin/gitea-release.sh tools/gitea-release/bin/gitea-release.sh
keygen-test: tools/bash_unit/bin/bash_unit
tools/bash_unit/bin/bash_unit misc/bash_unit/keygen_test.sh
tools/bash_unit/bin/bash_unit:
mkdir -p tools/bash_unit/bin
cd tools/bash_unit/bin && bash <(curl -s https://raw.githubusercontent.com/pgrange/bash_unit/master/install.sh)
.PHONY: mktools .PHONY: mktools
mktools: mktools:
rm -rf .mktools rm -rf .mktools

View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"strings"
"syscall" "syscall"
"forge.cadoles.com/Cadoles/go-http-peering/crypto" "forge.cadoles.com/Cadoles/go-http-peering/crypto"
@ -63,17 +64,17 @@ func loadPrivateKey() (*rsa.PrivateKey, error) {
return privateKey, nil return privateKey, nil
} }
func loadToken() ([]byte, error) { func loadToken() (string, error) {
if tokenFile == "" { if tokenFile == "" {
return nil, errors.New("you must specify a token file to load") return "", errors.New("you must specify a token file to load")
} }
token, err := os.ReadFile(tokenFile) token, err := os.ReadFile(tokenFile)
if err != nil { if err != nil {
return nil, errors.WithStack(err) return "", errors.WithStack(err)
} }
return token, nil return strings.TrimSpace(string(token)), nil
} }
func handleError(err error) { func handleError(err error) {

View File

@ -24,7 +24,7 @@ func verifyToken() {
return &privateKey.PublicKey, nil return &privateKey.PublicKey, nil
} }
token, err := jwt.ParseWithClaims(string(rawToken), &peering.ServerTokenClaims{}, fn) token, err := jwt.ParseWithClaims(rawToken, &peering.ServerTokenClaims{}, fn)
if err != nil { if err != nil {
validationError, ok := err.(*jwt.ValidationError) validationError, ok := err.(*jwt.ValidationError)
if ok { if ok {

View File

@ -0,0 +1,49 @@
#!/bin/bash
KEYGEN_BIN=${KEYGEN_BIN:-go run ../../cmd/keygen}
test_create_key_without_passphrase() {
local workspace=$(mktemp -d)
# Generate a new private key without passphrase
local key_path="${workspace}/private.key"
KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
}
test_create_key_with_passphrase() {
local workspace=$(mktemp -d)
# Generate a new private key with passphrase
local key_path="${workspace}/private.key"
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
}
test_verify_token_without_passphrase() {
local workspace=$(mktemp -d)
# Generate a new private key without passphrase
local key_path="${workspace}/private.key"
KEY_PASSPHRASE= $KEYGEN_BIN -create-key > "${key_path}"
# Generate a new token
local token_path="${workspace}/token.jwt"
KEY_PASSPHRASE= $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
# Verify token
KEY_PASSPHRASE= $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
}
test_verify_token_with_passphrase() {
local workspace=$(mktemp -d)
# Generate a new private key with passphrase
local key_path="${workspace}/private.key"
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-key > "${key_path}"
# Generate a new token
local token_path="${workspace}/token.jwt"
KEY_PASSPHRASE=foobar $KEYGEN_BIN -create-token -key "${key_path}" > "${token_path}"
# Verify token
KEY_PASSPHRASE=foobar $KEYGEN_BIN -verify-token -key "${key_path}" -token "${token_path}" 1>/dev/null
}