forked from TrueCloudLab/distribution
1d33874951
Go 1.13 and up enforce import paths to be versioned if a project contains a go.mod and has released v2 or up. The current v2.x branches (and releases) do not yet have a go.mod, and therefore are still allowed to be imported with a non-versioned import path (go modules add a `+incompatible` annotation in that case). However, now that this project has a `go.mod` file, incompatible import paths will not be accepted by go modules, and attempting to use code from this repository will fail. This patch uses `v3` for the import-paths (not `v2`), because changing import paths itself is a breaking change, which means that the next release should increment the "major" version to comply with SemVer (as go modules dictate). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
80 lines
1.5 KiB
Go
80 lines
1.5 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"encoding/base64"
|
|
"errors"
|
|
"testing"
|
|
"time"
|
|
|
|
"strings"
|
|
|
|
"github.com/distribution/distribution/v3/registry/auth"
|
|
"github.com/docker/libtrust"
|
|
)
|
|
|
|
func TestCreateJWTSuccessWithEmptyACL(t *testing.T) {
|
|
key, err := rsa.GenerateKey(rand.Reader, 1024)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
pk, err := libtrust.FromCryptoPrivateKey(key)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
tokenIssuer := TokenIssuer{
|
|
Expiration: time.Duration(100),
|
|
Issuer: "localhost",
|
|
SigningKey: pk,
|
|
}
|
|
|
|
grantedAccessList := make([]auth.Access, 0)
|
|
token, err := tokenIssuer.CreateJWT("test", "test", grantedAccessList)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
tokens := strings.Split(token, ".")
|
|
|
|
if len(token) == 0 {
|
|
t.Fatal("token not generated.")
|
|
}
|
|
|
|
json, err := decodeJWT(tokens[1])
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if !strings.Contains(json, "test") {
|
|
t.Fatal("Valid token was not generated.")
|
|
}
|
|
|
|
}
|
|
|
|
func decodeJWT(rawToken string) (string, error) {
|
|
data, err := joseBase64Decode(rawToken)
|
|
if err != nil {
|
|
return "", errors.New("Error in Decoding base64 String")
|
|
}
|
|
return data, nil
|
|
}
|
|
|
|
func joseBase64Decode(s string) (string, error) {
|
|
switch len(s) % 4 {
|
|
case 0:
|
|
case 2:
|
|
s += "=="
|
|
case 3:
|
|
s += "="
|
|
default:
|
|
{
|
|
return "", errors.New("Invalid base64 String")
|
|
}
|
|
}
|
|
data, err := base64.StdEncoding.DecodeString(s)
|
|
if err != nil {
|
|
return "", err //errors.New("Error in Decoding base64 String")
|
|
}
|
|
return string(data), nil
|
|
}
|