diff --git a/contrib/apache/README.MD b/contrib/apache/README.MD
deleted file mode 100644
index 29f6bae18..000000000
--- a/contrib/apache/README.MD
+++ /dev/null
@@ -1,36 +0,0 @@
-# Apache HTTPd sample for Registry v1, v2 and mirror
-
-3 containers involved
-
-* Docker Registry v1 (registry 0.9.1)
-* Docker Registry v2 (registry 2.0.0)
-* Docker Registry v1 in mirror mode
-
-HTTP for mirror and HTTPS for v1 & v2
-
-* http://registry.example.com proxify Docker Registry 1.0 in Mirror mode
-* https://registry.example.com proxify Docker Registry 1.0 or 2.0 in Hosting mode
-
-## 3 Docker containers should be started
-
-* Docker Registry 1.0 in Mirror mode : port 5001
-* Docker Registry 1.0 in Hosting mode : port 5000
-* Docker Registry 2.0 in Hosting mode : port 5002
-
-### Registry v1
-
- docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/docker-registry/storage/hosting-v1:/tmp -p 5000:5000 registry:0.9.1"
-
-### Mirror
-
- docker run -d -e SETTINGS_FLAVOR=dev -e STANDALONE=false -e MIRROR_SOURCE=https://registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io \
- -e MIRROR_TAGS_CACHE_TTL=172800 -v /var/lib/docker-registry/storage/mirror:/tmp -p 5001:5000 registry:0.9.1"
-
-### Registry v2
-
- docker run -d -e SETTINGS_FLAVOR=dev -v /var/lib/axway/docker-registry/storage/hosting2-v2:/tmp -p 5002:5000 registry:2"
-
-# For Hosting mode access
-
-* users should have account (valid-user) to be able to fetch images
-* only users using account docker-deployer will be allowed to push images
diff --git a/contrib/apache/apache.conf b/contrib/apache/apache.conf
deleted file mode 100644
index 3300a7c02..000000000
--- a/contrib/apache/apache.conf
+++ /dev/null
@@ -1,127 +0,0 @@
-#
-# Sample Apache 2.x configuration where :
-#
-
-
-
- ServerName registry.example.com
- ServerAlias www.registry.example.com
-
- ProxyRequests off
- ProxyPreserveHost on
-
- # no proxy for /error/ (Apache HTTPd errors messages)
- ProxyPass /error/ !
-
- ProxyPass /_ping http://localhost:5001/_ping
- ProxyPassReverse /_ping http://localhost:5001/_ping
-
- ProxyPass /v1 http://localhost:5001/v1
- ProxyPassReverse /v1 http://localhost:5001/v1
-
- # Logs
- ErrorLog ${APACHE_LOG_DIR}/mirror_error_log
- CustomLog ${APACHE_LOG_DIR}/mirror_access_log combined env=!dontlog
-
-
-
-
-
-
- ServerName registry.example.com
- ServerAlias www.registry.example.com
-
- SSLEngine on
- SSLCertificateFile /etc/apache2/ssl/registry.example.com.crt
- SSLCertificateKeyFile /etc/apache2/ssl/registry.example.com.key
-
- # Higher Strength SSL Ciphers
- SSLProtocol all -SSLv2 -SSLv3 -TLSv1
- SSLCipherSuite RC4-SHA:HIGH
- SSLHonorCipherOrder on
-
- # Logs
- ErrorLog ${APACHE_LOG_DIR}/registry_error_ssl_log
- CustomLog ${APACHE_LOG_DIR}/registry_access_ssl_log combined env=!dontlog
-
- Header always set "Docker-Distribution-Api-Version" "registry/2.0"
- Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
- RequestHeader set X-Forwarded-Proto "https"
-
- ProxyRequests off
- ProxyPreserveHost on
-
- # no proxy for /error/ (Apache HTTPd errors messages)
- ProxyPass /error/ !
-
- #
- # Registry v1
- #
-
- ProxyPass /v1 http://localhost:5000/v1
- ProxyPassReverse /v1 http://localhost:5000/v1
-
- ProxyPass /_ping http://localhost:5000/_ping
- ProxyPassReverse /_ping http://localhost:5000/_ping
-
- # Authentication require for push
-
- Order deny,allow
- Allow from all
- AuthName "Registry Authentication"
- AuthType basic
- AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
-
- # Read access to authentified users
-
- Require valid-user
-
-
- # Write access to docker-deployer account only
-
- Require user docker-deployer
-
-
-
-
- # Allow ping to run unauthenticated.
-
- Satisfy any
- Allow from all
-
-
- # Allow ping to run unauthenticated.
-
- Satisfy any
- Allow from all
-
-
- #
- # Registry v2
- #
-
- ProxyPass /v2 http://localhost:5002/v2
- ProxyPassReverse /v2 http://localhost:5002/v2
-
-
- Order deny,allow
- Allow from all
- AuthName "Registry Authentication"
- AuthType basic
- AuthUserFile "/etc/apache2/htpasswd/registry-htpasswd"
-
- # Read access to authentified users
-
- Require valid-user
-
-
- # Write access to docker-deployer only
-
- Require user docker-deployer
-
-
-
-
-
-
-
diff --git a/contrib/compose/README.md b/contrib/compose/README.md
deleted file mode 100644
index a3dbb7348..000000000
--- a/contrib/compose/README.md
+++ /dev/null
@@ -1,147 +0,0 @@
-# Docker Compose V1 + V2 registry
-
-This compose configuration configures a `v1` and `v2` registry behind an `nginx`
-proxy. By default, you can access the combined registry at `localhost:5000`.
-
-The configuration does not support pushing images to `v2` and pulling from `v1`.
-If a `docker` client has a version less than 1.6, Nginx will route its requests
-to the 1.0 registry. Requests from newer clients will route to the 2.0 registry.
-
-### Install Docker Compose
-
-1. Open a new terminal on the host with your `distribution` source.
-
-2. Get the `docker-compose` binary.
-
- $ sudo wget https://github.com/docker/compose/releases/download/1.1.0/docker-compose-`uname -s`-`uname -m` -O /usr/local/bin/docker-compose
-
- This command installs the binary in the `/usr/local/bin` directory.
-
-3. Add executable permissions to the binary.
-
- $ sudo chmod +x /usr/local/bin/docker-compose
-
-## Build and run with Compose
-
-1. In your terminal, navigate to the `distribution/contrib/compose` directory
-
- This directory includes a single `docker-compose.yml` configuration.
-
- nginx:
- build: "nginx"
- ports:
- - "5000:5000"
- links:
- - registryv1:registryv1
- - registryv2:registryv2
- registryv1:
- image: registry
- ports:
- - "5000"
- registryv2:
- build: "../../"
- ports:
- - "5000"
-
- This configuration builds a new `nginx` image as specified by the
- `nginx/Dockerfile` file. The 1.0 registry comes from Docker's official
- public image. Finally, the registry 2.0 image is built from the
- `distribution/Dockerfile` you've used previously.
-
-2. Get a registry 1.0 image.
-
- $ docker pull registry:0.9.1
-
- The Compose configuration looks for this image locally. If you don't do this
- step, later steps can fail.
-
-3. Build `nginx`, the registry 2.0 image, and
-
- $ docker-compose build
- registryv1 uses an image, skipping
- Building registryv2...
- Step 0 : FROM golang:1.18
-
- ...
-
- Removing intermediate container 9f5f5068c3f3
- Step 4 : COPY docker-registry-v2.conf /etc/nginx/docker-registry-v2.conf
- ---> 74acc70fa106
- Removing intermediate container edb84c2b40cb
- Successfully built 74acc70fa106
-
- The command outputs its progress until it completes.
-
-4. Start your configuration with compose.
-
- $ docker-compose up
- Recreating compose_registryv1_1...
- Recreating compose_registryv2_1...
- Recreating compose_nginx_1...
- Attaching to compose_registryv1_1, compose_registryv2_1, compose_nginx_1
- ...
-
-
-5. In another terminal, display the running configuration.
-
- $ docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- a81ad2557702 compose_nginx:latest "nginx -g 'daemon of 8 minutes ago Up 8 minutes 80/tcp, 443/tcp, 0.0.0.0:5000->5000/tcp compose_nginx_1
- 0618437450dd compose_registryv2:latest "registry cmd/regist 8 minutes ago Up 8 minutes 0.0.0.0:32777->5000/tcp compose_registryv2_1
- aa82b1ed8e61 registry:latest "docker-registry" 8 minutes ago Up 8 minutes 0.0.0.0:32776->5000/tcp compose_registryv1_1
-
-### Explore a bit
-
-1. Check for TLS on your `nginx` server.
-
- $ curl -v https://localhost:5000
- * Rebuilt URL to: https://localhost:5000/
- * Hostname was NOT found in DNS cache
- * Trying 127.0.0.1...
- * Connected to localhost (127.0.0.1) port 5000 (#0)
- * successfully set certificate verify locations:
- * CAfile: none
- CApath: /etc/ssl/certs
- * SSLv3, TLS handshake, Client hello (1):
- * SSLv3, TLS handshake, Server hello (2):
- * SSLv3, TLS handshake, CERT (11):
- * SSLv3, TLS alert, Server hello (2):
- * SSL certificate problem: self signed certificate
- * Closing connection 0
- curl: (60) SSL certificate problem: self signed certificate
- More details here: http://curl.haxx.se/docs/sslcerts.html
-
-2. Tag the `v1` registry image.
-
- $ docker tag registry:latest localhost:5000/registry_one:latest
-
-2. Push it to the localhost.
-
- $ docker push localhost:5000/registry_one:latest
-
- If you are using the 1.6 Docker client, this pushes the image the `v2 `registry.
-
-4. Use `curl` to list the image in the registry.
-
- $ curl -v -X GET http://localhost:5000/v2/registry_one/tags/list
- * Hostname was NOT found in DNS cache
- * Trying 127.0.0.1...
- * Connected to localhost (127.0.0.1) port 32777 (#0)
- > GET /v2/registry1/tags/list HTTP/1.1
- > User-Agent: curl/7.36.0
- > Host: localhost:5000
- > Accept: */*
- >
- < HTTP/1.1 200 OK
- < Content-Type: application/json
- < Docker-Distribution-Api-Version: registry/2.0
- < Date: Tue, 14 Apr 2015 22:34:13 GMT
- < Content-Length: 39
- <
- {"name":"registry_one","tags":["latest"]}
- * Connection #0 to host localhost left intact
-
- This example refers to the specific port assigned to the 2.0 registry. You saw
- this port earlier, when you used `docker ps` to show your running containers.
-
-
diff --git a/contrib/compose/docker-compose.yml b/contrib/compose/docker-compose.yml
deleted file mode 100644
index 5cd048588..000000000
--- a/contrib/compose/docker-compose.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-nginx:
- build: "nginx"
- ports:
- - "5000:5000"
- links:
- - registryv1:registryv1
- - registryv2:registryv2
-registryv1:
- image: registry
- ports:
- - "5000"
-registryv2:
- build: "../../"
- ports:
- - "5000"
diff --git a/contrib/compose/nginx/Dockerfile b/contrib/compose/nginx/Dockerfile
deleted file mode 100644
index 2b252ec7d..000000000
--- a/contrib/compose/nginx/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM nginx:1.7
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY registry.conf /etc/nginx/conf.d/registry.conf
-COPY docker-registry.conf /etc/nginx/docker-registry.conf
-COPY docker-registry-v2.conf /etc/nginx/docker-registry-v2.conf
diff --git a/contrib/compose/nginx/docker-registry-v2.conf b/contrib/compose/nginx/docker-registry-v2.conf
deleted file mode 100644
index 2fd2ccde9..000000000
--- a/contrib/compose/nginx/docker-registry-v2.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-proxy_pass http://docker-registry-v2;
-proxy_set_header Host $http_host; # required for docker client's sake
-proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
-proxy_read_timeout 900;
-proxy_send_timeout 300;
-proxy_request_buffering off; (see issue #2292 - https://github.com/moby/moby/issues/2292)
-proxy_http_version 1.1;
diff --git a/contrib/compose/nginx/docker-registry.conf b/contrib/compose/nginx/docker-registry.conf
deleted file mode 100644
index 7b039a54a..000000000
--- a/contrib/compose/nginx/docker-registry.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-proxy_pass http://docker-registry;
-proxy_set_header Host $http_host; # required for docker client's sake
-proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
-proxy_set_header Authorization ""; # For basic auth through nginx in v1 to work, please comment this line
-proxy_read_timeout 900;
diff --git a/contrib/compose/nginx/nginx.conf b/contrib/compose/nginx/nginx.conf
deleted file mode 100644
index 63cd180d6..000000000
--- a/contrib/compose/nginx/nginx.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
-
- keepalive_timeout 65;
-
- include /etc/nginx/conf.d/*.conf;
-}
-
diff --git a/contrib/compose/nginx/registry.conf b/contrib/compose/nginx/registry.conf
deleted file mode 100644
index 47ffd2379..000000000
--- a/contrib/compose/nginx/registry.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# Docker registry proxy for api versions 1 and 2
-
-upstream docker-registry {
- server registryv1:5000;
-}
-
-upstream docker-registry-v2 {
- server registryv2:5000;
-}
-
-# No client auth or TLS
-server {
- listen 5000;
- server_name localhost;
-
- # disable any limits to avoid HTTP 413 for large image uploads
- client_max_body_size 0;
-
- # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
- chunked_transfer_encoding on;
-
- location /v2/ {
- # Do not allow connections from docker 1.5 and earlier
- # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
- if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
- return 404;
- }
-
- # To add basic authentication to v2 use auth_basic setting plus add_header
- # auth_basic "registry.localhost";
- # auth_basic_user_file test.password;
- # add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
-
- include docker-registry-v2.conf;
- }
-
- location / {
- include docker-registry.conf;
- }
-}
-
diff --git a/contrib/docker-integration/Dockerfile b/contrib/docker-integration/Dockerfile
deleted file mode 100644
index 17e348306..000000000
--- a/contrib/docker-integration/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM distribution/golem:0.1
-
-MAINTAINER Docker Distribution Team
-
-RUN apk add --no-cache git
-
-ENV TMPDIR /var/lib/docker/tmp
-
-WORKDIR /go/src/github.com/distribution/distribution/contrib/docker-integration
diff --git a/contrib/docker-integration/README.md b/contrib/docker-integration/README.md
deleted file mode 100644
index 20b7c0f2e..000000000
--- a/contrib/docker-integration/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# Docker Registry Integration Testing
-
-These integration tests cover interactions between registry clients such as
-the docker daemon and the registry server. All tests can be run using the
-[golem integration test runner](https://github.com/docker/golem)
-
-The integration tests configure components using docker compose
-(see docker-compose.yaml) and the runner can be using the golem
-configuration file (see golem.conf).
-
-## Running integration tests
-
-### Run using multiversion script
-
-The integration tests in the `contrib/docker-integration` directory can be simply
-run by executing the run script `./run_multiversion.sh`. If there is no running
-daemon to connect to, run as `./run_multiversion.sh -d`.
-
-This command will build the distribution image from the locally checked out
-version and run against multiple versions of docker defined in the script. To
-run a specific version of the registry or docker, Golem will need to be
-executed manually.
-
-### Run manually using Golem
-
-Using the golem tool directly allows running against multiple versions of
-the registry and docker. Running against multiple versions of the registry
-can be useful for testing changes in the docker daemon which are not
-covered by the default run script.
-
-#### Installing Golem
-
-Golem is distributed as an executable binary which can be installed from
-the [release page](https://github.com/docker/golem/releases/tag/v0.1).
-
-#### Running golem with docker
-
-Additionally golem can be run as a docker image requiring no additional
-installation.
-
-`docker run --privileged -v "$GOPATH/src/github.com/distribution/distribution/contrib/docker-integration:/test" -w /test distribution/golem golem -rundaemon .`
-
-#### Golem custom images
-
-Golem tests version of software by defining the docker image to test.
-
-Run with registry 2.2.1 and docker 1.10.3
-
-`golem -i golem-dind:latest,docker:1.10.3-dind,1.10.3 -i golem-distribution:latest,registry:2.2.1 .`
-
-
-#### Use golem caching for developing tests
-
-Golem allows caching image configuration to reduce test start up time.
-Using this cache will allow tests with the same set of images to start
-up quickly. This can be useful when developing tests and needing the
-test to run quickly. If there are changes which effect the image (such as
-building a new registry image), then startup time will be slower.
-
-Run this command multiple times and after the first time test runs
-should start much quicker.
-`golem -cache ~/.cache/docker/golem -i golem-dind:latest,docker:1.10.3-dind,1.10.3 -i golem-distribution:latest,registry:2.2.1 .`
-
diff --git a/contrib/docker-integration/docker-compose.yml b/contrib/docker-integration/docker-compose.yml
deleted file mode 100644
index 374197acc..000000000
--- a/contrib/docker-integration/docker-compose.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-nginx:
- build: "nginx"
- ports:
- - "5000:5000"
- - "5002:5002"
- - "5440:5440"
- - "5441:5441"
- - "5442:5442"
- - "5443:5443"
- - "5444:5444"
- - "5445:5445"
- - "5446:5446"
- - "5447:5447"
- - "5448:5448"
- - "5554:5554"
- - "5555:5555"
- - "5556:5556"
- - "5557:5557"
- - "5558:5558"
- - "5559:5559"
- - "5600:5600"
- - "6666:6666"
- links:
- - registryv2:registryv2
- - malevolent:malevolent
- - registryv2token:registryv2token
- - tokenserver:tokenserver
- - registryv2tokenoauth:registryv2tokenoauth
- - registryv2tokenoauthnotls:registryv2tokenoauthnotls
- - tokenserveroauth:tokenserveroauth
-registryv2:
- image: golem-distribution:latest
- ports:
- - "5000"
-registryv2token:
- image: golem-distribution:latest
- ports:
- - "5000"
- volumes:
- - ./tokenserver/registry-config.yml:/etc/docker/registry/config.yml
- - ./tokenserver/certs/localregistry.cert:/etc/docker/registry/localregistry.cert
- - ./tokenserver/certs/localregistry.key:/etc/docker/registry/localregistry.key
- - ./tokenserver/certs/signing.cert:/etc/docker/registry/tokenbundle.pem
-tokenserver:
- build: "tokenserver"
- command: "--debug -addr 0.0.0.0:5556 -issuer registry-test -passwd .htpasswd -tlscert tls.cert -tlskey tls.key -key sign.key -realm http://auth.localregistry:5556"
- ports:
- - "5556"
-registryv2tokenoauth:
- image: golem-distribution:latest
- ports:
- - "5000"
- volumes:
- - ./tokenserver-oauth/registry-config.yml:/etc/docker/registry/config.yml
- - ./tokenserver-oauth/certs/localregistry.cert:/etc/docker/registry/localregistry.cert
- - ./tokenserver-oauth/certs/localregistry.key:/etc/docker/registry/localregistry.key
- - ./tokenserver-oauth/certs/signing.cert:/etc/docker/registry/tokenbundle.pem
-registryv2tokenoauthnotls:
- image: golem-distribution:latest
- ports:
- - "5000"
- volumes:
- - ./tokenserver-oauth/registry-config-notls.yml:/etc/docker/registry/config.yml
- - ./tokenserver-oauth/certs/signing.cert:/etc/docker/registry/tokenbundle.pem
-tokenserveroauth:
- build: "tokenserver-oauth"
- command: "--debug -addr 0.0.0.0:5559 -issuer registry-test -passwd .htpasswd -tlscert tls.cert -tlskey tls.key -key sign.key -realm http://auth.localregistry:5559 -enforce-class"
- ports:
- - "5559"
-malevolent:
- image: "dmcgowan/malevolent:0.1.0"
- command: "-l 0.0.0.0:6666 -r http://registryv2:5000 -c /certs/localregistry.cert -k /certs/localregistry.key"
- links:
- - registryv2:registryv2
- volumes:
- - ./malevolent-certs:/certs:ro
- ports:
- - "6666"
-docker:
- image: golem-dind:latest
- container_name: dockerdaemon
- command: "docker daemon --debug -s $DOCKER_GRAPHDRIVER"
- privileged: true
- environment:
- DOCKER_GRAPHDRIVER:
- volumes:
- - /etc/generated_certs.d:/etc/docker/certs.d
- - /var/lib/docker
- links:
- - nginx:localregistry
- - nginx:auth.localregistry
diff --git a/contrib/docker-integration/golem.conf b/contrib/docker-integration/golem.conf
deleted file mode 100644
index eb1757076..000000000
--- a/contrib/docker-integration/golem.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-[[suite]]
- dind=true
- images=[ "nginx:1.9", "dmcgowan/token-server:simple", "dmcgowan/token-server:oauth", "dmcgowan/malevolent:0.1.0", "dmcgowan/ncat:latest" ]
-
- [[suite.pretest]]
- command="sh ./install_certs.sh /etc/generated_certs.d"
- [[suite.testrunner]]
- command="bats -t ."
- format="tap"
- env=["TEST_REPO=hello-world", "TEST_TAG=latest", "TEST_USER=testuser", "TEST_PASSWORD=passpassword", "TEST_REGISTRY=localregistry", "TEST_SKIP_PULL=true"]
- [[suite.customimage]]
- tag="golem-distribution:latest"
- default="registry:2.2.1"
- [[suite.customimage]]
- tag="golem-dind:latest"
- default="docker:1.10.1-dind"
- version="1.10.1"
-
diff --git a/contrib/docker-integration/helpers.bash b/contrib/docker-integration/helpers.bash
deleted file mode 100644
index 8760f9cf3..000000000
--- a/contrib/docker-integration/helpers.bash
+++ /dev/null
@@ -1,127 +0,0 @@
-# has_digest enforces the last output line is "Digest: sha256:..."
-# the input is the output from a docker push cli command
-function has_digest() {
- filtered=$(echo "$1" |sed -rn '/[dD]igest\: sha(256|384|512)/ p')
- [ "$filtered" != "" ]
- # See http://wiki.alpinelinux.org/wiki/Regex#BREs before making changes to regex
- digest=$(expr "$filtered" : ".*\(sha[0-9]\{3,3\}:[a-z0-9]*\)")
-}
-
-# tempImage creates a new image using the provided name
-# requires bats
-function tempImage() {
- dir=$(mktemp -d)
- run dd if=/dev/urandom of="$dir/f" bs=1024 count=512
- cat < "$dir/Dockerfile"
-FROM scratch
-COPY f /f
-
-CMD []
-DockerFileContent
-
- cp_t $dir "/tmpbuild/"
- exec_t "cd /tmpbuild/; docker build --no-cache -t $1 .; rm -rf /tmpbuild/"
-}
-
-# skip basic auth tests with Docker 1.6, where they don't pass due to
-# certificate issues, requires bats
-function basic_auth_version_check() {
- run sh -c 'docker version | fgrep -q "Client version: 1.6."'
- if [ "$status" -eq 0 ]; then
- skip "Basic auth tests don't support 1.6.x"
- fi
-}
-
-email="a@nowhere.com"
-
-# docker_t_login calls login with email depending on version
-function docker_t_login() {
- # Only pass email field pre 1.11, no deprecation warning
- parse_version "$GOLEM_DIND_VERSION"
- v=$version
- parse_version "1.11.0"
- if [ "$v" -lt "$version" ]; then
- run docker_t login -e $email $@
- else
- run docker_t login $@
- fi
-}
-
-# login issues a login to docker to the provided server
-# uses user, password, and email variables set outside of function
-# requies bats
-function login() {
- rm -f /root/.docker/config.json
-
- docker_t_login -u $user -p $password $1
- if [ "$status" -ne 0 ]; then
- echo $output
- fi
- [ "$status" -eq 0 ]
-
- # Handle different deprecation warnings
- parse_version "$GOLEM_DIND_VERSION"
- v=$version
- parse_version "1.11.0"
- if [ "$v" -lt "$version" ]; then
- # First line is WARNING about credential save or email deprecation (maybe both)
- [ "${lines[2]}" = "Login Succeeded" -o "${lines[1]}" = "Login Succeeded" ]
- else
- [ "${lines[0]}" = "Login Succeeded" ]
- fi
-
-}
-
-function login_oauth() {
- login $@
-
- tmpFile=$(mktemp)
- get_file_t /root/.docker/config.json $tmpFile
- run awk -v RS="" "/\"$1\": \\{[[:space:]]+\"auth\": \"[[:alnum:]]+\",[[:space:]]+\"identitytoken\"/ {exit 3}" $tmpFile
- [ "$status" -eq 3 ]
-}
-
-function parse_version() {
- version=$(echo "$1" | cut -d '-' -f1) # Strip anything after '-'
- major=$(echo "$version" | cut -d . -f1)
- minor=$(echo "$version" | cut -d . -f2)
- rev=$(echo "$version" | cut -d . -f3)
-
- version=$((major * 1000 * 1000 + minor * 1000 + rev))
-}
-
-function version_check() {
- name=$1
- checkv=$2
- minv=$3
- parse_version "$checkv"
- v=$version
- parse_version "$minv"
- if [ "$v" -lt "$version" ]; then
- skip "$name version \"$checkv\" does not meet required version \"$minv\""
- fi
-}
-
-function get_file_t() {
- docker cp dockerdaemon:$1 $2
-}
-
-function cp_t() {
- docker cp $1 dockerdaemon:$2
-}
-
-function exec_t() {
- docker exec dockerdaemon sh -c "$@"
-}
-
-function docker_t() {
- docker exec dockerdaemon docker $@
-}
-
-# build creates a new docker image id from another image
-function build() {
- docker exec -i dockerdaemon docker build --no-cache -t $1 - <> $2/ca.crt
-}
-
-install_test_certs $installdir
-
-# Malevolent server
-install_ca_file ./malevolent-certs/ca.pem $installdir/$hostname:6666
-
-# Token server
-install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5554
-install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5555
-install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5557
-install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5558
-append_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5600
-
diff --git a/contrib/docker-integration/malevolent-certs/ca.pem b/contrib/docker-integration/malevolent-certs/ca.pem
deleted file mode 100644
index b1675ab9a..000000000
--- a/contrib/docker-integration/malevolent-certs/ca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+TCCAeGgAwIBAgIQJMzVQNYVNTbh36kZUytWiDANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1OTA2WhcNMjgwODI2MjI1OTA2WjAmMREwDwYDVQQKEwhRdWlja1RMUzERMA8G
-A1UEAxMIUXVpY2tUTFMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe
-8rEU8xHh6BMYVRz/KhFftKSxS4dxJi2LoNN4fxzY6EgHNfBACt2MhIWaUSHf2YkF
-NsS/T7qZWq23NEuIJYUUwbJRAh/iQsEhCI56eV+aJX+DGd2SQQNKdx1Pt528LNws
-n8Ci8rEHTe6i2/U7n/DLqa32BWF3aShsVrchRgpizXezS7GLyFmhv0hi0zRKJgDG
-JebLeqe/BUtEOsS/Oa65NQTEO/5EZBzM74+4eRo5zyp9Uvw4edmOrXRXK1fK9gP3
-Fq/jz9+8b5eUd9vl0e9z/xTqMdicYZOUHuUtxM3hXAkkxcaVJqqqDe6URbJHpbaN
-8Vt/p/csFXMWj3oSokvDAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMB
-Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCC3NiX+2Qk3WB+TRNDPCtQ7Pw+
-o31SSqfF8m3fevT4mdrJqFAF4qUpDwgV9/9EkU4UBoIq03S91Dk/No0jR3VAzzRA
-h3+ul/7u08JriS/ZgVediodi7H8xeCz3nvZfAwCP2ZmHzDGp39Uhc3L3WFZImZuV
-fCDeSWF3c5CjJbdUuCYYFy6LwSFLPoBXZaNBL19XP9btJtjbNTm77PZJ4cELTQ+U
-r5Ofw9D9mCCYrapmprw7Fw9wdE+iLL9EJCHAj7L8UYshF4+7O7Jv3ZatySMWPbjS
-nIa2+eKl/sfvRvLZWV9dUSObVsm/bpv8bsHIKp4bYl+IDb2aoSWnw4eZQHDJ
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/malevolent-certs/localregistry.cert b/contrib/docker-integration/malevolent-certs/localregistry.cert
deleted file mode 100644
index cbb5f2ff6..000000000
--- a/contrib/docker-integration/malevolent-certs/localregistry.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFTCCAf2gAwIBAgIQfv/raCIVnmpXY74aUyohmDANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1OTA2WhcNMjgwODI2MjI1OTA2WjArMREwDwYDVQQKEwhRdWlja1RMUzEWMBQG
-A1UEAxMNbG9jYWxyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALedGn6gB0Km693mvJ8yz89wtfDs+SGjJi+XmJv0PYe6j5uToXQH2naXXIOZ
-lT9lmXd/RciZwn50aK4T6alu96D8yeLE13P+75rdrI9DWTNHsfx0jwRxUEXNazPI
-5Knwbf2MgGJfvHE6LjQ3FStJJ9f8JzryspIAYy5PJETuzoF7GsrUhgmcgQNqQcIx
-d81QwOnW3EHastTPIbUxQ3cbEKZMVmvsYSY60pQuw/syN7vGcR/uJQ6HsCUWTEpk
-LWFNJYudYnRIJ/mb6bGJ0tJhdlXKQ9+89oiEWZp9p1KMfyXesp8HeW8Jyoa06+Ri
-5U82r0oQgC0MI5AueueoNOmQyGsCAwEAAaM6MDgwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwGAYDVR0RBBEwD4INbG9jYWxyZWdpc3RyeTANBgkqhkiG9w0B
-AQsFAAOCAQEAGgUESvQoD/QGZQlY2NA4sauad/yMHVo7vs5TLiKxnAfJrnP1ycD6
-sqcbwCu6B1GU7fqGjKKgzXWXHTi4MiLi5bnh5Y2JBTABksGmzNAU1LbQJJkwsPnE
-GBF0RgUmcw7a+4qu3TqPJABOsl+RiUQ4VDzP3DFRbyigs2li+SjLTJepahDhAke9
-11lU/r3pm1cov9m0AsKSHrU777Hv5B7gmyJ1FO1Os7/KnkdHKUwiIZx0VW6Ho5H+
-IiCH7iKJ1tTxe3nkwjlkSXnx7xiLOG7QK1LtTNHzBumF4COSF1kvWvIqNhJeg482
-e38+Kzctl5iVbrB+JWY6roTQ26VLIdlS7A==
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/malevolent-certs/localregistry.key b/contrib/docker-integration/malevolent-certs/localregistry.key
deleted file mode 100644
index 90e5b7984..000000000
--- a/contrib/docker-integration/malevolent-certs/localregistry.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAt50afqAHQqbr3ea8nzLPz3C18Oz5IaMmL5eYm/Q9h7qPm5Oh
-dAfadpdcg5mVP2WZd39FyJnCfnRorhPpqW73oPzJ4sTXc/7vmt2sj0NZM0ex/HSP
-BHFQRc1rM8jkqfBt/YyAYl+8cTouNDcVK0kn1/wnOvKykgBjLk8kRO7OgXsaytSG
-CZyBA2pBwjF3zVDA6dbcQdqy1M8htTFDdxsQpkxWa+xhJjrSlC7D+zI3u8ZxH+4l
-DoewJRZMSmQtYU0li51idEgn+ZvpsYnS0mF2VcpD37z2iIRZmn2nUox/Jd6ynwd5
-bwnKhrTr5GLlTzavShCALQwjkC5656g06ZDIawIDAQABAoIBAQCw7oKJYkucvpyq
-x50bCyuVCVdJQhEPiNdTJRG5tjFUiUG4+RmrZaXugQx1A5n97TllHQ9xrjjtAd+d
-XzLaQkP8rZsdGfFDpXXeFZ4irxNVhtDMJMVr0oU3vip/TCaMW1Kh8LIGGZrMwPOk
-/S849tWeGyzycMwCRL1N8pVQl44G1aexTmlt/tjpGyQAUcGt3MtKaUhhr8mLttfL
-2r6wfZgvSqReURBMdn/bf+sMKnJrYnZLRv/iPz+YWhdk4v1OXPO3D4OlYwR8HwSo
-a9mOpPuC6lWBqzq8eCBU474aQw4FXaFwN08YkJKa4DqUrmadnd4o+ajvOIA4MdF5
-7OOsHQaBAoGBANcVQIM6vndN2MFwODGnF8RfeLhEf46VlANkZadOOa0/igyra865
-7IR4dREFFkSdte8bj6/iEAPeDzXgS4TRsZfr2gkhdXuc2NW4jTVeiYfWW3cgKfW+
-7BQiHXsXCDeoZ1gXq/F5RmD8ue0TkP+IclWR52AM5e1MzfAuZzaIFNJFAoGBANqL
-Q925GxuDamcbuloxQUBarXPJgBDfTWUAXAJVISy80N3av45Y0gyoNjPaU7wHNtU9
-ppnYvM47o1W4qe9AkTtuU79T1WwXFr5T+4Ehm5I8WDHQwkzWGd+WlWkDidLWuvlx
-ZkzwQGp3KOTJhO20lpOtCbnOa627Op/zLhCBQzLvAoGAFF4A0+x2KNoIUpkL2TfX
-elMIHXrvEVN8xq11KtivgYZozjZVaSgWC51UiJ4Qs8KzfccAXklr9tHKYvGwdQ1e
-YeKFrSOr+l6p8eMeDBW9tE1KMAetsYW42Vc5r3RI5OxfjOoA8EbpsTl9acPWkTwc
-h5nfbSsLguMpBTt/rpxITHkCgYEAnKwwSBj25P+OXULUkuoytDcNmC+Bnxbm/hyG
-2ak78j2eox26LAti8m35Ba1kUCz/01myQSLPIC5DByYutXWdaHTMlyI7o5Td2i6M
-5GM6i1i1hWj6kmj+/XqPvEwsFzmXq1HvnAK0u16Xs4UAxgSr2ky35zujmFXcTmTg
-xjZU/YMCgYEAqF93h8WfckZxSUUMBgxTkNfu4MJlbsVBzIHv6TJY95VA49RcRYEK
-b7Xg+RiNQ42QGd8JBXZ50zQrIDhdd/yJ0KcytvW7WdiEEaF3ANO2QesygmI50611
-R76F8Bj0xnoQUCbyPuMOLRfTwEaS1jBG7TKWQXTaN0fm4DxUU0KazxU=
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/malevolent.bats b/contrib/docker-integration/malevolent.bats
deleted file mode 100644
index 36cfe360f..000000000
--- a/contrib/docker-integration/malevolent.bats
+++ /dev/null
@@ -1,192 +0,0 @@
-#!/usr/bin/env bats
-
-# This tests various expected error scenarios when pulling bad content
-
-load helpers
-
-host="localregistry:6666"
-base="malevolent-test"
-
-function setup() {
- tempImage $base:latest
-}
-
-@test "Test malevolent proxy pass through" {
- docker_t tag $base:latest $host/$base/nochange:latest
- run docker_t push $host/$base/nochange:latest
- echo $output
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- run docker_t pull $host/$base/nochange:latest
- echo "$output"
- [ "$status" -eq 0 ]
-}
-
-@test "Test malevolent image name change" {
- imagename="$host/$base/rename"
- image="$imagename:lastest"
- docker_t tag $base:latest $image
- run docker_t push $image
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- # Pull attempt should fail to verify manifest digest
- run docker_t pull "$imagename@$digest"
- echo "$output"
- [ "$status" -ne 0 ]
-}
-
-@test "Test malevolent altered layer" {
- image="$host/$base/addfile:latest"
- tempImage $image
- run docker_t push $image
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- # Remove image to ensure layer is pulled and digest verified
- docker_t rmi -f $image
-
- run docker_t pull $image
- echo "$output"
- [ "$status" -ne 0 ]
-}
-
-@test "Test malevolent altered layer (by digest)" {
- imagename="$host/$base/addfile"
- image="$imagename:latest"
- tempImage $image
- run docker_t push $image
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- # Remove image to ensure layer is pulled and digest verified
- docker_t rmi -f $image
-
- run docker_t pull "$imagename@$digest"
- echo "$output"
- [ "$status" -ne 0 ]
-}
-
-@test "Test malevolent poisoned images" {
- truncid="777cf9284131"
- poison="${truncid}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa32"
- image1="$host/$base/image1/poison:$poison"
- tempImage $image1
- run docker_t push $image1
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- image2="$host/$base/image2/poison:$poison"
- tempImage $image2
- run docker_t push $image2
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
-
- # Remove image to ensure layer is pulled and digest verified
- docker_t rmi -f $image1
- docker_t rmi -f $image2
-
- run docker_t pull $image1
- echo "$output"
- [ "$status" -eq 0 ]
- run docker_t pull $image2
- echo "$output"
- [ "$status" -eq 0 ]
-
- # Test if there are multiple images
- run docker_t images
- echo "$output"
- [ "$status" -eq 0 ]
-
- # Test images have same ID and not the poison
- id1=$(docker_t inspect --format="{{.Id}}" $image1)
- id2=$(docker_t inspect --format="{{.Id}}" $image2)
-
- # Remove old images
- docker_t rmi -f $image1
- docker_t rmi -f $image2
-
- [ "$id1" != "$id2" ]
-
- [ "$id1" != "$truncid" ]
-
- [ "$id2" != "$truncid" ]
-}
-
-@test "Test malevolent altered identical images" {
- truncid1="777cf9284131"
- poison1="${truncid1}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa32"
- truncid2="888cf9284131"
- poison2="${truncid2}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa64"
-
- image1="$host/$base/image1/alteredid:$poison1"
- tempImage $image1
- run docker_t push $image1
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- image2="$host/$base/image2/alteredid:$poison2"
- docker_t tag $image1 $image2
- run docker_t push $image2
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
-
- # Remove image to ensure layer is pulled and digest verified
- docker_t rmi -f $image1
- docker_t rmi -f $image2
-
- run docker_t pull $image1
- echo "$output"
- [ "$status" -eq 0 ]
- run docker_t pull $image2
- echo "$output"
- [ "$status" -eq 0 ]
-
- # Test if there are multiple images
- run docker_t images
- echo "$output"
- [ "$status" -eq 0 ]
-
- # Test images have same ID and not the poison
- id1=$(docker_t inspect --format="{{.Id}}" $image1)
- id2=$(docker_t inspect --format="{{.Id}}" $image2)
-
- # Remove old images
- docker_t rmi -f $image1
- docker_t rmi -f $image2
-
- [ "$id1" == "$id2" ]
-
- [ "$id1" != "$truncid1" ]
-
- [ "$id2" != "$truncid2" ]
-}
-
-@test "Test malevolent resumeable pull" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
- version_check registry "$GOLEM_DISTRIBUTION_VERSION" "2.3.0"
-
- imagename="$host/$base/resumeable"
- image="$imagename:latest"
- tempImage $image
- run docker_t push $image
- echo "$output"
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- # Remove image to ensure layer is pulled and digest verified
- docker_t rmi -f $image
-
- run docker_t pull "$imagename@$digest"
- echo "$output"
- [ "$status" -eq 0 ]
-}
diff --git a/contrib/docker-integration/nginx/Dockerfile b/contrib/docker-integration/nginx/Dockerfile
deleted file mode 100644
index 17f999d24..000000000
--- a/contrib/docker-integration/nginx/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM nginx:1.9
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY registry.conf /etc/nginx/conf.d/registry.conf
-COPY docker-registry-v2.conf /etc/nginx/docker-registry-v2.conf
-COPY registry-noauth.conf /etc/nginx/registry-noauth.conf
-COPY registry-basic.conf /etc/nginx/registry-basic.conf
-COPY test.passwd /etc/nginx/test.passwd
-COPY ssl /etc/nginx/ssl
-COPY v1 /var/www/html/v1
diff --git a/contrib/docker-integration/nginx/docker-registry-v2.conf b/contrib/docker-integration/nginx/docker-registry-v2.conf
deleted file mode 100644
index 65c4d7766..000000000
--- a/contrib/docker-integration/nginx/docker-registry-v2.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-proxy_pass http://docker-registry-v2;
-proxy_set_header Host $http_host; # required for docker client's sake
-proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
-proxy_read_timeout 900;
diff --git a/contrib/docker-integration/nginx/nginx.conf b/contrib/docker-integration/nginx/nginx.conf
deleted file mode 100644
index 543eab69e..000000000
--- a/contrib/docker-integration/nginx/nginx.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
-
- keepalive_timeout 65;
-
- include /etc/nginx/conf.d/*.conf;
-}
-
-# Setup TCP proxies
-stream {
- # Malevolent proxy
- server {
- listen 6666;
- proxy_pass malevolent:6666;
- }
-
- # Registry configured for token server
- server {
- listen 5554;
- listen 5555;
- proxy_pass registryv2token:5000;
- }
-
- # Token server
- server {
- listen 5556;
- proxy_pass tokenserver:5556;
- }
-
- # Registry configured for token server with oauth
- server {
- listen 5557;
- listen 5558;
- proxy_pass registryv2tokenoauth:5000;
- }
-
- # Token server with oauth
- server {
- listen 5559;
- proxy_pass tokenserveroauth:5559;
- }
-}
diff --git a/contrib/docker-integration/nginx/registry-basic.conf b/contrib/docker-integration/nginx/registry-basic.conf
deleted file mode 100644
index 117ea5849..000000000
--- a/contrib/docker-integration/nginx/registry-basic.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-client_max_body_size 0;
-chunked_transfer_encoding on;
-location /v2/ {
- auth_basic "registry.localhost";
- auth_basic_user_file test.passwd;
- add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
- include docker-registry-v2.conf;
-}
diff --git a/contrib/docker-integration/nginx/registry-noauth.conf b/contrib/docker-integration/nginx/registry-noauth.conf
deleted file mode 100644
index 6e182d446..000000000
--- a/contrib/docker-integration/nginx/registry-noauth.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-client_max_body_size 0;
-chunked_transfer_encoding on;
-location /v2/ {
- include docker-registry-v2.conf;
-}
diff --git a/contrib/docker-integration/nginx/registry.conf b/contrib/docker-integration/nginx/registry.conf
deleted file mode 100644
index e693d569a..000000000
--- a/contrib/docker-integration/nginx/registry.conf
+++ /dev/null
@@ -1,260 +0,0 @@
-# Docker registry proxy for api version 2
-
-upstream docker-registry-v2 {
- server registryv2:5000;
-}
-
-# No client auth or TLS
-server {
- listen 5000;
- server_name localhost;
-
- # disable any limits to avoid HTTP 413 for large image uploads
- client_max_body_size 0;
-
- # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
- chunked_transfer_encoding on;
-
- location /v2/ {
- # Do not allow connections from docker 1.5 and earlier
- # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
- if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
- return 404;
- }
-
- include docker-registry-v2.conf;
- }
-}
-
-# No client auth or TLS (V2 Only)
-server {
- listen 5002;
- server_name localhost;
-
- # disable any limits to avoid HTTP 413 for large image uploads
- client_max_body_size 0;
-
- # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
- chunked_transfer_encoding on;
-
- location / {
- include docker-registry-v2.conf;
- }
-}
-
-# TLS Configuration chart
-# Username/Password: testuser/passpassword
-# | ca | client | basic | notes
-# 5440 | yes | no | no | Tests CA certificate
-# 5441 | yes | no | yes | Tests basic auth over TLS
-# 5442 | yes | yes | no | Tests client auth with client CA
-# 5443 | yes | yes | no | Tests client auth without client CA
-# 5444 | yes | yes | yes | Tests using basic auth + tls auth
-# 5445 | no | no | no | Tests insecure using TLS
-# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS
-# 5447 | no | yes | no | Tests client auth to insecure
-# 5448 | yes | no | no | Bad SSL version
-
-server {
- listen 5440;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
- include registry-noauth.conf;
-}
-
-server {
- listen 5441;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
- include registry-basic.conf;
-}
-
-server {
- listen 5442;
- listen 5443;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-noauth.conf;
-}
-
-server {
- listen 5444;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-basic.conf;
-}
-
-server {
- listen 5445;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
- include registry-noauth.conf;
-}
-
-server {
- listen 5446;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
- include registry-basic.conf;
-}
-
-server {
- listen 5447;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-noauth.conf;
-}
-
-server {
- listen 5448;
- server_name localhost;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
- ssl_protocols SSLv3;
- include registry-noauth.conf;
-}
-
-# Add configuration for localregistry server_name
-# Requires configuring /etc/hosts to use
-# Set /etc/hosts entry to external IP, not 127.0.0.1 for testing
-# Docker secure/insecure registry features
-server {
- listen 5440;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
- include registry-noauth.conf;
-}
-
-server {
- listen 5441;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
- include registry-basic.conf;
-}
-
-server {
- listen 5442;
- listen 5443;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-noauth.conf;
-}
-
-server {
- listen 5444;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-basic.conf;
-}
-
-server {
- listen 5445;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
- include registry-noauth.conf;
-}
-
-server {
- listen 5446;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
- include registry-basic.conf;
-}
-
-server {
- listen 5447;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
- ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
- ssl_verify_client on;
- include registry-noauth.conf;
-}
-
-server {
- listen 5448;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
- ssl_protocols SSLv3;
- include registry-noauth.conf;
-}
-
-
-# V1 search test
-# Registry configured with token auth and no tls
-# TLS termination done by nginx, search results
-# served by nginx
-
-upstream docker-registry-v2-oauth {
- server registryv2tokenoauthnotls:5000;
-}
-
-server {
- listen 5600;
- server_name localregistry;
- ssl on;
- ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
- ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
-
- root /var/www/html;
-
- client_max_body_size 0;
- chunked_transfer_encoding on;
- location /v2/ {
- proxy_buffering off;
- proxy_pass http://docker-registry-v2-oauth;
- proxy_set_header Host $http_host; # required for docker client's sake
- proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_read_timeout 900;
- }
-
- location /v1/search {
- if ($http_authorization !~ "Bearer [a-zA-Z0-9\._-]+") {
- return 401;
- }
- try_files /v1/search.json =404;
- add_header Content-Type application/json;
- }
-}
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+ca.pem b/contrib/docker-integration/nginx/ssl/registry-ca+ca.pem
deleted file mode 100644
index 9ff26b419..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+ca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+TCCAeGgAwIBAgIQVhmtXJ4fG4BkISUkyZ65ITANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1MjMwWhcNMjgwODI2MjI1MjMwWjAmMREwDwYDVQQKEwhRdWlja1RMUzERMA8G
-A1UEAxMIUXVpY2tUTFMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
-J/SLv0dL7UXaNSEAdTMV8+rOFMcQNov/xLWa1mO+7zNZXHIdM+i1uQTHTdhuta6R
-wfqkruPMZ9sqK7G9UIPi11ynkdTiZKRCvCr2VMc/uf5WuIsZE1JXXknSNee1TMmV
-Je8TUJsRjEyQDbxn5qUAJLi8yj/O7W8wsnVHdySKMbaLN6v75151TxiIuOoncCHQ
-yzz10DzjXfXYajuheu+MLy/rjNGDj0gys4yQZAHlQWY9Lsiiix9rBdXQjVc3q2QT
-VM5v3pMjXcPweaIbTWJnbOgmy+267kX6kQpUfZRE55dQt6mPtPQ2idPvqPP3TXwa
-AFH39cz/pPifIZApDfZFAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMB
-Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB93GckXcLcfNdg9C0xMkvByPQJ
-dcy0GT991eZ/bNC39AXrmCSfn6a1FRlWoiCOSOW1NIZWQQ7jDep/T585vq2jN7KX
-hT/z3iIdNWR+Amvo4pyJ93u2D3uG/bmmguAr62jyIgrJudQ3+Mnd+bj/J33XzAgc
-d4ZGPvCmKtn8cTKzyS8rjy1oPSUm6pZnfk41MgMWrGuS5HkC3Aa7jo/4RdgGOJpm
-nUdz2FGfW/+gwXRy2e94V7ijjz+YwpzL0wHPyXyAm7GwJ7mfvPOZrQOLLw4Z9OaK
-R76t4NZBo5TmtvW5zQVsv3sPRnuqcmR0q6WR/fEuMafVtRVOVuDrZlSy0EtA
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem
deleted file mode 100644
index db8c2e896..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+client-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+TCCAeGgAwIBAgIRAMGmTKEnobjz4ymIziTsFuMwDQYJKoZIhvcNAQELBQAw
-JjERMA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE4MDUy
-MTIyNTIzMVoXDTI4MDgyNjIyNTIzMVowEzERMA8GA1UEChMIUXVpY2tUTFMwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFrwVi+BAvng9TebwOLg2Juzg
-wnW2Lv2EOqpSYmlZLLub46/W+ktqrcb+nBMBwnbON0woCbMArONuiRk7BATnmLH8
-1e6I9Rax1nCaEpKhhH/b3T9PjwvzrXC+NIqeC46E7AEneAdBa4L/x27F/npLJy7X
-PAwcH9ImvACJ9csIObjFnGXNTwtGA2SMIOCiNv3lpyb/Yx20EqBcj+etz8XBjAIS
-46z0JDAtYAbJgIs7Ek2XQSrUud18jopzK9mrT9YvA4tDu9Woj70IXdZfOeb0W6Y+
-aBbEoHvqFtyeG7BStNszM7n6CTcJAqpHOMlYQPeRjtMwb2Ffw86NvxkfrjoNAgMB
-AAGjNTAzMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNV
-HRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBv1MfAYTymtDeA62N86QFOwASq
-ah2BQqfHvUzcM0U/H6YDEYUEKX2RFOtGwOwSBXr6v7JmU4KuE6tA6s+XWjD/lLr7
-CqWvJfZNP6zARL+MqbZjSmyymtuXaXH4eNVgN0aaGifhUSMDsg0qyZwG8isMN4hG
-kd0y1nNCn+Q3V7oe3NfjfdjviLU9PNNBQFbKRJJRQ6y267lFoWwlaHwtNyvDupVi
-f+JFMiuG3o+upqBF8UFUV8Of4VL6UcJI0OoF4ngTFzn3gRYaYKmkYawUmIr9vvg7
-oQccajcN1iNArnZwXK3lKSERybrUEiUZ4uZ69wVlXzE2TemhW1iYfrTU1cya
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+client-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+client-key.pem
deleted file mode 100644
index 12be8f5db..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAmha8FYvgQL54PU3m8Di4Nibs4MJ1ti79hDqqUmJpWSy7m+Ov
-1vpLaq3G/pwTAcJ2zjdMKAmzAKzjbokZOwQE55ix/NXuiPUWsdZwmhKSoYR/290/
-T48L861wvjSKnguOhOwBJ3gHQWuC/8duxf56Sycu1zwMHB/SJrwAifXLCDm4xZxl
-zU8LRgNkjCDgojb95acm/2MdtBKgXI/nrc/FwYwCEuOs9CQwLWAGyYCLOxJNl0Eq
-1LndfI6KcyvZq0/WLwOLQ7vVqI+9CF3WXznm9FumPmgWxKB76hbcnhuwUrTbMzO5
-+gk3CQKqRzjJWED3kY7TMG9hX8POjb8ZH646DQIDAQABAoIBAE2SfnOWbHoLqXqr
-WkS7OTnB1OS94Qarl2NXKWG6O3DyTSyIroBal1cITzLkncj3/lmIiyVo5J3Fa+W8
-zV/hgRqay5gOlzyJrjgvTZazHPCFRN0KABJsYEb3nNeUmehAxynxqg8VpQlxN4zO
-+NxiZWyqODGRAEO0XVa0tMy/Wcw0guD18+U9GYiYQi3d7NEHTt5d8CX9VKY/bHKR
-+ecC/lr7URnA/8FM60mKI6MAiHPxyUjJ7/6dq1goG8dDHcAtOEEIawECQtRfQ+Dn
-RL55nDPRYNviXRgr8u61TFm8zgkTUQy2MLRkHAyP0IBLUiMpqDdmXB4LNMQQSrsY
-0FyinIECgYEAy3eT5ZUb/ijGsWUT/DizUoetFfg8X4LV+HRLXdlxfcOYB3Elbeks
-JPC+Tdm33nB0lqo3hLVNPB9yqJiPOOaWQPpWBImOeitpmDRAagjwUewJwLY9RmKT
-RD0+YyCC0SwvSDFDsWF+ncW/8XpobvetCSC6mmjX6Wr070yHkhDeeC0CgYEAwd9v
-P+TjgWVyL5YRiOJ+wjR7ZKpHCiSSxSTjIhq40hs5LtHddSk9e/+AU0otcMExzCqN
-E4f/e05a6TD5CFAgmUMK7nb49ept3ENVoD+M13K3tTaTyeZghwYNNK56osDtdCgc
-c68jQAy81gU7iRt30xbLVV6HgGdrSrWN8D8DFWECgYABkV1RYpHBppzJVycNRX6U
-PzllNvF4JvDxJixCf99xAaXVQNjx/N77NeOxg+D31NQBKTSeUCtVMETY6bwIyzYT
-MBqjlE/FvznkE1r/tivr5a65jm3wcegCmZo2d1SqufVvT/nejwrDunddK/1MBZqO
-vHLTp8UqJknW4jcVOA4OzQKBgG7BdozJ9i62BcWptdq9iizoTpXzsSHaQv7dU+Tn
-3y4o30IgIqQMK1PrYyQx/EOuGwTISlAeIZYP7V/K2nolTHpCEryouxHCG4D59rDV
-nWB36PtdcpClS//XNTQjeWwBS6ZQQ/DS3RB6NmcOFjT9vDabjw32MvLoIiNMFQpq
-9RgBAoGARQnQ94oH98m/iheJpzaM9NhQhAoXSi4w19FySCtnyZTYTd0A7hjRzsSl
-DeoAkIGDHyy33RPK/kPtA6dxM/DQ00IkkwH4soaDDbnCmagdw4NnY8eA1Y/KSbd+
-XNNm+sDafoVyCojtsTA7bripKB8q5vPYo3qRLfQ7dwMeRPYblPI=
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+localhost-cert.pem b/contrib/docker-integration/nginx/ssl/registry-ca+localhost-cert.pem
deleted file mode 100644
index a76a4df8e..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+localhost-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDTCCAfWgAwIBAgIQfzdVwVz4igfdJPd6SW/ENTANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1MjMwWhcNMjgwODI2MjI1MjMwWjAnMREwDwYDVQQKEwhRdWlja1RMUzESMBAG
-A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-v+H3BTOGLRYjyPx+JQQcP5r8HHBmjknflE6VcrbRD5VGx8192hwsjAdlL0kz1CEq
-FW2KQidJieDi8iIh9BWB8lsTQ51xZGnry6CbVXxTbv1Ss8ci9r8Cm3GPjWy5gqTi
-DTUUQez8xq29gUod4ZvRoJ8jl/eI7gF7MBFakv7tZQ40SHcogjQoG7nKMXG1VOhX
-D4kM120E+hW9x0U3j0SaCIYl6bG2RHIvUMlrVnj4es6JBVzqItkhAwugE6ytneOh
-VxWQ/7e8qKW2+lVsPnH/zjNES0j/9XYgVCjwkgirxjs2eZRIS5Mg14DdYqfQ9MRQ
-EoyQxl3xcDxjqPocMgGYHwIDAQABozYwNDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T
-AQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEB
-ACU0E2BAdqjVvO06ZyHplxxQ4TQxK9voBCTheC2G7oFaM4VLFf48GgoMkvbsMGyd
-1JqIACCDuSJ5UVjmWm6VIDZrnRsf/BbQCTZXKQd4ONLL5DU/OPjAFKGeCpAK51yj
-OMHdw3cQmMCEpMH9HHJ+iB3XWLcDKPAxTkcsBytC9VLUgU7Q4+3eYIT/j/ug+y4G
-W4A0cmdDDuozwBAPXj7ZLKdVlkUFka8WjQAJesHTIifS1bfahGiSNVJbYjXbGoML
-d0IeGMd1lXlc2M+ygqZsSM2ErzndNdvDs7S6u/FIICm7uW6P2naPeMtedb2orO6Q
-5O3gRtj/UQjegI0XV4YO2TQ=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+localhost-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+localhost-key.pem
deleted file mode 100644
index 8d58ca8ec..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+localhost-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAv+H3BTOGLRYjyPx+JQQcP5r8HHBmjknflE6VcrbRD5VGx819
-2hwsjAdlL0kz1CEqFW2KQidJieDi8iIh9BWB8lsTQ51xZGnry6CbVXxTbv1Ss8ci
-9r8Cm3GPjWy5gqTiDTUUQez8xq29gUod4ZvRoJ8jl/eI7gF7MBFakv7tZQ40SHco
-gjQoG7nKMXG1VOhXD4kM120E+hW9x0U3j0SaCIYl6bG2RHIvUMlrVnj4es6JBVzq
-ItkhAwugE6ytneOhVxWQ/7e8qKW2+lVsPnH/zjNES0j/9XYgVCjwkgirxjs2eZRI
-S5Mg14DdYqfQ9MRQEoyQxl3xcDxjqPocMgGYHwIDAQABAoIBABbp0ueqGXG03R0Z
-Ga8t6Hmn9kcnHPgM1kgNgkcqkZh8yPD/FvI+vwsRrwGQikHgm/fnFsWDj4KJelBT
-xx4wm03nlktSt8G37FJqoWH58LSmR4P0WbaBZLxPOUc4Hob9TYkqN3sP47eN871G
-rn7MbqHxnvx8sLtLLfy1dc1r58lTTZB7YL1OPV7B/VYhYFDtpkUBvadV+WJ7SJ5G
-UHrBsshOUJbUI4ahmc8izi40yDw+A0LRhtj3i7aFr2Og+vCq9M8NXDjhdOu9VBkI
-fvniC6worJk/GnQDJ/KT5Uqfejdd3Pq7eHp11riqwua8+/wi726zRz9perFh/3gJ
-pYjaY+ECgYEA+ssW+vJRZNHEzdf8zzIJxHqq9tOjbQK9yyIPQP5O4q9zKvDJIpnX
-T31aZTLGy0op+XA9GJ7X0/d1tqo3G2wNBsFYWPn3gmVVth/7iHxRznorNfmsuea7
-1gFm19StL2+q8PaZ4fx9vUcWwDHlALYTYlTaazms6z9FWD/KbB8kiWkCgYEAw93H
-Pp12ND3f6p2rYbXPfHJ0aAUbrQR4wRG3ipVWXGjvn2h/CbrLAt5W1wB3iwnWwatX
-opdbfzjxgb0wRQHSPNVj3/SOHr8E5zH/mw+eV7mOea4xlCLTSIAJNzW1320hwsbw
-FrEC5qe41PrbMUu+4LvXPkHCKVxRXaV4QX4YHEcCgYEAurjegTRM+X1cw81dwn4E
-265g/6iO8qip2kWficpNvWTXoE7p0cMslVhFJzdo3w52teqk8mHBW2XQ1JFiuh32
-jOMC/iwN5Z3A9PpW8kVtOwemiGc9/KMXkrw0b9k+oCTJ5uITrDeq/nOhMrNzRtZJ
-FFsMy+yDHBtda9kCwwFk2JECgYBQUpbu+qwK6IT3NgmeXGzmYBmUvuOGpJrQsm9O
-iceMxgvel3/hgZTXbE64hRyBDFvhuF6L8v42widoSSmOYxzQjcITibruqO9d0Ic+
-E72fxBzFkcYLNezngnpFBeW75ok900+KPrUt2gJWdTmGkcWJa/7tLRJu28kSWlVi
-pk9E6QKBgDH2Uh61ToeNq8Gbnue3pnhUddHELRFQfwHHaa4tFrXBHuPLKqkVefKT
-A58awVoPpKTECROeyqe2DJXg9EdSVzKyhg217N/07NRaunfCJ9/TSpFy+5Xls7Rl
-U7zK25S1/13KZ6rGVHpmP6Q82VSnsHkPtUfDo3A29llqIQ8je43Y
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-cert.pem b/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-cert.pem
deleted file mode 100644
index 633a126d0..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFTCCAf2gAwIBAgIQM3khHYh+82EC0qR1Pelk2DANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1MjMxWhcNMjgwODI2MjI1MjMxWjArMREwDwYDVQQKEwhRdWlja1RMUzEWMBQG
-A1UEAxMNbG9jYWxyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAKA8e9cUSyasRtEHw3yGW5lFCnnZIN+SSvykAOynt9LLKzU5G5ge3ekBtzsl
-HE1ndeYjy/dK7XkECQBQ0csF+KSacU5QiZek8g6btH94HDwltCq1I8f1E8LQFP6k
-483MKZUDeNNnHzbuK9xsMjYOCrJWGysLHnKjzK/+yfVPwTm9tmUVRqd4xjw1oYY6
-C7iCffIWn7+dQKDjHrn+KyheIy244v5y63AaxgPfjHrtvJtz1vPqxi+FyzDM7RfZ
-GIjklC6KaKHmxvUsB0hO4WNb9kt8FBvnxOxuDKf+rUYKTg6JK72O3TaUauiEvE2X
-SKT0vYpLoep5hc9ns/yh3BuuznECAwEAAaM6MDgwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwGAYDVR0RBBEwD4INbG9jYWxyZWdpc3RyeTANBgkqhkiG9w0B
-AQsFAAOCAQEAMt/lnR3Wy99X/knvjtg7wsPz5T9sZ5hGy/9sIm8sFdsqt5NZi9IY
-vS+eyij1yHvOU+pqOxsYQ2NG26CS0CKM3JWLJTo/w8GyiSwxL8a1/UxHmTxDnSMH
-cYZRsuPtdkTiAuZhoT5I1ZTsOa7MQF25HiFBL6Ei88FFhcQQjJ7+xYDNhSoddMtz
-U8mUY6NOENmvE86QMjWjaj1PXPLO8PxPIqw482Ln/95pHzuaxAYMvxhs2aQlBS1/
-9+vi6VOkbQna9+crmzniXjZDx5QdvMN2QwzFL4hCgqbebVg0zwjhByOwQIjtNEXE
-gqxjLkTNOdSva6Fkk/z8BD2XSZ4L+nM3Mw==
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-key.pem b/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-key.pem
deleted file mode 100644
index c7af00b5c..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-ca+localregistry-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAoDx71xRLJqxG0QfDfIZbmUUKedkg35JK/KQA7Ke30ssrNTkb
-mB7d6QG3OyUcTWd15iPL90rteQQJAFDRywX4pJpxTlCJl6TyDpu0f3gcPCW0KrUj
-x/UTwtAU/qTjzcwplQN402cfNu4r3GwyNg4KslYbKwsecqPMr/7J9U/BOb22ZRVG
-p3jGPDWhhjoLuIJ98hafv51AoOMeuf4rKF4jLbji/nLrcBrGA9+Meu28m3PW8+rG
-L4XLMMztF9kYiOSULopooebG9SwHSE7hY1v2S3wUG+fE7G4Mp/6tRgpODokrvY7d
-NpRq6IS8TZdIpPS9ikuh6nmFz2ez/KHcG67OcQIDAQABAoIBABNXmb9ZtMSjUR0U
-adWTRmVW/y+8NQqn1yNuDKqEiF0Kp1mSXjFbsH/a9CpQjX0Oex3fvlRImCfeg9Ok
-7d4rB1ufRQQmFqXWhF2dEAm/DvF3v6rUGNCfVdZTVeVzNAh4l6BkPeaO8SapU2QV
-L250/XePi1ID0pYWDbRE9k4FZZa5je3mTctn3s1PHp6xxQdyDHfxZmCZImwZcErj
-joBoQldvUUfjqXCY9SgRJ/MQSNeJoJvPwXmYokpqxfv2sP+JlQgXEcO3Ihj9IkGx
-avMFR3yGdWWLxmE3zzypXvFI+My0E035fEjcObspVOgqxJJUCWLSwWtVAo9shFgO
-fPnfv70CgYEAxqVNQ4eEf8HRDN7Ygr9yruqN5NxXKJKBqOT+OlTAiCtrm6iRFkR/
-WOFA3Ewjk5dxnVBvXHhTZoS2yfIVj8Pz7wbcoigfT+ia4JcAW8xQTs1CV/Xz8JsN
-ChUH3ee2POue/AAxf25yDBGH3fKq34aqL9WNDmaUz+hDCo4r3/hfVZ8CgYEAzoAv
-tBxwE/VUwkmWzv40WI9J4GSh7lYo4d8Z2TR6FRSxgb0Uf3C3GiGKuLf9EMilL3ae
-i/Dsb0CVn2sfLdSNFlxj1l8V4R8JfXST2Tn4g1pv6Hs3LEXJtlncg5/1DiMtfrqW
-quJtKuv8xO+5rbfqtmMYduf4ELkwg1uJJBc/we8CgYBZkUMrRbl6mXuXIAvjuEsP
-j3b3UFqEUrrf2pC+4GQHgfx9LR5uOehpvPcv3azU6Z4y3oe33BFO0lxQ5jTOo/4j
-Mqbc/tZPg4QB7FQfEBrNzUMywhWB0Yepmh338nh7M4p1+ehXmwcVZforGzXsn52w
-/8sgSSSkMge4hK5HyIfD5QKBgHVr6rROH2UZ8dJwqfKWFgntoKKaVoICOEkH5dje
-wDTQiYcuj0NQQq33OLyE0sACd/ufRdRpcOhqHyqBbT9QR9HZQ2QYuYZDcdAGxDOX
-hTqb6FqYBe2E2Yh5XKzz/hLF6g7P5vDQxCbN/fO2JS0lEbAYdUbX7PUFeRKYsEj3
-d2e9AoGAMrejS2Ic64k2I8VyYapEJ1SUaCeNCj7yR67QVtXJWvmYeu9tsUy9bxGC
-FmZuEIUnQV5KZUCKG26GKq/0NiT0Umc38zlUSJzDVM9LUHEt5K066RhVEBp3Fds5
-VIGgI1BkHeMKfhve0wwAbFECL+rzC9ihb6uNxZywlfeyfKN6ga8=
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+client-cert.pem b/contrib/docker-integration/nginx/ssl/registry-noca+client-cert.pem
deleted file mode 100644
index 06d3824a7..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+client-cert.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+DCCAeCgAwIBAgIQTCXTJncsLpgueaMqQF6AiTANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1NzI4WhcNMjgwODI2MjI1NzI4WjATMREwDwYDVQQKEwhRdWlja1RMUzCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0fYn9wE7phMA6CFT6gv7mDpzSB
-LkebCxj3LfU/isdgXvtXUn+BKIolvav7oJyTyz1R0NzX5uXxEERMBUW89KWvPLPK
-o3d47MWMcAgiYx2+FeGZo1cjq3IRVKyg3WRVw2rO0YNL3K1QCS93A+IdA/05muwt
-346XJ2FV0tPmETn6t+So2e9ZXh+uJjcCHq4XpJAJznCwemzzRpDe7nG5sYZqq+Oz
-zBQ/bTC8rOdqW5woH/GhQHYHcKf1taPLmDLczVPQCqS3LAEK5EOUElfpQykfkZI4
-clOZBhJ0e5zNEBTB/XRd7uuUA57Ig58l7hbX0fUPHgS9MF1z9CXJ40BSm/sCAwEA
-AaM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1Ud
-EwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHKH54KZdpvcLRIJK4yeSqwOigYp
-0NHM9U8RlHjmf5Tp9lCtZpVrkfUtg9rXytekAXfd6GaNex7swTMNPnJBGgaQ2vA8
-0jdtKfe6AcHTYQV1rs0qunlR8i26cNhYblKPJjYYA6FBzTTtybXhHYG9xvYpSVpo
-XcrsC81DYK6nMiQMRYuT7RO/rtI4Tzx+laYc0lYgBzf6pXUjXycgAuJ5+cWT8DDn
-OxPXbfAxfzc6jYfsigwzdOCnuIomFogm8ad47ApTTTLFrVtqCNJAKCu7HufEbB2G
-OKWvl9NmTPYetS6MO5LqLAWcf/uRPn+lufHeTfBWIDD5zbJ2+ATP+mQQ2d0=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+client-key.pem b/contrib/docker-integration/nginx/ssl/registry-noca+client-key.pem
deleted file mode 100644
index 3d03fd1f4..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvR9if3ATumEwDoIVPqC/uYOnNIEuR5sLGPct9T+Kx2Be+1dS
-f4EoiiW9q/ugnJPLPVHQ3Nfm5fEQREwFRbz0pa88s8qjd3jsxYxwCCJjHb4V4Zmj
-VyOrchFUrKDdZFXDas7Rg0vcrVAJL3cD4h0D/Tma7C3fjpcnYVXS0+YROfq35KjZ
-71leH64mNwIerhekkAnOcLB6bPNGkN7ucbmxhmqr47PMFD9tMLys52pbnCgf8aFA
-dgdwp/W1o8uYMtzNU9AKpLcsAQrkQ5QSV+lDKR+RkjhyU5kGEnR7nM0QFMH9dF3u
-65QDnsiDnyXuFtfR9Q8eBL0wXXP0JcnjQFKb+wIDAQABAoIBAGQFxk1KFFT9c7Io
-oF3IHL5b38HIFJbwbBUfHaJYoehCktlxXINs5ujxfvgHk/FbxSDANaunUEoKjaTh
-Y+R3RBigroUURhI41VjBprrWnP8s+lufqyC6D8G7YsIOLikTps/FZE+Bfsv2yXTe
-CCK9X8+8eLAyrsq2LLCw+Fjzk+bKRj+zE1bUR2MqNYtRNOFizDR0DCy/f+OltmhR
-MVTQgA4hAWyCXc3c07zJ3YMiVMHBIGX3hiwEGhzgKtS8vQ7isW21StGLsMQlvUgt
-AjrVzzsacCSzuL+QZoZtZl3E7V/Mko0bKNeOz2ouoWTKxInlzget+b+zE39+1WZO
-T/X54gkCgYEAx5sI73letGuk9DOopwKLokj0Qdj3f5VRb3yJqbp3YkLTeayyRAwD
-3KY+NwSDGLqj/IcG5DN/ZtLbbhiI2F3oPcJG8QyVqmsfzF7aW3RaBBt6gFN6IdQ9
-SO0pS28bj3PVLqPqx3gXHZ3l9WRgj5mbl6yvoICiymMMKajOgKi0sTcCgYEA8o4j
-+0HFhxcLvPz8GCynSarMXaZe/mEImURq8ObH2KSgBogD5mCA3IHL4kQSiRyxNoAt
-crGr1idsR28UYfX4xprMp3okA9ujAw0hkiNhUh3jf3ZywvQXFkOoSbtwnfAFK83c
-CmHy+c4OL9BAXsHvhsRHDCVjfKupqJQwux+9HV0CgYB+FSMmyX6V7qzqiDsPC5+S
-Kg0IDvn/QB2Jk5wNdzhz/AxC/mA4dXJ3DRedfx8kHrj5CX3D5feixqxOtfay3VaW
-tEJFfxKG7FXQrVW2kR9PGuBdcN1jwwHXL992w78f9SYC6Q2jY+sODTA1umr4KipL
-O4xQkRDDUJ9dLUELqgVBLwKBgQC+/CLizQgOdZv9hCmvk0FppP3j44M6wwa1QAUA
-iIblU8LZQbHobSYp+l2iXL1HjvsOkeC3RaSrLEF7AcDH3Zi0MOFiIa9IBmIVnfpI
-Cmmv8e7Wx1pXnUCsfDt/SwLCqWI4+o/+8N8TySasiUqWEhhbQiM7Mhli6fvdzEmO
-ndAX1QKBgCKJA25iPkLKw4mFVxAaPIAZnenJXJpuHF9tGzjjcFfioGtvI/1mrePs
-PhwoO1qpjzY9brtf47l+vVMSY9KrA1LvudPvTqBtyjQvG5SqsWZSLuyJL30HKeFy
-hv9FCsGVcF6wu3S8wXaGC/H8kityxTqFgZQW5whl2D9axJavygKj
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+localhost-cert.pem b/contrib/docker-integration/nginx/ssl/registry-noca+localhost-cert.pem
deleted file mode 100644
index e753d93b4..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+localhost-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDjCCAfagAwIBAgIRAI0Dt8LVd8cJPc0dv5aW+wcwDQYJKoZIhvcNAQELBQAw
-JjERMA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE4MDUy
-MTIyNTcyN1oXDTI4MDgyNjIyNTcyN1owJzERMA8GA1UEChMIUXVpY2tUTFMxEjAQ
-BgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ANr32CUXFUCW1c2oPoHjq76T8jUTH/cxPiR5NabJ1y4gMCBko2rIe+TblW9UclxH
-911gjfpSAxFtNf+lX5kwmAMHhU8pcCc+Mjp3Ax9acFXSXvzzTDg+xj0NGig6OBk3
-jyPuO92lM8A4qs0mBZ/T04iLkawLmdRXViRoGK/T7Df8HN+hm7UsG0VO3GxFgSST
-YhhKTu6JMTADszbIFPOvBxGCUNhffXiLNyviO4AiBdcAv2v0SUadEPmSGm5Jb1DK
-tfKY0jWi1k1zNSqzit/bhML/EHbVkYJ00QmH50MBTunpz60gIgHjt48nzJarLDML
-oRFMppG9XIBQlUn3lo0gVwcCAwEAAaM2MDQwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IB
-AQAb388owui+O9vUle+A99FXwcMDEb0OILc0lBXVWx8q5ZE73vcanxyAcfOsZYRY
-Lh7G6VtJwC9xVjAdNwJ1gd+ak1l0/Rhs1V0JZ12/wOvAOQ7+9g2lRc1IedOh3EIh
-d3BMI4RdDB/BnnK3XjkggYQZK3yiAOavmmsZxAOl/apzjF+5u8XjuydMmotE2NYw
-IpM93zE5wWXqzYs/Kmyy7zAcHKfvq9xej/gMCFEvO6lopmwyslBLPpPNHwyfIVtA
-mspm2OZhdmpRJYGzkR4wK5NjoRl2O11uzlMRDckp0GSZ0x6TGxmb7ot5HK27p3ep
-6LPZM1wJIwuYHIP74eH0ctQP
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+localhost-key.pem b/contrib/docker-integration/nginx/ssl/registry-noca+localhost-key.pem
deleted file mode 100644
index e8c518655..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+localhost-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA2vfYJRcVQJbVzag+geOrvpPyNRMf9zE+JHk1psnXLiAwIGSj
-ash75NuVb1RyXEf3XWCN+lIDEW01/6VfmTCYAweFTylwJz4yOncDH1pwVdJe/PNM
-OD7GPQ0aKDo4GTePI+473aUzwDiqzSYFn9PTiIuRrAuZ1FdWJGgYr9PsN/wc36Gb
-tSwbRU7cbEWBJJNiGEpO7okxMAOzNsgU868HEYJQ2F99eIs3K+I7gCIF1wC/a/RJ
-Rp0Q+ZIabklvUMq18pjSNaLWTXM1KrOK39uEwv8QdtWRgnTRCYfnQwFO6enPrSAi
-AeO3jyfMlqssMwuhEUymkb1cgFCVSfeWjSBXBwIDAQABAoIBAGQMCf4oZdV1FYs5
-7BV86OPSxT/q1Rgkr7gKibEDWAYDPvoOAXywzarriYOsmfQADc3kZ/qPrkcwFxQP
-g3aC9XGs5gQdctj7WgfMiOiycdFEpZH9uD2asQkEC4eF0kvzTrukBkZnTRXuzlud
-m8RDDMu+uXhadJbIsNtBlMYBllSdS+LFxXcAYm+IsvTYzmwg4+bnjvOwMHO9SMSb
-1dfgOLkg/A++/GTjD/kUyCV5dc4lv2I0i2pXJkD2V0Dr6Yra1U/MRKcOwTGC2q/8
-hZuKm9DgvGXvZsG0+yT5fsexGRwTxmByvfj+QMF3LCTDCknD4d/mmEEX0EEGPlW2
-I7OgKEECgYEA/LkdwnXy7ymis1Rgjumc3ydcLoCqV3ExaxXrvO50EkRpgRX/TLEk
-j98iVYyksiaJuMhqnxNttT6GwWJvwIXFPP9WpIGmzi4GKyqYGEX4WbyPoY9hjt/G
-muR67cTXg6ssiSssUCoQnWIHyuGDJfzRWqnoei0dIA2GobOwFJtXeV0CgYEA3c6u
-utbNtmbyp17Jffx01ee8Wprhnoz7Nh/dJMLngpIx3i8qQqpFB8TPNUTu+GLgGcol
-n9BDzZszoVhsxybn7Lgm/OjS/jQL4hosFoqztThkg28L8UD7QB0TyCucwgk2lgOe
-VxyX25kNSXzxdCYaKr1+6g2gtBAb0zPj2E+5t7MCgYEAimoA6J6dHWwaVkmiUOOW
-LYprLHT/1sCCJnptEJ8xJ0gc2LxphWGH+txk+6H6GjCNQY1TCCkl7xx9xbDaMAGU
-E2Jt28++wjHm4wGDJ9g6uztRF1VmQ1BAgFkfEta6irzXuZDRxl4jl283gWCd6dJb
-/2ILl87ZotKFqE6347Fo6WkCgYEAyDNyMMALIzTelkUO1wFUL3If5yPeuy4C3IJ8
-J18oeQkdq66klVF8RxvT7v/ONjGAlqaHuSzQ1jbcrifS3xp1wYsh3asELl+pziXT
-X3FH7Sz+REep3tLJNMBKB6WdsuF//H09oOD1DEej342/nhd6DNPHRtiQEZZslwBC
-Cg9D0NMCgYEArNksPSQJSxXqxZsw17OTqQJnf3kNBI0SP9q6Wc8gN69r5YQcIHcr
-KgtfdiL4LawZFie6gcNu398ng7VYUzzkYR9j+G5qPetcqllQZeVc6cieUyR7Eul0
-WvtlUECCfweLFUsIhuHyEsGu1PrFYd98SlOzt24utguFss1539cEC3A=
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-cert.pem b/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-cert.pem
deleted file mode 100644
index 9aeeeffd3..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDFTCCAf2gAwIBAgIQTyBNJlm7fS0yutwdLbhG9zANBgkqhkiG9w0BAQsFADAm
-MREwDwYDVQQKEwhRdWlja1RMUzERMA8GA1UEAxMIUXVpY2tUTFMwHhcNMTgwNTIx
-MjI1NzI4WhcNMjgwODI2MjI1NzI4WjArMREwDwYDVQQKEwhRdWlja1RMUzEWMBQG
-A1UEAxMNbG9jYWxyZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANSMT7auGdwF63fFdQM9O/EqrX++gnuBQgFa4cZzC7GqsvS90uKTOLuWIA2U
-ehgF548EDkZu1z6nRAvoFh5L6B5f1VjiVknzLEPlR+5uPD22kbcxgCrMCRZn+5mK
-vJhTUpx18yeBXMhxtPhkGnKaKwGcgeW8O69KM7Mo4HBQqg5656pa+4wkUo7GX2v0
-R4ZqmrS1tlwOgpld8KZKVJ1FNyGEeKQkIYGJKHqgC2/JrXsbzuSZ/4pqf8BHc6Mb
-AHU85RlBFVDHFPMtQ7Rg1vrhYzgInKeqXtc2kEAe63nqyYyHxPOUd3vIQX/N4tdB
-aH41ffs68Pdtp9GeocTiYyj7KuUCAwEAAaM6MDgwDgYDVR0PAQH/BAQDAgWgMAwG
-A1UdEwEB/wQCMAAwGAYDVR0RBBEwD4INbG9jYWxyZWdpc3RyeTANBgkqhkiG9w0B
-AQsFAAOCAQEAkjfZvcd5WysbfqGfhPErG7ADWAFJ1bsIDlHVUaEn2/Asr68iJpfF
-fqb0fhBkBExPhiLDS+jmL1L86QRNIgyM+7zGCCagKJkl9uNBGXPdS6KxZtY8W8rV
-bF/GIYnYUL5pnyrhX4pH2ZnDJpKIAJl8CAZ1VHwErQ5VqnJAX/gGO/eKgiyCciZv
-WmmQkhcOo60FwLW+Wi9sLOYD+YAT+VnFrGfak/SDfT78wrmmfg5v05tvFXgJaZLh
-JSxRET9D5iT3DIxb+m5GyQAqIH1djh02ybrPJ9j6/+qRQDojIe5qJUL90qIvhwO+
-aSbIL/p+I6//AUMWJvcR7GbXy3xywgmaYw==
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-key.pem b/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-key.pem
deleted file mode 100644
index 4b6894eee..000000000
--- a/contrib/docker-integration/nginx/ssl/registry-noca+localregistry-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1IxPtq4Z3AXrd8V1Az078Sqtf76Ce4FCAVrhxnMLsaqy9L3S
-4pM4u5YgDZR6GAXnjwQORm7XPqdEC+gWHkvoHl/VWOJWSfMsQ+VH7m48PbaRtzGA
-KswJFmf7mYq8mFNSnHXzJ4FcyHG0+GQacporAZyB5bw7r0ozsyjgcFCqDnrnqlr7
-jCRSjsZfa/RHhmqatLW2XA6CmV3wpkpUnUU3IYR4pCQhgYkoeqALb8mtexvO5Jn/
-imp/wEdzoxsAdTzlGUEVUMcU8y1DtGDW+uFjOAicp6pe1zaQQB7reerJjIfE85R3
-e8hBf83i10FofjV9+zrw922n0Z6hxOJjKPsq5QIDAQABAoIBAQCLj3Xn5XllVx29
-jxG+Br8NI5C4iEb1AXJtoVcODwxmpEbNHLcTvsdJpNF3GT7x9y6MYYVeCfmbUgkE
-KGgdjInlJ9fWfQdblyhBjJMmo4s6ml4jg4U8lKyC4dP6hXZALrXXtjrqfa6GjuLd
-Fh2nkkMa08EXL/mgp4A662QzW0POLQIo1lMJc49FFPrVQneLedUdsJDowNz/HU/q
-oD4/SsKw6inUh/A1MfSKvEhnJcVH4fiQhFQU5CdSzAHPmAYcoBeg6LjY+WScJAAs
-Hu5kgunbCsB5vw9WbFDQzM1HYtW1CvJj1cjNp662b06D7VQugjtawhHNImkq1/65
-H2ZTglchAoGBAPu0OX3tEvtic4f8VLRv/TeI9NSC3EgRAtIDncDo+nwVjR54AXID
-aePceImGUsDd5xfLuQTiYp50z0cEB5CGsWYbnjm0hliF8YXz/tpqi0V0Cr8fLLA8
-/jG3tajbZ8xu/3p1iEcIPevYT/44bjbOyDp5peQIHhr32LZ1gZfQDRt7AoGBANgt
-AIid1rPIyEzhhznpWVjw/ZIrtgaP0HDgKaUUCsEqEDoOJEaFS7WG4G7m8/iS4f8v
-XGgcoYf4TjfIwYtRQy2Bp9g4oOMiUbQKukF1DuFJpsw69y3hNNoZoUm7r2jpv3Q8
-/NY+O+BNaTVdmbOjNHmKo99MYGh1cPUPVGxuP1UfAoGBAOJ9fe5OUfJa2NLYv+/N
-hfFfD8/aIRXIGN2Z224nNp5JVj7AhaxuXe5oCR7W+8gI5VWIP+ihPVSQj6O7gIMQ
-cLkMyQfr5afqfzamJAGuNbw9ex4Xk0LS33klchWLuI9Aoiszb3lbdTyv3OtJJAO1
-dn8Hz7qtg0mJFDy65+4PjHvZAoGAXtKmmEZ75hKdYbPPiCSGT5At+g74Yjp1GP4K
-5mE7Mm3L/lszqEdR5UdLbPobbB6pyTCyHOzqIeVWEfwagYzcpbposFxunhLwucO2
-3X2GUGXpJ056HALcFwsFB32vPJrDoy4ZTbSwuPvbuU/cWsKtAt9AcHNlGozhRm05
-//IAD8sCgYAUs6ibNtUqCFjekr10FBGFuA2ZQg+9bQYw3ti+S6uFMsxIDqYRC2bG
-yvKhEYym/W7RwfzPWjGzuvFbZWzJnnb81WLfcI4DnrJe3h8THlnaBQhcsEObu84O
-XS/sYeVo5c6l0kTNp0I8vXbn05bExZlsLAIICMTsm5bSQZI/iCRyEw==
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/nginx/test.passwd b/contrib/docker-integration/nginx/test.passwd
deleted file mode 100644
index 4e55de816..000000000
--- a/contrib/docker-integration/nginx/test.passwd
+++ /dev/null
@@ -1 +0,0 @@
-testuser:$apr1$YmLhHjm6$AjP4z8J1WgcUNxU8J4ue5.
diff --git a/contrib/docker-integration/nginx/v1/search.json b/contrib/docker-integration/nginx/v1/search.json
deleted file mode 100644
index 3da8f1adb..000000000
--- a/contrib/docker-integration/nginx/v1/search.json
+++ /dev/null
@@ -1 +0,0 @@
-{"num_pages":1,"num_results":2,"page":1,"page_size": 25,"query":"testsearch","results":[{"description":"","is_automated":false,"is_official":false,"is_trusted":false, "name":"dmcgowan/testsearch-1","star_count":1000},{"description":"Some automated build","is_automated":true,"is_official":false,"is_trusted":false,"name":"dmcgowan/testsearch-2","star_count":10}]}
diff --git a/contrib/docker-integration/plugins.bats b/contrib/docker-integration/plugins.bats
deleted file mode 100644
index faeae0a74..000000000
--- a/contrib/docker-integration/plugins.bats
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/usr/bin/env bats
-
-# This tests pushing and pulling plugins
-
-load helpers
-
-user="testuser"
-password="testpassword"
-base="hello-world"
-
-#TODO: Create plugin image
-function create_plugin() {
- plugindir=$(mktemp -d)
-
- cat - > $plugindir/config.json < /dev/null; do
- (( tries-- ))
- if [ $tries -le 0 ]; then
- echo >&2 "error: daemon failed to start"
- exit 1
- fi
- sleep 1
- done
-
- trap "kill $DOCKER_PID" EXIT
-fi
-
-distimage=$(docker build -q $DIR/../..)
-fullversion=$(git describe --match 'v[0-9]*' --dirty='.m' --always)
-distversion=${fullversion:1}
-
-echo "Testing image $distimage with distribution version $distversion"
-
-# Pull needed images before invoking golem to get pull time
-# These images are defined in golem.conf
-time docker pull nginx:1.9
-time docker pull golang:1.6
-time docker pull dmcgowan/token-server:simple
-time docker pull dmcgowan/token-server:oauth
-time docker pull distribution/golem-runner:0.1-bats
-
-time docker pull docker:1.9.1-dind
-time docker pull docker:1.10.3-dind
-time docker pull docker:1.11.1-dind
-time docker pull docker:1.12.3-dind
-time docker pull docker:1.13.0-rc5-dind
-
-golem -cache $cachedir \
- -i "golem-distribution:latest,$distimage,$distversion" \
- -i "golem-dind:latest,docker:1.9.1-dind,1.9.1" \
- -i "golem-dind:latest,docker:1.10.3-dind,1.10.3" \
- -i "golem-dind:latest,docker:1.11.1-dind,1.11.1" \
- -i "golem-dind:latest,docker:1.12.3-dind,1.12.3" \
- -i "golem-dind:latest,docker:1.13.0-rc5-dind,1.13.0" \
- $DIR
-
diff --git a/contrib/docker-integration/tls.bats b/contrib/docker-integration/tls.bats
deleted file mode 100644
index fdd6c1769..000000000
--- a/contrib/docker-integration/tls.bats
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/env bats
-
-# Registry host name, should be set to non-localhost address and match
-# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
-
-load helpers
-
-hostname="localregistry"
-base="hello-world"
-image="${base}:latest"
-
-# Login information, should match values in nginx/test.passwd
-user=${TEST_USER:-"testuser"}
-password=${TEST_PASSWORD:-"passpassword"}
-
-function setup() {
- tempImage $image
-}
-
-@test "Test valid certificates" {
- docker_t tag $image $hostname:5440/$image
- run docker_t push $hostname:5440/$image
- [ "$status" -eq 0 ]
- has_digest "$output"
-}
-
-@test "Test basic auth" {
- basic_auth_version_check
- login $hostname:5441
- docker_t tag $image $hostname:5441/$image
- run docker_t push $hostname:5441/$image
- [ "$status" -eq 0 ]
- has_digest "$output"
-}
-
-@test "Test basic auth with build" {
- basic_auth_version_check
- login $hostname:5441
-
- image1=$hostname:5441/$image-build
- image2=$hostname:5441/$image-build-2
-
- tempImage $image1
-
- run docker_t push $image1
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- docker_t rmi $image1
-
- run build $image2 $image1
- echo $output
- [ "$status" -eq 0 ]
-
- run docker_t push $image2
- echo $output
- [ "$status" -eq 0 ]
- has_digest "$output"
-}
-
-@test "Test TLS client auth" {
- docker_t tag $image $hostname:5442/$image
- run docker_t push $hostname:5442/$image
- [ "$status" -eq 0 ]
- has_digest "$output"
-}
-
-@test "Test TLS client with invalid certificate authority fails" {
- docker_t tag $image $hostname:5443/$image
- run docker_t push $hostname:5443/$image
- [ "$status" -ne 0 ]
-}
-
-@test "Test basic auth with TLS client auth" {
- basic_auth_version_check
- login $hostname:5444
- docker_t tag $image $hostname:5444/$image
- run docker_t push $hostname:5444/$image
- [ "$status" -eq 0 ]
- has_digest "$output"
-}
-
-@test "Test unknown certificate authority fails" {
- docker_t tag $image $hostname:5445/$image
- run docker_t push $hostname:5445/$image
- [ "$status" -ne 0 ]
-}
-
-@test "Test basic auth with unknown certificate authority fails" {
- run login $hostname:5446
- [ "$status" -ne 0 ]
- docker_t tag $image $hostname:5446/$image
- run docker_t push $hostname:5446/$image
- [ "$status" -ne 0 ]
-}
-
-@test "Test TLS client auth to server with unknown certificate authority fails" {
- docker_t tag $image $hostname:5447/$image
- run docker_t push $hostname:5447/$image
- [ "$status" -ne 0 ]
-}
-
-@test "Test failure to connect to server fails to fallback to SSLv3" {
- docker_t tag $image $hostname:5448/$image
- run docker_t push $hostname:5448/$image
- [ "$status" -ne 0 ]
-}
-
diff --git a/contrib/docker-integration/token.bats b/contrib/docker-integration/token.bats
deleted file mode 100644
index fb7adc748..000000000
--- a/contrib/docker-integration/token.bats
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/usr/bin/env bats
-
-# This tests contacting a registry using a token server
-
-load helpers
-
-user="testuser"
-password="testpassword"
-base="hello-world"
-
-@test "Test token server login" {
- login localregistry:5554
-}
-
-@test "Test token server bad login" {
- docker_t_login -u "testuser" -p "badpassword" localregistry:5554
- [ "$status" -ne 0 ]
-
- docker_t_login -u "baduser" -p "testpassword" localregistry:5554
- [ "$status" -ne 0 ]
-}
-
-@test "Test push and pull with token auth" {
- login localregistry:5555
- image="localregistry:5555/testuser/token"
- build $image "$base:latest"
-
- run docker_t push $image
- echo $output
- [ "$status" -eq 0 ]
-
- docker_t rmi $image
-
- docker_t pull $image
-}
-
-@test "Test push and pull with token auth wrong namespace" {
- login localregistry:5555
- image="localregistry:5555/notuser/token"
- build $image "$base:latest"
-
- run docker_t push $image
- [ "$status" -ne 0 ]
-}
-
-@test "Test oauth token server login" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
-
- login_oauth localregistry:5557
-}
-
-@test "Test oauth token server bad login" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
-
- docker_t_login -u "testuser" -p "badpassword" -e $email localregistry:5557
- [ "$status" -ne 0 ]
-
- docker_t_login -u "baduser" -p "testpassword" -e $email localregistry:5557
- [ "$status" -ne 0 ]
-}
-
-@test "Test oauth push and pull with token auth" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
-
- login_oauth localregistry:5558
- image="localregistry:5558/testuser/token"
- build $image "$base:latest"
-
- run docker_t push $image
- echo $output
- [ "$status" -eq 0 ]
-
- docker_t rmi $image
-
- docker_t pull $image
-}
-
-@test "Test oauth push and build with token auth" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
-
- login_oauth localregistry:5558
- image="localregistry:5558/testuser/token-build"
- tempImage $image
-
- run docker_t push $image
- echo $output
- [ "$status" -eq 0 ]
- has_digest "$output"
-
- docker_t rmi $image
-
- image2="localregistry:5558/testuser/token-build-2"
- run build $image2 $image
- echo $output
- [ "$status" -eq 0 ]
-
- run docker_t push $image2
- echo $output
- [ "$status" -eq 0 ]
- has_digest "$output"
-
-}
-
-@test "Test oauth push and pull with token auth wrong namespace" {
- version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
-
- login_oauth localregistry:5558
- image="localregistry:5558/notuser/token"
- build $image "$base:latest"
-
- run docker_t push $image
- [ "$status" -ne 0 ]
-}
-
-@test "Test oauth with v1 search" {
- version_check docker "$GOLEM_DIND_VERSION" "1.12.0"
-
- run docker_t search localregistry:5600/testsearch
- [ "$status" -ne 0 ]
-
- login_oauth localregistry:5600
-
- run docker_t search localregistry:5600/testsearch
- echo $output
- [ "$status" -eq 0 ]
-
- echo $output | grep "testsearch-1"
- echo $output | grep "testsearch-2"
-}
diff --git a/contrib/docker-integration/tokenserver-oauth/.htpasswd b/contrib/docker-integration/tokenserver-oauth/.htpasswd
deleted file mode 100644
index 0bbf57400..000000000
--- a/contrib/docker-integration/tokenserver-oauth/.htpasswd
+++ /dev/null
@@ -1 +0,0 @@
-testuser:$2y$05$T2MlBvkN1R/yICNnLuf1leOlOfAY0DvybctbbWUFKlojfkShVgn4m
diff --git a/contrib/docker-integration/tokenserver-oauth/Dockerfile b/contrib/docker-integration/tokenserver-oauth/Dockerfile
deleted file mode 100644
index 5b607132a..000000000
--- a/contrib/docker-integration/tokenserver-oauth/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM dmcgowan/token-server@sha256:5a6f76d3086cdf63249c77b521108387b49d85a30c5e1c4fe82fdf5ae3b76ba7
-
-WORKDIR /
-
-COPY ./.htpasswd /.htpasswd
-COPY ./certs/auth.localregistry.cert /tls.cert
-COPY ./certs/auth.localregistry.key /tls.key
-COPY ./certs/signing.key /sign.key
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.cert b/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.cert
deleted file mode 100644
index 4144ca168..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDHDCCAgagAwIBAgIRAKhhQMnqZx+hkOmoUYgPb+kwCwYJKoZIhvcNAQELMCYx
-ETAPBgNVBAoTCFF1aWNrVExTMREwDwYDVQQDEwhRdWlja1RMUzAeFw0xNjAxMjgw
-MDQyMzFaFw0xOTAxMTIwMDQyMzFaMDAxETAPBgNVBAoTCFF1aWNrVExTMRswGQYD
-VQQDExJhdXRoLmxvY2FscmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQD1tUf1EghBlIRrE83yF4zDgRu7vH2Jo0kygKJUWtQQe+DfXyjjE/fg
-FdKnnoEjsIeF9hxNbTt0ldDz7/n97pbMhoiXULi9iq4jlgSzVL2XEAgrON0YSY/c
-Lmmd1KSa/pOUZr2WMAYPZ+FdQfE1W7SMNbErPefBqYdFzpZ+esAtvbajYwIjl8Vy
-9c4bidx4vgnNrR9GcFYibjC5sj8syh/OtbzzqiVGT8YcPpmMG6KNRkausa4gqpon
-NKYG8C3WDaiPCLYKcvFrFfdEWF/m2oj14eXACXT9iwp8r4bsLgXrZwqcpKOWfVRu
-qHC8aV476EYgxWCAOANExUdUaRt5wL/jAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIA
-oDAMBgNVHRMBAf8EAjAAMB0GA1UdEQQWMBSCEmF1dGgubG9jYWxyZWdpc3RyeTAL
-BgkqhkiG9w0BAQsDggEBABxPGK9FdGDxcLowNsExKnnZvmQT3H0u+Dux1gkp0AhH
-KOrmx3LUENUKLSgotzx133tgOgR5lzAWVFy7bhLwlPhOslxf2oEfztsAMd/tY8rW
-PrG2ZqYqlzEQQ9INbAc3woo5A3slN07uhP3F16jNqoMM4zRmw6Ba70CluGKT7x5+
-xVjKoWITLjWDXT5m35PnsN8CpBaFzXYcod/5p9XwCFp0s+aNxfpZECCV/3yqIr+J
-ALzroPh43FAlG96o4NyYZ2Msp63newN19R2+TgpV4nXuw2mLVDpvetP7RRqnpvj/
-qwRgt5j4hFjJWb61M0ELL7A9fA71h1ImdGCvnArdBQs=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.key b/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.key
deleted file mode 100644
index 4c499bb21..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/auth.localregistry.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA9bVH9RIIQZSEaxPN8heMw4Ebu7x9iaNJMoCiVFrUEHvg318o
-4xP34BXSp56BI7CHhfYcTW07dJXQ8+/5/e6WzIaIl1C4vYquI5YEs1S9lxAIKzjd
-GEmP3C5pndSkmv6TlGa9ljAGD2fhXUHxNVu0jDWxKz3nwamHRc6WfnrALb22o2MC
-I5fFcvXOG4nceL4Jza0fRnBWIm4wubI/LMofzrW886olRk/GHD6ZjBuijUZGrrGu
-IKqaJzSmBvAt1g2ojwi2CnLxaxX3RFhf5tqI9eHlwAl0/YsKfK+G7C4F62cKnKSj
-ln1UbqhwvGleO+hGIMVggDgDRMVHVGkbecC/4wIDAQABAoIBAQCrsjXKRwOF8CZo
-PLqZBWPT6hBbK+f9miC4LbNBhwbRTf9hl7mWlImOCTHe95/+NIk/Ty+P21jEqzwM
-ehETJPoziX9BXaL6sEHnlBlMx1aEjStoKKA3LJBeqAAdzk4IEQVHmlO4824IreqJ
-pF7Njnunzo0zTlr4tWJVoXsAfv5z9tNtdkxYBbIa0fjfGtlqXU3gLq58FCON3mB/
-NGc0AyA1UFGp0FzpdEcwTGD4InsXbcmsl2l/VPBJuZbryITRqWs6BbK++80DRhNt
-afMhP+IzKrWSCp0rBYrqqz6AevtlKdEfQK1yXPEjN/63QLMevt8mF/1JCp//TQnf
-Z6bIQbAhAoGBAP7vFA0PcvoXt9MXvvAwrKY1s6pNw4nWPG27qY1/m+DkBwP8IQms
-4AWGv1wscZzXJYTvaLO5/qjmGUj50ohcVEvyZJioh1pKXA8Chxvd6rBA/O/Lj5E0
-3MOSA5Q0gxJ0Mhv0zGbbyN5fY8D8zhxoqQP4LoW+UdZG2Oi6JxsQ9c9dAoGBAPa8
-U3bGuM5OGA9EWP7mkB/VnjDTL1aEIN3cOHbHIKwH/loxdYcNMBE7vwxV1CzgIzXT
-wsL0iE15fQdK938u0+um8aH5QtbWNI8tdk1XVjEC/i3C7N6WVUutneCKUDb4QxiB
-9OvWCbNNiN+xTKBBM93YlwO3GYfrW9Pmm9q1+hg/AoGBALJlUS22gun50PxaIJZq
-KVcCO2DQnCYHki/j48mN4+HjD/m85M2lePrFCYIR48syTyIQer9SR5+frVAA6k/b
-9G1VCQo+3MDVSkiCp1Nb3tBKGfYgB65ARMBinDiI6rPuNeaUTrkn0g+yxtaU0hLV
-Nnj9omia/x+oYj+xjI4HN0xNAoGARy92dSJIV104m88ATip/EnAzP6ruUWu1f8z1
-jW9OAdQckjEK03f+kjpGmGx61qekAPejjVO3r4KJi/0ZAtyjz61OsYiUvB748wYO
-x6mW+HUAmHtQk7eTzE2+6vV8xx9BXGTCIPiTu+N2xfMFRIcLS8odZ7j/6LMCv1Qd
-SzCNg0kCgYBaNlEs4pK1VxZZpEWwVmFpgIxfEfxLIaGrek6wBTcCn/VA2M0oHuez
-mlMio8VY0yWPBJz30JflDiTmYIvteLPMHT0N0J6isiXLhzJSFI4+cAMLE2Q5v8rz
-W+W5/L8YZeierW0qJat1BrgStaf5ZLpiOc9pKBSwycydPH5BfVdK/A==
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/ca.pem b/contrib/docker-integration/tokenserver-oauth/certs/ca.pem
deleted file mode 100644
index 0b585b3f2..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/ca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC9TCCAd+gAwIBAgIQNS9SaFSFBN7Zvwjalrf2DDALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE2MDEyODAw
-NDIzMFoXDTE5MDExMjAwNDIzMFowJjERMA8GA1UEChMIUXVpY2tUTFMxETAPBgNV
-BAMTCFF1aWNrVExTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Pf
-fQ7VUTSXs12PRyrLDVDz7kPDbGNTt0vF7FYDmTTGOU3i62xZNOGuxBezAiVSV5A3
-lopwsv4OH7DRtSaPn+XCt1JDALna2WrjT0MshypMd5o2c3jmGUfAKf5gjizgIoEl
-d4e5aqEBuOQP+QCEde+8p8N1buQW+zMy9srM2O/7BFMIaQ07CWLlj3hIiF+L5rKD
-L6dWtKT7INRmRwpuZZnThEWnBSNgayrWek6G0i3y8QYTfVA1SwA+H3grJxy5NrLp
-GYXSmu2509mu0QAHhx05t1rJhwhFz/4sG7j8AggYeDXEqfQ/VIb/bvnW9bD+vrQ2
-ZnICvxnzNMYBx23BkQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAKQwDwYDVR0TAQH/
-BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBALvTi6E44Fltu83dFLVEj0kLtusI/TTH
-Tw6upoB5pRG+7A75w0Ii8bvvd2tNpBOg+L+80xyIFqaNkXhLKTN4lgtd7WiCuyb/
-w1BEuF/+RjCXhu6wQ/63ab46d6ctaQ1zjxlU2rQLQXQFALI8ntyn/TELc01HYkr2
-x3NHlbnBNlgI2CKXPeUBzvBylTCcdYGwoa+2ZPdIsFjle2aCIBoZ+WNZlIbFwgLh
-XCHwcbviC+thjqOneJpJZmRW9AxQ638ki6iGItdrJewCN/1dcL2KKjxnC5VHbpne
-SOjEPNXihY08Brl8myhFNtRRKZ55MJIYzDtVQSkCaT91Q3XX9tSZadY=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/localregistry.cert b/contrib/docker-integration/tokenserver-oauth/certs/localregistry.cert
deleted file mode 100644
index 105acc4f3..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/localregistry.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDETCCAfugAwIBAgIQN7rT95eAy75c4n6/AsDJODALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE2MDEyODAw
-NDIzMloXDTE5MDExMjAwNDIzMlowKzERMA8GA1UEChMIUXVpY2tUTFMxFjAUBgNV
-BAMTDWxvY2FscmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDLi75QEkl/qekcoOJlNv9y1IXvrbU2ssl4ViJiZRjWx+/CkyCCOyf9YUpAgRLr
-Pskqde2mwhuNP8yBlOBb17Sapz7N3+hJi5j9vLBAFcamPeF3PqxjFv7j5TKkRmSI
-dFYQclREwMUd3qEH322KkqOnsEEfdmCgFqWORe+QR5AxzxQP3Pnd4OYH1yZCh0MQ
-P2pJgrxxf2I5I/m1AUgoHV1cdBbCv9LGohJPpMtwPC0dJpgMFcnf6hT37At236AY
-V437HiRruY7iPWkYFrSPWpwdslJ32MZvRN5RS163jZXjiZ7qWnQOiiDJfXe4evB/
-yQLN4m0qVQxsMz7rkY7OsqaXAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIAoDAMBgNV
-HRMBAf8EAjAAMBgGA1UdEQQRMA+CDWxvY2FscmVnaXN0cnkwCwYJKoZIhvcNAQEL
-A4IBAQAyUb3EuMaOylBeV8+4KeBiE4lxykDOwLLSk3jXRsVVtfJpX3v8l5vwo/Jf
-iG8tzzz+7uiskI96u3TsekUtVkUxujfKevMP+369K/59s7NRmwwlFMyB2fvL14B2
-oweVjWvM/8fZl6irtFdbJFXXRm7paKso5cmfImxhojAwohgcd4XTVLE/7juYa582
-AaBdRuIiyL71MU9qa1mC5+57AaSLPYaPKpahemgYYkV1Z403Kd6rXchxdQ8JIAL8
-+0oYTSC+svnz1tUU/V5E5id9LQaTmDN5iIVFhNpqAaZmR45UI86woWvnkMb8Ants
-4aknwTwY3300PuTqBdQufvOFDRN5
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/localregistry.key b/contrib/docker-integration/tokenserver-oauth/certs/localregistry.key
deleted file mode 100644
index cb69a0f3e..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/localregistry.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAy4u+UBJJf6npHKDiZTb/ctSF7621NrLJeFYiYmUY1sfvwpMg
-gjsn/WFKQIES6z7JKnXtpsIbjT/MgZTgW9e0mqc+zd/oSYuY/bywQBXGpj3hdz6s
-Yxb+4+UypEZkiHRWEHJURMDFHd6hB99tipKjp7BBH3ZgoBaljkXvkEeQMc8UD9z5
-3eDmB9cmQodDED9qSYK8cX9iOSP5tQFIKB1dXHQWwr/SxqIST6TLcDwtHSaYDBXJ
-3+oU9+wLdt+gGFeN+x4ka7mO4j1pGBa0j1qcHbJSd9jGb0TeUUtet42V44me6lp0
-DoogyX13uHrwf8kCzeJtKlUMbDM+65GOzrKmlwIDAQABAoIBAF6vFMp+lz4RteSh
-Wm8m1FGAVwWVUpStOlcGClynFpTi0L88XYT3K7UMStQSttBDlqRv0ysdZF+ia+lj
-bbKLdvHyFp8CJzX/AB4YZgyJlKzEYFtuBhbaHZu5hIMyU5W+OELSTCznV0p7w4C8
-CGLLr+FTdhfCo1QU9NJn6fa9s2/XRdSClBBalAHYs0ZS7ZckaF/sPiC/VapfBMet
-qjJXNYiO6pXYriGWKF9zdAMfk2CM0BVWbnwQZkMSEQirrTcJwm3ezyloXCv2nywK
-/VzbUT1HJVyzo5oAwTd0MwDc2oEMiFzlfO028zY4LDltpia+SyWvFi5NaIqzFESc
-yLgJacECgYEA3jvH+ZQHQf42Md8TCciokaYvwWIKJdk4WRjbvE5cBZekyXAm7/3b
-/1VFDKsy2RPlfmfHP3wy9rlnjzsRveB5qaclgS8aI67AYsWd/yRgfRatl7Ve9bHl
-LY6VM5L/DZTxykcqivwjc77XoDuBfUKs6tyuSLQku+FOTbLtNYlUCHECgYEA6nkR
-lkXufyLmDhNb3093RsYvPcs1kGaIIGTnz3cxWNh485DgsyLBuYQ5ugupQkzM8YSt
-ohDTmVpggqjlXQxCg0Zw8gkEV0v8KsLGjn1CuTJg/mBArXlelq1FEeRAYC9/YfOz
-ocXegHV7wDKKtcraNZFsEc7Z0LwbC9wtzSFG44cCgYASkMX1CLPOhJE8e1lY0OWc
-PVjx++HDJbF6aAQ7aARyBygiF/d4xylw3EvHcinuTqY2eC8CE7siN3z6T0H9Ldqc
-HLWaZDf30SqLVd0MKprQ+GsKKIHFXtY5hxbZ1ybtmIrWjjl0oPnJOqFC5pW7xC0z
-9bmtozcKZxkmjpMYjN9zUQKBgQCqV6KLRerqunPgLfhE1/qTlE+l2QflDFhBEI3I
-j5NuNHZKnSphehK7sHAv1WD2Jc2OeRGb+BWCB8Ktqf5YBxwbOwW7EQnyUeW1OyP9
-SMs8uHj21P6oCNDLLr5LLUQHnPoyM1aBZLstICzziMR1JhY5bJjSpzBfEQmlKCSu
-LkrN6QKBgQCRXrBJRUxeJj7wCnCSq0Clf9NhCpQnwo4bEx8sKlj8K8ku8MvwQwoM
-3KfWc7bOl6A2/mM/k4yoHtBMM9X9xqYtsgeFhxuiWBcfTmTxWh73LQ48Kgbrgodt
-6yTccnjr7OtBidD85c6lgjAUgcL43QY8mlw0OhzXAZ2R5HWFp4ht+w==
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/signing.cert b/contrib/docker-integration/tokenserver-oauth/certs/signing.cert
deleted file mode 100644
index 45166f2d8..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/signing.cert
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC9TCCAd+gAwIBAgIRAJ6IIisIZxL86oe3oeoAgWUwCwYJKoZIhvcNAQELMCYx
-ETAPBgNVBAoTCFF1aWNrVExTMREwDwYDVQQDEwhRdWlja1RMUzAeFw0xNjAxMjgw
-MDQyMzNaFw0xOTAxMTIwMDQyMzNaMBMxETAPBgNVBAoTCFF1aWNrVExTMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IXUwqSdO2QTj2ET6fJPGe+KWVnt
-QCQQWjkWVpOz8L2A29BRvv9z6lYNf9sOM0Xb5IUAgoZ/s3U6LNYT/RWYFBfeo40r
-Xd/MNKAn0kFsSb6BIKmUwPqFeqc8wiPX6yY4SbF1sUTkCTkw3yFHg/AIlwmhpFH3
-9mAmV+x0kTzFR/78ZDD5CUNS59bbu+7UqB06YrJuVEwPY98YixSPXTcaKimsUe+K
-IY8FQ6yN6l27MK56wlj4hw2gYz+cyBUBCExCgYMQlOSg2ilH4qYyFvccSDUH7jTA
-NwpsIBfdoUVbI+j2ivn+ZGD614LtIStGgUu0mDDVxVOWnRvq/z7LMaa2jwIDAQAB
-ozUwMzAOBgNVHQ8BAf8EBAMCAKAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0T
-AQH/BAIwADALBgkqhkiG9w0BAQsDggEBAJq3JzTLrIWCF8rHLTTm1icE9PjOO0sV
-a1wrmdJ6NwRbJ66dLZ/4G/NZjVOnce9WFHYLFSEG+wx5YVUPuJXpJaSdy0h8F0Uw
-hiJwgeVsGg7vcf4G6mWHrsauDOhylnD31UtYPX1Ao/jcntyyf+gCQpY1J/B8l1yU
-LNOwvWLVLpZwZ4ehbKA/UnDXgA+3uHvpzl//cPe0cnt+Mhrgzk5mIMwVR6zCZw1G
-oVutAHpv2PXxRwTMu51J+QtSL2b2w3mGHxDLpmz8UdXOtkxdpmDT8kIOtX0T5yGL
-29F3fa81iZPs02GWjSGOfOzmCCvaA4C5KJvY/WulF7OOgwvrBpQwqTI=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver-oauth/certs/signing.key b/contrib/docker-integration/tokenserver-oauth/certs/signing.key
deleted file mode 100644
index 475625402..000000000
--- a/contrib/docker-integration/tokenserver-oauth/certs/signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA3IXUwqSdO2QTj2ET6fJPGe+KWVntQCQQWjkWVpOz8L2A29BR
-vv9z6lYNf9sOM0Xb5IUAgoZ/s3U6LNYT/RWYFBfeo40rXd/MNKAn0kFsSb6BIKmU
-wPqFeqc8wiPX6yY4SbF1sUTkCTkw3yFHg/AIlwmhpFH39mAmV+x0kTzFR/78ZDD5
-CUNS59bbu+7UqB06YrJuVEwPY98YixSPXTcaKimsUe+KIY8FQ6yN6l27MK56wlj4
-hw2gYz+cyBUBCExCgYMQlOSg2ilH4qYyFvccSDUH7jTANwpsIBfdoUVbI+j2ivn+
-ZGD614LtIStGgUu0mDDVxVOWnRvq/z7LMaa2jwIDAQABAoIBAD2tiNZv6DImSXo+
-sq0qQomEf/OBvWPFMnWppd/NK/TXa+UPHO4I0MjoDJqIEC6zCU+fC4d2St1MmlrT
-/X85vPFRw8mGwGxfHeRSLxEVj04I5GDYTWy0JQUrJUk/cTKp2/Bwm/RaylTyFAM0
-caYrSpvD69vjuTDFr7PDxM6iaqM53zK/vD8kCe81z+wN0UbAKsLlUOKztjH6SzL9
-uVOkekIT/j3L2xxyQhjmhfA3TuCP4uNK/+6/4ovl9Nj4pQsFomsCk4phgqy9SOm1
-4yufmVd8k7J3cppMlMPNc+7tqe2Xn593Y8QT95y3yhtkFECF70yBw64HMDDpA22p
-5b/JV9ECgYEA9H4RBXOwbdjcpCa9H3mFjHqUQCqNme1vOSGiflZh9KBCDKgdqugm
-KHpvAECADie0p6XRHpxRvufKnGFkJwedfeiKz51T+0dqgPxWncYT1TC+cAjOSzfM
-wBpUOcAyvTTviwGbg4bLanHo4remzCbcnRvHQX4YfPFCjT9GhsU+XEUCgYEA5ubz
-IlSu1wwFJpoO24ZykGUyqGUQXzR0NrXiLrpF0764qjmHyF8SPJPv1XegSxP/nUTz
-SjVfJ7wye/X9qlOpBY8mzy9qQMMKc1cQBV1yVW8IRZ7pMYQZO7qmrZD/DWTa5qWt
-pqSbIH2FKedELsKJA/SBtczKjspOdDKyh0UelsMCgYA7DyTfc0XAEy2hPXZb3wgC
-mi2rnlvcPf2rCFPvPsCkzf2GfynDehaVmpWrsuj8Al1iTezI/yvD+Mv5oJEH2JAT
-tROq+S8rOOIiTFJEBHAQBJlMCOSESPNdyD5mQOZAzEO9CWNejzYd/WwrL//Luut5
-zBcC3AngTIsuAYXw0j6xHQKBgQDamkAJep7k3W5q82OplgoUhpqFLtlnKSP1QBFZ
-J+U/6Mqv7jONEeUUEQL42H6bVd2kqUikMw9ZcSVikquLfBUDPFoDwOIZWg4k0IJM
-cgHyvGHad+5SgLva/oUawbGWnqtXvfc/U4vCINPXrimxE1/grLW4xp/mu8W24OCA
-jIG/PQKBgD/Apl+sfqiB/6ONBjjIswA4yFkEXHSZNpAgcPwhA+cO5D0afEWz2HIx
-VeOh5NjN1EL0hX8clFW4bfkK1Vr0kjvbMUXnBWaibUgpiVQl9O9WjaKQLZrp4sRu
-x2kJ07Qn6ri7f/lsqOELZwBy95iHWRdePptaAKkRGxJstHI7dgUt
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml b/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
deleted file mode 100644
index a700d08c7..000000000
--- a/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-version: 0.1
-loglevel: debug
-storage:
- cache:
- blobdescriptor: inmemory
- filesystem:
- rootdirectory: /tmp/registry-dev
-http:
- addr: 0.0.0.0:5000
-compatibility:
- schema1:
- enabled: true
-auth:
- token:
- realm: "https://auth.localregistry:5559/token/"
- issuer: "registry-test"
- service: "registry-test"
- rootcertbundle: "/etc/docker/registry/tokenbundle.pem"
diff --git a/contrib/docker-integration/tokenserver-oauth/registry-config.yml b/contrib/docker-integration/tokenserver-oauth/registry-config.yml
deleted file mode 100644
index 226798b35..000000000
--- a/contrib/docker-integration/tokenserver-oauth/registry-config.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-version: 0.1
-loglevel: debug
-storage:
- cache:
- blobdescriptor: inmemory
- filesystem:
- rootdirectory: /tmp/registry-dev
-http:
- addr: 0.0.0.0:5000
- tls:
- certificate: "/etc/docker/registry/localregistry.cert"
- key: "/etc/docker/registry/localregistry.key"
-compatibility:
- schema1:
- enabled: true
-auth:
- token:
- realm: "https://auth.localregistry:5559/token/"
- issuer: "registry-test"
- service: "registry-test"
- rootcertbundle: "/etc/docker/registry/tokenbundle.pem"
diff --git a/contrib/docker-integration/tokenserver/.htpasswd b/contrib/docker-integration/tokenserver/.htpasswd
deleted file mode 100644
index 0bbf57400..000000000
--- a/contrib/docker-integration/tokenserver/.htpasswd
+++ /dev/null
@@ -1 +0,0 @@
-testuser:$2y$05$T2MlBvkN1R/yICNnLuf1leOlOfAY0DvybctbbWUFKlojfkShVgn4m
diff --git a/contrib/docker-integration/tokenserver/Dockerfile b/contrib/docker-integration/tokenserver/Dockerfile
deleted file mode 100644
index 762330cd2..000000000
--- a/contrib/docker-integration/tokenserver/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM dmcgowan/token-server@sha256:0eab50ebdff5b6b95b3addf4edbd8bd2f5b940f27b41b43c94afdf05863a81af
-
-WORKDIR /
-
-COPY ./.htpasswd /.htpasswd
-COPY ./certs/auth.localregistry.cert /tls.cert
-COPY ./certs/auth.localregistry.key /tls.key
-COPY ./certs/signing.key /sign.key
diff --git a/contrib/docker-integration/tokenserver/certs/auth.localregistry.cert b/contrib/docker-integration/tokenserver/certs/auth.localregistry.cert
deleted file mode 100644
index 4144ca168..000000000
--- a/contrib/docker-integration/tokenserver/certs/auth.localregistry.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDHDCCAgagAwIBAgIRAKhhQMnqZx+hkOmoUYgPb+kwCwYJKoZIhvcNAQELMCYx
-ETAPBgNVBAoTCFF1aWNrVExTMREwDwYDVQQDEwhRdWlja1RMUzAeFw0xNjAxMjgw
-MDQyMzFaFw0xOTAxMTIwMDQyMzFaMDAxETAPBgNVBAoTCFF1aWNrVExTMRswGQYD
-VQQDExJhdXRoLmxvY2FscmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQD1tUf1EghBlIRrE83yF4zDgRu7vH2Jo0kygKJUWtQQe+DfXyjjE/fg
-FdKnnoEjsIeF9hxNbTt0ldDz7/n97pbMhoiXULi9iq4jlgSzVL2XEAgrON0YSY/c
-Lmmd1KSa/pOUZr2WMAYPZ+FdQfE1W7SMNbErPefBqYdFzpZ+esAtvbajYwIjl8Vy
-9c4bidx4vgnNrR9GcFYibjC5sj8syh/OtbzzqiVGT8YcPpmMG6KNRkausa4gqpon
-NKYG8C3WDaiPCLYKcvFrFfdEWF/m2oj14eXACXT9iwp8r4bsLgXrZwqcpKOWfVRu
-qHC8aV476EYgxWCAOANExUdUaRt5wL/jAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIA
-oDAMBgNVHRMBAf8EAjAAMB0GA1UdEQQWMBSCEmF1dGgubG9jYWxyZWdpc3RyeTAL
-BgkqhkiG9w0BAQsDggEBABxPGK9FdGDxcLowNsExKnnZvmQT3H0u+Dux1gkp0AhH
-KOrmx3LUENUKLSgotzx133tgOgR5lzAWVFy7bhLwlPhOslxf2oEfztsAMd/tY8rW
-PrG2ZqYqlzEQQ9INbAc3woo5A3slN07uhP3F16jNqoMM4zRmw6Ba70CluGKT7x5+
-xVjKoWITLjWDXT5m35PnsN8CpBaFzXYcod/5p9XwCFp0s+aNxfpZECCV/3yqIr+J
-ALzroPh43FAlG96o4NyYZ2Msp63newN19R2+TgpV4nXuw2mLVDpvetP7RRqnpvj/
-qwRgt5j4hFjJWb61M0ELL7A9fA71h1ImdGCvnArdBQs=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver/certs/auth.localregistry.key b/contrib/docker-integration/tokenserver/certs/auth.localregistry.key
deleted file mode 100644
index 4c499bb21..000000000
--- a/contrib/docker-integration/tokenserver/certs/auth.localregistry.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA9bVH9RIIQZSEaxPN8heMw4Ebu7x9iaNJMoCiVFrUEHvg318o
-4xP34BXSp56BI7CHhfYcTW07dJXQ8+/5/e6WzIaIl1C4vYquI5YEs1S9lxAIKzjd
-GEmP3C5pndSkmv6TlGa9ljAGD2fhXUHxNVu0jDWxKz3nwamHRc6WfnrALb22o2MC
-I5fFcvXOG4nceL4Jza0fRnBWIm4wubI/LMofzrW886olRk/GHD6ZjBuijUZGrrGu
-IKqaJzSmBvAt1g2ojwi2CnLxaxX3RFhf5tqI9eHlwAl0/YsKfK+G7C4F62cKnKSj
-ln1UbqhwvGleO+hGIMVggDgDRMVHVGkbecC/4wIDAQABAoIBAQCrsjXKRwOF8CZo
-PLqZBWPT6hBbK+f9miC4LbNBhwbRTf9hl7mWlImOCTHe95/+NIk/Ty+P21jEqzwM
-ehETJPoziX9BXaL6sEHnlBlMx1aEjStoKKA3LJBeqAAdzk4IEQVHmlO4824IreqJ
-pF7Njnunzo0zTlr4tWJVoXsAfv5z9tNtdkxYBbIa0fjfGtlqXU3gLq58FCON3mB/
-NGc0AyA1UFGp0FzpdEcwTGD4InsXbcmsl2l/VPBJuZbryITRqWs6BbK++80DRhNt
-afMhP+IzKrWSCp0rBYrqqz6AevtlKdEfQK1yXPEjN/63QLMevt8mF/1JCp//TQnf
-Z6bIQbAhAoGBAP7vFA0PcvoXt9MXvvAwrKY1s6pNw4nWPG27qY1/m+DkBwP8IQms
-4AWGv1wscZzXJYTvaLO5/qjmGUj50ohcVEvyZJioh1pKXA8Chxvd6rBA/O/Lj5E0
-3MOSA5Q0gxJ0Mhv0zGbbyN5fY8D8zhxoqQP4LoW+UdZG2Oi6JxsQ9c9dAoGBAPa8
-U3bGuM5OGA9EWP7mkB/VnjDTL1aEIN3cOHbHIKwH/loxdYcNMBE7vwxV1CzgIzXT
-wsL0iE15fQdK938u0+um8aH5QtbWNI8tdk1XVjEC/i3C7N6WVUutneCKUDb4QxiB
-9OvWCbNNiN+xTKBBM93YlwO3GYfrW9Pmm9q1+hg/AoGBALJlUS22gun50PxaIJZq
-KVcCO2DQnCYHki/j48mN4+HjD/m85M2lePrFCYIR48syTyIQer9SR5+frVAA6k/b
-9G1VCQo+3MDVSkiCp1Nb3tBKGfYgB65ARMBinDiI6rPuNeaUTrkn0g+yxtaU0hLV
-Nnj9omia/x+oYj+xjI4HN0xNAoGARy92dSJIV104m88ATip/EnAzP6ruUWu1f8z1
-jW9OAdQckjEK03f+kjpGmGx61qekAPejjVO3r4KJi/0ZAtyjz61OsYiUvB748wYO
-x6mW+HUAmHtQk7eTzE2+6vV8xx9BXGTCIPiTu+N2xfMFRIcLS8odZ7j/6LMCv1Qd
-SzCNg0kCgYBaNlEs4pK1VxZZpEWwVmFpgIxfEfxLIaGrek6wBTcCn/VA2M0oHuez
-mlMio8VY0yWPBJz30JflDiTmYIvteLPMHT0N0J6isiXLhzJSFI4+cAMLE2Q5v8rz
-W+W5/L8YZeierW0qJat1BrgStaf5ZLpiOc9pKBSwycydPH5BfVdK/A==
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver/certs/ca.pem b/contrib/docker-integration/tokenserver/certs/ca.pem
deleted file mode 100644
index 0b585b3f2..000000000
--- a/contrib/docker-integration/tokenserver/certs/ca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC9TCCAd+gAwIBAgIQNS9SaFSFBN7Zvwjalrf2DDALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE2MDEyODAw
-NDIzMFoXDTE5MDExMjAwNDIzMFowJjERMA8GA1UEChMIUXVpY2tUTFMxETAPBgNV
-BAMTCFF1aWNrVExTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Pf
-fQ7VUTSXs12PRyrLDVDz7kPDbGNTt0vF7FYDmTTGOU3i62xZNOGuxBezAiVSV5A3
-lopwsv4OH7DRtSaPn+XCt1JDALna2WrjT0MshypMd5o2c3jmGUfAKf5gjizgIoEl
-d4e5aqEBuOQP+QCEde+8p8N1buQW+zMy9srM2O/7BFMIaQ07CWLlj3hIiF+L5rKD
-L6dWtKT7INRmRwpuZZnThEWnBSNgayrWek6G0i3y8QYTfVA1SwA+H3grJxy5NrLp
-GYXSmu2509mu0QAHhx05t1rJhwhFz/4sG7j8AggYeDXEqfQ/VIb/bvnW9bD+vrQ2
-ZnICvxnzNMYBx23BkQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAKQwDwYDVR0TAQH/
-BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBALvTi6E44Fltu83dFLVEj0kLtusI/TTH
-Tw6upoB5pRG+7A75w0Ii8bvvd2tNpBOg+L+80xyIFqaNkXhLKTN4lgtd7WiCuyb/
-w1BEuF/+RjCXhu6wQ/63ab46d6ctaQ1zjxlU2rQLQXQFALI8ntyn/TELc01HYkr2
-x3NHlbnBNlgI2CKXPeUBzvBylTCcdYGwoa+2ZPdIsFjle2aCIBoZ+WNZlIbFwgLh
-XCHwcbviC+thjqOneJpJZmRW9AxQ638ki6iGItdrJewCN/1dcL2KKjxnC5VHbpne
-SOjEPNXihY08Brl8myhFNtRRKZ55MJIYzDtVQSkCaT91Q3XX9tSZadY=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver/certs/localregistry.cert b/contrib/docker-integration/tokenserver/certs/localregistry.cert
deleted file mode 100644
index 105acc4f3..000000000
--- a/contrib/docker-integration/tokenserver/certs/localregistry.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDETCCAfugAwIBAgIQN7rT95eAy75c4n6/AsDJODALBgkqhkiG9w0BAQswJjER
-MA8GA1UEChMIUXVpY2tUTFMxETAPBgNVBAMTCFF1aWNrVExTMB4XDTE2MDEyODAw
-NDIzMloXDTE5MDExMjAwNDIzMlowKzERMA8GA1UEChMIUXVpY2tUTFMxFjAUBgNV
-BAMTDWxvY2FscmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDLi75QEkl/qekcoOJlNv9y1IXvrbU2ssl4ViJiZRjWx+/CkyCCOyf9YUpAgRLr
-Pskqde2mwhuNP8yBlOBb17Sapz7N3+hJi5j9vLBAFcamPeF3PqxjFv7j5TKkRmSI
-dFYQclREwMUd3qEH322KkqOnsEEfdmCgFqWORe+QR5AxzxQP3Pnd4OYH1yZCh0MQ
-P2pJgrxxf2I5I/m1AUgoHV1cdBbCv9LGohJPpMtwPC0dJpgMFcnf6hT37At236AY
-V437HiRruY7iPWkYFrSPWpwdslJ32MZvRN5RS163jZXjiZ7qWnQOiiDJfXe4evB/
-yQLN4m0qVQxsMz7rkY7OsqaXAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIAoDAMBgNV
-HRMBAf8EAjAAMBgGA1UdEQQRMA+CDWxvY2FscmVnaXN0cnkwCwYJKoZIhvcNAQEL
-A4IBAQAyUb3EuMaOylBeV8+4KeBiE4lxykDOwLLSk3jXRsVVtfJpX3v8l5vwo/Jf
-iG8tzzz+7uiskI96u3TsekUtVkUxujfKevMP+369K/59s7NRmwwlFMyB2fvL14B2
-oweVjWvM/8fZl6irtFdbJFXXRm7paKso5cmfImxhojAwohgcd4XTVLE/7juYa582
-AaBdRuIiyL71MU9qa1mC5+57AaSLPYaPKpahemgYYkV1Z403Kd6rXchxdQ8JIAL8
-+0oYTSC+svnz1tUU/V5E5id9LQaTmDN5iIVFhNpqAaZmR45UI86woWvnkMb8Ants
-4aknwTwY3300PuTqBdQufvOFDRN5
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver/certs/localregistry.key b/contrib/docker-integration/tokenserver/certs/localregistry.key
deleted file mode 100644
index cb69a0f3e..000000000
--- a/contrib/docker-integration/tokenserver/certs/localregistry.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAy4u+UBJJf6npHKDiZTb/ctSF7621NrLJeFYiYmUY1sfvwpMg
-gjsn/WFKQIES6z7JKnXtpsIbjT/MgZTgW9e0mqc+zd/oSYuY/bywQBXGpj3hdz6s
-Yxb+4+UypEZkiHRWEHJURMDFHd6hB99tipKjp7BBH3ZgoBaljkXvkEeQMc8UD9z5
-3eDmB9cmQodDED9qSYK8cX9iOSP5tQFIKB1dXHQWwr/SxqIST6TLcDwtHSaYDBXJ
-3+oU9+wLdt+gGFeN+x4ka7mO4j1pGBa0j1qcHbJSd9jGb0TeUUtet42V44me6lp0
-DoogyX13uHrwf8kCzeJtKlUMbDM+65GOzrKmlwIDAQABAoIBAF6vFMp+lz4RteSh
-Wm8m1FGAVwWVUpStOlcGClynFpTi0L88XYT3K7UMStQSttBDlqRv0ysdZF+ia+lj
-bbKLdvHyFp8CJzX/AB4YZgyJlKzEYFtuBhbaHZu5hIMyU5W+OELSTCznV0p7w4C8
-CGLLr+FTdhfCo1QU9NJn6fa9s2/XRdSClBBalAHYs0ZS7ZckaF/sPiC/VapfBMet
-qjJXNYiO6pXYriGWKF9zdAMfk2CM0BVWbnwQZkMSEQirrTcJwm3ezyloXCv2nywK
-/VzbUT1HJVyzo5oAwTd0MwDc2oEMiFzlfO028zY4LDltpia+SyWvFi5NaIqzFESc
-yLgJacECgYEA3jvH+ZQHQf42Md8TCciokaYvwWIKJdk4WRjbvE5cBZekyXAm7/3b
-/1VFDKsy2RPlfmfHP3wy9rlnjzsRveB5qaclgS8aI67AYsWd/yRgfRatl7Ve9bHl
-LY6VM5L/DZTxykcqivwjc77XoDuBfUKs6tyuSLQku+FOTbLtNYlUCHECgYEA6nkR
-lkXufyLmDhNb3093RsYvPcs1kGaIIGTnz3cxWNh485DgsyLBuYQ5ugupQkzM8YSt
-ohDTmVpggqjlXQxCg0Zw8gkEV0v8KsLGjn1CuTJg/mBArXlelq1FEeRAYC9/YfOz
-ocXegHV7wDKKtcraNZFsEc7Z0LwbC9wtzSFG44cCgYASkMX1CLPOhJE8e1lY0OWc
-PVjx++HDJbF6aAQ7aARyBygiF/d4xylw3EvHcinuTqY2eC8CE7siN3z6T0H9Ldqc
-HLWaZDf30SqLVd0MKprQ+GsKKIHFXtY5hxbZ1ybtmIrWjjl0oPnJOqFC5pW7xC0z
-9bmtozcKZxkmjpMYjN9zUQKBgQCqV6KLRerqunPgLfhE1/qTlE+l2QflDFhBEI3I
-j5NuNHZKnSphehK7sHAv1WD2Jc2OeRGb+BWCB8Ktqf5YBxwbOwW7EQnyUeW1OyP9
-SMs8uHj21P6oCNDLLr5LLUQHnPoyM1aBZLstICzziMR1JhY5bJjSpzBfEQmlKCSu
-LkrN6QKBgQCRXrBJRUxeJj7wCnCSq0Clf9NhCpQnwo4bEx8sKlj8K8ku8MvwQwoM
-3KfWc7bOl6A2/mM/k4yoHtBMM9X9xqYtsgeFhxuiWBcfTmTxWh73LQ48Kgbrgodt
-6yTccnjr7OtBidD85c6lgjAUgcL43QY8mlw0OhzXAZ2R5HWFp4ht+w==
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver/certs/signing.cert b/contrib/docker-integration/tokenserver/certs/signing.cert
deleted file mode 100644
index 45166f2d8..000000000
--- a/contrib/docker-integration/tokenserver/certs/signing.cert
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC9TCCAd+gAwIBAgIRAJ6IIisIZxL86oe3oeoAgWUwCwYJKoZIhvcNAQELMCYx
-ETAPBgNVBAoTCFF1aWNrVExTMREwDwYDVQQDEwhRdWlja1RMUzAeFw0xNjAxMjgw
-MDQyMzNaFw0xOTAxMTIwMDQyMzNaMBMxETAPBgNVBAoTCFF1aWNrVExTMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IXUwqSdO2QTj2ET6fJPGe+KWVnt
-QCQQWjkWVpOz8L2A29BRvv9z6lYNf9sOM0Xb5IUAgoZ/s3U6LNYT/RWYFBfeo40r
-Xd/MNKAn0kFsSb6BIKmUwPqFeqc8wiPX6yY4SbF1sUTkCTkw3yFHg/AIlwmhpFH3
-9mAmV+x0kTzFR/78ZDD5CUNS59bbu+7UqB06YrJuVEwPY98YixSPXTcaKimsUe+K
-IY8FQ6yN6l27MK56wlj4hw2gYz+cyBUBCExCgYMQlOSg2ilH4qYyFvccSDUH7jTA
-NwpsIBfdoUVbI+j2ivn+ZGD614LtIStGgUu0mDDVxVOWnRvq/z7LMaa2jwIDAQAB
-ozUwMzAOBgNVHQ8BAf8EBAMCAKAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0T
-AQH/BAIwADALBgkqhkiG9w0BAQsDggEBAJq3JzTLrIWCF8rHLTTm1icE9PjOO0sV
-a1wrmdJ6NwRbJ66dLZ/4G/NZjVOnce9WFHYLFSEG+wx5YVUPuJXpJaSdy0h8F0Uw
-hiJwgeVsGg7vcf4G6mWHrsauDOhylnD31UtYPX1Ao/jcntyyf+gCQpY1J/B8l1yU
-LNOwvWLVLpZwZ4ehbKA/UnDXgA+3uHvpzl//cPe0cnt+Mhrgzk5mIMwVR6zCZw1G
-oVutAHpv2PXxRwTMu51J+QtSL2b2w3mGHxDLpmz8UdXOtkxdpmDT8kIOtX0T5yGL
-29F3fa81iZPs02GWjSGOfOzmCCvaA4C5KJvY/WulF7OOgwvrBpQwqTI=
------END CERTIFICATE-----
diff --git a/contrib/docker-integration/tokenserver/certs/signing.key b/contrib/docker-integration/tokenserver/certs/signing.key
deleted file mode 100644
index 475625402..000000000
--- a/contrib/docker-integration/tokenserver/certs/signing.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA3IXUwqSdO2QTj2ET6fJPGe+KWVntQCQQWjkWVpOz8L2A29BR
-vv9z6lYNf9sOM0Xb5IUAgoZ/s3U6LNYT/RWYFBfeo40rXd/MNKAn0kFsSb6BIKmU
-wPqFeqc8wiPX6yY4SbF1sUTkCTkw3yFHg/AIlwmhpFH39mAmV+x0kTzFR/78ZDD5
-CUNS59bbu+7UqB06YrJuVEwPY98YixSPXTcaKimsUe+KIY8FQ6yN6l27MK56wlj4
-hw2gYz+cyBUBCExCgYMQlOSg2ilH4qYyFvccSDUH7jTANwpsIBfdoUVbI+j2ivn+
-ZGD614LtIStGgUu0mDDVxVOWnRvq/z7LMaa2jwIDAQABAoIBAD2tiNZv6DImSXo+
-sq0qQomEf/OBvWPFMnWppd/NK/TXa+UPHO4I0MjoDJqIEC6zCU+fC4d2St1MmlrT
-/X85vPFRw8mGwGxfHeRSLxEVj04I5GDYTWy0JQUrJUk/cTKp2/Bwm/RaylTyFAM0
-caYrSpvD69vjuTDFr7PDxM6iaqM53zK/vD8kCe81z+wN0UbAKsLlUOKztjH6SzL9
-uVOkekIT/j3L2xxyQhjmhfA3TuCP4uNK/+6/4ovl9Nj4pQsFomsCk4phgqy9SOm1
-4yufmVd8k7J3cppMlMPNc+7tqe2Xn593Y8QT95y3yhtkFECF70yBw64HMDDpA22p
-5b/JV9ECgYEA9H4RBXOwbdjcpCa9H3mFjHqUQCqNme1vOSGiflZh9KBCDKgdqugm
-KHpvAECADie0p6XRHpxRvufKnGFkJwedfeiKz51T+0dqgPxWncYT1TC+cAjOSzfM
-wBpUOcAyvTTviwGbg4bLanHo4remzCbcnRvHQX4YfPFCjT9GhsU+XEUCgYEA5ubz
-IlSu1wwFJpoO24ZykGUyqGUQXzR0NrXiLrpF0764qjmHyF8SPJPv1XegSxP/nUTz
-SjVfJ7wye/X9qlOpBY8mzy9qQMMKc1cQBV1yVW8IRZ7pMYQZO7qmrZD/DWTa5qWt
-pqSbIH2FKedELsKJA/SBtczKjspOdDKyh0UelsMCgYA7DyTfc0XAEy2hPXZb3wgC
-mi2rnlvcPf2rCFPvPsCkzf2GfynDehaVmpWrsuj8Al1iTezI/yvD+Mv5oJEH2JAT
-tROq+S8rOOIiTFJEBHAQBJlMCOSESPNdyD5mQOZAzEO9CWNejzYd/WwrL//Luut5
-zBcC3AngTIsuAYXw0j6xHQKBgQDamkAJep7k3W5q82OplgoUhpqFLtlnKSP1QBFZ
-J+U/6Mqv7jONEeUUEQL42H6bVd2kqUikMw9ZcSVikquLfBUDPFoDwOIZWg4k0IJM
-cgHyvGHad+5SgLva/oUawbGWnqtXvfc/U4vCINPXrimxE1/grLW4xp/mu8W24OCA
-jIG/PQKBgD/Apl+sfqiB/6ONBjjIswA4yFkEXHSZNpAgcPwhA+cO5D0afEWz2HIx
-VeOh5NjN1EL0hX8clFW4bfkK1Vr0kjvbMUXnBWaibUgpiVQl9O9WjaKQLZrp4sRu
-x2kJ07Qn6ri7f/lsqOELZwBy95iHWRdePptaAKkRGxJstHI7dgUt
------END RSA PRIVATE KEY-----
diff --git a/contrib/docker-integration/tokenserver/registry-config.yml b/contrib/docker-integration/tokenserver/registry-config.yml
deleted file mode 100644
index b9efdd3a0..000000000
--- a/contrib/docker-integration/tokenserver/registry-config.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-version: 0.1
-loglevel: debug
-storage:
- cache:
- blobdescriptor: inmemory
- filesystem:
- rootdirectory: /tmp/registry-dev
-http:
- addr: 0.0.0.0:5000
- tls:
- certificate: "/etc/docker/registry/localregistry.cert"
- key: "/etc/docker/registry/localregistry.key"
-compatibility:
- schema1:
- enabled: true
-auth:
- token:
- realm: "https://auth.localregistry:5556/token/"
- issuer: "registry-test"
- service: "registry-test"
- rootcertbundle: "/etc/docker/registry/tokenbundle.pem"
diff --git a/contrib/token-server/errors.go b/contrib/token-server/errors.go
deleted file mode 100644
index 297832391..000000000
--- a/contrib/token-server/errors.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package main
-
-import (
- "net/http"
-
- "github.com/distribution/distribution/v3/registry/api/errcode"
-)
-
-var (
- errGroup = "tokenserver"
-
- // ErrorBadTokenOption is returned when a token parameter is invalid
- ErrorBadTokenOption = errcode.Register(errGroup, errcode.ErrorDescriptor{
- Value: "BAD_TOKEN_OPTION",
- Message: "bad token option",
- Description: `This error may be returned when a request for a
- token contains an option which is not valid`,
- HTTPStatusCode: http.StatusBadRequest,
- })
-
- // ErrorMissingRequiredField is returned when a required form field is missing
- ErrorMissingRequiredField = errcode.Register(errGroup, errcode.ErrorDescriptor{
- Value: "MISSING_REQUIRED_FIELD",
- Message: "missing required field",
- Description: `This error may be returned when a request for a
- token does not contain a required form field`,
- HTTPStatusCode: http.StatusBadRequest,
- })
-
- // ErrorUnsupportedValue is returned when a form field has an unsupported value
- ErrorUnsupportedValue = errcode.Register(errGroup, errcode.ErrorDescriptor{
- Value: "UNSUPPORTED_VALUE",
- Message: "unsupported value",
- Description: `This error may be returned when a request for a
- token contains a form field with an unsupported value`,
- HTTPStatusCode: http.StatusBadRequest,
- })
-)
diff --git a/contrib/token-server/main.go b/contrib/token-server/main.go
deleted file mode 100644
index 9a42976ef..000000000
--- a/contrib/token-server/main.go
+++ /dev/null
@@ -1,431 +0,0 @@
-package main
-
-import (
- "context"
- "crypto/rand"
- "encoding/json"
- "flag"
- "math/big"
- "net/http"
- "strconv"
- "strings"
- "time"
-
- dcontext "github.com/distribution/distribution/v3/context"
- "github.com/distribution/distribution/v3/registry/api/errcode"
- "github.com/distribution/distribution/v3/registry/auth"
- _ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
- "github.com/docker/libtrust"
- "github.com/gorilla/mux"
- "github.com/sirupsen/logrus"
-)
-
-var enforceRepoClass bool
-
-func main() {
- var (
- issuer = &TokenIssuer{}
- pkFile string
- addr string
- debug bool
- err error
-
- passwdFile string
- realm string
-
- cert string
- certKey string
- )
-
- flag.StringVar(&issuer.Issuer, "issuer", "distribution-token-server", "Issuer string for token")
- flag.StringVar(&pkFile, "key", "", "Private key file")
- flag.StringVar(&addr, "addr", "localhost:8080", "Address to listen on")
- flag.BoolVar(&debug, "debug", false, "Debug mode")
-
- flag.StringVar(&passwdFile, "passwd", ".htpasswd", "Passwd file")
- flag.StringVar(&realm, "realm", "", "Authentication realm")
-
- flag.StringVar(&cert, "tlscert", "", "Certificate file for TLS")
- flag.StringVar(&certKey, "tlskey", "", "Certificate key for TLS")
-
- flag.BoolVar(&enforceRepoClass, "enforce-class", false, "Enforce policy for single repository class")
-
- flag.Parse()
-
- if debug {
- logrus.SetLevel(logrus.DebugLevel)
- }
-
- if pkFile == "" {
- issuer.SigningKey, err = libtrust.GenerateECP256PrivateKey()
- if err != nil {
- logrus.Fatalf("Error generating private key: %v", err)
- }
- logrus.Debugf("Using newly generated key with id %s", issuer.SigningKey.KeyID())
- } else {
- issuer.SigningKey, err = libtrust.LoadKeyFile(pkFile)
- if err != nil {
- logrus.Fatalf("Error loading key file %s: %v", pkFile, err)
- }
- logrus.Debugf("Loaded private key with id %s", issuer.SigningKey.KeyID())
- }
-
- if realm == "" {
- logrus.Fatalf("Must provide realm")
- }
-
- ac, err := auth.GetAccessController("htpasswd", map[string]interface{}{
- "realm": realm,
- "path": passwdFile,
- })
- if err != nil {
- logrus.Fatalf("Error initializing access controller: %v", err)
- }
-
- // TODO: Make configurable
- issuer.Expiration = 15 * time.Minute
-
- ctx := dcontext.Background()
-
- ts := &tokenServer{
- issuer: issuer,
- accessController: ac,
- refreshCache: map[string]refreshToken{},
- }
-
- router := mux.NewRouter()
- router.Path("/token/").Methods(http.MethodGet).Handler(handlerWithContext(ctx, ts.getToken))
- router.Path("/token/").Methods(http.MethodPost).Handler(handlerWithContext(ctx, ts.postToken))
-
- if cert == "" {
- err = http.ListenAndServe(addr, router)
- } else if certKey == "" {
- logrus.Fatalf("Must provide certficate (-tlscert) and key (-tlskey)")
- } else {
- err = http.ListenAndServeTLS(addr, cert, certKey, router)
- }
-
- if err != nil {
- logrus.Infof("Error serving: %v", err)
- }
-}
-
-// handlerWithContext wraps the given context-aware handler by setting up the
-// request context from a base context.
-func handlerWithContext(ctx context.Context, handler func(context.Context, http.ResponseWriter, *http.Request)) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- ctx := dcontext.WithRequest(ctx, r)
- logger := dcontext.GetRequestLogger(ctx)
- ctx = dcontext.WithLogger(ctx, logger)
-
- handler(ctx, w, r)
- })
-}
-
-func handleError(ctx context.Context, err error, w http.ResponseWriter) {
- ctx, w = dcontext.WithResponseWriter(ctx, w)
-
- if serveErr := errcode.ServeJSON(w, err); serveErr != nil {
- dcontext.GetResponseLogger(ctx).Errorf("error sending error response: %v", serveErr)
- return
- }
-
- dcontext.GetResponseLogger(ctx).Info("application error")
-}
-
-var refreshCharacters = []rune("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-
-const refreshTokenLength = 15
-
-func newRefreshToken() string {
- s := make([]rune, refreshTokenLength)
- max := int64(len(refreshCharacters))
- for i := range s {
- randInt, err := rand.Int(rand.Reader, big.NewInt(max))
- // let '0' serves the failure case
- if err != nil {
- logrus.Infof("Error on making refersh token: %v", err)
- randInt = big.NewInt(0)
- }
- s[i] = refreshCharacters[randInt.Int64()]
- }
- return string(s)
-}
-
-type refreshToken struct {
- subject string
- service string
-}
-
-type tokenServer struct {
- issuer *TokenIssuer
- accessController auth.AccessController
- refreshCache map[string]refreshToken
-}
-
-type tokenResponse struct {
- Token string `json:"access_token"`
- RefreshToken string `json:"refresh_token,omitempty"`
- ExpiresIn int `json:"expires_in,omitempty"`
-}
-
-var repositoryClassCache = map[string]string{}
-
-func filterAccessList(ctx context.Context, scope string, requestedAccessList []auth.Access) []auth.Access {
- if !strings.HasSuffix(scope, "/") {
- scope = scope + "/"
- }
- grantedAccessList := make([]auth.Access, 0, len(requestedAccessList))
- for _, access := range requestedAccessList {
- if access.Type == "repository" {
- if !strings.HasPrefix(access.Name, scope) {
- dcontext.GetLogger(ctx).Debugf("Resource scope not allowed: %s", access.Name)
- continue
- }
- if enforceRepoClass {
- if class, ok := repositoryClassCache[access.Name]; ok {
- if class != access.Class {
- dcontext.GetLogger(ctx).Debugf("Different repository class: %q, previously %q", access.Class, class)
- continue
- }
- } else if strings.EqualFold(access.Action, "push") {
- repositoryClassCache[access.Name] = access.Class
- }
- }
- } else if access.Type == "registry" {
- if access.Name != "catalog" {
- dcontext.GetLogger(ctx).Debugf("Unknown registry resource: %s", access.Name)
- continue
- }
- // TODO: Limit some actions to "admin" users
- } else {
- dcontext.GetLogger(ctx).Debugf("Skipping unsupported resource type: %s", access.Type)
- continue
- }
- grantedAccessList = append(grantedAccessList, access)
- }
- return grantedAccessList
-}
-
-type acctSubject struct{}
-
-func (acctSubject) String() string { return "acctSubject" }
-
-type requestedAccess struct{}
-
-func (requestedAccess) String() string { return "requestedAccess" }
-
-type grantedAccess struct{}
-
-func (grantedAccess) String() string { return "grantedAccess" }
-
-// getToken handles authenticating the request and authorizing access to the
-// requested scopes.
-func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
- dcontext.GetLogger(ctx).Info("getToken")
-
- params := r.URL.Query()
- service := params.Get("service")
- scopeSpecifiers := params["scope"]
- var offline bool
- if offlineStr := params.Get("offline_token"); offlineStr != "" {
- var err error
- offline, err = strconv.ParseBool(offlineStr)
- if err != nil {
- handleError(ctx, ErrorBadTokenOption.WithDetail(err), w)
- return
- }
- }
-
- requestedAccessList := ResolveScopeSpecifiers(ctx, scopeSpecifiers)
-
- authorizedCtx, err := ts.accessController.Authorized(ctx, requestedAccessList...)
- if err != nil {
- challenge, ok := err.(auth.Challenge)
- if !ok {
- handleError(ctx, err, w)
- return
- }
-
- // Get response context.
- ctx, w = dcontext.WithResponseWriter(ctx, w)
-
- challenge.SetHeaders(r, w)
- handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail(challenge.Error()), w)
-
- dcontext.GetResponseLogger(ctx).Info("get token authentication challenge")
-
- return
- }
- ctx = authorizedCtx
-
- username := dcontext.GetStringValue(ctx, "auth.user.name")
-
- ctx = context.WithValue(ctx, acctSubject{}, username)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, acctSubject{}))
-
- dcontext.GetLogger(ctx).Info("authenticated client")
-
- ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, requestedAccess{}))
-
- grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
- ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, grantedAccess{}))
-
- token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
- if err != nil {
- handleError(ctx, err, w)
- return
- }
-
- dcontext.GetLogger(ctx).Info("authorized client")
-
- response := tokenResponse{
- Token: token,
- ExpiresIn: int(ts.issuer.Expiration.Seconds()),
- }
-
- if offline {
- response.RefreshToken = newRefreshToken()
- ts.refreshCache[response.RefreshToken] = refreshToken{
- subject: username,
- service: service,
- }
- }
-
- ctx, w = dcontext.WithResponseWriter(ctx, w)
-
- w.Header().Set("Content-Type", "application/json")
- json.NewEncoder(w).Encode(response)
-
- dcontext.GetResponseLogger(ctx).Info("get token complete")
-}
-
-type postTokenResponse struct {
- Token string `json:"access_token"`
- Scope string `json:"scope,omitempty"`
- ExpiresIn int `json:"expires_in,omitempty"`
- IssuedAt string `json:"issued_at,omitempty"`
- RefreshToken string `json:"refresh_token,omitempty"`
-}
-
-// postToken handles authenticating the request and authorizing access to the
-// requested scopes.
-func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
- grantType := r.PostFormValue("grant_type")
- if grantType == "" {
- handleError(ctx, ErrorMissingRequiredField.WithDetail("missing grant_type value"), w)
- return
- }
-
- service := r.PostFormValue("service")
- if service == "" {
- handleError(ctx, ErrorMissingRequiredField.WithDetail("missing service value"), w)
- return
- }
-
- clientID := r.PostFormValue("client_id")
- if clientID == "" {
- handleError(ctx, ErrorMissingRequiredField.WithDetail("missing client_id value"), w)
- return
- }
-
- var offline bool
- switch r.PostFormValue("access_type") {
- case "", "online":
- case "offline":
- offline = true
- default:
- handleError(ctx, ErrorUnsupportedValue.WithDetail("unknown access_type value"), w)
- return
- }
-
- requestedAccessList := ResolveScopeList(ctx, r.PostFormValue("scope"))
-
- var subject string
- var rToken string
- switch grantType {
- case "refresh_token":
- rToken = r.PostFormValue("refresh_token")
- if rToken == "" {
- handleError(ctx, ErrorUnsupportedValue.WithDetail("missing refresh_token value"), w)
- return
- }
- rt, ok := ts.refreshCache[rToken]
- if !ok || rt.service != service {
- handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail("invalid refresh token"), w)
- return
- }
- subject = rt.subject
- case "password":
- ca, ok := ts.accessController.(auth.CredentialAuthenticator)
- if !ok {
- handleError(ctx, ErrorUnsupportedValue.WithDetail("password grant type not supported"), w)
- return
- }
- subject = r.PostFormValue("username")
- if subject == "" {
- handleError(ctx, ErrorUnsupportedValue.WithDetail("missing username value"), w)
- return
- }
- password := r.PostFormValue("password")
- if password == "" {
- handleError(ctx, ErrorUnsupportedValue.WithDetail("missing password value"), w)
- return
- }
- if err := ca.AuthenticateUser(subject, password); err != nil {
- handleError(ctx, errcode.ErrorCodeUnauthorized.WithDetail("invalid credentials"), w)
- return
- }
- default:
- handleError(ctx, ErrorUnsupportedValue.WithDetail("unknown grant_type value"), w)
- return
- }
-
- ctx = context.WithValue(ctx, acctSubject{}, subject)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, acctSubject{}))
-
- dcontext.GetLogger(ctx).Info("authenticated client")
-
- ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, requestedAccess{}))
-
- grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
- ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
- ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx, grantedAccess{}))
-
- token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
- if err != nil {
- handleError(ctx, err, w)
- return
- }
-
- dcontext.GetLogger(ctx).Info("authorized client")
-
- response := postTokenResponse{
- Token: token,
- ExpiresIn: int(ts.issuer.Expiration.Seconds()),
- IssuedAt: time.Now().UTC().Format(time.RFC3339),
- Scope: ToScopeList(grantedAccessList),
- }
-
- if offline {
- rToken = newRefreshToken()
- ts.refreshCache[rToken] = refreshToken{
- subject: subject,
- service: service,
- }
- }
-
- if rToken != "" {
- response.RefreshToken = rToken
- }
-
- ctx, w = dcontext.WithResponseWriter(ctx, w)
-
- w.Header().Set("Content-Type", "application/json")
- json.NewEncoder(w).Encode(response)
-
- dcontext.GetResponseLogger(ctx).Info("post token complete")
-}
diff --git a/contrib/token-server/token.go b/contrib/token-server/token.go
deleted file mode 100644
index dc0956d4a..000000000
--- a/contrib/token-server/token.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package main
-
-import (
- "context"
- "crypto"
- "crypto/rand"
- "encoding/base64"
- "encoding/json"
- "fmt"
- "io"
- "regexp"
- "strings"
- "time"
-
- dcontext "github.com/distribution/distribution/v3/context"
- "github.com/distribution/distribution/v3/registry/auth"
- "github.com/distribution/distribution/v3/registry/auth/token"
- "github.com/docker/libtrust"
-)
-
-// ResolveScopeSpecifiers converts a list of scope specifiers from a token
-// request's `scope` query parameters into a list of standard access objects.
-func ResolveScopeSpecifiers(ctx context.Context, scopeSpecs []string) []auth.Access {
- requestedAccessSet := make(map[auth.Access]struct{}, 2*len(scopeSpecs))
-
- for _, scopeSpecifier := range scopeSpecs {
- // There should be 3 parts, separated by a `:` character.
- parts := strings.SplitN(scopeSpecifier, ":", 3)
-
- if len(parts) != 3 {
- dcontext.GetLogger(ctx).Infof("ignoring unsupported scope format %s", scopeSpecifier)
- continue
- }
-
- resourceType, resourceName, actions := parts[0], parts[1], parts[2]
-
- resourceType, resourceClass := splitResourceClass(resourceType)
- if resourceType == "" {
- continue
- }
-
- // Actions should be a comma-separated list of actions.
- for _, action := range strings.Split(actions, ",") {
- requestedAccess := auth.Access{
- Resource: auth.Resource{
- Type: resourceType,
- Class: resourceClass,
- Name: resourceName,
- },
- Action: action,
- }
-
- // Add this access to the requested access set.
- requestedAccessSet[requestedAccess] = struct{}{}
- }
- }
-
- requestedAccessList := make([]auth.Access, 0, len(requestedAccessSet))
- for requestedAccess := range requestedAccessSet {
- requestedAccessList = append(requestedAccessList, requestedAccess)
- }
-
- return requestedAccessList
-}
-
-var typeRegexp = regexp.MustCompile(`^([a-z0-9]+)(\([a-z0-9]+\))?$`)
-
-func splitResourceClass(t string) (string, string) {
- matches := typeRegexp.FindStringSubmatch(t)
- if len(matches) < 2 {
- return "", ""
- }
- if len(matches) == 2 || len(matches[2]) < 2 {
- return matches[1], ""
- }
- return matches[1], matches[2][1 : len(matches[2])-1]
-}
-
-// ResolveScopeList converts a scope list from a token request's
-// `scope` parameter into a list of standard access objects.
-func ResolveScopeList(ctx context.Context, scopeList string) []auth.Access {
- scopes := strings.Split(scopeList, " ")
- return ResolveScopeSpecifiers(ctx, scopes)
-}
-
-func scopeString(a auth.Access) string {
- if a.Class != "" {
- return fmt.Sprintf("%s(%s):%s:%s", a.Type, a.Class, a.Name, a.Action)
- }
- return fmt.Sprintf("%s:%s:%s", a.Type, a.Name, a.Action)
-}
-
-// ToScopeList converts a list of access to a
-// scope list string
-func ToScopeList(access []auth.Access) string {
- var s []string
- for _, a := range access {
- s = append(s, scopeString(a))
- }
- return strings.Join(s, ",")
-}
-
-// TokenIssuer represents an issuer capable of generating JWT tokens
-type TokenIssuer struct {
- Issuer string
- SigningKey libtrust.PrivateKey
- Expiration time.Duration
-}
-
-// CreateJWT creates and signs a JSON Web Token for the given subject and
-// audience with the granted access.
-func (issuer *TokenIssuer) CreateJWT(subject string, audience string, grantedAccessList []auth.Access) (string, error) {
- // Make a set of access entries to put in the token's claimset.
- resourceActionSets := make(map[auth.Resource]map[string]struct{}, len(grantedAccessList))
- for _, access := range grantedAccessList {
- actionSet, exists := resourceActionSets[access.Resource]
- if !exists {
- actionSet = map[string]struct{}{}
- resourceActionSets[access.Resource] = actionSet
- }
- actionSet[access.Action] = struct{}{}
- }
-
- accessEntries := make([]*token.ResourceActions, 0, len(resourceActionSets))
- for resource, actionSet := range resourceActionSets {
- actions := make([]string, 0, len(actionSet))
- for action := range actionSet {
- actions = append(actions, action)
- }
-
- accessEntries = append(accessEntries, &token.ResourceActions{
- Type: resource.Type,
- Class: resource.Class,
- Name: resource.Name,
- Actions: actions,
- })
- }
-
- randomBytes := make([]byte, 15)
- _, err := io.ReadFull(rand.Reader, randomBytes)
- if err != nil {
- return "", err
- }
- randomID := base64.URLEncoding.EncodeToString(randomBytes)
-
- now := time.Now()
-
- signingHash := crypto.SHA256
- var alg string
- switch issuer.SigningKey.KeyType() {
- case "RSA":
- alg = "RS256"
- case "EC":
- alg = "ES256"
- default:
- panic(fmt.Errorf("unsupported signing key type %q", issuer.SigningKey.KeyType()))
- }
-
- joseHeader := token.Header{
- Type: "JWT",
- SigningAlg: alg,
- }
-
- if x5c := issuer.SigningKey.GetExtendedField("x5c"); x5c != nil {
- joseHeader.X5c = x5c.([]string)
- } else {
- var jwkMessage json.RawMessage
- jwkMessage, err = issuer.SigningKey.PublicKey().MarshalJSON()
- if err != nil {
- return "", err
- }
- joseHeader.RawJWK = &jwkMessage
- }
-
- exp := issuer.Expiration
- if exp == 0 {
- exp = 5 * time.Minute
- }
-
- claimSet := token.ClaimSet{
- Issuer: issuer.Issuer,
- Subject: subject,
- Audience: []string{audience},
- Expiration: now.Add(exp).Unix(),
- NotBefore: now.Unix(),
- IssuedAt: now.Unix(),
- JWTID: randomID,
-
- Access: accessEntries,
- }
-
- var (
- joseHeaderBytes []byte
- claimSetBytes []byte
- )
-
- if joseHeaderBytes, err = json.Marshal(joseHeader); err != nil {
- return "", fmt.Errorf("unable to encode jose header: %s", err)
- }
- if claimSetBytes, err = json.Marshal(claimSet); err != nil {
- return "", fmt.Errorf("unable to encode claim set: %s", err)
- }
-
- encodedJoseHeader := joseBase64Encode(joseHeaderBytes)
- encodedClaimSet := joseBase64Encode(claimSetBytes)
- encodingToSign := fmt.Sprintf("%s.%s", encodedJoseHeader, encodedClaimSet)
-
- var signatureBytes []byte
- if signatureBytes, _, err = issuer.SigningKey.Sign(strings.NewReader(encodingToSign), signingHash); err != nil {
- return "", fmt.Errorf("unable to sign jwt payload: %s", err)
- }
-
- signature := joseBase64Encode(signatureBytes)
-
- return fmt.Sprintf("%s.%s", encodingToSign, signature), nil
-}
-
-func joseBase64Encode(data []byte) string {
- return strings.TrimRight(base64.URLEncoding.EncodeToString(data), "=")
-}
diff --git a/contrib/token-server/token_test.go b/contrib/token-server/token_test.go
deleted file mode 100644
index ea93ad4c2..000000000
--- a/contrib/token-server/token_test.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package main
-
-import (
- "crypto/rand"
- "crypto/rsa"
- "encoding/base64"
- "errors"
- "strings"
- "testing"
- "time"
-
- "github.com/distribution/distribution/v3/registry/auth"
- "github.com/docker/libtrust"
-)
-
-func TestCreateJWTSuccessWithEmptyACL(t *testing.T) {
- key, err := rsa.GenerateKey(rand.Reader, 1024)
- if err != nil {
- t.Fatal(err)
- }
- pk, err := libtrust.FromCryptoPrivateKey(key)
- if err != nil {
- t.Fatal(err)
- }
- tokenIssuer := TokenIssuer{
- Expiration: time.Duration(100),
- Issuer: "localhost",
- SigningKey: pk,
- }
-
- grantedAccessList := make([]auth.Access, 0)
- token, err := tokenIssuer.CreateJWT("test", "test", grantedAccessList)
- if err != nil {
- t.Fatal(err)
- }
-
- tokens := strings.Split(token, ".")
-
- if len(token) == 0 {
- t.Fatal("token not generated.")
- }
-
- json, err := decodeJWT(tokens[1])
- if err != nil {
- t.Fatal(err)
- }
-
- if !strings.Contains(json, "test") {
- t.Fatal("Valid token was not generated.")
- }
-}
-
-func decodeJWT(rawToken string) (string, error) {
- data, err := joseBase64Decode(rawToken)
- if err != nil {
- return "", errors.New("Error in Decoding base64 String")
- }
- return data, nil
-}
-
-func joseBase64Decode(s string) (string, error) {
- switch len(s) % 4 {
- case 0:
- case 2:
- s += "=="
- case 3:
- s += "="
- default:
- {
- return "", errors.New("Invalid base64 String")
- }
- }
- data, err := base64.StdEncoding.DecodeString(s)
- if err != nil {
- return "", err // errors.New("Error in Decoding base64 String")
- }
- return string(data), nil
-}