func createAuthTokenFunc(keyPath string) func(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
return func(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
service := r.URL.Query().Get("service")
scope, _ := token.ParseScope(r.URL.Query().Get("scope"))
token, err := token.NewJwtToken(r.Username, service, scope, keyPath)
log.Println(utils.PrettyPrint(token.Claim()))
if err != nil {
log.Println("error:", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
signed, err := token.SignedString()
if err != nil {
log.Println("error:", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
js, err := json.Marshal(TokenResponse{Token: signed})
if err != nil {
log.Println("error:", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(js)
}
}
func TestJwtTokenProperties(t *testing.T) {
assert := assert.New(t)
const keyPath = "../vagrant/conf/ca_bundle/server.key"
scope := NewScope("repository", "duncan", []string{"push", "pull"})
token, err := NewJwtToken("duncan", "registry.test.lan", scope, keyPath)
assert.Nil(err)
kid, err := token.jwtKid()
assert.Nil(err)
assert.Equal("NSN7:VDFR:FTW6:WBBB:7WQK:ABNJ:7CI5:M6YU:7FSD:QS45:A2BR:PAMO", kid)
log.Printf(utils.PrettyPrint(token.Claim()))
assert.Equal("registry.test.lan", token.Claim()["aud"])
signed, err := token.SignedString()
assert.Nil(err)
tokenParts := strings.Split(signed, ".")
assert.Equal(3, len(tokenParts))
}