func (m *MenderAuthManager) AuthToken() (client.AuthToken, error) {
data, err := m.store.ReadAll(authTokenName)
if err != nil {
if os.IsNotExist(err) {
return noAuthToken, nil
}
return noAuthToken, errors.Wrapf(err, "failed to read auth token data")
}
return client.AuthToken(data), nil
}
func (m *MenderAuthManager) MakeAuthRequest() (*client.AuthRequest, error) {
var err error
authd := client.AuthReqData{}
idata, err := m.idSrc.Get()
if err != nil {
return nil, errors.Wrapf(err, "failed to obtain identity data")
}
authd.IdData = idata
// fill device public key
authd.Pubkey, err = m.keyStore.PublicPEM()
if err != nil {
return nil, errors.Wrapf(err, "failed to obtain device public key")
}
tentok := strings.TrimSpace(string(m.tenantToken))
log.Debugf("tenant token: %s", tentok)
// fill tenant token
authd.TenantToken = string(tentok)
// fetch sequence number
num, err := m.seqNum.Get()
if err != nil {
return nil, errors.Wrapf(err, "failed to obtain sequence number")
}
authd.SeqNumber = num
log.Debugf("authorization data: %v", authd)
reqdata, err := authd.ToBytes()
if err != nil {
return nil, errors.Wrapf(err, "failed to convert auth request data")
}
// generate signature
sig, err := m.keyStore.Sign(reqdata)
if err != nil {
return nil, errors.Wrapf(err, "failed to sign auth request")
}
return &client.AuthRequest{
Data: reqdata,
Token: client.AuthToken(tentok),
Signature: sig,
}, nil
}
func NewAuthManager(conf AuthManagerConfig) AuthManager {
if conf.KeyStore == nil || conf.IdentitySource == nil ||
conf.AuthDataStore == nil {
return nil
}
mgr := &MenderAuthManager{
store: conf.AuthDataStore,
keyStore: conf.KeyStore,
idSrc: conf.IdentitySource,
seqNum: NewFileSeqnum(authSeqName, conf.AuthDataStore),
tenantToken: client.AuthToken(conf.TenantToken),
}
if err := mgr.keyStore.Load(); err != nil && !IsNoKeys(err) {
log.Errorf("failed to load device keys: %v", err)
return nil
}
return mgr
}
func TestMenderAuthorize(t *testing.T) {
runner := newTestOSCalls("", -1)
rspdata := []byte("foobar")
atok := client.AuthToken("authorized")
authMgr := &testAuthManager{
authorized: true,
authtoken: atok,
}
srv := cltest.NewClientTestServer()
defer srv.Close()
mender := newTestMender(&runner,
menderConfig{
ServerURL: srv.URL,
},
testMenderPieces{
MenderPieces: MenderPieces{
authMgr: authMgr,
},
})
// we should start with no token
assert.Equal(t, noAuthToken, mender.authToken)
// 1. client already authorized
err := mender.Authorize()
assert.NoError(t, err)
// no need to build send request if auth data is valid
assert.False(t, srv.Auth.Called)
assert.Equal(t, atok, mender.authToken)
// 2. pretend caching of authorization code fails
authMgr.authtokenErr = errors.New("auth code load failed")
mender.authToken = noAuthToken
err = mender.Authorize()
assert.Error(t, err)
// no need to build send request if auth data is valid
assert.False(t, srv.Auth.Called)
assert.Equal(t, noAuthToken, mender.authToken)
authMgr.authtokenErr = nil
// 3. call the server, server denies authorization
authMgr.authorized = false
err = mender.Authorize()
assert.Error(t, err)
assert.False(t, err.IsFatal())
assert.True(t, srv.Auth.Called)
assert.Equal(t, noAuthToken, mender.authToken)
// 4. pretend authorization manager fails to parse response
srv.Auth.Called = false
authMgr.testAuthDataMessenger.rspError = errors.New("response parse error")
// we need the server authorize the client
srv.Auth.Authorize = true
srv.Auth.Token = rspdata
err = mender.Authorize()
assert.Error(t, err)
assert.False(t, err.IsFatal())
assert.True(t, srv.Auth.Called)
// response data should be passed verbatim to AuthDataMessenger interface
assert.Equal(t, rspdata, authMgr.testAuthDataMessenger.rspData)
// 5. authorization manger throws no errors, server authorizes the client
srv.Auth.Called = false
authMgr.testAuthDataMessenger.rspError = nil
// server will authorize the client
srv.Auth.Authorize = true
srv.Auth.Token = rspdata
err = mender.Authorize()
// all good
assert.NoError(t, err)
// Authorize() should have reloaded the cache (token comes from mock
// auth manager)
assert.Equal(t, atok, mender.authToken)
}