Exemple #1
0
func (s *agentSuite) TestAgentLogin(c *gc.C) {
	u, err := url.Parse(s.discharger.URL)
	c.Assert(err, gc.IsNil)
	for i, test := range agentLoginTests {
		c.Logf("%d. %s", i, test.about)
		s.discharger.LoginHandler = test.loginHandler
		client := httpbakery.NewClient()
		client.Key, err = bakery.GenerateKey()
		c.Assert(err, gc.IsNil)
		err = agent.SetUpAuth(client, u, "test-user")
		c.Assert(err, gc.IsNil)
		m, err := s.bakery.NewMacaroon("", nil, []checkers.Caveat{{
			Location:  s.discharger.URL,
			Condition: "test condition",
		}})
		c.Assert(err, gc.IsNil)
		ms, err := client.DischargeAll(m)
		if test.expectError != "" {
			c.Assert(err, gc.ErrorMatches, test.expectError)
			continue
		}
		c.Assert(err, gc.IsNil)
		err = s.bakery.Check(ms, bakery.FirstPartyCheckerFunc(
			func(caveat string) error {
				return nil
			},
		))
		c.Assert(err, gc.IsNil)
	}
}
Exemple #2
0
// targetService implements a "target service", representing
// an arbitrary web service that wants to delegate authorization
// to third parties.
func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) {
	key, err := bakery.GenerateKey()
	if err != nil {
		return nil, err
	}
	pkLocator := bakery.NewPublicKeyRing()
	svc, err := bakery.NewService(bakery.NewServiceParams{
		Key:      key,
		Location: endpoint,
		Locator:  pkLocator,
	})
	if err != nil {
		return nil, err
	}
	log.Printf("adding public key for location %s: %v", authEndpoint, authPK)
	pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK)
	mux := http.NewServeMux()
	srv := &targetServiceHandler{
		svc:          svc,
		authEndpoint: authEndpoint,
	}
	mux.HandleFunc("/gold/", srv.serveGold)
	mux.HandleFunc("/silver/", srv.serveSilver)
	return mux, nil
}
Exemple #3
0
func (s *suite) SetUpSuite(c *gc.C) {
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	s.authPublicKey = &key.Public
	s.authEndpoint = serve(c, func(endpoint string) (http.Handler, error) {
		return idservice.New(idservice.Params{
			Users: map[string]*idservice.UserInfo{
				"rog": {
					Password: "******",
				},
				"root": {
					Password: "******",
					Groups: map[string]bool{
						"target-service-users": true,
					},
				},
			},
			Service: bakery.NewServiceParams{
				Location: endpoint,
				Store:    bakery.NewMemStorage(),
				Key:      key,
				Locator:  bakery.NewPublicKeyRing(),
			},
		})
	})
	c.Logf("auth endpoint at %s", s.authEndpoint)
}
Exemple #4
0
func (s *exampleSuite) SetUpSuite(c *gc.C) {
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	s.authPublicKey = &key.Public
	s.authEndpoint, err = serve(func(endpoint string) (http.Handler, error) {
		return authService(endpoint, key)
	})
	c.Assert(err, gc.IsNil)
}
Exemple #5
0
func (s *macaroonServerWrongPublicKeySuite) SetUpTest(c *gc.C) {
	s.discharger = bakerytest.NewDischarger(nil, noCheck)
	wrongKey, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	s.ConfigAttrs = map[string]interface{}{
		config.IdentityURL:       s.discharger.Location(),
		config.IdentityPublicKey: wrongKey.Public.String(),
	}
	s.JujuConnSuite.SetUpTest(c)
}
Exemple #6
0
func (s *KeyringSuite) TestCachePrepopulated(c *gc.C) {
	cache := bakery.NewPublicKeyRing()
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	cache.AddPublicKeyForLocation("https://0.1.2.3/", true, &key.Public)
	kr := httpbakery.NewPublicKeyRing(nil, cache)
	pk, err := kr.PublicKeyForLocation("https://0.1.2.3/")
	c.Assert(err, gc.IsNil)
	c.Assert(*pk, gc.Equals, key.Public)
}
Exemple #7
0
Fichier : main.go Projet : cmars/oo
func main() {
	kp, err := bakery.GenerateKey()
	if err != nil {
		fmt.Fprintf(os.Stderr, "cannot generate key: %s\n", err)
		os.Exit(1)
	}
	b, err := json.MarshalIndent(kp, "", "\t")
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s\n", b)
}
Exemple #8
0
func newService(c *gc.C, location string, locator bakery.PublicKeyLocatorMap) *bakery.Service {
	keyPair, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)

	svc, err := bakery.NewService(bakery.NewServiceParams{
		Location: location,
		Key:      keyPair,
		Locator:  locator,
	})
	c.Assert(err, gc.IsNil)
	if locator != nil {
		locator[location] = &keyPair.Public
	}
	return svc
}
Exemple #9
0
func newMockAPI() (*mockapi, error) {
	kp, err := bakery.GenerateKey()
	if err != nil {
		return nil, errors.Trace(err)
	}
	svc, err := bakery.NewService(bakery.NewServiceParams{
		Location: "omnibus",
		Key:      kp,
	})
	if err != nil {
		return nil, errors.Trace(err)
	}
	return &mockapi{
		service: svc,
	}, nil
}
Exemple #10
0
func main() {
	key, err := bakery.GenerateKey()
	if err != nil {
		log.Fatalf("cannot generate auth service key pair: %v", err)
	}
	authPublicKey := &key.Public
	authEndpoint := mustServe(func(endpoint string) (http.Handler, error) {
		return authService(endpoint, key)
	})
	serverEndpoint := mustServe(func(endpoint string) (http.Handler, error) {
		return targetService(endpoint, authEndpoint, authPublicKey)
	})
	resp, err := clientRequest(newClient(), serverEndpoint)
	if err != nil {
		log.Fatalf("client failed: %v", err)
	}
	fmt.Printf("client success: %q\n", resp)
}
Exemple #11
0
func (*DischargeSuite) TestDischargeAllLocalDischarge(c *gc.C) {
	svc, err := bakery.NewService(bakery.NewServiceParams{})
	c.Assert(err, gc.IsNil)

	clientKey, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)

	m, err := svc.NewMacaroon("", nil, []checkers.Caveat{
		bakery.LocalThirdPartyCaveat(&clientKey.Public),
	})
	c.Assert(err, gc.IsNil)

	ms, err := bakery.DischargeAllWithKey(m, noDischarge(c), clientKey)
	c.Assert(err, gc.IsNil)

	err = svc.Check(ms, checkers.New())
	c.Assert(err, gc.IsNil)
}
Exemple #12
0
func (s *agentSuite) SetUpSuite(c *gc.C) {
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)
	s.dischargeKey = &key.Public
	c.Assert(err, gc.IsNil)
	bak, err := bakery.NewService(bakery.NewServiceParams{
		Key: key,
	})
	c.Assert(err, gc.IsNil)
	s.discharger = &Discharger{
		Bakery: bak,
	}
	s.server = s.discharger.Serve()
	s.bakery, err = bakery.NewService(bakery.NewServiceParams{
		Locator: bakery.PublicKeyLocatorMap{
			s.discharger.URL: &key.Public,
		},
	})
}
Exemple #13
0
// newBakeryService creates a new bakery.Service.
func newBakeryService(
	st *state.State,
	store bakerystorage.ExpirableStorage,
	locator bakery.PublicKeyLocator,
) (*bakery.Service, *bakery.KeyPair, error) {
	key, err := bakery.GenerateKey()
	if err != nil {
		return nil, nil, errors.Annotate(err, "generating key for bakery service")
	}
	service, err := bakery.NewService(bakery.NewServiceParams{
		Location: "juju model " + st.ModelUUID(),
		Store:    store,
		Key:      key,
		Locator:  locator,
	})
	if err != nil {
		return nil, nil, errors.Trace(err)
	}
	return service, key, nil
}
Exemple #14
0
func (m keyManager) keyPair() (*keyPair, error) {
	keyPath, err := m.keyPath()
	if err != nil {
		return nil, err
	}
	kp := newKeyPair()
	if err = kp.load(keyPath); err == nil {
		return kp, nil
	} else if os.IsNotExist(err) {
		bakeryKeyPair, err := bakery.GenerateKey()
		if err != nil {
			return nil, fmt.Errorf("failed to create new key pair: %v", err)
		}
		kp.KeyPair = bakeryKeyPair
		err = kp.save(keyPath)
		if err != nil {
			return nil, fmt.Errorf("failed to save new key pair: %v", err)
		}
		return kp, nil
	}
	return nil, err
}
func (s *StorageSuite) TestCreateMacaroon(c *gc.C) {
	keypair, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)

	params := bakery.NewServiceParams{Location: "local", Store: s.store, Key: keypair}
	service, err := bakery.NewService(params)
	c.Assert(err, gc.IsNil)
	c.Assert(service, gc.NotNil)

	m, err := service.NewMacaroon(
		"123",
		[]byte("abc"),
		[]checkers.Caveat{checkers.Caveat{Location: "", Condition: "is-authorised bob"}},
	)
	c.Assert(err, gc.IsNil)
	c.Assert(m, gc.NotNil)

	item, err := s.store.Get("123")
	c.Assert(err, gc.IsNil)
	c.Assert(item, gc.DeepEquals, `{"RootKey":"YWJj"}`)

	err = service.Check(macaroon.Slice{m}, &testChecker{})
	c.Assert(err, gc.IsNil)
}
Exemple #16
0
func (s *agentSuite) TestLoginCookie(c *gc.C) {
	key, err := bakery.GenerateKey()
	c.Assert(err, gc.IsNil)

	tests := []struct {
		about       string
		setCookie   func(*httpbakery.Client, *url.URL)
		expectUser  string
		expectKey   *bakery.PublicKey
		expectError string
		expectCause error
	}{{
		about: "success",
		setCookie: func(client *httpbakery.Client, u *url.URL) {
			agent.SetUpAuth(client, u, "bob")
		},
		expectUser: "******",
		expectKey:  &key.Public,
	}, {
		about:       "no cookie",
		setCookie:   func(client *httpbakery.Client, u *url.URL) {},
		expectError: "no agent-login cookie found",
		expectCause: agent.ErrNoAgentLoginCookie,
	}, {
		about: "invalid base64 encoding",
		setCookie: func(client *httpbakery.Client, u *url.URL) {
			client.Jar.SetCookies(u, []*http.Cookie{{
				Name:  "agent-login",
				Value: "x",
			}})
		},
		expectError: "cannot decode cookie value: illegal base64 data at input byte 0",
	}, {
		about: "invalid JSON",
		setCookie: func(client *httpbakery.Client, u *url.URL) {
			client.Jar.SetCookies(u, []*http.Cookie{{
				Name:  "agent-login",
				Value: base64.StdEncoding.EncodeToString([]byte("}")),
			}})
		},
		expectError: "cannot unmarshal agent login: invalid character '}' looking for beginning of value",
	}, {
		about: "no username",
		setCookie: func(client *httpbakery.Client, u *url.URL) {
			agent.SetCookie(client.Jar, u, "", &key.Public)
		},
		expectError: "agent login has no user name",
	}, {
		about: "no public key",
		setCookie: func(client *httpbakery.Client, u *url.URL) {
			agent.SetCookie(client.Jar, u, "hello", nil)
		},
		expectError: "agent login has no public key",
	}}
	var (
		foundUser string
		foundKey  *bakery.PublicKey
		foundErr  error
	)
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
		foundUser, foundKey, foundErr = agent.LoginCookie(req)
	}))
	defer srv.Close()

	srvURL, err := url.Parse(srv.URL)
	c.Assert(err, gc.IsNil)

	for i, test := range tests {
		c.Logf("test %d: %s", i, test.about)

		client := httpbakery.NewClient()
		client.Key = key
		test.setCookie(client, srvURL)

		req, err := http.NewRequest("GET", srv.URL, nil)
		c.Assert(err, gc.IsNil)
		resp, err := client.Do(req)
		c.Assert(err, gc.IsNil)
		c.Assert(resp.StatusCode, gc.Equals, http.StatusOK)
		if test.expectError != "" {
			c.Assert(foundErr, gc.ErrorMatches, test.expectError)
			if test.expectCause != nil {
				c.Assert(errgo.Cause(foundErr), gc.Equals, test.expectCause)
			}
			continue
		}
		c.Assert(foundUser, gc.Equals, test.expectUser)
		c.Assert(foundKey, gc.DeepEquals, test.expectKey)
	}
}