`nsc import account` doesn't handle decorated jwts
Closed this issue · 4 comments
aricart commented
nsc describe account A --raw --output-file a.jwt
nsc delete account A --force
nsc import account --file a.jwt
[ERR ] failed to decode `b.jwt`: illegal base64 data at input byte 10
leigh-johnson commented
I suspect I'm seeing a regression of this issue. My nsc tool is built from 8f690c29910575597b8a3954154be4ee9e79519a - so the patch applied in #499 should be present. 🤔
Steps to reproduce in a clean environment:
- Install build from current
main
$ curl -L https://raw.githubusercontent.com/nats-io/nsc/8f690c29910575597b8a3954154be4ee9e79519a/install.py | python`- Init an operator with a signing key
$ nsc add operator --name Issue498 --sys --generate-signing-key
[ OK ] generated and stored operator key "OAMMGYJ7V5QBJGUNMJUA7BM5LIAUUMHQFDU452YQX43MVT7PMGT5XC7Y"
[ OK ] added operator "Issue498"
[ OK ] When running your own nats-server, make sure they run at least version 2.2.0
[ OK ] created operator signing key: ODDC3RXODJKF3JLEDHSRM5W45WMSTNVFZ6XAXYLQKSYABJMB54CIDBGE
[ OK ] created system_account: name:SYS id:ABCNKKKIMVXMZVJ6NQRQASKTNCAZGJTDLXEFGNXFESRQTMEV2374IFXC
[ OK ] created system account user: name:sys id:UB74UFNVJMRAFFRUUGPXI64KHTHBUNPIVIL6PTYQFJRNBSBWOCIDGUMN- Create an account and generate signing key
$ nsc add account --name TestAccount
[ OK ] generated and stored account key "ADX4BYKMBO6C4B7KCMZANO3TGFKHTAZ4ITZUID4DCKMYMXPH6N44YE3M"
[ OK ] added account "TestAccount"
$ nsc edit account --name TestAccount --sk generate
[ OK ] added signing key "ACWW7KU3HU32AOTEQCSANIQWJ5QGZDTE7Z6KBM4D5Q2JER2VFW7W64U5"
[ OK ] edited account "TestAccount"
- Redirect
nsc describe accountoutput - this works as expected ✔️
$ nsc describe account --raw > TestAccount-raw.jwt
$ cat TestAccount-raw.jwt
eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJYT1IyQlVNTVlES1Y1MktDNDdLUjNWUTdGTkhINTNNR1ZLQkE1NVRJWENWRlVER1ZGTzVRIiwiaWF0IjoxNjYwNTkyNTQ0LCJpc3MiOiJPQU1NR1lKN1Y1UUJKR1VOTUpVQTdCTTVMSUFVVU1IUUZEVTQ1MllRWDQzTVZUN1BNR1Q1WEM3WSIsIm5hbWUiOiJUZXN0QWNjb3VudCIsInN1YiI6IkFEWDRCWUtNQk82QzRCN0tDTVpBTk8zVEdGS0hUQVo0SVRaVUlENERDS01ZTVhQSDZONDRZRTNNIiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImRhdGEiOi0xLCJwYXlsb2FkIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJ3aWxkY2FyZHMiOnRydWUsImNvbm4iOi0xLCJsZWFmIjotMX0sInNpZ25pbmdfa2V5cyI6WyJBQ1dXN0tVM0hVMzJBT1RFUUNTQU5JUVdKNVFHWkRURTdaNktCTTRENVEySkVSMlZGVzdXNjRVNSJdLCJkZWZhdWx0X3Blcm1pc3Npb25zIjp7InB1YiI6e30sInN1YiI6e319LCJ0eXBlIjoiYWNjb3VudCIsInZlcnNpb24iOjJ9fQ.DBEu1Rk2bynR5KCJYwe7Kv2UB_gB6zKj_BsIPv85Qgl9Nj0geAUYlubEzGx7hM5BMEbcTD54tDAdrZ9CUDPOAQ
$ nsc delete account TestAccount --force
[ OK ] expired account "TestAccount"
[ OK ] deleted account
[ OK ] deleted account directory
$ nsc import account --file TestAccount-raw.jwt
[ OK ] account TestAccount was successfully imported
- Write jwt using --output-file - fails with error
illegal base64 data at input byte 10❌
$ nsc describe account --raw --output-file TestAccount-output-file.jwt
[ OK ] wrote account jwt to `TestAccount-output-file.jwt`
$ nsc import account --file TestAccount-output-file.jwt
[ERR ] failed to decode `TestAccount-output-file.jwt`: illegal base64 data at input byte 10
Error: all jobs failedBesides the decorator begin/end lines, the --output-file JWT also contains extra trailing newlines.
diff -u TestAccount-raw.jwt TestAccount-output-file.jwt
--- TestAccount-raw.jwt 2022-08-15 19:43:26.455278285 +0000
+++ TestAccount-output-file.jwt 2022-08-15 19:47:22.630652317 +0000
@@ -1 +1,6 @@
+-----BEGIN NATS ACCOUNT JWT-----
eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJYT1IyQlVNTVlES1Y1MktDNDdLUjNWUTdGTkhINTNNR1ZLQkE1NVRJWENWRlVER1ZGTzVRIiwiaWF0IjoxNjYwNTkyNTQ0LCJpc3MiOiJPQU1NR1lKN1Y1UUJKR1VOTUpVQTdCTTVMSUFVVU1IUUZEVTQ1MllRWDQzTVZUN1BNR1Q1WEM3WSIsIm5hbWUiOiJUZXN0QWNjb3VudCIsInN1YiI6IkFEWDRCWUtNQk82QzRCN0tDTVpBTk8zVEdGS0hUQVo0SVRaVUlENERDS01ZTVhQSDZONDRZRTNNIiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImRhdGEiOi0xLCJwYXlsb2FkIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJ3aWxkY2FyZHMiOnRydWUsImNvbm4iOi0xLCJsZWFmIjotMX0sInNpZ25pbmdfa2V5cyI6WyJBQ1dXN0tVM0hVMzJBT1RFUUNTQU5JUVdKNVFHWkRURTdaNktCTTRENVEySkVSMlZGVzdXNjRVNSJdLCJkZWZhdWx0X3Blcm1pc3Npb25zIjp7InB1YiI6e30sInN1YiI6e319LCJ0eXBlIjoiYWNjb3VudCIsInZlcnNpb24iOjJ9fQ.DBEu1Rk2bynR5KCJYwe7Kv2UB_gB6zKj_BsIPv85Qgl9Nj0geAUYlubEzGx7hM5BMEbcTD54tDAdrZ9CUDPOAQ
+
+------END NATS ACCOUNT JWT------
+
+
leigh-johnson commented
cc @matthiashanel who reviewed #499 for extra 👀
leigh-johnson commented
I thought this might be an installer issue (noticed install.py tracks latest release, 2.71), so I tried go install instead. Same result as ☝️ above.
Clean go install:
$ curl -OL https://go.dev/dl/go1.19.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz && rm go1.19.linux-amd64.tar.gz
$ /usr/local/go/bin/go install github.com/nats-io/nsc@latest
go: downloading github.com/nats-io/nsc v0.0.0-20220613211641-8f690c299105
...Output jwt:
$ /usr/local/go/bin/nsc describe account --raw --output-file TestAccount-output-file-2.jwt
[ OK ] wrote account jwt to `TestAccount-output-file-2.jwt`Reproduced error illegal base64 data at input byte 10 ❌
$ /usr/local/go/bin/nsc import account --file TestAccount-output-file-2.jwt
[ERR ] failed to decode `TestAccount-output-file-2.jwt`: illegal base64 data at input byte 10
Error: all jobs failed
aricart commented
@leigh-johnson looks like we have not released the fix; if you request the nightly the fix should be there. I'll get a release going this week.