Use the registry API for security scanning

when the storage engine doesn't support direct download url

test/test_registry_v2_auth.py

@@ -6,16 +6,18 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.asymmetric import rsa
 
 from app import app
-from endpoints.v2.v2auth import TOKEN_VALIDITY_LIFETIME_S, load_certificate_bytes, load_private_key
-from auth.registry_jwt_auth import (identity_from_bearer_token, load_public_key,
-                                    InvalidJWTException, build_context_and_subject, ANONYMOUS_SUB)
+from endpoints.v2.v2auth import TOKEN_VALIDITY_LIFETIME_S
+from auth.registry_jwt_auth import identity_from_bearer_token, load_public_key, InvalidJWTException
 from util.morecollections import AttrDict
+from util.security.registry_jwt import (_load_certificate_bytes, _load_private_key, ANONYMOUS_SUB,
+                                        build_context_and_subject)
 
 
 TEST_AUDIENCE = app.config['SERVER_HOSTNAME']
 TEST_USER = AttrDict({'username': 'joeuser'})
 MAX_SIGNED_S = 3660
 
+
 class TestRegistryV2Auth(unittest.TestCase):
   def __init__(self, *args, **kwargs):
     super(TestRegistryV2Auth, self).__init__(*args, **kwargs)
@@ -41,13 +43,13 @@ class TestRegistryV2Auth(unittest.TestCase):
 
   def _generate_token(self, token_data):
 
-    certificate = load_certificate_bytes(app.config['JWT_AUTH_CERTIFICATE_PATH'])
+    certificate = _load_certificate_bytes(app.config['JWT_AUTH_CERTIFICATE_PATH'])
 
     token_headers = {
       'x5c': [certificate],
     }
 
-    private_key = load_private_key(app.config['JWT_AUTH_PRIVATE_KEY_PATH'])
+    private_key = _load_private_key(app.config['JWT_AUTH_PRIVATE_KEY_PATH'])
     token_data = jwt.encode(token_data, private_key, 'RS256', headers=token_headers)
     return 'Bearer {0}'.format(token_data)