@@ -88,7 +88,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo

 		return err

 	}

-	endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(repoInfo)

+	endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(repoInfo.Hostname())

 	if err != nil {

 		return err

 	}

@@ -100,7 +100,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo

 		return err

 	}

-	endpoints, err := imagePushConfig.RegistryService.LookupPushEndpoints(repoInfo)

+	endpoints, err := imagePushConfig.RegistryService.LookupPushEndpoints(repoInfo.Hostname())

 	if err != nil {

 		return err

 	}

@@ -5,7 +5,6 @@ import (

 	"net"

 	"net/http"

 	"net/url"

-	"strings"

 	"time"

 	"github.com/docker/distribution"

@@ -53,48 +52,18 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end

 	modifiers := registry.DockerHeaders(dockerversion.DockerUserAgent(), metaHeaders)

 	authTransport := transport.NewTransport(base, modifiers...)

-	pingClient := &http.Client{

-		Transport: authTransport,

-		Timeout:   15 * time.Second,

-	}

-	endpointStr := strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"

-	req, err := http.NewRequest("GET", endpointStr, nil)

-	if err != nil {

-		return nil, false, fallbackError{err: err}

-	}

-	resp, err := pingClient.Do(req)

-	if err != nil {

-		return nil, false, fallbackError{err: err}

-	}

-	defer resp.Body.Close()

-

-	// We got a HTTP request through, so we're using the right TLS settings.

-	// From this point forward, set transportOK to true in any fallbackError

-	// we return.

-	v2Version := auth.APIVersion{

-		Type:    "registry",

-		Version: "2.0",

-	}

-

-	versions := auth.APIVersions(resp, registry.DefaultRegistryVersionHeader)

-	for _, pingVersion := range versions {

-		if pingVersion == v2Version {

-			// The version header indicates we're definitely

-			// talking to a v2 registry. So don't allow future

-			// fallbacks to the v1 protocol.

-

-			foundVersion = true

-			break

+	challengeManager, foundVersion, err := registry.PingV2Registry(endpoint, authTransport)

+	if err != nil {

+		transportOK := false

+		if responseErr, ok := err.(registry.PingResponseError); ok {

+			transportOK = true

+			err = responseErr.Err

 		}

-	}

-

-	challengeManager := auth.NewSimpleChallengeManager()

-	if err := challengeManager.AddResponse(resp); err != nil {

 		return nil, foundVersion, fallbackError{

 			err:         err,

 			confirmedV2: foundVersion,

-			transportOK: true,

+			transportOK: transportOK,

 		}

 	}

@@ -106,20 +106,19 @@ func (s *DockerRegistrySuite) TestV1(c *check.C) {

 	defer cleanup()

 	s.d.Cmd("build", "--file", dockerfileName, ".")

-	c.Assert(v1Repo, check.Not(check.Equals), 0, check.Commentf("Expected v1 repository access after build"))

+	c.Assert(v1Repo, check.Equals, 1, check.Commentf("Expected v1 repository access after build"))

 	repoName := fmt.Sprintf("%s/busybox", reg.hostport)

 	s.d.Cmd("run", repoName)

-	c.Assert(v1Repo, check.Not(check.Equals), 1, check.Commentf("Expected v1 repository access after run"))

+	c.Assert(v1Repo, check.Equals, 2, check.Commentf("Expected v1 repository access after run"))

 	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.hostport)

-	c.Assert(v1Logins, check.Not(check.Equals), 0, check.Commentf("Expected v1 login attempt"))

+	c.Assert(v1Logins, check.Equals, 1, check.Commentf("Expected v1 login attempt"))

 	s.d.Cmd("tag", "busybox", repoName)

 	s.d.Cmd("push", repoName)

 	c.Assert(v1Repo, check.Equals, 2)

-	c.Assert(v1Pings, check.Equals, 1)

 	s.d.Cmd("pull", repoName)

 	c.Assert(v1Repo, check.Equals, 3, check.Commentf("Expected v1 repository access after pull"))

@@ -4,28 +4,25 @@ import (

 	"fmt"

 	"io/ioutil"

 	"net/http"

+	"net/url"

 	"strings"

+	"time"

 	"github.com/Sirupsen/logrus"

+	"github.com/docker/distribution/registry/client/auth"

+	"github.com/docker/distribution/registry/client/transport"

 	"github.com/docker/engine-api/types"

 	registrytypes "github.com/docker/engine-api/types/registry"

 )

-// Login tries to register/login to the registry server.

-func Login(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {

-	// Separates the v2 registry login logic from the v1 logic.

-	if registryEndpoint.Version == APIVersion2 {

-		return loginV2(authConfig, registryEndpoint, "" /* scope */)

+// loginV1 tries to register/login to the v1 registry server.

+func loginV1(authConfig *types.AuthConfig, apiEndpoint APIEndpoint, userAgent string) (string, error) {

+	registryEndpoint, err := apiEndpoint.ToV1Endpoint(userAgent, nil)

+	if err != nil {

+		return "", err

 	}

-	return loginV1(authConfig, registryEndpoint)

-}

-// loginV1 tries to register/login to the v1 registry server.

-func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {

-	var (

-		err           error

-		serverAddress = authConfig.ServerAddress

-	)

+	serverAddress := registryEndpoint.String()

 	logrus.Debugf("attempting v1 login to registry endpoint %s", registryEndpoint)

@@ -36,10 +33,16 @@ func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string,

 	loginAgainstOfficialIndex := serverAddress == IndexServer

 	req, err := http.NewRequest("GET", serverAddress+"users/", nil)

+	if err != nil {

+		return "", err

+	}

 	req.SetBasicAuth(authConfig.Username, authConfig.Password)

 	resp, err := registryEndpoint.client.Do(req)

 	if err != nil {

-		return "", err

+		// fallback when request could not be completed

+		return "", fallbackError{

+			err: err,

+		}

 	}

 	defer resp.Body.Close()

 	body, err := ioutil.ReadAll(resp.Body)

@@ -68,97 +71,82 @@ func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string,

 	}

 }

-// loginV2 tries to login to the v2 registry server. The given registry endpoint has been

-// pinged or setup with a list of authorization challenges. Each of these challenges are

-// tried until one of them succeeds. Currently supported challenge schemes are:

-// 		HTTP Basic Authorization

-// 		Token Authorization with a separate token issuing server

-// NOTE: the v2 logic does not attempt to create a user account if one doesn't exist. For

-// now, users should create their account through other means like directly from a web page

-// served by the v2 registry service provider. Whether this will be supported in the future

-// is to be determined.

-func loginV2(authConfig *types.AuthConfig, registryEndpoint *Endpoint, scope string) (string, error) {

-	logrus.Debugf("attempting v2 login to registry endpoint %s", registryEndpoint)

-	var (

-		err       error

-		allErrors []error

-	)

-

-	for _, challenge := range registryEndpoint.AuthChallenges {

-		params := make(map[string]string, len(challenge.Parameters)+1)

-		for k, v := range challenge.Parameters {

-			params[k] = v

-		}

-		params["scope"] = scope

-		logrus.Debugf("trying %q auth challenge with params %v", challenge.Scheme, params)

-

-		switch strings.ToLower(challenge.Scheme) {

-		case "basic":

-			err = tryV2BasicAuthLogin(authConfig, params, registryEndpoint)

-		case "bearer":

-			err = tryV2TokenAuthLogin(authConfig, params, registryEndpoint)

-		default:

-			// Unsupported challenge types are explicitly skipped.

-			err = fmt.Errorf("unsupported auth scheme: %q", challenge.Scheme)

-		}

-

-		if err == nil {

-			return "Login Succeeded", nil

-		}

+type loginCredentialStore struct {

+	authConfig *types.AuthConfig

+}

-		logrus.Debugf("error trying auth challenge %q: %s", challenge.Scheme, err)

+func (lcs loginCredentialStore) Basic(*url.URL) (string, string) {

+	return lcs.authConfig.Username, lcs.authConfig.Password

+}

-		allErrors = append(allErrors, err)

-	}

+type fallbackError struct {

+	err error

+}

-	return "", fmt.Errorf("no successful auth challenge for %s - errors: %s", registryEndpoint, allErrors)

+func (err fallbackError) Error() string {

+	return err.err.Error()

 }

-func tryV2BasicAuthLogin(authConfig *types.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

-	req, err := http.NewRequest("GET", registryEndpoint.Path(""), nil)

-	if err != nil {

-		return err

-	}

+// loginV2 tries to login to the v2 registry server. The given registry

+// endpoint will be pinged to get authorization challenges. These challenges

+// will be used to authenticate against the registry to validate credentials.

+func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent string) (string, error) {

+	logrus.Debugf("attempting v2 login to registry endpoint %s", endpoint)

-	req.SetBasicAuth(authConfig.Username, authConfig.Password)

+	modifiers := DockerHeaders(userAgent, nil)

+	authTransport := transport.NewTransport(NewTransport(endpoint.TLSConfig), modifiers...)

-	resp, err := registryEndpoint.client.Do(req)

+	challengeManager, foundV2, err := PingV2Registry(endpoint, authTransport)

 	if err != nil {

-		return err

+		if !foundV2 {

+			err = fallbackError{err: err}

+		}

+		return "", err

 	}

-	defer resp.Body.Close()

-	if resp.StatusCode != http.StatusOK {

-		return fmt.Errorf("basic auth attempt to %s realm %q failed with status: %d %s", registryEndpoint, params["realm"], resp.StatusCode, http.StatusText(resp.StatusCode))

+	creds := loginCredentialStore{

+		authConfig: authConfig,

 	}

-	return nil

-}

+	tokenHandler := auth.NewTokenHandler(authTransport, creds, "")

+	basicHandler := auth.NewBasicHandler(creds)

+	modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))

+	tr := transport.NewTransport(authTransport, modifiers...)

-func tryV2TokenAuthLogin(authConfig *types.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

-	token, err := getToken(authConfig.Username, authConfig.Password, params, registryEndpoint)

-	if err != nil {

-		return err

+	loginClient := &http.Client{

+		Transport: tr,

+		Timeout:   15 * time.Second,

 	}

-	req, err := http.NewRequest("GET", registryEndpoint.Path(""), nil)

+	endpointStr := strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"

+	req, err := http.NewRequest("GET", endpointStr, nil)

 	if err != nil {

-		return err

+		if !foundV2 {

+			err = fallbackError{err: err}

+		}

+		return "", err

 	}

-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))

-

-	resp, err := registryEndpoint.client.Do(req)

+	resp, err := loginClient.Do(req)

 	if err != nil {

-		return err

+		if !foundV2 {

+			err = fallbackError{err: err}

+		}

+		return "", err

 	}

 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {

-		return fmt.Errorf("token auth attempt to %s realm %q failed with status: %d %s", registryEndpoint, params["realm"], resp.StatusCode, http.StatusText(resp.StatusCode))

+		// TODO(dmcgowan): Attempt to further interpret result, status code and error code string

+		err := fmt.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))

+		if !foundV2 {

+			err = fallbackError{err: err}

+		}

+		return "", err

 	}

-	return nil

+	return "Login Succeeded", nil

+

 }

 // ResolveAuthConfig matches an auth configuration to a server address or a URL

@@ -193,3 +181,63 @@ func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *registryt

 	// When all else fails, return an empty auth config

 	return types.AuthConfig{}

 }

+

+// PingResponseError is used when the response from a ping

+// was received but invalid.

+type PingResponseError struct {

+	Err error

+}

+

+func (err PingResponseError) Error() string {

+	return err.Error()

+}

+

+// PingV2Registry attempts to ping a v2 registry and on success return a

+// challenge manager for the supported authentication types and

+// whether v2 was confirmed by the response. If a response is received but

+// cannot be interpreted a PingResponseError will be returned.

+func PingV2Registry(endpoint APIEndpoint, transport http.RoundTripper) (auth.ChallengeManager, bool, error) {

+	var (

+		foundV2   = false

+		v2Version = auth.APIVersion{

+			Type:    "registry",

+			Version: "2.0",

+		}

+	)

+

+	pingClient := &http.Client{

+		Transport: transport,

+		Timeout:   15 * time.Second,

+	}

+	endpointStr := strings.TrimRight(endpoint.URL.String(), "/") + "/v2/"

+	req, err := http.NewRequest("GET", endpointStr, nil)

+	if err != nil {

+		return nil, false, err

+	}

+	resp, err := pingClient.Do(req)

+	if err != nil {

+		return nil, false, err

+	}

+	defer resp.Body.Close()

+

+	versions := auth.APIVersions(resp, DefaultRegistryVersionHeader)

+	for _, pingVersion := range versions {

+		if pingVersion == v2Version {

+			// The version header indicates we're definitely

+			// talking to a v2 registry. So don't allow future

+			// fallbacks to the v1 protocol.

+

+			foundV2 = true

+			break

+		}

+	}

+

+	challengeManager := auth.NewSimpleChallengeManager()

+	if err := challengeManager.AddResponse(resp); err != nil {

+		return nil, foundV2, PingResponseError{

+			Err: err,

+		}

+	}

+

+	return challengeManager, foundV2, nil

+}

deleted file mode 100644

@@ -1,150 +0,0 @@

-package registry

-

-import (

-	"net/http"

-	"strings"

-)

-

-// Octet types from RFC 2616.

-type octetType byte

-

-// AuthorizationChallenge carries information

-// from a WWW-Authenticate response header.

-type AuthorizationChallenge struct {

-	Scheme     string

-	Parameters map[string]string

-}

-

-var octetTypes [256]octetType

-

-const (

-	isToken octetType = 1 << iota

-	isSpace

-)

-

-func init() {

-	// OCTET      = <any 8-bit sequence of data>

-	// CHAR       = <any US-ASCII character (octets 0 - 127)>

-	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>

-	// CR         = <US-ASCII CR, carriage return (13)>

-	// LF         = <US-ASCII LF, linefeed (10)>

-	// SP         = <US-ASCII SP, space (32)>

-	// HT         = <US-ASCII HT, horizontal-tab (9)>

-	// <">        = <US-ASCII double-quote mark (34)>

-	// CRLF       = CR LF

-	// LWS        = [CRLF] 1*( SP | HT )

-	// TEXT       = <any OCTET except CTLs, but including LWS>

-	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">

-	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT

-	// token      = 1*<any CHAR except CTLs or separators>

-	// qdtext     = <any TEXT except <">>

-

-	for c := 0; c < 256; c++ {

-		var t octetType

-		isCtl := c <= 31 || c == 127

-		isChar := 0 <= c && c <= 127

-		isSeparator := strings.IndexRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) >= 0

-		if strings.IndexRune(" \t\r\n", rune(c)) >= 0 {

-			t |= isSpace

-		}

-		if isChar && !isCtl && !isSeparator {

-			t |= isToken

-		}

-		octetTypes[c] = t

-	}

-}

-

-func parseAuthHeader(header http.Header) []*AuthorizationChallenge {

-	var challenges []*AuthorizationChallenge

-	for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] {

-		v, p := parseValueAndParams(h)

-		if v != "" {

-			challenges = append(challenges, &AuthorizationChallenge{Scheme: v, Parameters: p})

-		}

-	}

-	return challenges

-}

-

-func parseValueAndParams(header string) (value string, params map[string]string) {

-	params = make(map[string]string)

-	value, s := expectToken(header)

-	if value == "" {

-		return

-	}

-	value = strings.ToLower(value)

-	s = "," + skipSpace(s)

-	for strings.HasPrefix(s, ",") {

-		var pkey string

-		pkey, s = expectToken(skipSpace(s[1:]))

-		if pkey == "" {

-			return

-		}

-		if !strings.HasPrefix(s, "=") {

-			return

-		}

-		var pvalue string

-		pvalue, s = expectTokenOrQuoted(s[1:])

-		if pvalue == "" {

-			return

-		}

-		pkey = strings.ToLower(pkey)

-		params[pkey] = pvalue

-		s = skipSpace(s)

-	}

-	return

-}

-

-func skipSpace(s string) (rest string) {

-	i := 0

-	for ; i < len(s); i++ {

-		if octetTypes[s[i]]&isSpace == 0 {

-			break

-		}

-	}

-	return s[i:]

-}

-

-func expectToken(s string) (token, rest string) {

-	i := 0

-	for ; i < len(s); i++ {

-		if octetTypes[s[i]]&isToken == 0 {

-			break

-		}

-	}

-	return s[:i], s[i:]

-}

-

-func expectTokenOrQuoted(s string) (value string, rest string) {

-	if !strings.HasPrefix(s, "\"") {

-		return expectToken(s)

-	}

-	s = s[1:]

-	for i := 0; i < len(s); i++ {

-		switch s[i] {

-		case '"':

-			return s[:i], s[i+1:]

-		case '\\':

-			p := make([]byte, len(s)-1)

-			j := copy(p, s[:i])

-			escape := true

-			for i = i + i; i < len(s); i++ {

-				b := s[i]

-				switch {

-				case escape:

-					escape = false

-					p[j] = b

-					j++

-				case b == '\\':

-					escape = true

-				case b == '"':

-					return string(p[:j]), s[i+1:]

-				default:

-					p[j] = b

-					j++

-				}

-			}

-			return "", ""

-		}

-	}

-	return "", ""

-}

@@ -49,6 +49,9 @@ var (

 	V2Only = false

 )

+// for mocking in unit tests

+var lookupIP = net.LookupIP

+

 // InstallFlags adds command-line options to the top-level flag parser for

 // the current process.

 func (options *Options) InstallFlags(cmd *flag.FlagSet, usageFn func(string) string) {

deleted file mode 100644

@@ -1,290 +0,0 @@

-package registry

-

-import (

-	"crypto/tls"

-	"encoding/json"

-	"fmt"

-	"io/ioutil"

-	"net"

-	"net/http"

-	"net/url"

-	"strings"

-

-	"github.com/Sirupsen/logrus"

-	"github.com/docker/distribution/registry/api/v2"

-	"github.com/docker/distribution/registry/client/transport"

-	registrytypes "github.com/docker/engine-api/types/registry"

-)

-

-// for mocking in unit tests

-var lookupIP = net.LookupIP

-

-// scans string for api version in the URL path. returns the trimmed address, if version found, string and API version.

-func scanForAPIVersion(address string) (string, APIVersion) {

-	var (

-		chunks        []string

-		apiVersionStr string

-	)

-

-	if strings.HasSuffix(address, "/") {

-		address = address[:len(address)-1]

-	}

-

-	chunks = strings.Split(address, "/")

-	apiVersionStr = chunks[len(chunks)-1]

-

-	for k, v := range apiVersions {

-		if apiVersionStr == v {

-			address = strings.Join(chunks[:len(chunks)-1], "/")

-			return address, k

-		}

-	}

-

-	return address, APIVersionUnknown

-}

-

-// NewEndpoint parses the given address to return a registry endpoint.  v can be used to

-// specify a specific endpoint version

-func NewEndpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header, v APIVersion) (*Endpoint, error) {

-	tlsConfig, err := newTLSConfig(index.Name, index.Secure)

-	if err != nil {

-		return nil, err

-	}

-

-	endpoint, err := newEndpointFromStr(GetAuthConfigKey(index), tlsConfig, userAgent, metaHeaders)

-	if err != nil {

-		return nil, err

-	}

-

-	if v != APIVersionUnknown {

-		endpoint.Version = v

-	}

-	if err := validateEndpoint(endpoint); err != nil {

-		return nil, err

-	}

-

-	return endpoint, nil

-}

-

-func validateEndpoint(endpoint *Endpoint) error {

-	logrus.Debugf("pinging registry endpoint %s", endpoint)

-

-	// Try HTTPS ping to registry

-	endpoint.URL.Scheme = "https"

-	if _, err := endpoint.Ping(); err != nil {

-		if endpoint.IsSecure {

-			// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`

-			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.

-			return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)

-		}

-

-		// If registry is insecure and HTTPS failed, fallback to HTTP.

-		logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err)

-		endpoint.URL.Scheme = "http"

-

-		var err2 error

-		if _, err2 = endpoint.Ping(); err2 == nil {

-			return nil

-		}

-

-		return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)

-	}

-

-	return nil

-}

-

-func newEndpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*Endpoint, error) {

-	endpoint := &Endpoint{

-		IsSecure: (tlsConfig == nil || !tlsConfig.InsecureSkipVerify),

-		URL:      new(url.URL),

-		Version:  APIVersionUnknown,

-	}

-

-	*endpoint.URL = address

-

-	// TODO(tiborvass): make sure a ConnectTimeout transport is used

-	tr := NewTransport(tlsConfig)

-	endpoint.client = HTTPClient(transport.NewTransport(tr, DockerHeaders(userAgent, metaHeaders)...))

-	return endpoint, nil

-}

-

-func newEndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*Endpoint, error) {

-	if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {

-		address = "https://" + address

-	}

-

-	trimmedAddress, detectedVersion := scanForAPIVersion(address)

-

-	uri, err := url.Parse(trimmedAddress)

-	if err != nil {

-		return nil, err

-	}

-

-	endpoint, err := newEndpoint(*uri, tlsConfig, userAgent, metaHeaders)

-	if err != nil {

-		return nil, err

-	}

-

-	endpoint.Version = detectedVersion

-	return endpoint, nil

-}

-

-// Endpoint stores basic information about a registry endpoint.

-type Endpoint struct {

-	client         *http.Client

-	URL            *url.URL

-	Version        APIVersion

-	IsSecure       bool

-	AuthChallenges []*AuthorizationChallenge

-	URLBuilder     *v2.URLBuilder

-}

-

-// Get the formatted URL for the root of this registry Endpoint

-func (e *Endpoint) String() string {

-	return fmt.Sprintf("%s/v%d/", e.URL, e.Version)

-}

-

-// VersionString returns a formatted string of this

-// endpoint address using the given API Version.

-func (e *Endpoint) VersionString(version APIVersion) string {

-	return fmt.Sprintf("%s/v%d/", e.URL, version)

-}

-

-// Path returns a formatted string for the URL

-// of this endpoint with the given path appended.

-func (e *Endpoint) Path(path string) string {

-	return fmt.Sprintf("%s/v%d/%s", e.URL, e.Version, path)

-}

-

-// Ping pings the remote endpoint with v2 and v1 pings to determine the API

-// version. It returns a PingResult containing the discovered version. The

-// PingResult also indicates whether the registry is standalone or not.

-func (e *Endpoint) Ping() (PingResult, error) {

-	// The ping logic to use is determined by the registry endpoint version.

-	switch e.Version {

-	case APIVersion1:

-		return e.pingV1()

-	case APIVersion2:

-		return e.pingV2()

-	}

-

-	// APIVersionUnknown

-	// We should try v2 first...

-	e.Version = APIVersion2

-	regInfo, errV2 := e.pingV2()

-	if errV2 == nil {

-		return regInfo, nil

-	}

-

-	// ... then fallback to v1.

-	e.Version = APIVersion1

-	regInfo, errV1 := e.pingV1()

-	if errV1 == nil {

-		return regInfo, nil

-	}

-

-	e.Version = APIVersionUnknown

-	return PingResult{}, fmt.Errorf("unable to ping registry endpoint %s\nv2 ping attempt failed with error: %s\n v1 ping attempt failed with error: %s", e, errV2, errV1)

-}

-

-func (e *Endpoint) pingV1() (PingResult, error) {

-	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)

-

-	if e.String() == IndexServer {

-		// Skip the check, we know this one is valid

-		// (and we never want to fallback to http in case of error)

-		return PingResult{Standalone: false}, nil

-	}

-

-	req, err := http.NewRequest("GET", e.Path("_ping"), nil)

-	if err != nil {

-		return PingResult{Standalone: false}, err

-	}

-

-	resp, err := e.client.Do(req)

-	if err != nil {

-		return PingResult{Standalone: false}, err

-	}

-

-	defer resp.Body.Close()

-

-	jsonString, err := ioutil.ReadAll(resp.Body)

-	if err != nil {

-		return PingResult{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)

-	}

-

-	// If the header is absent, we assume true for compatibility with earlier

-	// versions of the registry. default to true

-	info := PingResult{

-		Standalone: true,

-	}

-	if err := json.Unmarshal(jsonString, &info); err != nil {

-		logrus.Debugf("Error unmarshalling the _ping PingResult: %s", err)

-		// don't stop here. Just assume sane defaults

-	}

-	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {

-		logrus.Debugf("Registry version header: '%s'", hdr)

-		info.Version = hdr

-	}

-	logrus.Debugf("PingResult.Version: %q", info.Version)

-

-	standalone := resp.Header.Get("X-Docker-Registry-Standalone")

-	logrus.Debugf("Registry standalone header: '%s'", standalone)

-	// Accepted values are "true" (case-insensitive) and "1".

-	if strings.EqualFold(standalone, "true") || standalone == "1" {

-		info.Standalone = true

-	} else if len(standalone) > 0 {

-		// there is a header set, and it is not "true" or "1", so assume fails

-		info.Standalone = false

-	}

-	logrus.Debugf("PingResult.Standalone: %t", info.Standalone)

-	return info, nil

-}

-

-func (e *Endpoint) pingV2() (PingResult, error) {

-	logrus.Debugf("attempting v2 ping for registry endpoint %s", e)

-

-	req, err := http.NewRequest("GET", e.Path(""), nil)

-	if err != nil {

-		return PingResult{}, err

-	}

-

-	resp, err := e.client.Do(req)

-	if err != nil {

-		return PingResult{}, err

-	}

-	defer resp.Body.Close()

-

-	// The endpoint may have multiple supported versions.

-	// Ensure it supports the v2 Registry API.

-	var supportsV2 bool

-

-HeaderLoop:

-	for _, supportedVersions := range resp.Header[http.CanonicalHeaderKey("Docker-Distribution-API-Version")] {

-		for _, versionName := range strings.Fields(supportedVersions) {

-			if versionName == "registry/2.0" {

-				supportsV2 = true

-				break HeaderLoop

-			}

-		}

-	}

-

-	if !supportsV2 {

-		return PingResult{}, fmt.Errorf("%s does not appear to be a v2 registry endpoint", e)

-	}

-

-	if resp.StatusCode == http.StatusOK {

-		// It would seem that no authentication/authorization is required.

-		// So we don't need to parse/add any authorization schemes.

-		return PingResult{Standalone: true}, nil

-	}

-

-	if resp.StatusCode == http.StatusUnauthorized {

-		// Parse the WWW-Authenticate Header and store the challenges

-		// on this endpoint object.

-		e.AuthChallenges = parseAuthHeader(resp.Header)

-		return PingResult{}, nil

-	}

-

-	return PingResult{}, fmt.Errorf("v2 registry endpoint returned status %d: %q", resp.StatusCode, http.StatusText(resp.StatusCode))

-}

@@ -14,12 +14,13 @@ func TestEndpointParse(t *testing.T) {

 	}{

 		{IndexServer, IndexServer},

 		{"http://0.0.0.0:5000/v1/", "http://0.0.0.0:5000/v1/"},

-		{"http://0.0.0.0:5000/v2/", "http://0.0.0.0:5000/v2/"},

-		{"http://0.0.0.0:5000", "http://0.0.0.0:5000/v0/"},

-		{"0.0.0.0:5000", "https://0.0.0.0:5000/v0/"},

+		{"http://0.0.0.0:5000", "http://0.0.0.0:5000/v1/"},

+		{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},

+		{"http://0.0.0.0:5000/nonversion/", "http://0.0.0.0:5000/nonversion/v1/"},

+		{"http://0.0.0.0:5000/v0/", "http://0.0.0.0:5000/v0/v1/"},

 	}

 	for _, td := range testData {

-		e, err := newEndpointFromStr(td.str, nil, "", nil)

+		e, err := newV1EndpointFromStr(td.str, nil, "", nil)

 		if err != nil {

 			t.Errorf("%q: %s", td.str, err)

 		}

@@ -33,21 +34,26 @@ func TestEndpointParse(t *testing.T) {

 	}

 }

+func TestEndpointParseInvalid(t *testing.T) {

+	testData := []string{

+		"http://0.0.0.0:5000/v2/",

+	}

+	for _, td := range testData {

+		e, err := newV1EndpointFromStr(td, nil, "", nil)

+		if err == nil {

+			t.Errorf("expected error parsing %q: parsed as %q", td, e)

+		}

+	}

+}

+

 // Ensure that a registry endpoint that responds with a 401 only is determined

-// to be a v1 registry unless it includes a valid v2 API header.

-func TestValidateEndpointAmbiguousAPIVersion(t *testing.T) {

+// to be a valid v1 registry endpoint

+func TestValidateEndpoint(t *testing.T) {

 	requireBasicAuthHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {