Filter down the signing key to only public portion
This commit is contained in:
Jake Moshenko
parent
2c10d28afc
commit
1666ac50fe
1 changed files with 6 additions and 2 deletions
|
|
@ -11,7 +11,7 @@ from collections import namedtuple, OrderedDict
|
||||||
from jwkest.jws import SIGNER_ALGS, keyrep
|
from jwkest.jws import SIGNER_ALGS, keyrep
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
from app import storage, docker_v2_signing_key
|
from app import docker_v2_signing_key
|
||||||
from auth.jwt_auth import process_jwt_auth
|
from auth.jwt_auth import process_jwt_auth
|
||||||
from endpoints.decorators import anon_protect
|
from endpoints.decorators import anon_protect
|
||||||
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
|
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
|
||||||
|
|
@ -191,9 +191,13 @@ class SignedManifestBuilder(object):
|
||||||
signature = jwt.utils.base64url_encode(signer.sign(bytes_to_sign, json_web_key.get_key()))
|
signature = jwt.utils.base64url_encode(signer.sign(bytes_to_sign, json_web_key.get_key()))
|
||||||
logger.debug('Generated signature: %s', signature)
|
logger.debug('Generated signature: %s', signature)
|
||||||
|
|
||||||
|
public_members = set(json_web_key.public_members)
|
||||||
|
public_key = {comp: value for comp, value in json_web_key.to_dict().items()
|
||||||
|
if comp in public_members}
|
||||||
|
|
||||||
signature_block = {
|
signature_block = {
|
||||||
'header': {
|
'header': {
|
||||||
'jwk': json_web_key.to_dict(),
|
'jwk': public_key,
|
||||||
'alg': JWS_ALGORITHM,
|
'alg': JWS_ALGORITHM,
|
||||||
},
|
},
|
||||||
'signature': signature,
|
'signature': signature,
|
||||||
|
|
|
||||||
Reference in a new issue