Filter down the signing key to only public portion

This commit is contained in:
Jake Moshenko 2015-10-26 16:40:19 -04:00
parent 2c10d28afc
commit 1666ac50fe

View file

@ -11,7 +11,7 @@ from collections import namedtuple, OrderedDict
from jwkest.jws import SIGNER_ALGS, keyrep from jwkest.jws import SIGNER_ALGS, keyrep
from datetime import datetime from datetime import datetime
from app import storage, docker_v2_signing_key from app import docker_v2_signing_key
from auth.jwt_auth import process_jwt_auth from auth.jwt_auth import process_jwt_auth
from endpoints.decorators import anon_protect from endpoints.decorators import anon_protect
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
@ -191,9 +191,13 @@ class SignedManifestBuilder(object):
signature = jwt.utils.base64url_encode(signer.sign(bytes_to_sign, json_web_key.get_key())) signature = jwt.utils.base64url_encode(signer.sign(bytes_to_sign, json_web_key.get_key()))
logger.debug('Generated signature: %s', signature) logger.debug('Generated signature: %s', signature)
public_members = set(json_web_key.public_members)
public_key = {comp: value for comp, value in json_web_key.to_dict().items()
if comp in public_members}
signature_block = { signature_block = {
'header': { 'header': {
'jwk': json_web_key.to_dict(), 'jwk': public_key,
'alg': JWS_ALGORITHM, 'alg': JWS_ALGORITHM,
}, },
'signature': signature, 'signature': signature,