Filter down the signing key to only public portion
This commit is contained in:
parent
2c10d28afc
commit
1666ac50fe
1 changed files with 6 additions and 2 deletions
|
@ -11,7 +11,7 @@ from collections import namedtuple, OrderedDict
|
|||
from jwkest.jws import SIGNER_ALGS, keyrep
|
||||
from datetime import datetime
|
||||
|
||||
from app import storage, docker_v2_signing_key
|
||||
from app import docker_v2_signing_key
|
||||
from auth.jwt_auth import process_jwt_auth
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
|
||||
|
@ -191,9 +191,13 @@ class SignedManifestBuilder(object):
|
|||
signature = jwt.utils.base64url_encode(signer.sign(bytes_to_sign, json_web_key.get_key()))
|
||||
logger.debug('Generated signature: %s', signature)
|
||||
|
||||
public_members = set(json_web_key.public_members)
|
||||
public_key = {comp: value for comp, value in json_web_key.to_dict().items()
|
||||
if comp in public_members}
|
||||
|
||||
signature_block = {
|
||||
'header': {
|
||||
'jwk': json_web_key.to_dict(),
|
||||
'jwk': public_key,
|
||||
'alg': JWS_ALGORITHM,
|
||||
},
|
||||
'signature': signature,
|
||||
|
|
Reference in a new issue