vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Use the instance service key for registry JWT signing

Browse source
This commit is contained in:
Joseph Schorr 2016-05-31 16:48:19 -04:00
parent a4aa5cc02a
commit 8887f09ba8
26 changed files with 457 additions and 278 deletions
Download patch file Download diff file Expand all files Collapse all files

16
util/registry/torrent.py
View file

@ -7,15 +7,12 @@ import urllib
from cachetools import lru_cache
from app import app
from app import app, instance_keys
ANNOUNCE_URL = app.config.get('BITTORRENT_ANNOUNCE_URL')
PRIVATE_KEY_LOCATION = app.config.get('INSTANCE_SERVICE_KEY_LOCATION')
FILENAME_PEPPER = app.config.get('BITTORRENT_FILENAME_PEPPER')
REGISTRY_TITLE = app.config.get('REGISTRY_TITLE')
JWT_ISSUER = app.config.get('JWT_AUTH_TOKEN_ISSUER')
ANNOUNCE_URL = app.config['BITTORRENT_ANNOUNCE_URL']
FILENAME_PEPPER = app.config['BITTORRENT_FILENAME_PEPPER']
REGISTRY_TITLE = app.config['REGISTRY_TITLE']
@lru_cache(maxsize=1)
def _load_private_key(private_key_file_path):
@ -24,13 +21,12 @@ def _load_private_key(private_key_file_path):
def _torrent_jwt(info_dict):
token_data = {
'iss': JWT_ISSUER,
'iss': instance_keys.service_name,
'aud': ANNOUNCE_URL,
'infohash': _infohash(info_dict),
}
private_key = _load_private_key(PRIVATE_KEY_LOCATION)
return jwt.encode(token_data, private_key, 'RS256')
return jwt.encode(token_data, instance_keys.local_private_key, 'RS256')
def _infohash(infodict):
digest = hashlib.sha1()