From 9f4a4092daa2e6c444263f98f19bdba670e94761 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Mon, 11 Apr 2016 12:04:42 -0400 Subject: [PATCH] keyserver: get signer kid from unverified headers --- endpoints/key_server.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/endpoints/key_server.py b/endpoints/key_server.py index 045976615..5c095d353 100644 --- a/endpoints/key_server.py +++ b/endpoints/key_server.py @@ -2,13 +2,12 @@ import logging from datetime import datetime -import jwt - -from flask import Blueprint, jsonify, abort, request, make_response -from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers -from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicNumbers from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicNumbers +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers +from flask import Blueprint, jsonify, abort, request, make_response from jwkest.jwk import keyrep, RSAKey, ECKey +from jwt import get_unverified_header import data.model import data.model.service_keys @@ -62,9 +61,8 @@ def _validate_jwt(encoded_jwt, jwk, service): def _signer_kid(encoded_jwt): - decoded_jwt = jwt.decode(encoded_jwt, verify=False) - logger.debug(decoded_jwt) - return decoded_jwt.get('kid', None) + headers = get_unverified_header(encoded_jwt) + return headers.get('kid', None) def _signer_key(service, signer_kid): @@ -82,7 +80,6 @@ def list_service_keys(service): @key_server.route('/services//keys/', methods=['GET']) def get_service_key(service, kid): - logger.debug(kid) try: key = data.model.service_keys.get_service_key(kid) except data.model.ServiceKeyDoesNotExist: @@ -116,8 +113,6 @@ def put_service_key(service, kid): logger.exception('Error parsing JWK') abort(400) - logger.debug(jwk) - jwt_header = request.headers.get(JWT_HEADER_NAME, '') match = TOKEN_REGEX.match(jwt_header) if match is None: