keyserver: get signer kid from unverified headers

2016-04-11 12:04:42 -04:00 · 2016-04-11 12:04:42 -04:00 · 9f4a4092da
commit 9f4a4092da
parent 08017c5111
1 changed files with 6 additions and 11 deletions
--- a/endpoints/key_server.py
+++ b/endpoints/key_server.py
@ -2,13 +2,12 @@ import logging

 from datetime import datetime

-import jwt
-
-from flask import Blueprint, jsonify, abort, request, make_response
-from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
-from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicNumbers
 from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicNumbers
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
+from flask import Blueprint, jsonify, abort, request, make_response
 from jwkest.jwk import keyrep, RSAKey, ECKey
+from jwt import get_unverified_header

 import data.model
 import data.model.service_keys
@ -62,9 +61,8 @@ def _validate_jwt(encoded_jwt, jwk, service):


 def _signer_kid(encoded_jwt):
-  decoded_jwt = jwt.decode(encoded_jwt, verify=False)
-  logger.debug(decoded_jwt)
-  return decoded_jwt.get('kid', None)
+  headers = get_unverified_header(encoded_jwt)
+  return headers.get('kid', None)


 def _signer_key(service, signer_kid):
@ -82,7 +80,6 @@ def list_service_keys(service):

@key_server.route('/services/<service>/keys/<kid>', methods=['GET'])
 def get_service_key(service, kid):
-  logger.debug(kid)
  try:
    key = data.model.service_keys.get_service_key(kid)
  except data.model.ServiceKeyDoesNotExist:
@ -116,8 +113,6 @@ def put_service_key(service, kid):
    logger.exception('Error parsing JWK')
    abort(400)

-  logger.debug(jwk)
-
  jwt_header = request.headers.get(JWT_HEADER_NAME, '')
  match = TOKEN_REGEX.match(jwt_header)
  if match is None: