vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #668 from mjibson/jws-verify

Browse source 
Verify signed manifests
This commit is contained in:
Matt Jibson 2015-10-20 13:41:34 -04:00
commit d24e69df2d
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
endpoints/v2/manifest.py
View file

@ -8,7 +8,7 @@ import json
from flask import make_response, request, url_for
from collections import namedtuple, OrderedDict
from jwkest.jws import SIGNER_ALGS
from jwkest.jws import SIGNER_ALGS, keyrep
from datetime import datetime
from app import storage, docker_v2_signing_key
@ -69,7 +69,15 @@ class SignedManifest(object):
self._validate()
def _validate(self):
pass
for signature in self._signatures:
bytes_to_verify = '{0}.{1}'.format(signature['protected'], jwt.utils.base64url_encode(self.payload))
signer = SIGNER_ALGS[signature['header']['alg']]
key = keyrep(signature['header']['jwk'])
gk = key.get_key()
sig = jwt.utils.base64url_decode(signature['signature'].encode('utf-8'))
verified = signer.verify(bytes_to_verify, sig, gk)
if not verified:
raise ValueError('manifest file failed signature verification')
@property
def signatures(self):