This repository was archived by the owner on Sep 12, 2018. It is now read-only.
File tree Expand file tree Collapse file tree 4 files changed +27
-8
lines changed Expand file tree Collapse file tree 4 files changed +27
-8
lines changed Original file line number Diff line number Diff line change 77before_install :
88 - sudo apt-get update
99 - sudo apt-get install redis-server
10- - sudo apt-get install libevent-dev liblzma-dev
10+ - sudo apt-get install libevent-dev liblzma-dev libssl-dev
11+ - sudo apt-get install swig
1112
1213install :
1314# # This below should be separated when core lives elsewhere
Original file line number Diff line number Diff line change 22
33import os
44
5- import rsa
5+ from M2Crypto import BIO
6+ from M2Crypto import RSA
67import yaml
78
89from docker_registry .core import compat
@@ -109,10 +110,17 @@ def _init():
109110 'Heads-up! File is missing: %s' % conf .privileged_key )
110111
111112 try :
112- conf .privileged_key = rsa .PublicKey .load_pkcs1 (f .read ())
113+ pk = f .read ().split ('\n ' )
114+ pk = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A' + '' .join (pk [1 :- 2 ])
115+ pk = [pk [i : i + 64 ] for i in range (0 , len (pk ), 64 )]
116+ pk = ('-----BEGIN PUBLIC KEY-----\n ' + '\n ' .join (pk ) +
117+ '\n -----END PUBLIC KEY-----' )
118+ bio = BIO .MemoryBuffer (pk )
119+ conf .privileged_key = RSA .load_pub_key_bio (bio )
113120 except Exception :
114121 raise exceptions .ConfigError (
115122 'Key at %s is not a valid RSA key' % conf .privileged_key )
123+ f .close ()
116124
117125 if conf .index_endpoint :
118126 conf .index_endpoint = conf .index_endpoint .strip ('/' )
Original file line number Diff line number Diff line change 22
33import base64
44import functools
5+ import hashlib
56import logging
67import os
78import random
1011import urllib
1112
1213import flask
14+ from M2Crypto import RSA
1315import requests
14- import rsa
1516
1617from docker_registry .core import compat
1718json = compat .json
2021from .lib import config
2122
2223cfg = config .load ()
24+
2325logger = logging .getLogger (__name__ )
2426_re_docker_version = re .compile ('docker/([^\s]+)' )
2527_re_authorization = re .compile (r'(\w+)[:=][\s"]?([^",]+)"?' )
@@ -221,7 +223,8 @@ def check_token(args):
221223
222224
223225def check_signature ():
224- if not cfg .privileged_key :
226+ pkey = cfg .privileged_key
227+ if not pkey :
225228 return False
226229 headers = flask .request .headers
227230 signature = headers .get ('X-Signature' )
@@ -238,8 +241,9 @@ def check_signature():
238241 ['{}:{}' .format (k , headers [k ]) for k in header_keys ])
239242 logger .debug ('Signed message: {}' .format (message ))
240243 try :
241- return rsa .verify (message , sigdata , cfg .privileged_key )
242- except rsa .VerificationError :
244+ return pkey .verify (message_digest (message ), sigdata , 'sha1' )
245+ except RSA .RSAError as e :
246+ logger .exception (e )
243247 return False
244248
245249
@@ -251,6 +255,12 @@ def parse_content_signature(s):
251255 return ret
252256
253257
258+ def message_digest (s ):
259+ m = hashlib .new ('sha1' )
260+ m .update (s )
261+ return m .digest ()
262+
263+
254264def requires_auth (f ):
255265 @functools .wraps (f )
256266 def wrapper (* args , ** kwargs ):
Original file line number Diff line number Diff line change @@ -4,6 +4,6 @@ gevent==1.0.1
44gunicorn==19.1
55PyYAML==3.11
66requests==2.3.0
7- rsa==3.1.4
7+ M2Crypto==0.22.3
88sqlalchemy==0.9.4
99setuptools==5.8
You can’t perform that action at this time.
0 commit comments