use m2crypto instead of rsa

lsm5 · lsm5 · commit 7ee0db86d4cc · 2014-12-04T14:39:44.000-08:00
The pubkey is converted from PKCS#1 to X.501 format to be usable by
M2Crypto.

Signed-off-by: Lokesh Mandvekar &lt;lsm5@fedoraproject.org&gt;
diff --git a/.travis.yml b/.travis.yml
@@ -7,7 +7,8 @@ python:
 before_install:
   - sudo apt-get update
   - sudo apt-get install redis-server
-  - sudo apt-get install libevent-dev liblzma-dev
+  - sudo apt-get install libevent-dev liblzma-dev libssl-dev
+  - sudo apt-get install swig
 
 install:
 ## This below should be separated when core lives elsewhere
diff --git a/docker_registry/lib/config.py b/docker_registry/lib/config.py
@@ -2,7 +2,8 @@
 
 import os
 
-import rsa
+from M2Crypto import BIO
+from M2Crypto import RSA
 import yaml
 
 from docker_registry.core import compat
@@ -109,7 +110,13 @@ def _init():
                 'Heads-up! File is missing: %s' % conf.privileged_key)
 
         try:
-            conf.privileged_key = rsa.PublicKey.load_pkcs1(f.read())
+            pk = f.read().split('\n')
+            pk = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A' + ''.join(pk[1:-2])
+            pk = [pk[i: i + 64] for i in range(0, len(pk), 64)]
+            pk = ('-----BEGIN PUBLIC KEY-----\n' + '\n'.join(pk) +
+                  '\n-----END PUBLIC KEY-----')
+            bio = BIO.MemoryBuffer(pk)
+            conf.privileged_key = RSA.load_pub_key_bio(bio)
         except Exception:
             raise exceptions.ConfigError(
                 'Key at %s is not a valid RSA key' % conf.privileged_key)
diff --git a/docker_registry/toolkit.py b/docker_registry/toolkit.py
@@ -11,8 +11,8 @@
 import urllib
 
 import flask
+from M2Crypto import RSA
 import requests
-import rsa
 
 from docker_registry.core import compat
 json = compat.json
@@ -21,6 +21,7 @@
 from .lib import config
 
 cfg = config.load()
+
 logger = logging.getLogger(__name__)
 _re_docker_version = re.compile('docker/([^\s]+)')
 _re_authorization = re.compile(r'(\w+)[:=][\s"]?([^",]+)"?')
@@ -232,8 +233,8 @@ def check_signature():
                        ['{}:{}'.format(k, headers[k]) for k in header_keys])
     logger.debug('Signed message: {}'.format(message))
     try:
-        return rsa.verify(message, sigdata, cfg.privileged_key)
-    except rsa.VerificationError:
+        return RSA.verify(cfg.privileged_key, sigdata, message, 'sha1')
+    except RSA.ValueError:
         return False
 
 
diff --git a/requirements/main.txt b/requirements/main.txt
@@ -4,6 +4,6 @@ gevent==1.0.1
 gunicorn==19.1
 PyYAML==3.11
 requests==2.3.0
-rsa==3.1.4
+M2Crypto==0.22.3
 sqlalchemy==0.9.4
 setuptools==5.8
