def _get_metadata() -> Tuple[Dict[str, Any], str]:
"""Download the metadata TOC."""
try:
metadata = requests.get(
SETTINGS.metadata_service['url'],
params={'token': SETTINGS.metadata_service['access_token']},
timeout=SETTINGS.metadata_service['timeout'])
except requests.exceptions.RequestException:
raise CommandError('MDS response error.')
# First, we decode the unverified headers to get the certificate
try:
decoded_jwt = JWT(jwt=metadata.content.decode())
except ValueError:
raise CommandError('MDS response malformed.')
# x5c element in header contains the signing certificate and possibly intermediate certificates
# Use the first one to verify signature, the others can be used to verify the first one
try:
decoding_key = verify_certificate(decoded_jwt)
except InvalidCert:
raise CommandError('Could not read the key.')
try:
decoded_jwt.deserialize(metadata.content.decode(), key=decoding_key)
except InvalidJWSSignature:
raise CommandError('Could not verify MDS signature.')
# Return parsed metadata and the algorith for signing
return json.loads(decoded_jwt.claims), json.loads(
decoded_jwt.header)['alg']
def verify(self, key=None):
jwt = JWT()
jwt.deserialize(self.serialize())
jws = jwt.token
if not key:
tprint = jws.jose_header["kid"]
key = keystore()[tprint]
jws.verify(key)
def _fromSerialization(BlockClass, serialized, chain):
jwt = JWT()
jwt.deserialize(serialized)
jws = jwt.token
block_json = json.loads(str(jws.objects["payload"], "utf8"))
block = BlockClass.deserialize(block_json, jws.jose_header["kid"],
chain)
block._serialization = serialized
return block
