def _get_metadata() -> Tuple[Dict[str, Any], str]: """Download the metadata TOC.""" try: metadata = requests.get( SETTINGS.metadata_service['url'], params={'token': SETTINGS.metadata_service['access_token']}, timeout=SETTINGS.metadata_service['timeout']) except requests.exceptions.RequestException: raise CommandError('MDS response error.') # First, we decode the unverified headers to get the certificate try: decoded_jwt = JWT(jwt=metadata.content.decode()) except ValueError: raise CommandError('MDS response malformed.') # x5c element in header contains the signing certificate and possibly intermediate certificates # Use the first one to verify signature, the others can be used to verify the first one try: decoding_key = verify_certificate(decoded_jwt) except InvalidCert: raise CommandError('Could not read the key.') try: decoded_jwt.deserialize(metadata.content.decode(), key=decoding_key) except InvalidJWSSignature: raise CommandError('Could not verify MDS signature.') # Return parsed metadata and the algorith for signing return json.loads(decoded_jwt.claims), json.loads( decoded_jwt.header)['alg']
def verify(self, key=None): jwt = JWT() jwt.deserialize(self.serialize()) jws = jwt.token if not key: tprint = jws.jose_header["kid"] key = keystore()[tprint] jws.verify(key)
def _fromSerialization(BlockClass, serialized, chain): jwt = JWT() jwt.deserialize(serialized) jws = jwt.token block_json = json.loads(str(jws.objects["payload"], "utf8")) block = BlockClass.deserialize(block_json, jws.jose_header["kid"], chain) block._serialization = serialized return block