Skip to content

[Attestation] Fix #3937 #4120: az attestation policy show #5081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jsntcy merged 10 commits into from
Jul 7, 2022
Merged

[Attestation] Fix #3937 #4120: az attestation policy show #5081

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
46ca4ab
Fix attestation policy set and show issue
YuanyuanNi May 26, 2022
c38979f
Fix all related with jwt.decode
YuanyuanNi May 26, 2022
4ec542e
fix jwt decode issue
YuanyuanNi Jun 10, 2022
14301ee
update
ZengTaoxu Jul 5, 2022
7de92ed
Merge branch 'Azure:main' into te05
ZengTaoxu Jul 5, 2022
a2fc857
update
ZengTaoxu Jul 5, 2022
e8df20f
update
ZengTaoxu Jul 6, 2022
c175b4c
update
ZengTaoxu Jul 6, 2022
9b87511
Update src/attestation/HISTORY.rst
jsntcy Jul 7, 2022
3acbf60
update
ZengTaoxu Jul 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/attestation/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
Release History
===============

0.2.1
++++++
* `az attestation policy show`: Fix encoding and decoding issues due to JWT upgrades

0.2.0
++++++
* GA.
Expand Down
11 changes: 5 additions & 6 deletions src/attestation/azext_attestation/manual/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ def add_signer(cmd, client, signer=None, signer_file=None, resource_group_name=N
'Algorithm': header.get('alg', ''),
'JKU': header.get('jku', '')
})
body = jwt.decode(token, verify=False)
body = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
result['Certificates'] = body.get('aas-policyCertificates', {}).get('keys', [])
result['CertificateCount'] = len(result['Certificates'])

Expand Down Expand Up @@ -171,7 +171,7 @@ def list_signers(cmd, client, resource_group_name=None, provider_name=None):
'Algorithm': header.get('alg', ''),
'JKU': header.get('jku', '')
})
body = jwt.decode(token, verify=False)
body = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False})
result['Certificates'] = body.get('x-ms-policy-certificates', {}).get('keys', [])
result['CertificateCount'] = len(result['Certificates'])

Expand All @@ -188,14 +188,14 @@ def get_policy(cmd, client, attestation_type, resource_group_name=None, provider

if token:
import jwt
policy = jwt.decode(token, verify=False).get('x-ms-policy', '')
policy = jwt.decode(token, algorithms=['RS256'], options={"verify_signature": False}).get('x-ms-policy', '')
result['Jwt'] = policy
result['JwtLength'] = len(policy)
result['Algorithm'] = None

if policy:
try:
decoded_policy = jwt.decode(policy, verify=False)
decoded_policy = jwt.decode(policy, algorithms=['RS256'], options={"verify_signature": False})
decoded_policy = decoded_policy.get('AttestationPolicy', '')
try:
new_decoded_policy = base64.b64decode(_b64url_to_b64(decoded_policy)).decode('ascii')
Expand Down Expand Up @@ -250,8 +250,7 @@ def set_policy(cmd, client, attestation_type, new_attestation_policy=None, new_a
new_attestation_policy = {'AttestationPolicy': new_attestation_policy}
new_attestation_policy = jwt.encode(
new_attestation_policy, key='', algorithm='none'
).decode('ascii')

)
except TypeError as e:
print(e)
raise CLIError('Failed to encode text content, are you using JWT? If yes, please use --policy-format JWT')
Expand Down
Loading