SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK J r "SS\ 5r S r S rS rS rS rSrSrg)zEThis package holds a handful of utilities for manipulating manifests.)absolute_import)division)print_functionN) docker_namec\rSrSrSrSrg)BadManifestExceptionz?Exception type raised when a malformed manifest is encountered.N)__name__ __module__ __qualname____firstlineno____doc____static_attributes__r 4lib/third_party/containerregistry/client/v2/util_.pyrrsGrrcURS5n[U5nUS-S:XaO)US-S:XaUS- nOUS-S:XaUS- nO [S5e[R"U5R S5$) anPerform a JOSE-style base64 decoding of the supplied message. This is based on the docker/libtrust version of the similarly named function found here: https://github.com/docker/libtrust/blob/master/util.go Args: message: a JOSE-style base64 url-encoded message. Raises: BadManifestException: a malformed message was supplied. Returns: The decoded message. utf8rs===zMalformed JOSE Base64 encoding.)encodelenrbase64urlsafe_b64decodedecode)message bytes_msgls r_JoseBase64UrlDecoder! s{nnV$) )n!UaZ1uz I1uz I @ AA  ! !) , 3 3F ;;rcZ[R"[US55nUSUS4$)zDExtract the length and encoded suffix denoting the protected region. protected formatLength formatTail)jsonloadsr!) signaturer#s r_ExtractProtectedRegionr)<s0jj-i .DEF) N #Y|%< ==rcn[US5nUSSHnU[U5:wdM[S5e U$)zHVerify that the signatures agree on the protected region and return one.rNz'Signatures disagree on protected region)r)r) signaturespsigs r_ExtractCommonProtectedRegionr/BsCjm,! ^c #C (( !J KK (rc[R"U5nUSn[U5S:a [S5eUHnSU;dM [S5e [ U5upE[ U5nUSUU-nXr4$)a2Detach the signatures from the signed manifest and return the two halves. Args: manifest: a signed JSON manifest. Raises: BadManifestException: the provided manifest was improperly signed. Returns: a pair consisting of the manifest with the signature removed and a list of the removed signatures. r,r+zExpected a signed manifest.r#z$Signature is missing "protected" keyr)r&r'rrr/r!)manifest json_manifestr,r. format_length format_tailsuffixunsigned_manifests rDetachSignaturesr7Ls**X&-\** _q < == c# !G HH "?z!J=  ,&q/&8  ((rcU$)Nr )r6s rSignr9ls rc[U5up#USUn[U5nSRU[R"USS9US9$)z>Attach the provided signatures to the provided naked manifest.rz*{prefix},"signatures":{signatures}{suffix}T) sort_keys)prefixr,r5)r/r!formatr&dumps)r1r,r3r4r<r5s r_AttachSignaturesr?ssS"?z!J= Am $&  ,& 5 < < J$7  = rc[U5up#[R"U5nURUS'URUS'[R "USSS9n[ U5$)z@Rename this signed manifest to the provided name, and resign it.nametagTr)r;indent)r7r&r' repositoryrBr>r9)r1rAr6unused_signaturesr2updated_unsigned_manifests rRenamerGsa)9()C&**./-//--#jjtA/ ' ((r)r __future__rrrrr&os subprocesscontainerregistry.clientr Exceptionrr!r)r/r7r9r?rGr rrrMsUL&% 0H9H<8>  )@ )r