private string GetServiceScopeRequestParameters(string scope)
{
return("service="
+ service
+ "&scope=repository:"
+ registryEndpointRequestProperties.GetImageName()
+ ":"
+ scope);
}
// TODO: Replace with a WWW-Authenticate header parser.
/**
* Instantiates from parsing a {@code WWW-Authenticate} header.
*
* @param authenticationMethod the {@code WWW-Authenticate} header value
* @param registryEndpointRequestProperties the registry request properties
* @param userAgent the {@code User-Agent} header value to use in later authentication calls
* @return a new {@link RegistryAuthenticator} for authenticating with the registry service
* @throws RegistryAuthenticationFailedException if authentication fails
* @see <a
* href="https://docs.docker.com/registry/spec/auth/token/#how-to-authenticate">https://docs.docker.com/registry/spec/auth/token/#how-to-authenticate</a>
*/
public static RegistryAuthenticator FromAuthenticationMethod(
AuthenticationHeaderValue authenticationMethod,
RegistryEndpointRequestProperties registryEndpointRequestProperties,
IEnumerable <ProductInfoHeaderValue> userAgent)
{
authenticationMethod =
authenticationMethod ?? throw new ArgumentNullException(nameof(authenticationMethod));
registryEndpointRequestProperties =
registryEndpointRequestProperties ??
throw new ArgumentNullException(nameof(registryEndpointRequestProperties));
// If the authentication method starts with 'basic ' (case insensitive), no registry
// authentication is needed.
if (string.Equals(authenticationMethod.Scheme, "basic", StringComparison.OrdinalIgnoreCase))
{
return(null);
}
// Checks that the authentication method starts with 'bearer ' (case insensitive).
if (!string.Equals(authenticationMethod.Scheme, "bearer", StringComparison.OrdinalIgnoreCase))
{
throw NewRegistryAuthenticationFailedException(
registryEndpointRequestProperties.GetRegistry(),
registryEndpointRequestProperties.GetImageName(),
authenticationMethod.Scheme,
"Bearer");
}
Regex realmPattern = new Regex("realm=\"(.*?)\"");
Match realmMatcher = realmPattern.Match(authenticationMethod.Parameter);
if (!realmMatcher.Success)
{
throw NewRegistryAuthenticationFailedException(
registryEndpointRequestProperties.GetRegistry(),
registryEndpointRequestProperties.GetImageName(),
authenticationMethod.Parameter,
"realm");
}
string realm = realmMatcher.Groups[1].Value;
Regex servicePattern = new Regex("service=\"(.*?)\"");
Match serviceMatcher = servicePattern.Match(authenticationMethod.Parameter);
// use the provided registry location when missing service (e.g., for OpenShift)
string service =
serviceMatcher.Success
? serviceMatcher.Groups[1].Value
: registryEndpointRequestProperties.GetRegistry();
return(new RegistryAuthenticator(realm, service, registryEndpointRequestProperties, userAgent));
}
/**
* @return the common action description for {@link Initializer}, {@link Writer}, and {@link
* Committer}
*/
private string GetActionDescription()
{
return("push BLOB for "
+ registryEndpointRequestProperties.GetRegistry()
+ "/"
+ registryEndpointRequestProperties.GetImageName()
+ " with digest "
+ blobDigest);
}
public Uri GetApiRoute(string apiRouteBase)
{
return(new Uri(
apiRouteBase + registryEndpointRequestProperties.GetImageName() + "/manifests/" + imageTag));
}
public Uri GetApiRoute(string apiRouteBase)
{
return(new Uri(
apiRouteBase + registryEndpointRequestProperties.GetImageName() + "/blobs/" + blobDigest));
}
