def _Ping(self):
"""Ping the v2 Registry.
Only called during transport construction, this pings the listed
v2 registry. The point of this ping is to establish the "realm"
and "service" to use for Basic for Bearer-Token exchanges.
"""
# This initiates the pull by issuing a v2 ping:
# GET H:P/v2/
headers = {
'content-type': 'application/json',
'user-agent': docker_name.USER_AGENT,
}
resp, unused_content = self._transport.request(
'{scheme}://{registry}/v2/'.format(scheme=Scheme(self._name.registry),
registry=self._name.registry),
'GET',
body=None,
headers=headers)
# We expect a www-authenticate challenge.
_CheckState(resp.status in [httplib.OK, httplib.UNAUTHORIZED],
'Unexpected status: %d' % resp.status)
# The registry is authenticated iff we have an authentication challenge.
if resp.status == httplib.OK:
self._authentication = _ANONYMOUS
self._service = 'none'
self._realm = 'none'
return
challenge = resp['www-authenticate']
_CheckState(' ' in challenge,
'Unexpected "www-authenticate" header form: %s' % challenge)
(self._authentication, remainder) = challenge.split(' ', 1)
# Normalize the authentication scheme to have exactly the first letter
# capitalized. Scheme matching is required to be case insensitive:
# https://tools.ietf.org/html/rfc7235#section-2.1
self._authentication = self._authentication.capitalize()
_CheckState(self._authentication in [_BASIC, _BEARER],
'Unexpected "www-authenticate" challenge type: %s'
% self._authentication)
# Default "_service" to the registry
self._service = self._name.registry
tokens = remainder.split(',')
for t in tokens:
if t.startswith(_REALM_PFX):
self._realm = t[len(_REALM_PFX):].strip('"')
elif t.startswith(_SERVICE_PFX):
self._service = t[len(_SERVICE_PFX):].strip('"')
# Make sure these got set.
_CheckState(self._realm, 'Expected a "%s" in "www-authenticate" '
'header: %s' % (_REALM_PFX, challenge))
评论列表
文章目录
