From 063070f21ffc3345e2b25904ff4a1ae89f539c32 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 29 Apr 2014 15:29:00 -0400 Subject: [PATCH] Compressed Token Provider Blueprint: compress-tokens Change-Id: I94d1eba74ca5901e6c6c08a7a7260b39c9037500 --- keystone/tests/test_v3_auth.py | 27 ++++++++++++++++++--- keystone/token/providers/pkiz.py | 41 ++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 keystone/token/providers/pkiz.py diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py index 006eb5daf..d0a74c465 100644 --- a/keystone/tests/test_v3_auth.py +++ b/keystone/tests/test_v3_auth.py @@ -127,6 +127,11 @@ class TokenAPITests(object): def test_default_fixture_scope_token(self): self.assertIsNotNone(self.get_scoped_token()) + def sign_token(self, resp): + return cms.cms_sign_token(resp.body, + CONF.signing.certfile, + CONF.signing.keyfile) + def test_v3_token_id(self): auth_data = self.build_authentication_request( user_id=self.user['id'], @@ -136,9 +141,7 @@ class TokenAPITests(object): token_id = resp.headers.get('X-Subject-Token') self.assertIn('expires_at', token_data['token']) - expected_token_id = cms.cms_sign_token(resp.body, - CONF.signing.certfile, - CONF.signing.keyfile) + expected_token_id = self.sign_token(resp) self.assertEqual(expected_token_id, token_id) # should be able to validate hash PKI token as well hash_token_id = cms.cms_hash_token(token_id) @@ -404,6 +407,24 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests): self.doSetUp() +class TestPKIZTokenAPIs(test_v3.RestfulTestCase, TokenAPITests): + + def sign_token(self, resp): + return cms.pkiz_sign(resp.body, + CONF.signing.certfile, + CONF.signing.keyfile) + + def config_overrides(self): + super(TestPKIZTokenAPIs, self).config_overrides() + self.config_fixture.config( + group='token', + provider='keystone.token.providers.pkiz.Provider') + + def setUp(self): + super(TestPKIZTokenAPIs, self).setUp() + self.doSetUp() + + class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests): def config_overrides(self): super(TestUUIDTokenAPIs, self).config_overrides() diff --git a/keystone/token/providers/pkiz.py b/keystone/token/providers/pkiz.py new file mode 100644 index 000000000..d42fe06e6 --- /dev/null +++ b/keystone/token/providers/pkiz.py @@ -0,0 +1,41 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +"""Keystone Compressed PKI Token Provider""" + +from keystoneclient.common import cms + +from keystone.common import environment +from keystone import config +from keystone import exception +from keystone.openstack.common.gettextutils import _ +from keystone.openstack.common import jsonutils +from keystone.openstack.common import log +from keystone.token.providers import common + + +CONF = config.CONF + +LOG = log.getLogger(__name__) +ERROR_MESSAGE = _('Unable to sign token.') + + +class Provider(common.BaseProvider): + def _get_token_id(self, token_data): + try: + token_id = cms.pkiz_sign(jsonutils.dumps(token_data), + CONF.signing.certfile, + CONF.signing.keyfile) + return token_id + except environment.subprocess.CalledProcessError: + LOG.exception(ERROR_MESSAGE) + raise exception.UnexpectedError(ERROR_MESSAGE)