Merge "Compressed Token Provider"
This commit is contained in:
commit
f5602d0d1e
@ -127,6 +127,11 @@ class TokenAPITests(object):
|
||||
def test_default_fixture_scope_token(self):
|
||||
self.assertIsNotNone(self.get_scoped_token())
|
||||
|
||||
def sign_token(self, resp):
|
||||
return cms.cms_sign_token(resp.body,
|
||||
CONF.signing.certfile,
|
||||
CONF.signing.keyfile)
|
||||
|
||||
def test_v3_token_id(self):
|
||||
auth_data = self.build_authentication_request(
|
||||
user_id=self.user['id'],
|
||||
@ -136,9 +141,7 @@ class TokenAPITests(object):
|
||||
token_id = resp.headers.get('X-Subject-Token')
|
||||
self.assertIn('expires_at', token_data['token'])
|
||||
|
||||
expected_token_id = cms.cms_sign_token(resp.body,
|
||||
CONF.signing.certfile,
|
||||
CONF.signing.keyfile)
|
||||
expected_token_id = self.sign_token(resp)
|
||||
self.assertEqual(expected_token_id, token_id)
|
||||
# should be able to validate hash PKI token as well
|
||||
hash_token_id = cms.cms_hash_token(token_id)
|
||||
@ -404,6 +407,24 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||
self.doSetUp()
|
||||
|
||||
|
||||
class TestPKIZTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||
|
||||
def sign_token(self, resp):
|
||||
return cms.pkiz_sign(resp.body,
|
||||
CONF.signing.certfile,
|
||||
CONF.signing.keyfile)
|
||||
|
||||
def config_overrides(self):
|
||||
super(TestPKIZTokenAPIs, self).config_overrides()
|
||||
self.config_fixture.config(
|
||||
group='token',
|
||||
provider='keystone.token.providers.pkiz.Provider')
|
||||
|
||||
def setUp(self):
|
||||
super(TestPKIZTokenAPIs, self).setUp()
|
||||
self.doSetUp()
|
||||
|
||||
|
||||
class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
|
||||
def config_overrides(self):
|
||||
super(TestUUIDTokenAPIs, self).config_overrides()
|
||||
|
41
keystone/token/providers/pkiz.py
Normal file
41
keystone/token/providers/pkiz.py
Normal file
@ -0,0 +1,41 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""Keystone Compressed PKI Token Provider"""
|
||||
|
||||
from keystoneclient.common import cms
|
||||
|
||||
from keystone.common import environment
|
||||
from keystone import config
|
||||
from keystone import exception
|
||||
from keystone.openstack.common.gettextutils import _
|
||||
from keystone.openstack.common import jsonutils
|
||||
from keystone.openstack.common import log
|
||||
from keystone.token.providers import common
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
LOG = log.getLogger(__name__)
|
||||
ERROR_MESSAGE = _('Unable to sign token.')
|
||||
|
||||
|
||||
class Provider(common.BaseProvider):
|
||||
def _get_token_id(self, token_data):
|
||||
try:
|
||||
token_id = cms.pkiz_sign(jsonutils.dumps(token_data),
|
||||
CONF.signing.certfile,
|
||||
CONF.signing.keyfile)
|
||||
return token_id
|
||||
except environment.subprocess.CalledProcessError:
|
||||
LOG.exception(ERROR_MESSAGE)
|
||||
raise exception.UnexpectedError(ERROR_MESSAGE)
|
Loading…
Reference in New Issue
Block a user