Merge "Compressed Token Provider"

keystone/tests/test_v3_auth.py

@@ -127,6 +127,11 @@ class TokenAPITests(object):
     def test_default_fixture_scope_token(self):
         self.assertIsNotNone(self.get_scoped_token())
 
+    def sign_token(self, resp):
+        return cms.cms_sign_token(resp.body,
+                                  CONF.signing.certfile,
+                                  CONF.signing.keyfile)
+
     def test_v3_token_id(self):
         auth_data = self.build_authentication_request(
             user_id=self.user['id'],
@@ -136,9 +141,7 @@ class TokenAPITests(object):
         token_id = resp.headers.get('X-Subject-Token')
         self.assertIn('expires_at', token_data['token'])
 
-        expected_token_id = cms.cms_sign_token(resp.body,
-                                               CONF.signing.certfile,
-                                               CONF.signing.keyfile)
+        expected_token_id = self.sign_token(resp)
         self.assertEqual(expected_token_id, token_id)
         # should be able to validate hash PKI token as well
         hash_token_id = cms.cms_hash_token(token_id)
@@ -404,6 +407,24 @@ class TestPKITokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
         self.doSetUp()
 
 
+class TestPKIZTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
+
+    def sign_token(self, resp):
+        return cms.pkiz_sign(resp.body,
+                             CONF.signing.certfile,
+                             CONF.signing.keyfile)
+
+    def config_overrides(self):
+        super(TestPKIZTokenAPIs, self).config_overrides()
+        self.config_fixture.config(
+            group='token',
+            provider='keystone.token.providers.pkiz.Provider')
+
+    def setUp(self):
+        super(TestPKIZTokenAPIs, self).setUp()
+        self.doSetUp()
+
+
 class TestUUIDTokenAPIs(test_v3.RestfulTestCase, TokenAPITests):
     def config_overrides(self):
         super(TestUUIDTokenAPIs, self).config_overrides()

keystone/token/providers/pkiz.py

@@ -0,0 +1,41 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+"""Keystone Compressed PKI Token Provider"""
+
+from keystoneclient.common import cms
+
+from keystone.common import environment
+from keystone import config
+from keystone import exception
+from keystone.openstack.common.gettextutils import _
+from keystone.openstack.common import jsonutils
+from keystone.openstack.common import log
+from keystone.token.providers import common
+
+
+CONF = config.CONF
+
+LOG = log.getLogger(__name__)
+ERROR_MESSAGE = _('Unable to sign token.')
+
+
+class Provider(common.BaseProvider):
+    def _get_token_id(self, token_data):
+        try:
+            token_id = cms.pkiz_sign(jsonutils.dumps(token_data),
+                                     CONF.signing.certfile,
+                                     CONF.signing.keyfile)
+            return token_id
+        except environment.subprocess.CalledProcessError:
+            LOG.exception(ERROR_MESSAGE)
+            raise exception.UnexpectedError(ERROR_MESSAGE)