Merge "Make digest algorithm configurable"

2015-01-29 15:25:29 +00:00 · 2015-01-29 15:25:29 +00:00 · 0d12263a7f
commit 0d12263a7f
parent 8d212207de 82194e0c42
9 changed files with 173 additions and 116 deletions
--- a/doc/source/configuring.rst
+++ b/doc/source/configuring.rst
@ -1395,3 +1395,21 @@ represent the proxy's URL.
 * ``public_endpoint=<None|URL>``

 Optional. Default: ``None``
+
+Configuring Glance digest algorithm
+-----------------------------------
+
+Digest algorithm which will be used for digital signature; the default is
+sha1 for a smooth upgrade process but the recommended value is sha256. Use the
+command::
+
+  openssl list-message-digest-algorithms
+
+to get the available algorithms supported by the version of OpenSSL on the
+platform. Examples are "sha1", "sha256", "sha512", etc. If an invalid
+digest algorithm is configured, all digital signature operations will fail and
+return a ValueError exception with "No such digest method" error.
+
+* ``digest_algorithm=<algorithm>``
+
+Optional. Default: ``sha1``
--- a/etc/glance-api.conf
+++ b/etc/glance-api.conf
@ -132,6 +132,15 @@ backlog = 4096
 # Should be set to a random string of length 16, 24 or 32 bytes
 #metadata_encryption_key = <16, 24 or 32 char registry metadata key>

+
+# Digest algorithm which will be used for digital signature, the default is
+# sha1 in Kilo for a smooth upgrade process, and it will be updated with
+# sha256 in next release(L). Use command
+# "openssl list-message-digest-algorithms" to get the available algorithms
+# supported by the version of OpenSSL on the platform. Examples are 'sha1',
+# 'sha256', 'sha512', etc.
+#digest_algorithm = sha1
+
 # ============ Registry Options ===============================

 # Address to find the registry server
--- a/glance/common/config.py
+++ b/glance/common/config.py
@ -150,6 +150,15 @@ common_opts = [
    cfg.StrOpt('metadata_encryption_key', secret=True,
               help=_('Key used for encrypting sensitive metadata while '
                      'talking to the registry or database.')),
+    cfg.StrOpt('digest_algorithm', default='sha1',
+               help=_('Digest algorithm which will be used for digital '
+                      'signature; the default is sha1 the default in Kilo '
+                      'for a smooth upgrade process, and it will be updated '
+                      'with sha256 in next release(L). Use the command '
+                      '"openssl list-message-digest-algorithms" to get the '
+                      'available algorithms supported by the version of '
+                      'OpenSSL on the platform. Examples are "sha1", '
+                      '"sha256", "sha512", etc.')),
 ]

 CONF = cfg.CONF
--- a/glance/common/utils.py
+++ b/glance/common/utils.py
@ -508,8 +508,15 @@ def validate_key_cert(key_file, cert_file):

    try:
        data = str(uuid.uuid4())
-        digest = "sha1"
-
+        digest = CONF.digest_algorithm
+        if digest == 'sha1':
+            LOG.warn('The FIPS (FEDERAL INFORMATION PROCESSING STANDARDS)'
+                     ' state that the SHA-1 is not suitable for'
+                     ' general-purpose digital signature applications (as'
+                     ' specified in FIPS 186-3) that require 112 bits of'
+                     ' security. The default value is sha1 in Kilo for a'
+                     ' smooth upgrade process, and it will be updated'
+                     ' with sha256 in next release(L).')
        out = crypto.sign(key, data, digest)
        crypto.verify(cert, out, data, digest)
    except crypto.Error as ce:
--- a/glance/tests/unit/common/test_utils.py
+++ b/glance/tests/unit/common/test_utils.py
@ -245,6 +245,7 @@ class TestUtils(test_utils.BaseTestCase):
        self.assertEqual("test passed", result(req, Fake()))

    def test_validate_key_cert_key(self):
+        self.config(digest_algorithm='sha256')
        var_dir = os.path.abspath(os.path.join(os.path.dirname(__file__),
                                               '../../', 'var'))
        keyfile = os.path.join(var_dir, 'privatekey.key')
@ -273,6 +274,16 @@ class TestUtils(test_utils.BaseTestCase):
                                  utils.validate_key_cert,
                                  keyf.name, keyf.name)

+    def test_invalid_digest_algorithm(self):
+        self.config(digest_algorithm='fake_algorithm')
+        var_dir = os.path.abspath(os.path.join(os.path.dirname(__file__),
+                                               '../../', 'var'))
+        keyfile = os.path.join(var_dir, 'privatekey.key')
+        certfile = os.path.join(var_dir, 'certificate.crt')
+        self.assertRaises(ValueError,
+                          utils.validate_key_cert,
+                          keyfile, certfile)
+
    def test_valid_port(self):
        valid_inputs = [1, '1', 2, '3', '5', 8, 13, 21,
                        '80', '3246', '65535']
--- a/glance/tests/unit/test_opts.py
+++ b/glance/tests/unit/test_opts.py
@ -144,7 +144,8 @@ class OptsTestCase(utils.BaseTestCase):
            'store_type_preference',
            'flavor',
            'config_file',
-            'public_endpoint'
+            'public_endpoint',
+            'digest_algorithm',
        ]

        self._check_opt_groups(opt_list, expected_opt_groups)
@ -204,7 +205,8 @@ class OptsTestCase(utils.BaseTestCase):
            'workers',
            'max_header_line',
            'flavor',
-            'config_file'
+            'config_file',
+            'digest_algorithm',
        ]

        self._check_opt_groups(opt_list, expected_opt_groups)
@ -265,7 +267,8 @@ class OptsTestCase(utils.BaseTestCase):
            'auth_strategy',
            'auth_region',
            'registry_host',
-            'registry_port'
+            'registry_port',
+            'digest_algorithm',
        ]

        self._check_opt_groups(opt_list, expected_opt_groups)
@ -324,7 +327,8 @@ class OptsTestCase(utils.BaseTestCase):
            'admin_tenant_name',
            'auth_url',
            'auth_strategy',
-            'auth_region'
+            'auth_region',
+            'digest_algorithm',
        ]

        self._check_opt_groups(opt_list, expected_opt_groups)
--- a/glance/tests/var/ca.crt
+++ b/glance/tests/var/ca.crt
@ -1,35 +1,32 @@
 -----BEGIN CERTIFICATE-----
-MIIGDDCCA/SgAwIBAgIJAPSvwQYk4qI4MA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRUwEwYDVQQKEwxPcGVuc3RhY2sg
-Q0ExEjAQBgNVBAsTCUdsYW5jZSBDQTESMBAGA1UEAxMJR2xhbmNlIENBMB4XDTEy
-MDIwOTE3MTAwMloXDTIyMDIwNjE3MTAwMlowYTELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAGA1UECxMJ
-R2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQDmf+fapWfzy1Uylus0KGalw4X/5xZ+ltPVOr+IdCPbstvi
-RTC5g+O+TvXeOP32V/cnSY4ho/+f2q730za+ZA/cgWO252rcm3Q7KTJn3PoqzJvX
-/l3EXe3/TCrbzgZ7lW3QLTCTEE2eEzwYG3wfDTOyoBq+F6ct6ADh+86gmpbIRfYI
-N+ixB0hVyz9427PTof97fL7qxxkjAayB28OfwHrkEBl7iblNhUC0RoH+/H9r5GEl
-GnWiebxfNrONEHug6PHgiaGq7/Dj+u9bwr7J3/NoS84I08ajMnhlPZxZ8bS/O8If
-ceWGZv7clPozyhABT/otDfgVcNH1UdZ4zLlQwc1MuPYN7CwxrElxc8Quf94ttGjb
-tfGTl4RTXkDofYdG1qBWW962PsGl2tWmbYDXV0q5JhV/IwbrE1X9f+OksJQne1/+
-dZDxMhdf2Q1V0P9hZZICu4+YhmTMs5Mc9myKVnzp4NYdX5fXoB/uNYph+G7xG5IK
-WLSODKhr1wFGTTcuaa8LhOH5UREVenGDJuc6DdgX9a9PzyJGIi2ngQ03TJIkCiU/
-4J/r/vsm81ezDiYZSp2j5JbME+ixW0GBLTUWpOIxUSHgUFwH5f7lQwbXWBOgwXQk
-BwpZTmdQx09MfalhBtWeu4/6BnOCOj7e/4+4J0eVxXST0AmVyv8YjJ2nz1F9oQID
-AQABo4HGMIHDMB0GA1UdDgQWBBTk7Krj4bEsTjHXaWEtI2GZ5ACQyTCBkwYDVR0j
-BIGLMIGIgBTk7Krj4bEsTjHXaWEtI2GZ5ACQyaFlpGMwYTELMAkGA1UEBhMCQVUx
-EzARBgNVBAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAG
-A1UECxMJR2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0GCCQD0r8EGJOKiODAM
-BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQA8Zrss/MiwFHGmDlercE0h
-UvzA54n/EvKP9nP3jHM2qW/VPfKdnFw99nEPFLhb+lN553vdjOpCYFm+sW0Z5Mi4
-qsFkk4AmXIIEFOPt6zKxMioLYDQ9Sw/BUv6EZGeANWr/bhmaE+dMcKJt5le/0jJm
-2ahsVB9fbFu9jBFeYb7Ba/x2aLkEGMxaDLla+6EQhj148fTnS1wjmX9G2cNzJvj/
-+C2EfKJIuDJDqw2oS2FGVpP37FA2Bz2vga0QatNneLkGKCFI3ZTenBznoN+fmurX
-TL3eJE4IFNrANCcdfMpdyLAtXz4KpjcehqpZMu70er3d30zbi1l0Ajz4dU+WKz/a
-NQES+vMkT2wqjXHVTjrNwodxw3oLK/EuTgwoxIHJuplx5E5Wrdx9g7Gl1PBIJL8V
-xiOYS5N7CakyALvdhP7cPubA2+TPAjNInxiAcmhdASS/Vrmpvrkat6XhGn8h9liv
-ysDOpMQmYQkmgZBpW8yBKK7JABGGsJADJ3E6J5MMWBX2RR4kFoqVGAzdOU3oyaTy
-I0kz5sfuahaWpdYJVlkO+esc0CRXw8fLDYivabK2tOgUEWeZsZGZ9uK6aV1VxTAY
-9Guu3BJ4Rv/KP/hk7mP8rIeCwotV66/2H8nq72ImQhzSVyWcxbFf2rJiFQJ3BFwA
-WoRMgEwjGJWqzhJZUYpUAQ==
+MIIFlTCCA32gAwIBAgIJAMpqtavaLZlRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRUwEwYDVQQKDAxPcGVuc3RhY2sg
+Q0ExEjAQBgNVBAsMCUdsYW5jZSBDQTESMBAGA1UEAwwJR2xhbmNlIENBMB4XDTE0
+MDMxMzA0MTU0NFoXDTE3MDMxMjA0MTU0NFowYTELMAkGA1UEBhMCQVUxEzARBgNV
+BAgMClNvbWUtU3RhdGUxFTATBgNVBAoMDE9wZW5zdGFjayBDQTESMBAGA1UECwwJ
+R2xhbmNlIENBMRIwEAYDVQQDDAlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCfRBNR3ula96wzKhpMkaFzvPOm0+ZZrujiNGg+9EDBoRpl
+mqNn6Sy5eZwAsXzB5p7eR7/xy/Jz1MNi/oKQb7R1yn5Wj5k9BlE8QPT/dJdPDdLm
+ZnaNl7+Jzv6y14lx8qDZ9SZ8Gnq/K49ygOcfTUpAo7meM/ZV4EArHknkjHGdETLP
+IUHhEyjG1vbgsyYQbVtjHcPu0MRmYziJa48qwr1P5LwDj6LyXB1zEZx7kz3Wo9Et
+zWQjJLxlPHEgKGCg6v53Dh2VNnat5y8cJ2JV450RwftDPuUhrP0Ofj3JRNK9b4l+
+D8uIVFf9jSHINOFHASgPRaF+YBqcTAy4wTctRqsYnspJ03e3kjrSf8rVAvF1gWY5
+Uaq81/CRI2noca5Edl6HVOty/Kz9YCLgauStN7f25SS0lSwmDnWg6e1XvjdCZB8C
+SQy9XXRt5vLaXFSC+vz/OuQaeqk8Pe613wkMacNRkmeAcZsQiyD/ol7F8oagBmUc
+QvmRJFQp7X7s20x7VO6xJRs4U64BtsWTHqNNG+hzR1BX6OyggFOxNHQ3msGMFGQu
+Ft2hLtNFPixGYiAqk3qSTLLMZEetYzILaAwkmCCDCDV0p2h679aEB9Fe18BsP6dK
+eGKocHU3+84fCR58ETXMs1qjzD81ye4kb2P4VG98W7R2PfKBba1kZhDQxAssLwID
+AQABo1AwTjAdBgNVHQ4EFgQUlYvmSUw7LcOJgOVWRCh47F8y9yswHwYDVR0jBBgw
+FoAUlYvmSUw7LcOJgOVWRCh47F8y9yswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAgEASJYIThn/3q7DfkXLiI9A/azXeDcF/2SIw33u4Xq1EQuAKpGj1Pou
+jIYaZu8Kyl8O2VmA/bpPNa4Nz7cRmmCyg7+S3MNwaRcEDA2x2sLZpSGaptW4Jfh3
+5CT3hGoYhBlVijvdJlfUlq9dlra4INOguohVF/N+NTV1ngmsj3DWI93iJKhxfh1Y
+xuIaCvXpdvr6BZ+avajnfw4Mn3r0jAMASa9LcFt39K6TXXiGjzmCit/LKBnFNZfk
+YA7hazNhNkFEmrUaAUmB9kJE4wie6xqKJwxZmE6mSnHVYngN1fgIsB03bZSIYqxU
+UWNIbCSyPpWPtMlLhCbsCONxRt4A3l91/p127ZGue3b5mjWBOlKWHvdEvBtoe6CZ
+dFDeSgf4715hDb/mcVM9NeMRG3uqzJHIPu0nrJmz+3U6eQEmsdDEYvIdm4rJbEIr
+PNsTkOfHeTsYcrxb3uHnZCRNKJLfLTZzDdK99fqhI5/LSbrJAhyS2W17oL3phNkP
+21eucnLzVGGBdnApt8vnknZ8XXVHXe6OzXT64IhI5/G4IU6UuJRJpQsIi9if37x
+FVBdk3UUSsv8+1veyL5uk6cAkNuP2ZbsWsFImAHpyxPJnafgCTOYzgs0Nm4pmaEC
+jSPA92UFJBz8lsgLfQ4R+tTHOhfKRQd0K/DmHXGOKnIB/5KKCHVhuuo=
 -----END CERTIFICATE-----
--- a/glance/tests/var/certificate.crt
+++ b/glance/tests/var/certificate.crt
@ -1,30 +1,32 @@
 -----BEGIN CERTIFICATE-----
-MIIFLjCCAxYCAQEwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAGA1UECxMJ
-R2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0EwHhcNMTIwMjA5MTcxMDUzWhcN
-MjIwMjA2MTcxMDUzWjBZMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
-ZTESMBAGA1UEChMJT3BlbnN0YWNrMQ8wDQYDVQQLEwZHbGFuY2UxEDAOBgNVBAMT
-BzAuMC4wLjAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXpUkQN6pu
-avo+gz3o1K4krVdPl1m7NjNJDyD/+ZH0EGNcEN7iag1qPE7JsjqGPNZsQK1dMoXb
-Sz+OSi9qvNeJnBcfwUx5qTAtwyAb9AxGkwuMafIU+lWbsclo+dPGsja01ywbXTCZ
-bF32iqnpOMYhfxWUdoQYiBkhxxhW9eMPKLS/KkP8/bx+Vaa2XJiAebqkd9nrksAA
-BeGc9mlafYBEmiChPdJEPw+1ePA4QVq9aPepDsqAKtGN8JLpmoC3BdxQQTbbwL3Q
-8fTXK4tCNUaVk4AbDy/McFq6y0ocQoBPJjihOY35mWG/OLtcI99yPOpWGnps/5aG
-/64DDJ2D67Fnaj6gKHV+6TXFO8KZxlnxtgtiZDJBZkneTBt9ArSOv+l6NBsumRz0
-iEJ4o4H1S2TSMnprAvX7WnGtc6Xi9gXahYcDHEelwwYzqAiTBv6hxSp4MZ2dNXa+
-KzOitC7ZbV2qsg0au0wjfE/oSQ3NvsvUr8nOmfutJTvHRAwbC1v4G/tuAsO7O0w2
-0u2B3u+pG06m5+rnEqp+rB9hmukRYTfgEFRRsVIvpFl/cwvPXKRcX03UIMx+lLr9
-Ft+ep7YooBhY3wY2kwCxD4lRYNmbwsCIVywZt40f/4ad98TkufR9NhsfycxGeqbr
-mTMFlZ8TTlmP82iohekKCOvoyEuTIWL2+wIDAQABMA0GCSqGSIb3DQEBBQUAA4IC
-AQBMUBgV0R+Qltf4Du7u/8IFmGAoKR/mktB7R1gRRAqsvecUt7kIwBexGdavGg1y
-0pU0+lgUZjJ20N1SlPD8gkNHfXE1fL6fmMjWz4dtYJjzRVhpufHPeBW4tl8DgHPN
-rBGAYQ+drDSXaEjiPQifuzKx8WS+DGA3ki4co5mPjVnVH1xvLIdFsk89z3b3YD1k
-yCJ/a9K36x6Z/c67JK7s6MWtrdRF9+MVnRKJ2PK4xznd1kBz16V+RA466wBDdARY
-vFbtkafbEqOb96QTonIZB7+fAldKDPZYnwPqasreLmaGOaM8sxtlPYAJ5bjDONbc
-AaXG8BMRQyO4FyH237otDKlxPyHOFV66BaffF5S8OlwIMiZoIvq+IcTZOdtDUSW2
-KHNLfe5QEDZdKjWCBrfqAfvNuG13m03WqfmcMHl3o/KiPJlx8l9Z4QEzZ9xcyQGL
-cncgeHM9wJtzi2cD/rTDNFsx/gxvoyutRmno7I3NRbKmpsXF4StZioU3USRspB07
-hYXOVnG3pS+PjVby7ThT3gvFHSocguOsxClx1epdUJAmJUbmM7NmOp5WVBVtMtC2
-Su4NG/xJciXitKzw+btb7C7RjO6OEqv/1X/oBDzKBWQAwxUC+lqmnM7W6oqWJFEM
-YfTLnrjs7Hj6ThMGcEnfvc46dWK3dz0RjsQzUxugPuEkLA==
+MIIFlTCCA32gAwIBAgIJAPstaPIRBPlgMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRUwEwYDVQQKDAxPcGVuc3RhY2sg
+Q0ExEjAQBgNVBAsMCUdsYW5jZSBDQTESMBAGA1UEAwwJR2xhbmNlIENBMB4XDTE0
+MDMxMTA5NTMxNVoXDTE3MDMxMDA5NTMxNVowYTELMAkGA1UEBhMCQVUxEzARBgNV
+BAgMClNvbWUtU3RhdGUxFTATBgNVBAoMDE9wZW5zdGFjayBDQTESMBAGA1UECwwJ
+R2xhbmNlIENBMRIwEAYDVQQDDAlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCfRBNR3ula96wzKhpMkaFzvPOm0+ZZrujiNGg+9EDBoRpl
+mqNn6Sy5eZwAsXzB5p7eR7/xy/Jz1MNi/oKQb7R1yn5Wj5k9BlE8QPT/dJdPDdLm
+ZnaNl7+Jzv6y14lx8qDZ9SZ8Gnq/K49ygOcfTUpAo7meM/ZV4EArHknkjHGdETLP
+IUHhEyjG1vbgsyYQbVtjHcPu0MRmYziJa48qwr1P5LwDj6LyXB1zEZx7kz3Wo9Et
+zWQjJLxlPHEgKGCg6v53Dh2VNnat5y8cJ2JV450RwftDPuUhrP0Ofj3JRNK9b4l+
+D8uIVFf9jSHINOFHASgPRaF+YBqcTAy4wTctRqsYnspJ03e3kjrSf8rVAvF1gWY5
+Uaq81/CRI2noca5Edl6HVOty/Kz9YCLgauStN7f25SS0lSwmDnWg6e1XvjdCZB8C
+SQy9XXRt5vLaXFSC+vz/OuQaeqk8Pe613wkMacNRkmeAcZsQiyD/ol7F8oagBmUc
+QvmRJFQp7X7s20x7VO6xJRs4U64BtsWTHqNNG+hzR1BX6OyggFOxNHQ3msGMFGQu
+Ft2hLtNFPixGYiAqk3qSTLLMZEetYzILaAwkmCCDCDV0p2h679aEB9Fe18BsP6dK
+eGKocHU3+84fCR58ETXMs1qjzD81ye4kb2P4VG98W7R2PfKBba1kZhDQxAssLwID
+AQABo1AwTjAdBgNVHQ4EFgQUlYvmSUw7LcOJgOVWRCh47F8y9yswHwYDVR0jBBgw
+FoAUlYvmSUw7LcOJgOVWRCh47F8y9yswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAgEAPsdd6QAA87kUBM+kFFJGIygfyOafOaykemE1i/TUwGODPaJIepLo
+NDeXA9RGYdYq9bmTei+lrMPCQdUCivwF1oQBYl0NIB+k8As1QgF0oE40MA3J1vQV
+JlsdhTrFX3pY9VugcoPBqf0ByuJpDRpzH0NIePu84/q4i+BOPPwcumqe3b54bgYS
+v8Tx5VJY7nmoSFpFwiiAwGptcR0ERQjkxpitNxPtRO3nGP2QHsC43mWbsrEYN75O
+PrPN2sFSGEzOOMHOrkfHBSQfH3EtTVQ/oFaFy6XEYuoAkoy0ATOmHBobMQdLjmP
+97TJCRLpxdNFSj2TNPiZUaj/9aMFGKrEmnHsZJHs0f20EfW9BaRmLNIt+C9OPwgX
+cAGkEMSDhjQye+KSvoAMev/0SgTzLjq8e3P3DuG+z3n4Khs76fFdFRiBvqt78Jb3
+JKCCvTBqSccIkhEMME9lI5OaoNWr4n56hmcbf53/5H752HlGfwOSTdUgdgao6jwV
+8Z1+jhGMDJuA00f9urSUwsABvZaUHasWrmGpSAVp0u3XuGF333Q7tcP/OYDwTJ6e
+y6hHFkOQP7AohrNdNSfPgbRyIn2R7zCoP889PGrU+RJNVMt60/5Ubl6UM5XCJWvj
+aZF+f/OVb/0PdvPuxswPirnetQ6poxFhkDp0ymS0sdr4SnjGHFnKLC4=
 -----END CERTIFICATE-----
--- a/glance/tests/var/privatekey.key
+++ b/glance/tests/var/privatekey.key
@ -1,51 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEA16VJEDeqbmr6PoM96NSuJK1XT5dZuzYzSQ8g//mR9BBjXBDe
-4moNajxOybI6hjzWbECtXTKF20s/jkovarzXiZwXH8FMeakwLcMgG/QMRpMLjGny
-FPpVm7HJaPnTxrI2tNcsG10wmWxd9oqp6TjGIX8VlHaEGIgZIccYVvXjDyi0vypD
-/P28flWmtlyYgHm6pHfZ65LAAAXhnPZpWn2ARJogoT3SRD8PtXjwOEFavWj3qQ7K
-gCrRjfCS6ZqAtwXcUEE228C90PH01yuLQjVGlZOAGw8vzHBaustKHEKATyY4oTmN
-+Zlhvzi7XCPfcjzqVhp6bP+Whv+uAwydg+uxZ2o+oCh1fuk1xTvCmcZZ8bYLYmQy
-QWZJ3kwbfQK0jr/pejQbLpkc9IhCeKOB9Utk0jJ6awL1+1pxrXOl4vYF2oWHAxxH
-pcMGM6gIkwb+ocUqeDGdnTV2viszorQu2W1dqrINGrtMI3xP6EkNzb7L1K/Jzpn7
-rSU7x0QMGwtb+Bv7bgLDuztMNtLtgd7vqRtOpufq5xKqfqwfYZrpEWE34BBUUbFS
-L6RZf3MLz1ykXF9N1CDMfpS6/Rbfnqe2KKAYWN8GNpMAsQ+JUWDZm8LAiFcsGbeN
-H/+GnffE5Ln0fTYbH8nMRnqm65kzBZWfE05Zj/NoqIXpCgjr6MhLkyFi9vsCAwEA
-AQKCAgAA96baQcWr9SLmQOR4NOwLEhQAMWefpWCZhU3amB4FgEVR1mmJjnw868RW
-t0v36jH0Dl44us9K6o2Ab+jCi9JTtbWM2Osk6JNkwSlVtsSPVH2KxbbmTTExH50N
-sYE3tPj12rlB7isXpRrOzlRwzWZmJBHOtrFlAsdKFYCQc03vdXlKGkBv1BuSXYP/
-8W5ltSYXMspxehkOZvhaIejbFREMPbzDvGlDER1a7Q320qQ7kUr7ISvbY1XJUzj1
-f1HwgEA6w/AhED5Jv6wfgvx+8Yo9hYnflTPbsO1XRS4x7kJxGHTMlFuEsSF1ICYH
-Bcos0wUiGcBO2N6uAFuhe98BBn+nOwAPZYWwGkmVuK2psm2mXAHx94GT/XqgK/1r
-VWGSoOV7Fhjauc2Nv8/vJU18DXT3OY5hc4iXVeEBkuZwRb/NVUtnFoHxVO/Mp5Fh
-/W5KZaLWVrLghzvSQ/KUIM0k4lfKDZpY9ZpOdNgWDyZY8tNrXumUZZimzWdXZ9vR
-dBssmd8qEKs1AHGFnMDt56IjLGou6j0qnWsLdR1e/WEFsYzGXLVHCv6vXRNkbjqh
-WFw5nA+2Dw1YAsy+YkTfgx2pOe+exM/wxsVPa7tG9oZ374dywUi1k6VoHw5dkmJw
-1hbXqSLZtx2N51G+SpGmNAV4vLUF0y3dy2wnrzFkFT4uxh1w8QKCAQEA+h6LwHTK
-hgcJx6CQQ6zYRqXo4wdvMooY1FcqJOq7LvJUA2CX5OOLs8qN1TyFrOCuAUTurOrM
-ABlQ0FpsIaP8TOGz72dHe2eLB+dD6Bqjn10sEFMn54zWd/w9ympQrO9jb5X3ViTh
-sCcdYyXVS9Hz8nzbbIF+DaKlxF2Hh71uRDxXpMPxRcGbOIuKZXUj6RkTIulzqT6o
-uawlegWxch05QSgzq/1ASxtjTzo4iuDCAii3N45xqxnB+fV9NXEt4R2oOGquBRPJ
-LxKcOnaQKBD0YNX4muTq+zPlv/kOb8/ys2WGWDUrNkpyJXqhTve4KONjqM7+iL/U
-4WdJuiCjonzk/QKCAQEA3Lc+kNq35FNLxMcnCVcUgkmiCWZ4dyGZZPdqjOPww1+n
-bbudGPzY1nxOvE60dZM4or/tm6qlXYfb2UU3+OOJrK9s297EQybZ8DTZu2GHyitc
-NSFV3Gl4cgvKdbieGKkk9X2dV9xSNesNvX9lJEnQxuwHDTeo8ubLHtV88Ml1xokn
-7W+IFiyEuUIL4e5/fadbrI3EwMrbCF4+9VcfABx4PTNMzdc8LsncCMXE+jFX8AWp
-TsT2JezTe5o2WpvBoKMAYhJQNQiaWATn00pDVY/70H1vK3ljomAa1IUdOr/AhAF7
-3jL0MYMgXSHzXZOKAtc7yf+QfFWF1Ls8+sen1clJVwKCAQEAp59rB0r+Iz56RmgL
-5t7ifs5XujbURemY5E2aN+18DuVmenD0uvfoO1DnJt4NtCNLWhxpXEdq+jH9H/VJ
-fG4a+ydT4IC1vjVRTrWlo9qeh4H4suQX3S1c2kKY4pvHf25blH/Lp9bFzbkZD8Ze
-IRcOxxb4MsrBwL+dGnGYD9dbG63ZCtoqSxaKQSX7VS1hKKmeUopj8ivFBdIht5oz
-JogBQ/J+Vqg9u1gagRFCrYgdXTcOOtRix0lW336vL+6u0ax/fXe5MjvlW3+8Zc3p
-pIBgVrlvh9ccx8crFTIDg9m4DJRgqaLQV+0ifI2np3WK3RQvSQWYPetZ7sm69ltD
-bvUGvQKCAQAz5CEhjUqOs8asjOXwnDiGKSmfbCgGWi/mPQUf+rcwN9z1P5a/uTKB
-utgIDbj/q401Nkp2vrgCNV7KxitSqKxFnTjKuKUL5KZ4gvRtyZBTR751/1BgcauP
-pJYE91K0GZBG5zGG5pWtd4XTd5Af5/rdycAeq2ddNEWtCiRFuBeohbaNbBtimzTZ
-GV4R0DDJKf+zoeEQMqEsZnwG0mTHceoS+WylOGU92teQeG7HI7K5C5uymTwFzpgq
-ByegRd5QFgKRDB0vWsZuyzh1xI/wHdnmOpdYcUGre0zTijhFB7ALWQ32P6SJv3ps
-av78kSNxZ4j3BM7DbJf6W8sKasZazOghAoIBAHekpBcLq9gRv2+NfLYxWN2sTZVB
-1ldwioG7rWvk5YQR2akukecI3NRjtC5gG2vverawG852Y4+oLfgRMHxgp0qNStwX
-juTykzPkCwZn8AyR+avC3mkrtJyM3IigcYOu4/UoaRDFa0xvCC1EfumpnKXIpHag
-miSQZf2sVbgqb3/LWvHIg/ceOP9oGJve87/HVfQtBoLaIe5RXCWkqB7mcI/exvTS
-8ShaW6v2Fe5Bzdvawj7sbsVYRWe93Aq2tmIgSX320D2RVepb6mjD4nr0IUaM3Yed
-TFT7e2ikWXyDLLgVkDTU4Qe8fr3ZKGfanCIDzvgNw6H1gRi+2WQgOmjilMQ=
+MIIJKAIBAAKCAgEAn0QTUd7pWvesMyoaTJGhc7zzptPmWa7o4jRoPvRAwaEaZZqj
+Z+ksuXmcALF8weae3ke/8cvyc9TDYv6CkG+0dcp+Vo+ZPQZRPED0/3SXTw3S5mZ2
+jZe/ic7+steJcfKg2fUmfBp6vyuPcoDnH01KQKO5njP2VeBAKx5J5IxxnREyzyFB
+4RMoxtb24LMmEG1bYx3D7tDEZmM4iWuPKsK9T+S8A4+i8lwdcxGce5M91qPRLc1k
+IyS8ZTxxIChgoOr+dw4dlTZ2recvHCdiVeOdEcH7Qz7lIaz9Dn49yUTSvW+Jfg/L
+iFRX/Y0hyDThRwEoD0WhfmAanEwMuME3LUarGJ7KSdN3t5I60n/K1QLxdYFmOVGq
+vNfwkSNp6HGuRHZeh1Trcvys/WAi4GrkrTe39uUktJUsJg51oOntV743QmQfAkkM
+vV10beby2lxUgvr8/zrkGnqpPD3utd8JDGnDUZJngHGbEIsg/6JexfKGoAZlHEL5
+kSRUKe1+7NtMe1TusSUbOFOuAbbFkx6jTRvoc0dQV+jsoIBTsTR0N5rBjBRkLhbd
+oS7TRT4sRmIgKpN6kkyyzGRHrWMyC2gMJJgggwg1dKdoeu/WhAfRXtfAbD+nSnhi
+qHB1N/vOHwkefBE1zLNao8w/NcnuJG9j+FRvfFu0dj3ygW2tZGYQ0MQLLC8CAwEA
+AQKCAgBL4IvvymqUu0CgE6P57LvlvxS522R4P7uV4W/05jtfxJgl5fmJzO5Q4x4u
+umB8pJn1vms1EHxPMQNxS1364C0ynSl5pepUx4i2UyAmAG8B680ZlaFPrgdD6Ykw
+vT0vO2/kx0XxhFAMef1aiQ0TvaftidMqCwmGOlN393Mu3rZWJVZ2lhqj15Pqv4lY
+3iD5XJBYdVrekTmwqf7KgaLwtVyqDoiAjdMM8lPZeX965FhmxR8oWh0mHR9gf95J
+etMmdy6Km//+EbeS/HxWRnE0CD/RsQA7NmDFnXvmhsB6/j4EoHn5xB6ssbpGAxIg
+JwlY4bUrKXpaEgE7i4PYFb1q5asnTDdUZYAGAGXSBbDiUZM2YOe1aaFB/SA3Y3K2
+47brnx7UXhAXSPJ16EZHejSeFbzZfWgj2J1t3DLk18Fpi/5AxxIy/N5J38kcP7xZ
+RIcSV1QEasYUrHI9buhuJ87tikDBDFEIIeLZxlyeIdwmKrQ7Vzny5Ls94Wg+2UtI
+XFLDak5SEugdp3LmmTJaugF+s/OiglBVhcaosoKRXb4K29M7mQv2huEAerFA14Bd
+dp2KByd8ue+fJrAiSxhAyMDAe/uv0ixnmBBtMH0YYHbfUIgl+kR1Ns/bxrJu7T7F
+kBQWZV4NRbSRB+RGOG2/Ai5jxu0uLu3gtHMO4XzzElWqzHEDoQKCAQEAzfaSRA/v
+0831TDL8dmOCO61TQ9GtAa8Ouj+SdyTwk9f9B7NqQWg7qdkbQESpaDLvWYiftoDw
+mBFHLZe/8RHBaQpEAfbC/+DO6c7O+g1/0Cls33D5VaZOzFnnbHktT3r5xwkZfVBS
+aPPWl/IZOU8TtNqujQA+mmSnrJ7IuXSsBVq71xgBQT9JBZpUcjZ4eQducmtC43CP
+GqcSjq559ZKc/sa3PkAtNlKzSUS1abiMcJ86C9PgQ9gOu7y8SSqQ3ivZkVM99rxm
+wo8KehCcHOPOcIUQKmx4Bs4V3chm8rvygf3aanUHi83xaMeFtIIuOgAJmE9wGQeo
+k0UGvKBUDIenfwKCAQEAxfVFVxMBfI4mHrgTj/HOq7GMts8iykJK1PuELU6FZhex
+XOqXRbQ5dCLsyehrKlVPFqUENhXNHaOQrCOZxiVoRje2PfU/1fSqRaPxI7+W1Fsh
+Fq4PkdJ66NJZJkK5NHwE8SyQf+wpLdL3YhY5LM3tWdX5U9Rr6N8qelE3sLPssAak
+1km4/428+rkp1BlCffr3FyL0KJmOYfMiAr8m6hRZWbhkvm5YqX1monxUrKdFJ218
+dxzyniqoS1yU5RClY6783dql1UO4AvxpzpCPYDFIwbEb9zkUo0przhmi4KzyxknB
+/n/viMWzSnsM9YbakH6KunDTUteme1Dri3Drrq9TUQKCAQAVdvL7YOXPnxFHZbDl
+7azu5ztcQAfVuxa/1kw/WnwwDDx0hwA13NUK+HNcmUtGbrh/DjwG2x032+UdHUmF
+qCIN/mHkCoF8BUPLHiB38tw1J3wPNUjm4jQoG96AcYiFVf2d/pbHdo2AHplosHRs
+go89M+UpELN1h7Ppy4qDuWMME86rtfa7hArqKJFQbdjUVC/wgLkx1tMzJeJLOGfB
+bgwqiS8jr7CGjsvcgOqfH/qS6iU0glpG98dhTWQaA/OhE9TSzmgQxMW41Qt0eTKr
+2Bn1pAhxQ2im3Odue6ou9eNqJLiUi6nDqizUjKakj0SeCs71LqIyGZg58OGo2tSn
+kaOlAoIBAQCE/fO4vQcJpAJOLwLNePmM9bqAcoZ/9auKjPNO8OrEHPTGZMB+Tscu
+k+wa9a9RgICiyPgcUec8m0+tpjlAGo+EZRdlZqedWUMviCWQC74MKrD/KK9DG3IB
+ipfkEX2VmiBD2tm1Z3Z+17XlSuLci/iCmzNnM1XP3GYQSRIt/6Lq23vQjzTfU1z7
+4HwOh23Zb0qjW5NG12sFuS9HQx6kskkY8r2UBlRAggP686Z7W+EkzPSKnYMN6cCo
+6KkLf3RtlPlDHwq8TUOJlgSLhykbyeCEaDVOkSWhUnU8wJJheS+dMZ5IGbFWZOPA
+DQ02woOCAdG30ebXSBQL0uB8DL/52sYRAoIBAHtW3NomlxIMqWX8ZYRJIoGharx4
+ikTOR/jeETb9t//n6kV19c4ICiXOQp062lwEqFvHkKzxKECFhJZuwFc09hVxUXxC
+LJjvDfauHWFHcrDTWWbd25CNeZ4Sq79GKf+HJ+Ov87WYcjuBFlCh8ES+2N4WZGCn
+B5oBq1g6E4p1k6xA5eE6VRiHPuFH8N9t1x6IlCZvZBhuVWdDrDd4qMSDEUTlcxSY
+mtcAIXTPaPcdb3CjdE5a38r59x7dZ/Te2K7FKETffjSmku7BrJITz3iXEk+sn8ex
+o3mdnFgeQ6/hxvMGgdK2qNb5ER/s0teFjnfnwHuTSXngMDIDb3kLL0ecWlQ=
 -----END RSA PRIVATE KEY-----