openstack
/
python-keystoneclient
Code Issues Proposed changes

remove universal_newlines 

Need to make sure that binary and text are both handled correctly for cms calls.

Blueprint: compress-tokens

Change-Id: If3ed5f339b53942d4ed6d6b2d9fc4eebd7180b0a
This commit is contained in:
Adam Young 2014-03-10 15:12:15 -04:00
parent 7e1700c565
commit 6c3cbab1a8
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
keystoneclient/common/cms.py
View File

@ -72,11 +72,11 @@ def _check_files_accessible(files):
return err
def _process_communicate_handle_oserror(process, text, files):
def _process_communicate_handle_oserror(process, data, files):
"""Wrapper around process.communicate that checks for OSError."""
try:
output, err = process.communicate(text)
output, err = process.communicate(data)
except OSError as e:
if e.errno != errno.EPIPE:
raise
@ -87,12 +87,14 @@ def _process_communicate_handle_oserror(process, text, files):
# able to read an input file, so check ourselves if can't read a file.
err = _check_files_accessible(files)
if process.stderr:
err += process.stderr.read()
msg = process.stderr.read()
err = err + msg.decode('utf-8')
output = ''
retcode = -1
else:
retcode = process.poll()
if err is not None:
err = err.decode('utf-8')
return output, err, retcode
@ -104,6 +106,7 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
:raises: CertificateConfigError if certificate is not configured properly.
"""
_ensure_subprocess()
data = bytearray(formatted, encoding='utf-8')
process = subprocess.Popen(['openssl', 'cms', '-verify',
'-certfile', signing_cert_file_name,
'-CAfile', ca_file_name,
@ -112,10 +115,9 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
'-nocerts', '-noattr'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
stderr=subprocess.PIPE)
output, err, retcode = _process_communicate_handle_oserror(
process, formatted, (signing_cert_file_name, ca_file_name))
process, data, (signing_cert_file_name, ca_file_name))
# Do not log errors, as some happen in the positive thread
# instead, catch them in the calling code and log them there.
@ -230,6 +232,7 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
"""
_ensure_subprocess()
data = bytearray(text, encoding='utf-8')
process = subprocess.Popen(['openssl', 'cms', '-sign',
'-signer', signing_cert_file_name,
'-inkey', signing_key_file_name,
@ -238,16 +241,15 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
'-nocerts', '-noattr'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
stderr=subprocess.PIPE)
output, err, retcode = _process_communicate_handle_oserror(
process, text, (signing_cert_file_name, signing_key_file_name))
process, data, (signing_cert_file_name, signing_key_file_name))
if retcode or 'Error' in err:
if retcode or ('Error' in err):
LOG.error('Signing error: %s' % err)
raise subprocess.CalledProcessError(retcode, 'openssl')
return output
return output.decode('utf-8')
def cms_sign_token(text, signing_cert_file_name, signing_key_file_name):

5
keystoneclient/middleware/auth_token.py
View File

@ -1204,8 +1204,9 @@ class AuthProtocol(object):
"""
def verify():
try:
return cms.cms_verify(data, self.signing_cert_file_name,
self.signing_ca_file_name)
return cms.cms_verify(
data, self.signing_cert_file_name,
self.signing_ca_file_name).decode('utf-8')
except cms.subprocess.CalledProcessError as err:
self.LOG.warning('Verify error: %s', err)
raise