openstack/python-keystoneclient
Code Issues Proposed changes

remove universal_newlines

Browse Source 
Need to make sure that binary and text are both handled correctly for cms calls.

Blueprint: compress-tokens

Change-Id: If3ed5f339b53942d4ed6d6b2d9fc4eebd7180b0a
This commit is contained in:
Adam Young
2014-03-10 15:12:15 -04:00
parent 7e1700c565
commit 6c3cbab1a8
2 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
keystoneclient/common/cms.py
View File

@@ -72,11 +72,11 @@ def _check_files_accessible(files):
return err return err
def _process_communicate_handle_oserror(process, text, files): def _process_communicate_handle_oserror(process, data, files):
"""Wrapper around process.communicate that checks for OSError.""" """Wrapper around process.communicate that checks for OSError."""
try: try:
output, err = process.communicate(text) output, err = process.communicate(data)
except OSError as e: except OSError as e:
if e.errno != errno.EPIPE: if e.errno != errno.EPIPE:
raise raise
@@ -87,12 +87,14 @@ def _process_communicate_handle_oserror(process, text, files):
# able to read an input file, so check ourselves if can't read a file. # able to read an input file, so check ourselves if can't read a file.
err = _check_files_accessible(files) err = _check_files_accessible(files)
if process.stderr: if process.stderr:
err += process.stderr.read() msg = process.stderr.read()
err = err + msg.decode('utf-8')
output = '' output = ''
retcode = -1 retcode = -1
else: else:
retcode = process.poll() retcode = process.poll()
if err is not None:
err = err.decode('utf-8')
return output, err, retcode return output, err, retcode
@@ -104,6 +106,7 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
:raises: CertificateConfigError if certificate is not configured properly. :raises: CertificateConfigError if certificate is not configured properly.
""" """
_ensure_subprocess() _ensure_subprocess()
data = bytearray(formatted, encoding='utf-8')
process = subprocess.Popen(['openssl', 'cms', '-verify', process = subprocess.Popen(['openssl', 'cms', '-verify',
'-certfile', signing_cert_file_name, '-certfile', signing_cert_file_name,
'-CAfile', ca_file_name, '-CAfile', ca_file_name,
@@ -112,10 +115,9 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
'-nocerts', '-noattr'], '-nocerts', '-noattr'],
stdin=subprocess.PIPE, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE)
universal_newlines=True)
output, err, retcode = _process_communicate_handle_oserror( output, err, retcode = _process_communicate_handle_oserror(
process, formatted, (signing_cert_file_name, ca_file_name)) process, data, (signing_cert_file_name, ca_file_name))
# Do not log errors, as some happen in the positive thread # Do not log errors, as some happen in the positive thread
# instead, catch them in the calling code and log them there. # instead, catch them in the calling code and log them there.
@@ -230,6 +232,7 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
""" """
_ensure_subprocess() _ensure_subprocess()
data = bytearray(text, encoding='utf-8')
process = subprocess.Popen(['openssl', 'cms', '-sign', process = subprocess.Popen(['openssl', 'cms', '-sign',
'-signer', signing_cert_file_name, '-signer', signing_cert_file_name,
'-inkey', signing_key_file_name, '-inkey', signing_key_file_name,
@@ -238,16 +241,15 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
'-nocerts', '-noattr'], '-nocerts', '-noattr'],
stdin=subprocess.PIPE, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE)
universal_newlines=True)
output, err, retcode = _process_communicate_handle_oserror( output, err, retcode = _process_communicate_handle_oserror(
process, text, (signing_cert_file_name, signing_key_file_name)) process, data, (signing_cert_file_name, signing_key_file_name))
if retcode or 'Error' in err: if retcode or ('Error' in err):
LOG.error('Signing error: %s' % err) LOG.error('Signing error: %s' % err)
raise subprocess.CalledProcessError(retcode, 'openssl') raise subprocess.CalledProcessError(retcode, 'openssl')
return output return output.decode('utf-8')
def cms_sign_token(text, signing_cert_file_name, signing_key_file_name): def cms_sign_token(text, signing_cert_file_name, signing_key_file_name):

5
keystoneclient/middleware/auth_token.py
View File

@@ -1204,8 +1204,9 @@ class AuthProtocol(object):
""" """
def verify(): def verify():
try: try:
return cms.cms_verify(data, self.signing_cert_file_name, return cms.cms_verify(
self.signing_ca_file_name) data, self.signing_cert_file_name,
self.signing_ca_file_name).decode('utf-8')
except cms.subprocess.CalledProcessError as err: except cms.subprocess.CalledProcessError as err:
self.LOG.warning('Verify error: %s', err) self.LOG.warning('Verify error: %s', err)
raise raise