From e676ab9f06d8a1b318863a38f4e59ef84e1bfbb2 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Mon, 21 Jan 2013 17:15:28 +0100
Subject: [PATCH] Fix thinko in self.middleware.cert_file_missing

The python function string.find() returns -1 on a miss,
which is also evaluated as True. Therefore use the
"X in Y" approach instead.

Also added a rather trivial test to test for this
code bug. In order to make the code easier to test,
I've changed the parameters to operate on the command
output, not the exception object and updated all callers.

Change-Id: If0b4fed6fe676cad50512267c1b601a3a8a631e5
---
 keystoneclient/middleware/auth_token.py | 10 +++++-----
 tests/test_auth_token_middleware.py     |  8 ++++++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 7d332205e..df2076fcc 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -793,9 +793,8 @@ class AuthProtocol(object):
                 'Marking token %s as unauthorized in memcache', token)
             self._cache_store(token, 'invalid')
 
-    def cert_file_missing(self, called_proc_err, file_name):
-        return (called_proc_err.output.find(file_name)
-                and not os.path.exists(file_name))
+    def cert_file_missing(self, proc_output, file_name):
+        return (file_name in proc_output and not os.path.exists(file_name))
 
     def verify_uuid_token(self, user_token, retry=True):
         """Authenticate user token with keystone.
@@ -867,10 +866,11 @@ class AuthProtocol(object):
                 output = cms.cms_verify(data, self.signing_cert_file_name,
                                         self.ca_file_name)
             except cms.subprocess.CalledProcessError as err:
-                if self.cert_file_missing(err, self.signing_cert_file_name):
+                if self.cert_file_missing(err.output,
+                                          self.signing_cert_file_name):
                     self.fetch_signing_cert()
                     continue
-                if self.cert_file_missing(err, self.ca_file_name):
+                if self.cert_file_missing(err.output, self.ca_file_name):
                     self.fetch_ca_cert()
                     continue
                 raise err
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index 40fc4018f..0fc6c6aa5 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -569,6 +569,14 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
         self.middleware.token_revocation_list = self.get_revocation_list_json()
         self.middleware.verify_signed_token(SIGNED_TOKEN_SCOPED)
 
+    def test_cert_file_missing(self):
+        self.assertFalse(self.middleware.cert_file_missing(
+                         "openstack: /tmp/haystack: No such file or directory",
+                         "/tmp/needle"))
+        self.assertTrue(self.middleware.cert_file_missing(
+                        "openstack: /not/exist: No such file or directory",
+                        "/not/exist"))
+
     def test_get_token_revocation_list_fetched_time_returns_min(self):
         self.middleware.token_revocation_list_fetched_time = None
         self.middleware.revoked_file_name = ''