3d6d749e6f
Allows for a new form of document signature. pkiz_sign will take data and encode it in a string that starts with the substring "PKIZ_". This prefix indicates that the data has been: 1) Signed via PKI in Crypto Message Syntax (CMS) in binary (DER) format 2) Compressed using zlib (comparable to gzip) 3) urlsafe-base64 decoded This process is reversed to validate the data. middleware/auth_token.py will be capable of validating Keystone tokens that are marshalled in the new format. The current existing "PKI" tokens will continue to be identified with "MII", issued by default, and validated as well. It will require corresponding changes on the Keystone server to issue the new token format. A separate script for generating the sample data used in the unit tests, examples/pki/gen_cmsz.py, also serves as an example of how to call the API from Python code. Some of the sample data for the old tests had to be regenerated. A stray comma in one of the JSON files made for non-parsing JSON. Blueprint: compress-tokens Closes-Bug: #1255321 Change-Id: Ia9a66ba3742da0bcd58c4c096b28cc8a66ad6569
80 lines
2.4 KiB
Python
80 lines
2.4 KiB
Python
# Copyright 2010 Jacob Kaplan-Moss
|
|
# Copyright 2011 Nebula, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
"""
|
|
Exception definitions.
|
|
"""
|
|
|
|
#flake8: noqa
|
|
from keystoneclient.openstack.common.apiclient.exceptions import *
|
|
|
|
# NOTE(akurilin): This alias should be left here to support backwards
|
|
# compatibility until we are sure that usage of these exceptions in
|
|
# projects is correct.
|
|
ConnectionError = ConnectionRefused
|
|
HTTPNotImplemented = HttpNotImplemented
|
|
Timeout = RequestTimeout
|
|
HTTPError = HttpError
|
|
|
|
|
|
class CertificateConfigError(Exception):
|
|
"""Error reading the certificate"""
|
|
def __init__(self, output):
|
|
self.output = output
|
|
msg = ("Unable to load certificate. "
|
|
"Ensure your system is configured properly.")
|
|
super(CertificateConfigError, self).__init__(msg)
|
|
|
|
|
|
class CMSError(Exception):
|
|
"""Error reading the certificate"""
|
|
def __init__(self, output):
|
|
self.output = output
|
|
msg = ("Unable to sign or verify data.")
|
|
super(CMSError, self).__init__(msg)
|
|
|
|
|
|
class EmptyCatalog(EndpointNotFound):
|
|
"""The service catalog is empty."""
|
|
pass
|
|
|
|
|
|
class SSLError(ConnectionRefused):
|
|
"""An SSL error occurred."""
|
|
|
|
|
|
class DiscoveryFailure(ClientException):
|
|
"""Discovery of client versions failed."""
|
|
|
|
|
|
class VersionNotAvailable(DiscoveryFailure):
|
|
"""Discovery failed as the version you requested is not available."""
|
|
|
|
|
|
class MissingAuthPlugin(ClientException):
|
|
"""An authenticated request is required but no plugin available."""
|
|
|
|
|
|
class NoMatchingPlugin(ClientException):
|
|
"""There were no auth plugins that could be created from the parameters
|
|
provided."""
|
|
|
|
|
|
class InvalidResponse(ClientException):
|
|
"""The response from the server is not valid for this request."""
|
|
|
|
def __init__(self, response):
|
|
super(InvalidResponse, self).__init__()
|
|
self.response = response
|