Python cms_verify Beispiele

Beispiel #1

Datei: controllers.py Projekt: cnsworder/keystone

 def _get_token_ref(self, context, token_id, belongs_to=None):
     token_ref = self.token_api.get_token(token_id)
     if cms.is_ans1_token(token_id):
         verified_token = cms.cms_verify(cms.token_to_cms(token_id),
                                         CONF.signing.certfile,
                                         CONF.signing.ca_certs)
         token_ref = json.loads(verified_token)
     if belongs_to:
         assert token_ref['project']['id'] == belongs_to
     return token_ref

Beispiel #2

 def _get_token_ref(self, context, token_id, belongs_to=None):
     token_ref = self.token_api.get_token(context=context,
                                          token_id=token_id)
     if cms.is_ans1_token(token_id):
         verified_token = cms.cms_verify(cms.token_to_cms(token_id),
                                         CONF.signing.certfile,
                                         CONF.signing.ca_certs)
         token_ref = json.loads(verified_token)
     if belongs_to:
         assert token_ref['project']['id'] == belongs_to
     return token_ref

Beispiel #3

Datei: keystonev2.py Projekt: ioram7/keystone-federado-pgid2013

 def validate(self, response, realm_id):
     catalog_api = catalog.controllers.EndpointV3()
     context = {}
     context['is_admin'] = True
     context['query_string'] = {}
     context['query_string']['service_id'] = realm_id
     context['interface'] = 'adminurl'
     context['path'] = ""
     endpoints = catalog_api.list_endpoints(context)
     for e in endpoints['endpoints']:
         creds = e["creds"]
         if e['interface'] == 'admin':
             endpoint = e['url']+'/tokens/'
         if e['interface'] == 'public':
             post_endpoint = e['url']+'/tokens'
     token_id = response['access']['token']['id']
     if not cms.is_ans1_token(token_id):
         auth_req = {"auth":{}}
         auth_req["auth"]["tenantName"] = "service"
         auth_req['auth']['passwordCredentials'] = {"username": creds["user"], "password": creds["pass"]}
         auth_token = self.request(post_endpoint, data=auth_req, method="POST")
         header = {"X-Auth-Token": auth_token['access']['token']['id']}
         validatedResponse = self.request(keystoneEndpoint=endpoint, data=token_id, method="GET", header=header)
     else:
         cert_file = tempfile.NamedTemporaryFile()
         cert_file.write(self.format_certdata(creds["certdata"]))
         cert_file.flush()
         cacert_file = tempfile.NamedTemporaryFile()
         cacert_file.write(self.format_certdata(creds["cacert"]))
         cacert_file.flush()
         data = json.loads(cms.cms_verify(cms.token_to_cms(token_id),cert_file.name,cacert_file.name))
         cert_file.close()
         cacert_file.close()
         data['access']['token']['user'] = data['access']['user']
         data['access']['token']['metadata'] = data['access']['metadata']
         validatedResponse = data
     validatedAttributes = {}
     for r in validatedResponse['access']['user']['roles']:
         if validatedAttributes.get('role') is None:
             validatedAttributes['role'] = []
     validatedAttributes['role'].append(r['name'])
     validatedAttributes['project'] = [validatedResponse['access']['token']['tenant']['name']]
     username = validatedResponse['access']['user']['name']
     expires = validatedResponse['access']['token']['expires']
     return username, expires, self.check_issuers(validatedAttributes, realm_id)

Beispiel #4

Datei: auth_token.py Projekt: dolph/keystone

    def cms_verify(self, data):
        """Verifies the signature of the provided data's IAW CMS syntax.

        If either of the certificate files are missing, fetch them and
        retry.
        """
        while True:
            try:
                output = cms.cms_verify(data, self.signing_cert_file_name,
                                        self.ca_file_name)
            except subprocess.CalledProcessError as err:
                if self.cert_file_missing(err, self.signing_cert_file_name):
                    self.fetch_signing_cert()
                    continue
                if self.cert_file_missing(err, self.ca_file_name):
                    self.fetch_ca_cert()
                    continue
                raise err
            return output

Beispiel #5

Datei: auth_token.py Projekt: megaumi/openstack-tbd-scheduler

    def cms_verify(self, data):
        """Verifies the signature of the provided data's IAW CMS syntax.

        If either of the certificate files are missing, fetch them and
        retry.
        """
        while True:
            try:
                output = cms.cms_verify(data, self.signing_cert_file_name,
                                        self.ca_file_name)
            except subprocess.CalledProcessError as err:
                if self.cert_file_missing(err, self.signing_cert_file_name):
                    self.fetch_signing_cert()
                    continue
                if self.cert_file_missing(err, self.ca_file_name):
                    self.fetch_ca_cert()
                    continue
                raise err
            return output

Beispiel #6

Datei: controllers.py Projekt: silver552/keystone

    def _get_token_ref(self, context, token_id, belongs_to=None):
        """Returns a token if a valid one exists.

        Optionally, limited to a token owned by a specific tenant.

        """
        # TODO(termie): this stuff should probably be moved to middleware
        self.assert_admin(context)

        if cms.is_ans1_token(token_id):
            data = json.loads(
                cms.cms_verify(cms.token_to_cms(token_id), config.CONF.signing.certfile, config.CONF.signing.ca_certs)
            )
            data["access"]["token"]["user"] = data["access"]["user"]
            data["access"]["token"]["metadata"] = data["access"]["metadata"]
            if belongs_to:
                assert data["access"]["token"]["tenant"]["id"] == belongs_to
            token_ref = data["access"]["token"]
        else:
            token_ref = self.token_api.get_token(context=context, token_id=token_id)
        return token_ref

Beispiel #7

Datei: service.py Projekt: mengjieli0726/keystone

    def _get_token_ref(self, context, token_id, belongs_to=None):
        """Returns a token if a valid one exists.

        Optionally, limited to a token owned by a specific tenant.

        """
        # TODO(termie): this stuff should probably be moved to middleware
        self.assert_admin(context)

        if len(token_id) > cms.UUID_TOKEN_LENGTH:
            data = json.loads(cms.cms_verify(cms.token_to_cms(token_id),
                                             config.CONF.signing.certfile,
                                             config.CONF.signing.ca_certs))
            data['access']['token']['user'] = data['access']['user']
            data['access']['token']['metadata'] = data['access']['metadata']
            if belongs_to:
                assert data['access']['token']['tenant']['id'] == belongs_to
            token_ref = data['access']['token']
        else:
            token_ref = self.token_api.get_token(context=context,
                                                 token_id=token_id)
        return token_ref

Beispiel #8

Datei: auth_token.py Projekt: netcon-source/keystone

    def verify_signed_token(self, signed_text):
        """
            Converts a block of Base64 encoding to strict PEM format
            and verifies the signature of the contensts IAW CMS syntax
            If either of the certificate files are missing, fetch them
            and retry
        """

        formatted = cms.token_to_cms(signed_text)

        while True:
            try:
                output = cms.cms_verify(formatted, self.signing_cert_file_name,
                                        self.ca_file_name)
            except subprocess.CalledProcessError as err:
                if self.cert_file_missing(err, self.signing_cert_file_name):
                    self.fetch_signing_cert()
                    continue
                if self.cert_file_missing(err, self.ca_file_name):
                    self.fetch_ca_cert()
                    continue
                raise err
            return output

Beispiel #9

    def _get_token_ref(self, context, token_id, belongs_to=None):
        """Returns a token if a valid one exists.

        Optionally, limited to a token owned by a specific tenant.

        """
        # TODO(termie): this stuff should probably be moved to middleware
        self.assert_admin(context)

        if len(token_id) > cms.UUID_TOKEN_LENGTH:
            data = json.loads(
                cms.cms_verify(cms.token_to_cms(token_id),
                               config.CONF.signing.certfile,
                               config.CONF.signing.ca_certs))
            data['access']['token']['user'] = data['access']['user']
            data['access']['token']['metadata'] = data['access']['metadata']
            if belongs_to:
                assert data['access']['token']['tenant']['id'] == belongs_to
            token_ref = data['access']['token']
        else:
            token_ref = self.token_api.get_token(context=context,
                                                 token_id=token_id)
        return token_ref