Example #1
0
    def _validate_user_token(self, user_token, retry=True):
        """Authenticate user using PKI

        :param user_token: user's token id
        :param retry: Ignored, as it is not longer relevant
        :return uncrypted body of the token if the token is valid
        :raise InvalidUserToken if token is rejected
        :no longer raises ServiceError since it no longer makes RPC

        """
        try:
            token_id = cms.cms_hash_token(user_token)
            cached = self._cache_get(token_id)
            if cached:
                return cached
            if cms.is_ans1_token(user_token):
                verified = self.verify_signed_token(user_token)
                data = json.loads(verified)
            else:
                data = self.verify_uuid_token(user_token, retry)
            self._cache_put(token_id, data)
            return data
        except Exception as e:
            self.LOG.debug('Token validation failure.', exc_info=True)
            self._cache_store_invalid(user_token)
            self.LOG.warn("Authorization failed for token %s", user_token)
            raise InvalidUserToken('Token authorization failed')
Example #2
0
    def _validate_user_token(self, user_token, retry=True):
        """Authenticate user using PKI

        :param user_token: user's token id
        :param retry: Ignored, as it is not longer relevant
        :return uncrypted body of the token if the token is valid
        :raise InvalidUserToken if token is rejected
        :no longer raises ServiceError since it no longer makes RPC

        """
        token_id = None

        try:
            token_id = cms.cms_hash_token(user_token)
            cached = self._cache_get(token_id)
            if cached:
                return cached
            if cms.is_ans1_token(user_token):
                verified = self.verify_signed_token(user_token)
                data = jsonutils.loads(verified)
            else:
                data = self.verify_uuid_token(user_token, retry)
            expires = confirm_token_not_expired(data)
            self._cache_put(token_id, data, expires)
            return data
        except NetworkError:
            self.LOG.debug('Token validation failure.', exc_info=True)
            self.LOG.warn("Authorization failed for token %s", token_id)
            raise InvalidUserToken('Token authorization failed')
        except Exception:
            self.LOG.debug('Token validation failure.', exc_info=True)
            if token_id:
                self._cache_store_invalid(token_id)
            self.LOG.warn("Authorization failed for token %s", token_id)
            raise InvalidUserToken('Token authorization failed')
Example #3
0
 def _is_pki_token(self, token):
     """Determines if this is a pki-based token (pki or pkiz)"""
     return (keystone_cms.is_ans1_token(token)
             or keystone_cms.is_pkiz(token))
Example #4
0
 def _is_pki_token(self, token):
     """Determines if this is a pki-based token (pki or pkiz)"""
     if token is None:
         return False
     return (keystone_cms.is_ans1_token(token)
             or keystone_cms.is_pkiz(token))
Example #5
0
 def test_ans1_token(self):
     self.assertTrue(cms.is_ans1_token(self.examples.SIGNED_TOKEN_SCOPED))
     self.assertFalse(cms.is_ans1_token('FOOBAR'))
Example #6
0
 def test_ans1_token(self):
     self.assertTrue(cms.is_ans1_token(self.examples.SIGNED_TOKEN_SCOPED))
     self.assertFalse(cms.is_ans1_token('FOOBAR'))
Example #7
0
 def test_ans1_token(self):
     self.assertTrue(cms.is_ans1_token(client_fixtures.SIGNED_TOKEN_SCOPED))
     self.assertFalse(cms.is_ans1_token('FOOBAR'))