Python token_to_cms Examples

Example #1

File: test_cms.py Project: admiyo/python-keystoneclient

    def test_token_to_cms_to_token(self):
        with open(os.path.join(client_fixtures.CMSDIR,
                               'auth_token_scoped.pem')) as f:
            AUTH_TOKEN_SCOPED_CMS = f.read()

        self.assertEqual(cms.token_to_cms(self.examples.SIGNED_TOKEN_SCOPED),
                         AUTH_TOKEN_SCOPED_CMS)

        tok = cms.cms_to_token(cms.token_to_cms(
            self.examples.SIGNED_TOKEN_SCOPED))
        self.assertEqual(tok, self.examples.SIGNED_TOKEN_SCOPED)

Example #2

    def test_token_to_cms_to_token(self):
        with open(os.path.join(client_fixtures.CMSDIR,
                               'auth_token_scoped.pem')) as f:
            AUTH_TOKEN_SCOPED_CMS = f.read()

        self.assertEqual(cms.token_to_cms(self.examples.SIGNED_TOKEN_SCOPED),
                         AUTH_TOKEN_SCOPED_CMS)

        tok = cms.cms_to_token(
            cms.token_to_cms(self.examples.SIGNED_TOKEN_SCOPED))
        self.assertEqual(tok, self.examples.SIGNED_TOKEN_SCOPED)

Example #3

File: auth_token.py Project: CodeWire/Standup-a-3-node-OpenStack-HA-Controller-Cluster-with-Contrail-SDN

    def verify_signed_token(self, signed_text):
        """Check that the token is unrevoked and has a valid signature."""
        if self.is_signed_token_revoked(signed_text):
            raise InvalidUserToken('Token has been revoked')

        formatted = cms.token_to_cms(signed_text)
        return self.cms_verify(formatted)

Example #4

File: __init__.py Project: JioCloudVPC/keystonemiddleware

    def _validate_offline(self, token, token_hashes):
        if cms.is_pkiz(token):
            token_data = _uncompress_pkiz(token)
            inform = cms.PKIZ_CMS_FORM
        elif cms.is_asn1_token(token):
            token_data = cms.token_to_cms(token)
            inform = cms.PKI_ASN1_FORM
        else:
            # Can't do offline validation for this type of token.
            return

        try:
            self._revocations.check(token_hashes)
            verified = self._cms_verify(token_data, inform)
        except ksc_exceptions.CertificateConfigError:
            self.log.warning(_LW('Fetch certificate config failed, '
                                 'fallback to online validation.'))
        except ksm_exceptions.RevocationListError:
            self.log.warning(_LW('Fetch revocation list failed, '
                                 'fallback to online validation.'))
        else:
            data = jsonutils.loads(verified)

            audit_ids = None
            if 'access' in data:
                # It's a v2 token.
                audit_ids = data['access']['token'].get('audit_ids')
            else:
                # It's a v3 token
                audit_ids = data['token'].get('audit_ids')

            if audit_ids:
                self._revocations.check_by_audit_id(audit_ids)

            return data

Example #5

    def verify_signed_token(self, signed_text):
        """Check that the token is unrevoked and has a valid signature."""
        if self.is_signed_token_revoked(signed_text):
            raise InvalidUserToken('Token has been revoked')

        formatted = cms.token_to_cms(signed_text)
        return self.cms_verify(formatted)

Example #6

    def _validate_offline(self, token, token_hashes):
        if cms.is_pkiz(token):
            token_data = _uncompress_pkiz(token)
            inform = cms.PKIZ_CMS_FORM
        elif cms.is_asn1_token(token):
            token_data = cms.token_to_cms(token)
            inform = cms.PKI_ASN1_FORM
        else:
            # Can't do offline validation for this type of token.
            return

        try:
            self._revocations.check(token_hashes)
            verified = self._cms_verify(token_data, inform)
        except ksc_exceptions.CertificateConfigError:
            self.log.warning('Fetch certificate config failed, '
                             'fallback to online validation.')
        except ksm_exceptions.RevocationListError:
            self.log.warning('Fetch revocation list failed, '
                             'fallback to online validation.')
        else:
            data = jsonutils.loads(verified)

            audit_ids = None
            if 'access' in data:
                # It's a v2 token.
                audit_ids = data['access']['token'].get('audit_ids')
            else:
                # It's a v3 token
                audit_ids = data['token'].get('audit_ids')

            if audit_ids:
                self._revocations.check_by_audit_id(audit_ids)

            return data

Example #7

File: __init__.py Project: fvukelic/flocx-market

    def _validate_offline(self, token, token_hashes):
        if cms.is_pkiz(token):
            token_data = _uncompress_pkiz(token)
            inform = cms.PKIZ_CMS_FORM
        elif cms.is_asn1_token(token):
            token_data = cms.token_to_cms(token)
            inform = cms.PKI_ASN1_FORM
        else:
            # Can't do offline validation for this type of token.
            return

        try:
            verified = self._cms_verify(token_data, inform)
        except ksc_exceptions.CertificateConfigError:
            self.log.warning('Fetch certificate config failed, '
                             'fallback to online validation.')
        else:
            self.log.warning('auth_token middleware received a PKI/Z token. '
                             'This form of token is deprecated and has been '
                             'removed from keystone server and will be '
                             'removed from auth_token middleware in the Rocky '
                             'release. Please contact your administrator '
                             'about upgrading keystone and the token format.')

            data = jsonutils.loads(verified)

            return data

Example #8

File: __init__.py Project: openstack/keystonemiddleware

    def _validate_offline(self, token, token_hashes):
        if cms.is_pkiz(token):
            token_data = _uncompress_pkiz(token)
            inform = cms.PKIZ_CMS_FORM
        elif cms.is_asn1_token(token):
            token_data = cms.token_to_cms(token)
            inform = cms.PKI_ASN1_FORM
        else:
            # Can't do offline validation for this type of token.
            return

        try:
            verified = self._cms_verify(token_data, inform)
        except ksc_exceptions.CertificateConfigError:
            self.log.warning('Fetch certificate config failed, '
                             'fallback to online validation.')
        else:
            self.log.warning('auth_token middleware received a PKI/Z token. '
                             'This form of token is deprecated and has been '
                             'removed from keystone server and will be '
                             'removed from auth_token middleware in the Rocky '
                             'release. Please contact your administrator '
                             'about upgrading keystone and the token format.')

            data = jsonutils.loads(verified)

            return data

Example #9

File: test_cms.py Project: admiyo/python-keystoneclient

 def test_cms_verify_token_scoped_expired(self):
     cms_content = cms.token_to_cms(
         self.examples.SIGNED_TOKEN_SCOPED_EXPIRED)
     self.assertTrue(cms.cms_verify(cms_content,
                                    self.examples.SIGNING_CERT_FILE,
                                    self.examples.SIGNING_CA_FILE))

Example #10

File: __init__.py Project: darren-wang/ksm

 def _verify_signed_token(self, signed_text, token_ids):
     """Check that the token is unrevoked and has a valid signature."""
     self._revocations.check(token_ids)
     formatted = cms.token_to_cms(signed_text)
     verified = self._cms_verify(formatted)
     return verified

Example #11

 def test_cms_verify_token_unscoped(self):
     cms_content = cms.token_to_cms(self.examples.SIGNED_TOKEN_UNSCOPED)
     self.assertTrue(
         cms.cms_verify(cms_content, self.examples.SIGNING_CERT_FILE,
                        self.examples.SIGNING_CA_FILE))

Example #12

 def _verify_signed_token(self, signed_text, token_ids):
     """Check that the token is unrevoked and has a valid signature."""
     self._revocations.check(token_ids)
     formatted = cms.token_to_cms(signed_text)
     verified = self._cms_verify(formatted)
     return verified

Example #13

File: test_cms.py Project: anlatunskaya/python-keystoneclient

 def test_cms_verify_token_scoped(self):
     cms_content = cms.token_to_cms(client_fixtures.SIGNED_TOKEN_SCOPED)
     self.assertTrue(cms.cms_verify(cms_content,
                                    client_fixtures.SIGNING_CERT_FILE,
                                    client_fixtures.SIGNING_CA_FILE))