def generate_revocation_list():
REVOKED_TOKENS = ['auth_token_revoked', 'auth_v3_token_revoked']
revoked_list = []
for token in REVOKED_TOKENS:
with open(make_filename('cms', '%s.pkiz' % name), 'r') as f:
token_data = f.read()
id = utils.hash_signed_token(token_data.encode('utf-8'))
revoked_list.append({'id': id, "expires": "2112-08-14T17:58:48Z"})
with open(make_filename('cms', '%s.pem' % name), 'r') as f:
pem_data = f.read()
token_data = cms.cms_to_token(pem_data).encode('utf-8')
id = utils.hash_signed_token(token_data)
revoked_list.append({'id': id, "expires": "2112-08-14T17:58:48Z"})
revoked_json = jsonutils.dumps({"revoked": revoked_list})
with open(make_filename('cms', 'revocation_list.json'), 'w') as f:
f.write(revoked_json)
encoded = cms.pkiz_sign(revoked_json, SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
with open(make_filename('cms', 'revocation_list.pkiz'), 'w') as f:
f.write(encoded)
encoded = cms.cms_sign_data(revoked_json, SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
with open(make_filename('cms', 'revocation_list.pem'), 'w') as f:
f.write(encoded)
def generate_revocation_list():
REVOKED_TOKENS = ['auth_token_revoked', 'auth_v3_token_revoked']
revoked_list = []
for token in REVOKED_TOKENS:
with open(make_filename('cms', '%s.pkiz' % name), 'r') as f:
token_data = f.read()
id = utils.hash_signed_token(token_data.encode('utf-8'))
revoked_list.append({
'id': id,
"expires": "2112-08-14T17:58:48Z"
})
with open(make_filename('cms', '%s.pem' % name), 'r') as f:
pem_data = f.read()
token_data = cms.cms_to_token(pem_data).encode('utf-8')
id = utils.hash_signed_token(token_data)
revoked_list.append({
'id': id,
"expires": "2112-08-14T17:58:48Z"
})
revoked_json = jsonutils.dumps({"revoked": revoked_list})
with open(make_filename('cms', 'revocation_list.json'), 'w') as f:
f.write(revoked_json)
encoded = cms.pkiz_sign(revoked_json,
SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
with open(make_filename('cms', 'revocation_list.pkiz'), 'w') as f:
f.write(encoded)
encoded = cms.cms_sign_data(revoked_json,
SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
with open(make_filename('cms', 'revocation_list.pem'), 'w') as f:
f.write(encoded)
def _get_token_id(self, token_data):
try:
token_id = cms.pkiz_sign(jsonutils.dumps(token_data),
CONF.signing.certfile,
CONF.signing.keyfile)
return token_id
except environment.subprocess.CalledProcessError:
LOG.exception(ERROR_MESSAGE)
raise exception.UnexpectedError(ERROR_MESSAGE)
def _get_token_id(self, token_data):
try:
# force conversion to a string as the keystone client cms code
# produces unicode. This can be removed if the client returns
# str()
# TODO(ayoung): Make to a byte_str for Python3
token_id = str(cms.pkiz_sign(jsonutils.dumps(token_data),
CONF.signing.certfile,
CONF.signing.keyfile))
return token_id
except environment.subprocess.CalledProcessError:
LOG.exception(ERROR_MESSAGE)
raise exception.UnexpectedError(ERROR_MESSAGE)
def _get_token_id(self, token_data):
try:
# force conversion to a string as the keystone client cms code
# produces unicode. This can be removed if the client returns
# str()
# TODO(ayoung): Make to a byte_str for Python3
token_id = str(
cms.pkiz_sign(jsonutils.dumps(token_data),
CONF.signing.certfile, CONF.signing.keyfile))
return token_id
except environment.subprocess.CalledProcessError:
LOG.exception(ERROR_MESSAGE)
raise exception.UnexpectedError(ERROR_MESSAGE)
def test_cms_sign_token_success(self):
self.assertTrue(
cms.pkiz_sign(self.examples.TOKEN_SCOPED_DATA,
self.examples.SIGNING_CERT_FILE,
self.examples.SIGNING_KEY_FILE))
for name in EXAMPLE_TOKENS:
json_file = make_filename('cms', name + '.json')
pkiz_file = make_filename('cms', name + '.pkiz')
with open(json_file, 'r') as f:
string_data = f.read()
# validate the JSON
try:
token_data = jsonutils.loads(string_data)
except ValueError as v:
raise SystemExit('%s while processing token data from %s: %s' %
(v, json_file, string_data))
text = jsonutils.dumps(token_data).encode('utf-8')
# Uncomment to record the token uncompressed,
# useful for debugging
# generate_der_form(name)
encoded = cms.pkiz_sign(text, SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
# verify before writing
cms.pkiz_verify(encoded, SIGNING_CERT_FILE_NAME, CA_CERT_FILE_NAME)
with open(pkiz_file, 'w') as f:
f.write(encoded)
generate_revocation_list()
def test_cms_sign_token_success(self):
self.assertTrue(
cms.pkiz_sign(self.examples.TOKEN_SCOPED_DATA,
self.examples.SIGNING_CERT_FILE,
self.examples.SIGNING_KEY_FILE))
pkiz_file = make_filename('cms', name + '.pkiz')
with open(json_file, 'r') as f:
string_data = f.read()
# validate the JSON
try:
token_data = jsonutils.loads(string_data)
except ValueError as v:
raise SystemExit('%s while processing token data from %s: %s' %
(v, json_file, string_data))
text = jsonutils.dumps(token_data).encode('utf-8')
# Uncomment to record the token uncompressed,
# useful for debugging
# generate_der_form(name)
encoded = cms.pkiz_sign(text,
SIGNING_CERT_FILE_NAME,
SIGNING_KEY_FILE_NAME)
# verify before writing
cms.pkiz_verify(encoded,
SIGNING_CERT_FILE_NAME,
CA_CERT_FILE_NAME)
with open(pkiz_file, 'w') as f:
f.write(encoded)
generate_revocation_list()