예제 #1
0
def generate_revocation_list():
    REVOKED_TOKENS = ['auth_token_revoked', 'auth_v3_token_revoked']
    revoked_list = []
    for token in REVOKED_TOKENS:
        with open(make_filename('cms', '%s.pkiz' % name), 'r') as f:
            token_data = f.read()
            id = utils.hash_signed_token(token_data.encode('utf-8'))
            revoked_list.append({'id': id, "expires": "2112-08-14T17:58:48Z"})
        with open(make_filename('cms', '%s.pem' % name), 'r') as f:
            pem_data = f.read()
            token_data = cms.cms_to_token(pem_data).encode('utf-8')
            id = utils.hash_signed_token(token_data)
            revoked_list.append({'id': id, "expires": "2112-08-14T17:58:48Z"})
    revoked_json = jsonutils.dumps({"revoked": revoked_list})
    with open(make_filename('cms', 'revocation_list.json'), 'w') as f:
        f.write(revoked_json)
    encoded = cms.pkiz_sign(revoked_json, SIGNING_CERT_FILE_NAME,
                            SIGNING_KEY_FILE_NAME)
    with open(make_filename('cms', 'revocation_list.pkiz'), 'w') as f:
        f.write(encoded)

    encoded = cms.cms_sign_data(revoked_json, SIGNING_CERT_FILE_NAME,
                                SIGNING_KEY_FILE_NAME)
    with open(make_filename('cms', 'revocation_list.pem'), 'w') as f:
        f.write(encoded)
예제 #2
0
def generate_revocation_list():
    REVOKED_TOKENS = ['auth_token_revoked', 'auth_v3_token_revoked']
    revoked_list = []
    for token in REVOKED_TOKENS:
        with open(make_filename('cms', '%s.pkiz' % name), 'r') as f:
            token_data = f.read()
            id = utils.hash_signed_token(token_data.encode('utf-8'))
            revoked_list.append({
                'id': id,
                "expires": "2112-08-14T17:58:48Z"
            })
        with open(make_filename('cms', '%s.pem' % name), 'r') as f:
            pem_data = f.read()
            token_data = cms.cms_to_token(pem_data).encode('utf-8')
            id = utils.hash_signed_token(token_data)
            revoked_list.append({
                'id': id,
                "expires": "2112-08-14T17:58:48Z"
            })
    revoked_json = jsonutils.dumps({"revoked": revoked_list})
    with open(make_filename('cms', 'revocation_list.json'), 'w') as f:
        f.write(revoked_json)
    encoded = cms.pkiz_sign(revoked_json,
                            SIGNING_CERT_FILE_NAME,
                            SIGNING_KEY_FILE_NAME)
    with open(make_filename('cms', 'revocation_list.pkiz'), 'w') as f:
        f.write(encoded)

    encoded = cms.cms_sign_data(revoked_json,
                                SIGNING_CERT_FILE_NAME,
                                SIGNING_KEY_FILE_NAME)
    with open(make_filename('cms', 'revocation_list.pem'), 'w') as f:
        f.write(encoded)
예제 #3
0
파일: pkiz.py 프로젝트: LiFengPro/keystone
 def _get_token_id(self, token_data):
     try:
         token_id = cms.pkiz_sign(jsonutils.dumps(token_data),
                                  CONF.signing.certfile,
                                  CONF.signing.keyfile)
         return token_id
     except environment.subprocess.CalledProcessError:
         LOG.exception(ERROR_MESSAGE)
         raise exception.UnexpectedError(ERROR_MESSAGE)
예제 #4
0
파일: pkiz.py 프로젝트: AsherBond/keystone
 def _get_token_id(self, token_data):
     try:
         # force conversion to a string as the keystone client cms code
         # produces unicode. This can be removed if the client returns
         # str()
         # TODO(ayoung): Make to a byte_str for Python3
         token_id = str(cms.pkiz_sign(jsonutils.dumps(token_data),
                                      CONF.signing.certfile,
                                      CONF.signing.keyfile))
         return token_id
     except environment.subprocess.CalledProcessError:
         LOG.exception(ERROR_MESSAGE)
         raise exception.UnexpectedError(ERROR_MESSAGE)
예제 #5
0
 def _get_token_id(self, token_data):
     try:
         # force conversion to a string as the keystone client cms code
         # produces unicode. This can be removed if the client returns
         # str()
         # TODO(ayoung): Make to a byte_str for Python3
         token_id = str(
             cms.pkiz_sign(jsonutils.dumps(token_data),
                           CONF.signing.certfile, CONF.signing.keyfile))
         return token_id
     except environment.subprocess.CalledProcessError:
         LOG.exception(ERROR_MESSAGE)
         raise exception.UnexpectedError(ERROR_MESSAGE)
예제 #6
0
 def test_cms_sign_token_success(self):
     self.assertTrue(
         cms.pkiz_sign(self.examples.TOKEN_SCOPED_DATA,
                       self.examples.SIGNING_CERT_FILE,
                       self.examples.SIGNING_KEY_FILE))
예제 #7
0
for name in EXAMPLE_TOKENS:
    json_file = make_filename('cms', name + '.json')
    pkiz_file = make_filename('cms', name + '.pkiz')
    with open(json_file, 'r') as f:
        string_data = f.read()

    # validate the JSON
    try:
        token_data = jsonutils.loads(string_data)
    except ValueError as v:
        raise SystemExit('%s while processing token data from %s: %s' %
                         (v, json_file, string_data))

    text = jsonutils.dumps(token_data).encode('utf-8')

    # Uncomment to record the token uncompressed,
    # useful for debugging
    # generate_der_form(name)

    encoded = cms.pkiz_sign(text, SIGNING_CERT_FILE_NAME,
                            SIGNING_KEY_FILE_NAME)

    # verify before writing
    cms.pkiz_verify(encoded, SIGNING_CERT_FILE_NAME, CA_CERT_FILE_NAME)

    with open(pkiz_file, 'w') as f:
        f.write(encoded)

    generate_revocation_list()
예제 #8
0
 def test_cms_sign_token_success(self):
     self.assertTrue(
         cms.pkiz_sign(self.examples.TOKEN_SCOPED_DATA,
                       self.examples.SIGNING_CERT_FILE,
                       self.examples.SIGNING_KEY_FILE))
예제 #9
0
    pkiz_file = make_filename('cms', name + '.pkiz')
    with open(json_file, 'r') as f:
        string_data = f.read()

    # validate the JSON
    try:
        token_data = jsonutils.loads(string_data)
    except ValueError as v:
        raise SystemExit('%s while processing token data from %s: %s' %
                         (v, json_file, string_data))

    text = jsonutils.dumps(token_data).encode('utf-8')

    # Uncomment to record the token uncompressed,
    # useful for debugging
    # generate_der_form(name)

    encoded = cms.pkiz_sign(text,
                            SIGNING_CERT_FILE_NAME,
                            SIGNING_KEY_FILE_NAME)

    # verify before writing
    cms.pkiz_verify(encoded,
                    SIGNING_CERT_FILE_NAME,
                    CA_CERT_FILE_NAME)

    with open(pkiz_file, 'w') as f:
        f.write(encoded)

    generate_revocation_list()