From 99512c41e8ea9f67f379f9abc54b139de80e0c42 Mon Sep 17 00:00:00 2001 From: Adam Young <ayoung@redhat.com> Date: Tue, 28 May 2013 09:50:51 -0400 Subject: [PATCH] Check Expiry Explicitly checks the expiry on the tokens, and rejects tokens that have expired had to regenerate the sample data for the tokens as they all had been generated with values that are now expired. bug 1179615 Change-Id: Ie06500d446f55fd0ad67ea540c92d8cfc57483f4 Conflicts: tests/test_auth_token_middleware.py --- examples/pki/certs/cacert.pem | 20 +++++------ examples/pki/certs/middleware.pem | 44 ++++++++++++------------- examples/pki/certs/signing_cert.pem | 16 ++++----- examples/pki/certs/ssl_cert.pem | 16 ++++----- examples/pki/cms/auth_token_revoked.json | 2 +- examples/pki/cms/auth_token_revoked.pem | 10 +++--- examples/pki/cms/auth_token_scoped.json | 2 +- examples/pki/cms/auth_token_scoped.pem | 8 ++--- examples/pki/cms/auth_token_scoped_expired.json | 1 + examples/pki/cms/auth_token_scoped_expired.pem | 41 +++++++++++++++++++++++ examples/pki/cms/auth_token_unscoped.json | 2 +- examples/pki/cms/auth_token_unscoped.pem | 10 +++--- examples/pki/cms/auth_v3_token_revoked.json | 2 +- examples/pki/cms/auth_v3_token_revoked.pem | 10 +++--- examples/pki/cms/auth_v3_token_scoped.json | 2 +- examples/pki/cms/auth_v3_token_scoped.pem | 8 ++--- examples/pki/cms/revocation_list.pem | 6 ++-- examples/pki/gen_pki.sh | 2 +- examples/pki/private/cakey.pem | 28 ++++++++-------- examples/pki/private/signing_key.pem | 28 ++++++++-------- examples/pki/private/ssl_key.pem | 28 ++++++++-------- keystoneclient/middleware/auth_token.py | 35 ++++++++++++-------- tests/test_auth_token_middleware.py | 15 ++++++++- 23 files changed, 200 insertions(+), 136 deletions(-) create mode 100644 examples/pki/cms/auth_token_scoped_expired.json create mode 100644 examples/pki/cms/auth_token_scoped_expired.pem diff --git a/examples/pki/certs/cacert.pem b/examples/pki/certs/cacert.pem index 1b5ff82..6eb1a87 100644 --- a/examples/pki/certs/cacert.pem +++ b/examples/pki/certs/cacert.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC0TCCAjqgAwIBAgIJAPahRNeykBzVMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD +MIIC0TCCAjqgAwIBAgIJAJ+8kJVQMu5VMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55 dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs -ZiBTaWduZWQwIBcNMTMwMzI0MDkwNTIzWhgPMjA3MTA5MTYwOTA1MjNaMIGeMQow +ZiBTaWduZWQwIBcNMTMwNTI4MTM0OTMxWhgPMjA3MTExMjAxMzQ5MzFaMIGeMQow CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1 bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML -U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ9ua8GSnhyR -r7J5Wvu+PTwU4Vo2KrazwwE/Fd32dcZtX6at0/Zr62dADsC0Ig6MTfVZCIrrf2HJ -pTzWCXa4n0kZXRZaq/L/qIv3Yl51FAOl06nCCsC1g+IIG4OnnQW+YbLfB0MHsOV/ -TdFbC6Y5t4UzFh0i6WqF7Z9ADKsBBXYlAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQEFBQADgYEACDpeI6XYf9yt+7cmG1r3i0a+GTXcMjz1WHOW -/KVYKjolMLaAygmcUls0uecI8XCUFYqM5L9M9cTl8iUOAkyYvUfpWAFaxhzEkLZ6 -HkNEd1BfrUJAG2C2vVgCbnok+ltjMnl2EM/e7YuV3bc1CSfs9UvAM54ArVYyNVKU -dufa8EQ= +U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANP4aC8OC1gE +7zIoMIndBoR+SFmiC+FQ7JTQBa4rLhT63Zkw8Mb9W+x51mnphsX9QjXT/Fh4e617 +UQDto2bF3FgVfxj8teMHA4UBLDjlJIJWak+ZAROYwL8cZHOtFcjv5BxR6PXhSywu +fHZKNvqIv321L7TCuV6w05jrMegH7zQpAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEAhz2Q++D6bbLa/MamMK/k+MPiFEj46d/RsSDS +4XIDK5xsn7sXO0UW830IwtyUIrMuFSGix5oKmPgyJGSVZHjLsVT+4bh8puMvE4ic +QuWhLJmwDaTv11Q9FYIB3jEbvprx+PvqAydkHBdw8zCDwXmpo/Arc1Br7gKuR5WS +gkRQZIw= -----END CERTIFICATE----- diff --git a/examples/pki/certs/middleware.pem b/examples/pki/certs/middleware.pem index d93d2e3..bacc361 100644 --- a/examples/pki/certs/middleware.pem +++ b/examples/pki/certs/middleware.pem @@ -3,31 +3,31 @@ MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x -MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgZAxCzAJBgNVBAYTAlVTMQsw +MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgZAxCzAJBgNVBAYTAlVTMQsw CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBAKFS7ztV1Ur3H+J+UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxS -m3EQ1+qTLtHSIrwCeON2K6zht+HDxht9ATw61c3qu6NQYpfW//VH7bXXTZnF5c+d -j1awpfqejzSL6dQO5grRl1Z2JF4IR//ziCXqgzk/QdzVYjZiH0+JYaM56ukRAgMB -AAEwDQYJKoZIhvcNAQEFBQADgYEAltmvie7cuAnYbsJlHSjK84mHrEOUgpwy+Z8s -b+Pflr7NIM9menQhKJ8/S/Xap0nPcFRxsg11eqT/sHh1pROmWkBaFfx6l+8snZt6 -cF5WI/XylgSE0n+/xbUmcRpY8frAAlp2eWxCFtzs8DMWYhHP+kySYhkkYT114Uu7 -Oaj5ztQ= +BQADgY0AMIGJAoGBAKu9aaVODW0VF29oQXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjm +jAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE52VYPMwY1sOyNebN4jV9WcPGoMlobxy2 +VBTAroom975qRG5HhEbGD27NLqXbJmM6b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEAV3fx8dy+iHQWmho5cN9nO+XZOYFCehfSf8JO +pAAStYx9lt4IolZ68OOP0hVJZAj5mf1gU9wiMaoFVOSVyqOg4Ss0LLkyojaVO5Q2 +QQHQbWqUU5OY5IcKN2yArFSHDqyVjmNQjnyfiViomeSNkreIQnP61l6JGNMJEim5 +DYYH/rw= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKFS7ztV1Ur3H+J+ -UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxSm3EQ1+qTLtHSIrwCeON2K6zht+HDxht9 -ATw61c3qu6NQYpfW//VH7bXXTZnF5c+dj1awpfqejzSL6dQO5grRl1Z2JF4IR//z -iCXqgzk/QdzVYjZiH0+JYaM56ukRAgMBAAECgYARVPiw1kLpH+3EBrBZ/GN2n+1g -yxQ0i+px7JcRkyzS9nh0PUfH+PhJknCISFxE+LsGLQ76LvHzhnYFRAPa9bM8lZQx -gAjroYx8vXSD5pcmDs+7SqxWCP/PI9IlT6F0dHanwXcLPjPCeBUZN/Z/ZyuOIpML -DMDfbXHpbg9BF41qJQJBANPJ2VG6KrSqxzM1f7AHSpOp2UZqylMCe14TMSkWaHHX -Bla8p+6D76Ixskh49L9yEpxFplgLP3fRcFfNpRCUSY8CQQDDADhxiQ+jsR69YJMe -QYXYLpQfF2751x789NPfpytDEUOFZ8yyyLp3aNOAYoMrLXaMQTLTJgT5dA2D8QdU -shNfAkEAwDzEnPFt2CX3wFy8NSy5HcWbKda/JY/oKSEki1YCoep6n3qIt/BcMI4J -dM0N40SI7f4umlZDWt/pqFlKjfz7swJARYbjmR+ccunpIu63JdeI6G6bI4bQa8ZW -5yxICvtowm36XCuJYcmOKps2phT53cBE/3cTrxNkPKkzVHLxATLJEwJBAL5sOt1g -ChxUqvhBQtTgToX/WTDtGF3PEBNwU0YeOz4GweoqABxMzg08W/6rvsIFismNuWY5 -W6bZ8CxyKPcq/aE= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKu9aaVODW0VF29o +QXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjmjAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE +52VYPMwY1sOyNebN4jV9WcPGoMlobxy2VBTAroom975qRG5HhEbGD27NLqXbJmM6 +b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMBAAECgYEAmehJgScNyTAZrHGWHUnFSu2B +ByWNPVYplabEqWlYZQWLwse5uQRlCW+2S1cuwQqU+p09TlBLFhPywiku5hfJgvZx +EzjAJHYFdrGreD5y9NKapuWfaSM/JZ2+3u1Cy+d/0MoLbAd6Bmc8YU2NH1VPCPGQ +q2fKCweMrYaymmcD7wECQQDdUnFycODvaXWlYAaCVvOWllejNhA+uA1ljmhEAoEh +ES12LdM7cDK9szq55WZ2UPNS/8huCMfPDtBRHy+twsSZAkEAxqYn1sK3WWX8bzu5 +Eu7cpcFvYTvoJYVChK7LjplpKACnRzcQztPi/aLS0UVtjyf7+zhZTNDexwhm0hWJ +o58BeQJAXxMAaxH0fsRF5pHWmf0yTNkuso0R829rSdogDj8pK4ROjDrpR9pN4dHx +g1P5bRAfRuNcPXCGLPuHH6IPAEzv2QJAe2PR8zBXuwwCVQV/3CbKn5sbmAYiGMxB +mTEJ97WK//IH9dBafF5Y7LsqwBqkBvwLJOzHa1OCTZcGZxBBwoSN4QJAUy4DMkdb +ENukagZ6ddkoQbJ7vDMuZfjl+R8B0YL10rLShhbcy4iLzs8ujqt4z1VznaAZBXaQ +ctiy9/gBMhudwA== -----END PRIVATE KEY----- diff --git a/examples/pki/certs/signing_cert.pem b/examples/pki/certs/signing_cert.pem index 6e5054d..d326411 100644 --- a/examples/pki/certs/signing_cert.pem +++ b/examples/pki/certs/signing_cert.pem @@ -3,15 +3,15 @@ MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x -MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgY8xCzAJBgNVBAYTAlVTMQsw +MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgY8xCzAJBgNVBAYTAlVTMQsw CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCBnzANBgkqhkiG9w0BAQEF -AAOBjQAwgYkCgYEAv1bjDJlncTxQYShlKHfWKn7w3e8NL21N8/89THHl8r+c3sXO -LIkn66WRCiVrJw0k5zmQ004bLFr/609KQzixkJaryKAgh6Gkl5q4HWcUF1AIHi3t -sjcRtWMC14hvLiDHRFla69LJiuQ7SeHygIY9Yrco09f9uPi8FUmS8t9ufXECAwEA -ATANBgkqhkiG9w0BAQUFAAOBgQA3wpXMrW/gk2pJNLFtFBKo3nQ4hMWSaRBNW9s6 -WpTFgIX1WdkAxz8C2WQRf1VYYaMOGO5SJBV9MDi2hIb93CcH5r+3ExdV4McWzYLL -zNpqPIp6JLehSrxNWUyHlBCVZyVBVOliTv57Woy8MczCbpeOhx/9DjDMvlISflXr -6Y6Zug== +AAOBjQAwgYkCgYEAxokm1kFNm2ixp0ajnouA2TMAhWZ2p+WOaG90oWgorYhNM3kc +l4HO1uCl5BQLCpxzgh3qC9y6KORDas91VcY2eArB9D2vibVKauYg6iOoILSZp27q +Gz6b2LdS1Aob4NeBrql0z6J5FtSP+EtgMNxb5xa5QerPo8fjeVtM0XXzCj8CAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQC6JNiZe0Sm+GMbezlvmbiJ5SkxaDePbVEeb4dc +8NuJNT9s3nwqA2em+1CVy/Hb4L5ML0vfiyWOcTaUr/yYgjO9gVTSmCvuIzjwYCBt +hJoqCxz/2al1/LT1tlg7g90+wSbEXy6AI4RQmWVI9UI5+DGMYQ4RPM02oCHy/lKO +9LQv3g== -----END CERTIFICATE----- diff --git a/examples/pki/certs/ssl_cert.pem b/examples/pki/certs/ssl_cert.pem index d705cf6..08de9c6 100644 --- a/examples/pki/certs/ssl_cert.pem +++ b/examples/pki/certs/ssl_cert.pem @@ -3,15 +3,15 @@ MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x -MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgZAxCzAJBgNVBAYTAlVTMQsw +MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgZAxCzAJBgNVBAYTAlVTMQsw CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBAKFS7ztV1Ur3H+J+UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxS -m3EQ1+qTLtHSIrwCeON2K6zht+HDxht9ATw61c3qu6NQYpfW//VH7bXXTZnF5c+d -j1awpfqejzSL6dQO5grRl1Z2JF4IR//ziCXqgzk/QdzVYjZiH0+JYaM56ukRAgMB -AAEwDQYJKoZIhvcNAQEFBQADgYEAltmvie7cuAnYbsJlHSjK84mHrEOUgpwy+Z8s -b+Pflr7NIM9menQhKJ8/S/Xap0nPcFRxsg11eqT/sHh1pROmWkBaFfx6l+8snZt6 -cF5WI/XylgSE0n+/xbUmcRpY8frAAlp2eWxCFtzs8DMWYhHP+kySYhkkYT114Uu7 -Oaj5ztQ= +BQADgY0AMIGJAoGBAKu9aaVODW0VF29oQXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjm +jAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE52VYPMwY1sOyNebN4jV9WcPGoMlobxy2 +VBTAroom975qRG5HhEbGD27NLqXbJmM6b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEAV3fx8dy+iHQWmho5cN9nO+XZOYFCehfSf8JO +pAAStYx9lt4IolZ68OOP0hVJZAj5mf1gU9wiMaoFVOSVyqOg4Ss0LLkyojaVO5Q2 +QQHQbWqUU5OY5IcKN2yArFSHDqyVjmNQjnyfiViomeSNkreIQnP61l6JGNMJEim5 +DYYH/rw= -----END CERTIFICATE----- diff --git a/examples/pki/cms/auth_token_revoked.json b/examples/pki/cms/auth_token_revoked.json index 92c6922..4b4d44e 100644 --- a/examples/pki/cms/auth_token_revoked.json +++ b/examples/pki/cms/auth_token_revoked.json @@ -1 +1 @@ -{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}} +{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2112-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}} diff --git a/examples/pki/cms/auth_token_revoked.pem b/examples/pki/cms/auth_token_revoked.pem index 706a82d..4c43cb7 100644 --- a/examples/pki/cms/auth_token_revoked.pem +++ b/examples/pki/cms/auth_token_revoked.pem @@ -24,7 +24,7 @@ MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u -ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoi LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv @@ -35,8 +35,8 @@ ZXJuYW1lMSJ9fX0NCjGCAUkwggFFAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw -BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYBVwrozZ7ZSZsTUg98slXCt52e/Y9IJ -OOMdq28JxPs3HrNaMaZle7Q7XEGLolqLGT4k9bRNJNZwC+ldCqCApTW5c/JitZu5 -MLKLRiQpfEmkcYWe3JVciFjYV5UY9MCK6X9ltMhq9eNbmpEV+WwcLpiTIZq707oY -L3PMMDvFW5qp2g== +BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCwTWpPlI+O6Ur8ied6usi2LZKTw1zu +SVEgnJHJeyTVBhakJrxf6LEaU6A2rUh49XZIX9C/RqkK+Nkjspubt9uyTn2a1dVe +LYFd5EenjYP0p4avboi/dxJvzMVdKwsTxCRygHCsTWcXtrGpM5QZzzxnQCvuFO7x +jdEfyBrYYveRew== -----END CMS----- diff --git a/examples/pki/cms/auth_token_scoped.json b/examples/pki/cms/auth_token_scoped.json index 16eb644..acf9e6a 100644 --- a/examples/pki/cms/auth_token_scoped.json +++ b/examples/pki/cms/auth_token_scoped.json @@ -1 +1 @@ -{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}} +{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2112-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}} diff --git a/examples/pki/cms/auth_token_scoped.pem b/examples/pki/cms/auth_token_scoped.pem index 8fae319..2ba9325 100644 --- a/examples/pki/cms/auth_token_scoped.pem +++ b/examples/pki/cms/auth_token_scoped.pem @@ -24,7 +24,7 @@ MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u -ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoi LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy @@ -35,7 +35,7 @@ AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF -AASBgJVelOrkaUyy9nzse+lV6qI2OK+qDhpXBZrHUeiI62ddO4ibMZw9W2+8rbLf -8RIbZ2eotF1BUvEomYQgz/NKmOpJUknhyP7w6BIhm1E2ZGUgU7r2mc/zf8Owkys0 -Urc/B/akAhWanh0lZcu1ti6OCc7hnuq5ox2QDNmrTBQIMoUn +AASBgEPfxsK7jCPYJWQIWb5FncQfd0wAw6tUjo6lisJ3HRDx+hbfzMcWcxpUEOcp +dQ05cTXAftLhtxSw5IP2TQp68zs/Y9fhwMSn4yFla5bvaqxQIgsdzpX6O8BnKfkD +DYt2iOzbgrZawe3q8mOqxa+Vv65eDwBbsbIasqieMSjdmBiV -----END CMS----- diff --git a/examples/pki/cms/auth_token_scoped_expired.json b/examples/pki/cms/auth_token_scoped_expired.json new file mode 100644 index 0000000..d36d8cf --- /dev/null +++ b/examples/pki/cms/auth_token_scoped_expired.json @@ -0,0 +1 @@ +{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2010-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}} diff --git a/examples/pki/cms/auth_token_scoped_expired.pem b/examples/pki/cms/auth_token_scoped_expired.pem new file mode 100644 index 0000000..0febbb4 --- /dev/null +++ b/examples/pki/cms/auth_token_scoped_expired.pem @@ -0,0 +1,41 @@ +-----BEGIN CMS----- +MIIHQAYJKoZIhvcNAQcCoIIHMTCCBy0CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3 +DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k +cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx +LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy +ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 +L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS +TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh +NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi +OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si +YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 +ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 +MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi +fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt +ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw +Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 +YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog +Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw +ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 +NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu +ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi +bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu +MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy +bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV +UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf +bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMC0wNi0wMlQxNDo0NzozNFoi +LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 +ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg +ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy +X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6 +ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l +IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIBSTCCAUUC +AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES +MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT +CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn +MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF +AASBgAo6fTuvdeQcLH4s/44uS0dtleGqe8LbMmIlZM5OVBTlylIAfqS52+V8o4b0 +7AvkuNEJHcexm+Jwbf9PLnIAnv+Ug6Um9ORid2PtV8DDpljTxaPZoU9693Zd26UN +kGJIRcISq3KuaDjKM1cwVJKpviXNvIIOBQK2qXOa+t5TWrvo +-----END CMS----- diff --git a/examples/pki/cms/auth_token_unscoped.json b/examples/pki/cms/auth_token_unscoped.json index b2340a7..102c12f 100644 --- a/examples/pki/cms/auth_token_unscoped.json +++ b/examples/pki/cms/auth_token_unscoped.json @@ -1 +1 @@ -{"access": {"token": {"expires": "2012-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}} \ No newline at end of file +{"access": {"token": {"expires": "2112-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}} \ No newline at end of file diff --git a/examples/pki/cms/auth_token_unscoped.pem b/examples/pki/cms/auth_token_unscoped.pem index 610e36f..b7cb4ec 100644 --- a/examples/pki/cms/auth_token_unscoped.pem +++ b/examples/pki/cms/auth_token_unscoped.pem @@ -1,6 +1,6 @@ -----BEGIN CMS----- MIICpwYJKoZIhvcNAQcCoIICmDCCApQCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3 -DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw +DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIx MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0 MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi @@ -10,8 +10,8 @@ dXNlcl9uYW1lMSJ9fX0xggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER -MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAEEEcj968A9f+WHIq0UBA42TlPhtg -AOae7hfzkknymvt6ILizFyScp0766rJfRTO+wp/lsE0CKOXU6Ihy5MhZnggo/VGV -szmitBeyDUF1hJrFi3jL62k/D6ChTxGpvu2YMRRvDyuaWO5ttS/7aqza1bv7Pry1 -BpbVtRi57LuDINk= +MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAmkWkhTZKeMWedDlqHJ1CjJ10gk+8 +0f+M34c2elgKlmztTdvbAt/mnJlPuHYMXz10NK8sT4TJrOGEVXBp6Vx+FAiasu5S +qunDGJtPEo42OW+C7H6KVx176mnb3bpBgyR0JHenTiRRn6qVkXp4R0tlHWdz/HV5 +HDyyxhNp785xygI= -----END CMS----- diff --git a/examples/pki/cms/auth_v3_token_revoked.json b/examples/pki/cms/auth_v3_token_revoked.json index ce675ce..9aecd1a 100644 --- a/examples/pki/cms/auth_v3_token_revoked.json +++ b/examples/pki/cms/auth_v3_token_revoked.json @@ -3,7 +3,7 @@ {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v3", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v3", "publicURL": "http://127.0.0.1:5000/v3"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], - "expires_at": "2012-06-02T14:47:34Z", + "expires_at": "2112-06-02T14:47:34Z", "project": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}}, "user": {"name": "revoked_username1", "id": "revoked_user_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}}, "roles": [{"name": "role1"}, {"name": "role2"}] diff --git a/examples/pki/cms/auth_v3_token_revoked.pem b/examples/pki/cms/auth_v3_token_revoked.pem index 630f664..e7bf936 100644 --- a/examples/pki/cms/auth_v3_token_revoked.pem +++ b/examples/pki/cms/auth_v3_token_revoked.pem @@ -25,7 +25,7 @@ MjcuMC4wLjE6MzUzNTcvdjMiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRl cm5hbFVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwgInB1YmxpY1VS TCI6ICJodHRwOi8vMTI3LjAuMC4xOjUwMDAvdjMifV0sICJlbmRwb2ludHNfbGlu a3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9uZSJ9 -XSwNCiAgICAgImV4cGlyZXNfYXQiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoiLA0K +XSwNCiAgICAgImV4cGlyZXNfYXQiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoiLA0K ICAgICAicHJvamVjdCI6IHsiZW5hYmxlZCI6IHRydWUsICJkZXNjcmlwdGlvbiI6 IG51bGwsICJuYW1lIjogInRlbmFudF9uYW1lMSIsICJpZCI6ICJ0ZW5hbnRfaWQx IiwgImRvbWFpbiI6IHsiaWQiOiAiZG9tYWluX2lkMSIsICJuYW1lIjogImRvbWFp @@ -37,8 +37,8 @@ DQogICAgfQ0KfQ0KMYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNV BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAH -BgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgHI+folnKZbYybTnDo5X3b43LzqXzDMy -H1HrXW/MIiNVw58JLtcRYp6C2A8TeoAduvt/IkI7YgQ+EDfbYOQ0HSbmnNEyc8nQ -jAsyD+plz+42eYfTGR+dhZWFmXPxEKE5RB/FQLEqZoJxOICxKzYezSGhreAh9mu/ -Xq/GOSYVo7Rz +BgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgDcPIVP0gTYC5z+gnEqzof1QvciIUY4q +lGNQ+G/7wdajcrCb5Cy3NWrAN/Cgnsz06ilhTIHs2LfbgROG8C4MMLHvIccQ81Uo +kPnEFtSnBwNvhHhzMwCdA0crwpf+0KzpW/8LBtFrrka3fwUJYngq6tARWZVt5UGn +PolkJuSwsztW -----END CMS----- diff --git a/examples/pki/cms/auth_v3_token_scoped.json b/examples/pki/cms/auth_v3_token_scoped.json index c2071f6..b49d7e1 100644 --- a/examples/pki/cms/auth_v3_token_scoped.json +++ b/examples/pki/cms/auth_v3_token_scoped.json @@ -3,7 +3,7 @@ {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v3", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v3", "publicURL": "http://127.0.0.1:5000/v3"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], - "expires_at": "2012-06-02T14:47:34Z", + "expires_at": "2112-06-02T14:47:34Z", "project": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}}, "user": {"name": "user_name1", "id": "user_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}}, "roles": [{"name": "role1"}, {"name": "role2"}] diff --git a/examples/pki/cms/auth_v3_token_scoped.pem b/examples/pki/cms/auth_v3_token_scoped.pem index f90490e..ee98813 100644 --- a/examples/pki/cms/auth_v3_token_scoped.pem +++ b/examples/pki/cms/auth_v3_token_scoped.pem @@ -24,7 +24,7 @@ ZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwgInJlZ2lvbiI6 ICJSZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMToz NTM1Ny92MyIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3Yz In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImlkZW50aXR5Iiwg -Im5hbWUiOiAia2V5c3RvbmUifV0sDQoJICJleHBpcmVzX2F0IjogIjIwMTItMDYt +Im5hbWUiOiAia2V5c3RvbmUifV0sDQoJICJleHBpcmVzX2F0IjogIjIxMTItMDYt MDJUMTQ6NDc6MzRaIiwNCgkgInByb2plY3QiOiB7ImVuYWJsZWQiOiB0cnVlLCAi ZGVzY3JpcHRpb24iOiBudWxsLCAibmFtZSI6ICJ0ZW5hbnRfbmFtZTEiLCAiaWQi OiAidGVuYW50X2lkMSIsICJkb21haW4iOiB7ImlkIjogImRvbWFpbl9pZDEiLCAi @@ -36,7 +36,7 @@ DQoxggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJ BgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFj azERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0b25lQG9w ZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgERMAcGBSsOAwIaMA0G -CSqGSIb3DQEBAQUABIGAE2Xc5jwDUveWjgn/RItwzqsi4PZw+8dgJELGE/+qVrcE -gJ5iXsR9Lx4yy932ETXFZ1fb+WTX6ytBkvUDMUI4xebZlrF3MIY2RZBzRT+JO0q0 -GsqX9JFtxSKpZcizWMz9HXTNPR44eCmC5ywPTr+igj+xJ2eDgz/ekp1hrnJBu2c= +CSqGSIb3DQEBAQUABIGAxb2GSHoV7yzFDoW6sJwRK49xgMO3bpcU6s+yxUh4auLR +MQ8Wso1xzDPnG2Xp886u0Wvw9dUC2s1qTD1aXKDdaHY0FUXC3pWUypR+6Ky5M7WP +YJvDJfD0fdPX44SHwXo9Zy+DcU4zcRCucC4/5zn5w30qd1t1mwvd8GNdxvUqmZ8= -----END CMS----- diff --git a/examples/pki/cms/revocation_list.pem b/examples/pki/cms/revocation_list.pem index 8fcfa7e..1832fad 100644 --- a/examples/pki/cms/revocation_list.pem +++ b/examples/pki/cms/revocation_list.pem @@ -6,7 +6,7 @@ MYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq -hkiG9w0BAQEFAASBgJMkLgRgYefScR8x1/htXmSqvqMDo6LmjKE+FePLK0USPPw7 -kpAS8U8zuxR2l7nd/Dy6YrwuNrtKiifF1RiPgtmvZ93GJw3lDWPVKK0G+xK9lNqI -cNlWHSJo++jU2ZTk7TuC8OjhxPlsC7KTXXrIE4E6dsV6IeRE1BTEUD4bvI/l +hkiG9w0BAQEFAASBgBOGqBdORuXd+3VITnCKoOrgJqiqbvtW7TvRmBQfQ7wyYb1/ +zdvWswYlR770fnfTK82c9xwTRYzCpwS9sJk4byYG2dG1WYqNqS7Qs8EYhz2nsPf/ +6uMy19t+YnoLwFm8DNPr5najc6AGgBxryQPmQ/TcHqFGmjABwUgdDfLs7InZ -----END CMS----- diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh index 5cea13e..1e4fd2a 100755 --- a/examples/pki/gen_pki.sh +++ b/examples/pki/gen_pki.sh @@ -203,7 +203,7 @@ function check_openssl { } function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json" + for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json" do openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} done diff --git a/examples/pki/private/cakey.pem b/examples/pki/private/cakey.pem index fd38aee..d7523ce 100644 --- a/examples/pki/private/cakey.pem +++ b/examples/pki/private/cakey.pem @@ -1,16 +1,16 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJ9ua8GSnhyRr7J5 -Wvu+PTwU4Vo2KrazwwE/Fd32dcZtX6at0/Zr62dADsC0Ig6MTfVZCIrrf2HJpTzW -CXa4n0kZXRZaq/L/qIv3Yl51FAOl06nCCsC1g+IIG4OnnQW+YbLfB0MHsOV/TdFb -C6Y5t4UzFh0i6WqF7Z9ADKsBBXYlAgMBAAECgYEAmuWUSdCiT014L2VacUXGhq4e -uB/yZenG51oca7e9e5jeGrm+Oydk4b7J1o3snMfSIjJra1UcQKzCHpYxQahkD/+/ -XXz7+1jMHyZwaiGcrzqBltcCgfp1ogiT/hjidBzIgyOAv+CN5NpRBvLMGgEZpE8G -BX3hxvTEaEvt6B6qqg0CQQDMH4LHEhMWrR5r0w3Cd6Xnx6AdQLhXvsjsxU/vQayn -rm2jb7Gnk9P9v/1rylDHESdkPewSc5Vxde8rk1ldDe9DAkEAx/M2KXDW9AVKXwap -qP6RjejopxqHK5lgcDr56cybUGib+dYndQFVQmhpYPz1C+b9sbn1iVpXLKpsO2JG -6EjqdwJBAKQWdJ+otPWWpwzQdZAtdI21GM5LN6U5tfU3zEEuDyggfPxUDoECwfiK -/KJI2dScwoi/imVuyuSRhHkIE19Nk1cCQG9wX+ls2ICcSjz4C6sCZsE+5BvuLxPf -od4rIIpr3MxN4VC3SLpvicM/SiwiD7kYfqCFUhHBZgCg4z2dooNn0DUCQHUV8DsM -ZoWx2D6sqaI9KExwzfLR/9AbDpqyDa/js8LSMqo5OakA47buqKiWaBlBfSb/qccz -NsmQV0JeyF6cJB0= +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANP4aC8OC1gE7zIo +MIndBoR+SFmiC+FQ7JTQBa4rLhT63Zkw8Mb9W+x51mnphsX9QjXT/Fh4e617UQDt +o2bF3FgVfxj8teMHA4UBLDjlJIJWak+ZAROYwL8cZHOtFcjv5BxR6PXhSywufHZK +NvqIv321L7TCuV6w05jrMegH7zQpAgMBAAECgYBv/WEF41So90ps5IDohacI3zNY +b9349+lWoiUuJNAe83+ajRnY+EjVwnU+1cuH1Uti5xH+qAEn4ewlImhfRxAnX17X +kW45wMoI8V5xZW7NyeaWtsv57Ssq5CIGbhVamp0HKCwaz3DhFhctudD8bKrapF0l +VK8AQYquzCuqC2lBAQJBAOyAZatJOssW4UmaaHUiSUKxIpgpAKXHLzpWUvuREG39 +pI9sZSv6WDA3Ab8/60CPI0Ovy6KhgikncaWOBunBjwkCQQDlckEDM+VZQYa7RzzZ +cEQltX1BxMduSlXqbsGxis7SPaOOrapnb1RtDbeM2FwvMmB3qtq3eQMzjLa25dXQ +CqQhAkEAiUf2vDij0iOT3n+sxuGCGR5tcFnMsG4wsfJN9Q09tjsXfNF04NROwJ4N +e5CE5FKyK6Yt1FdgELd+tpT82k+q0QJAGhUk4tJRbhYO1NdCSY2Dka3R8VoHObhl +j+LLTf1ziV7Mavm+90cml8cJaI9n202kvbXEazrsbD3Av4XdCmtLQQJBANXVSnQy +omf86+CtUs7bb3S4PieCk0vKO2KQqfaYb2QuaTfULqUHvc9u8iIqEtzdn2uI3ET9 +kQLZ4IgnoBb0JVo= -----END PRIVATE KEY----- diff --git a/examples/pki/private/signing_key.pem b/examples/pki/private/signing_key.pem index dedde22..a20acc4 100644 --- a/examples/pki/private/signing_key.pem +++ b/examples/pki/private/signing_key.pem @@ -1,16 +1,16 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL9W4wyZZ3E8UGEo -ZSh31ip+8N3vDS9tTfP/PUxx5fK/nN7FziyJJ+ulkQolaycNJOc5kNNOGyxa/+tP -SkM4sZCWq8igIIehpJeauB1nFBdQCB4t7bI3EbVjAteIby4gx0RZWuvSyYrkO0nh -8oCGPWK3KNPX/bj4vBVJkvLfbn1xAgMBAAECgYEAiUigE7QlghuSWIORQR3qbgcy -bypLvZGhcsXZh3XZVPiiZzxpl465M9xRWoRKg3Rs2/JztQi/em24XW9Ai0asLyHL -u/kZ45A6fbX51QsY989eS0zwsKV/YzY4V2Nvv+MkzfR/sSdtnOu5C0pPf+wuyazZ -6Ky2/GpIcEA8yTl1q3kCQQDozmQdIdWG/9viBxdoW8wXlb2zA47MaV9WphLwC1rV -J/00X0SgM94it1BhltxCTrIQ72WF7vBtvDw51N1Rf1wnAkEA0mbnrmAiKwfJVyeV -PUN0fz5N6JKsUSVEY6Wt+ySDJqmro27uiHgZhmQb+lwLE5VfTZrdLx5LGa2Mr4w0 -8degpwJBAN1AKQ02toPSbdpl+u0HMPPJL7wNyYyjKCRlOOJBKFYj5xP65nGKWbaM -mSvl//ZUbA6ENewPpRflKSedEaj+bUkCQDfdXNye59OXEK2Uc/q9Q1xZtaPv9dLh -20O+BPDu4+fLGyic1rbjdJuLTyZtc/9yJMjdOqc9GuGpg/ZEevZPs3cCQDa2AbNj -uF+KX2u9+38hcN4APnGAk7Z452WbwoXBY7X4SsA4xYqjPIw3QEOqn2zT4A6dt0IX -11zRtas1zYePTXg= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMaJJtZBTZtosadG +o56LgNkzAIVmdqfljmhvdKFoKK2ITTN5HJeBztbgpeQUCwqcc4Id6gvcuijkQ2rP +dVXGNngKwfQ9r4m1SmrmIOojqCC0madu6hs+m9i3UtQKG+DXga6pdM+ieRbUj/hL +YDDcW+cWuUHqz6PH43lbTNF18wo/AgMBAAECgYEAp+1QPT+FLiNSyONV9/+VX6Hl +GfC+AmuHlcxYQUIBzi4Q5q3VQk1Yr6Xai11srXABv5gf5CKyD25rm8eYPpHmdQsj +33vjb9yQ/1Ts8NR1YJ5Gxs5iawPATzm5yjim5sPJJrjJy9hl8uEEqRca/14CSva5 +X4VrVy7RVmimmaumOwECQQDrLZ8SDut+qrhFhWZKAupXTpM5AlJBUkCPyqVnPgKg +cEVAktXryknAr535bK0C16CX3dpUzfS7ksYOxNrLuUi/AkEA2B0E2O4NZW82PdBf +D1JUUv9dBlilrGAVxNrmFkiqk3NcdeiB21yFrQ33VcBocgBoY2oKdOBXoTQFOJXJ +9bEegQJANmXUEIJA+IiWnQYRNfdcqxsytJIT4qYa5uexwKK4StINQrV0I9kjnB1D +BimcDzc/H0GiudD11dlKVKo2Db9q0wJAIxKykrIvomKmHuoOQ2JNJRskcb85Q/xk +DAqqhLtOU5fJTalqSbt+RlOZ7GTJjpbaWif/gnBWSGc04bYNjL4uAQJAE1ZswXw5 +N813tirpa+bnfxcffDDRk4mk0jfHtCjhASelzzvFXh4f00TW+odn4cp4NLd3QQ2p +59a2PmibzgJsTw== -----END PRIVATE KEY----- diff --git a/examples/pki/private/ssl_key.pem b/examples/pki/private/ssl_key.pem index ab8dca4..4877ae3 100644 --- a/examples/pki/private/ssl_key.pem +++ b/examples/pki/private/ssl_key.pem @@ -1,16 +1,16 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKFS7ztV1Ur3H+J+ -UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxSm3EQ1+qTLtHSIrwCeON2K6zht+HDxht9 -ATw61c3qu6NQYpfW//VH7bXXTZnF5c+dj1awpfqejzSL6dQO5grRl1Z2JF4IR//z -iCXqgzk/QdzVYjZiH0+JYaM56ukRAgMBAAECgYARVPiw1kLpH+3EBrBZ/GN2n+1g -yxQ0i+px7JcRkyzS9nh0PUfH+PhJknCISFxE+LsGLQ76LvHzhnYFRAPa9bM8lZQx -gAjroYx8vXSD5pcmDs+7SqxWCP/PI9IlT6F0dHanwXcLPjPCeBUZN/Z/ZyuOIpML -DMDfbXHpbg9BF41qJQJBANPJ2VG6KrSqxzM1f7AHSpOp2UZqylMCe14TMSkWaHHX -Bla8p+6D76Ixskh49L9yEpxFplgLP3fRcFfNpRCUSY8CQQDDADhxiQ+jsR69YJMe -QYXYLpQfF2751x789NPfpytDEUOFZ8yyyLp3aNOAYoMrLXaMQTLTJgT5dA2D8QdU -shNfAkEAwDzEnPFt2CX3wFy8NSy5HcWbKda/JY/oKSEki1YCoep6n3qIt/BcMI4J -dM0N40SI7f4umlZDWt/pqFlKjfz7swJARYbjmR+ccunpIu63JdeI6G6bI4bQa8ZW -5yxICvtowm36XCuJYcmOKps2phT53cBE/3cTrxNkPKkzVHLxATLJEwJBAL5sOt1g -ChxUqvhBQtTgToX/WTDtGF3PEBNwU0YeOz4GweoqABxMzg08W/6rvsIFismNuWY5 -W6bZ8CxyKPcq/aE= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKu9aaVODW0VF29o +QXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjmjAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE +52VYPMwY1sOyNebN4jV9WcPGoMlobxy2VBTAroom975qRG5HhEbGD27NLqXbJmM6 +b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMBAAECgYEAmehJgScNyTAZrHGWHUnFSu2B +ByWNPVYplabEqWlYZQWLwse5uQRlCW+2S1cuwQqU+p09TlBLFhPywiku5hfJgvZx +EzjAJHYFdrGreD5y9NKapuWfaSM/JZ2+3u1Cy+d/0MoLbAd6Bmc8YU2NH1VPCPGQ +q2fKCweMrYaymmcD7wECQQDdUnFycODvaXWlYAaCVvOWllejNhA+uA1ljmhEAoEh +ES12LdM7cDK9szq55WZ2UPNS/8huCMfPDtBRHy+twsSZAkEAxqYn1sK3WWX8bzu5 +Eu7cpcFvYTvoJYVChK7LjplpKACnRzcQztPi/aLS0UVtjyf7+zhZTNDexwhm0hWJ +o58BeQJAXxMAaxH0fsRF5pHWmf0yTNkuso0R829rSdogDj8pK4ROjDrpR9pN4dHx +g1P5bRAfRuNcPXCGLPuHH6IPAEzv2QJAe2PR8zBXuwwCVQV/3CbKn5sbmAYiGMxB +mTEJ97WK//IH9dBafF5Y7LsqwBqkBvwLJOzHa1OCTZcGZxBBwoSN4QJAUy4DMkdb +ENukagZ6ddkoQbJ7vDMuZfjl+R8B0YL10rLShhbcy4iLzs8ujqt4z1VznaAZBXaQ +ctiy9/gBMhudwA== -----END PRIVATE KEY----- diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 0d0e124..985ee6f 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -690,7 +690,8 @@ class AuthProtocol(object): data = json.loads(verified) else: data = self.verify_uuid_token(user_token, retry) - self._cache_put(token_id, data) + expires = self._confirm_token_not_expired(data) + self._cache_put(token_id, data, expires) return data except Exception as e: self.LOG.debug('Token validation failure.', exc_info=True) @@ -924,23 +925,31 @@ class AuthProtocol(object): data_to_store, timeout=self.token_cache_time) - def _cache_put(self, token, data): + def _confirm_token_not_expired(self, data): + if not data: + raise InvalidUserToken('Token authorization failed') + if self._token_is_v2(data): + timestamp = data['access']['token']['expires'] + elif self._token_is_v3(data): + timestamp = data['token']['expires_at'] + else: + raise InvalidUserToken('Token authorization failed') + expires = timeutils.parse_isotime(timestamp).strftime('%s') + if time.time() >= float(expires): + self.LOG.debug('Token expired a %s', timestamp) + raise InvalidUserToken('Token authorization failed') + return expires + + def _cache_put(self, token, data, expires): """ Put token data into the cache. Stores the parsed expire date in cache allowing quick check of token freshness on retrieval. + """ - if self._cache and data: - if self._token_is_v2(data): - timestamp = data['access']['token']['expires'] - elif self._token_is_v3(data): - timestamp = data['token']['expires_at'] - else: - self.LOG.error('invalid token format') - return - expires = timeutils.parse_isotime(timestamp).strftime('%s') - self.LOG.debug('Storing %s token in memcache', token) - self._cache_store(token, data, expires) + if self._cache: + self.LOG.debug('Storing %s token in memcache', token) + self._cache_store(token, data, expires) def _cache_store_invalid(self, token): """Store invalid token in cache.""" diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py index 86d9ee2..88c0339 100644 --- a/tests/test_auth_token_middleware.py +++ b/tests/test_auth_token_middleware.py @@ -54,6 +54,7 @@ SIGNED_v3_TOKEN_UNSCOPED = None SIGNED_TOKEN_SCOPED_KEY = None SIGNED_TOKEN_UNSCOPED_KEY = None SIGNED_v3_TOKEN_SCOPED_KEY = None +SIGNED_TOKEN_SCOPED_EXPIRED = None VALID_SIGNED_REVOCATION_LIST = None @@ -253,6 +254,9 @@ def setUpModule(self): with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f: self.REVOKED_TOKEN = cms.cms_to_token(f.read()) self.REVOKED_TOKEN_HASH = utils.hash_signed_token(self.REVOKED_TOKEN) + with open(os.path.join(signing_path, + 'auth_token_scoped_expired.pem')) as f: + self.SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read()) with open(os.path.join(signing_path, 'auth_v3_token_revoked.pem')) as f: self.REVOKED_v3_TOKEN = cms.cms_to_token(f.read()) self.REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(self.REVOKED_v3_TOKEN) @@ -414,7 +418,7 @@ class BaseFakeHTTPConnection(object): body = jsonutils.dumps({ 'access': { 'token': {'id': 'admin_token2', - 'expires': '2012-10-03T16:58:01Z'} + 'expires': '2022-10-03T16:58:01Z'} }, }) return status, body @@ -571,6 +575,7 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase): 'uuid_token_default': UUID_TOKEN_DEFAULT, 'uuid_token_unscoped': UUID_TOKEN_UNSCOPED, 'signed_token_scoped': SIGNED_TOKEN_SCOPED, + 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, 'revoked_token': REVOKED_TOKEN, 'revoked_token_hash': REVOKED_TOKEN_HASH } @@ -941,6 +946,13 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest): self.middleware(req.environ, self.start_fake_response) self.assertNotEqual(self._get_cached_token(token), None) + def test_expired(self): + req = webob.Request.blank('/') + token = self.token_dict['signed_token_scoped_expired'] + req.headers['X-Auth-Token'] = token + self.middleware(req.environ, self.start_fake_response) + self.assertEqual(self.response_status, 401) + def test_memcache_set_invalid(self): req = webob.Request.blank('/') token = 'invalid-token' @@ -1302,6 +1314,7 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest): 'uuid_token_default': v3_UUID_TOKEN_DEFAULT, 'uuid_token_unscoped': v3_UUID_TOKEN_UNSCOPED, 'signed_token_scoped': SIGNED_v3_TOKEN_SCOPED, + 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED, 'revoked_token': REVOKED_v3_TOKEN, 'revoked_token_hash': REVOKED_v3_TOKEN_HASH }