From 99512c41e8ea9f67f379f9abc54b139de80e0c42 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Tue, 28 May 2013 09:50:51 -0400
Subject: [PATCH] Check Expiry
Explicitly checks the expiry on the tokens, and rejects tokens that
have expired
had to regenerate the sample data for the tokens as they all had been
generated with values that are now expired.
bug 1179615
Change-Id: Ie06500d446f55fd0ad67ea540c92d8cfc57483f4
Conflicts:
tests/test_auth_token_middleware.py
---
examples/pki/certs/cacert.pem | 20 +++++------
examples/pki/certs/middleware.pem | 44 ++++++++++++-------------
examples/pki/certs/signing_cert.pem | 16 ++++-----
examples/pki/certs/ssl_cert.pem | 16 ++++-----
examples/pki/cms/auth_token_revoked.json | 2 +-
examples/pki/cms/auth_token_revoked.pem | 10 +++---
examples/pki/cms/auth_token_scoped.json | 2 +-
examples/pki/cms/auth_token_scoped.pem | 8 ++---
examples/pki/cms/auth_token_scoped_expired.json | 1 +
examples/pki/cms/auth_token_scoped_expired.pem | 41 +++++++++++++++++++++++
examples/pki/cms/auth_token_unscoped.json | 2 +-
examples/pki/cms/auth_token_unscoped.pem | 10 +++---
examples/pki/cms/auth_v3_token_revoked.json | 2 +-
examples/pki/cms/auth_v3_token_revoked.pem | 10 +++---
examples/pki/cms/auth_v3_token_scoped.json | 2 +-
examples/pki/cms/auth_v3_token_scoped.pem | 8 ++---
examples/pki/cms/revocation_list.pem | 6 ++--
examples/pki/gen_pki.sh | 2 +-
examples/pki/private/cakey.pem | 28 ++++++++--------
examples/pki/private/signing_key.pem | 28 ++++++++--------
examples/pki/private/ssl_key.pem | 28 ++++++++--------
keystoneclient/middleware/auth_token.py | 35 ++++++++++++--------
tests/test_auth_token_middleware.py | 15 ++++++++-
23 files changed, 200 insertions(+), 136 deletions(-)
create mode 100644 examples/pki/cms/auth_token_scoped_expired.json
create mode 100644 examples/pki/cms/auth_token_scoped_expired.pem
diff --git a/examples/pki/certs/cacert.pem b/examples/pki/certs/cacert.pem
index 1b5ff82..6eb1a87 100644
--- a/examples/pki/certs/cacert.pem
+++ b/examples/pki/certs/cacert.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0TCCAjqgAwIBAgIJAPahRNeykBzVMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD
+MIIC0TCCAjqgAwIBAgIJAJ+8kJVQMu5VMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD
VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55
dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG
CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs
-ZiBTaWduZWQwIBcNMTMwMzI0MDkwNTIzWhgPMjA3MTA5MTYwOTA1MjNaMIGeMQow
+ZiBTaWduZWQwIBcNMTMwNTI4MTM0OTMxWhgPMjA3MTExMjAxMzQ5MzFaMIGeMQow
CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1
bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl
MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML
-U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ9ua8GSnhyR
-r7J5Wvu+PTwU4Vo2KrazwwE/Fd32dcZtX6at0/Zr62dADsC0Ig6MTfVZCIrrf2HJ
-pTzWCXa4n0kZXRZaq/L/qIv3Yl51FAOl06nCCsC1g+IIG4OnnQW+YbLfB0MHsOV/
-TdFbC6Y5t4UzFh0i6WqF7Z9ADKsBBXYlAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADgYEACDpeI6XYf9yt+7cmG1r3i0a+GTXcMjz1WHOW
-/KVYKjolMLaAygmcUls0uecI8XCUFYqM5L9M9cTl8iUOAkyYvUfpWAFaxhzEkLZ6
-HkNEd1BfrUJAG2C2vVgCbnok+ltjMnl2EM/e7YuV3bc1CSfs9UvAM54ArVYyNVKU
-dufa8EQ=
+U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANP4aC8OC1gE
+7zIoMIndBoR+SFmiC+FQ7JTQBa4rLhT63Zkw8Mb9W+x51mnphsX9QjXT/Fh4e617
+UQDto2bF3FgVfxj8teMHA4UBLDjlJIJWak+ZAROYwL8cZHOtFcjv5BxR6PXhSywu
+fHZKNvqIv321L7TCuV6w05jrMegH7zQpAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADgYEAhz2Q++D6bbLa/MamMK/k+MPiFEj46d/RsSDS
+4XIDK5xsn7sXO0UW830IwtyUIrMuFSGix5oKmPgyJGSVZHjLsVT+4bh8puMvE4ic
+QuWhLJmwDaTv11Q9FYIB3jEbvprx+PvqAydkHBdw8zCDwXmpo/Arc1Br7gKuR5WS
+gkRQZIw=
-----END CERTIFICATE-----
diff --git a/examples/pki/certs/middleware.pem b/examples/pki/certs/middleware.pem
index d93d2e3..bacc361 100644
--- a/examples/pki/certs/middleware.pem
+++ b/examples/pki/certs/middleware.pem
@@ -3,31 +3,31 @@ MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgZAxCzAJBgNVBAYTAlVTMQsw
+MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgZAxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKFS7ztV1Ur3H+J+UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxS
-m3EQ1+qTLtHSIrwCeON2K6zht+HDxht9ATw61c3qu6NQYpfW//VH7bXXTZnF5c+d
-j1awpfqejzSL6dQO5grRl1Z2JF4IR//ziCXqgzk/QdzVYjZiH0+JYaM56ukRAgMB
-AAEwDQYJKoZIhvcNAQEFBQADgYEAltmvie7cuAnYbsJlHSjK84mHrEOUgpwy+Z8s
-b+Pflr7NIM9menQhKJ8/S/Xap0nPcFRxsg11eqT/sHh1pROmWkBaFfx6l+8snZt6
-cF5WI/XylgSE0n+/xbUmcRpY8frAAlp2eWxCFtzs8DMWYhHP+kySYhkkYT114Uu7
-Oaj5ztQ=
+BQADgY0AMIGJAoGBAKu9aaVODW0VF29oQXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjm
+jAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE52VYPMwY1sOyNebN4jV9WcPGoMlobxy2
+VBTAroom975qRG5HhEbGD27NLqXbJmM6b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMB
+AAEwDQYJKoZIhvcNAQEFBQADgYEAV3fx8dy+iHQWmho5cN9nO+XZOYFCehfSf8JO
+pAAStYx9lt4IolZ68OOP0hVJZAj5mf1gU9wiMaoFVOSVyqOg4Ss0LLkyojaVO5Q2
+QQHQbWqUU5OY5IcKN2yArFSHDqyVjmNQjnyfiViomeSNkreIQnP61l6JGNMJEim5
+DYYH/rw=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKFS7ztV1Ur3H+J+
-UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxSm3EQ1+qTLtHSIrwCeON2K6zht+HDxht9
-ATw61c3qu6NQYpfW//VH7bXXTZnF5c+dj1awpfqejzSL6dQO5grRl1Z2JF4IR//z
-iCXqgzk/QdzVYjZiH0+JYaM56ukRAgMBAAECgYARVPiw1kLpH+3EBrBZ/GN2n+1g
-yxQ0i+px7JcRkyzS9nh0PUfH+PhJknCISFxE+LsGLQ76LvHzhnYFRAPa9bM8lZQx
-gAjroYx8vXSD5pcmDs+7SqxWCP/PI9IlT6F0dHanwXcLPjPCeBUZN/Z/ZyuOIpML
-DMDfbXHpbg9BF41qJQJBANPJ2VG6KrSqxzM1f7AHSpOp2UZqylMCe14TMSkWaHHX
-Bla8p+6D76Ixskh49L9yEpxFplgLP3fRcFfNpRCUSY8CQQDDADhxiQ+jsR69YJMe
-QYXYLpQfF2751x789NPfpytDEUOFZ8yyyLp3aNOAYoMrLXaMQTLTJgT5dA2D8QdU
-shNfAkEAwDzEnPFt2CX3wFy8NSy5HcWbKda/JY/oKSEki1YCoep6n3qIt/BcMI4J
-dM0N40SI7f4umlZDWt/pqFlKjfz7swJARYbjmR+ccunpIu63JdeI6G6bI4bQa8ZW
-5yxICvtowm36XCuJYcmOKps2phT53cBE/3cTrxNkPKkzVHLxATLJEwJBAL5sOt1g
-ChxUqvhBQtTgToX/WTDtGF3PEBNwU0YeOz4GweoqABxMzg08W/6rvsIFismNuWY5
-W6bZ8CxyKPcq/aE=
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKu9aaVODW0VF29o
+QXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjmjAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE
+52VYPMwY1sOyNebN4jV9WcPGoMlobxy2VBTAroom975qRG5HhEbGD27NLqXbJmM6
+b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMBAAECgYEAmehJgScNyTAZrHGWHUnFSu2B
+ByWNPVYplabEqWlYZQWLwse5uQRlCW+2S1cuwQqU+p09TlBLFhPywiku5hfJgvZx
+EzjAJHYFdrGreD5y9NKapuWfaSM/JZ2+3u1Cy+d/0MoLbAd6Bmc8YU2NH1VPCPGQ
+q2fKCweMrYaymmcD7wECQQDdUnFycODvaXWlYAaCVvOWllejNhA+uA1ljmhEAoEh
+ES12LdM7cDK9szq55WZ2UPNS/8huCMfPDtBRHy+twsSZAkEAxqYn1sK3WWX8bzu5
+Eu7cpcFvYTvoJYVChK7LjplpKACnRzcQztPi/aLS0UVtjyf7+zhZTNDexwhm0hWJ
+o58BeQJAXxMAaxH0fsRF5pHWmf0yTNkuso0R829rSdogDj8pK4ROjDrpR9pN4dHx
+g1P5bRAfRuNcPXCGLPuHH6IPAEzv2QJAe2PR8zBXuwwCVQV/3CbKn5sbmAYiGMxB
+mTEJ97WK//IH9dBafF5Y7LsqwBqkBvwLJOzHa1OCTZcGZxBBwoSN4QJAUy4DMkdb
+ENukagZ6ddkoQbJ7vDMuZfjl+R8B0YL10rLShhbcy4iLzs8ujqt4z1VznaAZBXaQ
+ctiy9/gBMhudwA==
-----END PRIVATE KEY-----
diff --git a/examples/pki/certs/signing_cert.pem b/examples/pki/certs/signing_cert.pem
index 6e5054d..d326411 100644
--- a/examples/pki/certs/signing_cert.pem
+++ b/examples/pki/certs/signing_cert.pem
@@ -3,15 +3,15 @@ MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgY8xCzAJBgNVBAYTAlVTMQsw
+MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgY8xCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAv1bjDJlncTxQYShlKHfWKn7w3e8NL21N8/89THHl8r+c3sXO
-LIkn66WRCiVrJw0k5zmQ004bLFr/609KQzixkJaryKAgh6Gkl5q4HWcUF1AIHi3t
-sjcRtWMC14hvLiDHRFla69LJiuQ7SeHygIY9Yrco09f9uPi8FUmS8t9ufXECAwEA
-ATANBgkqhkiG9w0BAQUFAAOBgQA3wpXMrW/gk2pJNLFtFBKo3nQ4hMWSaRBNW9s6
-WpTFgIX1WdkAxz8C2WQRf1VYYaMOGO5SJBV9MDi2hIb93CcH5r+3ExdV4McWzYLL
-zNpqPIp6JLehSrxNWUyHlBCVZyVBVOliTv57Woy8MczCbpeOhx/9DjDMvlISflXr
-6Y6Zug==
+AAOBjQAwgYkCgYEAxokm1kFNm2ixp0ajnouA2TMAhWZ2p+WOaG90oWgorYhNM3kc
+l4HO1uCl5BQLCpxzgh3qC9y6KORDas91VcY2eArB9D2vibVKauYg6iOoILSZp27q
+Gz6b2LdS1Aob4NeBrql0z6J5FtSP+EtgMNxb5xa5QerPo8fjeVtM0XXzCj8CAwEA
+ATANBgkqhkiG9w0BAQUFAAOBgQC6JNiZe0Sm+GMbezlvmbiJ5SkxaDePbVEeb4dc
+8NuJNT9s3nwqA2em+1CVy/Hb4L5ML0vfiyWOcTaUr/yYgjO9gVTSmCvuIzjwYCBt
+hJoqCxz/2al1/LT1tlg7g90+wSbEXy6AI4RQmWVI9UI5+DGMYQ4RPM02oCHy/lKO
+9LQv3g==
-----END CERTIFICATE-----
diff --git a/examples/pki/certs/ssl_cert.pem b/examples/pki/certs/ssl_cert.pem
index d705cf6..08de9c6 100644
--- a/examples/pki/certs/ssl_cert.pem
+++ b/examples/pki/certs/ssl_cert.pem
@@ -3,15 +3,15 @@ MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
-MzAzMjQwOTA1MjNaGA8yMDcxMDkxNjA5MDUyM1owgZAxCzAJBgNVBAYTAlVTMQsw
+MzA1MjgxMzQ5MzFaGA8yMDcxMTEyMDEzNDkzMVowgZAxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAKFS7ztV1Ur3H+J+UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxS
-m3EQ1+qTLtHSIrwCeON2K6zht+HDxht9ATw61c3qu6NQYpfW//VH7bXXTZnF5c+d
-j1awpfqejzSL6dQO5grRl1Z2JF4IR//ziCXqgzk/QdzVYjZiH0+JYaM56ukRAgMB
-AAEwDQYJKoZIhvcNAQEFBQADgYEAltmvie7cuAnYbsJlHSjK84mHrEOUgpwy+Z8s
-b+Pflr7NIM9menQhKJ8/S/Xap0nPcFRxsg11eqT/sHh1pROmWkBaFfx6l+8snZt6
-cF5WI/XylgSE0n+/xbUmcRpY8frAAlp2eWxCFtzs8DMWYhHP+kySYhkkYT114Uu7
-Oaj5ztQ=
+BQADgY0AMIGJAoGBAKu9aaVODW0VF29oQXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjm
+jAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE52VYPMwY1sOyNebN4jV9WcPGoMlobxy2
+VBTAroom975qRG5HhEbGD27NLqXbJmM6b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMB
+AAEwDQYJKoZIhvcNAQEFBQADgYEAV3fx8dy+iHQWmho5cN9nO+XZOYFCehfSf8JO
+pAAStYx9lt4IolZ68OOP0hVJZAj5mf1gU9wiMaoFVOSVyqOg4Ss0LLkyojaVO5Q2
+QQHQbWqUU5OY5IcKN2yArFSHDqyVjmNQjnyfiViomeSNkreIQnP61l6JGNMJEim5
+DYYH/rw=
-----END CERTIFICATE-----
diff --git a/examples/pki/cms/auth_token_revoked.json b/examples/pki/cms/auth_token_revoked.json
index 92c6922..4b4d44e 100644
--- a/examples/pki/cms/auth_token_revoked.json
+++ b/examples/pki/cms/auth_token_revoked.json
@@ -1 +1 @@
-{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}}
+{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2112-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}}
diff --git a/examples/pki/cms/auth_token_revoked.pem b/examples/pki/cms/auth_token_revoked.pem
index 706a82d..4c43cb7 100644
--- a/examples/pki/cms/auth_token_revoked.pem
+++ b/examples/pki/cms/auth_token_revoked.pem
@@ -24,7 +24,7 @@ MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy
bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV
UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf
bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u
-ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi
+ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoi
LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1
ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv
@@ -35,8 +35,8 @@ ZXJuYW1lMSJ9fX0NCjGCAUkwggFFAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE
ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW
a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw
-BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYBVwrozZ7ZSZsTUg98slXCt52e/Y9IJ
-OOMdq28JxPs3HrNaMaZle7Q7XEGLolqLGT4k9bRNJNZwC+ldCqCApTW5c/JitZu5
-MLKLRiQpfEmkcYWe3JVciFjYV5UY9MCK6X9ltMhq9eNbmpEV+WwcLpiTIZq707oY
-L3PMMDvFW5qp2g==
+BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCwTWpPlI+O6Ur8ied6usi2LZKTw1zu
+SVEgnJHJeyTVBhakJrxf6LEaU6A2rUh49XZIX9C/RqkK+Nkjspubt9uyTn2a1dVe
+LYFd5EenjYP0p4avboi/dxJvzMVdKwsTxCRygHCsTWcXtrGpM5QZzzxnQCvuFO7x
+jdEfyBrYYveRew==
-----END CMS-----
diff --git a/examples/pki/cms/auth_token_scoped.json b/examples/pki/cms/auth_token_scoped.json
index 16eb644..acf9e6a 100644
--- a/examples/pki/cms/auth_token_scoped.json
+++ b/examples/pki/cms/auth_token_scoped.json
@@ -1 +1 @@
-{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}}
+{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2112-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}}
diff --git a/examples/pki/cms/auth_token_scoped.pem b/examples/pki/cms/auth_token_scoped.pem
index 8fae319..2ba9325 100644
--- a/examples/pki/cms/auth_token_scoped.pem
+++ b/examples/pki/cms/auth_token_scoped.pem
@@ -24,7 +24,7 @@ MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy
bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV
UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf
bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u
-ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi
+ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoi
LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1
ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy
@@ -35,7 +35,7 @@ AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES
MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT
CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn
MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF
-AASBgJVelOrkaUyy9nzse+lV6qI2OK+qDhpXBZrHUeiI62ddO4ibMZw9W2+8rbLf
-8RIbZ2eotF1BUvEomYQgz/NKmOpJUknhyP7w6BIhm1E2ZGUgU7r2mc/zf8Owkys0
-Urc/B/akAhWanh0lZcu1ti6OCc7hnuq5ox2QDNmrTBQIMoUn
+AASBgEPfxsK7jCPYJWQIWb5FncQfd0wAw6tUjo6lisJ3HRDx+hbfzMcWcxpUEOcp
+dQ05cTXAftLhtxSw5IP2TQp68zs/Y9fhwMSn4yFla5bvaqxQIgsdzpX6O8BnKfkD
+DYt2iOzbgrZawe3q8mOqxa+Vv65eDwBbsbIasqieMSjdmBiV
-----END CMS-----
diff --git a/examples/pki/cms/auth_token_scoped_expired.json b/examples/pki/cms/auth_token_scoped_expired.json
new file mode 100644
index 0000000..d36d8cf
--- /dev/null
+++ b/examples/pki/cms/auth_token_scoped_expired.json
@@ -0,0 +1 @@
+{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2010-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}}
diff --git a/examples/pki/cms/auth_token_scoped_expired.pem b/examples/pki/cms/auth_token_scoped_expired.pem
new file mode 100644
index 0000000..0febbb4
--- /dev/null
+++ b/examples/pki/cms/auth_token_scoped_expired.pem
@@ -0,0 +1,41 @@
+-----BEGIN CMS-----
+MIIHQAYJKoZIhvcNAQcCoIIHMTCCBy0CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3
+DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
+cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
+LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
+ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2
+L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS
+TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh
+NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi
+OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si
+YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6
+ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5
+MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi
+fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt
+ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw
+Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5
+YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog
+Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw
+ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3
+NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu
+ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi
+bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu
+MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy
+bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV
+UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf
+bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u
+ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMC0wNi0wMlQxNDo0NzozNFoi
+LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1
+ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
+ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy
+X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6
+ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l
+IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIBSTCCAUUC
+AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES
+MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT
+CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn
+MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF
+AASBgAo6fTuvdeQcLH4s/44uS0dtleGqe8LbMmIlZM5OVBTlylIAfqS52+V8o4b0
+7AvkuNEJHcexm+Jwbf9PLnIAnv+Ug6Um9ORid2PtV8DDpljTxaPZoU9693Zd26UN
+kGJIRcISq3KuaDjKM1cwVJKpviXNvIIOBQK2qXOa+t5TWrvo
+-----END CMS-----
diff --git a/examples/pki/cms/auth_token_unscoped.json b/examples/pki/cms/auth_token_unscoped.json
index b2340a7..102c12f 100644
--- a/examples/pki/cms/auth_token_unscoped.json
+++ b/examples/pki/cms/auth_token_unscoped.json
@@ -1 +1 @@
-{"access": {"token": {"expires": "2012-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}}
\ No newline at end of file
+{"access": {"token": {"expires": "2112-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}}
\ No newline at end of file
diff --git a/examples/pki/cms/auth_token_unscoped.pem b/examples/pki/cms/auth_token_unscoped.pem
index 610e36f..b7cb4ec 100644
--- a/examples/pki/cms/auth_token_unscoped.pem
+++ b/examples/pki/cms/auth_token_unscoped.pem
@@ -1,6 +1,6 @@
-----BEGIN CMS-----
MIICpwYJKoZIhvcNAQcCoIICmDCCApQCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3
-DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw
+DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIx
MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0
MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi
dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi
@@ -10,8 +10,8 @@ dXNlcl9uYW1lMSJ9fX0xggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV
BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW
FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER
-MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAEEEcj968A9f+WHIq0UBA42TlPhtg
-AOae7hfzkknymvt6ILizFyScp0766rJfRTO+wp/lsE0CKOXU6Ihy5MhZnggo/VGV
-szmitBeyDUF1hJrFi3jL62k/D6ChTxGpvu2YMRRvDyuaWO5ttS/7aqza1bv7Pry1
-BpbVtRi57LuDINk=
+MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAmkWkhTZKeMWedDlqHJ1CjJ10gk+8
+0f+M34c2elgKlmztTdvbAt/mnJlPuHYMXz10NK8sT4TJrOGEVXBp6Vx+FAiasu5S
+qunDGJtPEo42OW+C7H6KVx176mnb3bpBgyR0JHenTiRRn6qVkXp4R0tlHWdz/HV5
+HDyyxhNp785xygI=
-----END CMS-----
diff --git a/examples/pki/cms/auth_v3_token_revoked.json b/examples/pki/cms/auth_v3_token_revoked.json
index ce675ce..9aecd1a 100644
--- a/examples/pki/cms/auth_v3_token_revoked.json
+++ b/examples/pki/cms/auth_v3_token_revoked.json
@@ -3,7 +3,7 @@
{"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"},
{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"},
{"endpoints": [{"adminURL": "http://127.0.0.1:35357/v3", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v3", "publicURL": "http://127.0.0.1:5000/v3"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],
- "expires_at": "2012-06-02T14:47:34Z",
+ "expires_at": "2112-06-02T14:47:34Z",
"project": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}},
"user": {"name": "revoked_username1", "id": "revoked_user_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}},
"roles": [{"name": "role1"}, {"name": "role2"}]
diff --git a/examples/pki/cms/auth_v3_token_revoked.pem b/examples/pki/cms/auth_v3_token_revoked.pem
index 630f664..e7bf936 100644
--- a/examples/pki/cms/auth_v3_token_revoked.pem
+++ b/examples/pki/cms/auth_v3_token_revoked.pem
@@ -25,7 +25,7 @@ MjcuMC4wLjE6MzUzNTcvdjMiLCAicmVnaW9uIjogIlJlZ2lvbk9uZSIsICJpbnRl
cm5hbFVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwgInB1YmxpY1VS
TCI6ICJodHRwOi8vMTI3LjAuMC4xOjUwMDAvdjMifV0sICJlbmRwb2ludHNfbGlu
a3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9uZSJ9
-XSwNCiAgICAgImV4cGlyZXNfYXQiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoiLA0K
+XSwNCiAgICAgImV4cGlyZXNfYXQiOiAiMjExMi0wNi0wMlQxNDo0NzozNFoiLA0K
ICAgICAicHJvamVjdCI6IHsiZW5hYmxlZCI6IHRydWUsICJkZXNjcmlwdGlvbiI6
IG51bGwsICJuYW1lIjogInRlbmFudF9uYW1lMSIsICJpZCI6ICJ0ZW5hbnRfaWQx
IiwgImRvbWFpbiI6IHsiaWQiOiAiZG9tYWluX2lkMSIsICJuYW1lIjogImRvbWFp
@@ -37,8 +37,8 @@ DQogICAgfQ0KfQ0KMYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAH
-BgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgHI+folnKZbYybTnDo5X3b43LzqXzDMy
-H1HrXW/MIiNVw58JLtcRYp6C2A8TeoAduvt/IkI7YgQ+EDfbYOQ0HSbmnNEyc8nQ
-jAsyD+plz+42eYfTGR+dhZWFmXPxEKE5RB/FQLEqZoJxOICxKzYezSGhreAh9mu/
-Xq/GOSYVo7Rz
+BgUrDgMCGjANBgkqhkiG9w0BAQEFAASBgDcPIVP0gTYC5z+gnEqzof1QvciIUY4q
+lGNQ+G/7wdajcrCb5Cy3NWrAN/Cgnsz06ilhTIHs2LfbgROG8C4MMLHvIccQ81Uo
+kPnEFtSnBwNvhHhzMwCdA0crwpf+0KzpW/8LBtFrrka3fwUJYngq6tARWZVt5UGn
+PolkJuSwsztW
-----END CMS-----
diff --git a/examples/pki/cms/auth_v3_token_scoped.json b/examples/pki/cms/auth_v3_token_scoped.json
index c2071f6..b49d7e1 100644
--- a/examples/pki/cms/auth_v3_token_scoped.json
+++ b/examples/pki/cms/auth_v3_token_scoped.json
@@ -3,7 +3,7 @@
{"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"},
{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"},
{"endpoints": [{"adminURL": "http://127.0.0.1:35357/v3", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v3", "publicURL": "http://127.0.0.1:5000/v3"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],
- "expires_at": "2012-06-02T14:47:34Z",
+ "expires_at": "2112-06-02T14:47:34Z",
"project": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}},
"user": {"name": "user_name1", "id": "user_id1", "domain": {"id": "domain_id1", "name": "domain_name1"}},
"roles": [{"name": "role1"}, {"name": "role2"}]
diff --git a/examples/pki/cms/auth_v3_token_scoped.pem b/examples/pki/cms/auth_v3_token_scoped.pem
index f90490e..ee98813 100644
--- a/examples/pki/cms/auth_v3_token_scoped.pem
+++ b/examples/pki/cms/auth_v3_token_scoped.pem
@@ -24,7 +24,7 @@ ZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwgInJlZ2lvbiI6
ICJSZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMToz
NTM1Ny92MyIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3Yz
In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImlkZW50aXR5Iiwg
-Im5hbWUiOiAia2V5c3RvbmUifV0sDQoJICJleHBpcmVzX2F0IjogIjIwMTItMDYt
+Im5hbWUiOiAia2V5c3RvbmUifV0sDQoJICJleHBpcmVzX2F0IjogIjIxMTItMDYt
MDJUMTQ6NDc6MzRaIiwNCgkgInByb2plY3QiOiB7ImVuYWJsZWQiOiB0cnVlLCAi
ZGVzY3JpcHRpb24iOiBudWxsLCAibmFtZSI6ICJ0ZW5hbnRfbmFtZTEiLCAiaWQi
OiAidGVuYW50X2lkMSIsICJkb21haW4iOiB7ImlkIjogImRvbWFpbl9pZDEiLCAi
@@ -36,7 +36,7 @@ DQoxggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFj
azERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0b25lQG9w
ZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgERMAcGBSsOAwIaMA0G
-CSqGSIb3DQEBAQUABIGAE2Xc5jwDUveWjgn/RItwzqsi4PZw+8dgJELGE/+qVrcE
-gJ5iXsR9Lx4yy932ETXFZ1fb+WTX6ytBkvUDMUI4xebZlrF3MIY2RZBzRT+JO0q0
-GsqX9JFtxSKpZcizWMz9HXTNPR44eCmC5ywPTr+igj+xJ2eDgz/ekp1hrnJBu2c=
+CSqGSIb3DQEBAQUABIGAxb2GSHoV7yzFDoW6sJwRK49xgMO3bpcU6s+yxUh4auLR
+MQ8Wso1xzDPnG2Xp886u0Wvw9dUC2s1qTD1aXKDdaHY0FUXC3pWUypR+6Ky5M7WP
+YJvDJfD0fdPX44SHwXo9Zy+DcU4zcRCucC4/5zn5w30qd1t1mwvd8GNdxvUqmZ8=
-----END CMS-----
diff --git a/examples/pki/cms/revocation_list.pem b/examples/pki/cms/revocation_list.pem
index 8fcfa7e..1832fad 100644
--- a/examples/pki/cms/revocation_list.pem
+++ b/examples/pki/cms/revocation_list.pem
@@ -6,7 +6,7 @@ MYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx
ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu
c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq
-hkiG9w0BAQEFAASBgJMkLgRgYefScR8x1/htXmSqvqMDo6LmjKE+FePLK0USPPw7
-kpAS8U8zuxR2l7nd/Dy6YrwuNrtKiifF1RiPgtmvZ93GJw3lDWPVKK0G+xK9lNqI
-cNlWHSJo++jU2ZTk7TuC8OjhxPlsC7KTXXrIE4E6dsV6IeRE1BTEUD4bvI/l
+hkiG9w0BAQEFAASBgBOGqBdORuXd+3VITnCKoOrgJqiqbvtW7TvRmBQfQ7wyYb1/
+zdvWswYlR770fnfTK82c9xwTRYzCpwS9sJk4byYG2dG1WYqNqS7Qs8EYhz2nsPf/
+6uMy19t+YnoLwFm8DNPr5najc6AGgBxryQPmQ/TcHqFGmjABwUgdDfLs7InZ
-----END CMS-----
diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh
index 5cea13e..1e4fd2a 100755
--- a/examples/pki/gen_pki.sh
+++ b/examples/pki/gen_pki.sh
@@ -203,7 +203,7 @@ function check_openssl {
}
function gen_sample_cms {
- for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json"
+ for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json"
do
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
done
diff --git a/examples/pki/private/cakey.pem b/examples/pki/private/cakey.pem
index fd38aee..d7523ce 100644
--- a/examples/pki/private/cakey.pem
+++ b/examples/pki/private/cakey.pem
@@ -1,16 +1,16 @@
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJ9ua8GSnhyRr7J5
-Wvu+PTwU4Vo2KrazwwE/Fd32dcZtX6at0/Zr62dADsC0Ig6MTfVZCIrrf2HJpTzW
-CXa4n0kZXRZaq/L/qIv3Yl51FAOl06nCCsC1g+IIG4OnnQW+YbLfB0MHsOV/TdFb
-C6Y5t4UzFh0i6WqF7Z9ADKsBBXYlAgMBAAECgYEAmuWUSdCiT014L2VacUXGhq4e
-uB/yZenG51oca7e9e5jeGrm+Oydk4b7J1o3snMfSIjJra1UcQKzCHpYxQahkD/+/
-XXz7+1jMHyZwaiGcrzqBltcCgfp1ogiT/hjidBzIgyOAv+CN5NpRBvLMGgEZpE8G
-BX3hxvTEaEvt6B6qqg0CQQDMH4LHEhMWrR5r0w3Cd6Xnx6AdQLhXvsjsxU/vQayn
-rm2jb7Gnk9P9v/1rylDHESdkPewSc5Vxde8rk1ldDe9DAkEAx/M2KXDW9AVKXwap
-qP6RjejopxqHK5lgcDr56cybUGib+dYndQFVQmhpYPz1C+b9sbn1iVpXLKpsO2JG
-6EjqdwJBAKQWdJ+otPWWpwzQdZAtdI21GM5LN6U5tfU3zEEuDyggfPxUDoECwfiK
-/KJI2dScwoi/imVuyuSRhHkIE19Nk1cCQG9wX+ls2ICcSjz4C6sCZsE+5BvuLxPf
-od4rIIpr3MxN4VC3SLpvicM/SiwiD7kYfqCFUhHBZgCg4z2dooNn0DUCQHUV8DsM
-ZoWx2D6sqaI9KExwzfLR/9AbDpqyDa/js8LSMqo5OakA47buqKiWaBlBfSb/qccz
-NsmQV0JeyF6cJB0=
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANP4aC8OC1gE7zIo
+MIndBoR+SFmiC+FQ7JTQBa4rLhT63Zkw8Mb9W+x51mnphsX9QjXT/Fh4e617UQDt
+o2bF3FgVfxj8teMHA4UBLDjlJIJWak+ZAROYwL8cZHOtFcjv5BxR6PXhSywufHZK
+NvqIv321L7TCuV6w05jrMegH7zQpAgMBAAECgYBv/WEF41So90ps5IDohacI3zNY
+b9349+lWoiUuJNAe83+ajRnY+EjVwnU+1cuH1Uti5xH+qAEn4ewlImhfRxAnX17X
+kW45wMoI8V5xZW7NyeaWtsv57Ssq5CIGbhVamp0HKCwaz3DhFhctudD8bKrapF0l
+VK8AQYquzCuqC2lBAQJBAOyAZatJOssW4UmaaHUiSUKxIpgpAKXHLzpWUvuREG39
+pI9sZSv6WDA3Ab8/60CPI0Ovy6KhgikncaWOBunBjwkCQQDlckEDM+VZQYa7RzzZ
+cEQltX1BxMduSlXqbsGxis7SPaOOrapnb1RtDbeM2FwvMmB3qtq3eQMzjLa25dXQ
+CqQhAkEAiUf2vDij0iOT3n+sxuGCGR5tcFnMsG4wsfJN9Q09tjsXfNF04NROwJ4N
+e5CE5FKyK6Yt1FdgELd+tpT82k+q0QJAGhUk4tJRbhYO1NdCSY2Dka3R8VoHObhl
+j+LLTf1ziV7Mavm+90cml8cJaI9n202kvbXEazrsbD3Av4XdCmtLQQJBANXVSnQy
+omf86+CtUs7bb3S4PieCk0vKO2KQqfaYb2QuaTfULqUHvc9u8iIqEtzdn2uI3ET9
+kQLZ4IgnoBb0JVo=
-----END PRIVATE KEY-----
diff --git a/examples/pki/private/signing_key.pem b/examples/pki/private/signing_key.pem
index dedde22..a20acc4 100644
--- a/examples/pki/private/signing_key.pem
+++ b/examples/pki/private/signing_key.pem
@@ -1,16 +1,16 @@
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL9W4wyZZ3E8UGEo
-ZSh31ip+8N3vDS9tTfP/PUxx5fK/nN7FziyJJ+ulkQolaycNJOc5kNNOGyxa/+tP
-SkM4sZCWq8igIIehpJeauB1nFBdQCB4t7bI3EbVjAteIby4gx0RZWuvSyYrkO0nh
-8oCGPWK3KNPX/bj4vBVJkvLfbn1xAgMBAAECgYEAiUigE7QlghuSWIORQR3qbgcy
-bypLvZGhcsXZh3XZVPiiZzxpl465M9xRWoRKg3Rs2/JztQi/em24XW9Ai0asLyHL
-u/kZ45A6fbX51QsY989eS0zwsKV/YzY4V2Nvv+MkzfR/sSdtnOu5C0pPf+wuyazZ
-6Ky2/GpIcEA8yTl1q3kCQQDozmQdIdWG/9viBxdoW8wXlb2zA47MaV9WphLwC1rV
-J/00X0SgM94it1BhltxCTrIQ72WF7vBtvDw51N1Rf1wnAkEA0mbnrmAiKwfJVyeV
-PUN0fz5N6JKsUSVEY6Wt+ySDJqmro27uiHgZhmQb+lwLE5VfTZrdLx5LGa2Mr4w0
-8degpwJBAN1AKQ02toPSbdpl+u0HMPPJL7wNyYyjKCRlOOJBKFYj5xP65nGKWbaM
-mSvl//ZUbA6ENewPpRflKSedEaj+bUkCQDfdXNye59OXEK2Uc/q9Q1xZtaPv9dLh
-20O+BPDu4+fLGyic1rbjdJuLTyZtc/9yJMjdOqc9GuGpg/ZEevZPs3cCQDa2AbNj
-uF+KX2u9+38hcN4APnGAk7Z452WbwoXBY7X4SsA4xYqjPIw3QEOqn2zT4A6dt0IX
-11zRtas1zYePTXg=
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMaJJtZBTZtosadG
+o56LgNkzAIVmdqfljmhvdKFoKK2ITTN5HJeBztbgpeQUCwqcc4Id6gvcuijkQ2rP
+dVXGNngKwfQ9r4m1SmrmIOojqCC0madu6hs+m9i3UtQKG+DXga6pdM+ieRbUj/hL
+YDDcW+cWuUHqz6PH43lbTNF18wo/AgMBAAECgYEAp+1QPT+FLiNSyONV9/+VX6Hl
+GfC+AmuHlcxYQUIBzi4Q5q3VQk1Yr6Xai11srXABv5gf5CKyD25rm8eYPpHmdQsj
+33vjb9yQ/1Ts8NR1YJ5Gxs5iawPATzm5yjim5sPJJrjJy9hl8uEEqRca/14CSva5
+X4VrVy7RVmimmaumOwECQQDrLZ8SDut+qrhFhWZKAupXTpM5AlJBUkCPyqVnPgKg
+cEVAktXryknAr535bK0C16CX3dpUzfS7ksYOxNrLuUi/AkEA2B0E2O4NZW82PdBf
+D1JUUv9dBlilrGAVxNrmFkiqk3NcdeiB21yFrQ33VcBocgBoY2oKdOBXoTQFOJXJ
+9bEegQJANmXUEIJA+IiWnQYRNfdcqxsytJIT4qYa5uexwKK4StINQrV0I9kjnB1D
+BimcDzc/H0GiudD11dlKVKo2Db9q0wJAIxKykrIvomKmHuoOQ2JNJRskcb85Q/xk
+DAqqhLtOU5fJTalqSbt+RlOZ7GTJjpbaWif/gnBWSGc04bYNjL4uAQJAE1ZswXw5
+N813tirpa+bnfxcffDDRk4mk0jfHtCjhASelzzvFXh4f00TW+odn4cp4NLd3QQ2p
+59a2PmibzgJsTw==
-----END PRIVATE KEY-----
diff --git a/examples/pki/private/ssl_key.pem b/examples/pki/private/ssl_key.pem
index ab8dca4..4877ae3 100644
--- a/examples/pki/private/ssl_key.pem
+++ b/examples/pki/private/ssl_key.pem
@@ -1,16 +1,16 @@
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKFS7ztV1Ur3H+J+
-UrQlkxtbE/yr8GzJ+JO5yqG7OWpACtxSm3EQ1+qTLtHSIrwCeON2K6zht+HDxht9
-ATw61c3qu6NQYpfW//VH7bXXTZnF5c+dj1awpfqejzSL6dQO5grRl1Z2JF4IR//z
-iCXqgzk/QdzVYjZiH0+JYaM56ukRAgMBAAECgYARVPiw1kLpH+3EBrBZ/GN2n+1g
-yxQ0i+px7JcRkyzS9nh0PUfH+PhJknCISFxE+LsGLQ76LvHzhnYFRAPa9bM8lZQx
-gAjroYx8vXSD5pcmDs+7SqxWCP/PI9IlT6F0dHanwXcLPjPCeBUZN/Z/ZyuOIpML
-DMDfbXHpbg9BF41qJQJBANPJ2VG6KrSqxzM1f7AHSpOp2UZqylMCe14TMSkWaHHX
-Bla8p+6D76Ixskh49L9yEpxFplgLP3fRcFfNpRCUSY8CQQDDADhxiQ+jsR69YJMe
-QYXYLpQfF2751x789NPfpytDEUOFZ8yyyLp3aNOAYoMrLXaMQTLTJgT5dA2D8QdU
-shNfAkEAwDzEnPFt2CX3wFy8NSy5HcWbKda/JY/oKSEki1YCoep6n3qIt/BcMI4J
-dM0N40SI7f4umlZDWt/pqFlKjfz7swJARYbjmR+ccunpIu63JdeI6G6bI4bQa8ZW
-5yxICvtowm36XCuJYcmOKps2phT53cBE/3cTrxNkPKkzVHLxATLJEwJBAL5sOt1g
-ChxUqvhBQtTgToX/WTDtGF3PEBNwU0YeOz4GweoqABxMzg08W/6rvsIFismNuWY5
-W6bZ8CxyKPcq/aE=
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKu9aaVODW0VF29o
+QXs/mN/PO9cXS4YtmwhIgV6TrvRTsSjmjAHf8hy4C0bCGNQfIWkyICp2JYNnhBkE
+52VYPMwY1sOyNebN4jV9WcPGoMlobxy2VBTAroom975qRG5HhEbGD27NLqXbJmM6
+b4+0JdlJn5iWT/7HtbSUnz1p2oVRAgMBAAECgYEAmehJgScNyTAZrHGWHUnFSu2B
+ByWNPVYplabEqWlYZQWLwse5uQRlCW+2S1cuwQqU+p09TlBLFhPywiku5hfJgvZx
+EzjAJHYFdrGreD5y9NKapuWfaSM/JZ2+3u1Cy+d/0MoLbAd6Bmc8YU2NH1VPCPGQ
+q2fKCweMrYaymmcD7wECQQDdUnFycODvaXWlYAaCVvOWllejNhA+uA1ljmhEAoEh
+ES12LdM7cDK9szq55WZ2UPNS/8huCMfPDtBRHy+twsSZAkEAxqYn1sK3WWX8bzu5
+Eu7cpcFvYTvoJYVChK7LjplpKACnRzcQztPi/aLS0UVtjyf7+zhZTNDexwhm0hWJ
+o58BeQJAXxMAaxH0fsRF5pHWmf0yTNkuso0R829rSdogDj8pK4ROjDrpR9pN4dHx
+g1P5bRAfRuNcPXCGLPuHH6IPAEzv2QJAe2PR8zBXuwwCVQV/3CbKn5sbmAYiGMxB
+mTEJ97WK//IH9dBafF5Y7LsqwBqkBvwLJOzHa1OCTZcGZxBBwoSN4QJAUy4DMkdb
+ENukagZ6ddkoQbJ7vDMuZfjl+R8B0YL10rLShhbcy4iLzs8ujqt4z1VznaAZBXaQ
+ctiy9/gBMhudwA==
-----END PRIVATE KEY-----
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 0d0e124..985ee6f 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -690,7 +690,8 @@ class AuthProtocol(object):
data = json.loads(verified)
else:
data = self.verify_uuid_token(user_token, retry)
- self._cache_put(token_id, data)
+ expires = self._confirm_token_not_expired(data)
+ self._cache_put(token_id, data, expires)
return data
except Exception as e:
self.LOG.debug('Token validation failure.', exc_info=True)
@@ -924,23 +925,31 @@ class AuthProtocol(object):
data_to_store,
timeout=self.token_cache_time)
- def _cache_put(self, token, data):
+ def _confirm_token_not_expired(self, data):
+ if not data:
+ raise InvalidUserToken('Token authorization failed')
+ if self._token_is_v2(data):
+ timestamp = data['access']['token']['expires']
+ elif self._token_is_v3(data):
+ timestamp = data['token']['expires_at']
+ else:
+ raise InvalidUserToken('Token authorization failed')
+ expires = timeutils.parse_isotime(timestamp).strftime('%s')
+ if time.time() >= float(expires):
+ self.LOG.debug('Token expired a %s', timestamp)
+ raise InvalidUserToken('Token authorization failed')
+ return expires
+
+ def _cache_put(self, token, data, expires):
""" Put token data into the cache.
Stores the parsed expire date in cache allowing
quick check of token freshness on retrieval.
+
"""
- if self._cache and data:
- if self._token_is_v2(data):
- timestamp = data['access']['token']['expires']
- elif self._token_is_v3(data):
- timestamp = data['token']['expires_at']
- else:
- self.LOG.error('invalid token format')
- return
- expires = timeutils.parse_isotime(timestamp).strftime('%s')
- self.LOG.debug('Storing %s token in memcache', token)
- self._cache_store(token, data, expires)
+ if self._cache:
+ self.LOG.debug('Storing %s token in memcache', token)
+ self._cache_store(token, data, expires)
def _cache_store_invalid(self, token):
"""Store invalid token in cache."""
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index 86d9ee2..88c0339 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -54,6 +54,7 @@ SIGNED_v3_TOKEN_UNSCOPED = None
SIGNED_TOKEN_SCOPED_KEY = None
SIGNED_TOKEN_UNSCOPED_KEY = None
SIGNED_v3_TOKEN_SCOPED_KEY = None
+SIGNED_TOKEN_SCOPED_EXPIRED = None
VALID_SIGNED_REVOCATION_LIST = None
@@ -253,6 +254,9 @@ def setUpModule(self):
with open(os.path.join(signing_path, 'auth_token_revoked.pem')) as f:
self.REVOKED_TOKEN = cms.cms_to_token(f.read())
self.REVOKED_TOKEN_HASH = utils.hash_signed_token(self.REVOKED_TOKEN)
+ with open(os.path.join(signing_path,
+ 'auth_token_scoped_expired.pem')) as f:
+ self.SIGNED_TOKEN_SCOPED_EXPIRED = cms.cms_to_token(f.read())
with open(os.path.join(signing_path, 'auth_v3_token_revoked.pem')) as f:
self.REVOKED_v3_TOKEN = cms.cms_to_token(f.read())
self.REVOKED_v3_TOKEN_HASH = utils.hash_signed_token(self.REVOKED_v3_TOKEN)
@@ -414,7 +418,7 @@ class BaseFakeHTTPConnection(object):
body = jsonutils.dumps({
'access': {
'token': {'id': 'admin_token2',
- 'expires': '2012-10-03T16:58:01Z'}
+ 'expires': '2022-10-03T16:58:01Z'}
},
})
return status, body
@@ -571,6 +575,7 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase):
'uuid_token_default': UUID_TOKEN_DEFAULT,
'uuid_token_unscoped': UUID_TOKEN_UNSCOPED,
'signed_token_scoped': SIGNED_TOKEN_SCOPED,
+ 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED,
'revoked_token': REVOKED_TOKEN,
'revoked_token_hash': REVOKED_TOKEN_HASH
}
@@ -941,6 +946,13 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
self.middleware(req.environ, self.start_fake_response)
self.assertNotEqual(self._get_cached_token(token), None)
+ def test_expired(self):
+ req = webob.Request.blank('/')
+ token = self.token_dict['signed_token_scoped_expired']
+ req.headers['X-Auth-Token'] = token
+ self.middleware(req.environ, self.start_fake_response)
+ self.assertEqual(self.response_status, 401)
+
def test_memcache_set_invalid(self):
req = webob.Request.blank('/')
token = 'invalid-token'
@@ -1302,6 +1314,7 @@ class v3AuthTokenMiddlewareTest(AuthTokenMiddlewareTest):
'uuid_token_default': v3_UUID_TOKEN_DEFAULT,
'uuid_token_unscoped': v3_UUID_TOKEN_UNSCOPED,
'signed_token_scoped': SIGNED_v3_TOKEN_SCOPED,
+ 'signed_token_scoped_expired': SIGNED_TOKEN_SCOPED_EXPIRED,
'revoked_token': REVOKED_v3_TOKEN,
'revoked_token_hash': REVOKED_v3_TOKEN_HASH
}
distrib
>
Fedora
>
19
>
i386
>
media
>
updates-src
>
by-pkgid
>
ba59a791bd2083edb232ab94febba914
>
files
>
3
