diff options
author | WuKong <rebirthmonkey@gmail.com> | 2015-06-30 18:47:29 +0200 |
---|---|---|
committer | WuKong <rebirthmonkey@gmail.com> | 2015-06-30 18:47:29 +0200 |
commit | b8c756ecdd7cced1db4300935484e8c83701c82e (patch) | |
tree | 87e51107d82b217ede145de9d9d59e2100725bd7 /keystone-moon/keystone/token/providers/pki.py | |
parent | c304c773bae68fb854ed9eab8fb35c4ef17cf136 (diff) |
migrate moon code from github to opnfv
Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/token/providers/pki.py')
-rw-r--r-- | keystone-moon/keystone/token/providers/pki.py | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/keystone-moon/keystone/token/providers/pki.py b/keystone-moon/keystone/token/providers/pki.py new file mode 100644 index 00000000..61b42817 --- /dev/null +++ b/keystone-moon/keystone/token/providers/pki.py @@ -0,0 +1,53 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +"""Keystone PKI Token Provider""" + +from keystoneclient.common import cms +from oslo_config import cfg +from oslo_log import log +from oslo_serialization import jsonutils + +from keystone.common import environment +from keystone.common import utils +from keystone import exception +from keystone.i18n import _, _LE +from keystone.token.providers import common + + +CONF = cfg.CONF + +LOG = log.getLogger(__name__) + + +class Provider(common.BaseProvider): + def _get_token_id(self, token_data): + try: + # force conversion to a string as the keystone client cms code + # produces unicode. This can be removed if the client returns + # str() + # TODO(ayoung): Make to a byte_str for Python3 + token_json = jsonutils.dumps(token_data, cls=utils.PKIEncoder) + token_id = str(cms.cms_sign_token(token_json, + CONF.signing.certfile, + CONF.signing.keyfile)) + return token_id + except environment.subprocess.CalledProcessError: + LOG.exception(_LE('Unable to sign token')) + raise exception.UnexpectedError(_( + 'Unable to sign token.')) + + def needs_persistence(self): + """Should the token be written to a backend.""" + return True |