1 files changed, 91 insertions, 0 deletions
diff --git a/keystone-moon/keystone/token/_simple_cert.py b/keystone-moon/keystone/token/_simple_cert.py
new file mode 100644
index 00000000..9c369255
--- /dev/null
+++ b/keystone-moon/keystone/token/_simple_cert.py
@@ -0,0 +1,91 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# TODO(morganfainberg): Remove this file and extension in the "O" release as
+# it is only used in support of the PKI/PKIz token providers.
+import functools
+
+from oslo_config import cfg
+import webob
+
+from keystone.common import controller
+from keystone.common import dependency
+from keystone.common import extension
+from keystone.common import json_home
+from keystone.common import wsgi
+from keystone import exception
+
+
+CONF = cfg.CONF
+EXTENSION_DATA = {
+    'name': 'OpenStack Simple Certificate API',
+    'namespace': 'http://docs.openstack.org/identity/api/ext/'
+                 'OS-SIMPLE-CERT/v1.0',
+    'alias': 'OS-SIMPLE-CERT',
+    'updated': '2014-01-20T12:00:0-00:00',
+    'description': 'OpenStack simple certificate retrieval extension',
+    'links': [
+        {
+            'rel': 'describedby',
+            'type': 'text/html',
+            'href': 'http://developer.openstack.org/'
+                    'api-ref-identity-v2-ext.html',
+        }
+    ]}
+extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
+extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
+
+build_resource_relation = functools.partial(
+    json_home.build_v3_extension_resource_relation,
+    extension_name='OS-SIMPLE-CERT', extension_version='1.0')
+
+
+class Routers(wsgi.RoutersBase):
+
+    def _construct_url(self, suffix):
+        return "/OS-SIMPLE-CERT/%s" % suffix
+
+    def append_v3_routers(self, mapper, routers):
+        controller = SimpleCert()
+
+        self._add_resource(
+            mapper, controller,
+            path=self._construct_url('ca'),
+            get_action='get_ca_certificate',
+            rel=build_resource_relation(resource_name='ca_certificate'))
+        self._add_resource(
+            mapper, controller,
+            path=self._construct_url('certificates'),
+            get_action='list_certificates',
+            rel=build_resource_relation(resource_name='certificates'))
+
+
+@dependency.requires('token_provider_api')
+class SimpleCert(controller.V3Controller):
+
+    def _get_certificate(self, name):
+        try:
+            with open(name, 'r') as f:
+                body = f.read()
+        except IOError:
+            raise exception.CertificateFilesUnavailable()
+
+        # NOTE(jamielennox): We construct the webob Response ourselves here so
+        # that we don't pass through the JSON encoding process.
+        headers = [('Content-Type', 'application/x-pem-file')]
+        return webob.Response(body=body, headerlist=headers, status="200 OK")
+
+    def get_ca_certificate(self, context):
+        return self._get_certificate(CONF.signing.ca_certs)
+
+    def list_certificates(self, context):
+        return self._get_certificate(CONF.signing.certfile)