diff options
Diffstat (limited to 'keystone-moon/keystone/token/_simple_cert.py')
-rw-r--r-- | keystone-moon/keystone/token/_simple_cert.py | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/keystone-moon/keystone/token/_simple_cert.py b/keystone-moon/keystone/token/_simple_cert.py new file mode 100644 index 00000000..9c369255 --- /dev/null +++ b/keystone-moon/keystone/token/_simple_cert.py @@ -0,0 +1,91 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# TODO(morganfainberg): Remove this file and extension in the "O" release as +# it is only used in support of the PKI/PKIz token providers. +import functools + +from oslo_config import cfg +import webob + +from keystone.common import controller +from keystone.common import dependency +from keystone.common import extension +from keystone.common import json_home +from keystone.common import wsgi +from keystone import exception + + +CONF = cfg.CONF +EXTENSION_DATA = { + 'name': 'OpenStack Simple Certificate API', + 'namespace': 'http://docs.openstack.org/identity/api/ext/' + 'OS-SIMPLE-CERT/v1.0', + 'alias': 'OS-SIMPLE-CERT', + 'updated': '2014-01-20T12:00:0-00:00', + 'description': 'OpenStack simple certificate retrieval extension', + 'links': [ + { + 'rel': 'describedby', + 'type': 'text/html', + 'href': 'http://developer.openstack.org/' + 'api-ref-identity-v2-ext.html', + } + ]} +extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA) +extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA) + +build_resource_relation = functools.partial( + json_home.build_v3_extension_resource_relation, + extension_name='OS-SIMPLE-CERT', extension_version='1.0') + + +class Routers(wsgi.RoutersBase): + + def _construct_url(self, suffix): + return "/OS-SIMPLE-CERT/%s" % suffix + + def append_v3_routers(self, mapper, routers): + controller = SimpleCert() + + self._add_resource( + mapper, controller, + path=self._construct_url('ca'), + get_action='get_ca_certificate', + rel=build_resource_relation(resource_name='ca_certificate')) + self._add_resource( + mapper, controller, + path=self._construct_url('certificates'), + get_action='list_certificates', + rel=build_resource_relation(resource_name='certificates')) + + +@dependency.requires('token_provider_api') +class SimpleCert(controller.V3Controller): + + def _get_certificate(self, name): + try: + with open(name, 'r') as f: + body = f.read() + except IOError: + raise exception.CertificateFilesUnavailable() + + # NOTE(jamielennox): We construct the webob Response ourselves here so + # that we don't pass through the JSON encoding process. + headers = [('Content-Type', 'application/x-pem-file')] + return webob.Response(body=body, headerlist=headers, status="200 OK") + + def get_ca_certificate(self, context): + return self._get_certificate(CONF.signing.ca_certs) + + def list_certificates(self, context): + return self._get_certificate(CONF.signing.certfile) |