From b8c756ecdd7cced1db4300935484e8c83701c82e Mon Sep 17 00:00:00 2001 From: WuKong Date: Tue, 30 Jun 2015 18:47:29 +0200 Subject: migrate moon code from github to opnfv Change-Id: Ice53e368fd1114d56a75271aa9f2e598e3eba604 Signed-off-by: WuKong --- keystone-moon/examples/moon/__init__.py | 4 + .../moon/policies/mls_conf/authz/assignment.json | 25 +++ .../moon/policies/mls_conf/authz/metadata.json | 18 ++ .../moon/policies/mls_conf/authz/metarule.json | 12 ++ .../moon/policies/mls_conf/authz/rules.json | 13 ++ .../moon/policies/mls_conf/authz/scope.json | 24 +++ .../moon/policies/policy_mls_admin/assignment.json | 37 ++++ .../moon/policies/policy_mls_admin/metadata.json | 18 ++ .../moon/policies/policy_mls_admin/metarule.json | 12 ++ .../moon/policies/policy_mls_admin/perimeter.json | 29 +++ .../moon/policies/policy_mls_admin/rules.json | 20 ++ .../moon/policies/policy_mls_admin/scope.json | 35 ++++ .../moon/policies/policy_mls_authz/assignment.json | 23 +++ .../moon/policies/policy_mls_authz/metadata.json | 19 ++ .../moon/policies/policy_mls_authz/metarule.json | 12 ++ .../moon/policies/policy_mls_authz/perimeter.json | 16 ++ .../moon/policies/policy_mls_authz/rules.json | 13 ++ .../moon/policies/policy_mls_authz/scope.json | 24 +++ .../policies/policy_rbac_admin/assignment.json | 37 ++++ .../moon/policies/policy_rbac_admin/metadata.json | 18 ++ .../moon/policies/policy_rbac_admin/metarule.json | 12 ++ .../moon/policies/policy_rbac_admin/perimeter.json | 29 +++ .../moon/policies/policy_rbac_admin/rules.json | 20 ++ .../moon/policies/policy_rbac_admin/scope.json | 35 ++++ .../policies/policy_rbac_authz/assignment.json | 28 +++ .../moon/policies/policy_rbac_authz/metadata.json | 19 ++ .../moon/policies/policy_rbac_authz/metarule.json | 12 ++ .../moon/policies/policy_rbac_authz/perimeter.json | 16 ++ .../moon/policies/policy_rbac_authz/rules.json | 6 + .../moon/policies/policy_rbac_authz/scope.json | 24 +++ .../moon/super_extension/policy/assignment.json | 26 +++ .../moon/super_extension/policy/configuration.json | 43 ++++ .../moon/super_extension/policy/metadata.json | 26 +++ .../moon/super_extension/policy/perimeter.json | 10 + keystone-moon/examples/pki/certs/cacert.pem | 23 +++ keystone-moon/examples/pki/certs/middleware.pem | 50 +++++ keystone-moon/examples/pki/certs/signing_cert.pem | 22 ++ keystone-moon/examples/pki/certs/ssl_cert.pem | 22 ++ .../examples/pki/cms/auth_token_revoked.json | 85 ++++++++ .../examples/pki/cms/auth_token_revoked.pem | 44 ++++ .../examples/pki/cms/auth_token_scoped.json | 85 ++++++++ .../examples/pki/cms/auth_token_scoped.pem | 44 ++++ .../examples/pki/cms/auth_token_unscoped.json | 23 +++ .../examples/pki/cms/auth_token_unscoped.pem | 19 ++ .../examples/pki/cms/revocation_list.json | 8 + keystone-moon/examples/pki/cms/revocation_list.pem | 15 ++ keystone-moon/examples/pki/gen_pki.sh | 221 +++++++++++++++++++++ keystone-moon/examples/pki/private/cakey.pem | 28 +++ keystone-moon/examples/pki/private/signing_key.pem | 28 +++ keystone-moon/examples/pki/private/ssl_key.pem | 28 +++ 50 files changed, 1460 insertions(+) create mode 100644 keystone-moon/examples/moon/__init__.py create mode 100644 keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json create mode 100644 keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json create mode 100644 keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json create mode 100644 keystone-moon/examples/moon/policies/mls_conf/authz/rules.json create mode 100644 keystone-moon/examples/moon/policies/mls_conf/authz/scope.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/rules.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_admin/scope.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/rules.json create mode 100644 keystone-moon/examples/moon/policies/policy_mls_authz/scope.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json create mode 100644 keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json create mode 100644 keystone-moon/examples/moon/super_extension/policy/assignment.json create mode 100644 keystone-moon/examples/moon/super_extension/policy/configuration.json create mode 100644 keystone-moon/examples/moon/super_extension/policy/metadata.json create mode 100644 keystone-moon/examples/moon/super_extension/policy/perimeter.json create mode 100644 keystone-moon/examples/pki/certs/cacert.pem create mode 100644 keystone-moon/examples/pki/certs/middleware.pem create mode 100644 keystone-moon/examples/pki/certs/signing_cert.pem create mode 100644 keystone-moon/examples/pki/certs/ssl_cert.pem create mode 100644 keystone-moon/examples/pki/cms/auth_token_revoked.json create mode 100644 keystone-moon/examples/pki/cms/auth_token_revoked.pem create mode 100644 keystone-moon/examples/pki/cms/auth_token_scoped.json create mode 100644 keystone-moon/examples/pki/cms/auth_token_scoped.pem create mode 100644 keystone-moon/examples/pki/cms/auth_token_unscoped.json create mode 100644 keystone-moon/examples/pki/cms/auth_token_unscoped.pem create mode 100644 keystone-moon/examples/pki/cms/revocation_list.json create mode 100644 keystone-moon/examples/pki/cms/revocation_list.pem create mode 100755 keystone-moon/examples/pki/gen_pki.sh create mode 100644 keystone-moon/examples/pki/private/cakey.pem create mode 100644 keystone-moon/examples/pki/private/signing_key.pem create mode 100644 keystone-moon/examples/pki/private/ssl_key.pem (limited to 'keystone-moon/examples') diff --git a/keystone-moon/examples/moon/__init__.py b/keystone-moon/examples/moon/__init__.py new file mode 100644 index 00000000..1b678d53 --- /dev/null +++ b/keystone-moon/examples/moon/__init__.py @@ -0,0 +1,4 @@ +# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# This software is distributed under the terms and conditions of the 'Apache-2.0' +# license which can be found in the file 'LICENSE' in this package distribution +# or at 'http://www.apache.org/licenses/LICENSE-2.0'. diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json b/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json new file mode 100644 index 00000000..c917638c --- /dev/null +++ b/keystone-moon/examples/moon/policies/mls_conf/authz/assignment.json @@ -0,0 +1,25 @@ +{ + "subject_assignments": { + "subject_security_level":{ + "user1": ["low"], + "user2": ["medium"], + "user3": ["high"] + } + }, + + "action_assignments": { + "computing_action":{ + "pause": ["vm_admin"], + "unpause": ["vm_admin"], + "start": ["vm_admin"], + "stop": ["vm_admin"] + } + }, + + "object_assignments": { + "object_security_level": { + "vm1": ["low"], + "vm2": ["medium"] + } + } +} \ No newline at end of file diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json b/keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json new file mode 100644 index 00000000..0c21f178 --- /dev/null +++ b/keystone-moon/examples/moon/policies/mls_conf/authz/metadata.json @@ -0,0 +1,18 @@ +{ + "name": "MLS_metadata", + "model": "MLS", + "genre": "authz", + "description": "", + + "subject_categories": [ + "subject_security_level" + ], + + "action_categories": [ + "computing_action" + ], + + "object_categories": [ + "object_security_level" + ] +} diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json b/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json new file mode 100644 index 00000000..0f717458 --- /dev/null +++ b/keystone-moon/examples/moon/policies/mls_conf/authz/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "relation_super": { + "subject_categories": ["subject_security_level"], + "action_categories": ["computing_action"], + "object_categories": ["object_security_level"], + "relation": "relation_super" + } + }, + "aggregation": "and_true_aggregation" +} + diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json b/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json new file mode 100644 index 00000000..7badb6f5 --- /dev/null +++ b/keystone-moon/examples/moon/policies/mls_conf/authz/rules.json @@ -0,0 +1,13 @@ +{ + "relation_super":[ + ["high", "vm_admin", "medium"], + ["high", "vm_admin", "low"], + ["medium", "vm_admin", "low"], + ["high", "vm_access", "high"], + ["high", "vm_access", "medium"], + ["high", "vm_access", "low"], + ["medium", "vm_access", "medium"], + ["medium", "vm_access", "low"], + ["low", "vm_access", "low"] + ] +} \ No newline at end of file diff --git a/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json b/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json new file mode 100644 index 00000000..f07b0071 --- /dev/null +++ b/keystone-moon/examples/moon/policies/mls_conf/authz/scope.json @@ -0,0 +1,24 @@ +{ + "subject_category_scope": { + "subject_security_level": [ + "high", + "medium", + "low" + ] + }, + + "action_category_scope": { + "computing_action": [ + "vm_admin", + "vm_access" + ] + }, + + "object_category_scope": { + "object_security_level": [ + "high", + "medium", + "low" + ] + } +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json new file mode 100644 index 00000000..e1c208df --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/assignment.json @@ -0,0 +1,37 @@ +{ + "subject_assignments": { + "role":{ + "admin": ["admin" ] + } + }, + + "action_assignments": { + "ie_action":{ + "read": ["ie_admin", "ie_access"], + "write": ["ie_admin"], + "create": ["ie_admin"], + "delete": ["ie_admin"] + } + }, + + "object_assignments": { + "id": { + "subjects": ["subjects"], + "objects": ["objects"], + "actions": ["actions"], + "subject_categories": ["subject_categories"], + "object_categories": ["object_categories"], + "action_categories": ["action_categories"], + "subject_category_scope": ["subject_category_scope"], + "object_category_scope": ["object_category_scope"], + "action_category_scope": ["action_category_scope"], + "sub_rules": ["sub_rules"], + "sub_meta_rule": ["sub_meta_rule"], + "subject_assignments": ["subject_assignments"], + "object_assignments": ["object_assignments"], + "action_assignments": ["action_assignments"], + "sub_meta_rule_relations": ["sub_meta_rule_relations"], + "aggregation_algorithms": ["aggregation_algorithms"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json b/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json new file mode 100644 index 00000000..f65cb271 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/metadata.json @@ -0,0 +1,18 @@ +{ + "name": "RBAC_metadata", + "model": "RBAC", + "genre": "authz", + "description": "Role Based access Control authorization policy", + + "subject_categories": [ + "role" + ], + + "action_categories": [ + "ie_action" + ], + + "object_categories": [ + "id" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json new file mode 100644 index 00000000..3a2c7b75 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "relation_super": { + "subject_categories": ["role"], + "action_categories": ["ie_action"], + "object_categories": ["id"], + "relation": "relation_super" + } + }, + "aggregation": "and_true_aggregation" +} + diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json b/keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json new file mode 100644 index 00000000..e570aae1 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/perimeter.json @@ -0,0 +1,29 @@ +{ + "subjects": [ + "admin" + ], + "actions": [ + "read", + "write", + "create", + "delete" + ], + "objects": [ + "subjects", + "objects", + "actions", + "subject_categories", + "object_categories", + "action_categories", + "subject_category_scope", + "object_category_scope", + "action_category_scope", + "sub_rules", + "subject_assignments", + "object_assignments", + "action_assignments", + "sub_meta_rule_relations", + "aggregation_algorithms", + "sub_meta_rule" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json b/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json new file mode 100644 index 00000000..e17ba8f3 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/rules.json @@ -0,0 +1,20 @@ +{ + "relation_super":[ + ["admin", "ie_admin", "subjects"], + ["admin", "ie_admin", "objects"], + ["admin", "ie_admin", "actions"], + ["admin", "ie_admin", "subject_categories"], + ["admin", "ie_admin", "object_categories"], + ["admin", "ie_admin", "action_categories"], + ["admin", "ie_admin", "subject_category_scope"], + ["admin", "ie_admin", "object_category_scope"], + ["admin", "ie_admin", "action_category_scope"], + ["admin", "ie_admin", "sub_rules"], + ["admin", "ie_admin", "sub_meta_rule"], + ["admin", "ie_admin", "subject_assignments"], + ["admin", "ie_admin", "object_assignments"], + ["admin", "ie_admin", "action_assignments"], + ["admin", "ie_admin", "sub_meta_rule_relations"], + ["admin", "ie_admin", "aggregation_algorithms"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json b/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json new file mode 100644 index 00000000..faf06d2c --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_admin/scope.json @@ -0,0 +1,35 @@ +{ + "subject_category_scope": { + "role": [ + "admin" + ] + }, + + "action_category_scope": { + "ie_action": [ + "ie_access", + "ie_admin" + ] + }, + + "object_category_scope": { + "id": [ + "subjects", + "objects", + "actions", + "subject_categories", + "object_categories", + "action_categories", + "subject_category_scope", + "object_category_scope", + "action_category_scope", + "sub_rules", + "sub_meta_rule", + "subject_assignments", + "object_assignments", + "action_assignments", + "sub_meta_rule_relations", + "aggregation_algorithms" + ] + } +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json b/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json new file mode 100644 index 00000000..e2a244b3 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/assignment.json @@ -0,0 +1,23 @@ +{ + "subject_assignments": { + "subject_security_level":{ + } + }, + + "action_assignments": { + "computing_action":{ + "pause": ["vm_admin"], + "unpause": ["vm_admin"], + "start": ["vm_admin"], + "stop": ["vm_admin"], + "list": ["vm_access", "vm_admin"], + "create": ["vm_admin"] + } + }, + + "object_assignments": { + "object_security_level": { + "servers": ["low"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json b/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json new file mode 100644 index 00000000..56dc57df --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/metadata.json @@ -0,0 +1,19 @@ +{ + "name": "MLS_metadata", + "model": "MLS", + "genre": "authz", + "description": "Multi Layer Security authorization policy", + + "subject_categories": [ + "subject_security_level" + ], + + "action_categories": [ + "computing_action", + "storage_action" + ], + + "object_categories": [ + "object_security_level" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json b/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json new file mode 100644 index 00000000..0f717458 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "relation_super": { + "subject_categories": ["subject_security_level"], + "action_categories": ["computing_action"], + "object_categories": ["object_security_level"], + "relation": "relation_super" + } + }, + "aggregation": "and_true_aggregation" +} + diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json new file mode 100644 index 00000000..4bf88de7 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/perimeter.json @@ -0,0 +1,16 @@ +{ + "subjects": [ + "admin" + ], + "actions": [ + "pause", + "unpause", + "start", + "stop", + "create", + "list" + ], + "objects": [ + "servers" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json b/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json new file mode 100644 index 00000000..f018a6fc --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/rules.json @@ -0,0 +1,13 @@ +{ + "relation_super":[ + ["high", "vm_admin", "medium"], + ["high", "vm_admin", "low"], + ["medium", "vm_admin", "low"], + ["high", "vm_access", "high"], + ["high", "vm_access", "medium"], + ["high", "vm_access", "low"], + ["medium", "vm_access", "medium"], + ["medium", "vm_access", "low"], + ["low", "vm_access", "low"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json b/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json new file mode 100644 index 00000000..d3146acb --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_mls_authz/scope.json @@ -0,0 +1,24 @@ +{ + "subject_category_scope": { + "subject_security_level": [ + "high", + "medium", + "low" + ] + }, + + "action_category_scope": { + "computing_action": [ + "vm_access", + "vm_admin" + ] + }, + + "object_category_scope": { + "object_security_level": [ + "high", + "medium", + "low" + ] + } +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json new file mode 100644 index 00000000..e1c208df --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/assignment.json @@ -0,0 +1,37 @@ +{ + "subject_assignments": { + "role":{ + "admin": ["admin" ] + } + }, + + "action_assignments": { + "ie_action":{ + "read": ["ie_admin", "ie_access"], + "write": ["ie_admin"], + "create": ["ie_admin"], + "delete": ["ie_admin"] + } + }, + + "object_assignments": { + "id": { + "subjects": ["subjects"], + "objects": ["objects"], + "actions": ["actions"], + "subject_categories": ["subject_categories"], + "object_categories": ["object_categories"], + "action_categories": ["action_categories"], + "subject_category_scope": ["subject_category_scope"], + "object_category_scope": ["object_category_scope"], + "action_category_scope": ["action_category_scope"], + "sub_rules": ["sub_rules"], + "sub_meta_rule": ["sub_meta_rule"], + "subject_assignments": ["subject_assignments"], + "object_assignments": ["object_assignments"], + "action_assignments": ["action_assignments"], + "sub_meta_rule_relations": ["sub_meta_rule_relations"], + "aggregation_algorithms": ["aggregation_algorithms"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json new file mode 100644 index 00000000..f65cb271 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/metadata.json @@ -0,0 +1,18 @@ +{ + "name": "RBAC_metadata", + "model": "RBAC", + "genre": "authz", + "description": "Role Based access Control authorization policy", + + "subject_categories": [ + "role" + ], + + "action_categories": [ + "ie_action" + ], + + "object_categories": [ + "id" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json new file mode 100644 index 00000000..3a2c7b75 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "relation_super": { + "subject_categories": ["role"], + "action_categories": ["ie_action"], + "object_categories": ["id"], + "relation": "relation_super" + } + }, + "aggregation": "and_true_aggregation" +} + diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json new file mode 100644 index 00000000..e570aae1 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/perimeter.json @@ -0,0 +1,29 @@ +{ + "subjects": [ + "admin" + ], + "actions": [ + "read", + "write", + "create", + "delete" + ], + "objects": [ + "subjects", + "objects", + "actions", + "subject_categories", + "object_categories", + "action_categories", + "subject_category_scope", + "object_category_scope", + "action_category_scope", + "sub_rules", + "subject_assignments", + "object_assignments", + "action_assignments", + "sub_meta_rule_relations", + "aggregation_algorithms", + "sub_meta_rule" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json new file mode 100644 index 00000000..e17ba8f3 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/rules.json @@ -0,0 +1,20 @@ +{ + "relation_super":[ + ["admin", "ie_admin", "subjects"], + ["admin", "ie_admin", "objects"], + ["admin", "ie_admin", "actions"], + ["admin", "ie_admin", "subject_categories"], + ["admin", "ie_admin", "object_categories"], + ["admin", "ie_admin", "action_categories"], + ["admin", "ie_admin", "subject_category_scope"], + ["admin", "ie_admin", "object_category_scope"], + ["admin", "ie_admin", "action_category_scope"], + ["admin", "ie_admin", "sub_rules"], + ["admin", "ie_admin", "sub_meta_rule"], + ["admin", "ie_admin", "subject_assignments"], + ["admin", "ie_admin", "object_assignments"], + ["admin", "ie_admin", "action_assignments"], + ["admin", "ie_admin", "sub_meta_rule_relations"], + ["admin", "ie_admin", "aggregation_algorithms"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json b/keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json new file mode 100644 index 00000000..faf06d2c --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_admin/scope.json @@ -0,0 +1,35 @@ +{ + "subject_category_scope": { + "role": [ + "admin" + ] + }, + + "action_category_scope": { + "ie_action": [ + "ie_access", + "ie_admin" + ] + }, + + "object_category_scope": { + "id": [ + "subjects", + "objects", + "actions", + "subject_categories", + "object_categories", + "action_categories", + "subject_category_scope", + "object_category_scope", + "action_category_scope", + "sub_rules", + "sub_meta_rule", + "subject_assignments", + "object_assignments", + "action_assignments", + "sub_meta_rule_relations", + "aggregation_algorithms" + ] + } +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json new file mode 100644 index 00000000..e804b56a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/assignment.json @@ -0,0 +1,28 @@ +{ + "subject_assignments": { + "role":{ + "admin": ["admin" ] + } + }, + + "action_assignments": { + "computing_action":{ + "pause": ["vm_admin"], + "unpause": ["vm_admin"], + "start": ["vm_admin"], + "stop": ["vm_admin"], + "list": ["vm_access", "vm_admin"], + "create": ["vm_admin"] + }, + "storage_action":{ + "get": ["vm_access"], + "set": ["vm_access", "vm_admin"] + } + }, + + "object_assignments": { + "id": { + "servers": ["servers"] + } + } +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json new file mode 100644 index 00000000..7f34ed7a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/metadata.json @@ -0,0 +1,19 @@ +{ + "name": "MLS_metadata", + "model": "MLS", + "genre": "authz", + "description": "Multi Layer Security authorization policy", + + "subject_categories": [ + "role" + ], + + "action_categories": [ + "computing_action", + "storage_action" + ], + + "object_categories": [ + "id" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json new file mode 100644 index 00000000..ce828339 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/metarule.json @@ -0,0 +1,12 @@ +{ + "sub_meta_rules": { + "relation_super": { + "subject_categories": ["role"], + "action_categories": ["computing_action", "storage_action"], + "object_categories": ["id"], + "relation": "relation_super" + } + }, + "aggregation": "and_true_aggregation" +} + diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json new file mode 100644 index 00000000..4bf88de7 --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/perimeter.json @@ -0,0 +1,16 @@ +{ + "subjects": [ + "admin" + ], + "actions": [ + "pause", + "unpause", + "start", + "stop", + "create", + "list" + ], + "objects": [ + "servers" + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json new file mode 100644 index 00000000..7f9dc3bb --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/rules.json @@ -0,0 +1,6 @@ +{ + "relation_super":[ + ["admin", "vm_admin", "vm_admin", "servers"], + ["admin", "vm_access", "vm_access", "servers"] + ] +} diff --git a/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json b/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json new file mode 100644 index 00000000..34c5350a --- /dev/null +++ b/keystone-moon/examples/moon/policies/policy_rbac_authz/scope.json @@ -0,0 +1,24 @@ +{ + "subject_category_scope": { + "role": [ + "admin" + ] + }, + + "action_category_scope": { + "computing_action": [ + "vm_access", + "vm_admin" + ], + "storage_action": [ + "vm_access", + "vm_admin" + ] + }, + + "object_category_scope": { + "id": [ + "servers" + ] + } +} diff --git a/keystone-moon/examples/moon/super_extension/policy/assignment.json b/keystone-moon/examples/moon/super_extension/policy/assignment.json new file mode 100644 index 00000000..352d3928 --- /dev/null +++ b/keystone-moon/examples/moon/super_extension/policy/assignment.json @@ -0,0 +1,26 @@ +{ + "subject_category_assignments": { + "role":{ + "admin": [ + "super_user", + "super_admin", + "super_root", + "inter_extension_user", + "inter_extension_admin", + "inter_extension_root" + ] + } + }, + "object_category_assignments": { + "action": { + "intra_extension": [], + "mapping": [], + "inter_extension": [] + }, + "object_id": { + "intra_extension": ["intra_extension"], + "mapping": ["mapping"], + "inter_extension": ["inter_extension"] + } + } +} diff --git a/keystone-moon/examples/moon/super_extension/policy/configuration.json b/keystone-moon/examples/moon/super_extension/policy/configuration.json new file mode 100644 index 00000000..18918e7f --- /dev/null +++ b/keystone-moon/examples/moon/super_extension/policy/configuration.json @@ -0,0 +1,43 @@ +{ + "subject_category_values": { + "role": [ + "super_user", + "super_admin", + "super_root", + "inter_extension_user", + "inter_extension_admin", + "inter_extension_root" + ] + }, + + "object_category_values": { + "action": [ + "list", + "create", + "destroy", + "delegate" + ], + "object_id": [ + "intra_extension", + "mapping", + "inter_extension" + ] + }, + + "rules":{ + "permission": [ + ["super_user", "intra_extension", "list"], + ["super_admin", "intra_extension", "create"], + ["super_admin", "intra_extension", "destroy"], + ["super_root", "intra_extension", "delegate"], + ["super_user", "mapping", "list"], + ["super_admin", "mapping", "create"], + ["super_admin", "mapping", "destroy"], + ["super_root", "mapping", "delegate"], + ["inter_extension_user", "inter_extension", "list"], + ["inter_extension_admin", "inter_extension", "create"], + ["inter_extension_admin", "inter_extension", "destroy"], + ["inter_extension_root", "inter_extension", "delegate"] + ] + } +} \ No newline at end of file diff --git a/keystone-moon/examples/moon/super_extension/policy/metadata.json b/keystone-moon/examples/moon/super_extension/policy/metadata.json new file mode 100644 index 00000000..316bfcb7 --- /dev/null +++ b/keystone-moon/examples/moon/super_extension/policy/metadata.json @@ -0,0 +1,26 @@ +{ + "name": "RBAC_metadata", + "model": "RBAC", + "genre": "super", + "description": "", + + "subject_categories": [ + "role" + ], + + "object_categories": [ + "object_id", + "action" + ], + + "meta_rule": { + "sub_meta_rules": { + "permission": { + "subject_categories": ["role"], + "object_categories": ["object_id", "action"], + "relation": "permission" + } + }, + "aggregation": "and_true_aggregation" + } +} diff --git a/keystone-moon/examples/moon/super_extension/policy/perimeter.json b/keystone-moon/examples/moon/super_extension/policy/perimeter.json new file mode 100644 index 00000000..5d511654 --- /dev/null +++ b/keystone-moon/examples/moon/super_extension/policy/perimeter.json @@ -0,0 +1,10 @@ +{ + "subjects": [ + "admin" + ], + "objects": [ + "intra_extension", + "mapping", + "inter_extension" + ] +} \ No newline at end of file diff --git a/keystone-moon/examples/pki/certs/cacert.pem b/keystone-moon/examples/pki/certs/cacert.pem new file mode 100644 index 00000000..2f31d126 --- /dev/null +++ b/keystone-moon/examples/pki/certs/cacert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1jCCAr6gAwIBAgIJAKiIU3dYUGKeMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD +VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55 +dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG +CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs +ZiBTaWduZWQwIBcNMTMwNzA5MTYyNTAwWhgPMjA3MjAxMDExNjI1MDBaMIGeMQow +CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1 +bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl +MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML +U2VsZiBTaWduZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh1U+N +3g2cjFi7GeVf21FIv8MDhughFCey9rysAuqFONSFYo2rectLgpDtVy4BFFUFlxmh +8Ci9TEZ5LiA31tbc4584GxvlLt4dg8aFsUJRBKq0L9i7W5v9uFpHrY1Zr+P4vwG+ +v7IWOuzw19f517eGpp6LLcj2vrpN9Yb63rrydKOqr0KJodMd+vFKmi+euFcPqs6s +w1OiC5DpJN479CGl2Fs1WzMoKDedRNiXG7ysrVrYQIkfMBABBPIwilq1xXZz9Ybo +0PbNgOu6xpSsy9hq+IzxcwYsr5CwIcbqW6Ju+Ti2iBEaff20lW7dFzO4kwrcqOr9 +Jnn7qE8YfJo9Hyj3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADggEBAGWFTQTe2FwvwGWa/Bx3Ypc8pJ05ucmGDm8XZiUHj1mOvFHTcveL +Iofb+vR2lynr+MwF9Dn1szGteVNn/QxrHJIoxsgf1n/9fdyYqjoKWXblNBMt5jhr +IlMGdQMqHSDzlkZKbcXg5vzHnG5mrwh0rojcZItZznXTSo/XnujEtHwIvCo6rk9c +tRRzpkcDkg+/SZf2izchsLoEQVsJsIZMnWl0hUGFHaDfx2JQn7bnAcC84wPVhRJ+ +Xa3kDok1r7Nd7Vr/Wf0hCNRxyv2dySD/bq5iCEl1HNik3KCq4eUicTtkGe5N+Was +ucf1RhPD3oZbxlTX4QDN7grSCdrTESyuhfc= +-----END CERTIFICATE----- diff --git a/keystone-moon/examples/pki/certs/middleware.pem b/keystone-moon/examples/pki/certs/middleware.pem new file mode 100644 index 00000000..6546753e --- /dev/null +++ b/keystone-moon/examples/pki/certs/middleware.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MzA3MDkxNjI1MDBaGA8yMDcyMDEwMTE2MjUwMFowgZAxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC5dpW18l3bs+Mcj/JdhaAa+qw1RJwShm06g+q38ZoC +cCmRO3/XyHghgHWdVa+FKVm2ug923dE2PW4GSI1pZa3iqbT9Yj70nxN+0l94iym+ +v9/P7irolvo5OWBbBIJT1Ubjps5fJ//gz6BdmwS0FuOy2qfKPnPhyBDH2VawtOgY +MLk+PSG3YQh7vM2YvDALPTPz/f4qPmhQpb69KBJQElFXPQ9Nu0ABCPWWC2tN87L5 +pakFw5zq46pttSJ7Izc8MXh3KQrh9FvjmiQuRnkMvQ/g887Sp6nEJ22ABPEFhuRr +89aup6wRD2CkA/8L3zSB5BV7tTK4hQiq07cTnV9Dv6bfAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAIVz3ZwxSUF/y5ABmjnVIQaVVxH97bu07smFQUe0AB2I9R4xnBJ9 +jn93DpeixZvArCZuDuJEJvNER8S6L3r/OPMPrVzayxibXATaZRE8khMWEJpsnyeW +8paA5NuZJwN2NjlPOmT47J1m7ZjLgkrVwjhwQZPMnh5kG9690TBJNhg9x3Z8f6p3 +iKj2AfZWGhp9Xr2xOZCpfvAZmyvKOMeuHVrRZ2VWGuzojQd7fjSEDw/+Tg8Gw1LV +BQXjXiKQHsD1YID2a9Pe9yrBjO00ZMxMw8+wN9qrh+8vxfmwTO8tEkmcpvM4ivO3 +/oGGhQh6nSncERVI7rx+wBDnIHKBz6MU2Ow= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5dpW18l3bs+Mc +j/JdhaAa+qw1RJwShm06g+q38ZoCcCmRO3/XyHghgHWdVa+FKVm2ug923dE2PW4G +SI1pZa3iqbT9Yj70nxN+0l94iym+v9/P7irolvo5OWBbBIJT1Ubjps5fJ//gz6Bd +mwS0FuOy2qfKPnPhyBDH2VawtOgYMLk+PSG3YQh7vM2YvDALPTPz/f4qPmhQpb69 +KBJQElFXPQ9Nu0ABCPWWC2tN87L5pakFw5zq46pttSJ7Izc8MXh3KQrh9FvjmiQu +RnkMvQ/g887Sp6nEJ22ABPEFhuRr89aup6wRD2CkA/8L3zSB5BV7tTK4hQiq07cT +nV9Dv6bfAgMBAAECggEBAIB1K5L/kZUITulMptGyKUgmkjq/D98g7u0Vy/CmTkcc +Cx6F+LGsL9D8mfplDBKOpo4S530sfKk1+Uwu2ovDGqKhazQJ5ZMnz6gK7Ieg1ERD +wDDURTIeyKf0HtJMGD0av2QU+GIeYXQEO446PhLCu+n42zkQ8tDS8xSJbCsu0odV +ok6+i7nEg9sP4uDfAAtM8CUJbRpFTha+m2a7pOz3ylU7/ZV4FDIgJ+FEynaphXAo +bZE4MX5I7A4DDBp7/9g9HsgefByY4xiABuk7Rsyztyf2TrJEtcsVhiV4sCIIHsow +u60KGEcTQWj4npBIMgW1QUdrwmAAh/35gOjt9ZndgTkCgYEA2yT5DmihjVaNF65B +8VtdFcpESr8rr6FBmJ7z31m7MufeV1Inc5GqCK9agRmpr5sTYcgFB9it2IhW2WsA +xHv+7J04bd9DBtgTv58GWrISsCR/abMZnJrm+F5Rafk77jwjCx/SwFj79ybI83Ia +VJYMd7jqkxc00+DZT/3QWZqRrlsCgYEA2KeBBqUVdCpwNiJpgFM18HWjJx36HRk7 +YoFapXot/6R6A/rYmS+/goBZt2CWqqGtnXqWEZvH+v4L+WlUmYQrWwtoxpdR1oXz +EmlCxN7D9MbRVR7QVW24h5zdwPOlbCTGoKzowOs8UEjMfQ81zoMinLmcJgHQSyzs +OawgSF+DmM0CgYBQz26EELNaMktvKxQoE3/c9CyAv8Q1TKqqxBq8BxPP7s7/tkzU +AigIcdlW+Aapue7IxQCN5yocShJ0tE+hJPRZfpR7d7P4xx9pLxQhx766c4sEiEXu +iPSZK/artHuUG1r01DRcN7QabJP3qeDpxjcswuTFfu49H5IjPD5jfGsyNwKBgFjh +bvdQ5lo/xsUOnQV+HZTGTeaQT7l8TnZ85rkYRKKp0TysvgsqIYDiMuwd/fGGXnlK +fyI+LG51pmftpD1OkZLKPXOrRHGjhjK5aCDn2rAimGI5P/KsDpXj7r1ntyeEdtAX +32y1lIrDMtDjWomcFqkBJGQbPl540Xhfeub1+EDJAoGAUZGPT2itKnxEFsa1SKHW +yLeEsag/a9imAVyizo1WJn2WJaUhi1aHK49w6JRowIAzXXb7zLQt7BL8v+ydPVw3 +eySpXGqFuN/Prm3So0SeWllWcPsKFAzjgE0CWjNuB0GlAZGOaJOcWUNoOZjX/SDC +FpolIoaSad28tGc8tbEk3fU= +-----END PRIVATE KEY----- diff --git a/keystone-moon/examples/pki/certs/signing_cert.pem b/keystone-moon/examples/pki/certs/signing_cert.pem new file mode 100644 index 00000000..3129e508 --- /dev/null +++ b/keystone-moon/examples/pki/certs/signing_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpTCCAo0CAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MzA3MDkxNjI1MDBaGA8yMDcyMDEwMTE2MjUwMFowgY8xCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMTC6IdNd9Cg1DshcrT5gRVRF36nEmjSA9QWdik7B925 +PK70U4F6j4pz/5JL7plIo/8rJ4jJz9ccE7m0iA+IuABtEhEwXkG9rj47Oy0J4ZyD +GSh2K1Bl78PA9zxXSzysUTSjBKdAh29dPYbJY7cgZJ0uC3AtfVceYiAOIi14SdFe +Z0LZLDXBuLaqUmSMrmKwJ9wAMOCb/jbBP9/3Ycd0GYjlvrSBU4Bqb8/NHasyO4Dp +PN68OAoyD5r5jUtV8QZN03UjIsoux8e0lrL6+MVtJo0OfWvlSrlzS5HKSryY+uqq +QEuxtZKpJM2MV85ujvjc8eDSChh2shhDjBem3FIlHKUCAwEAATANBgkqhkiG9w0B +AQUFAAOCAQEAed9fHgdJrk+gZcO5gsqq6uURfDOuYD66GsSdZw4BqHjYAcnyWq2d +a+iw7Uxkqu7iLf2k4+Hu3xjDFrce479OwZkSnbXmqB7XspTGOuM8MgT7jB/ypKTO +Z6qaZKSWK1Hta995hMrVVlhUNBLh0MPGqoVWYA4d7mblujgH9vp+4mpCciJagHks +8K5FBmI+pobB+uFdSYDoRzX9LTpStspK4e3IoY8baILuGcdKimRNBv6ItG4hMrnt +Ae1/nWMJyUu5rDTGf2V/vAaS0S/faJBwQSz1o38QHMTWHNspfwIdX3yMqI9u7/vY +lz3rLy5WdBdUgZrZ3/VLmJTiJVZu5Owq4Q== +-----END CERTIFICATE----- diff --git a/keystone-moon/examples/pki/certs/ssl_cert.pem b/keystone-moon/examples/pki/certs/ssl_cert.pem new file mode 100644 index 00000000..0b0877eb --- /dev/null +++ b/keystone-moon/examples/pki/certs/ssl_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpjCCAo4CARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MzA3MDkxNjI1MDBaGA8yMDcyMDEwMTE2MjUwMFowgZAxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC5dpW18l3bs+Mcj/JdhaAa+qw1RJwShm06g+q38ZoC +cCmRO3/XyHghgHWdVa+FKVm2ug923dE2PW4GSI1pZa3iqbT9Yj70nxN+0l94iym+ +v9/P7irolvo5OWBbBIJT1Ubjps5fJ//gz6BdmwS0FuOy2qfKPnPhyBDH2VawtOgY +MLk+PSG3YQh7vM2YvDALPTPz/f4qPmhQpb69KBJQElFXPQ9Nu0ABCPWWC2tN87L5 +pakFw5zq46pttSJ7Izc8MXh3KQrh9FvjmiQuRnkMvQ/g887Sp6nEJ22ABPEFhuRr +89aup6wRD2CkA/8L3zSB5BV7tTK4hQiq07cTnV9Dv6bfAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAIVz3ZwxSUF/y5ABmjnVIQaVVxH97bu07smFQUe0AB2I9R4xnBJ9 +jn93DpeixZvArCZuDuJEJvNER8S6L3r/OPMPrVzayxibXATaZRE8khMWEJpsnyeW +8paA5NuZJwN2NjlPOmT47J1m7ZjLgkrVwjhwQZPMnh5kG9690TBJNhg9x3Z8f6p3 +iKj2AfZWGhp9Xr2xOZCpfvAZmyvKOMeuHVrRZ2VWGuzojQd7fjSEDw/+Tg8Gw1LV +BQXjXiKQHsD1YID2a9Pe9yrBjO00ZMxMw8+wN9qrh+8vxfmwTO8tEkmcpvM4ivO3 +/oGGhQh6nSncERVI7rx+wBDnIHKBz6MU2Ow= +-----END CERTIFICATE----- diff --git a/keystone-moon/examples/pki/cms/auth_token_revoked.json b/keystone-moon/examples/pki/cms/auth_token_revoked.json new file mode 100644 index 00000000..57d35280 --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_revoked.json @@ -0,0 +1,85 @@ +{ + "access": { + "serviceCatalog": [ + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a" + } + ], + "endpoints_links": [], + "type": "volume", + "name": "volume" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:9292/v1", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:9292/v1", + "publicURL": "http://127.0.0.1:9292/v1" + } + ], + "endpoints_links": [], + "type": "image", + "name": "glance" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a" + } + ], + "endpoints_links": [], + "type": "compute", + "name": "nova" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:35357/v2.0", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:35357/v2.0", + "publicURL": "http://127.0.0.1:5000/v2.0" + } + ], + "endpoints_links": [], + "type": "identity", + "name": "keystone" + } + ], + "token": { + "expires": "2012-06-02T14:47:34Z", + "id": "placeholder", + "tenant": { + "enabled": true, + "description": null, + "name": "tenant_name1", + "id": "tenant_id1" + } + }, + "user": { + "username": "revoked_username1", + "roles_links": [ + "role1", + "role2" + ], + "id": "revoked_user_id1", + "roles": [ + { + "name": "role1" + }, + { + "name": "role2" + } + ], + "name": "revoked_username1" + } + } +} diff --git a/keystone-moon/examples/pki/cms/auth_token_revoked.pem b/keystone-moon/examples/pki/cms/auth_token_revoked.pem new file mode 100644 index 00000000..1435c1e9 --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_revoked.pem @@ -0,0 +1,44 @@ +-----BEGIN CMS----- +MIIH1wYJKoZIhvcNAQcCoIIHyDCCB8QCAQExCTAHBgUrDgMCGjCCBeQGCSqGSIb3 +DQEHAaCCBdUEggXReyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k +cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx +LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy +ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 +L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS +TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh +NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi +OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si +YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 +ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 +MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi +fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt +ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw +Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 +YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog +Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw +ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 +NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu +ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi +bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu +MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy +bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV +UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf +bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 +ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg +ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv +a2VkX3VzZXJuYW1lMSIsICJyb2xlc19saW5rcyI6IFsicm9sZTEiLCJyb2xlMiJd +LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi +cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz +ZXJuYW1lMSJ9fX0NCjGCAcowggHGAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD +VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE +ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW +a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw +BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEggEAXY8JvllpyctcNlJByPLxhgLyRfFo +Ew+8Yq3O4FxOyfVkINvOz4EHTipY0M/K8OLwfxpRt7o/iGLGRDBTI6Dd+erXsus8 +NecnNxcWN9RUE2CZhoGj/0nhnNEGF+9Mlv3tMBngwoUJg2paSw/Vn2Q7RaqbOC05 +aZOSDoSX7Zf0DIS/T0ZPnmOUb9+N25M20ctMHksPMEq0qyf2oove0O+WMa/cA8JT +c2EAhew4WSD0Zv0GOAP30GS+hkNfA1GZTrvCQrpRs9jXhK4dR2bBsnUFVix1BEZ0 +sDhI8cXLvm16IpOO8ov6002ZoZhPn6Qo+0J8QOfdnjiwNnxLOEbuOIwPeQ== +-----END CMS----- diff --git a/keystone-moon/examples/pki/cms/auth_token_scoped.json b/keystone-moon/examples/pki/cms/auth_token_scoped.json new file mode 100644 index 00000000..31b1044b --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_scoped.json @@ -0,0 +1,85 @@ +{ + "access": { + "serviceCatalog": [ + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a" + } + ], + "endpoints_links": [], + "type": "volume", + "name": "volume" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:9292/v1", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:9292/v1", + "publicURL": "http://127.0.0.1:9292/v1" + } + ], + "endpoints_links": [], + "type": "image", + "name": "glance" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a" + } + ], + "endpoints_links": [], + "type": "compute", + "name": "nova" + }, + { + "endpoints": [ + { + "adminURL": "http://127.0.0.1:35357/v2.0", + "region": "RegionOne", + "internalURL": "http://127.0.0.1:35357/v2.0", + "publicURL": "http://127.0.0.1:5000/v2.0" + } + ], + "endpoints_links": [], + "type": "identity", + "name": "keystone" + } + ], + "token": { + "expires": "2012-06-02T14:47:34Z", + "id": "placeholder", + "tenant": { + "enabled": true, + "description": null, + "name": "tenant_name1", + "id": "tenant_id1" + } + }, + "user": { + "username": "user_name1", + "roles_links": [ + "role1", + "role2" + ], + "id": "user_id1", + "roles": [ + { + "name": "role1" + }, + { + "name": "role2" + } + ], + "name": "user_name1" + } + } +} diff --git a/keystone-moon/examples/pki/cms/auth_token_scoped.pem b/keystone-moon/examples/pki/cms/auth_token_scoped.pem new file mode 100644 index 00000000..5c02c954 --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_scoped.pem @@ -0,0 +1,44 @@ +-----BEGIN CMS----- +MIIHwQYJKoZIhvcNAQcCoIIHsjCCB64CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3 +DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k +cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx +LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy +ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 +L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS +TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh +NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi +OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si +YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 +ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 +MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi +fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt +ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw +Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 +YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog +Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw +ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 +NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu +ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi +bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu +MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy +bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV +UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf +bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 +ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg +ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy +X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6 +ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l +IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIByjCCAcYC +AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES +MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT +CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn +MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF +AASCAQCAtuVtqTU9h1uaRrYU1eusSnHwD6jizp/xltTrYTyFPfYjhJdglS+bjSeS +Iau9pN3Tfug98ozUTJ5ByNepAQtxBxPz5bDXhBmAbU6ywaolqRAG+b/s2ShNGQ2a +tn80NeZmDNbtoqdHVAkD3EZXjsEKr2w+3JTTF2indzczyGe5EeSfNUaT+ZhNEmPR +Urob62t8atW+zehCSurpaa8pC5m1NcbK8Uu6Y+qO2m08KU9w5kmbOQtWAGCmtpIx +F2yM1AbSgd90yzen7dv5mNkgZyzQ6SYgRUvkKOKnCyBb97EZK3ZR4qUxQzRYM++8 +g8HdaIfoYVPoPHqODet8Xmhw/Wtp +-----END CMS----- diff --git a/keystone-moon/examples/pki/cms/auth_token_unscoped.json b/keystone-moon/examples/pki/cms/auth_token_unscoped.json new file mode 100644 index 00000000..5c6d1f85 --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_unscoped.json @@ -0,0 +1,23 @@ +{ + "access": { + "token": { + "expires": "2012-08-17T15:35:34Z", + "id": "01e032c996ef4406b144335915a41e79" + }, + "serviceCatalog": {}, + "user": { + "username": "user_name1", + "roles_links": [], + "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", + "roles": [ + { + "name": "role1" + }, + { + "name": "role2" + } + ], + "name": "user_name1" + } + } +} diff --git a/keystone-moon/examples/pki/cms/auth_token_unscoped.pem b/keystone-moon/examples/pki/cms/auth_token_unscoped.pem new file mode 100644 index 00000000..60649090 --- /dev/null +++ b/keystone-moon/examples/pki/cms/auth_token_unscoped.pem @@ -0,0 +1,19 @@ +-----BEGIN CMS----- +MIIDKAYJKoZIhvcNAQcCoIIDGTCCAxUCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3 +DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw +MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0 +MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi +dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi +OiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2NmY2ZDNmYmQiLCAicm9sZXMiOiBb +eyduYW1lJzogJ3JvbGUxJ30seyduYW1lJzogJ3JvbGUyJ30sXSwgIm5hbWUiOiAi +dXNlcl9uYW1lMSJ9fX0xggHKMIIBxgIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG +A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV +BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW +FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER +MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAFyD9IH2bXsafCTyHEWS28zBuq03 +ZNWXV4+0BfdMbX1ONkaQ7mLGRmfabLHwfE5RaSASFh/Doq7KTc8XrBVfTm9HQPGr +TLZUawdYlyBFVq0PEE1cPvO9Blz4X/2Awcp/Q67YRd/oLCY2dFWMClMroXu1fy3P +oFlpWPPhURrbU1GjhUgPIz0IxNGjfWEHVsb5kz7Bo4E8J3pgIkccm97XZZtiCwf7 +DVNj+Eb5mRegGG6IgSSRpZULgnCmSofQ3RnW3jSCkDxLXDQm9IsaaLJsuUFLylGs +mB/98w9mP192IGl5MVr8/tANXwb5ok2VatUp/Ww1U0IlWbhN374PbK76vcE= +-----END CMS----- diff --git a/keystone-moon/examples/pki/cms/revocation_list.json b/keystone-moon/examples/pki/cms/revocation_list.json new file mode 100644 index 00000000..9ad97287 --- /dev/null +++ b/keystone-moon/examples/pki/cms/revocation_list.json @@ -0,0 +1,8 @@ +{ + "revoked": [ + { + "id": "7acfcfdaf6a14aebe97c61c5947bc4d3", + "expires": "2012-08-14T17:58:48Z" + } + ] +} diff --git a/keystone-moon/examples/pki/cms/revocation_list.pem b/keystone-moon/examples/pki/cms/revocation_list.pem new file mode 100644 index 00000000..bd22d3f2 --- /dev/null +++ b/keystone-moon/examples/pki/cms/revocation_list.pem @@ -0,0 +1,15 @@ +-----BEGIN CMS----- +MIICWgYJKoZIhvcNAQcCoIICSzCCAkcCAQExCTAHBgUrDgMCGjBpBgkqhkiG9w0B +BwGgXARaeyJyZXZva2VkIjpbeyJpZCI6IjdhY2ZjZmRhZjZhMTRhZWJlOTdjNjFj +NTk0N2JjNGQzIiwiZXhwaXJlcyI6IjIwMTItMDgtMTRUMTc6NTg6NDhaIn1dfQ0K +MYIByjCCAcYCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx +ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu +c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq +hkiG9w0BAQEFAASCAQC2f05VHM7zjNT3TBO80AmZ00n7AEWUjbFe5nqIM8kWGM83 +01Bi3uU/nQ0daAd3tqCmDL2EfETAjD+xnIzjlN6eIA74Vy51wFD/KiyWYPWzw8mH +WcATHmE4E8kLdt8NhUodCY9TCFxcHJNDR1Eai/U7hH+5O4p9HcmMjv/GWegZL6HB +Up9Cxu6haxvPFmYylzM6Qt0Ad/WiO/JZLPTA4qXJEJSa9EMFMb0c2wSDSn30swJe +7J79VTFktTr2djv8KFvaHr4vLFYv2Y3ZkTeHqam0m91vllxLZJUP5QTSHjjY6LFE +5eEjIlOv9wOOm1uTtPIq6pxCugU1Wm7gstkqr55R +-----END CMS----- diff --git a/keystone-moon/examples/pki/gen_pki.sh b/keystone-moon/examples/pki/gen_pki.sh new file mode 100755 index 00000000..65550265 --- /dev/null +++ b/keystone-moon/examples/pki/gen_pki.sh @@ -0,0 +1,221 @@ +#!/bin/bash + +# Copyright 2012 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This script generates the crypto necessary for the SSL tests. + +DIR=`dirname "$0"` +CURRENT_DIR=`cd "$DIR" && pwd` +CERTS_DIR=$CURRENT_DIR/certs +PRIVATE_DIR=$CURRENT_DIR/private +CMS_DIR=$CURRENT_DIR/cms + + +function rm_old { + rm -rf $CERTS_DIR/*.pem + rm -rf $PRIVATE_DIR/*.pem +} + +function cleanup { + rm -rf *.conf > /dev/null 2>&1 + rm -rf index* > /dev/null 2>&1 + rm -rf *.crt > /dev/null 2>&1 + rm -rf newcerts > /dev/null 2>&1 + rm -rf *.pem > /dev/null 2>&1 + rm -rf serial* > /dev/null 2>&1 +} + +function generate_ca_conf { + echo ' +[ req ] +default_bits = 2048 +default_keyfile = cakey.pem +default_md = default + +prompt = no +distinguished_name = ca_distinguished_name + +x509_extensions = ca_extensions + +[ ca_distinguished_name ] +serialNumber = 5 +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +emailAddress = keystone@openstack.org +commonName = Self Signed + +[ ca_extensions ] +basicConstraints = critical,CA:true +' > ca.conf +} + +function generate_ssl_req_conf { + echo ' +[ req ] +default_bits = 2048 +default_keyfile = keystonekey.pem +default_md = default + +prompt = no +distinguished_name = distinguished_name + +[ distinguished_name ] +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +commonName = localhost +emailAddress = keystone@openstack.org +' > ssl_req.conf +} + +function generate_cms_signing_req_conf { + echo ' +[ req ] +default_bits = 2048 +default_keyfile = keystonekey.pem +default_md = default + +prompt = no +distinguished_name = distinguished_name + +[ distinguished_name ] +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +commonName = Keystone +emailAddress = keystone@openstack.org +' > cms_signing_req.conf +} + +function generate_signing_conf { + echo ' +[ ca ] +default_ca = signing_ca + +[ signing_ca ] +dir = . +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = $dir/certs/cacert.pem +serial = $dir/serial +private_key = $dir/private/cakey.pem + +default_days = 21360 +default_crl_days = 30 +default_md = default + +policy = policy_any + +[ policy_any ] +countryName = supplied +stateOrProvinceName = supplied +localityName = optional +organizationName = supplied +organizationalUnitName = supplied +emailAddress = supplied +commonName = supplied +' > signing.conf +} + +function setup { + touch index.txt + echo '10' > serial + generate_ca_conf + mkdir newcerts +} + +function check_error { + if [ $1 != 0 ] ; then + echo "Failed! rc=${1}" + echo 'Bailing ...' + cleanup + exit $1 + else + echo 'Done' + fi +} + +function generate_ca { + echo 'Generating New CA Certificate ...' + openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes + check_error $? +} + +function ssl_cert_req { + echo 'Generating SSL Certificate Request ...' + generate_ssl_req_conf + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout +} + +function cms_signing_cert_req { + echo 'Generating CMS Signing Certificate Request ...' + generate_cms_signing_req_conf + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout +} + +function issue_certs { + generate_signing_conf + echo 'Issuing SSL Certificate ...' + openssl ca -in ssl_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem + check_error $? + echo 'Issuing CMS Signing Certificate ...' + openssl ca -in cms_signing_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem + check_error $? +} + +function create_middleware_cert { + cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem + cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem +} + +function check_openssl { + echo 'Checking openssl availability ...' + which openssl + check_error $? +} + +function gen_sample_cms { + for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do + openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} + done +} + +check_openssl +rm_old +cleanup +setup +generate_ca +ssl_cert_req +cms_signing_cert_req +issue_certs +create_middleware_cert +gen_sample_cms +cleanup diff --git a/keystone-moon/examples/pki/private/cakey.pem b/keystone-moon/examples/pki/private/cakey.pem new file mode 100644 index 00000000..86ff4cfa --- /dev/null +++ b/keystone-moon/examples/pki/private/cakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCh1U+N3g2cjFi7 +GeVf21FIv8MDhughFCey9rysAuqFONSFYo2rectLgpDtVy4BFFUFlxmh8Ci9TEZ5 +LiA31tbc4584GxvlLt4dg8aFsUJRBKq0L9i7W5v9uFpHrY1Zr+P4vwG+v7IWOuzw +19f517eGpp6LLcj2vrpN9Yb63rrydKOqr0KJodMd+vFKmi+euFcPqs6sw1OiC5Dp +JN479CGl2Fs1WzMoKDedRNiXG7ysrVrYQIkfMBABBPIwilq1xXZz9Ybo0PbNgOu6 +xpSsy9hq+IzxcwYsr5CwIcbqW6Ju+Ti2iBEaff20lW7dFzO4kwrcqOr9Jnn7qE8Y +fJo9Hyj3AgMBAAECggEAPeEVaTaF190mNGyDczKmEv4X8CpOag+N2nVT0SXQTJ5d +TJ9RckbAwB+tkMLr+Uev9tI+39e3jCI1NDK56QAB6jYy9D4RXYGdNoXji80qgVYa +e4lsAr/Vlp8+DfhDew6xSbSnUytzSeLAJJsznvmn2Bmvt6ILHKXzEMoYEabGrtvk +0n31mmd6sszW6i1cYEhr3gK/VXaO4gM1oWit9aeIJDg3/D3UNUW7aoCTeCz91Gif +87/JH3UIPEIt960jb3oV7ltajRSpiSOfefJFwz/2n09+/P/Sg1+SWAraqkqaLqhO +zoslYSYUuOQv+j97iD/tDVBjiWR1TrzQjf/3noOl+QKBgQDTExaIe0YYI8KdBNZ6 +1cG3vztNWDh0PaP1n0n/bJYAGmAfxfn/gSrABXfeIAjy01f76EK2lPa/i8+DR7vL +dJnUMO10OxaIZKr+OtR1XrMM6kREj6H5yHTNz0sJ3hDEfwJ1BndqwrXlCLAe7upe +veXI9LVfPjPVmf8t9UwyxtaNiwKBgQDERzCGEuyKIeSfgytcdknJ0W+AbdkshC92 +tZQPbI35YOLac2/y7GMjjf5Xg5VJRIYwXAG8ha+61Tvd7+qCVdzNyYfyOoBEE69B +Gc9UdpXRfIjxokfidqh7mIIfjFNSI/UyVmvL9wrregXPcM+s7OlLC/0O82gOcNxU +GKF3oP5XxQKBgQCPZEZIjcZ+m7yYQzMZ26FwnL9Cug4QGdgLAx2YIkJ8624l568A +ftV2AcD+67Boll8NSSoZM3W1htuAifjwLNRcLKkD7yhNnGX1tC2lVqI4weWC1jjp +od6H+q01lOC7PLWEntH9ey1q3M4ZFaGunz89l9CnVXCNScLri9sqG56iJQKBgHOc +50UiInhe7HbU4ZauClq5Za9FhRXGqtqGrDbFn38UBavdMUTq3p6Txgwwcp/coBoe +J9uu90razU+2QPESuGPy4IPa17DB04pKNKiwzSC+9T83cpY/hJCAzazdkDqi+Yv0 +Abz7wE/h6Ug+T+WxCt3sqtvCnjlbWzyh4YJAr3BtAoGBAIibPCEfVOwOfMOXkhIb +liRVVGNxXQa6MwGVVfyR9gmlM85IjcBjh+Tf5+v3Mo286OlzLXQjfYW5pXR5Mgaw +bKe+z5AqJlOsA+lJGTyCNnPKwaXAYHt8dZ41WhgzekibHCx7EQ+8jH1jkz2Gwou6 +MDbnRu+e0FCyRFSuhB9Cim/K +-----END PRIVATE KEY----- diff --git a/keystone-moon/examples/pki/private/signing_key.pem b/keystone-moon/examples/pki/private/signing_key.pem new file mode 100644 index 00000000..acf84761 --- /dev/null +++ b/keystone-moon/examples/pki/private/signing_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEwuiHTXfQoNQ7 +IXK0+YEVURd+pxJo0gPUFnYpOwfduTyu9FOBeo+Kc/+SS+6ZSKP/KyeIyc/XHBO5 +tIgPiLgAbRIRMF5Bva4+OzstCeGcgxkoditQZe/DwPc8V0s8rFE0owSnQIdvXT2G +yWO3IGSdLgtwLX1XHmIgDiIteEnRXmdC2Sw1wbi2qlJkjK5isCfcADDgm/42wT/f +92HHdBmI5b60gVOAam/PzR2rMjuA6TzevDgKMg+a+Y1LVfEGTdN1IyLKLsfHtJay ++vjFbSaNDn1r5Uq5c0uRykq8mPrqqkBLsbWSqSTNjFfObo743PHg0goYdrIYQ4wX +ptxSJRylAgMBAAECggEBAIDQPVz/CXarI+ZGQotaYPisqx3+kN3QyDLcNaVOgRrW +P3UmfVjh/QEeae3ECkONu9e8z9gMjyX7uqo0F3NcBWI6Bb79FGgjnuQc8OPOeUZ2 +yUyk+DxdT/eu5+04FQh2o387TjuU0lXFDBem1sI30cbZMyHQliMnwAPOXO+5tVH8 +PusGNBMVvoCyfnj52uVjmAjPqLXyOMcKEhuJFbhnUURKvzkHRf43SWQsb081eh2m +ACQ7uNzX7vg3aPXxSZXY2+hHX67POdqosjddu6CfoXcEHAOAUujvTOFvd1gGRkRo +uOi5hNQqcN5uaqeq9enVThINDyFMzngZBhMCzRTWeK0CgYEA4qUhB7lJZLt9niDW +4Fudda1Pzu3XfxHsSG4D+xx5LunKb3ChG5x7PSLJvusfvnkm5fqhEEhbSVARo6Vn +AAA52u5SPDDNwyk1ttvBR/Fc7eGwpbRQry2I6ui6baKiIOSV2K3vJlsSK8/GMQqu +j0fstJuSvQR7Y6NUYxlWi+VNussCgYEA3j7tFAdGFc5JkeTHSzsU4h2+17uVDSSi +yr7Duc9+9fwAbsO4go9x1CAOvV2r0WX10jPsTGg1d31pWLvJrS6QsAffmM+A0QIT +eBX+umcavXWy69VExWa0xKU9wTE/nQvX9Fr8A+Klh/WfMcvoomK2zgOKoRSmes04 +WKYlHWsSaE8CgYBUYcZ6abG5n1SVmwRlY7asKWqdUE/7L2EZVlyFEYTMwp5r/zL8 +ZLY9fMZAHqoi8FhbJ4Tv2wChuv3WP66pgWwI5tIXNtRk5OLqwcakUmiW6IAsMYYY +sotXam5+gx55wKFJmvh+/0k0ppbTi3aSQeUPGRz44sJNxnGUs8pVK3pVIQKBgQDD +ga+lEtEAlbv6b7sx3wN79pbPyOBR84yRtkcPygzx74Gh7uL9V5rW9GyDAUgIqR0a +kTqp7HI8b0KhIHFFu9TkRcjY8JFtS9o8pXy0FcdcK5H+DFq3HKag5ovwy5YeXTDY +cMGJ2XOsqtIkSDCZySTvDgaBtVzOYoHS2jWEL5C92QKBgGmL2juXIB+HAi7UuKPg +nWkVTikt5Zr2GNgYtso75E7+ljaRuf4D9eEBiOD1qYKQm8KvsiVzEs71BSmT1p1C +b2hlM/5Crb7KumIkHTARQFr5NPwuBZ6NA6RLnd++vKi0WgOJtDAlR3bgwugfQdzZ +4Isaq9Rgfa/EHCKB2weQ7c3r +-----END PRIVATE KEY----- diff --git a/keystone-moon/examples/pki/private/ssl_key.pem b/keystone-moon/examples/pki/private/ssl_key.pem new file mode 100644 index 00000000..e2e68379 --- /dev/null +++ b/keystone-moon/examples/pki/private/ssl_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5dpW18l3bs+Mc +j/JdhaAa+qw1RJwShm06g+q38ZoCcCmRO3/XyHghgHWdVa+FKVm2ug923dE2PW4G +SI1pZa3iqbT9Yj70nxN+0l94iym+v9/P7irolvo5OWBbBIJT1Ubjps5fJ//gz6Bd +mwS0FuOy2qfKPnPhyBDH2VawtOgYMLk+PSG3YQh7vM2YvDALPTPz/f4qPmhQpb69 +KBJQElFXPQ9Nu0ABCPWWC2tN87L5pakFw5zq46pttSJ7Izc8MXh3KQrh9FvjmiQu +RnkMvQ/g887Sp6nEJ22ABPEFhuRr89aup6wRD2CkA/8L3zSB5BV7tTK4hQiq07cT +nV9Dv6bfAgMBAAECggEBAIB1K5L/kZUITulMptGyKUgmkjq/D98g7u0Vy/CmTkcc +Cx6F+LGsL9D8mfplDBKOpo4S530sfKk1+Uwu2ovDGqKhazQJ5ZMnz6gK7Ieg1ERD +wDDURTIeyKf0HtJMGD0av2QU+GIeYXQEO446PhLCu+n42zkQ8tDS8xSJbCsu0odV +ok6+i7nEg9sP4uDfAAtM8CUJbRpFTha+m2a7pOz3ylU7/ZV4FDIgJ+FEynaphXAo +bZE4MX5I7A4DDBp7/9g9HsgefByY4xiABuk7Rsyztyf2TrJEtcsVhiV4sCIIHsow +u60KGEcTQWj4npBIMgW1QUdrwmAAh/35gOjt9ZndgTkCgYEA2yT5DmihjVaNF65B +8VtdFcpESr8rr6FBmJ7z31m7MufeV1Inc5GqCK9agRmpr5sTYcgFB9it2IhW2WsA +xHv+7J04bd9DBtgTv58GWrISsCR/abMZnJrm+F5Rafk77jwjCx/SwFj79ybI83Ia +VJYMd7jqkxc00+DZT/3QWZqRrlsCgYEA2KeBBqUVdCpwNiJpgFM18HWjJx36HRk7 +YoFapXot/6R6A/rYmS+/goBZt2CWqqGtnXqWEZvH+v4L+WlUmYQrWwtoxpdR1oXz +EmlCxN7D9MbRVR7QVW24h5zdwPOlbCTGoKzowOs8UEjMfQ81zoMinLmcJgHQSyzs +OawgSF+DmM0CgYBQz26EELNaMktvKxQoE3/c9CyAv8Q1TKqqxBq8BxPP7s7/tkzU +AigIcdlW+Aapue7IxQCN5yocShJ0tE+hJPRZfpR7d7P4xx9pLxQhx766c4sEiEXu +iPSZK/artHuUG1r01DRcN7QabJP3qeDpxjcswuTFfu49H5IjPD5jfGsyNwKBgFjh +bvdQ5lo/xsUOnQV+HZTGTeaQT7l8TnZ85rkYRKKp0TysvgsqIYDiMuwd/fGGXnlK +fyI+LG51pmftpD1OkZLKPXOrRHGjhjK5aCDn2rAimGI5P/KsDpXj7r1ntyeEdtAX +32y1lIrDMtDjWomcFqkBJGQbPl540Xhfeub1+EDJAoGAUZGPT2itKnxEFsa1SKHW +yLeEsag/a9imAVyizo1WJn2WJaUhi1aHK49w6JRowIAzXXb7zLQt7BL8v+ydPVw3 +eySpXGqFuN/Prm3So0SeWllWcPsKFAzjgE0CWjNuB0GlAZGOaJOcWUNoOZjX/SDC +FpolIoaSad28tGc8tbEk3fU= +-----END PRIVATE KEY----- -- cgit 1.2.3-korg