aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/token/_simple_cert.py
blob: 9c3692556a6057939e64469d2187fae777591600 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# TODO(morganfainberg): Remove this file and extension in the "O" release as
# it is only used in support of the PKI/PKIz token providers.
import functools

from oslo_config import cfg
import webob

from keystone.common import controller
from keystone.common import dependency
from keystone.common import extension
from keystone.common import json_home
from keystone.common import wsgi
from keystone import exception


CONF = cfg.CONF
EXTENSION_DATA = {
    'name': 'OpenStack Simple Certificate API',
    'namespace': 'http://docs.openstack.org/identity/api/ext/'
                 'OS-SIMPLE-CERT/v1.0',
    'alias': 'OS-SIMPLE-CERT',
    'updated': '2014-01-20T12:00:0-00:00',
    'description': 'OpenStack simple certificate retrieval extension',
    'links': [
        {
            'rel': 'describedby',
            'type': 'text/html',
            'href': 'http://developer.openstack.org/'
                    'api-ref-identity-v2-ext.html',
        }
    ]}
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)

build_resource_relation = functools.partial(
    json_home.build_v3_extension_resource_relation,
    extension_name='OS-SIMPLE-CERT', extension_version='1.0')


class Routers(wsgi.RoutersBase):

    def _construct_url(self, suffix):
        return "/OS-SIMPLE-CERT/%s" % suffix

    def append_v3_routers(self, mapper, routers):
        controller = SimpleCert()

        self._add_resource(
            mapper, controller,
            path=self._construct_url('ca'),
            get_action='get_ca_certificate',
            rel=build_resource_relation(resource_name='ca_certificate'))
        self._add_resource(
            mapper, controller,
            path=self._construct_url('certificates'),
            get_action='list_certificates',
            rel=build_resource_relation(resource_name='certificates'))


@dependency.requires('token_provider_api')
class SimpleCert(controller.V3Controller):

    def _get_certificate(self, name):
        try:
            with open(name, 'r') as f:
                body = f.read()
        except IOError:
            raise exception.CertificateFilesUnavailable()

        # NOTE(jamielennox): We construct the webob Response ourselves here so
        # that we don't pass through the JSON encoding process.
        headers = [('Content-Type', 'application/x-pem-file')]
        return webob.Response(body=body, headerlist=headers, status="200 OK")

    def get_ca_certificate(self, context):
        return self._get_certificate(CONF.signing.ca_certs)

    def list_certificates(self, context):
        return self._get_certificate(CONF.signing.certfile)