80 lines
2.6 KiB
Python
80 lines
2.6 KiB
Python
#!/usr/bin/python
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import json
|
|
import os
|
|
|
|
from keystoneclient.common import cms
|
|
|
|
CURRENT_DIR = os.path.abspath(os.path.dirname(__file__))
|
|
|
|
|
|
def make_filename(*args):
|
|
return os.path.join(CURRENT_DIR, *args)
|
|
|
|
|
|
CA_CERT_FILE_NAME = make_filename('certs', 'cacert.pem')
|
|
SIGNING_CERT_FILE_NAME = make_filename('certs', 'signing_cert.pem')
|
|
SIGNING_KEY_FILE_NAME = make_filename('private', 'signing_key.pem')
|
|
EXAMPLE_TOKENS = ['auth_token_revoked',
|
|
'auth_token_unscoped',
|
|
'auth_token_scoped',
|
|
'auth_token_scoped_expired',
|
|
'auth_v3_token_scoped',
|
|
'auth_v3_token_revoked']
|
|
|
|
|
|
# Helper script to generate the sample data for testing
|
|
# the signed tokens using the existing JSON data for the
|
|
# MII-prefixed tokens. Uses the keys and certificates
|
|
# generated in gen_pki.sh.
|
|
def generate_der_form(name):
|
|
derfile = make_filename('cms', '%s.der' % name)
|
|
with open(derfile, 'w') as f:
|
|
derform = cms.cms_sign_data(text,
|
|
SIGNING_CERT_FILE_NAME,
|
|
SIGNING_KEY_FILE_NAME, cms.PKIZ_CMS_FORM)
|
|
f.write(derform)
|
|
|
|
for name in EXAMPLE_TOKENS:
|
|
json_file = make_filename('cms', name + '.json')
|
|
pkiz_file = make_filename('cms', name + '.pkiz')
|
|
with open(json_file, 'r') as f:
|
|
string_data = f.read()
|
|
|
|
# validate the JSON
|
|
try:
|
|
token_data = json.loads(string_data)
|
|
except ValueError as v:
|
|
raise SystemExit('%s while processing token data from %s: %s' %
|
|
(v, json_file, string_data))
|
|
|
|
text = json.dumps(token_data).encode('utf-8')
|
|
|
|
# Uncomment to record the token uncompressed,
|
|
# useful for debugging
|
|
# generate_der_form(name)
|
|
|
|
encoded = cms.pkiz_sign(text,
|
|
SIGNING_CERT_FILE_NAME,
|
|
SIGNING_KEY_FILE_NAME)
|
|
|
|
# verify before writing
|
|
cms.pkiz_verify(encoded,
|
|
SIGNING_CERT_FILE_NAME,
|
|
CA_CERT_FILE_NAME)
|
|
|
|
with open(pkiz_file, 'w') as f:
|
|
f.write(encoded)
|