93 lines
3.2 KiB
Python
93 lines
3.2 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# TODO(morganfainberg): Remove this file and extension in the "O" release as
|
|
# it is only used in support of the PKI/PKIz token providers.
|
|
import functools
|
|
|
|
import webob
|
|
|
|
from keystone.common import controller
|
|
from keystone.common import dependency
|
|
from keystone.common import extension
|
|
from keystone.common import json_home
|
|
from keystone.common import wsgi
|
|
import keystone.conf
|
|
from keystone import exception
|
|
|
|
|
|
CONF = keystone.conf.CONF
|
|
EXTENSION_DATA = {
|
|
'name': 'OpenStack Simple Certificate API',
|
|
'namespace': 'https://docs.openstack.org/identity/api/ext/'
|
|
'OS-SIMPLE-CERT/v1.0',
|
|
'alias': 'OS-SIMPLE-CERT',
|
|
'updated': '2014-01-20T12:00:0-00:00',
|
|
'description': 'OpenStack simple certificate retrieval extension',
|
|
'links': [
|
|
{
|
|
'rel': 'describedby',
|
|
'type': 'text/html',
|
|
'href': 'https://developer.openstack.org/'
|
|
'api-ref-identity-v2-ext.html',
|
|
}
|
|
]}
|
|
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
|
|
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
|
|
|
|
build_resource_relation = functools.partial(
|
|
json_home.build_v3_extension_resource_relation,
|
|
extension_name='OS-SIMPLE-CERT', extension_version='1.0')
|
|
|
|
|
|
class Routers(wsgi.RoutersBase):
|
|
|
|
def _construct_url(self, suffix):
|
|
return "/OS-SIMPLE-CERT/%s" % suffix
|
|
|
|
def append_v3_routers(self, mapper, routers):
|
|
controller = SimpleCert()
|
|
|
|
self._add_resource(
|
|
mapper, controller,
|
|
path=self._construct_url('ca'),
|
|
get_head_action='get_ca_certificate',
|
|
rel=build_resource_relation(resource_name='ca_certificate'))
|
|
self._add_resource(
|
|
mapper, controller,
|
|
path=self._construct_url('certificates'),
|
|
get_head_action='list_certificates',
|
|
rel=build_resource_relation(resource_name='certificates'))
|
|
|
|
|
|
@dependency.requires('token_provider_api')
|
|
class SimpleCert(controller.V3Controller):
|
|
|
|
def _get_certificate(self, name):
|
|
try:
|
|
with open(name, 'r') as f:
|
|
body = f.read()
|
|
except IOError:
|
|
raise exception.CertificateFilesUnavailable()
|
|
|
|
# NOTE(jamielennox): We construct the webob Response ourselves here so
|
|
# that we don't pass through the JSON encoding process.
|
|
headers = [('Content-Type', 'application/x-pem-file')]
|
|
return webob.Response(body=body, headerlist=headers,
|
|
status="200 OK", charset='utf-8')
|
|
|
|
def get_ca_certificate(self, context):
|
|
return self._get_certificate(CONF.signing.ca_certs)
|
|
|
|
def list_certificates(self, context):
|
|
return self._get_certificate(CONF.signing.certfile)
|