← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #12378

[Bug 1299130] [NEW] Encode PKI token (back port changes to Havana)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Authenticating a user based on pre-existing PKI token is not supported
in Havana. PKI tokens are much longer and different from its id (id
column from token table). When PKI tokens are passed as token_id to POST
…/auth/tokens, it does not encode PKI token to generate its ID which is
happening in IceHouse.

Havana is missing this if statement:

if isinstance(token_id, six.text_type):
            token_id = token_id.encode('utf-8')

https://github.com/openstack/keystone/blob/stable/havana/keystone/common/cms.py

if is_ans1_token(token_id):
        hasher = hashlib.md5()
        hasher.update(token_id)
        return hasher.hexdigest()

IceHouse version:

if is_ans1_token(token_id):
        hasher = hashlib.md5()
        if isinstance(token_id, six.text_type):
            token_id = token_id.encode('utf-8')
        hasher.update(token_id)
        return hasher.hexdigest()

Is it possible to backport these changes into Havana?


More info: 
https://ask.openstack.org/en/question/25971/is-there-a-rest-api-to-retrieve-token-id-id-column-from-token-table-of-an-pki-token/

** Affects: keystone
     Importance: Undecided
     Assignee: Priti Desai (priti-desai)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Priti Desai (priti-desai)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1299130

Title:
  Encode PKI token (back port changes to Havana)

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Authenticating a user based on pre-existing PKI token is not supported
  in Havana. PKI tokens are much longer and different from its id (id
  column from token table). When PKI tokens are passed as token_id to
  POST …/auth/tokens, it does not encode PKI token to generate its ID
  which is happening in IceHouse.

  Havana is missing this if statement:

  if isinstance(token_id, six.text_type):
              token_id = token_id.encode('utf-8')

  https://github.com/openstack/keystone/blob/stable/havana/keystone/common/cms.py

  if is_ans1_token(token_id):
          hasher = hashlib.md5()
          hasher.update(token_id)
          return hasher.hexdigest()

  IceHouse version:

  if is_ans1_token(token_id):
          hasher = hashlib.md5()
          if isinstance(token_id, six.text_type):
              token_id = token_id.encode('utf-8')
          hasher.update(token_id)
          return hasher.hexdigest()

  Is it possible to backport these changes into Havana?

  
  More info: 
  https://ask.openstack.org/en/question/25971/is-there-a-rest-api-to-retrieve-token-id-id-column-from-token-table-of-an-pki-token/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1299130/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next