openstack/keystonemiddleware
Code Issues Proposed changes

Merge "Refactor extract method for offline validation"

Browse Source
This commit is contained in:
Jenkins 2015-07-21 02:27:16 +00:00 committed by Gerrit Code Review
commit 1285fb2337
1 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
keystonemiddleware/auth_token/__init__.py
View File

@ -804,24 +804,8 @@ class AuthProtocol(_BaseAuthProtocol):
# and needs to be checked.
self._revocations.check(token_hashes)
else:
verified = None
try:
if cms.is_pkiz(token):
verified = self._verify_pkiz_token(token, token_hashes)
elif cms.is_asn1_token(token):
verified = self._verify_signed_token(token,
token_hashes)
except exceptions.CertificateConfigError:
self.log.warning(_LW('Fetch certificate config failed, '
'fallback to online validation.'))
except exc.RevocationListError:
self.log.warning(_LW('Fetch revocation list failed, '
'fallback to online validation.'))
if verified is not None:
data = jsonutils.loads(verified)
else:
data = self._validate_offline(token, token_hashes)
if not data:
data = self._identity_server.verify_token(token)
self._token_cache.store(token_hashes[0], data)
@ -842,6 +826,25 @@ class AuthProtocol(_BaseAuthProtocol):
return data
def _validate_offline(self, token, token_hashes):
try:
if cms.is_pkiz(token):
verified = self._verify_pkiz_token(token, token_hashes)
elif cms.is_asn1_token(token):
verified = self._verify_signed_token(token, token_hashes)
else:
# Can't do offline validation for this type of token.
return
except exceptions.CertificateConfigError:
self.log.warning(_LW('Fetch certificate config failed, '
'fallback to online validation.'))
except exc.RevocationListError:
self.log.warning(_LW('Fetch revocation list failed, '
'fallback to online validation.'))
else:
data = jsonutils.loads(verified)
return data
def _validate_token(self, auth_ref):
super(AuthProtocol, self)._validate_token(auth_ref)