Refactor extract method for offline validation

Move the code for offline validation into a method so that it's easier to tell what this block of code is doing. Change-Id: Idd0a6c016c7b8878234e479b173f98c53d5aad4b
2015-07-11 07:13:45 -05:00 · 2015-07-11 07:13:45 -05:00 · 27564b078a
commit 27564b078a
parent 5179a163de
1 changed files with 21 additions and 18 deletions
--- a/keystonemiddleware/auth_token/init.py
+++ b/keystonemiddleware/auth_token/init.py
@ -706,24 +706,8 @@ class AuthProtocol(_BaseAuthProtocol):
                    # and needs to be checked.
                    self._revocations.check(token_hashes)
            else:
-                verified = None
-
-                try:
-                    if cms.is_pkiz(token):
-                        verified = self._verify_pkiz_token(token, token_hashes)
-                    elif cms.is_asn1_token(token):
-                        verified = self._verify_signed_token(token,
-                                                             token_hashes)
-                except exceptions.CertificateConfigError:
-                    self.log.warning(_LW('Fetch certificate config failed, '
-                                         'fallback to online validation.'))
-                except exc.RevocationListError:
-                    self.log.warning(_LW('Fetch revocation list failed, '
-                                         'fallback to online validation.'))
-
-                if verified is not None:
-                    data = jsonutils.loads(verified)
-                else:
+                data = self._validate_offline(token, token_hashes)
+                if not data:
                    data = self._identity_server.verify_token(token)

                self._token_cache.store(token_hashes[0], data)
@ -744,6 +728,25 @@ class AuthProtocol(_BaseAuthProtocol):

        return data

+    def _validate_offline(self, token, token_hashes):
+        try:
+            if cms.is_pkiz(token):
+                verified = self._verify_pkiz_token(token, token_hashes)
+            elif cms.is_asn1_token(token):
+                verified = self._verify_signed_token(token, token_hashes)
+            else:
+                # Can't do offline validation for this type of token.
+                return
+        except exceptions.CertificateConfigError:
+            self.log.warning(_LW('Fetch certificate config failed, '
+                                 'fallback to online validation.'))
+        except exc.RevocationListError:
+            self.log.warning(_LW('Fetch revocation list failed, '
+                                 'fallback to online validation.'))
+        else:
+            data = jsonutils.loads(verified)
+            return data
+
    def _validate_token(self, auth_ref):
        # 0 seconds of validity means is it valid right now.
        if auth_ref.will_expire_soon(stale_duration=0):