diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2015-07-11 07:13:45 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2015-07-11 07:19:27 -0500 |
commit | 27564b078a41b6fdb1061f3cbe26f61d345eefbb (patch) | |
tree | 7241820d3df47e1feb4e544472ea970b77c1c35e | |
parent | 5179a163de348c4bdf75f993e6d800456f388aad (diff) | |
download | keystonemiddleware-27564b078a41b6fdb1061f3cbe26f61d345eefbb.tar.gz |
Refactor extract method for offline validation
Move the code for offline validation into a method so that it's
easier to tell what this block of code is doing.
Change-Id: Idd0a6c016c7b8878234e479b173f98c53d5aad4b
-rw-r--r-- | keystonemiddleware/auth_token/__init__.py | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py index bec820d..326ac59 100644 --- a/keystonemiddleware/auth_token/__init__.py +++ b/keystonemiddleware/auth_token/__init__.py @@ -706,24 +706,8 @@ class AuthProtocol(_BaseAuthProtocol): # and needs to be checked. self._revocations.check(token_hashes) else: - verified = None - - try: - if cms.is_pkiz(token): - verified = self._verify_pkiz_token(token, token_hashes) - elif cms.is_asn1_token(token): - verified = self._verify_signed_token(token, - token_hashes) - except exceptions.CertificateConfigError: - self.log.warning(_LW('Fetch certificate config failed, ' - 'fallback to online validation.')) - except exc.RevocationListError: - self.log.warning(_LW('Fetch revocation list failed, ' - 'fallback to online validation.')) - - if verified is not None: - data = jsonutils.loads(verified) - else: + data = self._validate_offline(token, token_hashes) + if not data: data = self._identity_server.verify_token(token) self._token_cache.store(token_hashes[0], data) @@ -744,6 +728,25 @@ class AuthProtocol(_BaseAuthProtocol): return data + def _validate_offline(self, token, token_hashes): + try: + if cms.is_pkiz(token): + verified = self._verify_pkiz_token(token, token_hashes) + elif cms.is_asn1_token(token): + verified = self._verify_signed_token(token, token_hashes) + else: + # Can't do offline validation for this type of token. + return + except exceptions.CertificateConfigError: + self.log.warning(_LW('Fetch certificate config failed, ' + 'fallback to online validation.')) + except exc.RevocationListError: + self.log.warning(_LW('Fetch revocation list failed, ' + 'fallback to online validation.')) + else: + data = jsonutils.loads(verified) + return data + def _validate_token(self, auth_ref): # 0 seconds of validity means is it valid right now. if auth_ref.will_expire_soon(stale_duration=0): |