Refactor extract method for offline validation

Move the code for offline validation into a method so that it's easier to tell what this block of code is doing. Change-Id: Idd0a6c016c7b8878234e479b173f98c53d5aad4b
author: Brant Knudson <bknudson@us.ibm.com> 2015-07-11 07:13:45 -0500
committer: Brant Knudson <bknudson@us.ibm.com> 2015-07-11 07:19:27 -0500
commit: 27564b078a41b6fdb1061f3cbe26f61d345eefbb (patch)
tree: 7241820d3df47e1feb4e544472ea970b77c1c35e
parent: 5179a163de348c4bdf75f993e6d800456f388aad (diff)
download: keystonemiddleware-27564b078a41b6fdb1061f3cbe26f61d345eefbb.tar.gz
1 files changed, 21 insertions, 18 deletions
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index bec820d..326ac59 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -706,24 +706,8 @@ class AuthProtocol(_BaseAuthProtocol):
                     # and needs to be checked.
                     self._revocations.check(token_hashes)
             else:
-                verified = None
-
-                try:
-                    if cms.is_pkiz(token):
-                        verified = self._verify_pkiz_token(token, token_hashes)
-                    elif cms.is_asn1_token(token):
-                        verified = self._verify_signed_token(token,
-                                                             token_hashes)
-                except exceptions.CertificateConfigError:
-                    self.log.warning(_LW('Fetch certificate config failed, '
-                                         'fallback to online validation.'))
-                except exc.RevocationListError:
-                    self.log.warning(_LW('Fetch revocation list failed, '
-                                         'fallback to online validation.'))
-
-                if verified is not None:
-                    data = jsonutils.loads(verified)
-                else:
+                data = self._validate_offline(token, token_hashes)
+                if not data:
                     data = self._identity_server.verify_token(token)
 
                 self._token_cache.store(token_hashes[0], data)
@@ -744,6 +728,25 @@ class AuthProtocol(_BaseAuthProtocol):
 
         return data
 
+    def _validate_offline(self, token, token_hashes):
+        try:
+            if cms.is_pkiz(token):
+                verified = self._verify_pkiz_token(token, token_hashes)
+            elif cms.is_asn1_token(token):
+                verified = self._verify_signed_token(token, token_hashes)
+            else:
+                # Can't do offline validation for this type of token.
+                return
+        except exceptions.CertificateConfigError:
+            self.log.warning(_LW('Fetch certificate config failed, '
+                                 'fallback to online validation.'))
+        except exc.RevocationListError:
+            self.log.warning(_LW('Fetch revocation list failed, '
+                                 'fallback to online validation.'))
+        else:
+            data = jsonutils.loads(verified)
+            return data
+
     def _validate_token(self, auth_ref):
         # 0 seconds of validity means is it valid right now.
         if auth_ref.will_expire_soon(stale_duration=0):
author	Brant Knudson <bknudson@us.ibm.com>	2015-07-11 07:13:45 -0500
committer	Brant Knudson <bknudson@us.ibm.com>	2015-07-11 07:19:27 -0500
commit	27564b078a41b6fdb1061f3cbe26f61d345eefbb (patch)
tree	7241820d3df47e1feb4e544472ea970b77c1c35e
parent	5179a163de348c4bdf75f993e6d800456f388aad (diff)
download	keystonemiddleware-27564b078a41b6fdb1061f3cbe26f61d345eefbb.tar.gz