diff options
author | Adam Young <ayoung@redhat.com> | 2014-02-04 20:43:07 -0500 |
---|---|---|
committer | Morgan Fainberg <morgan.fainberg@gmail.com> | 2014-05-09 11:48:17 -0700 |
commit | 3d6d749e6f0fef682a88758e1a2f6c9e8e7bd23c (patch) | |
tree | b5ffa079f9bdd6214c581e872ea668217834d312 /keystoneclient/exceptions.py | |
parent | a95edc7f38d7c267f9efa6c4a413b4a04d2686b0 (diff) | |
download | python-keystoneclient-3d6d749e6f0fef682a88758e1a2f6c9e8e7bd23c.tar.gz |
Compressed Signature and Validation
Allows for a new form of document signature.
pkiz_sign will take data and encode it in a string that starts with
the substring "PKIZ_". This prefix indicates that the data has been:
1) Signed via PKI in Crypto Message Syntax (CMS) in binary (DER) format
2) Compressed using zlib (comparable to gzip)
3) urlsafe-base64 decoded
This process is reversed to validate the data.
middleware/auth_token.py will be capable of validating Keystone
tokens that are marshalled in the new format. The current existing
"PKI" tokens will continue to be identified with "MII", issued by
default, and validated as well. It will require corresponding changes
on the Keystone server to issue the new token format.
A separate script for generating the sample
data used in the unit tests,
examples/pki/gen_cmsz.py,
also serves as an example of how to
call the API from Python code.
Some of the sample data for the old tests had to be regenerated. A
stray comma in one of the JSON files made for non-parsing JSON.
Blueprint: compress-tokens
Closes-Bug: #1255321
Change-Id: Ia9a66ba3742da0bcd58c4c096b28cc8a66ad6569
Diffstat (limited to 'keystoneclient/exceptions.py')
-rw-r--r-- | keystoneclient/exceptions.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/keystoneclient/exceptions.py b/keystoneclient/exceptions.py index 4572af9..31f25cb 100644 --- a/keystoneclient/exceptions.py +++ b/keystoneclient/exceptions.py @@ -37,6 +37,14 @@ class CertificateConfigError(Exception): super(CertificateConfigError, self).__init__(msg) +class CMSError(Exception): + """Error reading the certificate""" + def __init__(self, output): + self.output = output + msg = ("Unable to sign or verify data.") + super(CMSError, self).__init__(msg) + + class EmptyCatalog(EndpointNotFound): """The service catalog is empty.""" pass |