diff options
author | David Höppner <0xffea@gmail.com> | 2013-02-22 18:43:56 +0100 |
---|---|---|
committer | David Höppner <0xffea@gmail.com> | 2013-03-06 21:11:33 +0100 |
commit | b1474da1413b0334b8975875ebb584df8a1342f5 (patch) | |
tree | 4b3e2604552b72266b2ae117acffb08f93aeec3b /keystone/auth | |
parent | 1f7c863a9ce3df695fbc98c3a53f0e6b4d172e4d (diff) | |
download | keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.gz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.xz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.zip |
unable to load certificate should abort request
If openssl returns with a command line error (3), we assume
the PKI certificate is not properly installed. Added
'try ... except' blocks to cms_sign_text and cms_sign_token
calls.
Fixes: bug #1103569
Change-Id: Iad98738e990d3ab1ec0d0015840d76cf948ae560
Diffstat (limited to 'keystone/auth')
-rw-r--r-- | keystone/auth/token_factory.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index 8460aec6..e2c84107 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -17,6 +17,7 @@ """Token Factory""" import json +import subprocess import uuid import webob @@ -255,13 +256,17 @@ def create_token(context, auth_context, auth_info): if CONF.signing.token_format == 'UUID': token_id = uuid.uuid4().hex elif CONF.signing.token_format == 'PKI': - token_id = cms.cms_sign_token(json.dumps(token_data), - CONF.signing.certfile, - CONF.signing.keyfile) + try: + token_id = cms.cms_sign_token(json.dumps(token_data), + CONF.signing.certfile, + CONF.signing.keyfile) + except subprocess.CalledProcessError: + raise exception.UnexpectedError(_( + 'Unable to sign token.')) else: - raise exception.UnexpectedError( + raise exception.UnexpectedError(_( 'Invalid value for token_format: %s.' - ' Allowed values are PKI or UUID.' % + ' Allowed values are PKI or UUID.') % CONF.signing.token_format) token_api = token_module.Manager() try: |