diff options
author | Adam Young <ayoung@redhat.com> | 2012-08-17 19:17:17 -0400 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2012-08-23 10:51:20 -0400 |
commit | 3fa4ba537e7d297aeb63554231d041da7ad2476f (patch) | |
tree | a68af65cb931573bdea07fd4d993eb641fa216cb /keystone/middleware | |
parent | f20cfbf34ea0667996e7dc918f6c453ad1bd81ad (diff) | |
download | keystone-3fa4ba537e7d297aeb63554231d041da7ad2476f.tar.gz keystone-3fa4ba537e7d297aeb63554231d041da7ad2476f.tar.xz keystone-3fa4ba537e7d297aeb63554231d041da7ad2476f.zip |
Fix auth_token middleware to fetch revocation list as admin.
Make the revocation list into a JSON document and get the Vary header.
This will also allow the revocation list to carry additional
information in the future, to include sufficient information for the
calling application to figure out how to get the certificates it
requires.
Bug 1038309
Change-Id: I4a41cbd8a7352e5b5f951027d6f2063b169bce89
Diffstat (limited to 'keystone/middleware')
-rw-r--r-- | keystone/middleware/auth_token.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py index 849d877c..5f9828b0 100644 --- a/keystone/middleware/auth_token.py +++ b/keystone/middleware/auth_token.py @@ -772,10 +772,14 @@ class AuthProtocol(object): f.write(value) def fetch_revocation_list(self): - response, data = self._http_request('GET', '/v2.0/tokens/revoked') + headers = {'X-Auth-Token': self.get_admin_token()} + response, data = self._json_request('GET', '/v2.0/tokens/revoked', + additional_headers=headers) if response.status != 200: raise ServiceError('Unable to fetch token revocation list.') - return self.cms_verify(data) + if (not 'signed' in data): + raise ServiceError('Revocation list inmproperly formatted.') + return self.cms_verify(data['signed']) def fetch_signing_cert(self): response, data = self._http_request('GET', |