diff options
author | David Höppner <0xffea@gmail.com> | 2013-02-22 18:43:56 +0100 |
---|---|---|
committer | David Höppner <0xffea@gmail.com> | 2013-03-06 21:11:33 +0100 |
commit | b1474da1413b0334b8975875ebb584df8a1342f5 (patch) | |
tree | 4b3e2604552b72266b2ae117acffb08f93aeec3b /keystone/token | |
parent | 1f7c863a9ce3df695fbc98c3a53f0e6b4d172e4d (diff) | |
download | keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.gz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.tar.xz keystone-b1474da1413b0334b8975875ebb584df8a1342f5.zip |
unable to load certificate should abort request
If openssl returns with a command line error (3), we assume
the PKI certificate is not properly installed. Added
'try ... except' blocks to cms_sign_text and cms_sign_token
calls.
Fixes: bug #1103569
Change-Id: Iad98738e990d3ab1ec0d0015840d76cf948ae560
Diffstat (limited to 'keystone/token')
-rw-r--r-- | keystone/token/controllers.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py index ade2af4f..4474deaa 100644 --- a/keystone/token/controllers.py +++ b/keystone/token/controllers.py @@ -1,4 +1,5 @@ import json +import subprocess import uuid from keystone.common import cms @@ -114,13 +115,17 @@ class Auth(controller.V2Controller): if CONF.signing.token_format == 'UUID': token_id = uuid.uuid4().hex elif CONF.signing.token_format == 'PKI': - token_id = cms.cms_sign_token(json.dumps(token_data), - CONF.signing.certfile, - CONF.signing.keyfile) + try: + token_id = cms.cms_sign_token(json.dumps(token_data), + CONF.signing.certfile, + CONF.signing.keyfile) + except subprocess.CalledProcessError: + raise exception.UnexpectedError(_( + 'Unable to sign token.')) else: - raise exception.UnexpectedError( + raise exception.UnexpectedError(_( 'Invalid value for token_format: %s.' - ' Allowed values are PKI or UUID.' % + ' Allowed values are PKI or UUID.') % CONF.signing.token_format) try: self.token_api.create_token( |