Public bug reported:
It looks like Keystone hashes only PKI tokens -
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741
does not takes hashing into account (and checks only already hashed data and
hot hashing itself)
And that should make token revocation for PKIZ tokens broken.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1355125
Title:
keystonemiddleware appears not to hash PKIZ tokens
Status in OpenStack Identity (Keystone):
New
Bug description:
It looks like Keystone hashes only PKI tokens -
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741
does not takes hashing into account (and checks only already hashed data and
hot hashing itself)
And that should make token revocation for PKIZ tokens broken.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1355125/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
