** Description changed:
- It looks like Keystone hashes only PKI tokens -
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
- and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741
does not takes hashing into account (and checks only already hashed data and
hot hashing itself)
+ It looks like Keystone hashes only PKI tokens [1] and test
test_verify_signed_token_raises_exception_for_revoked_pkiz_token [2] does not
take hashing into account (and checks only already hashed data and not hashing
itself)
And that should make token revocation for PKIZ tokens broken.
+
+
+ [1]
https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/auth_token.py#L1399
+ [2]
https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/tests/test_auth_token_middleware.py#L741
** Also affects: keystonemiddleware
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1355125
Title:
keystonemiddleware appears not to hash PKIZ tokens
Status in OpenStack Identity (Keystone):
New
Status in OpenStack Identity (Keystone) Middleware:
New
Bug description:
It looks like Keystone hashes only PKI tokens [1] and test
test_verify_signed_token_raises_exception_for_revoked_pkiz_token [2] does not
take hashing into account (and checks only already hashed data and not hashing
itself)
And that should make token revocation for PKIZ tokens broken.
[1]
https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/auth_token.py#L1399
[2]
https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/tests/test_auth_token_middleware.py#L741
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1355125/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
