[Bug 1355125] Re: keystonemiddleware appears not to hash PKIZ tokens
Chuck Short
chuck.short at canonical.com
Fri Oct 21 20:12:09 UTC 2016
** Changed in: python-keystonemiddleware (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-keystonemiddleware in Ubuntu.
https://bugs.launchpad.net/bugs/1355125
Title:
keystonemiddleware appears not to hash PKIZ tokens
Status in keystonemiddleware:
Fix Released
Status in python-keystoneclient:
Fix Released
Status in python-keystonemiddleware package in Ubuntu:
Fix Released
Bug description:
It looks like Keystone hashes only PKI tokens [1] and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token [2] does not take hashing into account (and checks only already hashed data and not hashing itself)
And that should make token revocation for PKIZ tokens broken.
[1] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/auth_token.py#L1399
[2] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/tests/test_auth_token_middleware.py#L741
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystonemiddleware/+bug/1355125/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list