[Openstack-security] [Bug 1355125] Re: keystonemiddleware appears not to hash PKIZ tokens

Dolph Mathews 1355125 at bugs.launchpad.net
Sun Sep 21 18:53:57 UTC 2014 

** Changed in: python-keystoneclient
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1355125

Title:
  keystonemiddleware appears not to hash PKIZ tokens

Status in OpenStack Identity  (Keystone) Middleware:
  Fix Released
Status in Python client library for Keystone:
  Fix Released

Bug description:
  It looks like Keystone hashes only PKI tokens [1] and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token [2] does not take hashing into account (and checks only already hashed data and not hashing itself)
  And that should make token revocation for PKIZ tokens broken.

  
  [1] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/auth_token.py#L1399
  [2] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/tests/test_auth_token_middleware.py#L741

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystonemiddleware/+bug/1355125/+subscriptions

More information about the Openstack-security mailing list