[openstack-dev] Quantum/Keystone issue (401) seems to be due to encoding
Yee, Guang
guang.yee at hp.com
Wed Nov 7 21:57:40 UTC 2012
The text Adam pasted
-----BEGIN CMS-----
MIIBQwYJKoZIhvcNAQcCoIIBNDCCATACAQExCTAHBgUrDgMCGjAeBgkqhkiG9w0B
BwGgEQQPeyJyZXZva2VkIjogW119MYH/MIH8AgEBMFwwVzELMAkGA1UEBhMCVVMx
DjAMBgNVBAgTBVVuc2V0MQ4wDAYDVQQHEwVVbnNldDEOMAwGA1UEChMFVW5zZXQx
GDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbQIBATAHBgUrDgMCGjANBgkqhkiG9w0B
AQEFAASBgIPLThGutiaKye5AYYdF3z7FGztoQsCaaqHKHVgtEHk3bM7k5ZqIsNN/
YMUKE8l87UHwto0BZ3WF6IqXzSRCKrm11bzTbKMna5I1vmSanDG/Ws6CyXQRaQeb
1IebcfL+tPWFLN5Y6WsuSobGCGV30wll1F0qgfXCwDkEinVc35vC
-----END CMS-----
yield the following
openssl cms -cmsout -in /tmp/cms.txt -inform PEM -print
CMS_ContentInfo:
contentType: pkcs7-signedData (1.2.840.113549.1.7.2)
d.signedData:
version: 1
digestAlgorithms:
algorithm: sha1 (1.3.14.3.2.26)
parameter: <ABSENT>
encapContentInfo:
eContentType: pkcs7-data (1.2.840.113549.1.7.1)
eContent:
0000 - 7b 22 72 65 76 6f 6b 65-64 22 3a 20 5b 5d 7d {"revoked":
[]}
certificates:
<EMPTY>
crls:
<EMPTY>
signerInfos:
version: 1
d.issuerAndSerialNumber:
issuer: C=US, ST=Unset, L=Unset, O=Unset, CN=www.example.com
serialNumber: 1
digestAlgorithm:
algorithm: sha1 (1.3.14.3.2.26)
parameter: <ABSENT>
signedAttrs:
<EMPTY>
signatureAlgorithm:
algorithm: rsaEncryption (1.2.840.113549.1.1.1)
parameter: NULL
signature:
0000 - 83 cb 4e 11 ae b6 26 8a-c9 ee 40 61 87 45 df
..N...&... at a.E.
000f - 3e c5 1b 3b 68 42 c0 9a-6a a1 ca 1d 58 2d 10
>..;hB..j...X-.
001e - 79 37 6c ce e4 e5 9a 88-b0 d3 7f 60 c5 0a 13
y7l........`...
002d - c9 7c ed 41 f0 b6 8d 01-67 75 85 e8 8a 97 cd
.|.A....gu.....
003c - 24 42 2a b9 b5 d5 bc d3-6c a3 27 6b 92 35 be
$B*.....l.'k.5.
004b - 64 9a 9c 31 bf 5a ce 82-c9 74 11 69 07 9b d4
d..1.Z...t.i...
005a - 87 9b 71 f2 fe b4 f5 85-2c de 58 e9 6b 2e 4a
..q.....,.X.k.J
0069 - 86 c6 08 65 77 d3 09 65-d4 5d 2a 81 f5 c2 c0
...ew..e.]*....
0078 - 39 04 8a 75 5c df 9b c2- 9..u\...
unsignedAttrs:
<EMPTY>
Where's this cert come from?
"issuer: C=US, ST=Unset, L=Unset, O=Unset, CN=www.example.com"
Guang
From: Adam [mailto:adam at younglogic.com]
Sent: Wednesday, November 07, 2012 1:07 PM
To: Gary Kotton; Yee, Guang; OpenStack Development Mailing List
Subject: Quantum/Keystone issue (401) seems to be due to encoding
I get the following erros when trying to decode the revocation list:
1. 140580198655840:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
2. 140580198655840:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:795:
3. 140580198655840:error:2E09A09E:CMS
routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:899:
4. 140580198655840:error:2E09D06D:CMS routines:CMS_verify:content verify
error:cms_smime.c:425:
The biggest difference I can see between this and the successful runs in the
other projects is that this one comes in enced as unicode, elsewhere we see
it as string.
The data is coming through OK. I can see:
{"revoked": []}
So I think the DER encoding is getting messed up in translation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121107/552a949a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6186 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121107/552a949a/attachment.bin>
More information about the OpenStack-dev
mailing list