auth_token middleware fails to fetch CA Cert

If PKI tokens are enabled, the auth_token middleware never fetches the CA Cert. It will fetch the signing cert.

TO reproduce. Run devstack. Kill Keystone and change the Keystone.conf file, set
[signing]
disable_pki = False

Then rerun Keytstone. keystone token-get will now return a huge token.

run galnce image-list and you will see an error indicating an invalid auth token.

The following change fixes the problem, and indicated the root cause: the test for cert file was specific to one of the two files (the signing cert) and thus was never testing for the CA cert.

[ayoung@ayoung keystone]$ git diff
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.
index c82e5ef..e042dbb 100644
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@@ -565,8 +565,8 @@ class AuthProtocol(object):
                             time=self.token_cache_time)

     def cert_file_missing(self, called_proc_err, file_name):
- return (called_proc_err.output.find(self.signing_cert_file_name)
- and not os.path.exists(self.signing_cert_file_name))
+ return (called_proc_err.output.find(file_name)
+ and not os.path.exists(file_name))

     def verify_uuid_token(self, user_token, retry=True):
         """Authenticate user token with keystone.