From dfc29af20125b1e05f9f11bb8c6f7ac67b695dc5 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Mon, 18 Feb 2013 21:30:56 -0500
Subject: [PATCH] validate from backend

In certain cases we were depending on CMS to validate PKI tokens
but that is not necessary, and by passes the revocation check

Change-Id: I8fad2496500a1cdf8f6b41303baffa662fa28def
---
 keystone/token/controllers.py | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)

diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py
index c44f736..6edd700 100644
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@@ -402,20 +402,11 @@ class Auth(controller.V2Controller):
         """
         # TODO(termie): this stuff should probably be moved to middleware
         self.assert_admin(context)
-
-        if cms.is_ans1_token(token_id):
-            data = json.loads(cms.cms_verify(cms.token_to_cms(token_id),
-                                             CONF.signing.certfile,
-                                             CONF.signing.ca_certs))
-            data['access']['token']['user'] = data['access']['user']
-            data['access']['token']['metadata'] = data['access']['metadata']
-            if belongs_to:
-                assert data['access']['token']['tenant']['id'] == belongs_to
-            token_ref = data['access']['token']
-        else:
-            token_ref = self.token_api.get_token(context=context,
-                                                 token_id=token_id)
-        return token_ref
+        data = self.token_api.get_token(context=context,
+                                        token_id=token_id)
+        if belongs_to:
+                assert data['tenant']['id'] == belongs_to
+        return data
 
     # admin only
     def validate_token_head(self, context, token_id):
-- 
1.8.1.2