2014-08-11 10:54:47 |
Kirill Zaborsky |
bug |
|
|
added bug |
2014-08-11 13:35:24 |
Lance Bragstad |
description |
It looks like Keystone hashes only PKI tokens - https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token.py#L1399
and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token in https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/test_auth_token_middleware.py#L741 does not takes hashing into account (and checks only already hashed data and hot hashing itself)
And that should make token revocation for PKIZ tokens broken. |
It looks like Keystone hashes only PKI tokens [1] and test test_verify_signed_token_raises_exception_for_revoked_pkiz_token [2] does not take hashing into account (and checks only already hashed data and not hashing itself)
And that should make token revocation for PKIZ tokens broken.
[1] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/auth_token.py#L1399
[2] https://github.com/openstack/keystonemiddleware/blob/c9036a00ef3f7c4b9475799d5b713db7a2d94961/keystonemiddleware/tests/test_auth_token_middleware.py#L741 |
|
2014-08-11 13:36:18 |
Lance Bragstad |
bug task added |
|
keystonemiddleware |
|
2014-08-12 15:17:38 |
Dolph Mathews |
keystone: importance |
Undecided |
Critical |
|
2014-08-12 15:17:39 |
Dolph Mathews |
keystonemiddleware: importance |
Undecided |
Critical |
|
2014-08-12 15:17:41 |
Dolph Mathews |
keystone: status |
New |
Triaged |
|
2014-08-12 15:17:43 |
Dolph Mathews |
keystonemiddleware: status |
New |
Triaged |
|
2014-08-12 15:17:52 |
Dolph Mathews |
keystone: milestone |
|
juno-3 |
|
2014-08-12 15:18:00 |
Dolph Mathews |
tags |
|
pki |
|
2014-08-12 15:45:07 |
Adam Young |
keystonemiddleware: assignee |
|
Adam Young (ayoung) |
|
2014-08-15 20:16:17 |
OpenStack Infra |
keystonemiddleware: status |
Triaged |
In Progress |
|
2014-08-15 20:16:17 |
OpenStack Infra |
keystonemiddleware: assignee |
Adam Young (ayoung) |
Morgan Fainberg (mdrnstm) |
|
2014-08-15 20:20:25 |
Dolph Mathews |
tags |
pki |
pki security |
|
2014-08-15 20:32:43 |
OpenStack Infra |
keystonemiddleware: assignee |
Morgan Fainberg (mdrnstm) |
Adam Young (ayoung) |
|
2014-08-15 20:33:14 |
Adam Young |
bug task added |
|
python-keystoneclient |
|
2014-08-15 20:34:43 |
Adam Young |
bug task deleted |
keystone |
|
|
2014-08-15 20:34:49 |
Adam Young |
python-keystoneclient: assignee |
|
Adam Young (ayoung) |
|
2014-08-15 20:43:46 |
OpenStack Infra |
python-keystoneclient: status |
New |
In Progress |
|
2014-08-19 15:25:01 |
OpenStack Infra |
keystonemiddleware: assignee |
Adam Young (ayoung) |
Brant Knudson (blk-u) |
|
2014-08-20 17:31:05 |
OpenStack Infra |
keystonemiddleware: status |
In Progress |
Fix Committed |
|
2014-08-21 17:09:28 |
Dolph Mathews |
keystonemiddleware: milestone |
|
1.2.0 |
|
2014-08-21 17:14:25 |
Dolph Mathews |
keystonemiddleware: milestone |
1.2.0 |
1.1.1 |
|
2014-08-21 17:18:23 |
Dolph Mathews |
keystonemiddleware: status |
Fix Committed |
Fix Released |
|
2014-08-25 21:34:24 |
Dolph Mathews |
python-keystoneclient: importance |
Undecided |
Critical |
|
2014-08-26 00:18:32 |
OpenStack Infra |
python-keystoneclient: status |
In Progress |
Fix Committed |
|
2014-09-18 16:12:21 |
David Stanek |
python-keystoneclient: milestone |
|
0.11.0 |
|
2014-09-21 18:53:57 |
Dolph Mathews |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|
2015-06-29 03:23:27 |
Sam Morrison |
bug task added |
|
python-keystonemiddleware (Ubuntu) |
|
2016-10-21 20:12:09 |
Chuck Short |
python-keystonemiddleware (Ubuntu): status |
New |
Fix Released |
|