Comment 17 for bug 1490804

The attached code shows the modification of the binary data that still generates a valid token; it can be run from

python-keystoneclient/examples/pki and usese the sample tokens and certificates in the associated subdirectories.

This shows the modified bytes that successfully pass are:
77 78 79 80 81 82 83 85 86 87 88 3979 3980 3981 3982 3983 3985 3986 3987 3988 3991 3992 4364

The range 77 78 79 80 81 82 83 85 86 87 88 looks like the object identitfier s

1 3 14 3 2 26
and
1 2 840 113549 1 7 1

The last byte is padding.

To see the content of the token in PEM format

cat cms/auth_v3_token_scoped.pem | awk ' ! /---/ {print $1}'| base64 -d | /usr/lib64/nss/unsupported-tools/derdump > /tmp/tokendata