From 51ced1392f44ad4a98cc885d0ff535e40c52de50 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Thu, 3 Sep 2015 13:00:14 -0400
Subject: [PATCH] Use the Keystoneclient code to hash the token.

---
 openstack_auth/user.py | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index 72c8638..caf19c9 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -11,7 +11,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import hashlib
 import logging
 
 from django.conf import settings
@@ -83,18 +82,13 @@ class Token(object):
         # Token-related attributes
         self.id = auth_ref.auth_token
         self.unscoped_token = unscoped_token
-        if (_TOKEN_HASH_ENABLED and
-                (keystone_cms.is_asn1_token(self.id)
-                    or keystone_cms.is_pkiz(self.id))):
+        if (_TOKEN_HASH_ENABLED):
             algorithm = getattr(settings, 'OPENSTACK_TOKEN_HASH_ALGORITHM',
                                 'md5')
-            hasher = hashlib.new(algorithm)
-            hasher.update(self.id)
-            self.id = hasher.hexdigest()
+            self.id = keystone_cms.cms_hash_token(self.id, algorithm)
             # If the scoped_token is long, then unscoped_token must be too.
-            hasher = hashlib.new(algorithm)
-            hasher.update(self.unscoped_token)
-            self.unscoped_token = hasher.hexdigest()
+            self.unscoped_token = keystone_cms.cms_hash_token(
+                self.unscoped_token, algorithm)
         self.expires = auth_ref.expires
 
         # Project-related attributes
-- 
2.4.3