Ubuntu
python-cryptography package

  1. Bug #1752660
  2. Comment #5

Comment 5 for bug 1752660

Revision history for this message
Graham Hayes (grahamhayes) wrote : Re: keystone requires cffi to be installed for fernat tokens

The stack trace I am getting looks like:

    Traceback (most recent call last):
      File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 226, in __call__
        result = method(req, **params)
      File "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py", line 154, in authenticate_for_token
        parent_audit_id=token_audit_id)
      File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 116, in wrapped
        __ret_val = __f(*args, **kwargs)
      File "/usr/lib/python2.7/dist-packages/keystone/token/provider.py", line 210, in issue_token
        parent_audit_id=parent_audit_id)
      File "/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/core.py", line 53, in issue_token
        *args, **kwargs)
      File "/usr/lib/python2.7/dist-packages/keystone/token/providers/common.py", line 605, in issue_token
        token_id = self._get_token_id(token_data)
      File "/usr/lib/python2.7/dist-packages/keystone/token/providers/fernet/core.py", line 187, in _get_token_id
        app_cred_id=app_cred_id
      File "/usr/lib/python2.7/dist-packages/keystone/token/token_formatters.py", line 160, in create_token
        token = self.pack(serialized_payload)
      File "/usr/lib/python2.7/dist-packages/keystone/token/token_formatters.py", line 79, in pack
        return self.crypto.encrypt(payload).rstrip(b'=').decode('utf-8')
      File "/usr/lib/python2.7/dist-packages/cryptography/fernet.py", line 135, in encrypt
        return self._fernets[0].encrypt(msg)
      File "/usr/lib/python2.7/dist-packages/cryptography/fernet.py", line 51, in encrypt
        return self._encrypt_from_parts(data, current_time, iv)
      File "/usr/lib/python2.7/dist-packages/cryptography/fernet.py", line 62, in _encrypt_from_parts
        ciphertext = encryptor.update(padded_data) + encryptor.finalize()
      File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py", line 149, in update
        return self._ctx.update(data)
      File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 120, in update
        n = self.update_into(data, buf)
      File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 131, in update_into
        "unsigned char *", self._backend._ffi.from_buffer(buf)
    TypeError: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object

It looks like it is transitive via cryptography when using fernat encryption.