TOKEN-BASED AUTH MIDDLEWARE
This WSGI component:
Refer to: http://docs.openstack.org/developer/python-keystoneclient/ middlewarearchitecture.html
Bases: object
Auth Middleware that handles authenticating client calls.
Verifies the signature of the provided data’s IAW CMS syntax.
If either of the certificate files might be missing, fetch them and retry.
Return admin token, possibly fetching a new one.
if self.admin_token_expiry is set from fetching an admin token, check it for expiration, and request a new token is the existing token is about to expire.
:return admin token id :raise ServiceError when unable to retrieve token from keystone
Indicate whether the token appears in the revocation list.
Check that the token is unrevoked and has a valid signature.
Authenticate user token with keystone.
Parameters: |
|
---|---|
Returns: | token object received from keystone on success |
Raises: |
|
Bases: list
A lazy pool of cache references.
Context manager to manage a pooled cache reference.
Bases: exceptions.Exception
Bases: exceptions.Exception
Bases: object
Bases: exceptions.Exception
Bases: exceptions.Exception
Returns a WSGI filter app for use with paste.deploy.
URL-encode strings that are not already URL-encoded.
Determines if expiration is about to occur.
Parameters: | expiry – a datetime of the expected expiration |
---|---|
Returns: | boolean : true if expiration is within 30 seconds |
Utilities for memcache encryption and integrity check.
Data should be serialized before entering these functions. Encryption has a dependency on the pycrypto. If pycrypto is not available, CryptoUnavailableError will be raised.
This module will not be called unless signing or encryption is enabled in the config. It will always validate signatures, and will decrypt data if encryption is enabled. It is not valid to mix protection modes.
Bases: exceptions.Exception
raise when Python Crypto module is not available.
Bases: exceptions.Exception
raise when unable to decrypt encrypted data.
Bases: exceptions.Exception
raise when unable to verify MACed data.
This usually indicates that data had been expectedly modified in memcache.
Ensure Crypto module is available.
Returns True if both string inputs are equal, otherwise False.
This function should take a constant amount of time regardless of how many characters in the strings match.
Decrypt the data with the given secret key.
Derives keys for MAC and ENCRYPTION from the user-provided secret. The resulting keys should be passed to the protect and unprotect functions.
As suggested by NIST Special Publication 800-108, this uses the first 128 bits from the sha384 KDF for the obscured cache key value, the second 128 bits for the message authentication key and the remaining 128 bits for the encryption key.
This approach is faster than computing a separate hmac as the KDF for each desired key.
Encrypt the data with the given secret key.
Padding is n bytes of the value n, where 1 <= n <= blocksize.
Given keys generated by derive_keys(), returns a base64 encoded value suitable for use as a cache key in memcached.
Given keys and serialized data, returns an appropriately protected string suitable for storage in the cache.
Sign the data using the defined function and the derived key.
Given keys and cached string data, verifies the signature, decrypts if necessary, and returns the original serialized data.
S3 TOKEN MIDDLEWARE
This WSGI component:
Bases: object
Auth Middleware that handles S3 authenticating client calls.
Bases: exceptions.Exception
Returns a WSGI filter app for use with paste.deploy.
Validate and split the given HTTP request path.
Examples:
['a'] = split_path('/a')
['a', None] = split_path('/a', 1, 2)
['a', 'c'] = split_path('/a/c', 1, 2)
['a', 'c', 'o/r'] = split_path('/a/c/o/r', 1, 3, True)
Parameters: |
|
---|---|
Returns: | list of segments with a length of maxsegs (non-existant segments will return as None) |
Raises : | ValueError if given an invalid path |