1 |
commit: 89b782177108a0495f08c180ecf92b0eba2bad3d |
2 |
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Feb 2 16:07:53 2016 +0000 |
4 |
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Feb 2 16:09:24 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89b78217 |
7 |
|
8 |
dev-python/keystonemiddleware: fixing bug 573660 CVE-2015-7546 |
9 |
|
10 |
Package-Manager: portage-2.2.26 |
11 |
|
12 |
.../files/CVE-2015-7546_2.3.2.patch | 596 +++++++++++++++++++++ |
13 |
.../keystonemiddleware-2.3.1-r1.ebuild | 83 +++ |
14 |
.../keystonemiddleware-2.3.2-r1.ebuild | 88 +++ |
15 |
3 files changed, 767 insertions(+) |
16 |
|
17 |
diff --git a/dev-python/keystonemiddleware/files/CVE-2015-7546_2.3.2.patch b/dev-python/keystonemiddleware/files/CVE-2015-7546_2.3.2.patch |
18 |
new file mode 100644 |
19 |
index 0000000..fa20d32 |
20 |
--- /dev/null |
21 |
+++ b/dev-python/keystonemiddleware/files/CVE-2015-7546_2.3.2.patch |
22 |
@@ -0,0 +1,596 @@ |
23 |
+From 9167afaafc216c63fdc875e737bc379400e94059 Mon Sep 17 00:00:00 2001 |
24 |
+From: Brant Knudson <bknudson@××××××.com> |
25 |
+Date: Tue, 1 Dec 2015 16:08:00 -0600 |
26 |
+Subject: [PATCH] auth_token verify revocation by audit_id |
27 |
+ |
28 |
+If the revocation list includes audit_ids, then when doing offline |
29 |
+validation also validate the token isn't revoked by audit_id. |
30 |
+ |
31 |
+Backport notes: |
32 |
+- test_auth_token_middleware was refactored with commit 9cbd47b to |
33 |
+ check responses differently, so the test changed to use the old |
34 |
+ method. |
35 |
+- reno was not supported so the release note is removed. |
36 |
+ |
37 |
+Closes-Bug: 1490804 |
38 |
+Change-Id: I483bc57bd38eb81a0905bcaf94e4ea82604919d6 |
39 |
+(cherry picked from commit 96ab58e6863c92575ada57615b19652e502adfd8) |
40 |
+--- |
41 |
+ examples/pki/cms/auth_token_scoped.json | 5 +- |
42 |
+ examples/pki/cms/auth_token_scoped.pem | 148 ++++++++-------- |
43 |
+ examples/pki/cms/auth_token_scoped.pkiz | 2 +- |
44 |
+ examples/pki/cms/auth_v3_token_scoped.json | 3 + |
45 |
+ examples/pki/cms/auth_v3_token_scoped.pem | 190 +++++++++++---------- |
46 |
+ examples/pki/cms/auth_v3_token_scoped.pkiz | 2 +- |
47 |
+ keystonemiddleware/auth_token/__init__.py | 12 ++ |
48 |
+ keystonemiddleware/auth_token/_revocations.py | 22 +++ |
49 |
+ .../unit/auth_token/test_auth_token_middleware.py | 24 +++ |
50 |
+ .../tests/unit/auth_token/test_revocations.py | 47 ++++- |
51 |
+ 10 files changed, 281 insertions(+), 174 deletions(-) |
52 |
+ |
53 |
+diff --git a/examples/pki/cms/auth_token_scoped.json b/examples/pki/cms/auth_token_scoped.json |
54 |
+index 698e01d..cf18fa1 100644 |
55 |
+--- a/examples/pki/cms/auth_token_scoped.json |
56 |
++++ b/examples/pki/cms/auth_token_scoped.json |
57 |
+@@ -8,7 +8,10 @@ |
58 |
+ "enabled": true, |
59 |
+ "description": null, |
60 |
+ "name": "tenant_name1" |
61 |
+- } |
62 |
++ }, |
63 |
++ "audit_ids": [ |
64 |
++ "SLIXlXQUQZWUi9VJrqdXqA" |
65 |
++ ] |
66 |
+ }, |
67 |
+ "serviceCatalog": [ |
68 |
+ { |
69 |
+diff --git a/examples/pki/cms/auth_token_scoped.pem b/examples/pki/cms/auth_token_scoped.pem |
70 |
+index 4a5b3a2..68f5049 100644 |
71 |
+--- a/examples/pki/cms/auth_token_scoped.pem |
72 |
++++ b/examples/pki/cms/auth_token_scoped.pem |
73 |
+@@ -1,75 +1,77 @@ |
74 |
+ -----BEGIN CMS----- |
75 |
+-MIINhwYJKoZIhvcNAQcCoIINeDCCDXQCAQExCTAHBgUrDgMCGjCCC5QGCSqGSIb3 |
76 |
+-DQEHAaCCC4UEgguBew0KICAgICJhY2Nlc3MiOiB7DQogICAgICAgICJ0b2tlbiI6 |
77 |
+-IHsNCiAgICAgICAgICAgICJleHBpcmVzIjogIjIwMzgtMDEtMThUMjE6MTQ6MDda |
78 |
+-IiwNCiAgICAgICAgICAgICJpZCI6ICJwbGFjZWhvbGRlciIsDQogICAgICAgICAg |
79 |
+-ICAidGVuYW50Ijogew0KICAgICAgICAgICAgICAgICJpZCI6ICJ0ZW5hbnRfaWQx |
80 |
+-IiwNCiAgICAgICAgICAgICAgICAiZW5hYmxlZCI6IHRydWUsDQogICAgICAgICAg |
81 |
+-ICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAgICAgICAibmFt |
82 |
+-ZSI6ICJ0ZW5hbnRfbmFtZTEiDQogICAgICAgICAgICB9DQogICAgICAgIH0sDQog |
83 |
+-ICAgICAgICJzZXJ2aWNlQ2F0YWxvZyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAg |
84 |
+-ICAgICAgICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAg |
85 |
+-ICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAg |
86 |
+-ICAgICAgICAgICAgICAgICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6 |
87 |
+-ODc3Ni92MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAg |
88 |
+-ICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAg |
89 |
+-ICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4w |
90 |
+-LjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwN |
91 |
+-CiAgICAgICAgICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEy |
92 |
+-Ny4wLjAuMTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdh |
93 |
+-Ig0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAg |
94 |
+-ICAgICAgICAgICAgICAidHlwZSI6ICJ2b2x1bWUiLA0KICAgICAgICAgICAgICAg |
95 |
+-ICJuYW1lIjogInZvbHVtZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7 |
96 |
+-DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAg |
97 |
+-ICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsN |
98 |
+-CiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3 |
99 |
+-LjAuMC4xOjkyOTIvdjEiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lv |
100 |
+-biI6ICJyZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVy |
101 |
+-bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAg |
102 |
+-ICAgICAgICAgICAgICAicHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5 |
103 |
+-Mi92MSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0s |
104 |
+-DQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAg |
105 |
+-ICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAg |
106 |
+-ICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAg |
107 |
+-ICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAg |
108 |
+-IHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8v |
109 |
+-MTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2 |
110 |
+-NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lv |
111 |
+-bk9uZSIsDQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAi |
112 |
+-aHR0cDovLzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBm |
113 |
+-Y2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VS |
114 |
+-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVl |
115 |
+-OGE2MGZjZjg5YmI2NjE3YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAg |
116 |
+-ICAgICAgICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiY29tcHV0ZSIs |
117 |
+-DQogICAgICAgICAgICAgICAgIm5hbWUiOiAibm92YSINCiAgICAgICAgICAgIH0s |
118 |
+-DQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5r |
119 |
+-cyI6IFtdLA0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAg |
120 |
+-ICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVS |
121 |
+-TCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YyLjAiLA0KICAgICAgICAgICAg |
122 |
+-ICAgICAgICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiLA0KICAgICAgICAgICAg |
123 |
+-ICAgICAgICAgICAgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUz |
124 |
+-NTcvdjIuMCIsDQogICAgICAgICAgICAgICAgICAgICAgICAicHVibGljVVJMIjog |
125 |
+-Imh0dHA6Ly8xMjcuMC4wLjE6NTAwMC92Mi4wIg0KICAgICAgICAgICAgICAgICAg |
126 |
+-ICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAidHlwZSI6 |
127 |
+-ICJpZGVudGl0eSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAia2V5c3RvbmUi |
128 |
+-DQogICAgICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJ1c2VyIjogew0K |
129 |
+-ICAgICAgICAgICAgInVzZXJuYW1lIjogInVzZXJfbmFtZTEiLA0KICAgICAgICAg |
130 |
+-ICAgInJvbGVzX2xpbmtzIjogWw0KICAgICAgICAgICAgICAgICJyb2xlMSIsDQog |
131 |
+-ICAgICAgICAgICAgICAgInJvbGUyIg0KICAgICAgICAgICAgXSwNCiAgICAgICAg |
132 |
+-ICAgICJpZCI6ICJ1c2VyX2lkMSIsDQogICAgICAgICAgICAicm9sZXMiOiBbDQog |
133 |
+-ICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJy |
134 |
+-b2xlMSINCiAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgIHsNCiAg |
135 |
+-ICAgICAgICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIiDQogICAgICAgICAgICAg |
136 |
+-ICAgfQ0KICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJuYW1lIjogInVzZXJf |
137 |
+-bmFtZTEiDQogICAgICAgIH0NCiAgICB9DQp9DQoxggHKMIIBxgIBATCBpDCBnjEK |
138 |
+-MAgGA1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlT |
139 |
+-dW5ueXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUx |
140 |
+-JTAjBgkqhkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMT |
141 |
+-C1NlbGYgU2lnbmVkAgERMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAGFaC8Po |
142 |
+-svBez6wHfGxgqtX+Zk7kFH0xu/JA7fWp8L5e1k1q+wsSII/P6rATOXR8BSPwifat |
143 |
+-mKRan9kzerLeb3A5g07VphvHfVkDEVaeihi33bpt7140ELSKu/ogWQPtasjBM9Eb |
144 |
+-M9pS4N5NCtZ0erE5DgX//IRfrHFdZuhIbwlmei72692PV7Q70t/rbaH8ofIrH7Rz |
145 |
+-Z1Kuvj0+7tELgd52wy5YnU0e879OEj+2qUk30TvqRG9jdKxLSanmR/8dSA2eNNgO |
146 |
+-oHrtXc4EmpWFbP6yVxNwK3dQ6OvU4virV1YW5+De2ApLt+IeojaVPGnDPfsRvY5x |
147 |
+-t0eIwpDqkgvkRP8= |
148 |
++MIIN5QYJKoZIhvcNAQcCoIIN1jCCDdICAQExDTALBglghkgBZQMEAgEwggvqBgkq |
149 |
++hkiG9w0BBwGgggvbBIIL13sNCiAgICAiYWNjZXNzIjogew0KICAgICAgICAidG9r |
150 |
++ZW4iOiB7DQogICAgICAgICAgICAiZXhwaXJlcyI6ICIyMDM4LTAxLTE4VDIxOjE0 |
151 |
++OjA3WiIsDQogICAgICAgICAgICAiaWQiOiAicGxhY2Vob2xkZXIiLA0KICAgICAg |
152 |
++ICAgICAgInRlbmFudCI6IHsNCiAgICAgICAgICAgICAgICAiaWQiOiAidGVuYW50 |
153 |
++X2lkMSIsDQogICAgICAgICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0KICAgICAg |
154 |
++ICAgICAgICAgICJkZXNjcmlwdGlvbiI6IG51bGwsDQogICAgICAgICAgICAgICAg |
155 |
++Im5hbWUiOiAidGVuYW50X25hbWUxIg0KICAgICAgICAgICAgfSwNCiAgICAgICAg |
156 |
++ICAgICJhdWRpdF9pZHMiOiBbDQogICAgICAgICAgICAgICAgIlNMSVhsWFFVUVpX |
157 |
++VWk5VkpycWRYcUEiDQogICAgICAgICAgICBdDQogICAgICAgIH0sDQogICAgICAg |
158 |
++ICJzZXJ2aWNlQ2F0YWxvZyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAg |
159 |
++ICAgICAiZW5kcG9pbnRzX2xpbmtzIjogW10sDQogICAgICAgICAgICAgICAgImVu |
160 |
++ZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAg |
161 |
++ICAgICAgICAgICAgImFkbWluVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92 |
162 |
++MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAg |
163 |
++ICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIsDQogICAgICAgICAg |
164 |
++ICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4 |
165 |
++Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwNCiAgICAg |
166 |
++ICAgICAgICAgICAgICAgICAgICJwdWJsaWNVUkwiOiAiaHR0cDovLzEyNy4wLjAu |
167 |
++MTo4Nzc2L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIg0KICAg |
168 |
++ICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgXSwNCiAgICAgICAg |
169 |
++ICAgICAgICAidHlwZSI6ICJ2b2x1bWUiLA0KICAgICAgICAgICAgICAgICJuYW1l |
170 |
++IjogInZvbHVtZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7DQogICAg |
171 |
++ICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAgICAg |
172 |
++ICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAg |
173 |
++ICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAuMC4x |
174 |
++OjkyOTIvdjEiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJy |
175 |
++ZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVybmFsVVJM |
176 |
++IjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAgICAgICAg |
177 |
++ICAgICAgICAicHVibGljVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIN |
178 |
++CiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0sDQogICAg |
179 |
++ICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAgICAgICJu |
180 |
++YW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7DQog |
181 |
++ICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtdLA0KICAgICAgICAg |
182 |
++ICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAg |
183 |
++ICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJodHRwOi8vMTI3LjAu |
184 |
++MC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIs |
185 |
++DQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSIs |
186 |
++DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJuYWxVUkwiOiAiaHR0cDov |
187 |
++LzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJi |
188 |
++NjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInB1YmxpY1VSTCI6ICJo |
189 |
++dHRwOi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZj |
190 |
++Zjg5YmI2NjE3YSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAg |
191 |
++ICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiY29tcHV0ZSIsDQogICAg |
192 |
++ICAgICAgICAgICAgIm5hbWUiOiAibm92YSINCiAgICAgICAgICAgIH0sDQogICAg |
193 |
++ICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50c19saW5rcyI6IFtd |
194 |
++LA0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAg |
195 |
++ICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJhZG1pblVSTCI6ICJo |
196 |
++dHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YyLjAiLA0KICAgICAgICAgICAgICAgICAg |
197 |
++ICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiLA0KICAgICAgICAgICAgICAgICAg |
198 |
++ICAgICAgImludGVybmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIu |
199 |
++MCIsDQogICAgICAgICAgICAgICAgICAgICAgICAicHVibGljVVJMIjogImh0dHA6 |
200 |
++Ly8xMjcuMC4wLjE6NTAwMC92Mi4wIg0KICAgICAgICAgICAgICAgICAgICB9DQog |
201 |
++ICAgICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICAgICAidHlwZSI6ICJpZGVu |
202 |
++dGl0eSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAia2V5c3RvbmUiDQogICAg |
203 |
++ICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJ1c2VyIjogew0KICAgICAg |
204 |
++ICAgICAgInVzZXJuYW1lIjogInVzZXJfbmFtZTEiLA0KICAgICAgICAgICAgInJv |
205 |
++bGVzX2xpbmtzIjogWw0KICAgICAgICAgICAgICAgICJyb2xlMSIsDQogICAgICAg |
206 |
++ICAgICAgICAgInJvbGUyIg0KICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJp |
207 |
++ZCI6ICJ1c2VyX2lkMSIsDQogICAgICAgICAgICAicm9sZXMiOiBbDQogICAgICAg |
208 |
++ICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJyb2xlMSIN |
209 |
++CiAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgIHsNCiAgICAgICAg |
210 |
++ICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIiDQogICAgICAgICAgICAgICAgfQ0K |
211 |
++ICAgICAgICAgICAgXSwNCiAgICAgICAgICAgICJuYW1lIjogInVzZXJfbmFtZTEi |
212 |
++DQogICAgICAgIH0NCiAgICB9DQp9DQoxggHOMIIBygIBATCBpDCBnjEKMAgGA1UE |
213 |
++BRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZh |
214 |
++bGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkq |
215 |
++hkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYg |
216 |
++U2lnbmVkAgERMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQCgtkCXRzS8 |
217 |
++s7WjZCsKDhMt6q5JQIm7x6EMKCBaOABQG9EOVIAyqfoJDdjDtz9rZEPO3UVTpPkg |
218 |
++VjtA0QV97qT8bX55AcCkk7kBRDOKTtco5GOGwjMxL+GWbIwWiB7DKIP4RA6NLZtF |
219 |
++WxUbLBY+OgBSiayuHqSx+Rd08QC9oHf25wRkTNp3VFPxtAleDmASzdAoIafoS+FB |
220 |
++Po+9WuTaGdeya7S+ms4SSyXf9cdMKGv010R/aMINWUWaBrkB4wlespYLmKH/XzwS |
221 |
++pENRIdbI9XHEOYTWKqul5tucA3p21IA24ND6acl9CXHr3KeqXpRwclSZ38Kg/23T |
222 |
++92D+SowEjlGf |
223 |
+ -----END CMS----- |
224 |
+diff --git a/examples/pki/cms/auth_token_scoped.pkiz b/examples/pki/cms/auth_token_scoped.pkiz |
225 |
+index 34d7706..cbfc082 100644 |
226 |
+--- a/examples/pki/cms/auth_token_scoped.pkiz |
227 |
++++ b/examples/pki/cms/auth_token_scoped.pkiz |
228 |
+@@ -1 +1 @@ |
229 |
+-PKIZ_eJylVst2ozgU3OsrZp_Tx4CNY5biaRFLGMx7ZyDGYMBObJ5fPwInpyedzkxmhhUIqVS36t4r_fhBH1HREPlDwrvx4wfACK1bM9CfziE6NjGBZiyd6dg1lyRxuZCgqXSSDddi6rzKKZa0cTxeaNLuRduhaA5kU1nDPR2MVkqaeo_PvX4MOFLEc5wZmfiIKvpehZeAc-XAt46RJlQoP6fe_JpFpXoD4Q4tkaRzEdexkedkGwlmocefYk24RJU1vE8OPOu293jXObUUGGb7tcXE8rkBm0HpSb9oNzmssX1ekCHmNvOg2wwBE-RhibkwCzjM4sEciOcsAjtow5KUhlxkQR5wANvJEWVtiiq9CLmiibKJUR96ySXi-G1U3lnR3ZnQ1-vA6z6wACON_8MCjDR-shDZoOwuAevubGlick7WVmtkqwbbaD5tIC06I0_nZAiaJFcaQHIrI2UwhKWeB4MzEBmzoX08klwsAy5YGJ6ekTzoCKdkB5e5UlDm2ReLUVxUhQ2I1u6NOjH-KKLSaiOuqJM1OURaUe_vVka-Txeu77a9uVZFmloHnJOBf2vbL3rxAOenfhTsvzoBvkL-CPy1uOCjuqfesNGo7mfByuIWeEkxAZZuHa7FZmQEYla40pfXuKfI6i057NqU1gOlyb4t5JukVL5McfBNscbkYqbkot7_1XrwT96PO8elW-09ob57_yb0SahH-wGNc6RUxCV_jNTvZKA5alTj3YojGuJAmFMyJcmJjRk8uIWhKRzWwjzMUz4oEUdyZR7cE61NPJ3qRb5VTL-N93fhgr_N9ZI0kS-yifa50fhcd4nK2wAmO1hW2Ei0fY060K400eNcPp5bzXsWfpXu4BsWDlQflvQCh7NF-2vKjy7svtt9fgcOPqN_t6k4LZZhA5Ic0QFd8HfjYouPtTcNPKug8V6S9elLAUctwCjg2-KGCjdlG62F4nktXmgGTpNQjlo8pDcsKzdsHx2cK0tsm0s |
230 |
sJ3twp013K9U6GSnTzkN3O9IwinD6tvrEc0Z7fxbY-3xVqME4iO-Zdgp9ksdl0SbaW1PReDbS2vHfJbzrwYzgNIzD3jM7VDH3Wnj72dI-l4fesYk0WhuZLoyxJz492rI7s7gUrnSTD_0SUE_pAue9pY3vPSqYXyi7A7X1MDVV-71CRzCcgRHlQwN5B6w-deKenp8Fzt4dm0DvGny1C41zsnQKoxAuoUzrxWcFHCCxp8c8jAMJ0PO_Tfdmm4aLTsohElPiitCxoe100gD1-3dgw8K1sXltJTOQXdNESqvLpq3sABahBllHETusO3O3jqqCoylcYAu1CpwmPyltsY01t3bmFr07XDvFhts78NUGknIrnn3C0Fqgdjotav96WzmJ6jF8Df1iSDTawhyxGYHiO1AdzfUKYMtslXTaSVbamx16XYlUcgkpYEgjUj5cbyAR09PL8ZRpQsuINHwVQLij9yBp74o5-3C9beMjRm4RGubu5K2F9HGJocPh_HJ7OM-zk36Nb-eHw2sxnGZ74rvrAqi2wSpx1jJyNWd7CHM1LftoqJiSh-nGUy32Js_OzhI1jmuXPJJmF9hh5aytDpquHbdgGGbIvIVPr71BcFdDy7fk2ZFJ92m33szIIMlu-IIEf-UzJFJOwolZRZ1hz-ONETD7_AwstzFmO7fpltxy63KH5wd0qXbBIt7HrOs-YWgF-_PT7CF9KnouPykraZg9YN1WOdW_7O0ckPm5UMNs268OL8QpD24qFNvu8eHFEjtI2uct79Qmn3P8cWWacap2kXw1ZCHP4Gzj16QE2-r1YrVQqwweOk_ybmMdDF83-GVNIJjuogqRf95L_wRcTpJ3 |
231 |
+\ No newline at end of file |
232 |
++PKIZ_eJylVkuXojgY3edXzL5OnwLUKlnMgrdBwAJDgOx4KK-gVimC_PoJWFVdM93z6DNuNEFu7nfv98i3b-wjawZ0flPs7bj4BmwIV8s8MtdHAotr6khuqhzZ3nxQFFlcKpKr9SqSLDmneVHnMnFtTcq1Ls_DmZzXr6CoS0PsOFnujJxtHmUI9cXqXEaBU5HQGWB1zHc3k0uEC01K-ATZMxIWXRyaNL3BJwAVeLNVe24hqbeQNscq7DeVxm0qaRaU8AwV80QU9qJidomhVyQoronh0fT-jAMkWBTJwS03pfwMG9xGgXkmwbTm0gOmliKV8bSWyswYny-4UKC1vZ0AWhAFPB1pwoNHk0ZvM11sx733P9QsjCptaJcZ9DqFYCz4xOjFETgKcQ3i0NvHgTfFGtxMhDQaJXrhYazHmMenDSbr9KDXwUqXIeWnF1MB37KGVsR3CpAZ-jkR0pFywsRiLLwuEWibreyPvYIY_CmheIvuWhyzlddtyuXVRnAGrEpqbWXOhMtnzhBds0q7OpVXOk00kMasosEfHNXmCSoKp5KbSIjmm8AsnSrqHUErwUSpwYc4ENu7FiYlAou3Flty1-GUMH3Shomt_8gCjDT-Dwsw0phYrHCZGLTC2LQnJk3BZSvpybote7tKxwM6q9KeNmo6c0pRsLdLwTGgAEjFzmmcykE2Zw-YbgxNsA1SkSpfRA0UnEqbRVtTDLddPuYJWcnXmOVCyotn9v0GxnSE-iUbWWQr2rG4xxiFROj5JPAndiw_Ln_d3zPA0TXwq7Z916u-bRC8AiZY-X-cAH-H_An8L-KCT3URXNiTun8v2M_0AhO9QD-8U20_i6vJzqzyKsIALeVeqZ-AdyC2p9cgCWj7n7xXRnbz3hoiLqpIYwukjASbB_bgDk7gzyMUdaRxmo1Ky6hij1BWwLL7Lmg5CXcjQXZKhMVL0twtBiMlEo7Ue-zX3dQ44pXHperxag3azbmNLJjA6Dh3hpS |
233 |
zZlFvfUl18F8q7p_cAL8S78_CBZ_xHvjJHtYj69QQx8QZQqE_Jc3l3q14bmqiu1B-d8m5JqHMs470Q763yYwwQPbC2MK_AE5As7Hlexem3aQZ-AfRBlahvHNj4ZTz7ieObEdHwFdLfsGRT3DwHV3mo6Y_Rfy_VaHf2arEagWytSmCX8n7aUqx4cJmBLf7YbA0F7oLHTYDF_TDkSx0xhE2zcPp91jOrJlMU2pcU_EO8D6Fbqzb0D8zOLM-IZ4J-ugZ429Y3lnTejwYwAMemHBsOrn9u9JseOJPy77YOx1gf1bnnc1k4wfyHnN_Lul38AmEsdiHvGhHUB4qRZHS43h36EAeu11O5r1SSVDOHSxLPpKQ3yuDZN7XEZIoRrZ77hQ3UrHrQq0zVRdpW1uWDCDxvib3tunPcJscqMBygNoe7DRp-vNa6-hLypT3Z14RCedeQ9LLHfiMFO1CwYfy9tbvYPf1qlPLekHeSEiHzGDN1ZevI1B6B2Lpbh5sz-2Alk8nqVp3QSToG6g7J8IACYtI-8ndSHW_HqLJQHYlLc81aX3lauEoClh6VuT6CVmW_Xx4cUKMVpistrF-8znERbl2fHvMwv1Zg7ipXuENxJolYFGlM8EwxIGkw0pI51zZPri711NwFfOy9-h2eDMzXGe6HAtPSqjDtyZSZq0lXBUA-dVBNQ9FszxyDqe-1DG0sq2P0nb_-vCoLDptv3s43RpcnC1-vVPWh6J_uR7D1-xVklHsgVJt1t5DSq3mbKql9HradSuMTCoWQ_HywKdLk7-01l5nbWlbqI8WXjxrwgYhdFwe0MF9AUVO9lb9XD9JQ2Ku-TjaCYawm8_np5i1w2pmP9qSdKH5rttzT12SxPlSXOs3xXe0U6N6BnD2jNsSSlK1ffBnwirm-se3_a7NcLsk-e-_g-lCqznq98vtH9MPoOI= |
234 |
+\ No newline at end of file |
235 |
+diff --git a/examples/pki/cms/auth_v3_token_scoped.json b/examples/pki/cms/auth_v3_token_scoped.json |
236 |
+index 082c1b1..9020745 100644 |
237 |
+--- a/examples/pki/cms/auth_v3_token_scoped.json |
238 |
++++ b/examples/pki/cms/auth_v3_token_scoped.json |
239 |
+@@ -1,5 +1,8 @@ |
240 |
+ { |
241 |
+ "token": { |
242 |
++ "audit_ids": [ |
243 |
++ "SLIXlXQUQZWUi9VJrqdXqA" |
244 |
++ ], |
245 |
+ "methods": [ |
246 |
+ "password" |
247 |
+ ], |
248 |
+diff --git a/examples/pki/cms/auth_v3_token_scoped.pem b/examples/pki/cms/auth_v3_token_scoped.pem |
249 |
+index e11cf03..e83e7a0 100644 |
250 |
+--- a/examples/pki/cms/auth_v3_token_scoped.pem |
251 |
++++ b/examples/pki/cms/auth_v3_token_scoped.pem |
252 |
+@@ -1,98 +1,100 @@ |
253 |
+ -----BEGIN CMS----- |
254 |
+-MIIR5gYJKoZIhvcNAQcCoIIR1zCCEdMCAQExCTAHBgUrDgMCGjCCD/MGCSqGSIb3 |
255 |
+-DQEHAaCCD+QEgg/gew0KICAgICJ0b2tlbiI6IHsNCiAgICAgICAgIm1ldGhvZHMi |
256 |
+-OiBbDQogICAgICAgICAgICAicGFzc3dvcmQiDQogICAgICAgIF0sDQogICAgICAg |
257 |
+-ICJyb2xlcyI6IFsNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAibmFt |
258 |
+-ZSI6ICJyb2xlMSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAgICB7DQogICAg |
259 |
+-ICAgICAgICAgICAgIm5hbWUiOiAicm9sZTIiDQogICAgICAgICAgICB9DQogICAg |
260 |
+-ICAgIF0sDQogICAgICAgICJleHBpcmVzX2F0IjogIjIwMzgtMDEtMThUMjE6MTQ6 |
261 |
+-MDdaIiwNCiAgICAgICAgInByb2plY3QiOiB7DQogICAgICAgICAgICAiaWQiOiAi |
262 |
+-dGVuYW50X2lkMSIsDQogICAgICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAg |
263 |
+-ICAgICAgICJpZCI6ICJkb21haW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFt |
264 |
+-ZSI6ICJkb21haW5fbmFtZTEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAg |
265 |
+-ImVuYWJsZWQiOiB0cnVlLA0KICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogbnVs |
266 |
+-bCwNCiAgICAgICAgICAgICJuYW1lIjogInRlbmFudF9uYW1lMSINCiAgICAgICAg |
267 |
+-fSwNCiAgICAgICAgImNhdGFsb2ciOiBbDQogICAgICAgICAgICB7DQogICAgICAg |
268 |
+-ICAgICAgICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0K |
269 |
+-ICAgICAgICAgICAgICAgICAgICAgICAgImludGVyZmFjZSI6ICJhZG1pbiIsDQog |
270 |
+-ICAgICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6 |
271 |
+-ODc3Ni92MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAg |
272 |
+-ICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAg |
273 |
+-ICAgICAgICAgICAgICAgfSwNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAg |
274 |
+-ICAgICAgICAgICAgICAgICAgImludGVyZmFjZSI6ICJpbnRlcm5hbCIsDQogICAg |
275 |
+-ICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3 |
276 |
+-Ni92MS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAg |
277 |
+-ICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAg |
278 |
+-ICAgICAgICAgICAgfSwNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAg |
279 |
+-ICAgICAgICAgICAgICAgImludGVyZmFjZSI6ICJwdWJsaWMiLA0KICAgICAgICAg |
280 |
+-ICAgICAgICAgICAgICAgInVybCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEv |
281 |
+-NjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAg |
282 |
+-ICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdpb25PbmUiDQogICAgICAgICAgICAg |
283 |
+-ICAgICAgIH0NCiAgICAgICAgICAgICAgICBdLA0KICAgICAgICAgICAgICAgICJ0 |
284 |
+-eXBlIjogInZvbHVtZSIsDQogICAgICAgICAgICAgICAgIm5hbWUiOiAidm9sdW1l |
285 |
+-Ig0KICAgICAgICAgICAgfSwNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAg |
286 |
+-ICAiZW5kcG9pbnRzIjogWw0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAg |
287 |
+-ICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogImFkbWluIiwNCiAgICAgICAg |
288 |
+-ICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3Yx |
289 |
+-IiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24iOiAicmVnaW9uT25l |
290 |
+-Ig0KICAgICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7 |
291 |
+-DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogImludGVybmFs |
292 |
+-IiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEyNy4w |
293 |
+-LjAuMTo5MjkyL3YxIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24i |
294 |
+-OiAicmVnaW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAg |
295 |
+-ICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNl |
296 |
+-IjogInB1YmxpYyIsDQogICAgICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0 |
297 |
+-dHA6Ly8xMjcuMC4wLjE6OTI5Mi92MSIsDQogICAgICAgICAgICAgICAgICAgICAg |
298 |
+-ICAicmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAgICAgICAgICAgICAgfQ0K |
299 |
+-ICAgICAgICAgICAgICAgIF0sDQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1h |
300 |
+-Z2UiLA0KICAgICAgICAgICAgICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAg |
301 |
+-ICAgIH0sDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50 |
302 |
++MIISOAYJKoZIhvcNAQcCoIISKTCCEiUCAQExDTALBglghkgBZQMEAgEwghA9Bgkq |
303 |
++hkiG9w0BBwGgghAuBIIQKnsNCiAgICAidG9rZW4iOiB7DQogICAgICAgICJhdWRp |
304 |
++dF9pZHMiOiBbDQogICAgICAgICAgICAiU0xJWGxYUVVRWldVaTlWSnJxZFhxQSIN |
305 |
++CiAgICAgICAgXSwNCiAgICAgICAgIm1ldGhvZHMiOiBbDQogICAgICAgICAgICAi |
306 |
++cGFzc3dvcmQiDQogICAgICAgIF0sDQogICAgICAgICJyb2xlcyI6IFsNCiAgICAg |
307 |
++ICAgICAgIHsNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJyb2xlMSINCiAgICAg |
308 |
++ICAgICAgIH0sDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgIm5hbWUi |
309 |
++OiAicm9sZTIiDQogICAgICAgICAgICB9DQogICAgICAgIF0sDQogICAgICAgICJl |
310 |
++eHBpcmVzX2F0IjogIjIwMzgtMDEtMThUMjE6MTQ6MDdaIiwNCiAgICAgICAgInBy |
311 |
++b2plY3QiOiB7DQogICAgICAgICAgICAiaWQiOiAidGVuYW50X2lkMSIsDQogICAg |
312 |
++ICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAgICAgICAgICJpZCI6ICJkb21h |
313 |
++aW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFtZSI6ICJkb21haW5fbmFtZTEi |
314 |
++DQogICAgICAgICAgICB9LA0KICAgICAgICAgICAgImVuYWJsZWQiOiB0cnVlLA0K |
315 |
++ICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogbnVsbCwNCiAgICAgICAgICAgICJu |
316 |
++YW1lIjogInRlbmFudF9uYW1lMSINCiAgICAgICAgfSwNCiAgICAgICAgImNhdGFs |
317 |
++b2ciOiBbDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50 |
318 |
+ cyI6IFsNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAg |
319 |
+ ICAgICAgImludGVyZmFjZSI6ICJhZG1pbiIsDQogICAgICAgICAgICAgICAgICAg |
320 |
+-ICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2Zi |
321 |
+-Y2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwNCiAgICAgICAgICAgICAgICAgICAg |
322 |
+-ICAgICJyZWdpb24iOiAicmVnaW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9 |
323 |
+-LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAg |
324 |
+-ICAiaW50ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAgICAgICAgICAgICAg |
325 |
+-ICAgICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJj |
326 |
+-YzUzNDM1ZThhNjBmY2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAg |
327 |
+-ICAgInJlZ2lvbiI6ICJyZWdpb25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0s |
328 |
+-DQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAg |
329 |
+-ICJpbnRlcmZhY2UiOiAicHVibGljIiwNCiAgICAgICAgICAgICAgICAgICAgICAg |
330 |
+-ICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUz |
331 |
+-NDM1ZThhNjBmY2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAg |
332 |
+-InJlZ2lvbiI6ICJyZWdpb25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAg |
333 |
+-ICAgICAgICAgICAgICBdLA0KICAgICAgICAgICAgICAgICJ0eXBlIjogImNvbXB1 |
334 |
+-dGUiLA0KICAgICAgICAgICAgICAgICJuYW1lIjogIm5vdmEiDQogICAgICAgICAg |
335 |
+-ICB9LA0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMi |
336 |
+-OiBbDQogICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAg |
337 |
+-ICAgICJpbnRlcmZhY2UiOiAiYWRtaW4iLA0KICAgICAgICAgICAgICAgICAgICAg |
338 |
+-ICAgInVybCI6ICJodHRwOi8vMTI3LjAuMC4xOjM1MzU3L3YzIiwNCiAgICAgICAg |
339 |
+-ICAgICAgICAgICAgICAgICJyZWdpb24iOiAiUmVnaW9uT25lIg0KICAgICAgICAg |
340 |
+-ICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAg |
341 |
+-ICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAg |
342 |
+-ICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTozNTM1Ny92 |
343 |
+-MyIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogIlJlZ2lvbk9u |
344 |
+-ZSINCiAgICAgICAgICAgICAgICAgICAgfSwNCiAgICAgICAgICAgICAgICAgICAg |
345 |
+-ew0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVyZmFjZSI6ICJwdWJsaWMi |
346 |
+-LA0KICAgICAgICAgICAgICAgICAgICAgICAgInVybCI6ICJodHRwOi8vMTI3LjAu |
347 |
+-MC4xOjUwMDAvdjMiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6 |
348 |
+-ICJSZWdpb25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAg |
349 |
+-ICAgICBdLA0KICAgICAgICAgICAgICAgICJ0eXBlIjogImlkZW50aXR5IiwNCiAg |
350 |
+-ICAgICAgICAgICAgICAibmFtZSI6ICJrZXlzdG9uZSINCiAgICAgICAgICAgIH0N |
351 |
+-CiAgICAgICAgXSwNCiAgICAgICAgInVzZXIiOiB7DQogICAgICAgICAgICAiZG9t |
352 |
+-YWluIjogew0KICAgICAgICAgICAgICAgICJpZCI6ICJkb21haW5faWQxIiwNCiAg |
353 |
+-ICAgICAgICAgICAgICAibmFtZSI6ICJkb21haW5fbmFtZTEiDQogICAgICAgICAg |
354 |
+-ICB9LA0KICAgICAgICAgICAgIm5hbWUiOiAidXNlcl9uYW1lMSIsDQogICAgICAg |
355 |
+-ICAgICAiaWQiOiAidXNlcl9pZDEiDQogICAgICAgIH0NCiAgICB9DQp9DQoxggHK |
356 |
+-MIIBxgIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgT |
357 |
+-AkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8G |
358 |
+-A1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFj |
359 |
+-ay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgERMAcGBSsOAwIaMA0GCSqGSIb3 |
360 |
+-DQEBAQUABIIBAMq7ffe3ft88hD0EXJfWqkoEGcnal6NmTuLAiCOeQjDxR5TEIx0x |
361 |
+-HanKHWAG7Ko/97KgKAAFwOq3hhnbbKbKq7Z3brUNPXNRwBd3RusUrsLQOWwwKAsF |
362 |
+-acD8a4XXx6oC8dTsuFivDtMNb1JvBRIWcZXznOtn/bkFcvVhOQ+Af93c9xPBUpMq |
363 |
+-1667DbVKWRJEsMrcf5r7wYRQBtAKZU3CAjbNDighdTJWwF7TIWZycnF3OHYmu5J2 |
364 |
+-wvcuB8ex+xRvf1lw1qnb3lC43A4M1KqhnHPpWUrpmAFnzAcYwc7ts2iCqD/UwVBP |
365 |
+-YcXU8kk8bY6leNJKR9xjHcIfW8SnREZVbXA= |
366 |
++ICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92MS82NGI2ZjNmYmNj |
367 |
++NTM0MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAg |
368 |
++ICAicmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAgICAgICAgICAgICAgfSwN |
369 |
++CiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAg |
370 |
++ImludGVyZmFjZSI6ICJpbnRlcm5hbCIsDQogICAgICAgICAgICAgICAgICAgICAg |
371 |
++ICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6ODc3Ni92MS82NGI2ZjNmYmNjNTM0 |
372 |
++MzVlOGE2MGZjZjg5YmI2NjE3YSIsDQogICAgICAgICAgICAgICAgICAgICAgICAi |
373 |
++cmVnaW9uIjogInJlZ2lvbk9uZSINCiAgICAgICAgICAgICAgICAgICAgfSwNCiAg |
374 |
++ICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgImlu |
375 |
++dGVyZmFjZSI6ICJwdWJsaWMiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInVy |
376 |
++bCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh |
377 |
++NjBmY2Y4OWJiNjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lv |
378 |
++biI6ICJyZWdpb25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAg |
379 |
++ICAgICAgICBdLA0KICAgICAgICAgICAgICAgICJ0eXBlIjogInZvbHVtZSIsDQog |
380 |
++ICAgICAgICAgICAgICAgIm5hbWUiOiAidm9sdW1lIg0KICAgICAgICAgICAgfSwN |
381 |
++CiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAiZW5kcG9pbnRzIjogWw0K |
382 |
++ICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAi |
383 |
++aW50ZXJmYWNlIjogImFkbWluIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1 |
384 |
++cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwNCiAgICAgICAgICAgICAg |
385 |
++ICAgICAgICAgICJyZWdpb24iOiAicmVnaW9uT25lIg0KICAgICAgICAgICAgICAg |
386 |
++ICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAg |
387 |
++ICAgICAgICAiaW50ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAgICAgICAg |
388 |
++ICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwNCiAg |
389 |
++ICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24iOiAicmVnaW9uT25lIg0KICAg |
390 |
++ICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAgICAgICB7DQogICAg |
391 |
++ICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogInB1YmxpYyIsDQogICAg |
392 |
++ICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6Ly8xMjcuMC4wLjE6OTI5 |
393 |
++Mi92MSIsDQogICAgICAgICAgICAgICAgICAgICAgICAicmVnaW9uIjogInJlZ2lv |
394 |
++bk9uZSINCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIF0s |
395 |
++DQogICAgICAgICAgICAgICAgInR5cGUiOiAiaW1hZ2UiLA0KICAgICAgICAgICAg |
396 |
++ICAgICJuYW1lIjogImdsYW5jZSINCiAgICAgICAgICAgIH0sDQogICAgICAgICAg |
397 |
++ICB7DQogICAgICAgICAgICAgICAgImVuZHBvaW50cyI6IFsNCiAgICAgICAgICAg |
398 |
++ICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgImludGVyZmFjZSI6 |
399 |
++ICJhZG1pbiIsDQogICAgICAgICAgICAgICAgICAgICAgICAidXJsIjogImh0dHA6 |
400 |
++Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODli |
401 |
++YjY2MTdhIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJyZWdpb24iOiAicmVn |
402 |
++aW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9LA0KICAgICAgICAgICAgICAg |
403 |
++ICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50ZXJmYWNlIjogImlu |
404 |
++dGVybmFsIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDov |
405 |
++LzEyNy4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJi |
406 |
++NjYxN2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdp |
407 |
++b25PbmUiDQogICAgICAgICAgICAgICAgICAgIH0sDQogICAgICAgICAgICAgICAg |
408 |
++ICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnRlcmZhY2UiOiAicHVi |
409 |
++bGljIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovLzEy |
410 |
++Ny4wLjAuMTo4Nzc0L3YxLjEvNjRiNmYzZmJjYzUzNDM1ZThhNjBmY2Y4OWJiNjYx |
411 |
++N2EiLA0KICAgICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJyZWdpb25P |
412 |
++bmUiDQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBdLA0K |
413 |
++ICAgICAgICAgICAgICAgICJ0eXBlIjogImNvbXB1dGUiLA0KICAgICAgICAgICAg |
414 |
++ICAgICJuYW1lIjogIm5vdmEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAg |
415 |
++ew0KICAgICAgICAgICAgICAgICJlbmRwb2ludHMiOiBbDQogICAgICAgICAgICAg |
416 |
++ICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICJpbnRlcmZhY2UiOiAi |
417 |
++YWRtaW4iLA0KICAgICAgICAgICAgICAgICAgICAgICAgInVybCI6ICJodHRwOi8v |
418 |
++MTI3LjAuMC4xOjM1MzU3L3YzIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJy |
419 |
++ZWdpb24iOiAiUmVnaW9uT25lIg0KICAgICAgICAgICAgICAgICAgICB9LA0KICAg |
420 |
++ICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICAiaW50 |
421 |
++ZXJmYWNlIjogImludGVybmFsIiwNCiAgICAgICAgICAgICAgICAgICAgICAgICJ1 |
422 |
++cmwiOiAiaHR0cDovLzEyNy4wLjAuMTozNTM1Ny92MyIsDQogICAgICAgICAgICAg |
423 |
++ICAgICAgICAgICAicmVnaW9uIjogIlJlZ2lvbk9uZSINCiAgICAgICAgICAgICAg |
424 |
++ICAgICAgfSwNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAg |
425 |
++ICAgICAgICAgImludGVyZmFjZSI6ICJwdWJsaWMiLA0KICAgICAgICAgICAgICAg |
426 |
++ICAgICAgICAgInVybCI6ICJodHRwOi8vMTI3LjAuMC4xOjUwMDAvdjMiLA0KICAg |
427 |
++ICAgICAgICAgICAgICAgICAgICAgInJlZ2lvbiI6ICJSZWdpb25PbmUiDQogICAg |
428 |
++ICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICBdLA0KICAgICAgICAg |
429 |
++ICAgICAgICJ0eXBlIjogImlkZW50aXR5IiwNCiAgICAgICAgICAgICAgICAibmFt |
430 |
++ZSI6ICJrZXlzdG9uZSINCiAgICAgICAgICAgIH0NCiAgICAgICAgXSwNCiAgICAg |
431 |
++ICAgInVzZXIiOiB7DQogICAgICAgICAgICAiZG9tYWluIjogew0KICAgICAgICAg |
432 |
++ICAgICAgICJpZCI6ICJkb21haW5faWQxIiwNCiAgICAgICAgICAgICAgICAibmFt |
433 |
++ZSI6ICJkb21haW5fbmFtZTEiDQogICAgICAgICAgICB9LA0KICAgICAgICAgICAg |
434 |
++Im5hbWUiOiAidXNlcl9uYW1lMSIsDQogICAgICAgICAgICAiaWQiOiAidXNlcl9p |
435 |
++ZDEiDQogICAgICAgIH0NCiAgICB9DQp9DQoxggHOMIIBygIBATCBpDCBnjEKMAgG |
436 |
++A1UEBRMBNTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5u |
437 |
++eXZhbGUxEjAQBgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAj |
438 |
++BgkqhkiG9w0BCQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1Nl |
439 |
++bGYgU2lnbmVkAgERMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBBvzoh |
440 |
++0iSPMQhuRCAtTG3cPhyewvf554MPjbGQnu8mYmmfyxl7gMmWkTAmyckAsSv4mS6/ |
441 |
++4SQj9WCn4T1lFkhUz7WWjCwt6fWWp3mzF8Nl/kMsJKDwlxDGbPzsyewXIUsw11sz |
442 |
++q/Qxs7qGxQ1vYWnaWQ3hC3oZw7cOswKRJicdP439iVPvfqR9CDbK55sPP+ewZRgQ |
443 |
++YJ3Uc/xDizxepudFJj9+VHKceA37/sVK0ataNe2uHLHwVBYPwOppMckP169QBw8x |
444 |
++QYh9h+kcOAyZ5psiUzCpLKnlMiYDrVcTGxnTeiVHxKXxj/MERNhR1Y4lEr0ZHJ+p |
445 |
++Y6p3FBP2VUCefaRh |
446 |
+ -----END CMS----- |
447 |
+diff --git a/examples/pki/cms/auth_v3_token_scoped.pkiz b/examples/pki/cms/auth_v3_token_scoped.pkiz |
448 |
+index d687c03..74f8f63 100644 |
449 |
+--- a/examples/pki/cms/auth_v3_token_scoped.pkiz |
450 |
++++ b/examples/pki/cms/auth_v3_token_scoped.pkiz |
451 |
+@@ -1 +1 @@ |
452 |
+-PKIZ_eJy9V8lyo0gQvddXzN3RYUCgNoc-FItYTCGBEEvdWCwWscjWwvL1UyDJ3W577J6YiFGEDlUFmS_zvcxKvn0jP0FWNPMvEa3HxTeANE1X2kB_bLCWnWMTWrHYkD1JEkXRSkVoyZ3oQFVINy9SikSlEEWhTxVx_aystWgGJEtWYUg2u52cprH71OtUxBzLKNfmmnrIY1U_h5VbJOJljRX-GHjlSSualDx7AoFHl-NCq-xz5C32Ucmfxj201g6aqO_x-KKo7yKGzkKP24ae1Wk1NZ6VUbXIQaS4u9FAouo0XrfEEJdF3iZf5jBPFJcY4yifmfY6LR_P7TJmzD70BSr0-BMYX45q9xCJ42E5GdNqe7R-Shb8Hktyvh0N1_qZOBvGc292yMn5Ea-1OSBQ-ojpCGSdN0Th-68I4oo_YEfLt-4E-Yh9u4kY-2Kk19vANweQMHyPRT0xRJhjP2tDXy9jms-mpIlajyTEGg7sDEdmXUnrloVMLQs48_IpRwUIfDuLFL7-HRo5ZAgyekQzGfe4Xazw-6i2X8NIfP0ALgxkVKLCudE_dKiIT0hkW6OQ50spnpk5z6D1A2MqGoMLswoqszAdRKHBLZeKzACk4AIXKRdUGmMW8iy40kc8lXGFs4C55CPw7GPosROauHLrkYHROSDZLTFTnqMdf8K3RNZuH134bxLVbpf5wxk52swo4IiO5CGdmUNwTgr5DMzCzgmwAVd6EQybwZQQjZ0sMwuhCpiAXXp6bhZBZzLy5J2IicK-XgWeWV4QVOWJCKYnyTtMQrkhyicEPfaSfcRwq6jaTHog8qXjqp3CClWbArHUnI1B7s1-TByB6DSsOcSMMQs6YwiooMAVYnAeMIhGgzWY3oYNnKDFlVktpTIHQUGOnCS7yPSCBleL4kplm3j6IfTQu-TdkIJb8vxJrjYXK9c6ICpMxkIbC0d9o486UhankZ3RKPgngXyqD0fj0KQP7QD-DecfUQ6-5nz |
453 |
XE48j5_8fjRwiXkca_4QZ8FmMvzMTenSGmVckU-u7ViN3Tir507L9J1bAa9mKIy3sH6nvV_GBD2LMsELvo0vHuSaRvba4S7gOw70KDHwpmi_Qgc_gfYDuKjrSeMULQvAVxK8Qgv-SwBEh-Lfl-7tGwE0kAcMfY9Wl8AcXTMi4XDwjd2f1vsWDPy1hNPZLJyZFhd4UFbhVlVYtdtF4bb8vqPVnBQXGivqgoIg3RJs9SW7_8T1xRTDOB-37hJV_fleAn41j0yIJvovxNcRaoIOq2wf9W4mDEc7mjYDo6aZO1LK9qQ-TQSNRSurplT53wL5GQhlb2m20uc5Ev3Tf17Fm2nNuLc2acnCblYDPlLvLcAF_fZmOGbd_O9rcppfRu36dlWgebB1FhHHTpqmqwFQWkKbsyP8JWU0rwkByLWshtzKNrEMrWtNakVvd3QyygeBOAZDeyKKARIuSO7mAlpCargBjR3RNOqo4LiHNlsBfIwEq07MZ0p2ZUEalSZEEvwBky63UTpYNuc0M7JdDohD6HLlEInodKMk8qUM78H7K2oURMQSi-mLJqMisNMgbJGiTJ9ghY8O4B5wLTuglJ-xZIiTOhDZYPLasBLOmlaxABz9HXFkQLEimVRnmJ3OlLmcvbKSdqMYrmzCrm95WXJ12CpbiH4Ln1O5ZzC2aZ6DndyU-zU7DXS1QL_Ndjdd-JsAIqbs9v3To5N5fB9zLshOf-uql6beRHX3H4Xy_hxWW6AqsHh-d7_NktVXtxxXTR2yhoe3cWAcs_bxqnxTBqRUha-onmROWuZpIXC05Em0v1vaB1bI50P2ZKjyrfXi33B4XFO47K4lXsKyFx7vW2Id3ZyKK9OUQMH7ztHPNY-vcQ38ZZliW5ORlDQYlpPYnVmg1NNNgWvIzt33g7oXy0LVwkMU8rNSu3g6ORWFa9GAxHL1NWqSxkdqqeL4HK0GEBs73RVma-_uGClnlMehWZR49Gdvvq8UiiqvZ1jZ0 |
454 |
-OMHmD4xZFP6-bnxN6RCLsw= |
455 |
+\ No newline at end of file |
456 |
++PKIZ_eJy9V0tzozoT3etX3H1qKoBNEhbfgpexMJKNjXloZyDmJWwnNs9f_wnsSWYyuXUzc6uuq7yQQN2n-_RpNd--sZ-iGxD_paLNsPgGEISmIwfm4khgWkdYtiP1yPZWjqqqTqHKtt5qjmwpCU3SIlGIjXQ50ZskiddKUryAtMgMqeEUpTEStqkqEM5Xh3MWG9Ir8abZMlMeYcnT2EhrMkfDOoQHJY0meBJOzAJAyp2hanah0NKogw9wdmEHxDT0tuxlOYtK6UwcPdtvmuS5M6vA4ynMjwk8mHVobDsAD3xsqXJG_LTZ-SaNeCmNVWZIhR3S0NRy5NZy9KmrwXaZ69wylydeBgenDTP-AoiHucEis16EAp_u3mDTYvRUruvQm51CKp2IpmeDs7CcXchmcMJCuB4S9-PmDSosXQbVPBPPHoxx0cGlw8HduJZZfobnIucLtABoM8L5IbY1ZcaqeCaNe7fnBfFxHpW0iQ1ahxnzboh8aLQSGCwHwowLvLYmb0l0KzJXaoaMe08srZjnjpSz_AY_JQZ_AuE1IXxUNiO83XzNRdqxtnq9w920sXK5Qs5xivtIsCZBa_UBF-SkRAJhjhEPUG_32NtOAydoSInLpUazIGePnDiFWTPQRYlwg83oJl58CgVxFZbbMV-AZf8UsrijkqSBcOV-gE78IS_NmPXYN89XRlIunssPVvfUojyqkDptgJXrD0uN1VUmCWjzJGADCiTHZVDiHDuIQ71Ll4YuIIPkJE_EoIQCzvVJcE1uB66Qpreqcw87T6ocQaTwwCp0fv6Opgw8fGNJ4YOyPQXdNXfgT5P3PXfgj5Lnjvrhnn2FgissUodzdyjPD0X1fd-ULFX5tD7A3xXIF-tDBCgvuiHGr3D-GeXgdzgfKXegiEbK_yMaxX8KEXxGzTUEegm8mI4Hf2hxRGjTsMRvCFkIYhEZ0pCcfjjoTT6BXc6K0KPVFYXbhWPLM4_xfN2AZfZUIwdORsj |
457 |
qlPW9ZIJ7u45zvfqKNsBHcfxuUt8KibWx82cQ_wkh-F35fkQIfpf3j7SDT-TLjfLN9Rrn64xh60lp5kG_7bGGeOKkKc6VMhCC6dIzM4DzoMXC9cL4nrTb1XUtmkKqBjX6w31xWIuRca2HQJAu0dzlwC8SLsU6Lt_uQnZHrJtQYIm-XawfBQVGa976MlxpXxETGkJxIsYCGt8HP8GmP8O-NpFf-sUNAStvFZ7BF5oG84h43DEJd79SCbZ_IOEfHYJPPPJIkxtGZf-JhDcfmyv4IOGCqZPb-Wvxo4x3gitGEzYrvEufjwS3A_9muBjOgF-Hi3evsY9pRH-aE07kKrTR-23AGOhiteC7BYO-33m3xtKZjqPTIJyla9ed7VzePS1dsogOs8KbzxRIeWnvGCqQoymb-eYLNvspCBoF-z8j-9iocqC5tj3TG51H9rlR7XFt6I3pbnvdQnJhyPxWB6qCVJvTWz2XbSXBriJHjupiPixFMWY9goW2QYo8vqymyHQmCg0pZhMNfkVrvQFaM1q29Ca1iE97NmBW7BBFKjLUzYuxgeFEs3VTXgfeOxOuHA6GDpgDgyWrlDrS61ukwNGT3CJrK7hnkinOzosrNq2pMvOmNoEZQAJlb6spMlSQzBngBy-KbG9lNuoqsl45jyd9AeeC-HheWe3ZcDV83l82hJcKyxTugoXTmR29W7ggfMi9NIj3U057PbLunu_O-6Pf76PznSIHxJRq4e7OOIWL7KTwPgcP9f2rd7_dRKUwebBCDmgngUi2KFhknc5gFhThttK4Je6NbWFO4GIz0T3rsfJW4mql2yo1yqqtlZnzjLO21O874K2f7p-3F08ISRVMDf_iXbz5PD_K8sTuT0er8oTnKn5NWsdHyHVR99DQbfas-vv01XjSVsATVN47Wg1furyTLmYXI0p8ob7Xl6tjv6sXjplX6K40Nz4WV013XF_UIgmX3fSurGfTwwJ0j4vLEa_um-eE7-4VWqYv |
458 |
q8eX-zbZTFYPl2htaOZRdlYzh4P_A-M3io619--V_wMk2UFA |
459 |
+\ No newline at end of file |
460 |
+diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py |
461 |
+index a8afeb2..be268da 100644 |
462 |
+--- a/keystonemiddleware/auth_token/__init__.py |
463 |
++++ b/keystonemiddleware/auth_token/__init__.py |
464 |
+@@ -883,6 +883,18 @@ class AuthProtocol(_BaseAuthProtocol): |
465 |
+ 'fallback to online validation.')) |
466 |
+ else: |
467 |
+ data = jsonutils.loads(verified) |
468 |
++ |
469 |
++ audit_ids = None |
470 |
++ if 'access' in data: |
471 |
++ # It's a v2 token. |
472 |
++ audit_ids = data['access']['token'].get('audit_ids') |
473 |
++ else: |
474 |
++ # It's a v3 token |
475 |
++ audit_ids = data['token'].get('audit_ids') |
476 |
++ |
477 |
++ if audit_ids: |
478 |
++ self._revocations.check_by_audit_id(audit_ids) |
479 |
++ |
480 |
+ return data |
481 |
+ |
482 |
+ def _validate_token(self, auth_ref): |
483 |
+diff --git a/keystonemiddleware/auth_token/_revocations.py b/keystonemiddleware/auth_token/_revocations.py |
484 |
+index 8cc449a..a68356a 100644 |
485 |
+--- a/keystonemiddleware/auth_token/_revocations.py |
486 |
++++ b/keystonemiddleware/auth_token/_revocations.py |
487 |
+@@ -104,3 +104,25 @@ class Revocations(object): |
488 |
+ if self._any_revoked(token_ids): |
489 |
+ self._log.debug('Token is marked as having been revoked') |
490 |
+ raise exc.InvalidToken(_('Token has been revoked')) |
491 |
++ |
492 |
++ def check_by_audit_id(self, audit_ids): |
493 |
++ """Check whether the audit_id appears in the revocation list. |
494 |
++ |
495 |
++ :raises keystonemiddleware.auth_token._exceptions.InvalidToken: |
496 |
++ if the audit ID(s) appear in the revocation list. |
497 |
++ |
498 |
++ """ |
499 |
++ revoked_tokens = self._list.get('revoked', None) |
500 |
++ if not revoked_tokens: |
501 |
++ # There's no revoked tokens, so nothing to do. |
502 |
++ return |
503 |
++ |
504 |
++ # The audit_id may not be present in the revocation events because |
505 |
++ # earlier versions of the identity server didn't provide them. |
506 |
++ revoked_ids = set( |
507 |
++ x['audit_id'] for x in revoked_tokens if 'audit_id' in x) |
508 |
++ for audit_id in audit_ids: |
509 |
++ if audit_id in revoked_ids: |
510 |
++ self._log.debug( |
511 |
++ 'Token is marked as having been revoked by audit id') |
512 |
++ raise exc.InvalidToken(_('Token has been revoked')) |
513 |
+diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py |
514 |
+index 3fdd4a9..e729735 100644 |
515 |
+--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py |
516 |
++++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py |
517 |
+@@ -896,6 +896,30 @@ class CommonAuthTokenMiddlewareTest(object): |
518 |
+ def test_revoked_hashed_pkiz_token(self): |
519 |
+ self._test_revoked_hashed_token('signed_token_scoped_pkiz') |
520 |
+ |
521 |
++ def test_revoked_pki_token_by_audit_id(self): |
522 |
++ # When the audit ID is in the revocation list, the token is invalid. |
523 |
++ self.set_middleware() |
524 |
++ token = self.token_dict['signed_token_scoped'] |
525 |
++ |
526 |
++ # Put the token audit ID in the revocation list, |
527 |
++ # the entry will have a false token ID so the token ID doesn't match. |
528 |
++ fake_token_id = uuid.uuid4().hex |
529 |
++ # The audit_id value is in examples/pki/cms/auth_*_token_scoped.json. |
530 |
++ audit_id = 'SLIXlXQUQZWUi9VJrqdXqA' |
531 |
++ revocation_list_data = { |
532 |
++ 'revoked': [ |
533 |
++ { |
534 |
++ 'id': fake_token_id, |
535 |
++ 'audit_id': audit_id |
536 |
++ }, |
537 |
++ ] |
538 |
++ } |
539 |
++ self.middleware._revocations._list = jsonutils.dumps( |
540 |
++ revocation_list_data) |
541 |
++ |
542 |
++ resp = self.call_middleware(headers={'X-Auth-Token': token}) |
543 |
++ self.assertEqual(401, resp.status_int) |
544 |
++ |
545 |
+ def get_revocation_list_json(self, token_ids=None, mode=None): |
546 |
+ if token_ids is None: |
547 |
+ key = 'revoked_token_hash' + (('_' + mode) if mode else '') |
548 |
+diff --git a/keystonemiddleware/tests/unit/auth_token/test_revocations.py b/keystonemiddleware/tests/unit/auth_token/test_revocations.py |
549 |
+index cef65b8..258e195 100644 |
550 |
+--- a/keystonemiddleware/tests/unit/auth_token/test_revocations.py |
551 |
++++ b/keystonemiddleware/tests/unit/auth_token/test_revocations.py |
552 |
+@@ -27,22 +27,24 @@ from keystonemiddleware.tests.unit import utils |
553 |
+ |
554 |
+ class RevocationsTests(utils.BaseTestCase): |
555 |
+ |
556 |
+- def _check_with_list(self, revoked_list, token_ids): |
557 |
++ def _setup_revocations(self, revoked_list): |
558 |
+ directory_name = '/tmp/%s' % uuid.uuid4().hex |
559 |
+ signing_directory = _signing_dir.SigningDirectory(directory_name) |
560 |
+ self.addCleanup(shutil.rmtree, directory_name) |
561 |
+ |
562 |
+ identity_server = mock.Mock() |
563 |
+ |
564 |
+- verify_result_obj = { |
565 |
+- 'revoked': list({'id': r} for r in revoked_list) |
566 |
+- } |
567 |
++ verify_result_obj = {'revoked': revoked_list} |
568 |
+ cms_verify = mock.Mock(return_value=json.dumps(verify_result_obj)) |
569 |
+ |
570 |
+ revocations = _revocations.Revocations( |
571 |
+ timeout=datetime.timedelta(1), signing_directory=signing_directory, |
572 |
+ identity_server=identity_server, cms_verify=cms_verify) |
573 |
++ return revocations |
574 |
+ |
575 |
++ def _check_with_list(self, revoked_list, token_ids): |
576 |
++ revoked_list = list({'id': r} for r in revoked_list) |
577 |
++ revocations = self._setup_revocations(revoked_list) |
578 |
+ revocations.check(token_ids) |
579 |
+ |
580 |
+ def test_check_empty_list(self): |
581 |
+@@ -63,3 +65,40 @@ class RevocationsTests(utils.BaseTestCase): |
582 |
+ token_ids = [token_id] |
583 |
+ self.assertRaises(exc.InvalidToken, |
584 |
+ self._check_with_list, revoked_tokens, token_ids) |
585 |
++ |
586 |
++ def test_check_by_audit_id_revoked(self): |
587 |
++ # When the audit ID is in the revocation list, InvalidToken is raised. |
588 |
++ audit_id = uuid.uuid4().hex |
589 |
++ revoked_list = [{'id': uuid.uuid4().hex, 'audit_id': audit_id}] |
590 |
++ revocations = self._setup_revocations(revoked_list) |
591 |
++ self.assertRaises(exc.InvalidToken, |
592 |
++ revocations.check_by_audit_id, [audit_id]) |
593 |
++ |
594 |
++ def test_check_by_audit_id_chain_revoked(self): |
595 |
++ # When the token's audit chain ID is in the revocation list, |
596 |
++ # InvalidToken is raised. |
597 |
++ revoked_audit_id = uuid.uuid4().hex |
598 |
++ revoked_list = [{'id': uuid.uuid4().hex, 'audit_id': revoked_audit_id}] |
599 |
++ revocations = self._setup_revocations(revoked_list) |
600 |
++ |
601 |
++ token_audit_ids = [uuid.uuid4().hex, revoked_audit_id] |
602 |
++ self.assertRaises(exc.InvalidToken, |
603 |
++ revocations.check_by_audit_id, token_audit_ids) |
604 |
++ |
605 |
++ def test_check_by_audit_id_not_revoked(self): |
606 |
++ # When the audit ID is not in the revocation list no exception. |
607 |
++ revoked_list = [{'id': uuid.uuid4().hex, 'audit_id': uuid.uuid4().hex}] |
608 |
++ revocations = self._setup_revocations(revoked_list) |
609 |
++ |
610 |
++ audit_id = uuid.uuid4().hex |
611 |
++ revocations.check_by_audit_id([audit_id]) |
612 |
++ |
613 |
++ def test_check_by_audit_id_no_audit_ids(self): |
614 |
++ # Older identity servers don't send audit_ids in the revocation list. |
615 |
++ # When this happens, check_by_audit_id still works, just doesn't |
616 |
++ # verify anything. |
617 |
++ revoked_list = [{'id': uuid.uuid4().hex}] |
618 |
++ revocations = self._setup_revocations(revoked_list) |
619 |
++ |
620 |
++ audit_id = uuid.uuid4().hex |
621 |
++ revocations.check_by_audit_id([audit_id]) |
622 |
+-- |
623 |
+1.9.1 |
624 |
+ |
625 |
|
626 |
diff --git a/dev-python/keystonemiddleware/keystonemiddleware-2.3.1-r1.ebuild b/dev-python/keystonemiddleware/keystonemiddleware-2.3.1-r1.ebuild |
627 |
new file mode 100644 |
628 |
index 0000000..d0ea157 |
629 |
--- /dev/null |
630 |
+++ b/dev-python/keystonemiddleware/keystonemiddleware-2.3.1-r1.ebuild |
631 |
@@ -0,0 +1,83 @@ |
632 |
+# Copyright 1999-2016 Gentoo Foundation |
633 |
+# Distributed under the terms of the GNU General Public License v2 |
634 |
+# $Id$ |
635 |
+ |
636 |
+EAPI=5 |
637 |
+#PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) |
638 |
+PYTHON_COMPAT=( python2_7 python3_4 ) |
639 |
+ |
640 |
+inherit distutils-r1 |
641 |
+ |
642 |
+DESCRIPTION="A middleware for the OpenStack Keystone API" |
643 |
+HOMEPAGE="https://github.com/openstack/keystonemiddleware" |
644 |
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" |
645 |
+ |
646 |
+LICENSE="Apache-2.0" |
647 |
+SLOT="0" |
648 |
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux" |
649 |
+IUSE="doc examples test" |
650 |
+ |
651 |
+CDEPEND=">=dev-python/pbr-1.6[${PYTHON_USEDEP}]" |
652 |
+DEPEND=" |
653 |
+ dev-python/setuptools[${PYTHON_USEDEP}] |
654 |
+ ${CDEPEND} |
655 |
+ test? ( |
656 |
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}] |
657 |
+ >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}] |
658 |
+ >=dev-python/mock-1.2[${PYTHON_USEDEP}] |
659 |
+ >=dev-python/pycrypto-2.6[${PYTHON_USEDEP}] |
660 |
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}] |
661 |
+ >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}] |
662 |
+ >=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}] |
663 |
+ !~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}] |
664 |
+ !~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}] |
665 |
+ >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}] |
666 |
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] |
667 |
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}] |
668 |
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}] |
669 |
+ >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}] |
670 |
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] |
671 |
+ >=dev-python/testresources-0.2.4[${PYTHON_USEDEP}] |
672 |
+ >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}] |
673 |
+ >=dev-python/python-memcached-1.56[${PYTHON_USEDEP}] |
674 |
+ >=dev-python/bandit-0.13.2[${PYTHON_USEDEP}] |
675 |
+ )" |
676 |
+ |
677 |
+RDEPEND=" |
678 |
+ ${CDEPEND} |
679 |
+ >=dev-python/Babel-1.3[${PYTHON_USEDEP}] |
680 |
+ >=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}] |
681 |
+ >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}] |
682 |
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}] |
683 |
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}] |
684 |
+ >=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}] |
685 |
+ >=dev-python/pycadf-1.1.0[${PYTHON_USEDEP}] |
686 |
+ >=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}] |
687 |
+ >=dev-python/requests-2.5.2[${PYTHON_USEDEP}] |
688 |
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}] |
689 |
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]" |
690 |
+ |
691 |
+PATCHES=( |
692 |
+ "${FILESDIR}/CVE-2015-7546_2.3.2.patch" |
693 |
+) |
694 |
+ |
695 |
+python_prepare_all() { |
696 |
+ sed -i '/^hacking/d' test-requirements.txt || die |
697 |
+ distutils-r1_python_prepare_all |
698 |
+} |
699 |
+ |
700 |
+python_compile_all() { |
701 |
+ use doc && emake -C doc html |
702 |
+} |
703 |
+ |
704 |
+python_test() { |
705 |
+ testr init |
706 |
+ testr run || die "testsuite failed under python2.7" |
707 |
+ flake8 ${PN/python-/}/tests || die "run over tests folder by flake8 drew error" |
708 |
+} |
709 |
+ |
710 |
+python_install_all() { |
711 |
+ use doc && local HTML_DOCS=( doc/build/html/. ) |
712 |
+ use examples && local EXAMPLES=( examples/.) |
713 |
+ distutils-r1_python_install_all |
714 |
+} |
715 |
|
716 |
diff --git a/dev-python/keystonemiddleware/keystonemiddleware-2.3.2-r1.ebuild b/dev-python/keystonemiddleware/keystonemiddleware-2.3.2-r1.ebuild |
717 |
new file mode 100644 |
718 |
index 0000000..acea64e |
719 |
--- /dev/null |
720 |
+++ b/dev-python/keystonemiddleware/keystonemiddleware-2.3.2-r1.ebuild |
721 |
@@ -0,0 +1,88 @@ |
722 |
+# Copyright 1999-2016 Gentoo Foundation |
723 |
+# Distributed under the terms of the GNU General Public License v2 |
724 |
+# $Id$ |
725 |
+ |
726 |
+EAPI=5 |
727 |
+#PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) |
728 |
+PYTHON_COMPAT=( python2_7 python3_4 ) |
729 |
+ |
730 |
+inherit distutils-r1 |
731 |
+ |
732 |
+DESCRIPTION="A middleware for the OpenStack Keystone API" |
733 |
+HOMEPAGE="https://github.com/openstack/keystonemiddleware" |
734 |
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" |
735 |
+ |
736 |
+LICENSE="Apache-2.0" |
737 |
+SLOT="0" |
738 |
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux" |
739 |
+IUSE="doc examples test" |
740 |
+ |
741 |
+CDEPEND=">=dev-python/pbr-1.6[${PYTHON_USEDEP}]" |
742 |
+DEPEND=" |
743 |
+ dev-python/setuptools[${PYTHON_USEDEP}] |
744 |
+ ${CDEPEND} |
745 |
+ test? ( |
746 |
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}] |
747 |
+ >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}] |
748 |
+ >=dev-python/mock-1.2[${PYTHON_USEDEP}] |
749 |
+ >=dev-python/pycrypto-2.6[${PYTHON_USEDEP}] |
750 |
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}] |
751 |
+ >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}] |
752 |
+ >=dev-python/oslo-messaging-1.16.0[${PYTHON_USEDEP}] |
753 |
+ !~dev-python/oslo-messaging-1.17.0[${PYTHON_USEDEP}] |
754 |
+ !~dev-python/oslo-messaging-1.17.1[${PYTHON_USEDEP}] |
755 |
+ !~dev-python/oslo-messaging-2.6.0[${PYTHON_USEDEP}] |
756 |
+ !~dev-python/oslo-messaging-2.6.1[${PYTHON_USEDEP}] |
757 |
+ >=dev-python/requests-mock-0.6.0[${PYTHON_USEDEP}] |
758 |
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] |
759 |
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}] |
760 |
+ <dev-python/sphinx-1.3[${PYTHON_USEDEP}] |
761 |
+ >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}] |
762 |
+ >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] |
763 |
+ >=dev-python/testresources-0.2.4[${PYTHON_USEDEP}] |
764 |
+ >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}] |
765 |
+ >=dev-python/python-memcached-1.56[${PYTHON_USEDEP}] |
766 |
+ >=dev-python/bandit-0.13.2[${PYTHON_USEDEP}] |
767 |
+ )" |
768 |
+ |
769 |
+RDEPEND=" |
770 |
+ ${CDEPEND} |
771 |
+ >=dev-python/Babel-1.3[${PYTHON_USEDEP}] |
772 |
+ >=dev-python/oslo-config-2.3.0[${PYTHON_USEDEP}] |
773 |
+ >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}] |
774 |
+ >=dev-python/oslo-i18n-1.5.0[${PYTHON_USEDEP}] |
775 |
+ >=dev-python/oslo-serialization-1.4.0[${PYTHON_USEDEP}] |
776 |
+ >=dev-python/oslo-utils-2.0.0[${PYTHON_USEDEP}] |
777 |
+ !~dev-python/oslo-utils-2.6.0[${PYTHON_USEDEP}] |
778 |
+ >=dev-python/pycadf-1.1.0[${PYTHON_USEDEP}] |
779 |
+ >=dev-python/python-keystoneclient-1.6.0[${PYTHON_USEDEP}] |
780 |
+ !~dev-python/python-keystoneclient-1.8.0[${PYTHON_USEDEP}] |
781 |
+ >=dev-python/requests-2.5.2[${PYTHON_USEDEP}] |
782 |
+ !~dev-python/requests-2.8.0[${PYTHON_USEDEP}] |
783 |
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}] |
784 |
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]" |
785 |
+ |
786 |
+PATCHES=( |
787 |
+ "${FILESDIR}/CVE-2015-7546_2.3.2.patch" |
788 |
+) |
789 |
+ |
790 |
+python_prepare_all() { |
791 |
+ sed -i '/^hacking/d' test-requirements.txt || die |
792 |
+ distutils-r1_python_prepare_all |
793 |
+} |
794 |
+ |
795 |
+python_compile_all() { |
796 |
+ use doc && emake -C doc html |
797 |
+} |
798 |
+ |
799 |
+python_test() { |
800 |
+ testr init |
801 |
+ testr run || die "testsuite failed under python2.7" |
802 |
+ flake8 ${PN/python-/}/tests || die "run over tests folder by flake8 drew error" |
803 |
+} |
804 |
+ |
805 |
+python_install_all() { |
806 |
+ use doc && local HTML_DOCS=( doc/build/html/. ) |
807 |
+ use examples && local EXAMPLES=( examples/.) |
808 |
+ distutils-r1_python_install_all |
809 |
+} |