#define dout_subsys ceph_subsys_rgw
-int open_cms_envelope(CephContext *cct, string& src, string& dst)
+int rgw_open_cms_envelope(CephContext * const cct, string& src, string& dst)
{
#define BEGIN_CMS "-----BEGIN CMS-----"
#define END_CMS "-----END CMS-----"
return 0;
}
-int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist& bl)
+int rgw_decode_b64_cms(CephContext * const cct,
+ const string& signed_b64,
+ bufferlist& bl)
{
bufferptr signed_ber(signed_b64.size() * 2);
char *dest = signed_ber.c_str();
size_t len = signed_b64.size();
char buf[len + 1];
buf[len] = '\0';
+
for (size_t i = 0; i < len; i++, src++) {
- if (*src != '-')
+ if (*src != '-') {
buf[i] = *src;
- else
+ } else {
buf[i] = '/';
+ }
}
- int ret = ceph_unarmor(dest, dest + signed_ber.length(), buf, buf + signed_b64.size());
+
+ int ret = ceph_unarmor(dest, dest + signed_ber.length(), buf,
+ buf + signed_b64.size());
if (ret < 0) {
ldout(cct, 0) << "ceph_unarmor() failed, ret=" << ret << dendl;
return ret;
#define PKI_ANS1_PREFIX "MII"
-bool is_pki_token(const string& token)
+bool rgw_is_pki_token(const string& token)
{
return token.compare(0, sizeof(PKI_ANS1_PREFIX) - 1, PKI_ANS1_PREFIX) == 0;
}
-void get_token_id(const string& token, string& token_id)
+void rgw_get_token_id(const string& token, string& token_id)
{
- if (!is_pki_token(token)) {
+ if (!rgw_is_pki_token(token)) {
token_id = token;
return;
}
hash.Update((const byte *)token.c_str(), token.size());
hash.Final(m);
-
char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
token_id = calc_md5;
}
-bool decode_pki_token(CephContext *cct, const string& token, bufferlist& bl)
+bool rgw_decode_pki_token(CephContext * const cct,
+ const string& token,
+ bufferlist& bl)
{
- if (!is_pki_token(token))
+ if (!rgw_is_pki_token(token)) {
return false;
+ }
- int ret = decode_b64_cms(cct, token, bl);
- if (ret < 0)
+ int ret = rgw_decode_b64_cms(cct, token, bl);
+ if (ret < 0) {
return false;
+ }
ldout(cct, 20) << "successfully decoded pki token" << dendl;
{
Mutex::Locker l(lock);
- get_token_id(token.token.id, admin_token_id);
+ rgw_get_token_id(token.token.id, admin_token_id);
add(admin_token_id, token);
}
#include "rgw_common.h"
-int open_cms_envelope(CephContext *cct, string& src, string& dst);
-int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist& bl);
-bool is_pki_token(const string& token);
-void get_token_id(const string& token, string& token_id);
-bool decode_pki_token(CephContext *cct, const string& token, bufferlist& bl);
+int rgw_open_cms_envelope(CephContext *cct, string& src, string& dst);
+int rgw_decode_b64_cms(CephContext *cct,
+ const string& signed_b64,
+ bufferlist& bl);
+bool rgw_is_pki_token(const string& token);
+void rgw_get_token_id(const string& token, string& token_id);
+bool rgw_decode_pki_token(CephContext *cct,
+ const string& token,
+ bufferlist& bl);
enum class KeystoneApiVersion {
VER_2,
ldout(cct, 10) << "signed=" << signed_str << dendl;
string signed_b64;
- ret = open_cms_envelope(cct, signed_str, signed_b64);
+ ret = rgw_open_cms_envelope(cct, signed_str, signed_b64);
if (ret < 0)
return ret;
ldout(cct, 10) << "content=" << signed_b64 << dendl;
bufferlist json;
- ret = decode_b64_cms(cct, signed_b64, json);
+ ret = rgw_decode_b64_cms(cct, signed_b64, json);
if (ret < 0) {
return ret;
}
KeystoneToken t;
string token_id;
- get_token_id(token, token_id);
+ rgw_get_token_id(token, token_id);
ldout(cct, 20) << "token_id=" << token_id << dendl;
bufferlist bl;
/* check if that's a self signed token that we can decode */
- if (!decode_pki_token(cct, token, bl)) {
+ if (!rgw_decode_pki_token(cct, token, bl)) {
/* can't decode, just go to the keystone server for validation */
projects / ceph.git / commitdiff