The attached code shows the modification of the binary data that still generates a valid token; it can be run from
python-keystoneclient/examples/pki and usese the sample tokens and certificates in the associated subdirectories.
This shows the modified bytes that successfully pass are: 77 78 79 80 81 82 83 85 86 87 88 3979 3980 3981 3982 3983 3985 3986 3987 3988 3991 3992 4364
The range 77 78 79 80 81 82 83 85 86 87 88 looks like the object identitfier s
1 3 14 3 2 26 and 1 2 840 113549 1 7 1
The last byte is padding.
To see the content of the token in PEM format
cat cms/auth_v3_token_scoped.pem | awk ' ! /---/ {print $1}'| base64 -d | /usr/lib64/nss/unsupported-tools/derdump > /tmp/tokendata
The attached code shows the modification of the binary data that still generates a valid token; it can be run from
python- keystoneclient/ examples/ pki and usese the sample tokens and certificates in the associated subdirectories.
This shows the modified bytes that successfully pass are:
77 78 79 80 81 82 83 85 86 87 88 3979 3980 3981 3982 3983 3985 3986 3987 3988 3991 3992 4364
The range 77 78 79 80 81 82 83 85 86 87 88 looks like the object identitfier s
1 3 14 3 2 26
and
1 2 840 113549 1 7 1
The last byte is padding.
To see the content of the token in PEM format
cat cms/auth_ v3_token_ scoped. pem | awk ' ! /---/ {print $1}'| base64 -d | /usr/lib64/ nss/unsupported -tools/ derdump > /tmp/tokendata