diff options
| author | Tim Hinderliter <tim@opscode.com> | 2009-11-03 18:44:43 -0800 |
|---|---|---|
| committer | Tim Hinderliter <tim@opscode.com> | 2009-11-03 18:44:43 -0800 |
| commit | c38ca86e2e79737f5bb7c67b83f15a2dec61a2ea (patch) | |
| tree | c29b92b1d0b5dcae2335d5368866a9a54b7107b4 | |
| parent | eda2b502133b23dc8f90eba2654d19e87a63140a (diff) | |
| download | mixlib-authentication-PL-316.tar.gz | |
fixed PL-316 - now splitting Authorization header into multiple headers X-Ops-Authorization-1, ...PL-316
| -rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 18 | ||||
| -rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 12 |
2 files changed, 27 insertions, 3 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index c9f4076..1152f9b 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -32,11 +32,27 @@ module Mixlib @signing_description = headers[:x_ops_sign].chomp @user_id = headers[:x_ops_userid].chomp @timestamp = headers[:x_ops_timestamp].chomp - @request_signature = headers[:authorization].chomp.gsub(/\n\t/,"\n") @host = headers[:host].chomp @content_hash = headers[:x_ops_content_hash].chomp @user_secret = user_lookup + # The authorization header is a Base64-encoded version of an RSA signature. + # The client sent it on multiple header lines, starting at index 1 - + # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and + # concatenate. + @request_signature = "" + header_idx = 1 + while (header_idx == 1 || !header_value.nil?) + header_name = "X-Ops-Authorization-#{header_idx}" + header_sym = header_name.downcase.to_sym + header_value = headers[header_sym] + if !header_value.nil? + @request_signature += "\n" if @request_signature.length > 0 + @request_signature += header_value.strip + end + header_idx += 1 + end + # Any file that's included in the request is hashed if it's there. Otherwise, # we hash the body. Look for files by looking for objects that respond to # the read call. diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 84607f9..d69ea7e 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -33,14 +33,22 @@ module Mixlib digester.hash_body(self.body) end - signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp.gsub!(/\n/,"\n\t") header_hash = { "X-Ops-Sign" => SIGNING_DESCRIPTION, "X-Ops-Userid" => user_id, "X-Ops-Timestamp" => canonical_time, "X-Ops-Content-Hash" =>@hashed_body, - "Authorization" => signature, } + + # Our multiline hash for authorization will be encoded in multiple header + # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!) + signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp + signature_lines = signature.split(/\n/) + signature_lines.each_index do |idx| + key = "X-Ops-Authorization-#{idx + 1}" + header_hash[key] = signature_lines[idx] + end + Mixlib::Authentication::Log.debug "Header hash: #{header_hash.inspect}" header_hash |