Merge branch 'total-integration' of git://github.com/skeptomai/mixlib-authentication into skeptomai/total-integration

author: Adam Jacob <adam@opscode.com> 2010-02-18 16:47:47 -0800
committer: Adam Jacob <adam@opscode.com> 2010-02-18 16:47:47 -0800
commit: 1aeb381f5e7fed7075c74bf1812efc9e89d4d207 (patch)
tree: 81f8e758340c85d464b7205d066025c5115454c0
parent: 2b9683ac67da58ddb6125731bba3828e80103278 (diff)
parent: 498268d205df3b5898f134d60835ae96daf0c694 (diff)
download: mixlib-authentication-1aeb381f5e7fed7075c74bf1812efc9e89d4d207.tar.gz
2 files changed, 23 insertions, 9 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb
index 570a5b9..ee837ee 100644
--- a/lib/mixlib/authentication/signatureverification.rb
+++ b/lib/mixlib/authentication/signatureverification.rb
@@ -1,6 +1,7 @@
 #
 # Author:: Christopher Brown (<cb@opscode.com>)
-# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# Author:: Christopher Walters (<cw@opscode.com>)
+# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -27,7 +28,7 @@ module Mixlib
 
       include Mixlib::Authentication::SignedHeaderAuth
       
-      attr_reader :hashed_body, :timestamp, :http_method, :user_id
+      attr_reader :hashed_body, :timestamp, :http_method, :path, :user_id
 
       # Takes the request, boils down the pieces we are interested in,
       # looks up the user, generates a signature, and compares to
@@ -43,11 +44,12 @@ module Mixlib
         Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}"
         
         headers ||= request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
-        digester = Mixlib::Authentication::Digester.new        
+        digester = Mixlib::Authentication::Digester.new
 
         begin
           @allowed_time_skew   = time_skew # in seconds
           @http_method         = request.method.to_s
+          @path                = request.path.to_s
           @signing_description = headers[:x_ops_sign].chomp
           @user_id             = headers[:x_ops_userid].chomp
           @timestamp           = headers[:x_ops_timestamp].chomp
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb
index 8ca80a3..993d927 100644
--- a/lib/mixlib/authentication/signedheaderauth.rb
+++ b/lib/mixlib/authentication/signedheaderauth.rb
@@ -1,5 +1,6 @@
 #
 # Author:: Christopher Brown (<cb@opscode.com>)
+# Author:: Christopher Walters (<cw@opscode.com>)
 # Copyright:: Copyright (c) 2009 Opscode, Inc.
 # License:: Apache License, Version 2.0
 #
@@ -58,14 +59,15 @@ module Mixlib
 
         # Our multiline hash for authorization will be encoded in multiple header
         # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
-        signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp
+        string_to_sign = canonicalize_request
+        signature = Base64.encode64(private_key.private_encrypt(string_to_sign)).chomp
         signature_lines = signature.split(/\n/)
         signature_lines.each_index do |idx|
           key = "X-Ops-Authorization-#{idx + 1}"
           header_hash[key] = signature_lines[idx]
         end
-          
-        Mixlib::Authentication::Log.debug "Header hash: #{header_hash.inspect}"
+        
+        Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'\nHeader hash: #{header_hash.inspect}"
         
         header_hash
       end
@@ -77,7 +79,17 @@ module Mixlib
       def canonical_time
         Time.parse(timestamp).utc.iso8601      
       end
-
+      
+      # Build the canonicalized path, which collapses multiple slashes (/) and
+      # removes a trailing slash unless the path is only "/"
+      # 
+      # ====Parameters
+      # 
+      def canonical_path
+        p = path.gsub(/\/+/,'/')
+        p.length > 1 ? p.chomp('/') : p
+      end
+      
       # Takes HTTP request method & headers and creates a canonical form
       # to create the signature
       # 
@@ -85,7 +97,7 @@ module Mixlib
       # 
       # 
       def canonicalize_request
-        "Method:#{http_method.to_s.upcase}\nX-Ops-Content-Hash:#{@hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}"
+        "Method:#{http_method.to_s.upcase}\nPath:#{canonical_path}\nX-Ops-Content-Hash:#{@hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}"
       end
       
       # Parses signature version information, algorithm used, etc.
@@ -101,7 +113,7 @@ module Mixlib
         Mixlib::Authentication::Log.debug "Parsed signing description: #{parts.inspect}"
       end
       
-      private :canonical_time, :canonicalize_request, :parse_signing_description
+      private :canonical_time, :canonical_path, :canonicalize_request, :parse_signing_description
       
     end
   end
author	Adam Jacob <adam@opscode.com>	2010-02-18 16:47:47 -0800
committer	Adam Jacob <adam@opscode.com>	2010-02-18 16:47:47 -0800
commit	1aeb381f5e7fed7075c74bf1812efc9e89d4d207 (patch)
tree	81f8e758340c85d464b7205d066025c5115454c0
parent	2b9683ac67da58ddb6125731bba3828e80103278 (diff)
parent	498268d205df3b5898f134d60835ae96daf0c694 (diff)
download	mixlib-authentication-1aeb381f5e7fed7075c74bf1812efc9e89d4d207.tar.gz