diff options
author | Christopher Brown <cb@opscode.com> | 2009-11-09 18:48:06 -0800 |
---|---|---|
committer | Christopher Brown <cb@opscode.com> | 2009-11-09 18:48:06 -0800 |
commit | 6d3e91681cc5725f018fda66f368435d9e27a9a3 (patch) | |
tree | 0a6dee29590136147671d39338f7f0d46534aba0 /lib/mixlib/authentication/signatureverification.rb | |
parent | 5de2fd9a6410eec7fb353d56d960a63bdeb9d8f7 (diff) | |
download | mixlib-authentication-6d3e91681cc5725f018fda66f368435d9e27a9a3.tar.gz |
cleanup for PL-316
Diffstat (limited to 'lib/mixlib/authentication/signatureverification.rb')
-rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index b6802e2..c010515 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -58,18 +58,10 @@ module Mixlib # The client sent it on multiple header lines, starting at index 1 - # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and # concatenate. - @request_signature = "" - header_idx = 1 - while (header_idx == 1 || !header_value.nil?) - header_name = "X-Ops-Authorization-#{header_idx}" - header_sym = header_name.downcase.to_sym - header_value = headers[header_sym] - if !header_value.nil? - @request_signature += "\n" if @request_signature.length > 0 - @request_signature += header_value.strip - end - header_idx += 1 - end + + # if there are 11 headers, the sort breaks - it becomes lexicographic sort rather than numeric [cb] + @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n") + Mixlib::Authentication::Log.debug "Reconstituted request signature: #{@request_signature}" # Any file that's included in the request is hashed if it's there. Otherwise, # we hash the body. Look for files by looking for objects that respond to |