diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-16 14:03:19 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-30 09:03:01 -0800 |
commit | a19e5cbb85b591ce3289b06c467b8ab21cbba85e (patch) | |
tree | 3682d8f0ae6272d830c47ee7cf509b921dea929f /lib | |
parent | 6ebe6bbdabd0c4da634b26deb00cafb7fa636bcc (diff) | |
download | mixlib-authentication-a19e5cbb85b591ce3289b06c467b8ab21cbba85e.tar.gz |
Added signature verification for signing version 1.3
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index d73b16c..ff43664 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -138,8 +138,15 @@ module Mixlib def verify_signature(algorithm, version) candidate_block = canonicalize_request(algorithm, version) - request_decrypted_block = @user_secret.public_decrypt(Base64.decode64(request_signature)) - @valid_signature = (request_decrypted_block == candidate_block) + signature = Base64.decode64(request_signature) + @valid_signature = case version + when '1.3' + digest = validate_sign_version_digest!(version, algorithm) + @user_secret.verify(digest.new, signature, candidate_block) + else + request_decrypted_block = @user_secret.public_decrypt(signature) + (request_decrypted_block == candidate_block) + end # Keep the debug messages lined up so it's easy to scan them Mixlib::Authentication::Log.debug("Verifying request signature:") |