diff options
author | Adam Jacob <adam@opscode.com> | 2010-02-18 16:47:47 -0800 |
---|---|---|
committer | Adam Jacob <adam@opscode.com> | 2010-02-18 16:47:47 -0800 |
commit | 1aeb381f5e7fed7075c74bf1812efc9e89d4d207 (patch) | |
tree | 81f8e758340c85d464b7205d066025c5115454c0 /lib | |
parent | 2b9683ac67da58ddb6125731bba3828e80103278 (diff) | |
parent | 498268d205df3b5898f134d60835ae96daf0c694 (diff) | |
download | mixlib-authentication-1aeb381f5e7fed7075c74bf1812efc9e89d4d207.tar.gz |
Merge branch 'total-integration' of git://github.com/skeptomai/mixlib-authentication into skeptomai/total-integration
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mixlib/authentication/signatureverification.rb | 8 | ||||
-rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 24 |
2 files changed, 23 insertions, 9 deletions
diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb index 570a5b9..ee837ee 100644 --- a/lib/mixlib/authentication/signatureverification.rb +++ b/lib/mixlib/authentication/signatureverification.rb @@ -1,6 +1,7 @@ # # Author:: Christopher Brown (<cb@opscode.com>) -# Copyright:: Copyright (c) 2009 Opscode, Inc. +# Author:: Christopher Walters (<cw@opscode.com>) +# Copyright:: Copyright (c) 2009, 2010 Opscode, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +28,7 @@ module Mixlib include Mixlib::Authentication::SignedHeaderAuth - attr_reader :hashed_body, :timestamp, :http_method, :user_id + attr_reader :hashed_body, :timestamp, :http_method, :path, :user_id # Takes the request, boils down the pieces we are interested in, # looks up the user, generates a signature, and compares to @@ -43,11 +44,12 @@ module Mixlib Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}" headers ||= request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } - digester = Mixlib::Authentication::Digester.new + digester = Mixlib::Authentication::Digester.new begin @allowed_time_skew = time_skew # in seconds @http_method = request.method.to_s + @path = request.path.to_s @signing_description = headers[:x_ops_sign].chomp @user_id = headers[:x_ops_userid].chomp @timestamp = headers[:x_ops_timestamp].chomp diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 8ca80a3..993d927 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -1,5 +1,6 @@ # # Author:: Christopher Brown (<cb@opscode.com>) +# Author:: Christopher Walters (<cw@opscode.com>) # Copyright:: Copyright (c) 2009 Opscode, Inc. # License:: Apache License, Version 2.0 # @@ -58,14 +59,15 @@ module Mixlib # Our multiline hash for authorization will be encoded in multiple header # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!) - signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp + string_to_sign = canonicalize_request + signature = Base64.encode64(private_key.private_encrypt(string_to_sign)).chomp signature_lines = signature.split(/\n/) signature_lines.each_index do |idx| key = "X-Ops-Authorization-#{idx + 1}" header_hash[key] = signature_lines[idx] end - - Mixlib::Authentication::Log.debug "Header hash: #{header_hash.inspect}" + + Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'\nHeader hash: #{header_hash.inspect}" header_hash end @@ -77,7 +79,17 @@ module Mixlib def canonical_time Time.parse(timestamp).utc.iso8601 end - + + # Build the canonicalized path, which collapses multiple slashes (/) and + # removes a trailing slash unless the path is only "/" + # + # ====Parameters + # + def canonical_path + p = path.gsub(/\/+/,'/') + p.length > 1 ? p.chomp('/') : p + end + # Takes HTTP request method & headers and creates a canonical form # to create the signature # @@ -85,7 +97,7 @@ module Mixlib # # def canonicalize_request - "Method:#{http_method.to_s.upcase}\nX-Ops-Content-Hash:#{@hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}" + "Method:#{http_method.to_s.upcase}\nPath:#{canonical_path}\nX-Ops-Content-Hash:#{@hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}" end # Parses signature version information, algorithm used, etc. @@ -101,7 +113,7 @@ module Mixlib Mixlib::Authentication::Log.debug "Parsed signing description: #{parts.inspect}" end - private :canonical_time, :canonicalize_request, :parse_signing_description + private :canonical_time, :canonical_path, :canonicalize_request, :parse_signing_description end end |