Our signing versions only support 1 hashing algorithm each

This removes SHA1 from v1.3. v1.0 and v1.1 support SHA1 only
author: Jay Mundrawala <jdmundrawala@gmail.com> 2015-12-05 14:23:34 -0800
committer: Jay Mundrawala <jdmundrawala@gmail.com> 2015-12-05 14:37:17 -0800
commit: 366fcfb07938576128c9bffb0d5ea2056e9e0cbe (patch)
tree: 4c624851b40b8ba878a0754260e70d58d3a2284e /lib
parent: 36a11952dc027797c72bcd912efc05a8c659b791 (diff)
download: mixlib-authentication-366fcfb07938576128c9bffb0d5ea2056e9e0cbe.tar.gz
1 files changed, 10 insertions, 24 deletions
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb
index 8faf313..e0a5a7f 100644
--- a/lib/mixlib/authentication/signedheaderauth.rb
+++ b/lib/mixlib/authentication/signedheaderauth.rb
@@ -30,14 +30,14 @@ module Mixlib
 
       NULL_ARG = Object.new
 
-      ALGORITHMS_FOR_VERSION = {
-        '1.0' => ['sha1'],
-        '1.1' => ['sha1'],
-        '1.3' => ['sha256', 'sha1'],
+      ALGORITHM_FOR_VERSION = {
+        '1.0' => 'sha1',
+        '1.1' => 'sha1',
+        '1.3' => 'sha256',
       }.freeze()
 
       # Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use
-      # ALGORITHMS_FOR_VERSION instead
+      # ALGORITHM_FOR_VERSION instead
       SUPPORTED_ALGORITHMS = ['sha1'].freeze
       SUPPORTED_VERSIONS = ['1.0', '1.1'].freeze
 
@@ -81,13 +81,12 @@ module Mixlib
                           args[:user_id],
                           args[:file],
                           args[:proto_version],
-                          args[:signing_algorithm],
                           args[:headers]
                          )
       end
 
       def algorithm
-        DEFAULT_SIGN_ALGORITHM
+        ALGORITHM_FOR_VERSION[proto_version] || DEFAULT_SIGN_ALGORITHM
       end
 
       def proto_version
@@ -122,14 +121,14 @@ module Mixlib
       end
 
       def validate_sign_version_digest!(sign_algorithm, sign_version)
-        if ALGORITHMS_FOR_VERSION[sign_version].nil?
+        if ALGORITHM_FOR_VERSION[sign_version].nil?
           raise AuthenticationError,
             "Unsupported version '#{sign_version}'"
         end
 
-        if !ALGORITHMS_FOR_VERSION[sign_version].include?(sign_algorithm)
+        if ALGORITHM_FOR_VERSION[sign_version] != sign_algorithm
           raise AuthenticationError,
-            "Unsupported version '#{sign_version}'"
+            "Unsupported algorithm #{sign_algorithm} for version '#{sign_version}'"
         end
 
         case sign_algorithm
@@ -264,26 +263,13 @@ module Mixlib
     # provides a more convenient interface to the constructor.
     class SigningObject < Struct.new(:http_method, :path, :body, :host,
                                      :timestamp, :user_id, :file, :proto_version,
-                                     :signing_algorithm, :headers)
+                                     :headers)
       include SignedHeaderAuth
 
       def proto_version
         (self[:proto_version] or DEFAULT_PROTO_VERSION).to_s
       end
 
-      def algorithm
-        if self[:signing_algorithm]
-          self[:signing_algorithm]
-        else
-          case proto_version
-          when '1.3'
-            ALGORITHMS_FOR_VERSION[proto_version].first
-          else
-            DEFAULT_SIGN_ALGORITHM
-          end
-        end
-      end
-
       def server_api_version
         key = (self[:headers] || {}).keys.select do |k|
           k.downcase == 'x-ops-server-api-version'
author	Jay Mundrawala <jdmundrawala@gmail.com>	2015-12-05 14:23:34 -0800
committer	Jay Mundrawala <jdmundrawala@gmail.com>	2015-12-05 14:37:17 -0800
commit	366fcfb07938576128c9bffb0d5ea2056e9e0cbe (patch)
tree	4c624851b40b8ba878a0754260e70d58d3a2284e /lib
parent	36a11952dc027797c72bcd912efc05a8c659b791 (diff)
download	mixlib-authentication-366fcfb07938576128c9bffb0d5ea2056e9e0cbe.tar.gz