fixed PL-316 - now splitting Authorization header into multiple headers X-Ops-Authorization-1, ...PL-316

2 files changed, 27 insertions, 3 deletions

diff --git a/lib/mixlib/authentication/signatureverification.rb b/lib/mixlib/authentication/signatureverification.rb
index c9f4076..1152f9b 100644
--- a/lib/mixlib/authentication/signatureverification.rb
+++ b/lib/mixlib/authentication/signatureverification.rb
@@ -32,11 +32,27 @@ module Mixlib
           @signing_description = headers[:x_ops_sign].chomp
           @user_id             = headers[:x_ops_userid].chomp
           @timestamp           = headers[:x_ops_timestamp].chomp
-          @request_signature   = headers[:authorization].chomp.gsub(/\n\t/,"\n")
           @host                = headers[:host].chomp
           @content_hash        = headers[:x_ops_content_hash].chomp
           @user_secret         = user_lookup
 
+          # The authorization header is a Base64-encoded version of an RSA signature.
+          # The client sent it on multiple header lines, starting at index 1 - 
+          # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and
+          # concatenate.
+          @request_signature = ""
+          header_idx = 1
+          while (header_idx == 1 || !header_value.nil?)
+            header_name = "X-Ops-Authorization-#{header_idx}"
+            header_sym = header_name.downcase.to_sym
+            header_value = headers[header_sym]
+            if !header_value.nil?
+              @request_signature += "\n" if @request_signature.length > 0
+              @request_signature += header_value.strip
+            end
+            header_idx += 1
+          end
+          
           # Any file that's included in the request is hashed if it's there. Otherwise,
           # we hash the body. Look for files by looking for objects that respond to
           # the read call.
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb
index 84607f9..d69ea7e 100644
--- a/lib/mixlib/authentication/signedheaderauth.rb
+++ b/lib/mixlib/authentication/signedheaderauth.rb
@@ -33,14 +33,22 @@ module Mixlib
                          digester.hash_body(self.body)
                        end
         
-        signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp.gsub!(/\n/,"\n\t")
         header_hash = {
           "X-Ops-Sign" => SIGNING_DESCRIPTION,
           "X-Ops-Userid" => user_id,
           "X-Ops-Timestamp" => canonical_time,
           "X-Ops-Content-Hash" =>@hashed_body,
-          "Authorization" => signature,
         }
+
+        # Our multiline hash for authorization will be encoded in multiple header
+        # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
+        signature = Base64.encode64(private_key.private_encrypt(canonicalize_request)).chomp
+        signature_lines = signature.split(/\n/)
+        signature_lines.each_index do |idx|
+          key = "X-Ops-Authorization-#{idx + 1}"
+          header_hash[key] = signature_lines[idx]
+        end
+          
         Mixlib::Authentication::Log.debug "Header hash: #{header_hash.inspect}"
         
         header_hash