summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Gemfile1
-rw-r--r--lib/mixlib/authentication/signedheaderauth.rb37
-rw-r--r--mixlib-authentication.gemspec2
-rw-r--r--spec/mixlib/authentication/mixlib_authentication_spec.rb1
4 files changed, 23 insertions, 18 deletions
diff --git a/Gemfile b/Gemfile
index 25103b0..7c45e79 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,4 +4,5 @@ gemspec
group(:development) do
gem "pry"
gem "mixlib-log"
+ gem "net-ssh"
end
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb
index 4a19092..8ca2230 100644
--- a/lib/mixlib/authentication/signedheaderauth.rb
+++ b/lib/mixlib/authentication/signedheaderauth.rb
@@ -22,7 +22,6 @@ require "base64"
require "openssl/digest"
require "mixlib/authentication"
require "mixlib/authentication/digester"
-require "net/ssh"
module Mixlib
module Authentication
@@ -257,26 +256,34 @@ module Mixlib
if keypair.private?
keypair.sign(digest.new, string_to_sign)
else
- Mixlib::Authentication::Log.debug "No private key supplied, attempt to sign with ssh-agent."
- begin
- agent = Net::SSH::Authentication::Agent.connect
- rescue => e
- raise AuthenticationError, "Could not connect to ssh-agent. Make sure the SSH_AUTH_SOCK environment variable is set properly! (#{e.class.name}: #{e.message})"
- end
- begin
- ssh2_signature = agent.sign(keypair.public_key, string_to_sign, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256)
- rescue => e
- raise AuthenticationError, "Ssh-agent could not sign your request. Make sure your key is loaded with ssh-add! (#{e.class.name}: #{e.message})"
- end
- # extract signature from SSH Agent response => skip first 15 bytes for RSA keys
- # (see http://api.libssh.org/rfc/PROTOCOL.agent for details)
- ssh2_signature[20..-1]
+ Mixlib::Authentication.logger.debug "No private key supplied, will attempt to sign with ssh-agent."
+ do_sign_ssh_agent(keypair, string_to_sign)
end
else
keypair.private_encrypt(string_to_sign)
end
end
+ def do_sign_ssh_agent(keypair, string_to_sign)
+ begin
+ require "net/ssh"
+ agent = Net::SSH::Authentication::Agent.connect
+ rescue LoadError
+ raise AuthenticationError, "net-ssh is not available, unable to sign with ssh-agent and no private key supplied."
+ rescue => e
+ raise AuthenticationError, "Could not connect to ssh-agent. Make sure the SSH_AUTH_SOCK environment variable is set properly! (#{e.class.name}: #{e.message})"
+ end
+
+ begin
+ ssh2_signature = agent.sign(keypair.public_key, string_to_sign, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256)
+ rescue => e
+ raise AuthenticationError, "Unable to sign request with ssh-agent. Make sure your key is loaded with ssh-add! (#{e.class.name}: #{e.message})"
+ end
+ # extract signature from SSH Agent response => skip first 15 bytes for RSA keys
+ # (see http://api.libssh.org/rfc/PROTOCOL.agent for details)
+ ssh2_signature[20..-1]
+ end
+
private :canonical_time, :canonical_path, :parse_signing_description, :digester, :canonicalize_user_id
end
diff --git a/mixlib-authentication.gemspec b/mixlib-authentication.gemspec
index 8a01f94..0830546 100644
--- a/mixlib-authentication.gemspec
+++ b/mixlib-authentication.gemspec
@@ -12,8 +12,6 @@ Gem::Specification.new do |s|
s.email = "info@chef.io"
s.homepage = "https://www.chef.io"
- s.add_dependency "net-ssh"
-
s.require_path = "lib"
s.files = %w{LICENSE README.md Gemfile Rakefile NOTICE} + Dir.glob("*.gemspec") +
Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) }
diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb
index 8164a99..522a312 100644
--- a/spec/mixlib/authentication/mixlib_authentication_spec.rb
+++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb
@@ -138,7 +138,6 @@ describe "Mixlib::Authentication::SignedHeaderAuth" do
end
it "should choke when signing a request via ssh-agent and ssh-agent is not reachable with version 1.3" do
- expect { Net::SSH::Authentication::Agent.connect }.to raise_error(Net::SSH::Authentication::AgentNotAvailable)
expect { V1_3_SHA256_SIGNING_OBJECT.sign(PUBLIC_KEY) }.to raise_error(Mixlib::Authentication::AuthenticationError)
end