diff options
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 37 | ||||
| -rw-r--r-- | mixlib-authentication.gemspec | 2 | ||||
| -rw-r--r-- | spec/mixlib/authentication/mixlib_authentication_spec.rb | 1 |
4 files changed, 23 insertions, 18 deletions
@@ -4,4 +4,5 @@ gemspec group(:development) do gem "pry" gem "mixlib-log" + gem "net-ssh" end diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 4a19092..8ca2230 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -22,7 +22,6 @@ require "base64" require "openssl/digest" require "mixlib/authentication" require "mixlib/authentication/digester" -require "net/ssh" module Mixlib module Authentication @@ -257,26 +256,34 @@ module Mixlib if keypair.private? keypair.sign(digest.new, string_to_sign) else - Mixlib::Authentication::Log.debug "No private key supplied, attempt to sign with ssh-agent." - begin - agent = Net::SSH::Authentication::Agent.connect - rescue => e - raise AuthenticationError, "Could not connect to ssh-agent. Make sure the SSH_AUTH_SOCK environment variable is set properly! (#{e.class.name}: #{e.message})" - end - begin - ssh2_signature = agent.sign(keypair.public_key, string_to_sign, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256) - rescue => e - raise AuthenticationError, "Ssh-agent could not sign your request. Make sure your key is loaded with ssh-add! (#{e.class.name}: #{e.message})" - end - # extract signature from SSH Agent response => skip first 15 bytes for RSA keys - # (see http://api.libssh.org/rfc/PROTOCOL.agent for details) - ssh2_signature[20..-1] + Mixlib::Authentication.logger.debug "No private key supplied, will attempt to sign with ssh-agent." + do_sign_ssh_agent(keypair, string_to_sign) end else keypair.private_encrypt(string_to_sign) end end + def do_sign_ssh_agent(keypair, string_to_sign) + begin + require "net/ssh" + agent = Net::SSH::Authentication::Agent.connect + rescue LoadError + raise AuthenticationError, "net-ssh is not available, unable to sign with ssh-agent and no private key supplied." + rescue => e + raise AuthenticationError, "Could not connect to ssh-agent. Make sure the SSH_AUTH_SOCK environment variable is set properly! (#{e.class.name}: #{e.message})" + end + + begin + ssh2_signature = agent.sign(keypair.public_key, string_to_sign, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256) + rescue => e + raise AuthenticationError, "Unable to sign request with ssh-agent. Make sure your key is loaded with ssh-add! (#{e.class.name}: #{e.message})" + end + # extract signature from SSH Agent response => skip first 15 bytes for RSA keys + # (see http://api.libssh.org/rfc/PROTOCOL.agent for details) + ssh2_signature[20..-1] + end + private :canonical_time, :canonical_path, :parse_signing_description, :digester, :canonicalize_user_id end diff --git a/mixlib-authentication.gemspec b/mixlib-authentication.gemspec index 8a01f94..0830546 100644 --- a/mixlib-authentication.gemspec +++ b/mixlib-authentication.gemspec @@ -12,8 +12,6 @@ Gem::Specification.new do |s| s.email = "info@chef.io" s.homepage = "https://www.chef.io" - s.add_dependency "net-ssh" - s.require_path = "lib" s.files = %w{LICENSE README.md Gemfile Rakefile NOTICE} + Dir.glob("*.gemspec") + Dir.glob("{lib,spec}/**/*", File::FNM_DOTMATCH).reject { |f| File.directory?(f) } diff --git a/spec/mixlib/authentication/mixlib_authentication_spec.rb b/spec/mixlib/authentication/mixlib_authentication_spec.rb index 8164a99..522a312 100644 --- a/spec/mixlib/authentication/mixlib_authentication_spec.rb +++ b/spec/mixlib/authentication/mixlib_authentication_spec.rb @@ -138,7 +138,6 @@ describe "Mixlib::Authentication::SignedHeaderAuth" do end it "should choke when signing a request via ssh-agent and ssh-agent is not reachable with version 1.3" do - expect { Net::SSH::Authentication::Agent.connect }.to raise_error(Net::SSH::Authentication::AgentNotAvailable) expect { V1_3_SHA256_SIGNING_OBJECT.sign(PUBLIC_KEY) }.to raise_error(Mixlib::Authentication::AuthenticationError) end |