diff options
Diffstat (limited to 'lib/mixlib/authentication/signedheaderauth.rb')
-rw-r--r-- | lib/mixlib/authentication/signedheaderauth.rb | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/lib/mixlib/authentication/signedheaderauth.rb b/lib/mixlib/authentication/signedheaderauth.rb index 8faf313..0b5f923 100644 --- a/lib/mixlib/authentication/signedheaderauth.rb +++ b/lib/mixlib/authentication/signedheaderauth.rb @@ -30,14 +30,14 @@ module Mixlib NULL_ARG = Object.new - ALGORITHMS_FOR_VERSION = { - '1.0' => ['sha1'], - '1.1' => ['sha1'], - '1.3' => ['sha256', 'sha1'], + ALGORITHM_FOR_VERSION = { + '1.0' => 'sha1', + '1.1' => 'sha1', + '1.3' => 'sha256', }.freeze() # Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use - # ALGORITHMS_FOR_VERSION instead + # ALGORITHM_FOR_VERSION instead SUPPORTED_ALGORITHMS = ['sha1'].freeze SUPPORTED_VERSIONS = ['1.0', '1.1'].freeze @@ -81,13 +81,12 @@ module Mixlib args[:user_id], args[:file], args[:proto_version], - args[:signing_algorithm], args[:headers] ) end def algorithm - DEFAULT_SIGN_ALGORITHM + ALGORITHM_FOR_VERSION[proto_version] || DEFAULT_SIGN_ALGORITHM end def proto_version @@ -122,14 +121,14 @@ module Mixlib end def validate_sign_version_digest!(sign_algorithm, sign_version) - if ALGORITHMS_FOR_VERSION[sign_version].nil? + if ALGORITHM_FOR_VERSION[sign_version].nil? raise AuthenticationError, "Unsupported version '#{sign_version}'" end - if !ALGORITHMS_FOR_VERSION[sign_version].include?(sign_algorithm) + if ALGORITHM_FOR_VERSION[sign_version] != sign_algorithm raise AuthenticationError, - "Unsupported version '#{sign_version}'" + "Unsupported algorithm #{sign_algorithm} for version '#{sign_version}'" end case sign_algorithm @@ -197,9 +196,9 @@ module Mixlib when "1.3" [ "Method:#{http_method.to_s.upcase}", - "Hashed Path:#{digester.hash_string(digest, canonical_path)}", + "Path:#{canonical_path}", "X-Ops-Content-Hash:#{hashed_body(digest)}", - "X-Ops-Sign:algorithm=#{sign_algorithm};version=#{sign_version}", + "X-Ops-Sign:version=#{sign_version}", "X-Ops-Timestamp:#{canonical_time}", "X-Ops-UserId:#{canonical_x_ops_user_id}", "X-Ops-Server-API-Version:#{server_api_version}", @@ -217,9 +216,11 @@ module Mixlib def canonicalize_user_id(user_id, proto_version, digest=OpenSSL::Digest::SHA1) case proto_version - when "1.1", "1.3" + when "1.1" + # and 1.2 if that ever gets implemented digester.hash_string(digest, user_id) else + # versions 1.0 and 1.3 user_id end end @@ -264,26 +265,13 @@ module Mixlib # provides a more convenient interface to the constructor. class SigningObject < Struct.new(:http_method, :path, :body, :host, :timestamp, :user_id, :file, :proto_version, - :signing_algorithm, :headers) + :headers) include SignedHeaderAuth def proto_version (self[:proto_version] or DEFAULT_PROTO_VERSION).to_s end - def algorithm - if self[:signing_algorithm] - self[:signing_algorithm] - else - case proto_version - when '1.3' - ALGORITHMS_FOR_VERSION[proto_version].first - else - DEFAULT_SIGN_ALGORITHM - end - end - end - def server_api_version key = (self[:headers] || {}).keys.select do |k| k.downcase == 'x-ops-server-api-version' |