mixlib-authentication 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/LICENSE ADDED
@@ -0,0 +1,201 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+ http://www.apache.org/licenses/
4
+
5
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
+
7
+ 1. Definitions.
8
+
9
+ "License" shall mean the terms and conditions for use, reproduction,
10
+ and distribution as defined by Sections 1 through 9 of this document.
11
+
12
+ "Licensor" shall mean the copyright owner or entity authorized by
13
+ the copyright owner that is granting the License.
14
+
15
+ "Legal Entity" shall mean the union of the acting entity and all
16
+ other entities that control, are controlled by, or are under common
17
+ control with that entity. For the purposes of this definition,
18
+ "control" means (i) the power, direct or indirect, to cause the
19
+ direction or management of such entity, whether by contract or
20
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
+ outstanding shares, or (iii) beneficial ownership of such entity.
22
+
23
+ "You" (or "Your") shall mean an individual or Legal Entity
24
+ exercising permissions granted by this License.
25
+
26
+ "Source" form shall mean the preferred form for making modifications,
27
+ including but not limited to software source code, documentation
28
+ source, and configuration files.
29
+
30
+ "Object" form shall mean any form resulting from mechanical
31
+ transformation or translation of a Source form, including but
32
+ not limited to compiled object code, generated documentation,
33
+ and conversions to other media types.
34
+
35
+ "Work" shall mean the work of authorship, whether in Source or
36
+ Object form, made available under the License, as indicated by a
37
+ copyright notice that is included in or attached to the work
38
+ (an example is provided in the Appendix below).
39
+
40
+ "Derivative Works" shall mean any work, whether in Source or Object
41
+ form, that is based on (or derived from) the Work and for which the
42
+ editorial revisions, annotations, elaborations, or other modifications
43
+ represent, as a whole, an original work of authorship. For the purposes
44
+ of this License, Derivative Works shall not include works that remain
45
+ separable from, or merely link (or bind by name) to the interfaces of,
46
+ the Work and Derivative Works thereof.
47
+
48
+ "Contribution" shall mean any work of authorship, including
49
+ the original version of the Work and any modifications or additions
50
+ to that Work or Derivative Works thereof, that is intentionally
51
+ submitted to Licensor for inclusion in the Work by the copyright owner
52
+ or by an individual or Legal Entity authorized to submit on behalf of
53
+ the copyright owner. For the purposes of this definition, "submitted"
54
+ means any form of electronic, verbal, or written communication sent
55
+ to the Licensor or its representatives, including but not limited to
56
+ communication on electronic mailing lists, source code control systems,
57
+ and issue tracking systems that are managed by, or on behalf of, the
58
+ Licensor for the purpose of discussing and improving the Work, but
59
+ excluding communication that is conspicuously marked or otherwise
60
+ designated in writing by the copyright owner as "Not a Contribution."
61
+
62
+ "Contributor" shall mean Licensor and any individual or Legal Entity
63
+ on behalf of whom a Contribution has been received by Licensor and
64
+ subsequently incorporated within the Work.
65
+
66
+ 2. Grant of Copyright License. Subject to the terms and conditions of
67
+ this License, each Contributor hereby grants to You a perpetual,
68
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
+ copyright license to reproduce, prepare Derivative Works of,
70
+ publicly display, publicly perform, sublicense, and distribute the
71
+ Work and such Derivative Works in Source or Object form.
72
+
73
+ 3. Grant of Patent License. Subject to the terms and conditions of
74
+ this License, each Contributor hereby grants to You a perpetual,
75
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
+ (except as stated in this section) patent license to make, have made,
77
+ use, offer to sell, sell, import, and otherwise transfer the Work,
78
+ where such license applies only to those patent claims licensable
79
+ by such Contributor that are necessarily infringed by their
80
+ Contribution(s) alone or by combination of their Contribution(s)
81
+ with the Work to which such Contribution(s) was submitted. If You
82
+ institute patent litigation against any entity (including a
83
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
84
+ or a Contribution incorporated within the Work constitutes direct
85
+ or contributory patent infringement, then any patent licenses
86
+ granted to You under this License for that Work shall terminate
87
+ as of the date such litigation is filed.
88
+
89
+ 4. Redistribution. You may reproduce and distribute copies of the
90
+ Work or Derivative Works thereof in any medium, with or without
91
+ modifications, and in Source or Object form, provided that You
92
+ meet the following conditions:
93
+
94
+ (a) You must give any other recipients of the Work or
95
+ Derivative Works a copy of this License; and
96
+
97
+ (b) You must cause any modified files to carry prominent notices
98
+ stating that You changed the files; and
99
+
100
+ (c) You must retain, in the Source form of any Derivative Works
101
+ that You distribute, all copyright, patent, trademark, and
102
+ attribution notices from the Source form of the Work,
103
+ excluding those notices that do not pertain to any part of
104
+ the Derivative Works; and
105
+
106
+ (d) If the Work includes a "NOTICE" text file as part of its
107
+ distribution, then any Derivative Works that You distribute must
108
+ include a readable copy of the attribution notices contained
109
+ within such NOTICE file, excluding those notices that do not
110
+ pertain to any part of the Derivative Works, in at least one
111
+ of the following places: within a NOTICE text file distributed
112
+ as part of the Derivative Works; within the Source form or
113
+ documentation, if provided along with the Derivative Works; or,
114
+ within a display generated by the Derivative Works, if and
115
+ wherever such third-party notices normally appear. The contents
116
+ of the NOTICE file are for informational purposes only and
117
+ do not modify the License. You may add Your own attribution
118
+ notices within Derivative Works that You distribute, alongside
119
+ or as an addendum to the NOTICE text from the Work, provided
120
+ that such additional attribution notices cannot be construed
121
+ as modifying the License.
122
+
123
+ You may add Your own copyright statement to Your modifications and
124
+ may provide additional or different license terms and conditions
125
+ for use, reproduction, or distribution of Your modifications, or
126
+ for any such Derivative Works as a whole, provided Your use,
127
+ reproduction, and distribution of the Work otherwise complies with
128
+ the conditions stated in this License.
129
+
130
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
131
+ any Contribution intentionally submitted for inclusion in the Work
132
+ by You to the Licensor shall be under the terms and conditions of
133
+ this License, without any additional terms or conditions.
134
+ Notwithstanding the above, nothing herein shall supersede or modify
135
+ the terms of any separate license agreement you may have executed
136
+ with Licensor regarding such Contributions.
137
+
138
+ 6. Trademarks. This License does not grant permission to use the trade
139
+ names, trademarks, service marks, or product names of the Licensor,
140
+ except as required for reasonable and customary use in describing the
141
+ origin of the Work and reproducing the content of the NOTICE file.
142
+
143
+ 7. Disclaimer of Warranty. Unless required by applicable law or
144
+ agreed to in writing, Licensor provides the Work (and each
145
+ Contributor provides its Contributions) on an "AS IS" BASIS,
146
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
+ implied, including, without limitation, any warranties or conditions
148
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
+ PARTICULAR PURPOSE. You are solely responsible for determining the
150
+ appropriateness of using or redistributing the Work and assume any
151
+ risks associated with Your exercise of permissions under this License.
152
+
153
+ 8. Limitation of Liability. In no event and under no legal theory,
154
+ whether in tort (including negligence), contract, or otherwise,
155
+ unless required by applicable law (such as deliberate and grossly
156
+ negligent acts) or agreed to in writing, shall any Contributor be
157
+ liable to You for damages, including any direct, indirect, special,
158
+ incidental, or consequential damages of any character arising as a
159
+ result of this License or out of the use or inability to use the
160
+ Work (including but not limited to damages for loss of goodwill,
161
+ work stoppage, computer failure or malfunction, or any and all
162
+ other commercial damages or losses), even if such Contributor
163
+ has been advised of the possibility of such damages.
164
+
165
+ 9. Accepting Warranty or Additional Liability. While redistributing
166
+ the Work or Derivative Works thereof, You may choose to offer,
167
+ and charge a fee for, acceptance of support, warranty, indemnity,
168
+ or other liability obligations and/or rights consistent with this
169
+ License. However, in accepting such obligations, You may act only
170
+ on Your own behalf and on Your sole responsibility, not on behalf
171
+ of any other Contributor, and only if You agree to indemnify,
172
+ defend, and hold each Contributor harmless for any liability
173
+ incurred by, or claims asserted against, such Contributor by reason
174
+ of your accepting any such warranty or additional liability.
175
+
176
+ END OF TERMS AND CONDITIONS
177
+
178
+ APPENDIX: How to apply the Apache License to your work.
179
+
180
+ To apply the Apache License to your work, attach the following
181
+ boilerplate notice, with the fields enclosed by brackets "[]"
182
+ replaced with your own identifying information. (Don't include
183
+ the brackets!) The text should be enclosed in the appropriate
184
+ comment syntax for the file format. We also recommend that a
185
+ file or class name and description of purpose be included on the
186
+ same "printed page" as the copyright notice for easier
187
+ identification within third-party archives.
188
+
189
+ Copyright [yyyy] [name of copyright owner]
190
+
191
+ Licensed under the Apache License, Version 2.0 (the "License");
192
+ you may not use this file except in compliance with the License.
193
+ You may obtain a copy of the License at
194
+
195
+ http://www.apache.org/licenses/LICENSE-2.0
196
+
197
+ Unless required by applicable law or agreed to in writing, software
198
+ distributed under the License is distributed on an "AS IS" BASIS,
199
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
+ See the License for the specific language governing permissions and
201
+ limitations under the License.
data/NOTICE ADDED
@@ -0,0 +1,7 @@
1
+ Mixlib::Authentication NOTICE
2
+ =================
3
+
4
+ Developed at Opscode (http://www.opscode.com).
5
+
6
+ * Copyright 2009, Opscode, Inc. <legal@opscode.com>
7
+
data/README.rdoc ADDED
@@ -0,0 +1,23 @@
1
+ == Mixlib::Authentication
2
+
3
+ Mixlib::Authentication provides a class-based header signing authentication object, like the one used in Chef.
4
+
5
+ == License
6
+
7
+ Author:: Christopher Brown (<cb@opscode.com>)
8
+ Copyright:: Copyright (c) 2009 Opscode, Inc.
9
+ License:: Apache License, Version 2.0
10
+
11
+ Licensed under the Apache License, Version 2.0 (the "License");
12
+ you may not use this file except in compliance with the License.
13
+ You may obtain a copy of the License at
14
+
15
+ http://www.apache.org/licenses/LICENSE-2.0
16
+
17
+ Unless required by applicable law or agreed to in writing, software
18
+ distributed under the License is distributed on an "AS IS" BASIS,
19
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20
+ See the License for the specific language governing permissions and
21
+ limitations under the License.
22
+
23
+
data/Rakefile ADDED
@@ -0,0 +1,64 @@
1
+ require 'rubygems'
2
+ require 'rake/gempackagetask'
3
+ require 'rubygems/specification'
4
+ require 'date'
5
+ require 'spec/rake/spectask'
6
+
7
+ GEM = "mixlib-authentication"
8
+ GEM_VERSION = "1.1.0"
9
+ AUTHOR = "Opscode, Inc."
10
+ EMAIL = "info@opscode.com"
11
+ HOMEPAGE = "http://www.opscode.com"
12
+ SUMMARY = "Mixes in simple per-request authentication"
13
+
14
+ spec = Gem::Specification.new do |s|
15
+ s.name = GEM
16
+ s.version = GEM_VERSION
17
+ s.platform = Gem::Platform::RUBY
18
+ s.has_rdoc = true
19
+ s.extra_rdoc_files = ["README.rdoc", "LICENSE", 'NOTICE']
20
+ s.summary = SUMMARY
21
+ s.description = s.summary
22
+ s.author = AUTHOR
23
+ s.email = EMAIL
24
+ s.homepage = HOMEPAGE
25
+
26
+ # Uncomment this to add a dependency
27
+ s.add_dependency "mixlib-log"
28
+
29
+ s.require_path = 'lib'
30
+ s.autorequire = GEM
31
+ s.files = %w(LICENSE README.rdoc Rakefile NOTICE) + Dir.glob("{lib,spec,features}/**/*")
32
+ end
33
+
34
+ task :default => :spec
35
+
36
+ desc "Run specs"
37
+ Spec::Rake::SpecTask.new do |t|
38
+ t.spec_files = FileList['spec/**/*_spec.rb']
39
+ t.spec_opts = %w(-fs --color)
40
+ end
41
+
42
+ Rake::GemPackageTask.new(spec) do |pkg|
43
+ pkg.gem_spec = spec
44
+ end
45
+
46
+ desc "install the gem locally"
47
+ task :install => [:package] do
48
+ sh %{gem install pkg/#{GEM}-#{GEM_VERSION}}
49
+ end
50
+
51
+ desc "create a gemspec file"
52
+ task :make_spec do
53
+ File.open("#{GEM}.gemspec", "w") do |file|
54
+ file.puts spec.to_ruby
55
+ end
56
+ end
57
+
58
+ desc "remove build files"
59
+ task :clean do
60
+ sh %Q{ rm -f pkg/*.gem }
61
+ end
62
+
63
+ desc "Run the spec and features"
64
+ task :test => [ :features, :spec ]
@@ -0,0 +1,32 @@
1
+ #
2
+ # Author:: Christopher Brown (<cb@opscode.com>)
3
+ # Copyright:: Copyright (c) 2009 Opscode, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require 'mixlib/log'
20
+
21
+ module Mixlib
22
+ module Authentication
23
+ class Log
24
+ extend Mixlib::Log
25
+ end
26
+
27
+ Log.level = :error
28
+
29
+ end
30
+ end
31
+
32
+
@@ -0,0 +1,48 @@
1
+ #
2
+ # Author:: Christopher Brown (<cb@opscode.com>)
3
+ # Copyright:: Copyright (c) 2009 Opscode, Inc.
4
+ # License:: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require 'mixlib/authentication'
20
+
21
+ module Mixlib
22
+ module Authentication
23
+ class Digester
24
+
25
+ class << self
26
+
27
+ def hash_file(f)
28
+ digester = Digest::SHA1.new
29
+ buf = ""
30
+ while f.read(16384, buf)
31
+ digester.update buf
32
+ end
33
+ ::Base64.encode64(digester.digest).chomp
34
+ end
35
+
36
+ # Digests a string, base64's and chomps the end
37
+ #
38
+ # ====Parameters
39
+ #
40
+ def hash_string(str)
41
+ ::Base64.encode64(Digest::SHA1.digest(str)).chomp
42
+ end
43
+
44
+ end
45
+
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,144 @@
1
+ #
2
+ # Author:: Christopher Brown (<cb@opscode.com>)
3
+ # Author:: Christopher Walters (<cw@opscode.com>)
4
+ # Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
5
+ # License:: Apache License, Version 2.0
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ require 'ostruct'
21
+ require 'net/http'
22
+ require 'mixlib/authentication'
23
+ require 'mixlib/authentication/signedheaderauth'
24
+
25
+ module Mixlib
26
+ module Authentication
27
+ class SignatureVerification
28
+
29
+ include Mixlib::Authentication::SignedHeaderAuth
30
+
31
+ attr_reader :hashed_body, :timestamp, :http_method, :path, :user_id
32
+
33
+ # Takes the request, boils down the pieces we are interested in,
34
+ # looks up the user, generates a signature, and compares to
35
+ # the signature in the request
36
+ # ====Headers
37
+ #
38
+ # X-Ops-Sign: algorithm=sha256;version=1.0;
39
+ # X-Ops-UserId: <user_id>
40
+ # X-Ops-Timestamp:
41
+ # X-Ops-Content-Hash:
42
+ # X-Ops-Authorization-#{line_number}
43
+ def authenticate_user_request(request, user_lookup, time_skew=(15*60))
44
+ Mixlib::Authentication::Log.debug "Initializing header auth : #{request.inspect}"
45
+
46
+ headers ||= request.env.inject({ }) { |memo, kv| memo[$2.gsub(/\-/,"_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo }
47
+ digester = Mixlib::Authentication::Digester
48
+
49
+ begin
50
+ @allowed_time_skew = time_skew # in seconds
51
+ @http_method = request.method.to_s
52
+ @path = request.path.to_s
53
+ @signing_description = headers[:x_ops_sign].chomp
54
+ @user_id = headers[:x_ops_userid].chomp
55
+ @timestamp = headers[:x_ops_timestamp].chomp
56
+ @host = headers[:host].chomp
57
+ @content_hash = headers[:x_ops_content_hash].chomp
58
+ @user_secret = user_lookup
59
+
60
+ # The authorization header is a Base64-encoded version of an RSA signature.
61
+ # The client sent it on multiple header lines, starting at index 1 -
62
+ # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and
63
+ # concatenate.
64
+
65
+ # if there are 11 headers, the sort breaks - it becomes lexicographic sort rather than numeric [cb]
66
+ @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }.sort { |x,y| x.to_s <=> y.to_s}.map { |i| i[1] }.join("\n")
67
+ Mixlib::Authentication::Log.debug "Reconstituted request signature: #{@request_signature}"
68
+
69
+ # Pull out any file that was attached to this request, using multipart
70
+ # form uploads.
71
+ # Depending on the server we're running in, multipart form uploads are
72
+ # handed to us differently.
73
+ # - In Passenger (Cookbooks Community Site), the File is handed to us
74
+ # directly in the params hash. The name is whatever the client used,
75
+ # its value is therefore a File or Tempfile.
76
+ # - In Merb (Chef server), the File is wrapped. The original parameter
77
+ # name used for the file is passed in with a Hash value. Within the hash
78
+ # is a name/value pair named 'file' which actually contains the Tempfile
79
+ # instance.
80
+ file_param = request.params.values.find { |value| value.respond_to?(:read) }
81
+
82
+ # No file_param; we're running in Merb, or it's just not there..
83
+ if file_param.nil?
84
+ hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? .
85
+ if !hash_param.nil?
86
+ file_param = hash_param.values.find { |value| value.respond_to?(:read) } # File/Tempfile responds to :read.
87
+ end
88
+ end
89
+
90
+ # Any file that's included in the request is hashed if it's there. Otherwise,
91
+ # we hash the body.
92
+ if file_param
93
+ Mixlib::Authentication::Log.debug "Digesting file_param: '#{file_param.inspect}'"
94
+ @hashed_body = digester.hash_file(file_param)
95
+ else
96
+ body = request.raw_post
97
+ Mixlib::Authentication::Log.debug "Digesting body: '#{body}'"
98
+ @hashed_body = digester.hash_string(body)
99
+ end
100
+
101
+ Mixlib::Authentication::Log.debug "Authenticating user : #{user_id}, User secret is : #{@user_secret}, Request signature is :\n#{@request_signature}, Hashed Body is : #{@hashed_body}"
102
+
103
+ #BUGBUG Not doing anything with the signing description yet [cb]
104
+ parse_signing_description
105
+ candidate_block = canonicalize_request
106
+ request_decrypted_block = @user_secret.public_decrypt(Base64.decode64(@request_signature))
107
+ signatures_match = (request_decrypted_block == candidate_block)
108
+ timeskew_is_acceptable = timestamp_within_bounds?(Time.parse(timestamp), Time.now)
109
+ hashes_match = @content_hash == hashed_body
110
+ rescue StandardError=>se
111
+ raise StandardError,"Failed to authenticate user request. Most likely missing a necessary header: #{se.message}", se.backtrace
112
+ end
113
+
114
+ Mixlib::Authentication::Log.debug "Candidate Block is: '#{candidate_block}'\nRequest decrypted block is: '#{request_decrypted_block}'\nCandidate content hash is: #{hashed_body}\nRequest Content Hash is: '#{@content_hash}'\nSignatures match: #{signatures_match}, Allowed Time Skew: #{timeskew_is_acceptable}, Hashes match?: #{hashes_match}\n"
115
+
116
+ if signatures_match and timeskew_is_acceptable and hashes_match
117
+ OpenStruct.new(:name=>user_id)
118
+ else
119
+ nil
120
+ end
121
+ end
122
+
123
+ private
124
+
125
+ # Compare the request timestamp with boundary time
126
+ #
127
+ #
128
+ # ====Parameters
129
+ # time1<Time>:: minuend
130
+ # time2<Time>:: subtrahend
131
+ #
132
+ def timestamp_within_bounds?(time1, time2)
133
+ time_diff = (time2-time1).abs
134
+ is_allowed = (time_diff < @allowed_time_skew)
135
+ Mixlib::Authentication::Log.debug "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
136
+ is_allowed
137
+ end
138
+ end
139
+
140
+
141
+ end
142
+ end
143
+
144
+
@@ -0,0 +1,121 @@
1
+ #
2
+ # Author:: Christopher Brown (<cb@opscode.com>)
3
+ # Author:: Christopher Walters (<cw@opscode.com>)
4
+ # Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
5
+ # License:: Apache License, Version 2.0
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ require 'time'
21
+ require 'base64'
22
+ require 'ostruct'
23
+ require 'digest/sha1'
24
+ require 'mixlib/authentication'
25
+ require 'mixlib/authentication/digester'
26
+
27
+ module Mixlib
28
+ module Authentication
29
+ module SignedHeaderAuth
30
+
31
+ SIGNING_DESCRIPTION = 'version=1.0'
32
+
33
+ # This is a module meant to be mixed in but can be used standalone
34
+ # with the simple OpenStruct extended with the auth functions
35
+ class << self
36
+ def signing_object(args={ })
37
+ OpenStruct.new(args).extend SignedHeaderAuth
38
+ end
39
+ end
40
+
41
+ # Build the canonicalized request based on the method, other headers, etc.
42
+ # compute the signature from the request, using the looked-up user secret
43
+ # ====Parameters
44
+ # private_key<OpenSSL::PKey::RSA>:: user's RSA private key.
45
+ def sign(private_key)
46
+ # Our multiline hash for authorization will be encoded in multiple header
47
+ # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
48
+ header_hash = {
49
+ "X-Ops-Sign" => SIGNING_DESCRIPTION,
50
+ "X-Ops-Userid" => user_id,
51
+ "X-Ops-Timestamp" => canonical_time,
52
+ "X-Ops-Content-Hash" => hashed_body,
53
+ }
54
+
55
+ string_to_sign = canonicalize_request
56
+ signature = Base64.encode64(private_key.private_encrypt(string_to_sign)).chomp
57
+ signature_lines = signature.split(/\n/)
58
+ signature_lines.each_index do |idx|
59
+ key = "X-Ops-Authorization-#{idx + 1}"
60
+ header_hash[key] = signature_lines[idx]
61
+ end
62
+
63
+ Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'\nHeader hash: #{header_hash.inspect}"
64
+
65
+ header_hash
66
+ end
67
+
68
+ # Build the canonicalized time based on utc & iso8601
69
+ #
70
+ # ====Parameters
71
+ #
72
+ def canonical_time
73
+ Time.parse(timestamp).utc.iso8601
74
+ end
75
+
76
+ # Build the canonicalized path, which collapses multiple slashes (/) and
77
+ # removes a trailing slash unless the path is only "/"
78
+ #
79
+ # ====Parameters
80
+ #
81
+ def canonical_path
82
+ p = path.gsub(/\/+/,'/')
83
+ p.length > 1 ? p.chomp('/') : p
84
+ end
85
+
86
+ def hashed_body
87
+ @hashed_body ||= self.file ? digester.hash_file(self.file) : digester.hash_string(self.body)
88
+ end
89
+
90
+ # Takes HTTP request method & headers and creates a canonical form
91
+ # to create the signature
92
+ #
93
+ # ====Parameters
94
+ #
95
+ #
96
+ def canonicalize_request
97
+ "Method:#{http_method.to_s.upcase}\nHashed Path:#{digester.hash_string(canonical_path)}\nX-Ops-Content-Hash:#{hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}"
98
+ end
99
+
100
+ # Parses signature version information, algorithm used, etc.
101
+ #
102
+ # ====Parameters
103
+ #
104
+ def parse_signing_description
105
+ parts = @signing_description.strip.split(";").inject({ }) do |memo, part|
106
+ field_name, field_value = part.split("=")
107
+ memo[field_name.to_sym] = field_value.strip
108
+ memo
109
+ end
110
+ Mixlib::Authentication::Log.debug "Parsed signing description: #{parts.inspect}"
111
+ end
112
+
113
+ def digester
114
+ Mixlib::Authentication::Digester
115
+ end
116
+
117
+ private :canonical_time, :canonical_path, :parse_signing_description, :digester
118
+
119
+ end
120
+ end
121
+ end
@@ -0,0 +1,317 @@
1
+ #
2
+ # Author:: Tim Hinderliter (<tim@opscode.com>)
3
+ # Author:: Christopher Walters (<cw@opscode.com>)
4
+ # Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
5
+ # License:: Apache License, Version 2.0
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ $:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..", "lib")) # lib in mixlib-authentication
21
+ $:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "..", "..", "mixlib-log", "lib")) # mixlib-log/log
22
+
23
+ require 'rubygems'
24
+
25
+ require 'ostruct'
26
+ require 'openssl'
27
+ require 'mixlib/authentication/signatureverification'
28
+ require 'time'
29
+
30
+ # TODO: should make these regular spec-based mock objects.
31
+ class MockRequest
32
+ attr_accessor :env, :params, :path, :raw_post
33
+
34
+ def initialize(path, params, headers, raw_post)
35
+ @path = path
36
+ @params = params
37
+ @env = headers
38
+ @raw_post = raw_post
39
+ end
40
+
41
+ def method
42
+ "POST"
43
+ end
44
+ end
45
+
46
+ class MockFile
47
+ def initialize
48
+ @have_read = nil
49
+ end
50
+
51
+ def self.length
52
+ BODY.length
53
+ end
54
+
55
+ def read(len, out_str)
56
+ if @have_read.nil?
57
+ @have_read = 1
58
+ out_str[0..-1] = BODY
59
+ BODY
60
+ else
61
+ nil
62
+ end
63
+ end
64
+ end
65
+
66
+ # Uncomment this to get some more info from the methods we're testing.
67
+ #Mixlib::Authentication::Log.level :debug
68
+
69
+ describe "Mixlib::Authentication::SignedHeaderAuth" do
70
+ it "should generate the correct string to sign and signature" do
71
+ # fix the timestamp, private key and body so we get the same answer back
72
+ # every time.
73
+ args = {
74
+ :body => BODY,
75
+ :user_id => USER_ID,
76
+ :http_method => :post,
77
+ :timestamp => TIMESTAMP_ISO8601, # fixed timestamp so we get back the same answer each time.
78
+ :file => MockFile.new,
79
+ :path => PATH,
80
+ }
81
+
82
+ private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
83
+
84
+ signing_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(args)
85
+
86
+ expected_string_to_sign = <<EOS
87
+ Method:POST
88
+ Hashed Path:#{HASHED_CANONICAL_PATH}
89
+ X-Ops-Content-Hash:#{HASHED_BODY}
90
+ X-Ops-Timestamp:#{TIMESTAMP_ISO8601}
91
+ X-Ops-UserId:#{USER_ID}
92
+ EOS
93
+ signing_obj.canonicalize_request.should == expected_string_to_sign.chomp
94
+
95
+ # If you need to regenerate the constants in this test spec, print out
96
+ # the results of res.inspect and copy them as appropriate into the
97
+ # the constants in this file.
98
+ res = signing_obj.sign(private_key)
99
+ #$stderr.puts "res.inspect = #{res.inspect}"
100
+ res.should == EXPECTED_SIGN_RESULT
101
+ end
102
+
103
+ it "should not choke when signing a request for a resource with a long name" do
104
+ args = {
105
+ :body => BODY,
106
+ :user_id => USER_ID,
107
+ :http_method => :put,
108
+ :timestamp => TIMESTAMP_ISO8601, # fixed timestamp so we get back the same answer each time.
109
+ :file => MockFile.new,
110
+ :path => PATH + "/nodes/#{"A" * 100}"}
111
+
112
+ private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
113
+
114
+ signing_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(args)
115
+
116
+ lambda { signing_obj.sign(private_key) }.should_not raise_error
117
+ end
118
+ end
119
+
120
+ describe "Mixlib::Authentication::SignatureVerification" do
121
+
122
+ before(:each) do
123
+ @user_private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
124
+ end
125
+
126
+ it "should authenticate a File-containing request - Merb" do
127
+ request_params = MERB_REQUEST_PARAMS.clone
128
+ request_params["file"] =
129
+ { "size"=>MockFile.length, "content_type"=>"application/octet-stream", "filename"=>"zsh.tar.gz", "tempfile"=>MockFile.new }
130
+
131
+ mock_request = MockRequest.new(PATH, request_params, MERB_HEADERS, "")
132
+ Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
133
+
134
+ service = Mixlib::Authentication::SignatureVerification.new
135
+ res = service.authenticate_user_request(mock_request, @user_private_key)
136
+ res.should_not be_nil
137
+ end
138
+
139
+ it "should authenticate a normal (post body) request - Merb" do
140
+ mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS, BODY)
141
+ Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
142
+
143
+ service = Mixlib::Authentication::SignatureVerification.new
144
+ res = service.authenticate_user_request(mock_request, @user_private_key)
145
+ res.should_not be_nil
146
+ end
147
+
148
+ it "should authenticate a File-containing request - Passenger" do
149
+ request_params = PASSENGER_REQUEST_PARAMS.clone
150
+ request_params["tarball"] = MockFile.new
151
+
152
+ mock_request = MockRequest.new(PATH, request_params, PASSENGER_HEADERS, "")
153
+ Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
154
+
155
+ service = Mixlib::Authentication::SignatureVerification.new
156
+ res = service.authenticate_user_request(mock_request, @user_private_key)
157
+ res.should_not be_nil
158
+ end
159
+
160
+ it "shouldn't authenticate if Authorization header is wrong" do
161
+ headers = MERB_HEADERS.clone
162
+ headers["HTTP_X_OPS_CONTENT_HASH"] += "_"
163
+
164
+ mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY)
165
+ Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
166
+
167
+ service = Mixlib::Authentication::SignatureVerification.new
168
+ res = service.authenticate_user_request(mock_request, @user_private_key)
169
+ res.should be_nil
170
+ end
171
+
172
+ end
173
+
174
+ USER_ID = "spec-user"
175
+ BODY = "Spec Body"
176
+ HASHED_BODY = "DFteJZPVv6WKdQmMqZUQUumUyRs=" # Base64.encode64(Digest::SHA1.digest("Spec Body")).chomp
177
+ TIMESTAMP_ISO8601 = "2009-01-01T12:00:00Z"
178
+ TIMESTAMP_OBJ = Time.parse("Thu Jan 01 12:00:00 -0000 2009")
179
+ PATH = "/organizations/clownco"
180
+ HASHED_CANONICAL_PATH = "YtBWDn1blGGuFIuKksdwXzHU9oE=" # Base64.encode64(Digest::SHA1.digest("/organizations/clownco")).chomp
181
+
182
+ REQUESTING_ACTOR_ID = "c0f8a68c52bffa1020222a56b23cccfa"
183
+
184
+ # Content hash is ???TODO
185
+ X_OPS_CONTENT_HASH = "DFteJZPVv6WKdQmMqZUQUumUyRs="
186
+ X_OPS_AUTHORIZATION_LINES = [
187
+ "jVHrNniWzpbez/eGWjFnO6lINRIuKOg40ZTIQudcFe47Z9e/HvrszfVXlKG4",
188
+ "NMzYZgyooSvU85qkIUmKuCqgG2AIlvYa2Q/2ctrMhoaHhLOCWWoqYNMaEqPc",
189
+ "3tKHE+CfvP+WuPdWk4jv4wpIkAz6ZLxToxcGhXmZbXpk56YTmqgBW2cbbw4O",
190
+ "IWPZDHSiPcw//AYNgW1CCDptt+UFuaFYbtqZegcBd2n/jzcWODA7zL4KWEUy",
191
+ "9q4rlh/+1tBReg60QdsmDRsw/cdO1GZrKtuCwbuD4+nbRdVBKv72rqHX9cu0",
192
+ "utju9jzczCyB+sSAQWrxSsXB/b8vV2qs0l4VD2ML+w=="
193
+ ]
194
+
195
+ # We expect Mixlib::Authentication::SignedHeaderAuth#sign to return this
196
+ # if passed the BODY above.
197
+ EXPECTED_SIGN_RESULT = {
198
+ "X-Ops-Content-Hash"=>X_OPS_CONTENT_HASH,
199
+ "X-Ops-Userid"=>USER_ID,
200
+ "X-Ops-Sign"=>"version=1.0",
201
+ "X-Ops-Authorization-1"=>X_OPS_AUTHORIZATION_LINES[0],
202
+ "X-Ops-Authorization-2"=>X_OPS_AUTHORIZATION_LINES[1],
203
+ "X-Ops-Authorization-3"=>X_OPS_AUTHORIZATION_LINES[2],
204
+ "X-Ops-Authorization-4"=>X_OPS_AUTHORIZATION_LINES[3],
205
+ "X-Ops-Authorization-5"=>X_OPS_AUTHORIZATION_LINES[4],
206
+ "X-Ops-Authorization-6"=>X_OPS_AUTHORIZATION_LINES[5],
207
+ "X-Ops-Timestamp"=>TIMESTAMP_ISO8601
208
+ }
209
+
210
+ # This is what will be in request.params for the Merb case.
211
+ MERB_REQUEST_PARAMS = {
212
+ "name"=>"zsh", "action"=>"create", "controller"=>"chef_server_api/cookbooks",
213
+ "organization_id"=>"local-test-org", "requesting_actor_id"=>REQUESTING_ACTOR_ID,
214
+ }
215
+
216
+ # Tis is what will be in request.env for the Merb case.
217
+ MERB_HEADERS = {
218
+ # These are used by signatureverification. An arbitrary sampling of non-HTTP_*
219
+ # headers are in here to exercise that code path.
220
+ "HTTP_HOST"=>"127.0.0.1",
221
+ "HTTP_X_OPS_SIGN"=>"version=1.0",
222
+ "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
223
+ "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
224
+ "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
225
+ "HTTP_X_OPS_USERID"=>USER_ID,
226
+ "HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
227
+ "HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
228
+ "HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
229
+ "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
230
+ "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
231
+ "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
232
+
233
+ # Random sampling
234
+ "REMOTE_ADDR"=>"127.0.0.1",
235
+ "PATH_INFO"=>"/organizations/local-test-org/cookbooks",
236
+ "REQUEST_PATH"=>"/organizations/local-test-org/cookbooks",
237
+ "CONTENT_TYPE"=>"multipart/form-data; boundary=----RubyMultipartClient6792ZZZZZ",
238
+ "CONTENT_LENGTH"=>"394",
239
+ }
240
+
241
+ PASSENGER_REQUEST_PARAMS = {
242
+ "action"=>"create",
243
+ #"tarball"=>#<File:/tmp/RackMultipart20091120-25570-mgq2sa-0>,
244
+ "controller"=>"api/v1/cookbooks",
245
+ "cookbook"=>"{\"category\":\"databases\"}",
246
+ }
247
+
248
+ PASSENGER_HEADERS = {
249
+ # These are used by signatureverification. An arbitrary sampling of non-HTTP_*
250
+ # headers are in here to exercise that code path.
251
+ "HTTP_HOST"=>"127.0.0.1",
252
+ "HTTP_X_OPS_SIGN"=>"version=1.0",
253
+ "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
254
+ "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
255
+ "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
256
+ "HTTP_X_OPS_USERID"=>USER_ID,
257
+ "HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
258
+ "HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
259
+ "HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
260
+ "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
261
+ "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
262
+ "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
263
+
264
+ # Random set of other headers to exercirse the non- HTTP_ code path
265
+ "HTTP_ACCEPT"=>"application/json",
266
+ "SERVER_SOFTWARE"=>"Apache",
267
+ "SCRIPT_URI"=>"http://com-stg.opscode.com/api/v1/cookbooks",
268
+ "SCRIPT_NAME"=>"",
269
+ "SERVER_ADDR"=>"10.242.197.174",
270
+ "SERVER_NAME"=>"com-stg.opscode.com",
271
+ "DOCUMENT_ROOT"=>"/srv/opscode-community/current/public",
272
+ }
273
+
274
+ # generated with
275
+ # openssl genrsa -out private.pem 2048
276
+ # openssl rsa -in private.pem -out public.pem -pubout
277
+ PUBLIC_KEY = <<EOS
278
+ -----BEGIN PUBLIC KEY-----
279
+ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ueqo76MXuP6XqZBILFz
280
+ iH/9AI7C6PaN5W0dSvkr9yInyGHSz/IR1+4tqvP2qlfKVKI4CP6BFH251Ft9qMUB
281
+ uAsnlAVQ1z0exDtIFFOyQCdR7iXmjBIWMSS4buBwRQXwDK7id1OxtU23qVJv+xwE
282
+ V0IzaaSJmaGLIbvRBD+qatfUuQJBMU/04DdJIwvLtZBYdC2219m5dUBQaa4bimL+
283
+ YN9EcsDzD9h9UxQo5ReK7b3cNMzJBKJWLzFBcJuePMzAnLFktr/RufX4wpXe6XJx
284
+ oVPaHo72GorLkwnQ0HYMTY8rehT4mDi1FI969LHCFFaFHSAaRnwdXaQkJmSfcxzC
285
+ YQIDAQAB
286
+ -----END PUBLIC KEY-----
287
+ EOS
288
+
289
+ PRIVATE_KEY = <<EOS
290
+ -----BEGIN RSA PRIVATE KEY-----
291
+ MIIEpAIBAAKCAQEA0ueqo76MXuP6XqZBILFziH/9AI7C6PaN5W0dSvkr9yInyGHS
292
+ z/IR1+4tqvP2qlfKVKI4CP6BFH251Ft9qMUBuAsnlAVQ1z0exDtIFFOyQCdR7iXm
293
+ jBIWMSS4buBwRQXwDK7id1OxtU23qVJv+xwEV0IzaaSJmaGLIbvRBD+qatfUuQJB
294
+ MU/04DdJIwvLtZBYdC2219m5dUBQaa4bimL+YN9EcsDzD9h9UxQo5ReK7b3cNMzJ
295
+ BKJWLzFBcJuePMzAnLFktr/RufX4wpXe6XJxoVPaHo72GorLkwnQ0HYMTY8rehT4
296
+ mDi1FI969LHCFFaFHSAaRnwdXaQkJmSfcxzCYQIDAQABAoIBAQCW3I4sKN5B9jOe
297
+ xq/pkeWBq4OvhW8Ys1yW0zFT8t6nHbB1XrwscQygd8gE9BPqj3e0iIEqtdphbPmj
298
+ VHqTYbC0FI6QDClifV7noTwTBjeIOlgZ0NSUN0/WgVzIOxUz2mZ2vBZUovKILPqG
299
+ TOi7J7RXMoySMdcXpP1f+PgvYNcnKsT72UcWaSXEV8/zo+Zm/qdGPVWwJonri5Mp
300
+ DVm5EQSENBiRyt028rU6ElXORNmoQpVjDVqZ1gipzXkifdjGyENw2rt4V/iKYD7V
301
+ 5iqXOsvP6Cemf4gbrjunAgDG08S00kiUgvVWcdXW+dlsR2nCvH4DOEe3AYYh/aH8
302
+ DxEE7FbtAoGBAPcNO8fJ56mNw0ow4Qg38C+Zss/afhBOCfX4O/SZKv/roRn5+gRM
303
+ KRJYSVXNnsjPI1plzqR4OCyOrjAhtuvL4a0DinDzf1+fiztyNohwYsW1vYmqn3ti
304
+ EN0GhSgE7ppZjqvLQ3f3LUTxynhA0U+k9wflb4irIlViTUlCsOPkrNJDAoGBANqL
305
+ Q+vvuGSsmRLU/Cenjy+Mjj6+QENg51dz34o8JKuVKIPKU8pNnyeLa5fat0qD2MHm
306
+ OB9opeQOcw0dStodxr6DB3wi83bpjeU6BWUGITNiWEaZEBrQ0aiqNJJKrrHm8fAZ
307
+ 9o4l4oHc4hI0kYVYYDuxtKuVJrzZiEapTwoOcYiLAoGBAI/EWbeIHZIj9zOjgjEA
308
+ LHvm25HtulLOtyk2jd1njQhlHNk7CW2azIPqcLLH99EwCYi/miNH+pijZ2aHGCXb
309
+ /bZrSxM0ADmrZKDxdB6uGCyp+GS2sBxjEyEsfCyvwhJ8b3Q100tqwiNO+d5FCglp
310
+ HICx2dgUjuRVUliBwOK93nx1AoGAUI8RhIEjOYkeDAESyhNMBr0LGjnLOosX+/as
311
+ qiotYkpjWuFULbibOFp+WMW41vDvD9qrSXir3fstkeIAW5KqVkO6mJnRoT3Knnra
312
+ zjiKOITCAZQeiaP8BO5o3pxE9TMqb9VCO3ffnPstIoTaN4syPg7tiGo8k1SklVeH
313
+ 2S8lzq0CgYAKG2fljIYWQvGH628rp4ZcXS4hWmYohOxsnl1YrszbJ+hzR+IQOhGl
314
+ YlkUQYXhy9JixmUUKtH+NXkKX7Lyc8XYw5ETr7JBT3ifs+G7HruDjVG78EJVojbd
315
+ 8uLA+DdQm5mg4vd1GTiSK65q/3EeoBlUaVor3HhLFki+i9qpT8CBsg==
316
+ -----END RSA PRIVATE KEY-----
317
+ EOS
data/spec/spec.opts ADDED
@@ -0,0 +1,4 @@
1
+ --colour
2
+ --format specdoc
3
+ --loadby mtime
4
+ --reverse
metadata ADDED
@@ -0,0 +1,84 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: mixlib-authentication
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 1
7
+ - 1
8
+ - 0
9
+ version: 1.1.0
10
+ platform: ruby
11
+ authors:
12
+ - Opscode, Inc.
13
+ autorequire: mixlib-authentication
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2010-02-28 00:00:00 -08:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ name: mixlib-log
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ segments:
28
+ - 0
29
+ version: "0"
30
+ type: :runtime
31
+ version_requirements: *id001
32
+ description: Mixes in simple per-request authentication
33
+ email: info@opscode.com
34
+ executables: []
35
+
36
+ extensions: []
37
+
38
+ extra_rdoc_files:
39
+ - README.rdoc
40
+ - LICENSE
41
+ - NOTICE
42
+ files:
43
+ - LICENSE
44
+ - README.rdoc
45
+ - Rakefile
46
+ - NOTICE
47
+ - lib/mixlib/authentication/digester.rb
48
+ - lib/mixlib/authentication/signatureverification.rb
49
+ - lib/mixlib/authentication/signedheaderauth.rb
50
+ - lib/mixlib/authentication.rb
51
+ - spec/mixlib/authentication/mixlib_authentication_spec.rb
52
+ - spec/spec.opts
53
+ has_rdoc: true
54
+ homepage: http://www.opscode.com
55
+ licenses: []
56
+
57
+ post_install_message:
58
+ rdoc_options: []
59
+
60
+ require_paths:
61
+ - lib
62
+ required_ruby_version: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ segments:
67
+ - 0
68
+ version: "0"
69
+ required_rubygems_version: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - ">="
72
+ - !ruby/object:Gem::Version
73
+ segments:
74
+ - 0
75
+ version: "0"
76
+ requirements: []
77
+
78
+ rubyforge_project:
79
+ rubygems_version: 1.3.6
80
+ signing_key:
81
+ specification_version: 3
82
+ summary: Mixes in simple per-request authentication
83
+ test_files: []
84
+