mixlib-authentication 1.1.4 → 1.3.0.beta.0

data/README.rdoc

@@ -20,4 +20,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
+== Issue Tracker
 
+Report any issues via Opscode Jira instance at http://tickets.opscode.com against Chef project.

data/Rakefile

@@ -2,45 +2,27 @@ require 'rubygems'
 require 'rake/gempackagetask'
 require 'rubygems/specification'
 require 'date'
-require 'spec/rake/spectask'
+require 'rspec/core/rake_task'
 
 GEM = "mixlib-authentication"
-GEM_VERSION = "1.1.4"
+GEM_VERSION = "1.2.1"
 AUTHOR = "Opscode, Inc."
 EMAIL = "info@opscode.com"
 HOMEPAGE = "http://www.opscode.com"
 SUMMARY = "Mixes in simple per-request authentication"
 
-spec = Gem::Specification.new do |s|
-  s.name = GEM
-  s.version = GEM_VERSION
-  s.platform = Gem::Platform::RUBY
-  s.has_rdoc = true
-  s.extra_rdoc_files = ["README.rdoc", "LICENSE", 'NOTICE']
-  s.summary = SUMMARY
-  s.description = s.summary
-  s.author = AUTHOR
-  s.email = EMAIL
-  s.homepage = HOMEPAGE
-  
-  # Uncomment this to add a dependency
-  s.add_dependency "mixlib-log"
-  
-  s.require_path = 'lib'
-  s.autorequire = GEM
-  s.files = %w(LICENSE README.rdoc Rakefile NOTICE) + Dir.glob("{lib,spec,features}/**/*")
-end
-
 task :default => :spec
 
 desc "Run specs"
-Spec::Rake::SpecTask.new do |t|
-  t.spec_files = FileList['spec/**/*_spec.rb']
-  t.spec_opts = %w(-fs --color)
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = 'spec/**/*_spec.rb'
+  t.rspec_opts = %w(-fs --color)
 end
 
-Rake::GemPackageTask.new(spec) do |pkg|
-  pkg.gem_spec = spec
+gem_spec = eval(File.read("mixlib-authentication.gemspec"))
+
+Rake::GemPackageTask.new(gem_spec) do |pkg|
+  pkg.gem_spec = gem_spec
 end
 
 desc "install the gem locally"

data/lib/mixlib/authentication/signatureverification.rb

@@ -34,7 +34,7 @@ module Mixlib
 
       def_delegator :@auth_request, :path
 
-      def_delegator :auth_request, :signing_description
+      def_delegator :@auth_request, :signing_description
 
       def_delegator :@auth_request, :user_id
 
@@ -50,8 +50,6 @@ module Mixlib
 
       include Mixlib::Authentication::SignedHeaderAuth
 
-      attr_reader :auth_request
-
       def initialize(request=nil)
         @auth_request = HTTPAuthenticationRequest.new(request) if request
 
@@ -65,12 +63,13 @@ module Mixlib
         @auth_request = HTTPAuthenticationRequest.new(request)
         authenticate_request(user_lookup, time_skew)
       end
+
       # Takes the request, boils down the pieces we are interested in,
       # looks up the user, generates a signature, and compares to
       # the signature in the request
       # ====Headers
       #
-      # X-Ops-Sign: algorithm=sha256;version=1.0;
+      # X-Ops-Sign: algorithm=sha1;version=1.0;
       # X-Ops-UserId: <user_id>
       # X-Ops-Timestamp:
       # X-Ops-Content-Hash: 
@@ -82,12 +81,13 @@ module Mixlib
         @allowed_time_skew = time_skew # in seconds
 
         begin
-          @auth_request
-          
-          #BUGBUG Not doing anything with the signing description yet [cb]          
-          parse_signing_description
+          parts = parse_signing_description
+
+          # version 1.0 clients don't include their algorithm in the
+          # signing description, so default to sha1
+          parts[:algorithm] ||= 'sha1'
 
-          verify_signature
+          verify_signature(parts[:algorithm], parts[:version])
           verify_timestamp
           verify_content_hash
 
@@ -136,8 +136,8 @@ module Mixlib
         end
       end
 
-      def verify_signature
-        candidate_block = canonicalize_request
+      def verify_signature(algorithm, version)
+        candidate_block = canonicalize_request(algorithm, version)
         request_decrypted_block = @user_secret.public_decrypt(Base64.decode64(request_signature))
         @valid_signature = (request_decrypted_block == candidate_block)
 

data/lib/mixlib/authentication/signedheaderauth.rb

@@ -27,8 +27,9 @@ module Mixlib
   module Authentication
 
     module SignedHeaderAuth
-      
-      SIGNING_DESCRIPTION = 'version=1.0'
+
+      SUPPORTED_ALGORITHMS = ['sha1']
+      SUPPORTED_VERSIONS = ['1.0', '1.1']
 
       # This is a module meant to be mixed in but can be used standalone
       # with the simple OpenStruct extended with the auth functions
@@ -42,17 +43,17 @@ module Mixlib
       # compute the signature from the request, using the looked-up user secret
       # ====Parameters
       # private_key<OpenSSL::PKey::RSA>:: user's RSA private key.
-      def sign(private_key)
+      def sign(private_key, algorithm='sha1', version='1.1')
         # Our multiline hash for authorization will be encoded in multiple header
         # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
         header_hash = {
-          "X-Ops-Sign" => SIGNING_DESCRIPTION,
+          "X-Ops-Sign" => "algorithm=#{algorithm};version=#{version};",
           "X-Ops-Userid" => user_id,
           "X-Ops-Timestamp" => canonical_time,
           "X-Ops-Content-Hash" => hashed_body,
         }
 
-        string_to_sign = canonicalize_request
+        string_to_sign = canonicalize_request(algorithm, version)
         signature = Base64.encode64(private_key.private_encrypt(string_to_sign)).chomp
         signature_lines = signature.split(/\n/)
         signature_lines.each_index do |idx|
@@ -98,8 +99,18 @@ module Mixlib
       # ====Parameters
       # 
       # 
-      def canonicalize_request
-        "Method:#{http_method.to_s.upcase}\nHashed Path:#{digester.hash_string(canonical_path)}\nX-Ops-Content-Hash:#{hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{user_id}"
+      def canonicalize_request(algorithm='sha1', version='1.1')
+        raise AuthenticationError, "Bad algorithm '#{algorithm}' or version '#{version}'" unless SUPPORTED_ALGORITHMS.include?(algorithm) && SUPPORTED_VERSIONS.include?(version)
+
+        canonical_x_ops_user_id = case 
+                                  when version == "1.1"
+                                    digester.hash_string(user_id)
+                                  when version == "1.0"
+                                    user_id
+                                  else
+                                    user_id
+                                  end
+        "Method:#{http_method.to_s.upcase}\nHashed Path:#{digester.hash_string(canonical_path)}\nX-Ops-Content-Hash:#{hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{canonical_x_ops_user_id}"
       end
       
       # Parses signature version information, algorithm used, etc.
@@ -113,6 +124,7 @@ module Mixlib
           memo
         end
         Mixlib::Authentication::Log.debug "Parsed signing description: #{parts.inspect}"
+        parts
       end
       
       def digester

data/spec/mixlib/authentication/http_authentication_request_spec.rb

@@ -82,8 +82,7 @@ describe Mixlib::Authentication::HTTPAuthenticationRequest do
   it "raises an error when not all required headers are given" do
     @merb_headers.delete("HTTP_X_OPS_SIGN")
     exception = Mixlib::Authentication::MissingAuthenticationHeader
-    auth_req = Mixlib::Authentication::HTTPAuthenticationRequest.new(@request)
-    lambda {auth_req.validate_headers!}.should raise_error(exception)
+    lambda{ Mixlib::Authentication::HTTPAuthenticationRequest.new(@request) }.should raise_error(exception)
   end
 
   it "extracts the path from the request" do
@@ -126,4 +125,4 @@ SIG
     @http_authentication_request.request_signature.should == expected.chomp
   end
 
-end
+end

data/spec/mixlib/authentication/mixlib_authentication_spec.rb

@@ -1,6 +1,7 @@
 #
 # Author:: Tim Hinderliter (<tim@opscode.com>)
 # Author:: Christopher Walters (<cw@opscode.com>)
+# Author:: Christopher Brown (<cb@opscode.com>)
 # Copyright:: Copyright (c) 2009, 2010 Opscode, Inc.
 # License:: Apache License, Version 2.0
 #
@@ -66,60 +67,51 @@ end
 #Mixlib::Authentication::Log.level :debug
 
 describe "Mixlib::Authentication::SignedHeaderAuth" do
-  it "should generate the correct string to sign and signature" do
-    # fix the timestamp, private key and body so we get the same answer back
-    # every time.
-    args = {
-      :body => BODY, 
-      :user_id => USER_ID,
-      :http_method => :post,
-      :timestamp => TIMESTAMP_ISO8601,    # fixed timestamp so we get back the same answer each time.
-      :file => MockFile.new,
-      :path => PATH,
-    }
-
-    private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
+
+  it "should generate the correct string to sign and signature, version 1.0" do
       
-    signing_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(args)
-    
-    expected_string_to_sign = <<EOS
-Method:POST
-Hashed Path:#{HASHED_CANONICAL_PATH}
-X-Ops-Content-Hash:#{HASHED_BODY}
-X-Ops-Timestamp:#{TIMESTAMP_ISO8601}
-X-Ops-UserId:#{USER_ID}
-EOS
-    signing_obj.canonicalize_request.should == expected_string_to_sign.chomp
+    algorithm = 'sha1'
+    version = '1.0'
+    V1_0_SIGNING_OBJECT.canonicalize_request(algorithm, version).should == V1_0_CANONICAL_REQUEST
 
     # If you need to regenerate the constants in this test spec, print out
     # the results of res.inspect and copy them as appropriate into the 
     # the constants in this file.
-    res = signing_obj.sign(private_key)
-    #$stderr.puts "res.inspect = #{res.inspect}"
-    res.should == EXPECTED_SIGN_RESULT
+    V1_0_SIGNING_OBJECT.sign(PRIVATE_KEY, algorithm, version).should == EXPECTED_SIGN_RESULT_V1_0
   end
 
-  it "should not choke when signing a request for a resource with a long name" do
-    args = {
-      :body => BODY, 
-      :user_id => USER_ID,
-      :http_method => :put,
-      :timestamp => TIMESTAMP_ISO8601,    # fixed timestamp so we get back the same answer each time.
-      :file => MockFile.new,
-      :path => PATH + "/nodes/#{"A" * 100}"}
+  it "should generate the correct string to sign and signature, version 1.1" do
 
-    private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
-      
-    signing_obj = Mixlib::Authentication::SignedHeaderAuth.signing_object(args)
-    
-    lambda { signing_obj.sign(private_key) }.should_not raise_error
+    V1_1_SIGNING_OBJECT.canonicalize_request.should == V1_1_CANONICAL_REQUEST
+
+    # If you need to regenerate the constants in this test spec, print out
+    # the results of res.inspect and copy them as appropriate into the 
+    # the constants in this file.
+    V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY).should == EXPECTED_SIGN_RESULT_V1_1
   end
+
+  it "should not choke when signing a request for a long user id with version 1.1" do
+    lambda { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, 'sha1', '1.1') }.should_not raise_error
+  end
+
+  it "should choke when signing a request for a long user id with version 1.0" do
+    lambda { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, 'sha1', '1.0') }.should raise_error
+  end
+
+  it "should choke when signing a request with a bad version" do
+    lambda { V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, 'sha1', 'poo') }.should raise_error
+  end
+
+  it "should choke when signing a request with a bad algorithm" do
+    lambda { V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, 'sha_poo', '1.1') }.should raise_error
+  end
+
 end
 
 describe "Mixlib::Authentication::SignatureVerification" do
   
   before(:each) do
-    @user_private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
+    @user_private_key = PRIVATE_KEY
   end
 
   it "should authenticate a File-containing request - Merb" do
@@ -127,7 +119,7 @@ describe "Mixlib::Authentication::SignatureVerification" do
     request_params["file"] =
       { "size"=>MockFile.length, "content_type"=>"application/octet-stream", "filename"=>"zsh.tar.gz", "tempfile"=>MockFile.new }
 
-    mock_request = MockRequest.new(PATH, request_params, MERB_HEADERS, "")
+    mock_request = MockRequest.new(PATH, request_params, MERB_HEADERS_V1_1, "")
     Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
 
     service = Mixlib::Authentication::SignatureVerification.new
@@ -135,8 +127,20 @@ describe "Mixlib::Authentication::SignatureVerification" do
     res.should_not be_nil
   end
 
+  it "should authenticate a File-containing request from a v1.0 client - Passenger" do
+    request_params = PASSENGER_REQUEST_PARAMS.clone
+    request_params["tarball"] = MockFile.new
+
+    mock_request = MockRequest.new(PATH, request_params, PASSENGER_HEADERS_V1_0, "")
+    Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
+
+    auth_req = Mixlib::Authentication::SignatureVerification.new
+    res = auth_req.authenticate_user_request(mock_request, @user_private_key)
+    res.should_not be_nil
+  end
+
   it "should authenticate a normal (post body) request - Merb" do
-    mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS, BODY)
+    mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS_V1_1, BODY)
     Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
 
     service = Mixlib::Authentication::SignatureVerification.new
@@ -144,20 +148,17 @@ describe "Mixlib::Authentication::SignatureVerification" do
     res.should_not be_nil
   end
 
-  it "should authenticate a File-containing request - Passenger" do
-    request_params = PASSENGER_REQUEST_PARAMS.clone
-    request_params["tarball"] = MockFile.new
-
-    mock_request = MockRequest.new(PATH, request_params, PASSENGER_HEADERS, "")
+  it "should authenticate a normal (post body) request from a v1.0 client - Merb" do
+    mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS_V1_0, BODY)
     Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
 
-    auth_req = Mixlib::Authentication::SignatureVerification.new
-    res = auth_req.authenticate_user_request(mock_request, @user_private_key)
+    service = Mixlib::Authentication::SignatureVerification.new
+    res = service.authenticate_user_request(mock_request, @user_private_key)
     res.should_not be_nil
   end
 
   it "shouldn't authenticate if an Authorization header is missing" do
-    headers = MERB_HEADERS.clone
+    headers = MERB_HEADERS_V1_1.clone
     headers.delete("HTTP_X_OPS_SIGN")
 
     mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY)
@@ -174,7 +175,7 @@ describe "Mixlib::Authentication::SignatureVerification" do
 
 
   it "shouldn't authenticate if Authorization header is wrong" do
-    headers = MERB_HEADERS.clone
+    headers = MERB_HEADERS_V1_1.clone
     headers["HTTP_X_OPS_CONTENT_HASH"] += "_"
 
     mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY)
@@ -191,7 +192,7 @@ describe "Mixlib::Authentication::SignatureVerification" do
   end
 
   it "shouldn't authenticate if the timestamp is not within bounds" do
-    mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS, BODY)
+    mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, MERB_HEADERS_V1_1, BODY)
     Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ - 1000)
 
     auth_req = Mixlib::Authentication::SignatureVerification.new
@@ -204,7 +205,7 @@ describe "Mixlib::Authentication::SignatureVerification" do
   end
 
   it "shouldn't authenticate if the signature is wrong" do
-    headers =  MERB_HEADERS.dup
+    headers =  MERB_HEADERS_V1_1.dup
     headers["HTTP_X_OPS_AUTHORIZATION_1"] = "epicfail"
     mock_request = MockRequest.new(PATH, MERB_REQUEST_PARAMS, headers, BODY)
     Time.should_receive(:now).at_least(:once).and_return(TIMESTAMP_OBJ)
@@ -221,6 +222,7 @@ describe "Mixlib::Authentication::SignatureVerification" do
 end
 
 USER_ID = "spec-user"
+DIGESTED_USER_ID = Base64.encode64(Digest::SHA1.new.digest(USER_ID)).chomp
 BODY = "Spec Body"
 HASHED_BODY = "DFteJZPVv6WKdQmMqZUQUumUyRs=" # Base64.encode64(Digest::SHA1.digest("Spec Body")).chomp
 TIMESTAMP_ISO8601 = "2009-01-01T12:00:00Z"
@@ -228,25 +230,75 @@ TIMESTAMP_OBJ = Time.parse("Thu Jan 01 12:00:00 -0000 2009")
 PATH = "/organizations/clownco"
 HASHED_CANONICAL_PATH = "YtBWDn1blGGuFIuKksdwXzHU9oE=" # Base64.encode64(Digest::SHA1.digest("/organizations/clownco")).chomp
 
+V1_0_ARGS = {
+  :body => BODY, 
+  :user_id => USER_ID,
+  :http_method => :post,
+  :timestamp => TIMESTAMP_ISO8601,    # fixed timestamp so we get back the same answer each time.
+  :file => MockFile.new,
+  :path => PATH
+}
+
+V1_1_ARGS = {
+  :body => BODY, 
+  :user_id => USER_ID,
+  :http_method => :post,
+  :timestamp => TIMESTAMP_ISO8601,    # fixed timestamp so we get back the same answer each time.
+  :file => MockFile.new,
+  :path => PATH
+}
+
+LONG_PATH_LONG_USER_ARGS = {
+  :body => BODY, 
+  :user_id => "A" * 200,
+  :http_method => :put,
+  :timestamp => TIMESTAMP_ISO8601,    # fixed timestamp so we get back the same answer each time.
+  :file => MockFile.new,
+  :path => PATH + "/nodes/#{"A" * 250}"
+}
+
 REQUESTING_ACTOR_ID = "c0f8a68c52bffa1020222a56b23cccfa"
 
 # Content hash is ???TODO
 X_OPS_CONTENT_HASH = "DFteJZPVv6WKdQmMqZUQUumUyRs="
+X_OPS_AUTHORIZATION_LINES_V1_0 = [
+"jVHrNniWzpbez/eGWjFnO6lINRIuKOg40ZTIQudcFe47Z9e/HvrszfVXlKG4",
+"NMzYZgyooSvU85qkIUmKuCqgG2AIlvYa2Q/2ctrMhoaHhLOCWWoqYNMaEqPc", 
+"3tKHE+CfvP+WuPdWk4jv4wpIkAz6ZLxToxcGhXmZbXpk56YTmqgBW2cbbw4O", 
+"IWPZDHSiPcw//AYNgW1CCDptt+UFuaFYbtqZegcBd2n/jzcWODA7zL4KWEUy", 
+"9q4rlh/+1tBReg60QdsmDRsw/cdO1GZrKtuCwbuD4+nbRdVBKv72rqHX9cu0", 
+"utju9jzczCyB+sSAQWrxSsXB/b8vV2qs0l4VD2ML+w=="
+]
+
 X_OPS_AUTHORIZATION_LINES = [
-  "jVHrNniWzpbez/eGWjFnO6lINRIuKOg40ZTIQudcFe47Z9e/HvrszfVXlKG4",
-  "NMzYZgyooSvU85qkIUmKuCqgG2AIlvYa2Q/2ctrMhoaHhLOCWWoqYNMaEqPc",
-  "3tKHE+CfvP+WuPdWk4jv4wpIkAz6ZLxToxcGhXmZbXpk56YTmqgBW2cbbw4O",
-  "IWPZDHSiPcw//AYNgW1CCDptt+UFuaFYbtqZegcBd2n/jzcWODA7zL4KWEUy",
-  "9q4rlh/+1tBReg60QdsmDRsw/cdO1GZrKtuCwbuD4+nbRdVBKv72rqHX9cu0",
-  "utju9jzczCyB+sSAQWrxSsXB/b8vV2qs0l4VD2ML+w=="
+"UfZD9dRz6rFu6LbP5Mo1oNHcWYxpNIcUfFCffJS1FQa0GtfU/vkt3/O5HuCM",
+"1wIFl/U0f5faH9EWpXWY5NwKR031Myxcabw4t4ZLO69CIh/3qx1XnjcZvt2w",
+"c2R9bx/43IWA/r8w8Q6decuu0f6ZlNheJeJhaYPI8piX/aH+uHBH8zTACZu8",
+"vMnl5MF3/OIlsZc8cemq6eKYstp8a8KYq9OmkB5IXIX6qVMJHA6fRvQEB/7j",
+"281Q7oI/O+lE8AmVyBbwruPb7Mp6s4839eYiOdjbDwFjYtbS3XgAjrHlaD7W",
+"FDlbAG7H8Dmvo+wBxmtNkszhzbBnEYtuwQqT8nM/8A=="
 ]
 
 # We expect Mixlib::Authentication::SignedHeaderAuth#sign to return this
-# if passed the BODY above.
-EXPECTED_SIGN_RESULT = {
+# if passed the BODY above, based on version
+
+EXPECTED_SIGN_RESULT_V1_0 = {
+  "X-Ops-Content-Hash"=>X_OPS_CONTENT_HASH,
+  "X-Ops-Userid"=>USER_ID,
+  "X-Ops-Sign"=>"algorithm=sha1;version=1.0;",
+  "X-Ops-Authorization-1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0],
+  "X-Ops-Authorization-2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1],
+  "X-Ops-Authorization-3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2],
+  "X-Ops-Authorization-4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3],
+  "X-Ops-Authorization-5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4],
+  "X-Ops-Authorization-6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5],
+  "X-Ops-Timestamp"=>TIMESTAMP_ISO8601
+}
+
+EXPECTED_SIGN_RESULT_V1_1 = {
   "X-Ops-Content-Hash"=>X_OPS_CONTENT_HASH,
   "X-Ops-Userid"=>USER_ID,
-  "X-Ops-Sign"=>"version=1.0",
+  "X-Ops-Sign"=>"algorithm=sha1;version=1.1;",
   "X-Ops-Authorization-1"=>X_OPS_AUTHORIZATION_LINES[0],
   "X-Ops-Authorization-2"=>X_OPS_AUTHORIZATION_LINES[1],
   "X-Ops-Authorization-3"=>X_OPS_AUTHORIZATION_LINES[2],
@@ -256,6 +308,16 @@ EXPECTED_SIGN_RESULT = {
   "X-Ops-Timestamp"=>TIMESTAMP_ISO8601
 }
 
+OTHER_HEADERS = {
+  # An arbitrary sampling of non-HTTP_* headers are in here to
+  # exercise that code path.
+  "REMOTE_ADDR"=>"127.0.0.1", 
+  "PATH_INFO"=>"/organizations/local-test-org/cookbooks", 
+  "REQUEST_PATH"=>"/organizations/local-test-org/cookbooks", 
+  "CONTENT_TYPE"=>"multipart/form-data; boundary=----RubyMultipartClient6792ZZZZZ",
+  "CONTENT_LENGTH"=>"394", 
+}
+
 # This is what will be in request.params for the Merb case.
 MERB_REQUEST_PARAMS = {
   "name"=>"zsh", "action"=>"create", "controller"=>"chef_server_api/cookbooks", 
@@ -263,11 +325,10 @@ MERB_REQUEST_PARAMS = {
 }
 
 # Tis is what will be in request.env for the Merb case.
-MERB_HEADERS = {
-  # These are used by signatureverification. An arbitrary sampling of non-HTTP_*
-  # headers are in here to exercise that code path.
+MERB_HEADERS_V1_1 = {
+  # These are used by signatureverification.
   "HTTP_HOST"=>"127.0.0.1", 
-  "HTTP_X_OPS_SIGN"=>"version=1.0",
+  "HTTP_X_OPS_SIGN"=>"algorithm=sha1;version=1.1;",
   "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386", 
   "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601, 
   "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH, 
@@ -278,14 +339,24 @@ MERB_HEADERS = {
   "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3], 
   "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4], 
   "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5], 
+}.merge(OTHER_HEADERS)
 
-  # Random sampling
-  "REMOTE_ADDR"=>"127.0.0.1", 
-  "PATH_INFO"=>"/organizations/local-test-org/cookbooks", 
-  "REQUEST_PATH"=>"/organizations/local-test-org/cookbooks", 
-  "CONTENT_TYPE"=>"multipart/form-data; boundary=----RubyMultipartClient6792ZZZZZ",
-  "CONTENT_LENGTH"=>"394", 
-}
+# Tis is what will be in request.env for the Merb case.
+MERB_HEADERS_V1_0 = {
+  # These are used by signatureverification.
+  "HTTP_HOST"=>"127.0.0.1", 
+  "HTTP_X_OPS_SIGN"=>"version=1.0",
+  "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386", 
+  "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601, 
+  "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH, 
+  "HTTP_X_OPS_USERID"=>USER_ID, 
+  "HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0], 
+  "HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1], 
+  "HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2], 
+  "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3], 
+  "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4], 
+  "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5], 
+}.merge(OTHER_HEADERS)
 
 PASSENGER_REQUEST_PARAMS = {
   "action"=>"create",
@@ -294,11 +365,10 @@ PASSENGER_REQUEST_PARAMS = {
   "cookbook"=>"{\"category\":\"databases\"}",
 }
 
-PASSENGER_HEADERS = {
-  # These are used by signatureverification. An arbitrary sampling of non-HTTP_*
-  # headers are in here to exercise that code path.
+PASSENGER_HEADERS_V1_1 = {
+  # These are used by signatureverification.
   "HTTP_HOST"=>"127.0.0.1", 
-  "HTTP_X_OPS_SIGN"=>"version=1.0",
+  "HTTP_X_OPS_SIGN"=>"algorithm=sha1;version=1.1;",
   "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386", 
   "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601, 
   "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH, 
@@ -309,21 +379,28 @@ PASSENGER_HEADERS = {
   "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3], 
   "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4], 
   "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5], 
+}.merge(OTHER_HEADERS)
 
-  # Random set of other headers to exercirse the non- HTTP_ code path
-  "HTTP_ACCEPT"=>"application/json",
-  "SERVER_SOFTWARE"=>"Apache",
-  "SCRIPT_URI"=>"http://com-stg.opscode.com/api/v1/cookbooks",
-  "SCRIPT_NAME"=>"",
-  "SERVER_ADDR"=>"10.242.197.174",
-  "SERVER_NAME"=>"com-stg.opscode.com",
-  "DOCUMENT_ROOT"=>"/srv/opscode-community/current/public",
-}
+PASSENGER_HEADERS_V1_0 = {
+  # These are used by signatureverification.
+  "HTTP_HOST"=>"127.0.0.1", 
+  "HTTP_X_OPS_SIGN"=>"version=1.0",
+  "HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386", 
+  "HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601, 
+  "HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH, 
+  "HTTP_X_OPS_USERID"=>USER_ID, 
+  "HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0], 
+  "HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1], 
+  "HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2], 
+  "HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3], 
+  "HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4], 
+  "HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5], 
+}.merge(OTHER_HEADERS)
 
 # generated with
 #   openssl genrsa -out private.pem 2048
 #   openssl rsa -in private.pem -out public.pem -pubout
-PUBLIC_KEY = <<EOS
+PUBLIC_KEY_DATA = <<EOS
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ueqo76MXuP6XqZBILFz
 iH/9AI7C6PaN5W0dSvkr9yInyGHSz/IR1+4tqvP2qlfKVKI4CP6BFH251Ft9qMUB
@@ -335,7 +412,7 @@ YQIDAQAB
 -----END PUBLIC KEY-----
 EOS
 
-PRIVATE_KEY = <<EOS
+PRIVATE_KEY_DATA = <<EOS
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA0ueqo76MXuP6XqZBILFziH/9AI7C6PaN5W0dSvkr9yInyGHS
 z/IR1+4tqvP2qlfKVKI4CP6BFH251Ft9qMUBuAsnlAVQ1z0exDtIFFOyQCdR7iXm
@@ -364,3 +441,27 @@ YlkUQYXhy9JixmUUKtH+NXkKX7Lyc8XYw5ETr7JBT3ifs+G7HruDjVG78EJVojbd
 8uLA+DdQm5mg4vd1GTiSK65q/3EeoBlUaVor3HhLFki+i9qpT8CBsg==
 -----END RSA PRIVATE KEY-----
 EOS
+
+PRIVATE_KEY = OpenSSL::PKey::RSA.new(PRIVATE_KEY_DATA)
+
+V1_0_CANONICAL_REQUEST_DATA = <<EOS
+Method:POST
+Hashed Path:#{HASHED_CANONICAL_PATH}
+X-Ops-Content-Hash:#{HASHED_BODY}
+X-Ops-Timestamp:#{TIMESTAMP_ISO8601}
+X-Ops-UserId:#{USER_ID}
+EOS
+V1_0_CANONICAL_REQUEST = V1_0_CANONICAL_REQUEST_DATA.chomp
+
+V1_1_CANONICAL_REQUEST_DATA = <<EOS
+Method:POST
+Hashed Path:#{HASHED_CANONICAL_PATH}
+X-Ops-Content-Hash:#{HASHED_BODY}
+X-Ops-Timestamp:#{TIMESTAMP_ISO8601}
+X-Ops-UserId:#{DIGESTED_USER_ID}
+EOS
+V1_1_CANONICAL_REQUEST = V1_1_CANONICAL_REQUEST_DATA.chomp
+
+V1_1_SIGNING_OBJECT = Mixlib::Authentication::SignedHeaderAuth.signing_object(V1_1_ARGS)
+V1_0_SIGNING_OBJECT = Mixlib::Authentication::SignedHeaderAuth.signing_object(V1_0_ARGS)
+LONG_SIGNING_OBJECT = Mixlib::Authentication::SignedHeaderAuth.signing_object(LONG_PATH_LONG_USER_ARGS)

metadata

@@ -1,21 +1,23 @@
 --- !ruby/object:Gem::Specification 
 name: mixlib-authentication
 version: !ruby/object:Gem::Version 
-  prerelease: false
+  hash: 62196403
+  prerelease: 6
   segments: 
   - 1
-  - 1
-  - 4
-  version: 1.1.4
+  - 3
+  - 0
+  - beta
+  - 0
+  version: 1.3.0.beta.0
 platform: ruby
 authors: 
 - Opscode, Inc.
-autorequire: mixlib-authentication
+autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2010-07-23 00:00:00 -07:00
-default_executable: 
+date: 2012-06-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: mixlib-log
@@ -25,6 +27,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
         segments: 
         - 0
         version: "0"
@@ -45,16 +48,14 @@ files:
 - README.rdoc
 - Rakefile
 - NOTICE
-- lib/mixlib/authentication/digester.rb
-- lib/mixlib/authentication/http_authentication_request.rb
+- lib/mixlib/authentication.rb
 - lib/mixlib/authentication/signatureverification.rb
 - lib/mixlib/authentication/signedheaderauth.rb
-- lib/mixlib/authentication.rb
-- spec/mixlib/authentication/http_authentication_request_spec.rb
-- spec/mixlib/authentication/mixlib_authentication_spec.rb
-- spec/spec.opts
+- lib/mixlib/authentication/digester.rb
+- lib/mixlib/authentication/http_authentication_request.rb
 - spec/spec_helper.rb
-has_rdoc: true
+- spec/mixlib/authentication/mixlib_authentication_spec.rb
+- spec/mixlib/authentication/http_authentication_request_spec.rb
 homepage: http://www.opscode.com
 licenses: []
 
@@ -68,21 +69,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Mixes in simple per-request authentication

data/spec/spec.opts

@@ -1,4 +0,0 @@
---colour
---format specdoc
---loadby mtime
---reverse