mixlib-authentication 1.3.0.beta.0 → 1.3.0.beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,9 +7,9 @@
|
|
7
7
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
8
|
# you may not use this file except in compliance with the License.
|
9
9
|
# You may obtain a copy of the License at
|
10
|
-
#
|
10
|
+
#
|
11
11
|
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
-
#
|
12
|
+
#
|
13
13
|
# Unless required by applicable law or agreed to in writing, software
|
14
14
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
15
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
@@ -28,62 +28,99 @@ module Mixlib
|
|
28
28
|
|
29
29
|
module SignedHeaderAuth
|
30
30
|
|
31
|
-
|
32
|
-
|
31
|
+
NULL_ARG = Object.new
|
32
|
+
SUPPORTED_ALGORITHMS = ['sha1'].freeze
|
33
|
+
SUPPORTED_VERSIONS = ['1.0', '1.1'].freeze
|
33
34
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
35
|
+
DEFAULT_SIGN_ALGORITHM = 'sha1'.freeze
|
36
|
+
DEFAULT_PROTO_VERSION = '1.0'.freeze
|
37
|
+
|
38
|
+
|
39
|
+
# === signing_object
|
40
|
+
# This is the intended interface for signing requests with the
|
41
|
+
# Opscode/Chef signed header protocol. This wraps the constructor for a
|
42
|
+
# Struct that contains the relevant information about your request.
|
43
|
+
#
|
44
|
+
# ==== Signature Parameters:
|
45
|
+
# These parameters are used to generate the canonical representation of
|
46
|
+
# the request, which is then hashed and encrypted to generate the
|
47
|
+
# request's signature. These options are all required, with the exception
|
48
|
+
# of `:body` and `:file`, which are alternate ways to specify the request
|
49
|
+
# body (you must specify one of these).
|
50
|
+
# * `:http_method`: HTTP method as a lowercase symbol, e.g., `:get | :put | :post | :delete`
|
51
|
+
# * `:path`: The path part of the URI, e.g., `URI.parse(uri).path`
|
52
|
+
# * `:body`: An object representing the body of the request.
|
53
|
+
# Use an empty String for bodiless requests.
|
54
|
+
# * `:timestamp`: A String representing the time in any format understood
|
55
|
+
# by `Time.parse`. The server may reject the request if the timestamp is
|
56
|
+
# not close to the server's current time.
|
57
|
+
# * `:user_id`: The user or client name. This is used by the server to
|
58
|
+
# lookup the public key necessary to verify the signature.
|
59
|
+
# * `:file`: An IO object (must respond to `:read`) to be used as the
|
60
|
+
# request body.
|
61
|
+
# ==== Protocol Versioning Parameters:
|
62
|
+
# * `:proto_version`: The version of the signing protocol to use.
|
63
|
+
# Currently defaults to 1.0, but version 1.1 is also available.
|
64
|
+
# ==== Other Parameters:
|
65
|
+
# These parameters are accepted but not used in the computation of the signature.
|
66
|
+
# * `:host`: The host part of the URI
|
67
|
+
def self.signing_object(args={ })
|
68
|
+
SigningObject.new(args[:http_method], args[:path], args[:body], args[:host], args[:timestamp], args[:user_id], args[:file], args[:proto_version])
|
69
|
+
end
|
70
|
+
|
71
|
+
def algorithm
|
72
|
+
DEFAULT_SIGN_ALGORITHM
|
73
|
+
end
|
74
|
+
|
75
|
+
def proto_version
|
76
|
+
DEFAULT_PROTO_VERSION
|
40
77
|
end
|
41
78
|
|
42
79
|
# Build the canonicalized request based on the method, other headers, etc.
|
43
80
|
# compute the signature from the request, using the looked-up user secret
|
44
81
|
# ====Parameters
|
45
82
|
# private_key<OpenSSL::PKey::RSA>:: user's RSA private key.
|
46
|
-
def sign(private_key, algorithm
|
83
|
+
def sign(private_key, sign_algorithm=algorithm, sign_version=proto_version)
|
47
84
|
# Our multiline hash for authorization will be encoded in multiple header
|
48
85
|
# lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
|
49
86
|
header_hash = {
|
50
|
-
"X-Ops-Sign" => "algorithm=#{
|
87
|
+
"X-Ops-Sign" => "algorithm=#{sign_algorithm};version=#{sign_version};",
|
51
88
|
"X-Ops-Userid" => user_id,
|
52
89
|
"X-Ops-Timestamp" => canonical_time,
|
53
90
|
"X-Ops-Content-Hash" => hashed_body,
|
54
91
|
}
|
55
92
|
|
56
|
-
string_to_sign = canonicalize_request(
|
93
|
+
string_to_sign = canonicalize_request(sign_algorithm, sign_version)
|
57
94
|
signature = Base64.encode64(private_key.private_encrypt(string_to_sign)).chomp
|
58
95
|
signature_lines = signature.split(/\n/)
|
59
96
|
signature_lines.each_index do |idx|
|
60
97
|
key = "X-Ops-Authorization-#{idx + 1}"
|
61
98
|
header_hash[key] = signature_lines[idx]
|
62
99
|
end
|
63
|
-
|
100
|
+
|
64
101
|
Mixlib::Authentication::Log.debug "String to sign: '#{string_to_sign}'\nHeader hash: #{header_hash.inspect}"
|
65
|
-
|
102
|
+
|
66
103
|
header_hash
|
67
104
|
end
|
68
|
-
|
105
|
+
|
69
106
|
# Build the canonicalized time based on utc & iso8601
|
70
|
-
#
|
107
|
+
#
|
71
108
|
# ====Parameters
|
72
|
-
#
|
109
|
+
#
|
73
110
|
def canonical_time
|
74
111
|
Time.parse(timestamp).utc.iso8601
|
75
112
|
end
|
76
|
-
|
113
|
+
|
77
114
|
# Build the canonicalized path, which collapses multiple slashes (/) and
|
78
115
|
# removes a trailing slash unless the path is only "/"
|
79
|
-
#
|
116
|
+
#
|
80
117
|
# ====Parameters
|
81
|
-
#
|
118
|
+
#
|
82
119
|
def canonical_path
|
83
120
|
p = path.gsub(/\/+/,'/')
|
84
121
|
p.length > 1 ? p.chomp('/') : p
|
85
122
|
end
|
86
|
-
|
123
|
+
|
87
124
|
def hashed_body
|
88
125
|
# Hash the file object if it was passed in, otherwise hash based on
|
89
126
|
# the body.
|
@@ -92,27 +129,33 @@ module Mixlib
|
|
92
129
|
# body in the case of a file being include.
|
93
130
|
@hashed_body ||= (self.file && self.file.respond_to?(:read)) ? digester.hash_file(self.file) : digester.hash_string(self.body)
|
94
131
|
end
|
95
|
-
|
132
|
+
|
96
133
|
# Takes HTTP request method & headers and creates a canonical form
|
97
134
|
# to create the signature
|
98
|
-
#
|
135
|
+
#
|
99
136
|
# ====Parameters
|
100
|
-
#
|
101
|
-
#
|
102
|
-
def canonicalize_request(algorithm
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
when version == "1.0"
|
109
|
-
user_id
|
110
|
-
else
|
111
|
-
user_id
|
112
|
-
end
|
137
|
+
#
|
138
|
+
#
|
139
|
+
def canonicalize_request(sign_algorithm=algorithm, sign_version=proto_version)
|
140
|
+
unless SUPPORTED_ALGORITHMS.include?(sign_algorithm) && SUPPORTED_VERSIONS.include?(sign_version)
|
141
|
+
raise AuthenticationError, "Bad algorithm '#{sign_algorithm}' (allowed: #{SUPPORTED_ALGORITHMS.inspect}) or version '#{sign_version}' (allowed: #{SUPPORTED_VERSIONS.inspect})"
|
142
|
+
end
|
143
|
+
|
144
|
+
canonical_x_ops_user_id = canonicalize_user_id(user_id, sign_version)
|
113
145
|
"Method:#{http_method.to_s.upcase}\nHashed Path:#{digester.hash_string(canonical_path)}\nX-Ops-Content-Hash:#{hashed_body}\nX-Ops-Timestamp:#{canonical_time}\nX-Ops-UserId:#{canonical_x_ops_user_id}"
|
114
146
|
end
|
115
|
-
|
147
|
+
|
148
|
+
def canonicalize_user_id(user_id, proto_version)
|
149
|
+
case proto_version
|
150
|
+
when "1.1"
|
151
|
+
digester.hash_string(user_id)
|
152
|
+
when "1.0"
|
153
|
+
user_id
|
154
|
+
else
|
155
|
+
user_id
|
156
|
+
end
|
157
|
+
end
|
158
|
+
|
116
159
|
# Parses signature version information, algorithm used, etc.
|
117
160
|
#
|
118
161
|
# ====Parameters
|
@@ -126,17 +169,25 @@ module Mixlib
|
|
126
169
|
Mixlib::Authentication::Log.debug "Parsed signing description: #{parts.inspect}"
|
127
170
|
parts
|
128
171
|
end
|
129
|
-
|
172
|
+
|
130
173
|
def digester
|
131
174
|
Mixlib::Authentication::Digester
|
132
175
|
end
|
133
|
-
|
134
|
-
private :canonical_time, :canonical_path, :parse_signing_description, :digester
|
135
|
-
|
176
|
+
|
177
|
+
private :canonical_time, :canonical_path, :parse_signing_description, :digester, :canonicalize_user_id
|
178
|
+
|
136
179
|
end
|
137
180
|
|
138
|
-
|
181
|
+
# === SigningObject
|
182
|
+
# A Struct-based value object that contains the necessary information to
|
183
|
+
# generate a request signature. `SignedHeaderAuth.signing_object()`
|
184
|
+
# provides a more convenient interface to the constructor.
|
185
|
+
class SigningObject < Struct.new(:http_method, :path, :body, :host, :timestamp, :user_id, :file, :proto_version)
|
139
186
|
include SignedHeaderAuth
|
187
|
+
|
188
|
+
def proto_version
|
189
|
+
(self[:proto_version] or DEFAULT_PROTO_VERSION).to_s
|
190
|
+
end
|
140
191
|
end
|
141
192
|
|
142
193
|
end
|
@@ -8,9 +8,9 @@
|
|
8
8
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
9
9
|
# you may not use this file except in compliance with the License.
|
10
10
|
# You may obtain a copy of the License at
|
11
|
-
#
|
11
|
+
#
|
12
12
|
# http://www.apache.org/licenses/LICENSE-2.0
|
13
|
-
#
|
13
|
+
#
|
14
14
|
# Unless required by applicable law or agreed to in writing, software
|
15
15
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
16
16
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
@@ -68,28 +68,42 @@ end
|
|
68
68
|
|
69
69
|
describe "Mixlib::Authentication::SignedHeaderAuth" do
|
70
70
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
V1_0_SIGNING_OBJECT.canonicalize_request
|
71
|
+
# NOTE: Version 1.0 will be the default until Chef 11 is released.
|
72
|
+
|
73
|
+
it "should generate the correct string to sign and signature, version 1.0 (default)" do
|
74
|
+
|
75
|
+
V1_0_SIGNING_OBJECT.canonicalize_request.should == V1_0_CANONICAL_REQUEST
|
76
76
|
|
77
77
|
# If you need to regenerate the constants in this test spec, print out
|
78
|
-
# the results of res.inspect and copy them as appropriate into the
|
78
|
+
# the results of res.inspect and copy them as appropriate into the
|
79
79
|
# the constants in this file.
|
80
|
-
V1_0_SIGNING_OBJECT.sign(PRIVATE_KEY
|
80
|
+
V1_0_SIGNING_OBJECT.sign(PRIVATE_KEY).should == EXPECTED_SIGN_RESULT_V1_0
|
81
81
|
end
|
82
82
|
|
83
83
|
it "should generate the correct string to sign and signature, version 1.1" do
|
84
|
-
|
84
|
+
V1_1_SIGNING_OBJECT.proto_version.should == "1.1"
|
85
85
|
V1_1_SIGNING_OBJECT.canonicalize_request.should == V1_1_CANONICAL_REQUEST
|
86
86
|
|
87
87
|
# If you need to regenerate the constants in this test spec, print out
|
88
|
-
# the results of res.inspect and copy them as appropriate into the
|
88
|
+
# the results of res.inspect and copy them as appropriate into the
|
89
89
|
# the constants in this file.
|
90
90
|
V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY).should == EXPECTED_SIGN_RESULT_V1_1
|
91
91
|
end
|
92
92
|
|
93
|
+
it "should generate the correct string to sign and signature for non-default proto version when used as a mixin" do
|
94
|
+
algorithm = 'sha1'
|
95
|
+
version = '1.1'
|
96
|
+
|
97
|
+
V1_1_SIGNING_OBJECT.proto_version = "1.0"
|
98
|
+
V1_1_SIGNING_OBJECT.proto_version.should == "1.0"
|
99
|
+
V1_1_SIGNING_OBJECT.canonicalize_request(algorithm, version).should == V1_1_CANONICAL_REQUEST
|
100
|
+
|
101
|
+
# If you need to regenerate the constants in this test spec, print out
|
102
|
+
# the results of res.inspect and copy them as appropriate into the
|
103
|
+
# the constants in this file.
|
104
|
+
V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, algorithm, version).should == EXPECTED_SIGN_RESULT_V1_1
|
105
|
+
end
|
106
|
+
|
93
107
|
it "should not choke when signing a request for a long user id with version 1.1" do
|
94
108
|
lambda { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, 'sha1', '1.1') }.should_not raise_error
|
95
109
|
end
|
@@ -109,7 +123,7 @@ describe "Mixlib::Authentication::SignedHeaderAuth" do
|
|
109
123
|
end
|
110
124
|
|
111
125
|
describe "Mixlib::Authentication::SignatureVerification" do
|
112
|
-
|
126
|
+
|
113
127
|
before(:each) do
|
114
128
|
@user_private_key = PRIVATE_KEY
|
115
129
|
end
|
@@ -231,7 +245,7 @@ PATH = "/organizations/clownco"
|
|
231
245
|
HASHED_CANONICAL_PATH = "YtBWDn1blGGuFIuKksdwXzHU9oE=" # Base64.encode64(Digest::SHA1.digest("/organizations/clownco")).chomp
|
232
246
|
|
233
247
|
V1_0_ARGS = {
|
234
|
-
:body => BODY,
|
248
|
+
:body => BODY,
|
235
249
|
:user_id => USER_ID,
|
236
250
|
:http_method => :post,
|
237
251
|
:timestamp => TIMESTAMP_ISO8601, # fixed timestamp so we get back the same answer each time.
|
@@ -240,16 +254,17 @@ V1_0_ARGS = {
|
|
240
254
|
}
|
241
255
|
|
242
256
|
V1_1_ARGS = {
|
243
|
-
:body => BODY,
|
257
|
+
:body => BODY,
|
244
258
|
:user_id => USER_ID,
|
245
259
|
:http_method => :post,
|
246
260
|
:timestamp => TIMESTAMP_ISO8601, # fixed timestamp so we get back the same answer each time.
|
247
261
|
:file => MockFile.new,
|
248
|
-
:path => PATH
|
262
|
+
:path => PATH,
|
263
|
+
:proto_version => 1.1
|
249
264
|
}
|
250
265
|
|
251
266
|
LONG_PATH_LONG_USER_ARGS = {
|
252
|
-
:body => BODY,
|
267
|
+
:body => BODY,
|
253
268
|
:user_id => "A" * 200,
|
254
269
|
:http_method => :put,
|
255
270
|
:timestamp => TIMESTAMP_ISO8601, # fixed timestamp so we get back the same answer each time.
|
@@ -263,10 +278,10 @@ REQUESTING_ACTOR_ID = "c0f8a68c52bffa1020222a56b23cccfa"
|
|
263
278
|
X_OPS_CONTENT_HASH = "DFteJZPVv6WKdQmMqZUQUumUyRs="
|
264
279
|
X_OPS_AUTHORIZATION_LINES_V1_0 = [
|
265
280
|
"jVHrNniWzpbez/eGWjFnO6lINRIuKOg40ZTIQudcFe47Z9e/HvrszfVXlKG4",
|
266
|
-
"NMzYZgyooSvU85qkIUmKuCqgG2AIlvYa2Q/2ctrMhoaHhLOCWWoqYNMaEqPc",
|
267
|
-
"3tKHE+CfvP+WuPdWk4jv4wpIkAz6ZLxToxcGhXmZbXpk56YTmqgBW2cbbw4O",
|
268
|
-
"IWPZDHSiPcw//AYNgW1CCDptt+UFuaFYbtqZegcBd2n/jzcWODA7zL4KWEUy",
|
269
|
-
"9q4rlh/+1tBReg60QdsmDRsw/cdO1GZrKtuCwbuD4+nbRdVBKv72rqHX9cu0",
|
281
|
+
"NMzYZgyooSvU85qkIUmKuCqgG2AIlvYa2Q/2ctrMhoaHhLOCWWoqYNMaEqPc",
|
282
|
+
"3tKHE+CfvP+WuPdWk4jv4wpIkAz6ZLxToxcGhXmZbXpk56YTmqgBW2cbbw4O",
|
283
|
+
"IWPZDHSiPcw//AYNgW1CCDptt+UFuaFYbtqZegcBd2n/jzcWODA7zL4KWEUy",
|
284
|
+
"9q4rlh/+1tBReg60QdsmDRsw/cdO1GZrKtuCwbuD4+nbRdVBKv72rqHX9cu0",
|
270
285
|
"utju9jzczCyB+sSAQWrxSsXB/b8vV2qs0l4VD2ML+w=="
|
271
286
|
]
|
272
287
|
|
@@ -311,51 +326,51 @@ EXPECTED_SIGN_RESULT_V1_1 = {
|
|
311
326
|
OTHER_HEADERS = {
|
312
327
|
# An arbitrary sampling of non-HTTP_* headers are in here to
|
313
328
|
# exercise that code path.
|
314
|
-
"REMOTE_ADDR"=>"127.0.0.1",
|
315
|
-
"PATH_INFO"=>"/organizations/local-test-org/cookbooks",
|
316
|
-
"REQUEST_PATH"=>"/organizations/local-test-org/cookbooks",
|
329
|
+
"REMOTE_ADDR"=>"127.0.0.1",
|
330
|
+
"PATH_INFO"=>"/organizations/local-test-org/cookbooks",
|
331
|
+
"REQUEST_PATH"=>"/organizations/local-test-org/cookbooks",
|
317
332
|
"CONTENT_TYPE"=>"multipart/form-data; boundary=----RubyMultipartClient6792ZZZZZ",
|
318
|
-
"CONTENT_LENGTH"=>"394",
|
333
|
+
"CONTENT_LENGTH"=>"394",
|
319
334
|
}
|
320
335
|
|
321
336
|
# This is what will be in request.params for the Merb case.
|
322
337
|
MERB_REQUEST_PARAMS = {
|
323
|
-
"name"=>"zsh", "action"=>"create", "controller"=>"chef_server_api/cookbooks",
|
338
|
+
"name"=>"zsh", "action"=>"create", "controller"=>"chef_server_api/cookbooks",
|
324
339
|
"organization_id"=>"local-test-org", "requesting_actor_id"=>REQUESTING_ACTOR_ID,
|
325
340
|
}
|
326
341
|
|
327
342
|
# Tis is what will be in request.env for the Merb case.
|
328
343
|
MERB_HEADERS_V1_1 = {
|
329
344
|
# These are used by signatureverification.
|
330
|
-
"HTTP_HOST"=>"127.0.0.1",
|
345
|
+
"HTTP_HOST"=>"127.0.0.1",
|
331
346
|
"HTTP_X_OPS_SIGN"=>"algorithm=sha1;version=1.1;",
|
332
|
-
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
333
|
-
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
334
|
-
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
335
|
-
"HTTP_X_OPS_USERID"=>USER_ID,
|
336
|
-
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
|
337
|
-
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
|
338
|
-
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
|
339
|
-
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
|
340
|
-
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
|
341
|
-
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
|
347
|
+
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
348
|
+
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
349
|
+
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
350
|
+
"HTTP_X_OPS_USERID"=>USER_ID,
|
351
|
+
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
|
352
|
+
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
|
353
|
+
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
|
354
|
+
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
|
355
|
+
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
|
356
|
+
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
|
342
357
|
}.merge(OTHER_HEADERS)
|
343
358
|
|
344
359
|
# Tis is what will be in request.env for the Merb case.
|
345
360
|
MERB_HEADERS_V1_0 = {
|
346
361
|
# These are used by signatureverification.
|
347
|
-
"HTTP_HOST"=>"127.0.0.1",
|
362
|
+
"HTTP_HOST"=>"127.0.0.1",
|
348
363
|
"HTTP_X_OPS_SIGN"=>"version=1.0",
|
349
|
-
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
350
|
-
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
351
|
-
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
352
|
-
"HTTP_X_OPS_USERID"=>USER_ID,
|
353
|
-
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0],
|
354
|
-
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1],
|
355
|
-
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2],
|
356
|
-
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3],
|
357
|
-
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4],
|
358
|
-
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5],
|
364
|
+
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
365
|
+
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
366
|
+
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
367
|
+
"HTTP_X_OPS_USERID"=>USER_ID,
|
368
|
+
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0],
|
369
|
+
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1],
|
370
|
+
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2],
|
371
|
+
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3],
|
372
|
+
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4],
|
373
|
+
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5],
|
359
374
|
}.merge(OTHER_HEADERS)
|
360
375
|
|
361
376
|
PASSENGER_REQUEST_PARAMS = {
|
@@ -367,34 +382,34 @@ PASSENGER_REQUEST_PARAMS = {
|
|
367
382
|
|
368
383
|
PASSENGER_HEADERS_V1_1 = {
|
369
384
|
# These are used by signatureverification.
|
370
|
-
"HTTP_HOST"=>"127.0.0.1",
|
385
|
+
"HTTP_HOST"=>"127.0.0.1",
|
371
386
|
"HTTP_X_OPS_SIGN"=>"algorithm=sha1;version=1.1;",
|
372
|
-
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
373
|
-
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
374
|
-
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
375
|
-
"HTTP_X_OPS_USERID"=>USER_ID,
|
376
|
-
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
|
377
|
-
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
|
378
|
-
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
|
379
|
-
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
|
380
|
-
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
|
381
|
-
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
|
387
|
+
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
388
|
+
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
389
|
+
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
390
|
+
"HTTP_X_OPS_USERID"=>USER_ID,
|
391
|
+
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES[0],
|
392
|
+
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES[1],
|
393
|
+
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES[2],
|
394
|
+
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES[3],
|
395
|
+
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES[4],
|
396
|
+
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES[5],
|
382
397
|
}.merge(OTHER_HEADERS)
|
383
398
|
|
384
399
|
PASSENGER_HEADERS_V1_0 = {
|
385
400
|
# These are used by signatureverification.
|
386
|
-
"HTTP_HOST"=>"127.0.0.1",
|
401
|
+
"HTTP_HOST"=>"127.0.0.1",
|
387
402
|
"HTTP_X_OPS_SIGN"=>"version=1.0",
|
388
|
-
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
389
|
-
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
390
|
-
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
391
|
-
"HTTP_X_OPS_USERID"=>USER_ID,
|
392
|
-
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0],
|
393
|
-
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1],
|
394
|
-
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2],
|
395
|
-
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3],
|
396
|
-
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4],
|
397
|
-
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5],
|
403
|
+
"HTTP_X_OPS_REQUESTID"=>"127.0.0.1 1258566194.85386",
|
404
|
+
"HTTP_X_OPS_TIMESTAMP"=>TIMESTAMP_ISO8601,
|
405
|
+
"HTTP_X_OPS_CONTENT_HASH"=>X_OPS_CONTENT_HASH,
|
406
|
+
"HTTP_X_OPS_USERID"=>USER_ID,
|
407
|
+
"HTTP_X_OPS_AUTHORIZATION_1"=>X_OPS_AUTHORIZATION_LINES_V1_0[0],
|
408
|
+
"HTTP_X_OPS_AUTHORIZATION_2"=>X_OPS_AUTHORIZATION_LINES_V1_0[1],
|
409
|
+
"HTTP_X_OPS_AUTHORIZATION_3"=>X_OPS_AUTHORIZATION_LINES_V1_0[2],
|
410
|
+
"HTTP_X_OPS_AUTHORIZATION_4"=>X_OPS_AUTHORIZATION_LINES_V1_0[3],
|
411
|
+
"HTTP_X_OPS_AUTHORIZATION_5"=>X_OPS_AUTHORIZATION_LINES_V1_0[4],
|
412
|
+
"HTTP_X_OPS_AUTHORIZATION_6"=>X_OPS_AUTHORIZATION_LINES_V1_0[5],
|
398
413
|
}.merge(OTHER_HEADERS)
|
399
414
|
|
400
415
|
# generated with
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mixlib-authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: -2745496134
|
5
5
|
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 3
|
9
9
|
- 0
|
10
10
|
- beta
|
11
|
-
-
|
12
|
-
version: 1.3.0.beta.
|
11
|
+
- 1
|
12
|
+
version: 1.3.0.beta.1
|
13
13
|
platform: ruby
|
14
14
|
authors:
|
15
15
|
- Opscode, Inc.
|
@@ -17,7 +17,7 @@ autorequire:
|
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
19
|
|
20
|
-
date: 2012-
|
20
|
+
date: 2012-08-03 00:00:00 Z
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
23
23
|
name: mixlib-log
|
@@ -49,13 +49,13 @@ files:
|
|
49
49
|
- Rakefile
|
50
50
|
- NOTICE
|
51
51
|
- lib/mixlib/authentication.rb
|
52
|
-
- lib/mixlib/authentication/
|
52
|
+
- lib/mixlib/authentication/http_authentication_request.rb
|
53
53
|
- lib/mixlib/authentication/signedheaderauth.rb
|
54
|
+
- lib/mixlib/authentication/signatureverification.rb
|
54
55
|
- lib/mixlib/authentication/digester.rb
|
55
|
-
- lib/mixlib/authentication/http_authentication_request.rb
|
56
56
|
- spec/spec_helper.rb
|
57
|
-
- spec/mixlib/authentication/mixlib_authentication_spec.rb
|
58
57
|
- spec/mixlib/authentication/http_authentication_request_spec.rb
|
58
|
+
- spec/mixlib/authentication/mixlib_authentication_spec.rb
|
59
59
|
homepage: http://www.opscode.com
|
60
60
|
licenses: []
|
61
61
|
|