mod-auth-pubtkt-rb 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/mod_auth_pubtkt.rb +24 -24
- metadata +4 -4
data/lib/mod_auth_pubtkt.rb
CHANGED
@@ -18,47 +18,47 @@ module ModAuthPubTkt
|
|
18
18
|
#
|
19
19
|
# === Parameters
|
20
20
|
#
|
21
|
-
# - uid: (required; 32 chars max.)
|
21
|
+
# - uid: (required; 32 chars max.)
|
22
22
|
# The user ID / username the ticket has been issued for, passed to the environment in REMOTE_USER
|
23
23
|
#
|
24
|
-
# - expires: (required.)
|
24
|
+
# - expires: (required.)
|
25
25
|
# A Time object that describes when this ticket will expire
|
26
26
|
#
|
27
|
-
# - key_path: (required.)
|
27
|
+
# - key_path: (required.)
|
28
28
|
# Path to your SSL key to sign the ticket with
|
29
29
|
#
|
30
|
-
# - key_type: (required.)
|
30
|
+
# - key_type: (required.)
|
31
31
|
# The type of key ("RSA" or "DSA")
|
32
32
|
#
|
33
|
-
# - cip: (optional; 39 chars max.)
|
33
|
+
# - cip: (optional; 39 chars max.)
|
34
34
|
# The client IP address.
|
35
35
|
#
|
36
36
|
# - tokens: (optional; 255 chars max.)
|
37
|
-
# A comma-separated list of words (group names etc.) The contents of this field are available
|
37
|
+
# A comma-separated list of words (group names etc.) The contents of this field are available
|
38
38
|
# to the environment in REMOTE_USER_TOKENS
|
39
39
|
#
|
40
40
|
# - udata: (optional; 255 chars max.)
|
41
41
|
# User data, for use by scripts; made available to the environment in REMOTE_USER_DATA
|
42
|
-
#
|
42
|
+
#
|
43
43
|
# - grace_period: (optional)
|
44
44
|
# A number of seconds grace period before ticket is refreshed
|
45
45
|
#
|
46
46
|
def create_ticket(uid, expires, key_path, key_type, cip = '', tokens = '', udata = '', grace_period = 0)
|
47
|
-
|
47
|
+
|
48
48
|
key = open_key_file(key_path, key_type)
|
49
|
-
|
50
|
-
tkt = "uid=#{uid};validuntil=#{expires.to_i};cip=#{cip};tokens=#{tokens};udata=#{udata};
|
51
|
-
|
49
|
+
|
50
|
+
tkt = "uid=#{uid};validuntil=#{expires.to_i};cip=#{cip};tokens=#{tokens};udata=#{udata};graceperiod=#{(expires - grace_period).to_i}";
|
51
|
+
|
52
52
|
sig = encrypt tkt, key
|
53
|
-
|
53
|
+
|
54
54
|
tkt + ";sig=" + Base64.b64encode(sig).gsub("\n", '').strip
|
55
|
-
|
55
|
+
|
56
56
|
end
|
57
|
-
|
58
|
-
# Verify a ticket is good / not been tampered with.
|
57
|
+
|
58
|
+
# Verify a ticket is good / not been tampered with.
|
59
59
|
# NB: This should be done by the apache module but is useful for testing here too
|
60
60
|
def verify(tkt, key)
|
61
|
-
|
61
|
+
|
62
62
|
if tkt =~ /(.*);sig=(.*)/
|
63
63
|
str = $1
|
64
64
|
sig = Base64.decode64($2)
|
@@ -69,22 +69,22 @@ module ModAuthPubTkt
|
|
69
69
|
if key.class == OpenSSL::PKey::DSA
|
70
70
|
key.verify(OpenSSL::Digest::DSS1.new, sig, str)
|
71
71
|
elsif key.class == OpenSSL::PKey::RSA
|
72
|
-
key.verify(OpenSSL::Digest::SHA1.new, sig, str)
|
73
|
-
end
|
74
|
-
|
72
|
+
key.verify(OpenSSL::Digest::SHA1.new, sig, str)
|
73
|
+
end
|
74
|
+
|
75
75
|
end
|
76
|
-
|
76
|
+
|
77
77
|
# Encrypt the string using key
|
78
78
|
def encrypt(string, key)
|
79
|
-
|
79
|
+
|
80
80
|
if key.class == OpenSSL::PKey::DSA
|
81
81
|
key.sign(OpenSSL::Digest::DSS1.new, string)
|
82
82
|
elsif key.class == OpenSSL::PKey::RSA
|
83
83
|
key.sign(OpenSSL::Digest::SHA1.new, string)
|
84
84
|
end
|
85
|
-
|
85
|
+
|
86
86
|
end
|
87
|
-
|
87
|
+
|
88
88
|
# Get the SSL key
|
89
89
|
def open_key_file(path, type)
|
90
90
|
if type == 'DSA'
|
@@ -95,5 +95,5 @@ module ModAuthPubTkt
|
|
95
95
|
end
|
96
96
|
|
97
97
|
module_function :create_ticket, :encrypt, :verify, :open_key_file
|
98
|
-
|
98
|
+
|
99
99
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mod-auth-pubtkt-rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 25
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 3
|
10
|
+
version: 0.0.3
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Matt Haynes
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-
|
18
|
+
date: 2010-11-04 00:00:00 +00:00
|
19
19
|
default_executable:
|
20
20
|
dependencies: []
|
21
21
|
|