smart_proxy_chef 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7d2d28589334b1dd4348fdb64179ee703847ff63
|
4
|
+
data.tar.gz: 887c69f465dbf1b6da515f0c9fafcc881077e3a7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b04a508b2a54db80f5b5e6106636cb444495d90a74235e16f784ac07cff0626bbe87d1516aa0c5847d3c560975d1f472109d30d3566a695a6be2897b13782832
|
7
|
+
data.tar.gz: 9d6b04059fb1bd4eb3be73fcc9f92008c951c97f2742a656d5c7f7717ce06c3ca723af0ca2668575b04c847aa5d7bf9496f92efe1e480ab89586289db33fbec5
|
@@ -1,29 +1,28 @@
|
|
1
1
|
module ChefPlugin
|
2
2
|
class Authentication
|
3
|
-
require '
|
3
|
+
require 'smart_proxy_chef_plugin/resources/client'
|
4
4
|
require 'digest/sha2'
|
5
5
|
require 'base64'
|
6
6
|
require 'openssl'
|
7
7
|
|
8
8
|
def verify_signature_request(client_name,signature,body)
|
9
|
-
#We need to retrieve
|
9
|
+
#We need to retrieve client public key
|
10
10
|
#to verify signature
|
11
|
-
chefurl = ChefPlugin::Plugin.settings.chef_server_url
|
12
|
-
chef_smartproxy_clientname = ChefPlugin::Plugin.settings.chef_smartproxy_clientname
|
13
|
-
key = ChefPlugin::Plugin.settings.chef_smartproxy_privatekey
|
14
|
-
rest = ::Chef::REST.new(chefurl,chef_smartproxy_clientname,key)
|
15
11
|
begin
|
16
|
-
|
12
|
+
client = Resources::Client.new.show(client_name)
|
17
13
|
rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError,
|
18
14
|
Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
|
19
15
|
Errno::ECONNREFUSED, OpenSSL::SSL::SSLError => e
|
20
|
-
raise Proxy::Error::Unauthorized, "Failed to authenticate node
|
16
|
+
raise Proxy::Error::Unauthorized, "Failed to authenticate node: "+e.message
|
21
17
|
end
|
22
18
|
|
19
|
+
raise Proxy::Error::Unauthorized, "Could not find client with name #{client_name}" if client.nil?
|
20
|
+
public_key = OpenSSL::PKey::RSA.new(client.public_key)
|
21
|
+
|
23
22
|
#signature is base64 encoded
|
24
23
|
decoded_signature = Base64.decode64(signature)
|
25
24
|
hash_body = Digest::SHA256.hexdigest(body)
|
26
|
-
public_key.verify(OpenSSL::Digest::SHA256.new,decoded_signature,hash_body)
|
25
|
+
public_key.verify(OpenSSL::Digest::SHA256.new, decoded_signature, hash_body)
|
27
26
|
end
|
28
27
|
|
29
28
|
def authenticated(request, &block)
|
@@ -35,7 +34,7 @@ module ChefPlugin
|
|
35
34
|
signature = request.env['HTTP_X_FOREMAN_SIGNATURE']
|
36
35
|
|
37
36
|
raise Proxy::Error::Unauthorized, "Failed to authenticate node #{client_name}. Missing some headers" if client_name.nil? or signature.nil?
|
38
|
-
auth = verify_signature_request(client_name,signature,content)
|
37
|
+
auth = verify_signature_request(client_name, signature, content)
|
39
38
|
end
|
40
39
|
|
41
40
|
if auth
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_chef
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marek Hulan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2015-01-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -108,20 +108,6 @@ dependencies:
|
|
108
108
|
- - ~>
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '10'
|
111
|
-
- !ruby/object:Gem::Dependency
|
112
|
-
name: chef
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
114
|
-
requirements:
|
115
|
-
- - '>='
|
116
|
-
- !ruby/object:Gem::Version
|
117
|
-
version: 11.6.2
|
118
|
-
type: :runtime
|
119
|
-
prerelease: false
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - '>='
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: 11.6.2
|
125
111
|
- !ruby/object:Gem::Dependency
|
126
112
|
name: chef-api
|
127
113
|
requirement: !ruby/object:Gem::Requirement
|