pax_global_header00006660000000000000000000000064136022540130014506gustar00rootroot0000000000000052 comment=e7070e48938de7b8207d4a2056c9a7fd8fb7d695 mixlib-authentication-3.0.6/000077500000000000000000000000001360225401300160155ustar00rootroot00000000000000mixlib-authentication-3.0.6/.expeditor/000077500000000000000000000000001360225401300200765ustar00rootroot00000000000000mixlib-authentication-3.0.6/.expeditor/config.yml000066400000000000000000000027071360225401300220740ustar00rootroot00000000000000# Documentation available at https://expeditor.chef.io/docs/getting-started/ --- # Slack channel in Chef Software slack to send notifications about build failures, etc slack: notify_channel: chef-found-notify # This publish is triggered by the `built_in:publish_rubygems` artifact_action. rubygems: - mixlib-authentication github: # This deletes the GitHub PR branch after successfully merged into the release branch delete_branch_on_merge: true # The tag format to use (e.g. v1.0.0) version_tag_format: "v{{version}}" # allow bumping the minor release via label minor_bump_labels: - "Expeditor: Bump Version Minor" # allow bumping the major release via label major_bump_labels: - "Expeditor: Bump Version Major" changelog: rollup_header: Changes not yet released to rubygems.org # These actions are taken, in order they are specified, anytime a Pull Request is merged. merge_actions: - built_in:bump_version: ignore_labels: - "Expeditor: Skip Version Bump" - "Expeditor: Skip All" - bash:.expeditor/update_version.sh: only_if: built_in:bump_version - built_in:update_changelog: ignore_labels: - "Expeditor: Skip Changelog" - "Expeditor: Skip All" - built_in:build_gem: only_if: built_in:bump_version promote: actions: - built_in:rollover_changelog - built_in:publish_rubygems pipelines: - verify: description: Pull Request validation tests public: true mixlib-authentication-3.0.6/.expeditor/run_linux_tests.sh000077500000000000000000000023451360225401300237060ustar00rootroot00000000000000#!/bin/bash # # This script runs a passed in command, but first setups up the bundler caching on the repo set -ue export USER="root" echo "--- dependencies" export LANG=C.UTF-8 LANGUAGE=C.UTF-8 S3_URL="s3://public-cd-buildkite-cache/${BUILDKITE_PIPELINE_SLUG}/${BUILDKITE_LABEL}" pull_s3_file() { aws s3 cp "${S3_URL}/$1" "$1" || echo "Could not pull $1 from S3" } push_s3_file() { if [ -f "$1" ]; then aws s3 cp "$1" "${S3_URL}/$1" || echo "Could not push $1 to S3 for caching." fi } apt-get update -y apt-get install awscli -y echo "--- bundle install" pull_s3_file "bundle.tar.gz" pull_s3_file "bundle.sha256" if [ -f bundle.tar.gz ]; then tar -xzf bundle.tar.gz fi if [ -n "${RESET_BUNDLE_CACHE:-}" ]; then rm bundle.sha256 fi bundle config --local path vendor/bundle bundle install --jobs=7 --retry=3 echo "--- bundle cache" if test -f bundle.sha256 && shasum --check bundle.sha256 --status; then echo "Bundled gems have not changed. Skipping upload to s3" else echo "Bundled gems have changed. Uploading to s3" shasum -a 256 Gemfile.lock > bundle.sha256 tar -czf bundle.tar.gz vendor/ push_s3_file bundle.tar.gz push_s3_file bundle.sha256 fi echo "+++ bundle exec task" bundle exec $1 mixlib-authentication-3.0.6/.expeditor/update_version.sh000077500000000000000000000007171360225401300234710ustar00rootroot00000000000000#!/bin/sh # # After a PR merge, Chef Expeditor will bump the PATCH version in the VERSION file. # It then executes this file to update any other files/components with that new version. # set -evx sed -i -r "s/^(\s*)VERSION = \".+\"/\1VERSION = \"$(cat VERSION)\"/" lib/mixlib/authentication/version.rb # Once Expeditor finshes executing this script, it will commit the changes and push # the commit as a new tag corresponding to the value in the VERSION file. mixlib-authentication-3.0.6/.expeditor/verify.pipeline.yml000066400000000000000000000016301360225401300237310ustar00rootroot00000000000000--- expeditor: defaults: buildkite: timeout_in_minutes: 30 steps: - label: run-lint-and-specs-ruby-2.4 command: - .expeditor/run_linux_tests.sh rake expeditor: executor: docker: image: ruby:2.4-buster - label: run-lint-and-specs-ruby-2.5 command: - .expeditor/run_linux_tests.sh rake expeditor: executor: docker: image: ruby:2.5-buster - label: run-lint-and-specs-ruby-2.6 command: - .expeditor/run_linux_tests.sh rake expeditor: executor: docker: image: ruby:2.6-buster - label: run-lint-and-specs-ruby-2.7rc command: - .expeditor/run_linux_tests.sh rake expeditor: executor: docker: image: ruby:2.7-rc-buster - label: run-specs-windows command: - bundle install --jobs=7 --retry=3 --without docs debug - bundle exec rake expeditor: executor: docker: host_os: windows mixlib-authentication-3.0.6/.github/000077500000000000000000000000001360225401300173555ustar00rootroot00000000000000mixlib-authentication-3.0.6/.github/CODEOWNERS000066400000000000000000000003741360225401300207540ustar00rootroot00000000000000# Order is important. The last matching pattern has the most precedence. * @chef/chef-foundation-owners @chef/chef-foundation-approvers @chef/chef-foundation-reviewers .expeditor/ @chef/jex-team *.md @chef/docs-team mixlib-authentication-3.0.6/.github/ISSUE_TEMPLATE/000077500000000000000000000000001360225401300215405ustar00rootroot00000000000000mixlib-authentication-3.0.6/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md000066400000000000000000000011651360225401300237750ustar00rootroot00000000000000--- name: ļæ½ Bug Report about: If something isn't working as expected ļæ½. labels: "Status: Untriaged, Type: Bug" --- # Version: [Version of the project installed] # Environment: [Details about the environment such as the Operating System, cookbook details, etc...] # Scenario: [What you are trying to achieve and you can't?] # Steps to Reproduce: [If you are filing an issue what are the things we need to do in order to repro your problem?] # Expected Result: [What are you expecting to happen as the consequence of above reproduction steps?] # Actual Result: [What actually happens after the reproduction steps?] mixlib-authentication-3.0.6/.github/ISSUE_TEMPLATE/DESIGN_PROPOSAL.md000066400000000000000000000023721360225401300243560ustar00rootroot00000000000000--- name: Design Proposal about: I have a significant change I would like to propose and discuss before starting labels: "Status: Untriaged, Type: Design Proposal" --- ### When a Change Needs a Design Proposal A design proposal should be opened any time a change meets one of the following qualifications: - Significantly changes the user experience of a project in a way that impacts users. - Significantly changes the underlying architecture of the project in a way that impacts other developers. - Changes the development or testing process of the project such as a change of CI systems or test frameworks. ### Why We Use This Process - Allows all interested parties (including any community member) to discuss large impact changes to a project. - Serves as a durable paper trail for discussions regarding project architecture. - Forces design discussions to occur before PRs are created. - Reduces PR refactoring and rejected PRs. --- ## Motivation ## Specification ## Downstream Impact mixlib-authentication-3.0.6/.github/ISSUE_TEMPLATE/ENHANCEMENT_REQUEST_TEMPLATE.md000066400000000000000000000014071360225401300263140ustar00rootroot00000000000000--- name: šŸš€ Enhancement Request about: I have a suggestion (and may want to implement it šŸ™‚)! labels: "Status: Untriaged" --- ### Describe the Enhancement: ### Describe the Need: ### Current Alternative ### Can We Help You Implement This?: mixlib-authentication-3.0.6/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md000066400000000000000000000006601360225401300245670ustar00rootroot00000000000000--- name: šŸ¤— Support Question about: If you have a question šŸ’¬, please check out our Slack! --- We use GitHub issues to track bugs and feature requests. If you need help please post to our Mailing List or join the Chef Community Slack. * Chef Community Slack at http://community-slack.chef.io/. * Chef Mailing List https://discourse.chef.io/ Support issues opened here will be closed and redirected to Slack or Discourse. mixlib-authentication-3.0.6/.github/lock.yml000066400000000000000000000000221360225401300210220ustar00rootroot00000000000000daysUntilLock: 60 mixlib-authentication-3.0.6/.gitignore000066400000000000000000000003671360225401300200130ustar00rootroot00000000000000_yardoc .bundle .config .DS_Store .idea .rake_tasks~ .rspec .ruby-version .rvmrc .yardoc .yardopts *.gem *.rbc *.sw? bin/ coverage doc Gemfile.local Gemfile.lock InstalledFiles lib/bundler/man pkg spec/reports test/tmp test/version_tmp tmp vendor mixlib-authentication-3.0.6/CHANGELOG.md000066400000000000000000000074731360225401300176410ustar00rootroot00000000000000# mixlib-authentication Changelog ## [v3.0.6](https://github.com/chef/mixlib-authentication/tree/v3.0.6) (2019-12-30) #### Merged Pull Requests - Substitute require for require_relative [#52](https://github.com/chef/mixlib-authentication/pull/52) ([tas50](https://github.com/tas50)) ### Changes not yet released to rubygems.org #### Merged Pull Requests - Substitute require for require_relative [#52](https://github.com/chef/mixlib-authentication/pull/52) ([tas50](https://github.com/tas50)) - Test on Ruby 2.7 + random testing improvements [#51](https://github.com/chef/mixlib-authentication/pull/51) ([tas50](https://github.com/tas50)) ## [v3.0.4](https://github.com/chef/mixlib-authentication/tree/v3.0.4) (2019-10-31) #### Merged Pull Requests - Add BuildKite PR Testing [#47](https://github.com/chef/mixlib-authentication/pull/47) ([tas50](https://github.com/tas50)) - Update project owner + Remove Travis CI [#48](https://github.com/chef/mixlib-authentication/pull/48) ([tas50](https://github.com/tas50)) - Update mixlib-log requirement from ~> 2 to ~> 3 [#50](https://github.com/chef/mixlib-authentication/pull/50) ([dependabot-preview[bot]](https://github.com/dependabot-preview[bot])) ## [v3.0.1](https://github.com/chef/mixlib-authentication/tree/v3.0.1) (2019-04-23) #### Merged Pull Requests - remove hashrocket syntax [#40](https://github.com/chef/mixlib-authentication/pull/40) ([lamont-granquist](https://github.com/lamont-granquist)) - Update testing boilerplate [#41](https://github.com/chef/mixlib-authentication/pull/41) ([tas50](https://github.com/tas50)) - Update codeowners and add github PR template [#43](https://github.com/chef/mixlib-authentication/pull/43) ([tas50](https://github.com/tas50)) - Only ship the required libraries in the gem artifact [#44](https://github.com/chef/mixlib-authentication/pull/44) ([tas50](https://github.com/tas50)) - update travis, drop ruby < 2.5, major version bump [#45](https://github.com/chef/mixlib-authentication/pull/45) ([lamont-granquist](https://github.com/lamont-granquist)) - Add back Ruby 2.4 support / update testing [#46](https://github.com/chef/mixlib-authentication/pull/46) ([tas50](https://github.com/tas50)) ## [v2.1.1](https://github.com/chef/mixlib-authentication/tree/v2.1.1) (2018-06-08) #### Merged Pull Requests - Silence the warning for the default positional args case [#39](https://github.com/chef/mixlib-authentication/pull/39) ([coderanger](https://github.com/coderanger)) ## [v2.1.0](https://github.com/chef/mixlib-authentication/tree/v2.1.0) (2018-05-31) #### Merged Pull Requests - Support signing with ssh-agent (round two) [#36](https://github.com/chef/mixlib-authentication/pull/36) ([coderanger](https://github.com/coderanger)) - Forgot to put sign_version in the opts which would make it nil when pā€¦ [#37](https://github.com/chef/mixlib-authentication/pull/37) ([coderanger](https://github.com/coderanger)) - bump version to 2.1.0 [#38](https://github.com/chef/mixlib-authentication/pull/38) ([thommay](https://github.com/thommay)) ## [v2.0.0](https://github.com/chef/mixlib-authentication/tree/v2.0.0) (2018-04-12) #### Merged Pull Requests - Move mixlib-auth debugging to trace level [#32](https://github.com/chef/mixlib-authentication/pull/32) ([thommay](https://github.com/thommay)) ## 1.4.2 (2017-08-17) - fix bug in ordering x_ops_authorization_n headers when headers number more than 9 [dde604f] [#5] - fix bug where a constant lookup fails when vendored into other projects [#24] - make mixlib-log optional [#21] ## 1.4.1 (2016-06-08) - testing and style modernization [#13, #14, #15, #18] ## 1.4.0 (2015-01-19) - Add Chef signing protocol version 1.3mixlib-authentication-3.0.6/CODE_OF_CONDUCT.md000066400000000000000000000001331360225401300206110ustar00rootroot00000000000000Please refer to the Chef Community Code of Conduct at https://www.chef.io/code-of-conduct/ mixlib-authentication-3.0.6/CONTRIBUTING.md000066400000000000000000000001111360225401300202370ustar00rootroot00000000000000Please refer to https://github.com/chef/chef/blob/master/CONTRIBUTING.md mixlib-authentication-3.0.6/Gemfile000066400000000000000000000006211360225401300173070ustar00rootroot00000000000000source "https://rubygems.org" gemspec group :docs do gem "github-markup" gem "redcarpet" gem "yard" end group :test do gem "chefstyle" gem "rspec-core", "~> 3.2" gem "rspec-mocks", "~> 3.2" gem "rspec-expectations", "~> 3.2" gem "rake" gem "mixlib-log", "~> 3" gem "net-ssh" end group :debug do gem "pry" gem "pry-byebug" gem "pry-stack_explorer" gem "rb-readline" end mixlib-authentication-3.0.6/LICENSE000066400000000000000000000251421360225401300170260ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. mixlib-authentication-3.0.6/NOTICE000066400000000000000000000002311360225401300167150ustar00rootroot00000000000000Mixlib::Authentication NOTICE ================= Developed at Chef (https://www.chef.io/). * Copyright 2009-2016, Chef Software, Inc. mixlib-authentication-3.0.6/README.md000066400000000000000000000035571360225401300173060ustar00rootroot00000000000000# Mixlib::Authentication [![Gem Version](https://badge.fury.io/rb/mixlib-authentication.svg)](https://badge.fury.io/rb/mixlib-authentication)[![Build status](https://badge.buildkite.com/6e6fbb678a969e9c28782f83630a526c73d41bf9b70f4e5596.svg?branch=master)](https://buildkite.com/chef-oss/chef-mixlib-authentication-master-verify) **Umbrella Project**: [Chef Foundation](https://github.com/chef/chef-oss-practices/blob/master/projects/chef-foundation.md) **Project State**: [Active](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md#active) **Issues [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days **Pull Request [Response Time Maximum](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md)**: 14 days Mixlib::Authentication provides a class-based header signing authentication object, like the one used in Chef. ## Documentation All documentation is written using YARD. You can generate a by running: ```shell rake docs ``` ## Contributing For information on contributing to this project please see our [Contributing Documentation](https://github.com/chef/chef/blob/master/CONTRIBUTING.md) ## License & Copyright - Copyright:: Copyright (c) 2009-2019 Chef Software, Inc. - License:: Apache License, Version 2.0 ```text Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ``` mixlib-authentication-3.0.6/Rakefile000066400000000000000000000017501360225401300174650ustar00rootroot00000000000000require "bundler/gem_tasks" begin require "rspec/core/rake_task" RSpec::Core::RakeTask.new do |t| t.pattern = "spec/**/*_spec.rb" end rescue LoadError desc "rspec is not installed, this task is disabled" task :spec do abort "rspec is not installed. bundle install first to make sure all dependencies are installed." end end begin require "chefstyle" require "rubocop/rake_task" desc "Run Chefstyle tests" RuboCop::RakeTask.new(:style) do |task| task.options += ["--display-cop-names", "--no-color"] end rescue LoadError puts "chefstyle gem is not installed. bundle install first to make sure all dependencies are installed." end begin require "yard" YARD::Rake::YardocTask.new(:docs) rescue LoadError puts "yard is not available. bundle install first to make sure all dependencies are installed." end task :console do require "irb" require "irb/completion" require "mixlib/authentication" ARGV.clear IRB.start end task default: %i{spec style} mixlib-authentication-3.0.6/VERSION000066400000000000000000000000051360225401300170600ustar00rootroot000000000000003.0.6mixlib-authentication-3.0.6/lib/000077500000000000000000000000001360225401300165635ustar00rootroot00000000000000mixlib-authentication-3.0.6/lib/mixlib/000077500000000000000000000000001360225401300200475ustar00rootroot00000000000000mixlib-authentication-3.0.6/lib/mixlib/authentication.rb000066400000000000000000000025211360225401300234130ustar00rootroot00000000000000# # Author:: Christopher Brown () # Copyright:: Copyright (c) 2009-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # module Mixlib module Authentication DEFAULT_SERVER_API_VERSION = "0".freeze attr_accessor :logger module_function :logger, :logger= class AuthenticationError < StandardError end class MissingAuthenticationHeader < AuthenticationError end class Log end begin require "mixlib/log" Mixlib::Authentication::Log.extend(Mixlib::Log) rescue LoadError require_relative "authentication/null_logger" Mixlib::Authentication::Log.extend(Mixlib::Authentication::NullLogger) end Mixlib::Authentication.logger = Mixlib::Authentication::Log Mixlib::Authentication.logger.level = :error end end mixlib-authentication-3.0.6/lib/mixlib/authentication/000077500000000000000000000000001360225401300230665ustar00rootroot00000000000000mixlib-authentication-3.0.6/lib/mixlib/authentication/digester.rb000066400000000000000000000024401360225401300252210ustar00rootroot00000000000000# # Author:: Christopher Brown () # Copyright:: Copyright (c) 2009-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # require_relative "../authentication" require "openssl" module Mixlib module Authentication class Digester class << self def hash_file(f, digest = OpenSSL::Digest::SHA1) digester = digest.new buf = "" digester.update buf while f.read(16384, buf) ::Base64.encode64(digester.digest).chomp end # Digests a string, base64's and chomps the end # # ====Parameters # def hash_string(str, digest = OpenSSL::Digest::SHA1) ::Base64.encode64(digest.digest(str)).chomp end end end end end mixlib-authentication-3.0.6/lib/mixlib/authentication/http_authentication_request.rb000066400000000000000000000050121360225401300312370ustar00rootroot00000000000000# # Author:: Daniel DeLeo () # Copyright:: Copyright (c) 2010-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # require_relative "../authentication" module Mixlib module Authentication class HTTPAuthenticationRequest MANDATORY_HEADERS = %i{x_ops_sign x_ops_userid x_ops_timestamp host x_ops_content_hash}.freeze attr_reader :request def initialize(request) @request = request @request_signature = nil validate_headers! end def headers @headers ||= @request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } end def http_method @request.method.to_s end def path @request.path.to_s end def signing_description headers[:x_ops_sign].chomp end def user_id headers[:x_ops_userid].chomp end def timestamp headers[:x_ops_timestamp].chomp end def host headers[:host].chomp end def content_hash headers[:x_ops_content_hash].chomp end def server_api_version (headers[:x_ops_server_api_version] || DEFAULT_SERVER_API_VERSION).chomp end def request_signature unless @request_signature @request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ } .sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map { |i| i[1] }.join("\n") Mixlib::Authentication::Log.trace "Reconstituted (user-supplied) request signature: #{@request_signature}" end @request_signature end def validate_headers! missing_headers = MANDATORY_HEADERS - headers.keys unless missing_headers.empty? missing_headers.map! { |h| h.to_s.upcase } raise MissingAuthenticationHeader, "missing required authentication header(s) '#{missing_headers.join("', '")}'" end end end end end mixlib-authentication-3.0.6/lib/mixlib/authentication/null_logger.rb000066400000000000000000000010521360225401300257220ustar00rootroot00000000000000module Mixlib module Authentication module NullLogger attr_accessor :level %i{trace debug info warn error fatal}.each do |method_name| class_eval(<<-METHOD_DEFN, __FILE__, __LINE__) def #{method_name}(msg=nil, &block) true end METHOD_DEFN end %i{trace? debug? info? warn? error? fatal?}.each do |method_name| class_eval(<<-METHOD_DEFN, __FILE__, __LINE__) def #{method_name} false end METHOD_DEFN end end end end mixlib-authentication-3.0.6/lib/mixlib/authentication/signatureverification.rb000066400000000000000000000215151360225401300300230ustar00rootroot00000000000000# # Author:: Christopher Brown () # Author:: Christopher Walters () # Copyright:: Copyright (c) 2009-2018 Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # require "net/http" require "forwardable" require_relative "../authentication" require_relative "http_authentication_request" require_relative "signedheaderauth" module Mixlib module Authentication SignatureResponse = Struct.new(:name) class SignatureVerification extend Forwardable def_delegator :@auth_request, :http_method def_delegator :@auth_request, :path def_delegator :@auth_request, :signing_description def_delegator :@auth_request, :user_id def_delegator :@auth_request, :timestamp def_delegator :@auth_request, :host def_delegator :@auth_request, :request_signature def_delegator :@auth_request, :content_hash def_delegator :@auth_request, :request def_delegator :@auth_request, :server_api_version include Mixlib::Authentication::SignedHeaderAuth def initialize(request = nil) @auth_request = HTTPAuthenticationRequest.new(request) if request @valid_signature, @valid_timestamp, @valid_content_hash = false, false, false @hashed_body = nil end def authenticate_user_request(request, user_lookup, time_skew = (15 * 60)) @auth_request = HTTPAuthenticationRequest.new(request) authenticate_request(user_lookup, time_skew) end # Takes the request, boils down the pieces we are interested in, # looks up the user, generates a signature, and compares to # the signature in the request # ====Headers # # X-Ops-Sign: algorithm=sha1;version=1.0; # X-Ops-UserId: # X-Ops-Timestamp: # X-Ops-Content-Hash: # X-Ops-Authorization-#{line_number} def authenticate_request(user_secret, time_skew = (15 * 60)) Mixlib::Authentication.logger.trace "Initializing header auth : #{request.inspect}" @user_secret = user_secret @allowed_time_skew = time_skew # in seconds begin parts = parse_signing_description # version 1.0 clients don't include their algorithm in the # signing description, so default to sha1 parts[:algorithm] ||= "sha1" verify_signature(parts[:algorithm], parts[:version]) verify_timestamp verify_content_hash rescue StandardError => se raise AuthenticationError, "Failed to authenticate user request. Check your client key and clock: #{se.message}", se.backtrace end if valid_request? SignatureResponse.new(user_id) else nil end end def valid_signature? @valid_signature end def valid_timestamp? @valid_timestamp end def valid_content_hash? @valid_content_hash end def valid_request? valid_signature? && valid_timestamp? && valid_content_hash? end # The authorization header is a Base64-encoded version of an RSA signature. # The client sent it on multiple header lines, starting at index 1 - # X-Ops-Authorization-1, X-Ops-Authorization-2, etc. Pull them out and # concatenate. def headers @headers ||= request.env.inject({}) { |memo, kv| memo[$2.tr("-", "_").downcase.to_sym] = kv[1] if kv[0] =~ /^(HTTP_)(.*)/; memo } end private def assert_required_headers_present MANDATORY_HEADERS.each do |header| unless headers.key?(header) raise MissingAuthenticationHeader, "required authentication header #{header.to_s.upcase} missing" end end end def verify_signature(algorithm, version) candidate_block = canonicalize_request(algorithm, version) signature = Base64.decode64(request_signature) @valid_signature = case version when "1.3" digest = validate_sign_version_digest!(algorithm, version) @user_secret.verify(digest.new, signature, candidate_block) else request_decrypted_block = @user_secret.public_decrypt(signature) (request_decrypted_block == candidate_block) end # Keep the trace messages lined up so it's easy to scan them Mixlib::Authentication.logger.trace("Verifying request signature:") Mixlib::Authentication.logger.trace(" Expected Block is: '#{candidate_block}'") Mixlib::Authentication.logger.trace("Decrypted block is: '#{request_decrypted_block}'") Mixlib::Authentication.logger.trace("Signatures match? : '#{@valid_signature}'") @valid_signature rescue => e Mixlib::Authentication.logger.trace("Failed to verify request signature: #{e.class.name}: #{e.message}") @valid_signature = false end def verify_timestamp @valid_timestamp = timestamp_within_bounds?(Time.parse(timestamp), Time.now) end def verify_content_hash @valid_content_hash = (content_hash == hashed_body) # Keep the trace messages lined up so it's easy to scan them Mixlib::Authentication.logger.trace("Expected content hash is: '#{hashed_body}'") Mixlib::Authentication.logger.trace(" Request Content Hash is: '#{content_hash}'") Mixlib::Authentication.logger.trace(" Hashes match?: #{@valid_content_hash}") @valid_content_hash end # The request signature is based on any file attached, if any. Otherwise # it's based on the body of the request. def hashed_body(digest = Digest::SHA1) unless @hashed_body # TODO: tim: 2009-112-28: It'd be nice to remove this special case, and # always hash the entire request body. In the file case it would just be # expanded multipart text - the entire body of the POST. # # Pull out any file that was attached to this request, using multipart # form uploads. # Depending on the server we're running in, multipart form uploads are # handed to us differently. # - In Passenger (Cookbooks Community Site), the File is handed to us # directly in the params hash. The name is whatever the client used, # its value is therefore a File or Tempfile. # e.g. request['file_param'] = File # # - In Merb (Chef server), the File is wrapped. The original parameter # name used for the file is used, but its value is a Hash. Within # the hash is a name/value pair named 'file' which actually # contains the Tempfile instance. # e.g. request['file_param'] = { :file => Tempfile } file_param = request.params.values.find { |value| value.respond_to?(:read) } # No file_param; we're running in Merb, or it's just not there.. if file_param.nil? hash_param = request.params.values.find { |value| value.respond_to?(:has_key?) } # Hash responds to :has_key? . unless hash_param.nil? file_param = hash_param.values.find { |value| value.respond_to?(:read) } # File/Tempfile responds to :read. end end # Any file that's included in the request is hashed if it's there. Otherwise, # we hash the body. if file_param Mixlib::Authentication.logger.trace "Digesting file_param: '#{file_param.inspect}'" @hashed_body = digester.hash_file(file_param, digest) else body = request.raw_post Mixlib::Authentication.logger.trace "Digesting body: '#{body}'" @hashed_body = digester.hash_string(body, digest) end end @hashed_body end # Compare the request timestamp with boundary time # # # ====Parameters # time1