Module: Mixlib::Authentication::SignedHeaderAuth

Constants

 Object.new
 {         "1.0" => "sha1",         "1.1" => "sha1",         "1.3" => "sha256",       }.freeze()
 Use of SUPPORTED_ALGORITHMS and SUPPORTED_VERSIONS is deprecated. Use
ALGORITHM_FOR_VERSION instead
 ["1.0", "1.1"].freeze
 "sha1".freeze
 "1.0".freeze

Public Class methods

signing_object(args = {})

signing_object

This is the intended interface for signing requests with the Opscode/Chef signed header protocol. This wraps the constructor for a Struct that contains the relevant information about your request.

Signature Parameters:

These parameters are used to generate the canonical representation of the request, which is then hashed and encrypted to generate the request‘s signature. These options are all required, with the exception of `:body` and `:file`, which are alternate ways to specify the request body (you must specify one of these).

`:http_method`: HTTP method as a lowercase symbol, e.g., `:get | :put | :post | :delete`
`:path`: The path part of the URI, e.g., `URI.parse(uri).path`
`:body`: An object representing the body of the request. Use an empty String for bodiless requests.
`:timestamp`: A String representing the time in any format understood by `Time.parse`. The server may reject the request if the timestamp is not close to the server‘s current time.
`:user_id`: The user or client name. This is used by the server to lookup the public key necessary to verify the signature.
`:file`: An IO object (must respond to `:read`) to be used as the request body.

Protocol Versioning Parameters:

`:proto_version`: The version of the signing protocol to use. Currently defaults to 1.0, but version 1.1 is also available.

Other Parameters:

These parameters are accepted but not used in the computation of the signature.

`:host`: The host part of the URI

Public Instance methods

algorithm()

canonicalize_request(sign_algorithm = algorithm, sign_version = proto_version)

Takes HTTP request method & headers and creates a canonical form to create the signature

Parameters

do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)

Low-level RSA signature implementation used in {sign}.

@api private @param rsa_key [OpenSSL::PKey::RSA] User‘s RSA key. If `use_ssh_agent` is

  true, this must have the public key portion populated. If `use_ssh_agent`
  is false, this must have the private key portion populated.

@param digest [Class] Sublcass of OpenSSL::Digest to use while signing. @param sign_algorithm [String] Hash algorithm to use while signing. @param sign_version [String] Version number of the signing protocol to use. @param use_ssh_agent [Boolean] If true, use ssh-agent for request signing. @return [String]

do_sign_ssh_agent(rsa_key, string_to_sign)

Low-level signing logic for using ssh-agent. This requires the user has already set up ssh-agent and used ssh-add to load in a (possibly encrypted) RSA private key. ssh-agent supports keys other than RSA, however they are not supported as Chef‘s protocol explicitly requires RSA keys/sigs.

@api private @param rsa_key [OpenSSL::PKey::RSA] User‘s RSA public key. @param string_to_sign [String] String data to sign with the requested key. @return [String]

hashed_body(digest = OpenSSL::Digest::SHA1)

proto_version()

sign(rsa_key, sign_algorithm = algorithm, sign_version = proto_version, **opts)

Build the canonicalized request based on the method, other headers, etc. compute the signature from the request, using the looked-up user secret

@param rsa_key [OpenSSL::PKey::RSA] User‘s RSA key. If `use_ssh_agent` is

  true, this must have the public key portion populated. If `use_ssh_agent`
  is false, this must have the private key portion populated.

@param use_ssh_agent [Boolean] If true, use ssh-agent for request signing.

validate_sign_version_digest!(sign_algorithm, sign_version)

Methods