9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# File 'lib/hawk/server.rb', line 9
def authenticate_bewit(encoded_bewit, options)
bewit = Crypto::Bewit.decode(encoded_bewit)
unless options[:credentials_lookup].respond_to?(:call) && (credentials = options[:credentials_lookup].call(bewit.id))
return AuthenticationFailure.new(:id, "Unidentified id")
end
if Time.at(bewit.ts.to_i) < Time.now
return AuthenticationFailure.new(:ts, "Stale timestamp")
end
expected_bewit = Crypto.bewit(
:credentials => credentials,
:host => options[:host],
:request_uri => remove_bewit_param_from_path(options[:request_uri]),
:port => options[:port],
:method => options[:method],
:ts => bewit.ts,
:ext => bewit.ext
)
unless expected_bewit.eql?(bewit)
if options[:request_uri].to_s =~ /\Ahttp/
return authenticate_bewit(encoded_bewit, options.merge(
:request_uri => options[:request_uri].sub(%r{\Ahttps?://[^/]+}, '')
))
else
return AuthenticationFailure.new(:bewit, "Invalid signature #{expected_bewit.mac.normalized_string}")
end
end
credentials
end
|