Module: Oauth2ProxyAuthentication
- Defined in:
- lib/oauth2_proxy_authentication/version.rb,
lib/oauth2_proxy_authentication/signature.rb
Constant Summary collapse
- VERSION =
'0.0.0'
- HEADERS =
%w( Content-Length Content-Md5 Content-Type Date Authorization X-Forwarded-User X-Forwarded-Email X-Forwarded-Access-Token Cookie Gap-Auth )
- NO_SIGNATURE =
1
- INVALID_FORMAT =
2
- UNSUPPORTED_ALGORITHM =
3
- MATCH =
4
- MISMATCH =
5
Class Method Summary collapse
- .parse_digest(name) ⇒ Object
- .request_signature(request, digest, secret_key) ⇒ Object
- .signed_headers(request) ⇒ Object
- .string_to_sign(req) ⇒ Object
- .validate_request(request, key) ⇒ Object
Class Method Details
.parse_digest(name) ⇒ Object
38 39 40 41 42 |
# File 'lib/oauth2_proxy_authentication/signature.rb', line 38 def self.parse_digest(name) OpenSSL::Digest.new name rescue nil end |
.request_signature(request, digest, secret_key) ⇒ Object
32 33 34 35 36 |
# File 'lib/oauth2_proxy_authentication/signature.rb', line 32 def self.request_signature(request, digest, secret_key) hmac = OpenSSL::HMAC.new secret_key, digest hmac << string_to_sign(request) << (request.body || '') digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest) end |
.signed_headers(request) ⇒ Object
24 25 26 |
# File 'lib/oauth2_proxy_authentication/signature.rb', line 24 def self.signed_headers(request) HEADERS.map { |name| request[name] || '' } end |
.string_to_sign(req) ⇒ Object
28 29 30 |
# File 'lib/oauth2_proxy_authentication/signature.rb', line 28 def self.string_to_sign(req) [req.method, signed_headers(req).join("\n"), req.uri.path].join("\n") end |
.validate_request(request, key) ⇒ Object
44 45 46 47 48 49 50 51 52 53 |
# File 'lib/oauth2_proxy_authentication/signature.rb', line 44 def self.validate_request(request, key) header = request['Gap-Signature'] return NO_SIGNATURE unless header components = header.split ' ' return INVALID_FORMAT, header unless components.size == 2 digest = parse_digest components.first return UNSUPPORTED_ALGORITHM, header unless digest computed = request_signature(request, digest, key) [(header == computed) ? MATCH : MISMATCH, header, computed] end |