class Chef::HTTP::Authenticator

Constants

DEFAULT_SERVER_API_VERSION

Attributes

api_version[R]
attr_names[R]
auth_credentials[R]
raw_key[R]
sign_request[RW]
signing_key_filename[R]
version_class[R]

Public Class Methods

new(opts = {}) click to toggle source
# File lib/chef/http/authenticator.rb, line 38
def initialize(opts = {})
  @raw_key = nil
  @sign_request = true
  @signing_key_filename = opts[:signing_key_filename]
  @key = load_signing_key(opts[:signing_key_filename], opts[:raw_key])
  @auth_credentials = AuthCredentials.new(opts[:client_name], @key, use_ssh_agent: opts[:ssh_agent_signing])
  @version_class = opts[:version_class]
  @api_version = opts[:api_version]
end

Public Instance Methods

authentication_headers(method, url, json_body = nil, headers = nil) click to toggle source
# File lib/chef/http/authenticator.rb, line 107
def authentication_headers(method, url, json_body = nil, headers = nil)
  request_params = {
    http_method: method,
    path: url.path,
    body: json_body,
    host: "#{url.host}:#{url.port}",
    headers: headers,
  }
  request_params[:body] ||= ""
  auth_credentials.signature_headers(request_params)
end
client_name() click to toggle source
# File lib/chef/http/authenticator.rb, line 82
def client_name
  @auth_credentials.client_name
end
handle_request(method, url, headers = {}, data = false) click to toggle source
# File lib/chef/http/authenticator.rb, line 48
def handle_request(method, url, headers = {}, data = false)
  headers["X-Ops-Server-API-Version"] = request_version
  headers.merge!(authentication_headers(method, url, data, headers)) if sign_requests?
  [method, url, headers, data]
end
handle_response(http_response, rest_request, return_value) click to toggle source
# File lib/chef/http/authenticator.rb, line 54
def handle_response(http_response, rest_request, return_value)
  [http_response, rest_request, return_value]
end
handle_stream_complete(http_response, rest_request, return_value) click to toggle source
# File lib/chef/http/authenticator.rb, line 62
def handle_stream_complete(http_response, rest_request, return_value)
  [http_response, rest_request, return_value]
end
load_signing_key(key_file, raw_key = nil) click to toggle source
# File lib/chef/http/authenticator.rb, line 86
def load_signing_key(key_file, raw_key = nil)
  if !!key_file
    @raw_key = IO.read(key_file).strip
  elsif !!raw_key
    @raw_key = raw_key.strip
  else
    return nil
  end
  # Pass in '' as the passphrase to avoid OpenSSL prompting on the TTY if
  # given an encrypted key. This also helps if using a single file for
  # both the public and private key with ssh-agent mode.
  @key = OpenSSL::PKey::RSA.new(@raw_key, "")
rescue SystemCallError, IOError => e
  Chef::Log.warn "Failed to read the private key #{key_file}: #{e.inspect}"
  raise Chef::Exceptions::PrivateKeyMissing, "I cannot read #{key_file}, which you told me to use to sign requests!"
rescue OpenSSL::PKey::RSAError
  msg = "The file #{key_file} or :raw_key option does not contain a correctly formatted private key or the key is encrypted.\n"
  msg << "The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'"
  raise Chef::Exceptions::InvalidPrivateKey, msg
end
request_version() click to toggle source
# File lib/chef/http/authenticator.rb, line 66
def request_version
  if version_class
    version_class.best_request_version
  elsif api_version
    api_version
  elsif Chef::ServerAPIVersions.instance.negotiated?
    Chef::ServerAPIVersions.instance.max_server_version.to_s
  else
    DEFAULT_SERVER_API_VERSION
  end
end
sign_requests?() click to toggle source
# File lib/chef/http/authenticator.rb, line 78
def sign_requests?
  auth_credentials.sign_requests? && @sign_request
end
stream_response_handler(response) click to toggle source
# File lib/chef/http/authenticator.rb, line 58
def stream_response_handler(response)
  nil
end