module Oauth2ProxyAuthentication
Constants
- HEADERS
- INVALID_FORMAT
- MATCH
- MISMATCH
- NO_SIGNATURE
- UNSUPPORTED_ALGORITHM
- VERSION
Public Class Methods
parse_digest(name)
click to toggle source
# File lib/oauth2_proxy_authentication/signature.rb, line 38 def self.parse_digest(name) OpenSSL::Digest.new name rescue nil end
request_signature(request, digest, secret_key)
click to toggle source
# File lib/oauth2_proxy_authentication/signature.rb, line 32 def self.request_signature(request, digest, secret_key) hmac = OpenSSL::HMAC.new secret_key, digest hmac << string_to_sign(request) << (request.body || '') digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest) end
signed_headers(request)
click to toggle source
# File lib/oauth2_proxy_authentication/signature.rb, line 24 def self.signed_headers(request) HEADERS.map { |name| request[name] || '' } end
string_to_sign(req)
click to toggle source
# File lib/oauth2_proxy_authentication/signature.rb, line 28 def self.string_to_sign(req) [req.method, signed_headers(req).join("\n"), req.uri.path].join("\n") end
validate_request(request, key)
click to toggle source
# File lib/oauth2_proxy_authentication/signature.rb, line 44 def self.validate_request(request, key) header = request['Gap-Signature'] return NO_SIGNATURE unless header components = header.split ' ' return INVALID_FORMAT, header unless components.size == 2 digest = parse_digest components.first return UNSUPPORTED_ALGORITHM, header unless digest computed = request_signature(request, digest, key) [(header == computed) ? MATCH : MISMATCH, header, computed] end