9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# File 'lib/hawk/server.rb', line 9
def authenticate_bewit(bewit, options)
padding = '=' * ((4 - bewit.size) % 4)
id, timestamp, mac, ext = Base64.decode64(bewit + padding).split('\\')
unless options[:credentials_lookup].respond_to?(:call) && (credentials = options[:credentials_lookup].call(id))
return AuthenticationFailure.new(:id, "Unidentified id")
end
if Time.at(timestamp.to_i) < Time.now
return AuthenticationFailure.new(:ts, "Stale timestamp")
end
expected_bewit = Crypto.bewit(
:credentials => credentials,
:host => options[:host],
:request_uri => remove_bewit_param_from_path(options[:request_uri]),
:port => options[:port],
:method => options[:method],
:ts => timestamp,
:ext => ext
)
unless expected_bewit == bewit
if options[:request_uri].to_s =~ /\Ahttp/
return authenticate_bewit(bewit, options.merge(
:request_uri => options[:request_uri].sub(%r{\Ahttps?://[^/]+}, '')
))
else
return AuthenticationFailure.new(:bewit, "Invalid signature")
end
end
credentials
end
|