Module: Stellar::Auth
Overview
:nodoc: class methods
Class Method Summary collapse
-
.get_certificate(kerberos) ⇒ Hash
Obtains a certificate using a Kerberos credentials.
Instance Method Summary collapse
-
#auth(options = {}) ⇒ Stellar::Client
Authenticates using some credentials, e.g.
-
#mitca_path ⇒ Object
Path to the MIT CA self-signed certificate.
Class Method Details
.get_certificate(kerberos) ⇒ Hash
Obtains a certificate using a Kerberos credentials.
91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/stellar/auth.rb', line 91 def get_certificate(kerberos) mech = Mechanize.new do |m| m.user_agent_alias = 'Linux Firefox' # NOTE: ca.mit.edu uses a Geotrust certificate, not the self-signed one end login_page = mech.get 'https://ca.mit.edu/ca/' login_form = login_page.form_with :action => /login/ login_form.field_with(:name => /login/).value = kerberos[:user] login_form.field_with(:name => /pass/).value = kerberos[:pass] login_form.field_with(:name => /mitid/).value = kerberos[:mit_id] keygen_page = login_form.submit login_form..first keygen_form = keygen_page.form_with(:action => /ca/) if /login/ =~ keygen_form.action raise ArgumentError, 'Invalid Kerberos credentials' end keygen_form.field_with(:name => /life/).value = kerberos[:ttl] || 1 key_pair = keygen_form.keygens.first.key response_page = keygen_form.submit keygen_form..first cert_frame = response_page.frame_with(:name => /download/) cert_bytes = mech.get_file cert_frame.uri cert = OpenSSL::X509::Certificate.new cert_bytes {:key => key_pair, :cert => cert} end |
Instance Method Details
#auth(options = {}) ⇒ Stellar::Client
Authenticates using some credentials, e.g. an MIT certificate.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/stellar/auth.rb', line 20 def auth( = {}) # Create new Mechanize instance to drop any old credentials. if [:cert] key = [:cert][:key] if key.respond_to?(:to_str) && !File.exist?(key) key = OpenSSL::PKey::RSA.new key end cert = [:cert][:cert] if cert.respond_to?(:to_str) && !File.exist?(cert) cert = OpenSSL::X509::Certificate.new cert end @mech = mech do |m| m.key = key m.cert = cert end else @mech = mech end # Go to a page that is guaranteed to redirect to shitoleth. step1_page = get '/atstellar' # Fill in the form. step1_form = step1_page.form_with :action => /WAYF/ step1_form.checkbox_with(:name => /perm/).checked = :checked step2_page = step1_form.submit step1_form..first # Click through the stupid confirmation form. step2_form = step2_page.form_with :action => /WAYF/ cred_page = step2_form.submit step2_form.(:name => /select/i) # Fill in the credentials form. if [:cert] cred_form = cred_page.form_with :action => /certificate/i cred_form.checkbox_with(:name => /pref/).checked = :checked elsif [:kerberos] cred_form = cred_page.form_with :action => /username/i cred_form.field_with(:name => /user/).value = [:kerberos][:user] cred_form.field_with(:name => /pass/).value = [:kerberos][:pass] else raise ArgumentError, 'Unsupported credentials' end # Click through the SAML response form. saml_page = cred_form.submit cred_form..first unless saml_form = saml_page.form_with(:action => /SAML/) raise ArgumentError, 'Authentication failed due to invalid credentials' end saml_form.submit self end |
#mitca_path ⇒ Object
Path to the MIT CA self-signed certificate.
9 10 11 |
# File 'lib/stellar/auth.rb', line 9 def mitca_path File.join File.dirname(__FILE__), 'mitca.crt' end |