Class: OpenNebula::ServerCipherAuth
- Inherits:
-
Object
- Object
- OpenNebula::ServerCipherAuth
- Defined in:
- lib/opennebula/server_cipher_auth.rb
Overview
Server authentication class. This method can be used by OpenNebula services to let access authenticated users by other means. It is based on OpenSSL symmetric ciphers
Constant Summary collapse
- CIPHER =
Constants with paths to relevant files and defaults
"aes-256-cbc"
Class Method Summary collapse
-
.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object
Creates a ServerCipher for client usage.
-
.new_driver ⇒ Object
Creates a ServerCipher for driver usage.
Instance Method Summary collapse
-
#authenticate(srv_user, srv_pass, signed_text) ⇒ Object
auth method for auth_mad.
-
#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth
constructor
A new instance of ServerCipherAuth.
-
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form: - server_user:target_user:time_expires The token is then encrypted with the contents of one_auth.
-
#password ⇒ Object
Returns a valid password string to create a user using this auth driver.
Constructor Details
#initialize(srv_user, srv_passwd) ⇒ ServerCipherAuth
Returns a new instance of ServerCipherAuth.
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/opennebula/server_cipher_auth.rb', line 37 def initialize(srv_user, srv_passwd) @srv_user = srv_user @srv_passwd = srv_passwd if !srv_passwd.empty? # truncate token to 32-bytes for Ruby >= 2.4 @key = Digest::SHA256.hexdigest(@srv_passwd)[0..31] @iv = @key[0..15] else @key = "" @iv = "" end @cipher = OpenSSL::Cipher.new(CIPHER) end |
Class Method Details
.new_client(srv_user = nil, srv_passwd = nil) ⇒ Object
Creates a ServerCipher for client usage
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/opennebula/server_cipher_auth.rb', line 58 def self.new_client(srv_user=nil, srv_passwd=nil) if ( srv_user == nil || srv_passwd == nil ) begin if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty? one_auth = File.read(ENV["ONE_CIPHER_AUTH"]) else raise "ONE_CIPHER_AUTH environment variable not set" end one_auth.rstrip! rc = one_auth.match(/(.*?):(.*)/) if rc.nil? raise "Bad format for one_auth token (<user>:<passwd>)" else srv_user = rc[1] srv_passwd = rc[2] end rescue => e raise e. end end self.new(srv_user, srv_passwd) end |
.new_driver ⇒ Object
Creates a ServerCipher for driver usage
108 109 110 |
# File 'lib/opennebula/server_cipher_auth.rb', line 108 def self.new_driver() self.new("","") end |
Instance Method Details
#authenticate(srv_user, srv_pass, signed_text) ⇒ Object
auth method for auth_mad
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 |
# File 'lib/opennebula/server_cipher_auth.rb', line 113 def authenticate(srv_user, srv_pass, signed_text) begin # truncate token to 32-bytes for Ruby >= 2.4 @key = srv_pass[0..31] @iv = srv_pass[0..15] token_array = decrypt(signed_text).split(':') s_user = token_array[0] expires = token_array[-1] return "User name missmatch" if s_user != srv_user return "login token expired" if Time.now.to_i >= expires.to_i return true rescue => e return e. end end |
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form:
- server_user:target_user:time_expires
The token is then encrypted with the contents of one_auth
88 89 90 91 92 93 94 95 96 |
# File 'lib/opennebula/server_cipher_auth.rb', line 88 def login_token(expire, target_user=nil) target_user ||= @srv_user token_txt = "#{@srv_user}:#{target_user}:#{expire}" token = encrypt(token_txt) token64 = Base64::encode64(token).strip.delete("\n") return "#{@srv_user}:#{target_user}:#{token64}" end |
#password ⇒ Object
Returns a valid password string to create a user using this auth driver
99 100 101 |
# File 'lib/opennebula/server_cipher_auth.rb', line 99 def password return @srv_passwd end |