Class: OpenNebula::ServerX509Auth
- Defined in:
- lib/opennebula/server_x509_auth.rb
Overview
Server authentication class. This authmethod can be used by opennebula services to let access authenticated users by other means. It is based on x509 server certificates
Constant Summary collapse
- SERVER_AUTH_CONF_PATH =
Constants with paths to relevant files and defaults
ETC_LOCATION + "/auth/server_x509_auth.conf"
- SERVER_DEFAULTS =
{ :one_cert => ETC_LOCATION + "/auth/cert.pem", :one_key => ETC_LOCATION + "/auth/key.pem" }
Constants inherited from X509Auth
X509Auth::ETC_LOCATION, X509Auth::X509_AUTH_CONF_PATH, X509Auth::X509_DEFAULTS
Instance Method Summary collapse
-
#authenticate(server_user, server_pass, signed_text) ⇒ Object
auth method for auth_mad.
-
#initialize ⇒ ServerX509Auth
constructor
A new instance of ServerX509Auth.
-
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form: - server_user:target_user:time_expires.
Methods inherited from X509Auth
escape_dn, #password, unescape_dn
Constructor Details
#initialize ⇒ ServerX509Auth
Returns a new instance of ServerX509Auth.
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/opennebula/server_x509_auth.rb', line 42 def initialize() @options = SERVER_DEFAULTS (SERVER_AUTH_CONF_PATH) begin certs = [ File.read(@options[:one_cert]) ] key = File.read(@options[:one_key]) super(:certs_pem => certs, :key_pem => key) rescue raise end if @options[:srv_user] == nil || @options[:srv_user].empty? raise "User for x509 server not defined" end end |
Instance Method Details
#authenticate(server_user, server_pass, signed_text) ⇒ Object
auth method for auth_mad
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/opennebula/server_x509_auth.rb', line 88 def authenticate(server_user, server_pass, signed_text) begin token_array = decrypt(signed_text).split(':') s_user = token_array[0] expires = token_array[-1] return "Server password missmatch" if server_pass != password return "User name missmatch" if ( s_user != server_user || s_user != @options[:srv_user] ) return "login token expired" if Time.now.to_i >= expires.to_i return true rescue => e return e. end end |
#login_token(expire, target_user = nil) ⇒ Object
Generates a login token in the form:
- server_user:target_user:time_expires
73 74 75 76 77 78 79 80 81 |
# File 'lib/opennebula/server_x509_auth.rb', line 73 def login_token(expire, target_user=nil) target_user ||= @options[:srv_user] token_txt = "#{@options[:srv_user]}:#{target_user}:#{expire}" token = encrypt(token_txt) token64 = Base64::encode64(token).strip.delete("\n") return "#{@options[:srv_user]}:#{target_user}:#{token64}" end |