class OpenNebula::ServerX509Auth

Server authentication class. This authmethod can be used by opennebula services to let access authenticated users by other means. It is based on x509 server certificates

Constants

SERVER_AUTH_CONF_PATH

Constants with paths to relevant files and defaults

SERVER_DEFAULTS

Public Class Methods

new() click to toggle source
Calls superclass method OpenNebula::X509Auth.new
# File lib/opennebula/server_x509_auth.rb, line 42
def initialize()
    @options = SERVER_DEFAULTS

    load_options(SERVER_AUTH_CONF_PATH)

    begin
        certs = [ File.read(@options[:one_cert]) ]
        key   =   File.read(@options[:one_key])

        super(:certs_pem => certs, :key_pem => key)
    rescue
        raise
    end

    if @options[:srv_user] == nil || @options[:srv_user].empty?
       raise "User for x509 server not defined"
    end
end
Also aliased as: new_client, new_driver
new_client()
Alias for: new
new_driver()
Alias for: new

Public Instance Methods

authenticate(server_user, server_pass, signed_text) click to toggle source

auth method for auth_mad

# File lib/opennebula/server_x509_auth.rb, line 88
def authenticate(server_user, server_pass, signed_text)
    begin
        s_user, t_user, expires = decrypt(signed_text).split(':')

        return "Server password missmatch" if server_pass != password

        return "User name missmatch" if ( s_user != server_user ||
                                          s_user != @options[:srv_user] )

        return "login token expired" if Time.now.to_i >= expires.to_i

        return true
    rescue => e
        return e.message
    end
end
login_token(expire, target_user=nil) click to toggle source

Generates a login token in the form:

- server_user:target_user:time_expires
# File lib/opennebula/server_x509_auth.rb, line 73
def login_token(expire, target_user=nil)
    target_user ||= @options[:srv_user]
    token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"

    token   = encrypt(token_txt)
    token64 = Base64::encode64(token).strip.delete("\n")

    return "#{@options[:srv_user]}:#{target_user}:#{token64}"
end