class OpenNebula::ServerX509Auth
Server authentication class. This authmethod can be used by opennebula services to let access authenticated users by other means. It is based on x509 server certificates
Constants
- SERVER_AUTH_CONF_PATH
Constants with paths to relevant files and defaults
- SERVER_DEFAULTS
Public Class Methods
new()
click to toggle source
Calls superclass method
OpenNebula::X509Auth.new
# File lib/opennebula/server_x509_auth.rb, line 42 def initialize() @options = SERVER_DEFAULTS load_options(SERVER_AUTH_CONF_PATH) begin certs = [ File.read(@options[:one_cert]) ] key = File.read(@options[:one_key]) super(:certs_pem => certs, :key_pem => key) rescue raise end if @options[:srv_user] == nil || @options[:srv_user].empty? raise "User for x509 server not defined" end end
Also aliased as: new_client, new_driver
Public Instance Methods
authenticate(server_user, server_pass, signed_text)
click to toggle source
auth method for auth_mad
# File lib/opennebula/server_x509_auth.rb, line 88 def authenticate(server_user, server_pass, signed_text) begin s_user, t_user, expires = decrypt(signed_text).split(':') return "Server password missmatch" if server_pass != password return "User name missmatch" if ( s_user != server_user || s_user != @options[:srv_user] ) return "login token expired" if Time.now.to_i >= expires.to_i return true rescue => e return e.message end end
login_token(expire, target_user=nil)
click to toggle source
Generates a login token in the form:
- server_user:target_user:time_expires
# File lib/opennebula/server_x509_auth.rb, line 73 def login_token(expire, target_user=nil) target_user ||= @options[:srv_user] token_txt = "#{@options[:srv_user]}:#{target_user}:#{expire}" token = encrypt(token_txt) token64 = Base64::encode64(token).strip.delete("\n") return "#{@options[:srv_user]}:#{target_user}:#{token64}" end