Hello community,
here is the log from the commit of package rubygem-mixlib-authentication for openSUSE:Factory checked in at 2018-07-18 22:50:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-mixlib-authentication (Old)
and /work/SRC/openSUSE:Factory/.rubygem-mixlib-authentication.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-mixlib-authentication"
Wed Jul 18 22:50:18 2018 rev:8 rq:621012 version:2.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-mixlib-authentication/rubygem-mixlib-authentication.changes 2017-09-12 19:56:54.594295919 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-mixlib-authentication.new/rubygem-mixlib-authentication.changes 2018-07-18 22:50:20.223677697 +0200
@@ -1,0 +2,18 @@
+Fri Jun 8 21:26:09 UTC 2018 - factory-auto@kulow.org
+
+- updated to version 2.1.1
+ no changelog found
+
+-------------------------------------------------------------------
+Thu May 31 17:22:00 UTC 2018 - factory-auto@kulow.org
+
+- updated to version 2.1.0
+ no changelog found
+
+-------------------------------------------------------------------
+Thu Apr 12 17:41:32 UTC 2018 - factory-auto@kulow.org
+
+- updated to version 2.0.0
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
mixlib-authentication-1.4.2.gem
New:
----
mixlib-authentication-2.1.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-mixlib-authentication.spec ++++++
--- /var/tmp/diff_new_pack.rA3txo/_old 2018-07-18 22:50:20.999675123 +0200
+++ /var/tmp/diff_new_pack.rA3txo/_new 2018-07-18 22:50:21.003675111 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-mixlib-authentication
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-mixlib-authentication
-Version: 1.4.2
+Version: 2.1.1
Release: 0
%define mod_name mixlib-authentication
%define mod_full_name %{mod_name}-%{version}
++++++ mixlib-authentication-1.4.2.gem -> mixlib-authentication-2.1.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2017-08-17 21:39:03.000000000 +0200
+++ new/Gemfile 2018-06-01 11:18:48.000000000 +0200
@@ -3,5 +3,6 @@
group(:development) do
gem "pry"
- gem "mixlib-log"
+ gem "mixlib-log", "~> 2"
+ gem "net-ssh"
end
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/mixlib/authentication/http_authentication_request.rb new/lib/mixlib/authentication/http_authentication_request.rb
--- old/lib/mixlib/authentication/http_authentication_request.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/lib/mixlib/authentication/http_authentication_request.rb 2018-06-01 11:18:48.000000000 +0200
@@ -72,7 +72,7 @@
unless @request_signature
@request_signature = headers.find_all { |h| h[0].to_s =~ /^x_ops_authorization_/ }
.sort { |x, y| x.to_s[/\d+/].to_i <=> y.to_s[/\d+/].to_i }.map { |i| i[1] }.join("\n")
- Mixlib::Authentication::Log.debug "Reconstituted (user-supplied) request signature: #{@request_signature}"
+ Mixlib::Authentication::Log.trace "Reconstituted (user-supplied) request signature: #{@request_signature}"
end
@request_signature
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/mixlib/authentication/null_logger.rb new/lib/mixlib/authentication/null_logger.rb
--- old/lib/mixlib/authentication/null_logger.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/lib/mixlib/authentication/null_logger.rb 2018-06-01 11:18:48.000000000 +0200
@@ -4,7 +4,7 @@
attr_accessor :level
- %i{debug info warn error fatal}.each do |method_name|
+ %i{trace debug info warn error fatal}.each do |method_name|
class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
def #{method_name}(msg=nil, &block)
true
@@ -12,7 +12,7 @@
METHOD_DEFN
end
- %i{debug? info? warn? error? fatal?}.each do |method_name|
+ %i{trace? debug? info? warn? error? fatal?}.each do |method_name|
class_eval(<<-METHOD_DEFN, __FILE__, __LINE__)
def #{method_name}
false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/mixlib/authentication/signatureverification.rb new/lib/mixlib/authentication/signatureverification.rb
--- old/lib/mixlib/authentication/signatureverification.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/lib/mixlib/authentication/signatureverification.rb 2018-06-01 11:18:48.000000000 +0200
@@ -76,7 +76,7 @@
# X-Ops-Content-Hash:
# X-Ops-Authorization-#{line_number}
def authenticate_request(user_secret, time_skew = (15 * 60))
- Mixlib::Authentication.logger.debug "Initializing header auth : #{request.inspect}"
+ Mixlib::Authentication.logger.trace "Initializing header auth : #{request.inspect}"
@user_secret = user_secret
@allowed_time_skew = time_skew # in seconds
@@ -149,15 +149,15 @@
(request_decrypted_block == candidate_block)
end
- # Keep the debug messages lined up so it's easy to scan them
- Mixlib::Authentication.logger.debug("Verifying request signature:")
- Mixlib::Authentication.logger.debug(" Expected Block is: '#{candidate_block}'")
- Mixlib::Authentication.logger.debug("Decrypted block is: '#{request_decrypted_block}'")
- Mixlib::Authentication.logger.debug("Signatures match? : '#{@valid_signature}'")
+ # Keep the trace messages lined up so it's easy to scan them
+ Mixlib::Authentication.logger.trace("Verifying request signature:")
+ Mixlib::Authentication.logger.trace(" Expected Block is: '#{candidate_block}'")
+ Mixlib::Authentication.logger.trace("Decrypted block is: '#{request_decrypted_block}'")
+ Mixlib::Authentication.logger.trace("Signatures match? : '#{@valid_signature}'")
@valid_signature
rescue => e
- Mixlib::Authentication.logger.debug("Failed to verify request signature: #{e.class.name}: #{e.message}")
+ Mixlib::Authentication.logger.trace("Failed to verify request signature: #{e.class.name}: #{e.message}")
@valid_signature = false
end
@@ -168,10 +168,10 @@
def verify_content_hash
@valid_content_hash = (content_hash == hashed_body)
- # Keep the debug messages lined up so it's easy to scan them
- Mixlib::Authentication.logger.debug("Expected content hash is: '#{hashed_body}'")
- Mixlib::Authentication.logger.debug(" Request Content Hash is: '#{content_hash}'")
- Mixlib::Authentication.logger.debug(" Hashes match?: #{@valid_content_hash}")
+ # Keep the trace messages lined up so it's easy to scan them
+ Mixlib::Authentication.logger.trace("Expected content hash is: '#{hashed_body}'")
+ Mixlib::Authentication.logger.trace(" Request Content Hash is: '#{content_hash}'")
+ Mixlib::Authentication.logger.trace(" Hashes match?: #{@valid_content_hash}")
@valid_content_hash
end
@@ -211,11 +211,11 @@
# Any file that's included in the request is hashed if it's there. Otherwise,
# we hash the body.
if file_param
- Mixlib::Authentication.logger.debug "Digesting file_param: '#{file_param.inspect}'"
+ Mixlib::Authentication.logger.trace "Digesting file_param: '#{file_param.inspect}'"
@hashed_body = digester.hash_file(file_param, digest)
else
body = request.raw_post
- Mixlib::Authentication.logger.debug "Digesting body: '#{body}'"
+ Mixlib::Authentication.logger.trace "Digesting body: '#{body}'"
@hashed_body = digester.hash_string(body, digest)
end
end
@@ -232,7 +232,7 @@
def timestamp_within_bounds?(time1, time2)
time_diff = (time2 - time1).abs
is_allowed = (time_diff < @allowed_time_skew)
- Mixlib::Authentication.logger.debug "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
+ Mixlib::Authentication.logger.trace "Request time difference: #{time_diff}, within #{@allowed_time_skew} seconds? : #{!!is_allowed}"
is_allowed
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/mixlib/authentication/signedheaderauth.rb new/lib/mixlib/authentication/signedheaderauth.rb
--- old/lib/mixlib/authentication/signedheaderauth.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/lib/mixlib/authentication/signedheaderauth.rb 2018-06-01 11:18:48.000000000 +0200
@@ -95,9 +95,28 @@
# Build the canonicalized request based on the method, other headers, etc.
# compute the signature from the request, using the looked-up user secret
- # ====Parameters
- # private_keyOpenSSL::PKey::RSA:: user's RSA private key.
- def sign(private_key, sign_algorithm = algorithm, sign_version = proto_version)
+ #
+ # @param rsa_key [OpenSSL::PKey::RSA] User's RSA key. If `use_ssh_agent` is
+ # true, this must have the public key portion populated. If `use_ssh_agent`
+ # is false, this must have the private key portion populated.
+ # @param use_ssh_agent [Boolean] If true, use ssh-agent for request signing.
+ def sign(rsa_key, sign_algorithm = algorithm, sign_version = proto_version, **opts)
+ # Backwards compat stuff.
+ if sign_algorithm.is_a?(Hash)
+ # Was called like sign(key, sign_algorithm: 'foo', other: 'bar')
+ opts.update(sign_algorithm)
+ opts[:sign_algorithm] ||= algorithm
+ opts[:sign_version] ||= sign_version
+ else
+ # Was called like sign(key, 'foo', '1.3', other: 'bar')
+ Mixlib::Authentication.logger.warn("Using deprecated positional arguments for sign(), please update to keyword arguments (from #{caller[1][/^(.*:\d+):in /, 1]})") unless sign_algorithm == algorithm
+ opts[:sign_algorithm] ||= sign_algorithm
+ opts[:sign_version] ||= sign_version
+ end
+ sign_algorithm = opts[:sign_algorithm]
+ sign_version = opts[:sign_version]
+ use_ssh_agent = opts[:use_ssh_agent]
+
digest = validate_sign_version_digest!(sign_algorithm, sign_version)
# Our multiline hash for authorization will be encoded in multiple header
# lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
@@ -108,14 +127,14 @@
"X-Ops-Content-Hash" => hashed_body(digest),
}
- signature = Base64.encode64(do_sign(private_key, digest, sign_algorithm, sign_version)).chomp
+ signature = Base64.encode64(do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)).chomp
signature_lines = signature.split(/\n/)
signature_lines.each_index do |idx|
key = "X-Ops-Authorization-#{idx + 1}"
header_hash[key] = signature_lines[idx]
end
- Mixlib::Authentication.logger.debug "Header hash: #{header_hash.inspect}"
+ Mixlib::Authentication.logger.trace "Header hash: #{header_hash.inspect}"
header_hash
end
@@ -236,7 +255,7 @@
memo[field_name.to_sym] = field_value.strip
memo
end
- Mixlib::Authentication.logger.debug "Parsed signing description: #{parts.inspect}"
+ Mixlib::Authentication.logger.trace "Parsed signing description: #{parts.inspect}"
parts
end
@@ -244,18 +263,73 @@
Mixlib::Authentication::Digester
end
- # private
- def do_sign(private_key, digest, sign_algorithm, sign_version)
+ # Low-level RSA signature implementation used in {#sign}.
+ #
+ # @api private
+ # @param rsa_key [OpenSSL::PKey::RSA] User's RSA key. If `use_ssh_agent` is
+ # true, this must have the public key portion populated. If `use_ssh_agent`
+ # is false, this must have the private key portion populated.
+ # @param digest [Class] Sublcass of OpenSSL::Digest to use while signing.
+ # @param sign_algorithm [String] Hash algorithm to use while signing.
+ # @param sign_version [String] Version number of the signing protocol to use.
+ # @param use_ssh_agent [Boolean] If true, use ssh-agent for request signing.
+ # @return [String]
+ def do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)
string_to_sign = canonicalize_request(sign_algorithm, sign_version)
- Mixlib::Authentication.logger.debug "String to sign: '#{string_to_sign}'"
+ Mixlib::Authentication.logger.trace "String to sign: '#{string_to_sign}'"
case sign_version
when "1.3"
- private_key.sign(digest.new, string_to_sign)
+ if use_ssh_agent
+ do_sign_ssh_agent(rsa_key, string_to_sign)
+ else
+ raise AuthenticationError, "RSA private key is required to sign requests, but a public key was provided" unless rsa_key.private?
+ rsa_key.sign(digest.new, string_to_sign)
+ end
else
- private_key.private_encrypt(string_to_sign)
+ raise AuthenticationError, "Agent signing mode requires signing protocol version 1.3 or newer" if use_ssh_agent
+ raise AuthenticationError, "RSA private key is required to sign requests, but a public key was provided" unless rsa_key.private?
+ rsa_key.private_encrypt(string_to_sign)
end
end
+ # Low-level signing logic for using ssh-agent. This requires the user has
+ # already set up ssh-agent and used ssh-add to load in a (possibly encrypted)
+ # RSA private key. ssh-agent supports keys other than RSA, however they
+ # are not supported as Chef's protocol explicitly requires RSA keys/sigs.
+ #
+ # @api private
+ # @param rsa_key [OpenSSL::PKey::RSA] User's RSA public key.
+ # @param string_to_sign [String] String data to sign with the requested key.
+ # @return [String]
+ def do_sign_ssh_agent(rsa_key, string_to_sign)
+ # First try loading net-ssh as it is an optional dependency.
+ begin
+ require "net/ssh"
+ rescue LoadError => e
+ # ???: Since agent mode is explicitly enabled, should we even catch
+ # this in the first place? Might be cleaner to let the LoadError bubble.
+ raise AuthenticationError, "net-ssh gem is not available, unable to use ssh-agent signing: #{e.message}"
+ end
+
+ # Try to connect to ssh-agent.
+ begin
+ agent = Net::SSH::Authentication::Agent.connect
+ rescue Net::SSH::Authentication::AgentNotAvailable => e
+ raise AuthenticationError, "Could not connect to ssh-agent. Make sure the SSH_AUTH_SOCK environment variable is set and ssh-agent is running: #{e.message}"
+ end
+
+ begin
+ ssh2_signature = agent.sign(rsa_key.public_key, string_to_sign, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256)
+ rescue Net::SSH::Authentication::AgentError => e
+ raise AuthenticationError, "Unable to sign request with ssh-agent. Make sure your key is loaded with ssh-add: #{e.class.name} #{e.message})"
+ end
+
+ # extract signature from SSH Agent response => skip first 20 bytes for RSA keys
+ # "\x00\x00\x00\frsa-sha2-256\x00\x00\x01\x00"
+ # (see http://api.libssh.org/rfc/PROTOCOL.agent for details)
+ ssh2_signature[20..-1]
+ end
+
private :canonical_time, :canonical_path, :parse_signing_description, :digester, :canonicalize_user_id
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/mixlib/authentication/version.rb new/lib/mixlib/authentication/version.rb
--- old/lib/mixlib/authentication/version.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/lib/mixlib/authentication/version.rb 2018-06-01 11:18:48.000000000 +0200
@@ -15,6 +15,6 @@
module Mixlib
module Authentication
- VERSION = "1.4.2"
+ VERSION = "2.1.1"
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2017-08-17 21:39:03.000000000 +0200
+++ new/metadata 2018-06-01 11:18:48.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: mixlib-authentication
version: !ruby/object:Gem::Version
- version: 1.4.2
+ version: 2.1.1
platform: ruby
authors:
- Chef Software, Inc.
autorequire:
bindir: bin
cert_chain: []
-date: 2017-08-17 00:00:00.000000000 Z
+date: 2018-06-01 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rspec-core
@@ -124,7 +124,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.7.6
signing_key:
specification_version: 4
summary: Mixes in simple per-request authentication
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/mixlib/authentication/mixlib_authentication_spec.rb new/spec/mixlib/authentication/mixlib_authentication_spec.rb
--- old/spec/mixlib/authentication/mixlib_authentication_spec.rb 2017-08-17 21:39:03.000000000 +0200
+++ new/spec/mixlib/authentication/mixlib_authentication_spec.rb 2018-06-01 11:18:48.000000000 +0200
@@ -25,6 +25,7 @@
require "openssl"
require "mixlib/authentication/signatureverification"
require "time"
+require "net/ssh"
# TODO: should make these regular spec-based mock objects.
class MockRequest
@@ -63,7 +64,7 @@
end
# Uncomment this to get some more info from the methods we're testing.
-#Mixlib::Authentication.logger.level = :debug
+#Mixlib::Authentication.logger.level = :trace
describe "Mixlib::Authentication::SignedHeaderAuth" do
@@ -101,6 +102,13 @@
expect(V1_3_SHA256_SIGNING_OBJECT.sign(PRIVATE_KEY)).to eq(EXPECTED_SIGN_RESULT_V1_3_SHA256)
end
+ it "should generate the correct string to sign and signature for version 1.3 with SHA256 via ssh-agent" do
+ agent = double("ssh-agent")
+ expect(Net::SSH::Authentication::Agent).to receive(:connect).and_return(agent)
+ expect(agent).to receive(:sign).and_return(SSH_AGENT_RESPONSE)
+ expect(V1_3_SHA256_SIGNING_OBJECT.sign(PUBLIC_KEY, use_ssh_agent: true)).to eq(EXPECTED_SIGN_RESULT_V1_3_SHA256)
+ end
+
it "should generate the correct string to sign and signature for non-default proto version when used as a mixin" do
algorithm = "sha1"
version = "1.1"
@@ -113,14 +121,17 @@
# the results of res.inspect and copy them as appropriate into the
# the constants in this file.
expect(V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, algorithm, version)).to eq(EXPECTED_SIGN_RESULT_V1_1)
+ expect(V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, sign_algorithm: algorithm, sign_version: version)).to eq(EXPECTED_SIGN_RESULT_V1_1)
end
it "should not choke when signing a request for a long user id with version 1.1" do
expect { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, "sha1", "1.1") }.not_to raise_error
+ expect { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, sign_algorithm: "sha1", sign_version: "1.1") }.not_to raise_error
end
it "should choke when signing a request for a long user id with version 1.0" do
expect { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, "sha1", "1.0") }.to raise_error(OpenSSL::PKey::RSAError)
+ expect { LONG_SIGNING_OBJECT.sign(PRIVATE_KEY, sign_algorithm: "sha1", sign_version: "1.0") }.to raise_error(OpenSSL::PKey::RSAError)
end
it "should choke when signing a request with a bad version" do
@@ -131,6 +142,18 @@
expect { V1_1_SIGNING_OBJECT.sign(PRIVATE_KEY, "sha_poo", "1.1") }.to raise_error(Mixlib::Authentication::AuthenticationError)
end
+ it "should choke when signing a request via ssh-agent and ssh-agent is not reachable with version 1.3" do
+ expect(Net::SSH::Authentication::Agent).to receive(:connect).and_raise(Net::SSH::Authentication::AgentNotAvailable)
+ expect { V1_3_SHA256_SIGNING_OBJECT.sign(PUBLIC_KEY, use_ssh_agent: true) }.to raise_error(Mixlib::Authentication::AuthenticationError)
+ end
+
+ it "should choke when signing a request via ssh-agent and the key is not loaded with version 1.3" do
+ agent = double("ssh-agent")
+ expect(Net::SSH::Authentication::Agent).to receive(:connect).and_return(agent)
+ expect(agent).to receive(:sign).and_raise(Net::SSH::Authentication::AgentError)
+ expect { V1_3_SHA256_SIGNING_OBJECT.sign(PUBLIC_KEY, use_ssh_agent: true) }.to raise_error(Mixlib::Authentication::AuthenticationError)
+ end
+
end
describe "Mixlib::Authentication::SignatureVerification" do
@@ -366,6 +389,8 @@
"MmbLUIm3JRYi00Yb01IUCCKdI90vUq1HHNtlTEu93YZfQaJwRxXlGkCNwIJe",
"fy49QzaCIEu1XiOx5Jn+4GmkrZch/RrK9VzQWXgs+w==",
]
+
+SSH_AGENT_RESPONSE = "\x00\x00\x00\frsa-sha2-256\x00\x00\x01\x00\x15\x93\xA6\\\f\x8E\x04\x06PW\xFB\xB0\xD7\xCF\"\x06X\xC1%s\xA6\xFAo1C\xFF\nLb\xE4\x80l\x195\xC4E\xC6Mf\xF7\x9D\xD7\x8CM\xD6Tl\xB5tT\xFB\xE8\xA7\x9A5i\x8F\b\xDBC\x9A\x9A\xDF\x1Fi\xDA\xE5FE\xB5\xF2\xC8*\xB3\xEF\xEF\x19\xBC\xD1_\xA5\xCCL\xD3w\xD5\x81\xC2\xC7\xCF\xE3gY\xF4\xDF\x95\xF4\x8ERU\xF7\v\xFEU\xAB\xAEZ]\xC9\xB7\xDCx\x90\xB9\x8C\xE7\x0F\xE6\xDC\xDF%u\x94!<\e\xE9\x9D\xC4\xAE\r\xC3Su!\x1F\xD8}\x13J\x96\x95\x81\xAA\x9A#BV\xB0g\xA5\xEE\x92\x8BX\x14\xFC\x99~\xADyQH\xD6\xCB'\x81\xA5\x02\xB0\x0F\xB8\xBF{\xEA$\xD8%<\xC42f\xCBP\x89\xB7%\x16\"\xD3F\e\xD3R\x14\b\"\x9D#\xDD/R\xADG\x1C\xDBeLK\xBD\xDD\x86_A\xA2pG\x15\xE5\x1A@\x8D\xC0\x82^\x7F.=C6\x82 K\xB5^#\xB1\xE4\x99\xFE\xE0i\xA4\xAD\x97!\xFD\x1A\xCA\xF5\\\xD0Yx,\xFB"
# We expect Mixlib::Authentication::SignedHeaderAuth#sign to return this
# if passed the BODY above, based on version
@@ -529,6 +554,8 @@
-----END PUBLIC KEY-----
EOS
+PUBLIC_KEY = OpenSSL::PKey::RSA.new(PUBLIC_KEY_DATA)
+
PRIVATE_KEY_DATA = <