A question: how to get the already existed registration secret


#1

Hello folks,

I have a question about the following code (in chef/lib/chef/client.rb):
def register
determine_node_name unless @node_name
Chef::Log.debug(“Registering #{@safe_name} for an openid”)

  begin
    if @rest.get_rest("registrations/#{@safe_name}")
      @secret = Chef::FileCache.load(File.join("registration",

@safe_name))
end
rescue Net::HTTPServerException => e
case e.message
when /^404/
create_registration
else
raise
end
rescue Chef::Exceptions::FileNotFound
Chef::Application.fatal! “A remote registration already exists for
#{@safe_name}, however the local shared secret does not exist.” +
" To remedy this, you could delete the registration via
webUI/REST, change the node_name option in config.rb" +
" (or use the -N/–node-name option to the CLI) or" +
" copy the old shared secret to #{File.join(Chef::Config[
:file_cache_path], ‘registration’, @safe_name)}", 3
end

  true
end

def authenticate
determine_node_name unless @node_name
Chef::Log.debug(“Authenticating #{@safe_name} via openid”)
response = @rest.post_rest(‘openid/consumer/start’, {
“openid_identifier” => “#{Chef::Config[:openid_url]}
/openid/server/node/#{@safe_name}”,
“submit” => “Verify”
})
@rest.post_rest(
"#{Chef::Config[:openid_url]}#{response[“action”]}",
{ “password” => @secret }
)
end

If the registration already exists, that is, we will get the secret from the
line “@secret = Chef::FileCache.load(File.join(“registration”, @safe_name))”,
but this is the one after the encryption, right? And then, in the
authenticate function, we should post the secret unencrypted to the openid
server, right? How do you solve this problem?

Thanks
Dikang