Class: FireJWT::Certificates

Inherits:
Object
  • Object
show all
Defined in:
lib/firejwt/certificates.rb

Constant Summary collapse

URL = 
'https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com'.freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(url: URL) ⇒ Certificates

Returns a new instance of Certificates.



12
13
14
15
16
17
18
19
20
 
# File 'lib/firejwt/certificates.rb', line 12

def initialize(url: URL)
  super()

  @url  = URI(url)
  @keys = {}

  expire!
  refresh!
end

Instance Attribute Details

#expires_atObject (readonly)

Returns the value of attribute expires_at.



10
11
12
 
# File 'lib/firejwt/certificates.rb', line 10

def expires_at
  @expires_at
end

Instance Method Details

#expire!Object 



47
48
49
 
# File 'lib/firejwt/certificates.rb', line 47

def expire!
  @expires_at = Time.at(0)
end

#expired?Boolean

Returns:

  • (Boolean) 


51
52
53
 
# File 'lib/firejwt/certificates.rb', line 51

def expired?
  @expires_at < Time.now
end

#expires_soon?Boolean

Returns:

  • (Boolean) 


55
56
57
 
# File 'lib/firejwt/certificates.rb', line 55

def expires_soon?
  @expires_at < (Time.now + 600)
end

#get(kid) ⇒ Object 



22
23
24
25
26
 
# File 'lib/firejwt/certificates.rb', line 22

def get(kid)
  refresh! if expired?

  @keys[kid]
end

#refresh!(limit = 5) ⇒ Object

Raises:

  • (ArgumentError) 


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/firejwt/certificates.rb', line 28

def refresh!(limit = 5)
  resp = Net::HTTP.get_response(@url)
  unless resp.is_a?(Net::HTTPOK)
    raise "Server responded with #{resp.code}" if limit < 1

    refresh!(limit - 1)
  end

  raise ArgumentError, 'Expires header not included in the response' unless resp['expires']

  @expires_at = Time.httpdate(resp['expires'])
  @keys.clear

  JSON.parse(resp.body).each do |kid, pem|
    cert = OpenSSL::X509::Certificate.new(pem)
    @keys.store kid, cert.public_key
  end
end