Class: Google::Auth::IDTokens::KeyInfo

Inherits:

Object

• Object
• Google::Auth::IDTokens::KeyInfo

Defined in:

lib/googleauth/id_tokens/key_sources.rb

Overview

A public key used for verifying ID tokens.

This includes the public key data, ID, and the algorithm used for signature verification. RSA and Elliptical Curve (EC) keys are supported.

Instance Attribute Summary

• #algorithm ⇒ String readonly

  The signature algorithm.

• #id ⇒ String readonly

  The key ID.

• #key ⇒ OpenSSL::PKey::RSA, OpenSSL::PKey::EC readonly

  The key itself.

Class Method Summary

• .from_jwk(jwk) ⇒ KeyInfo

  Create a KeyInfo from a single JWK, which may be given as either a hash or an unparsed JSON string.

• .from_jwk_set(jwk_set) ⇒ Array<KeyInfo>

  Create an array of KeyInfo from a JWK Set, which may be given as either a hash or an unparsed JSON string.

Instance Method Summary

• #initialize(id: nil, key: nil, algorithm: nil) ⇒ KeyInfo constructor

  Create a public key info structure.

Constructor Details

#initialize(id: nil, key: nil, algorithm: nil) ⇒ KeyInfo

Create a public key info structure.

Parameters:

• id (String) (defaults to: nil) —

  The key ID.

• key (OpenSSL::PKey::RSA, OpenSSL::PKey::EC) (defaults to: nil) —

  The key itself.

• algorithm (String) (defaults to: nil) —

  The algorithm (normally ‘RS256` or `ES256`)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 57

def initialize id: nil, key: nil, algorithm: nil
  @id = id
  @key = key
  @algorithm = algorithm
end

Instance Attribute Details

#algorithm ⇒ String (readonly)

The signature algorithm. (normally ‘RS256` or `ES256`)

Returns:

• (String)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 79

def algorithm
  @algorithm
end

#id ⇒ String (readonly)

The key ID.

Returns:

• (String)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 67

def id
  @id
end

#key ⇒ OpenSSL::PKey::RSA, OpenSSL::PKey::EC (readonly)

The key itself.

Returns:

• (OpenSSL::PKey::RSA, OpenSSL::PKey::EC)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 73

def key
  @key
end

Class Method Details

.from_jwk(jwk) ⇒ KeyInfo

Create a KeyInfo from a single JWK, which may be given as either a hash or an unparsed JSON string.

Parameters:

• jwk (Hash, String) —

  The JWK specification.

Returns:

• (KeyInfo)

Raises:

• (KeySourceError) —

  If the key could not be extracted from the JWK.

# File 'lib/googleauth/id_tokens/key_sources.rb', line 91

def from_jwk jwk
  jwk = symbolize_keys ensure_json_parsed jwk
  key = case jwk[:kty]
        when "RSA"
          extract_rsa_key jwk
        when "EC"
          extract_ec_key jwk
        when nil
          raise KeySourceError, "Key type not found"
        else
          raise KeySourceError, "Cannot use key type #{jwk[:kty]}"
        end
  new id: jwk[:kid], key: key, algorithm: jwk[:alg]
end

.from_jwk_set(jwk_set) ⇒ Array<KeyInfo>

Create an array of KeyInfo from a JWK Set, which may be given as either a hash or an unparsed JSON string.

Parameters:

• jwk (Hash, String) —

  The JWK Set specification.

Returns:

• (Array<KeyInfo>)

Raises:

• (KeySourceError) —

  If a key could not be extracted from the JWK Set.

# File 'lib/googleauth/id_tokens/key_sources.rb', line 115

def from_jwk_set jwk_set
  jwk_set = symbolize_keys ensure_json_parsed jwk_set
  jwks = jwk_set[:keys]
  raise KeySourceError, "No keys found in jwk set" unless jwks
  jwks.map { |jwk| from_jwk jwk }
end