Class: OCI::Auth::UrlBasedCertificateRetriever

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/auth/url_based_certificate_retriever.rb

Overview

A certificate retriever which reads PEM-format strings from URLs.

Instance Method Summary collapse

Constructor Details

#initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil) ⇒ UrlBasedCertificateRetriever

Creates a new UrlBasedCertificateRetriever

Parameters:

  • certificate_url (String)

    The URL from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate

  • private_key_url (String) (defaults to: nil)

    The URL from which to retrieve the private key corresponding to certificate_url (if any). It is assumed that what we retrieve is the PEM-formatted string for

  • private_key_passphrase (String) (defaults to: nil)

    The passphrase of the private key (if any)



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 17

def initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil)
  raise 'A certificate_url must be supplied' unless certificate_url

  @certificate_url = certificate_url
  @private_key_url = private_key_url
  @private_key_passphrase = private_key_passphrase

  @certificate_pem = nil
  @private_key_pem = nil
  @private_key = nil

  @refresh_lock = Mutex.new

  uri = URI(certificate_url)
  @certificate_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)

  if !@private_key_url.nil? && !@private_key_url.strip.empty?
    uri = URI(private_key_url.strip)
    @private_key_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)
  else
    @private_key_retrieve_http_client = nil
  end

  refresh
end

Instance Method Details

#certificateOpenSSL::X509::Certificate

PEM-formatted string into a OpenSSL::X509::Certificate

Returns:

  • (OpenSSL::X509::Certificate)

    The certificate as an OpenSSL::X509::Certificate. This converts the



54
55
56
57
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 54

def certificate
  cert_pem = certificate_pem
  OpenSSL::X509::Certificate.new(cert_pem)
end

#certificate_pemString

Returns The certificate as a PEM formatted string.

Returns:

  • (String)

    The certificate as a PEM formatted string



44
45
46
47
48
49
50
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 44

def certificate_pem
  @refresh_lock.lock
  pem = @certificate_pem
  @refresh_lock.unlock

  pem
end

#private_keyOpenSSL::PKey::RSA

Returns The private key.

Returns:

  • (OpenSSL::PKey::RSA)

    The private key



69
70
71
72
73
74
75
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 69

def private_key
  @refresh_lock.lock
  key = @private_key
  @refresh_lock.unlock

  key
end

#private_key_pemString

Returns The private key as a PEM-formatted string.

Returns:

  • (String)

    The private key as a PEM-formatted string



60
61
62
63
64
65
66
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 60

def private_key_pem
  @refresh_lock.lock
  pem = @private_key_pem
  @refresh_lock.unlock

  pem
end

#refreshObject 



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 77

def refresh
  @refresh_lock.lock
  @certificate_retrieve_http_client.start do
    @certificate_retrieve_http_client.request(Net::HTTP::Get.new(@certificate_url)) do |response|
      @certificate_pem = response.body
    end
  end

  if @private_key_retrieve_http_client
    @private_key_retrieve_http_client.start do
      @private_key_retrieve_http_client.request(Net::HTTP::Get.new(@private_key_url)) do |response|
        @private_key_pem = response.body
        @private_key = OpenSSL::PKey::RSA.new(
          @private_key_pem,
          @pass_phrase || SecureRandom.uuid
        )
      end
    end
  end

  nil
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end