Class: OCI::Auth::UrlBasedCertificateRetriever

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/auth/url_based_certificate_retriever.rb

Overview

A certificate retriever which reads PEM-format strings from URLs.

Instance Method Summary collapse

Constructor Details

#initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil) ⇒ UrlBasedCertificateRetriever

Creates a new UrlBasedCertificateRetriever

Parameters:

  • certificate_url (String)

    The URL from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate

  • private_key_url (String) (defaults to: nil)

    The URL from which to retrieve the private key corresponding to certificate_url (if any). It is assumed that what we retrieve is the PEM-formatted string for

  • private_key_passphrase (String) (defaults to: nil)

    The passphrase of the private key (if any)



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 18

def initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil)
  raise 'A certificate_url must be supplied' unless certificate_url

  @certificate_url = certificate_url
  @private_key_url = private_key_url
  @private_key_passphrase = private_key_passphrase

  @certificate_pem = nil
  @private_key_pem = nil
  @private_key = nil

  @refresh_lock = Mutex.new

  uri = URI(certificate_url)
  @certificate_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)

  if !@private_key_url.nil? && !@private_key_url.strip.empty?
    uri = URI(private_key_url.strip)
    @private_key_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)
  else
    @private_key_retrieve_http_client = nil
  end

  refresh
end

Instance Method Details

#certificateOpenSSL::X509::Certificate

PEM-formatted string into a OpenSSL::X509::Certificate

Returns:

  • (OpenSSL::X509::Certificate)

    The certificate as an OpenSSL::X509::Certificate. This converts the



55
56
57
58
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 55

def certificate
  cert_pem = certificate_pem
  OpenSSL::X509::Certificate.new(cert_pem)
end

#certificate_pemString

Returns The certificate as a PEM formatted string.

Returns:

  • (String)

    The certificate as a PEM formatted string



45
46
47
48
49
50
51
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 45

def certificate_pem
  @refresh_lock.lock
  pem = @certificate_pem
  @refresh_lock.unlock

  pem
end

#private_keyOpenSSL::PKey::RSA

Returns The private key.

Returns:

  • (OpenSSL::PKey::RSA)

    The private key



70
71
72
73
74
75
76
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 70

def private_key
  @refresh_lock.lock
  key = @private_key
  @refresh_lock.unlock

  key
end

#private_key_pemString

Returns The private key as a PEM-formatted string.

Returns:

  • (String)

    The private key as a PEM-formatted string



61
62
63
64
65
66
67
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 61

def private_key_pem
  @refresh_lock.lock
  pem = @private_key_pem
  @refresh_lock.unlock

  pem
end

#refreshObject 



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 78

def refresh
  @refresh_lock.lock
  @certificate_retrieve_http_client.start do
    @certificate_retrieve_http_client.request(
      OCI::Auth::Util.get_metadata_request(@certificate_url, 'get')
    ) do |response|
      @certificate_pem = response.body
    end
  end

  if @private_key_retrieve_http_client
    @private_key_retrieve_http_client.start do
      @private_key_retrieve_http_client.request(
        OCI::Auth::Util.get_metadata_request(@private_key_url, 'get')
      ) do |response|
        @private_key_pem = response.body
        @private_key = OpenSSL::PKey::RSA.new(
          @private_key_pem,
          @pass_phrase || SecureRandom.uuid
        )
      end
    end
  end

  nil
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end