Class: OCI::Auth::UrlBasedCertificateRetriever

Inherits:

Object

• Object
• OCI::Auth::UrlBasedCertificateRetriever

Defined in:

lib/oci/auth/url_based_certificate_retriever.rb

Overview

A certificate retriever which reads PEM-format strings from URLs.

Instance Method Summary

• #certificate ⇒ OpenSSL::X509::Certificate

  PEM-formatted string into a OpenSSL::X509::Certificate.

• #certificate_pem ⇒ String

  The certificate as a PEM formatted string.

• #initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil) ⇒ UrlBasedCertificateRetriever constructor

  Creates a new UrlBasedCertificateRetriever.

• #private_key ⇒ OpenSSL::PKey::RSA

  The private key.

• #private_key_pem ⇒ String

  The private key as a PEM-formatted string.

• #refresh ⇒ Object

Constructor Details

#initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil) ⇒ UrlBasedCertificateRetriever

Creates a new UrlBasedCertificateRetriever

Parameters:

• certificate_url (String) —

  The URL from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate

• private_key_url (String) (defaults to: nil) —

  The URL from which to retrieve the private key corresponding to certificate_url (if any). It is assumed that what we retrieve is the PEM-formatted string for

• private_key_passphrase (String) (defaults to: nil) —

  The passphrase of the private key (if any)

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 18

def initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil)
  raise 'A certificate_url must be supplied' unless certificate_url

  @certificate_url = certificate_url
  @private_key_url = private_key_url
  @private_key_passphrase = private_key_passphrase

  @certificate_pem = nil
  @private_key_pem = nil
  @private_key = nil

  @refresh_lock = Mutex.new

  uri = URI(certificate_url)
  @certificate_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)

  if !@private_key_url.nil? && !@private_key_url.strip.empty?
    uri = URI(private_key_url.strip)
    @private_key_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)
  else
    @private_key_retrieve_http_client = nil
  end

  refresh
end

Instance Method Details

#certificate ⇒ OpenSSL::X509::Certificate

PEM-formatted string into a OpenSSL::X509::Certificate

Returns:

• (OpenSSL::X509::Certificate) —

  The certificate as an OpenSSL::X509::Certificate. This converts the

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 55

def certificate
  cert_pem = certificate_pem
  OpenSSL::X509::Certificate.new(cert_pem)
end

#certificate_pem ⇒ String

Returns The certificate as a PEM formatted string.

Returns:

• (String) —

  The certificate as a PEM formatted string

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 45

def certificate_pem
  @refresh_lock.lock
  pem = @certificate_pem
  @refresh_lock.unlock

  pem
end

#private_key ⇒ OpenSSL::PKey::RSA

Returns The private key.

Returns:

• (OpenSSL::PKey::RSA) —

  The private key

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 70

def private_key
  @refresh_lock.lock
  key = @private_key
  @refresh_lock.unlock

  key
end

#private_key_pem ⇒ String

Returns The private key as a PEM-formatted string.

Returns:

• (String) —

  The private key as a PEM-formatted string

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 61

def private_key_pem
  @refresh_lock.lock
  pem = @private_key_pem
  @refresh_lock.unlock

  pem
end

#refresh ⇒ Object

# File 'lib/oci/auth/url_based_certificate_retriever.rb', line 78

def refresh
  @refresh_lock.lock
  @certificate_retrieve_http_client.start do
    @certificate_retrieve_http_client.request(
      OCI::Auth::Util.get_metadata_request(@certificate_url, 'get')
    ) do |response|
      @certificate_pem = response.body
    end
  end

  if @private_key_retrieve_http_client
    @private_key_retrieve_http_client.start do
      @private_key_retrieve_http_client.request(
        OCI::Auth::Util.get_metadata_request(@private_key_url, 'get')
      ) do |response|
        @private_key_pem = response.body
        @private_key = OpenSSL::PKey::RSA.new(
          @private_key_pem,
          @pass_phrase || SecureRandom.uuid
        )
      end
    end
  end

  nil
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end