class Firebase::Admin::Auth::CertificatesFetcher

Fetches public key certificates used for signature verification.

Public Class Methods

new(url) click to toggle source

Constructs a new certificates fetcher.

@param [String] url

The certificates url to use when fetching public keys.
# File lib/firebase/admin/auth/certificates_fetcher.rb, line 15
def initialize(url)
  raise ArgumentError "url is invalid" unless validate_url(url)
  @url = url
  @certificates = {}
  @certificates_expire_at = Time.now
  @monitor = Monitor.new
  @client = Firebase::Admin::Internal::HTTPClient.new
end

Public Instance Methods

fetch_certificates!() click to toggle source

Fetches certificates.

@note

Certificates are cached in memory and refreshed according to the cache-control header if present
in the response.

@return [Hash]

# File lib/firebase/admin/auth/certificates_fetcher.rb, line 31
def fetch_certificates!
  @monitor.synchronize do
    return @certificates unless should_refresh?
    keys, ttl = refresh
    @certificates_expire_at = Time.now + ttl
    @certificates = keys
  end
end

Private Instance Methods

refresh() click to toggle source

Refreshes and returns the certificates

# File lib/firebase/admin/auth/certificates_fetcher.rb, line 43
def refresh
  res = @client.get(@url)
  match = res.headers["cache-control"]&.match(/max-age=([0-9]+)/)
  ttl = match&.captures&.first&.to_i || 0
  certificates = res.body
  [certificates, ttl]
rescue => e
  raise CertificateRequestError, e.message
end
should_refresh?() click to toggle source

Checks if keys need to be refreshed.

@return [Boolean]

# File lib/firebase/admin/auth/certificates_fetcher.rb, line 56
def should_refresh?
  @certificates.nil? || @certificates.empty? || @certificates_expire_at < Time.now
end