class OCI::Auth::UrlBasedCertificateRetriever

A certificate retriever which reads PEM-format strings from URLs.

Public Class Methods

new(certificate_url, private_key_url: nil, private_key_passphrase: nil) click to toggle source

Creates a new UrlBasedCertificateRetriever

@param [String] certificate_url The URL from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate @param [String] private_key_url The URL from which to retrieve the private key corresponding to certificate_url (if any). It is assumed that what we retrieve is the PEM-formatted string for @param [String] private_key_passphrase The passphrase of the private key (if any)

# File lib/oci/auth/url_based_certificate_retriever.rb, line 18
def initialize(certificate_url, private_key_url: nil, private_key_passphrase: nil)
  raise 'A certificate_url must be supplied' unless certificate_url

  @certificate_url = certificate_url
  @private_key_url = private_key_url
  @private_key_passphrase = private_key_passphrase

  @certificate_pem = nil
  @private_key_pem = nil
  @private_key = nil

  @refresh_lock = Mutex.new

  uri = URI(certificate_url)
  @certificate_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)

  if !@private_key_url.nil? && !@private_key_url.strip.empty?
    uri = URI(private_key_url.strip)
    @private_key_retrieve_http_client = Net::HTTP.new(uri.hostname, uri.port)
  else
    @private_key_retrieve_http_client = nil
  end

  refresh
end

Public Instance Methods

certificate() click to toggle source

@return [OpenSSL::X509::Certificate] The certificate as an {OpenSSL::X509::Certificate}. This converts the PEM-formatted string into a {OpenSSL::X509::Certificate}

# File lib/oci/auth/url_based_certificate_retriever.rb, line 55
def certificate
  cert_pem = certificate_pem
  OpenSSL::X509::Certificate.new(cert_pem)
end
certificate_pem() click to toggle source

@return [String] The certificate as a PEM formatted string

# File lib/oci/auth/url_based_certificate_retriever.rb, line 45
def certificate_pem
  @refresh_lock.lock
  pem = @certificate_pem
  @refresh_lock.unlock

  pem
end
private_key() click to toggle source

@return [OpenSSL::PKey::RSA] The private key

# File lib/oci/auth/url_based_certificate_retriever.rb, line 70
def private_key
  @refresh_lock.lock
  key = @private_key
  @refresh_lock.unlock

  key
end
private_key_pem() click to toggle source

@return [String] The private key as a PEM-formatted string

# File lib/oci/auth/url_based_certificate_retriever.rb, line 61
def private_key_pem
  @refresh_lock.lock
  pem = @private_key_pem
  @refresh_lock.unlock

  pem
end
refresh() click to toggle source
# File lib/oci/auth/url_based_certificate_retriever.rb, line 78
def refresh
  @refresh_lock.lock
  @certificate_retrieve_http_client.start do
    @certificate_retrieve_http_client.request(
      OCI::Auth::Util.get_metadata_request(@certificate_url, 'get')
    ) do |response|
      @certificate_pem = response.body
    end
  end

  if @private_key_retrieve_http_client
    @private_key_retrieve_http_client.start do
      @private_key_retrieve_http_client.request(
        OCI::Auth::Util.get_metadata_request(@private_key_url, 'get')
      ) do |response|
        @private_key_pem = response.body
        @private_key = OpenSSL::PKey::RSA.new(
          @private_key_pem,
          @pass_phrase || SecureRandom.uuid
        )
      end
    end
  end

  nil
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end