class Rack::PrxAuth::Certificate

Constants

DEFAULT_CERT_LOC
EXPIRES_IN

Attributes

cert_location[R]

Public Class Methods

new(cert_uri = nil) click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 12
def initialize(cert_uri = nil)
  @cert_location = cert_uri.nil? ? DEFAULT_CERT_LOC : URI(cert_uri)
end

Public Instance Methods

valid?(token) click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 16
def valid?(token)
  begin
    JSON::JWT.decode(token, public_key)
  rescue JSON::JWT::VerificationFailed
    false
  else
    true
  end
end

Private Instance Methods

certificate() click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 32
def certificate
  if @certificate.nil? || needs_refresh?
    @certificate = fetch
  end
  @certificate
end
expired?() click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 50
def expired?
  @certificate.not_after < Time.now
end
fetch() click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 39
def fetch
  certs = JSON.parse(Net::HTTP.get(cert_location))
  cert_string = certs['certificates'].values[0]
  @refresh_at = Time.now.to_i + EXPIRES_IN
  OpenSSL::X509::Certificate.new(cert_string)
end
needs_refresh?() click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 46
def needs_refresh?
  expired? || @refresh_at <= Time.now.to_i
end
public_key() click to toggle source
# File lib/rack/prx_auth/certificate.rb, line 28
def public_key
  certificate.public_key
end