Class: Google::Auth::IDTokens::KeyInfo

Inherits:

Object

• Object
• Google::Auth::IDTokens::KeyInfo

Defined in:

lib/googleauth/id_tokens/key_sources.rb

Overview

A public key used for verifying ID tokens.

This includes the public key data, ID, and the algorithm used for signature verification. RSA and Elliptical Curve (EC) keys are supported.

Instance Attribute Summary

• #algorithm ⇒ String readonly

  The signature algorithm.

• #id ⇒ String readonly

  The key ID.

• #key ⇒ OpenSSL::PKey::RSA, OpenSSL::PKey::EC readonly

  The key itself.

Class Method Summary

• .from_jwk(jwk) ⇒ KeyInfo

  Create a KeyInfo from a single JWK, which may be given as either a hash or an unparsed JSON string.

• .from_jwk_set(jwk_set) ⇒ Array<KeyInfo>

  Create an array of KeyInfo from a JWK Set, which may be given as either a hash or an unparsed JSON string.

Instance Method Summary

• #initialize(id: nil, key: nil, algorithm: nil) ⇒ KeyInfo constructor

  Create a public key info structure.

Constructor Details

#initialize(id: nil, key: nil, algorithm: nil) ⇒ KeyInfo

Create a public key info structure.

Parameters:

• id (String) (defaults to: nil) —

  The key ID.

• key (OpenSSL::PKey::RSA, OpenSSL::PKey::EC) (defaults to: nil) —

  The key itself.

• algorithm (String) (defaults to: nil) —

  The algorithm (normally RS256 or ES256)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 44

def initialize id: nil, key: nil, algorithm: nil
  @id = id
  @key = key
  @algorithm = algorithm
end

Instance Attribute Details

#algorithm ⇒ String (readonly)

The signature algorithm. (normally RS256 or ES256)

Returns:

• (String)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 66

def algorithm
  @algorithm
end

#id ⇒ String (readonly)

The key ID.

Returns:

• (String)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 54

def id
  @id
end

#key ⇒ OpenSSL::PKey::RSA, OpenSSL::PKey::EC (readonly)

The key itself.

Returns:

• (OpenSSL::PKey::RSA, OpenSSL::PKey::EC)

# File 'lib/googleauth/id_tokens/key_sources.rb', line 60

def key
  @key
end

Class Method Details

.from_jwk(jwk) ⇒ KeyInfo

Create a KeyInfo from a single JWK, which may be given as either a hash or an unparsed JSON string.

Parameters:

• jwk (Hash, String) —

  The JWK specification.

Returns:

• (KeyInfo)

Raises:

• (KeySourceError) —

  If the key could not be extracted from the JWK.

# File 'lib/googleauth/id_tokens/key_sources.rb', line 78

def from_jwk jwk
  jwk = symbolize_keys ensure_json_parsed jwk
  key = case jwk[:kty]
        when "RSA"
          extract_rsa_key jwk
        when "EC"
          extract_ec_key jwk
        when nil
          raise KeySourceError, "Key type not found"
        else
          raise KeySourceError, "Cannot use key type #{jwk[:kty]}"
        end
  new id: jwk[:kid], key: key, algorithm: jwk[:alg]
end

.from_jwk_set(jwk_set) ⇒ Array<KeyInfo>

Create an array of KeyInfo from a JWK Set, which may be given as either a hash or an unparsed JSON string.

Parameters:

• jwk (Hash, String) —

  The JWK Set specification.

Returns:

• (Array<KeyInfo>)

Raises:

• (KeySourceError) —

  If a key could not be extracted from the JWK Set.

# File 'lib/googleauth/id_tokens/key_sources.rb', line 102

def from_jwk_set jwk_set
  jwk_set = symbolize_keys ensure_json_parsed jwk_set
  jwks = jwk_set[:keys]
  raise KeySourceError, "No keys found in jwk set" unless jwks
  jwks.map { |jwk| from_jwk jwk }
end