Class: Spiffe::Workload::JWTSVIDWrapper

Inherits:

Object

• Object
• Spiffe::Workload::JWTSVIDWrapper

Defined in:

lib/spiffe/workload/jwt_svid.rb

Overview

Represents a JWT SVID

Instance Attribute Summary

• #claims ⇒ Object readonly

  Returns the value of attribute claims.

• #hint ⇒ Object readonly

  Returns the value of attribute hint.

• #spiffe_id ⇒ Object readonly

  Returns the value of attribute spiffe_id.

• #token ⇒ Object readonly

  Returns the value of attribute token.

Class Method Summary

• .from_proto(proto_jwt) ⇒ JWTSVID

  Parse JWT SVID from proto response.

Instance Method Summary

• #audience ⇒ Array<String>

  Get audience claims.

• #expiration ⇒ Time^?

  Get the expiration time.

• #expired? ⇒ Boolean

  Check if the JWT is expired.

• #initialize(spiffe_id:, token:, hint: nil) ⇒ JWTSVIDWrapper constructor

  A new instance of JWTSVIDWrapper.

• #parse_claims ⇒ Hash

  Parse JWT claims without validation.

Constructor Details

#initialize(spiffe_id:, token:, hint: nil) ⇒ JWTSVIDWrapper

# File 'lib/spiffe/workload/jwt_svid.rb', line 15

def initialize(spiffe_id:, token:, hint: nil)
  @spiffe_id = spiffe_id
  @token = token
  @hint = hint
  @claims = parse_claims
end

Instance Attribute Details

#claims ⇒ Object (readonly)

Returns the value of attribute claims.

# File 'lib/spiffe/workload/jwt_svid.rb', line 10

def claims
  @claims
end

#hint ⇒ Object (readonly)

Returns the value of attribute hint.

# File 'lib/spiffe/workload/jwt_svid.rb', line 10

def hint
  @hint
end

#spiffe_id ⇒ Object (readonly)

Returns the value of attribute spiffe_id.

# File 'lib/spiffe/workload/jwt_svid.rb', line 10

def spiffe_id
  @spiffe_id
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/spiffe/workload/jwt_svid.rb', line 10

def token
  @token
end

Class Method Details

.from_proto(proto_jwt) ⇒ JWTSVID

Parse JWT SVID from proto response

# File 'lib/spiffe/workload/jwt_svid.rb', line 66

def self.from_proto(proto_jwt)
  new(
    spiffe_id: proto_jwt.spiffe_id,
    token: proto_jwt.svid,
    hint: proto_jwt.hint.empty? ? nil : proto_jwt.hint
  )
end

Instance Method Details

#audience ⇒ Array<String>

Get audience claims

# File 'lib/spiffe/workload/jwt_svid.rb', line 57

def audience
  aud = @claims['aud']
  return [] unless aud
  aud.is_a?(Array) ? aud : [aud]
end

#expiration ⇒ Time^?

Get the expiration time

# File 'lib/spiffe/workload/jwt_svid.rb', line 42

def expiration
  return nil unless @claims['exp']
  Time.at(@claims['exp'])
end

#expired? ⇒ Boolean

Check if the JWT is expired

# File 'lib/spiffe/workload/jwt_svid.rb', line 49

def expired?
  exp = expiration
  return false unless exp
  exp < Time.now
end

#parse_claims ⇒ Hash

Parse JWT claims without validation

# File 'lib/spiffe/workload/jwt_svid.rb', line 24

def parse_claims
  # JWT format: header.payload.signature
  parts = @token.split('.')
  raise Error, 'Invalid JWT format' unless parts.length == 3

  # Decode payload (base64url)
  payload = parts[1]
  # Add padding if necessary
  payload += '=' * (4 - payload.length % 4) if payload.length % 4 != 0
  
  decoded = Base64.urlsafe_decode64(payload)
  JSON.parse(decoded)
rescue StandardError => e
  raise Error, "Failed to parse JWT claims: #{e.message}"
end