Class: Vcert::TokenConnection

Inherits:
Object
  • Object
show all
Defined in:
lib/tpp/tpp_token.rb

Instance Method Summary collapse

Constructor Details

#initialize(url, access_token: nil, refresh_token: nil, user: nil, password: nil, trust_bundle: nil) ⇒ TokenConnection

Returns a new instance of TokenConnection.

Parameters:

  • url (String)
  • access_token (String) (defaults to: nil)
  • refresh_token (String) (defaults to: nil)
  • user (String) (defaults to: nil)
  • password (String) (defaults to: nil)
  • trust_bundle (String) (defaults to: nil)


15
16
17
18
19
# File 'lib/tpp/tpp_token.rb', line 15

def initialize(url, access_token: nil, refresh_token: nil, user: nil, password: nil , trust_bundle: nil)
  @url = normalize_url url
  @auth = Vcert::Authentication.new access_token: access_token, refresh_token: refresh_token, user: user, password: password
  @trust_bundle = trust_bundle
end

Instance Method Details

#addStartEnd(s) ⇒ Object



285
286
287
288
289
# File 'lib/tpp/tpp_token.rb', line 285

def addStartEnd(s)
  s = '^' + s unless s.index('^') == 0
  s = s + '$' unless s.end_with?('$')
  s
end

#escape(value) ⇒ Object



291
292
293
294
295
296
297
# File 'lib/tpp/tpp_token.rb', line 291

def escape(value)
  if value.kind_of? Array
    return value.map { |v| addStartEnd(Regexp.escape(v)) }
  else
    return addStartEnd(Regexp.escape(value))
  end
end

#get_access_token(authentication: nil) ⇒ Vcert::TokenInfo

Parameters:

Returns:

Raises:



102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'lib/tpp/tpp_token.rb', line 102

def get_access_token(authentication: nil)
  @auth = authentication unless authentication.nil?
  return refresh_access_token unless @auth.refresh_token.nil?

  return nil if @auth.user.nil? || @auth.password.nil?

  request_data = {
    username: @auth.user,
    password: @auth.password,
    client_id: @auth.client_id,
    scope: @auth.scope,
    state: ''
  }
  status, response = post(URL_AUTHORIZE_TOKEN, request_data, check_token: false, include_headers: false)
  raise Vcert::ServerUnexpectedBehaviorError, "Status  #{code}" if status != 200

  token_info = parse_access_token_data response
  update_authentication(token_info)
  token_info
end

#policy(zone_tag) ⇒ Vcert::Policy

Parameters:

  • zone_tag (String)

Returns:

Raises:



50
51
52
53
54
55
# File 'lib/tpp/tpp_token.rb', line 50

def policy(zone_tag)
  code, response = post URL_ZONE_CONFIG, { PolicyDN: policy_dn(zone_tag) }
  raise Vcert::ServerUnexpectedBehaviorError, "Status  #{code}" if code != 200

  parse_policy_response response, zone_tag
end

#refresh_access_tokenVcert::TokenInfo

Returns:



124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# File 'lib/tpp/tpp_token.rb', line 124

def refresh_access_token
  request_data = {
    refresh_token: @auth.refresh_token,
    client_id: @auth.client_id
  }

  status, response = post(URL_REFRESH_TOKEN, request_data, check_token: false, include_headers: false)
  if status != 200
    raise Vcert::ServerUnexpectedBehaviorError, "Server returns #{code} status on refreshing access token"
  end

  token_info = parse_access_token_data(response)
  update_authentication(token_info)
  token_info
end

#renew(request, generate_new_key: true) ⇒ Object



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'lib/tpp/tpp_token.rb', line 67

def renew(request, generate_new_key: true)
  if request.id.nil? && request.thumbprint.nil?
    raise('Either request ID or certificate thumbprint is required to renew the certificate')
  end

  request.id = search_by_thumbprint(request.thumbprint) unless request.thumbprint.nil?
  renew_req_data = { CertificateDN: request.id }
  if generate_new_key
    csr_base64_data = retrieve request
    LOG.info("#{Vcert::VCERT_PREFIX} Retrieved certificate:\n#{csr_base64_data.cert}")
    parsed_csr = parse_csr_fields_tpp(csr_base64_data.cert)
    renew_request = Vcert::Request.new(
      common_name: parsed_csr.fetch(:CN, nil),
      san_dns: parsed_csr.fetch(:DNS, nil),
      country: parsed_csr.fetch(:C, nil),
      province: parsed_csr.fetch(:ST, nil),
      locality: parsed_csr.fetch(:L, nil),
      organization: parsed_csr.fetch(:O, nil),
      organizational_unit: parsed_csr.fetch(:OU, nil)
    )
    renew_req_data.merge!(PKCS10: renew_request.csr)
  end
  LOG.info("#{Vcert::VCERT_PREFIX} Trying to renew certificate #{request.id}")
  _, d = post(URL_CERTIFICATE_RENEW, renew_req_data)
  raise 'Certificate renew error' unless d.key?('Success')

  if generate_new_key
    [request.id, renew_request.private_key]
  else
    [request.id, nil]
  end
end

#request(zone_tag, request) ⇒ Object

Parameters:

Raises:



23
24
25
26
27
28
29
30
31
32
# File 'lib/tpp/tpp_token.rb', line 23

def request(zone_tag, request)
  data = { PolicyDN: policy_dn(zone_tag),
           PKCS10: request.csr,
           ObjectName: request.friendly_name,
           DisableAutomaticRenewal: 'true' }
  code, response = post URL_CERTIFICATE_REQUESTS, data
  raise Vcert::ServerUnexpectedBehaviorError, "Status  #{code}" if code != 200

  request.id = response['CertificateDN']
end

#retrieve(request) ⇒ Vcert::Certificate

Parameters:

Returns:



36
37
38
39
40
41
42
43
44
45
46
# File 'lib/tpp/tpp_token.rb', line 36

def retrieve(request)
  retrieve_request = { CertificateDN: request.id, Format: 'base64', IncludeChain: 'true', RootFirstOrder: 'false' }
  code, response = post URL_CERTIFICATE_RETRIEVE, retrieve_request
  return nil if code != 200

  full_chain = Base64.decode64(response['CertificateData'])
  LOG.info("#{Vcert::VCERT_PREFIX} cert data decoded: #{full_chain}")
  cert = parse_full_chain full_chain
  cert.private_key = request.private_key if cert.private_key == nil
  cert
end

#revoke_access_tokenObject

Returns [].

Returns:



141
142
143
144
145
146
147
148
# File 'lib/tpp/tpp_token.rb', line 141

def revoke_access_token
  status, response = get(URL_REVOKE_TOKEN, check_token: false)
  if status != 200
    raise Vcert::ServerUnexpectedBehaviorError, "Server returns #{status} status on revoking access token"
  end

  response
end

#zone_configuration(zone_tag) ⇒ Vcert::ZoneConfiguration

Parameters:

  • zone_tag (String)

Returns:

Raises:



59
60
61
62
63
64
65
# File 'lib/tpp/tpp_token.rb', line 59

def zone_configuration(zone_tag)
  LOG.info("#{Vcert::VCERT_PREFIX} Reading zone configuration: #{zone_tag}")
  code, response = post URL_ZONE_CONFIG, { PolicyDN: policy_dn(zone_tag) }
  raise Vcert::ServerUnexpectedBehaviorError, "Status  #{code}" if code != 200

  parse_zone_configuration response
end