class ADAL::ClientAssertionCertificate

An assertion made by a client with an X509 certificate. This requires both the public and private keys. Technically it only requires the thumbprint of the public key, however OpenSSL's object model does not include thumbprints.

Constants

MIN_KEY_SIZE_BITS

Attributes

certificate[R]
client_id[R]

Public Class Methods

new(authority, client_id, pkcs12_file) click to toggle source

Creates a new ClientAssertionCertificate.

@param Authority authority

The authority object that will recognize this certificate.

@param [String] client_id

The client id of the calling application.

@param [OpenSSL::PKCS12] pkcs12_file

The PKCS12 file containing the certificate and private key.
# File lib/adal/client_assertion_certificate.rb, line 47
def initialize(authority, client_id, pkcs12_file)
  unless pkcs12_file.is_a? OpenSSL::PKCS12
    fail ArgumentError, 'Only PKCS12 file format is supported.'
  end
  @authority = authority
  @certificate = pkcs12_file.certificate
  @client_id = client_id.to_s
  @private_key = pkcs12_file.key
  validate_certificate_and_key(@certificate, @private_key)
end

Public Instance Methods

request_params() click to toggle source

The relevant parameters from this credential for OAuth.

# File lib/adal/client_assertion_certificate.rb, line 59
def request_params
  jwt_assertion = SelfSignedJwtFactory
                  .new(@client_id, @authority.token_endpoint)
                  .create_and_sign_jwt(@certificate, @private_key)
  ClientAssertion.new(client_id, jwt_assertion).request_params
end

Private Instance Methods

public_key_size_bits(certificate) click to toggle source

@param [OpenSSL::X509::Certificate] certificate @return [Fixnum] The number of bits in the public key.

# File lib/adal/client_assertion_certificate.rb, line 70
def public_key_size_bits(certificate)
  certificate.public_key.n.num_bytes * 8
end
validate_certificate_and_key(certificate, private_key) click to toggle source

In general, Ruby code is very loose about types. However, since we are dealing with sensitive information here, we will be a little bit stricter on type safety.

# File lib/adal/client_assertion_certificate.rb, line 78
def validate_certificate_and_key(certificate, private_key)
  if !certificate.is_a? OpenSSL::X509::Certificate
    fail ArgumentError, 'certificate must be an OpenSSL::X509::Certificate.'
  elsif !private_key.is_a? OpenSSL::PKey::RSA
    fail ArgumentError, 'private_key must be an OpenSSL::PKey::RSA.'
  elsif public_key_size_bits(certificate) < MIN_KEY_SIZE_BITS
    fail ArgumentError, 'certificate must contain a public key of at ' \
      "least #{MIN_KEY_SIZE_BITS} bits."
  end
end