class ADAL::SelfSignedJwtFactory
Converts client certificates into self signed JWTs.
Public Class Methods
new(client_id, token_endpoint)
click to toggle source
Constructs a new SelfSignedJwtFactory
.
@param String client_id
The client id of the calling application.
@param String token_endpoint
The token endpoint that will accept the certificate.
# File lib/adal/self_signed_jwt_factory.rb, line 43 def initialize(client_id, token_endpoint) @client_id = client_id @token_endpoint = token_endpoint end
Public Instance Methods
create_and_sign_jwt(certificate, private_key)
click to toggle source
Creates a JWT from a client certificate and signs it with a private key.
@param OpenSSL::X509::Certificate certificate
The certifcate object to be converted to a JWT and signed for use in an authentication flow.
@param OpenSSL::PKey::RSA private_key
The private key used to sign the certificate.
@return String
# File lib/adal/self_signed_jwt_factory.rb, line 57 def create_and_sign_jwt(certificate, private_key) JWT.encode(payload, private_key, RS256, header(certificate)) end
Private Instance Methods
header(certificate)
click to toggle source
The JWT header for a certificate to be encoded.
# File lib/adal/self_signed_jwt_factory.rb, line 64 def header(certificate) x5t = thumbprint(certificate) logger.verbose("Creating self signed JWT header with thumbprint: #{x5t}.") { TYPE => TYPE_JWT, ALGORITHM => RS256, THUMBPRINT => x5t } end
payload()
click to toggle source
The JWT payload.
# File lib/adal/self_signed_jwt_factory.rb, line 73 def payload now = Time.now - 1 expires = now + 60 * SELF_SIGNED_JWT_LIFETIME logger.verbose("Creating self signed JWT payload. Expires: #{expires}. " \ "NotBefore: #{now}.") { AUDIENCE => @token_endpoint, ISSUER => @client_id, SUBJECT => @client_id, NOT_BEFORE => now.to_i, EXPIRES_ON => expires.to_i, JWT_ID => SecureRandom.uuid } end
thumbprint(certificate)
click to toggle source
Base 64 encoded thumbprint AKA fingerprint AKA SHA1 hash of the DER representation of the cert.
@param OpenSSL::X509::Certificate certificate @return String
# File lib/adal/self_signed_jwt_factory.rb, line 92 def thumbprint(certificate) OpenSSL::Digest::SHA1.new(certificate.to_der).base64digest end