iap-jwt-assertion 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/iap_jwt_assertion.rb +59 -0
  3. metadata +57 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: f92e00d10a48d3cc3accc01e5ec87ed669b792d2acbae3ee1a5659b7b54909cf
4
+ data.tar.gz: 327b5e961e2fc7b1a4dd0919659c5ab44053cd1feaf1cdb88c8cf56ade9992be
5
+ SHA512:
6
+ metadata.gz: 77c266b5c5d30f1c33ba9be067d6f7f0c511351c55dd8ec72fca06fef915d7a042b661baffa50d41f8cfbdf904cf6c9ff324533b1858958d0d4edbdfb461f38f
7
+ data.tar.gz: f06836111caead675a8eac07c7fd4e1f7e4fd2b4ef09467ca20291fc7ef8eb972856a7372038fe556c1c0912218cd53751e5d78c9cbe707212051f59eaffe93d
data/lib/iap_jwt_assertion.rb ADDED
@@ -0,0 +1,59 @@
1
+ require 'net/http'
2
+ require 'json'
3
+ require 'jwt'
4
+
5
+ module IapJwtAssertion
6
+ ALGORITHM = 'ES256'
7
+ PUBLIC_KEYS_URL = 'https://www.gstatic.com/iap/verify/public_key'
8
+
9
+ module_function
10
+
11
+ def authenticate? token, aud:
12
+ kid = get_kid(token)
13
+ pubkey = get_key(kid)
14
+
15
+ begin
16
+ payload, header = JWT.decode(token, pubkey, true, {algorithm: ALGORITHM})
17
+
18
+ if payload['aud'] != aud
19
+ return false
20
+ end
21
+ rescue => e
22
+ return false
23
+ end
24
+
25
+ return true
26
+ end
27
+
28
+ def decode token
29
+ kid = get_kid(token)
30
+ pubkey = get_key(kid)
31
+
32
+ return JWT.decode(token, pubkey, false, {algorithm: ALGORITHM})
33
+ end
34
+
35
+ def get_kid token
36
+ payload, header = JWT.decode(token, nil, false)
37
+ return header['kid']
38
+ end
39
+
40
+ def get_key kid
41
+ if @public_keys.nil? || !@public_keys.has_key?(kid)
42
+ @public_keys = fetch_public_keys
43
+
44
+ if !@public_keys.has_key?(kid)
45
+ raise "kid was not found in the list of public keys."
46
+ end
47
+ end
48
+
49
+ return @public_keys[kid]
50
+ end
51
+
52
+ def fetch_public_keys
53
+ response = Net::HTTP.get(URI(PUBLIC_KEYS_URL))
54
+ response_hash = JSON.parse(response)
55
+ public_keys = response_hash.map {|kid, pubkey| [kid, OpenSSL::PKey::EC.new(pubkey)]}.to_h
56
+
57
+ return public_keys
58
+ end
59
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: iap-jwt-assertion
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - shinkbr
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-05-21 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.2'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.2'
27
+ description:
28
+ email: shinkbr@gmail.com
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - lib/iap_jwt_assertion.rb
34
+ homepage: https://rubygems.org/gems/iap-jwt-assertion
35
+ licenses:
36
+ - MIT
37
+ metadata: {}
38
+ post_install_message:
39
+ rdoc_options: []
40
+ require_paths:
41
+ - lib
42
+ required_ruby_version: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ">="
50
+ - !ruby/object:Gem::Version
51
+ version: '0'
52
+ requirements: []
53
+ rubygems_version: 3.1.2
54
+ signing_key:
55
+ specification_version: 4
56
+ summary: A Ruby gem for handling Google Identity Aware Proxy's signed JWT header.
57
+ test_files: []