iap_authenticator 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/lib/iap_authenticator/configuration.rb +54 -0
  3. data/lib/iap_authenticator/iap_auth.rb +18 -0
  4. data/lib/iap_authenticator/jws.rb +32 -0
  5. data/lib/iap_authenticator/pkey.rb +12 -0
  6. data/lib/iap_authenticator/token.rb +23 -0
  7. data/lib/iap_authenticator/version.rb +3 -0
  8. data/lib/iap_authenticator.rb +15 -0
  9. metadata +77 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: e7d44fd34a60c35266cca3d5dd8bff570dd910f59968b35cde972d38ebccdc71
4
+ data.tar.gz: 1f653bc70f6f01e2133c39953238adfe81f249e38b78c716ebd1f48ad9554689
5
+ SHA512:
6
+ metadata.gz: 3029eb2689b19c6b1f6050a78511161fd91c3bbcd3d6d869d5b06df313bfab9c3eab346394a5919ad51987266b0468d2d55fcb38c559dee5546cd6284dd85a52
7
+ data.tar.gz: b6f0eb602ea1be001072ab38feffd320774843b0987bbac567900dec5eee8f54221e9434ac22aa93213dfeec3205783b53a3ef8c01adf7b36cbba224bca35a33
data/lib/iap_authenticator/configuration.rb ADDED
@@ -0,0 +1,54 @@
1
+ module IapAuthenticator
2
+ class Configuration
3
+ def initialize
4
+ @configuration = OpenStruct.new
5
+ end
6
+
7
+ def service_account_credentials_path
8
+ @configuration.service_account_credentials_path
9
+ end
10
+
11
+ def service_account_credentials_path=(service_account_credentials_path)
12
+ @configuration.service_account_credentials_path = service_account_credentials_path
13
+ end
14
+
15
+ def client_id
16
+ @configuration.client_id
17
+ end
18
+
19
+ def client_id=(client_id)
20
+ @configuration.client_id = client_id
21
+ end
22
+
23
+ def refresh_time_seconds
24
+ @configuration.refresh_time_seconds ||= 3600
25
+ end
26
+
27
+ def refresh_time_seconds=(refresh_time_seconds)
28
+ @refresh_time_seconds = refresh_time_seconds.to_i
29
+ end
30
+
31
+ def logger=(log_handler)
32
+ @logger = log_handler
33
+ end
34
+
35
+ def logger
36
+ @logger ||= Ougai::Logger.new(STDOUT)
37
+ end
38
+ end
39
+
40
+ def self.configuration
41
+ @configuration ||= initialize_configuration!
42
+ end
43
+
44
+ def self.configure
45
+ configuration = self.initialize_configuration!
46
+ yield(configuration)
47
+ configuration
48
+ end
49
+
50
+ def self.initialize_configuration!
51
+ @configuration = Configuration.new
52
+ @configuration
53
+ end
54
+ end
data/lib/iap_authenticator/iap_auth.rb ADDED
@@ -0,0 +1,18 @@
1
+ module IapAuthenticator
2
+ class IapAuth
3
+ attr_reader :jws
4
+ def initialize
5
+ @configuration = IapAuthenticator.configuration
6
+ json_from_file = File.read(@configuration.service_account_credentials_path)
7
+ service_account = JSON.parse(json_from_file)
8
+ private_key = IapAuthenticator::Pkey.parse(service_account['private_key'])
9
+ @jws = IapAuthenticator::JWS.new(private_key, @configuration.refresh_time_seconds, service_account['client_email'], @configuration.client_id)
10
+ end
11
+
12
+ def token
13
+ assertion = self.jws.assertion
14
+ token = IapAuthenticator::Token.generate_bearer_token( assertion)
15
+ return token
16
+ end
17
+ end
18
+ end
data/lib/iap_authenticator/jws.rb ADDED
@@ -0,0 +1,32 @@
1
+ module IapAuthenticator
2
+ class JWS
3
+ ALGORITHM = 'RS256'
4
+
5
+ def initialize(private_key, refresh_time_seconds, iss, target_audience)
6
+ @private_key = private_key
7
+ @refresh_time_seconds = refresh_time_seconds
8
+ @iss = iss
9
+ @aud = IapAuthenticator::Token::TokenURI
10
+ @target_audience = target_audience
11
+ end
12
+
13
+ def assertion
14
+ exp = Time.now.to_i + @refresh_time_seconds
15
+ iat = Time.now.to_i
16
+ payload = {
17
+ iss: @iss,
18
+ aud: @aud,
19
+ exp: exp,
20
+ iat: iat,
21
+ target_audience: @target_audience
22
+ }
23
+
24
+ begin
25
+ token = JWT.encode payload, @private_key, ALGORITHM
26
+ rescue
27
+ raise "Unable to create JWT"
28
+ end
29
+ return token
30
+ end
31
+ end
32
+ end
data/lib/iap_authenticator/pkey.rb ADDED
@@ -0,0 +1,12 @@
1
+ module IapAuthenticator
2
+ class Pkey
3
+ def self.parse( private_key_string )
4
+ begin
5
+ rsa_private_key = OpenSSL::PKey::RSA.new(private_key_string)
6
+ rescue
7
+ raise "Invalid Private Key in service account credentials."
8
+ end
9
+ return rsa_private_key
10
+ end
11
+ end
12
+ end
data/lib/iap_authenticator/token.rb ADDED
@@ -0,0 +1,23 @@
1
+ module IapAuthenticator
2
+ class Token
3
+ TokenURI = "https://www.googleapis.com/oauth2/v4/token"
4
+ JWTBearerType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
5
+
6
+ def self.generate_bearer_token( assertion )
7
+ uri = URI(TokenURI)
8
+ begin
9
+ res = Net::HTTP.post_form(uri, 'grant_type' => JWTBearerType, 'assertion' => assertion)
10
+ rescue => e
11
+ raise e
12
+ end
13
+ if res.code.to_i != 200
14
+ error_description = JSON.parse(res.body)["error_description"]
15
+ error = JSON.parse(res.body)["error"]
16
+ raise("Request failed with error: #{error} and description: #{error_description}")
17
+ end
18
+
19
+ response_jwt = JSON.parse(res.body)["id_token"]
20
+ return response_jwt
21
+ end
22
+ end
23
+ end
data/lib/iap_authenticator/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module IapAuthenticator
2
+ VERSION = '0.1.0'
3
+ end
data/lib/iap_authenticator.rb ADDED
@@ -0,0 +1,15 @@
1
+ require 'iap_authenticator/configuration'
2
+ require 'iap_authenticator/version'
3
+ require 'iap_authenticator/iap_auth'
4
+ require 'iap_authenticator/jws'
5
+ require 'iap_authenticator/pkey'
6
+ require 'iap_authenticator/token'
7
+ require 'json'
8
+ require 'openssl'
9
+ require 'jwt'
10
+ require 'net/http'
11
+ require 'uri'
12
+
13
+ module IapAuthenticator
14
+ end
15
+
metadata ADDED
@@ -0,0 +1,77 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: iap_authenticator
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Sankalp Singh
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-03-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rake
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '10.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '10.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rspec
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '3.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '3.0'
41
+ description: This gem created authentication token for services running behind IAP
42
+ email: sankalps@go-jek.com
43
+ executables: []
44
+ extensions: []
45
+ extra_rdoc_files: []
46
+ files:
47
+ - lib/iap_authenticator.rb
48
+ - lib/iap_authenticator/configuration.rb
49
+ - lib/iap_authenticator/iap_auth.rb
50
+ - lib/iap_authenticator/jws.rb
51
+ - lib/iap_authenticator/pkey.rb
52
+ - lib/iap_authenticator/token.rb
53
+ - lib/iap_authenticator/version.rb
54
+ homepage: http://rubygems.org/gems/iap_authenticator
55
+ licenses:
56
+ - MIT
57
+ metadata: {}
58
+ post_install_message:
59
+ rdoc_options: []
60
+ require_paths:
61
+ - lib
62
+ required_ruby_version: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - ">="
65
+ - !ruby/object:Gem::Version
66
+ version: '0'
67
+ required_rubygems_version: !ruby/object:Gem::Requirement
68
+ requirements:
69
+ - - ">="
70
+ - !ruby/object:Gem::Version
71
+ version: '0'
72
+ requirements: []
73
+ rubygems_version: 3.0.3
74
+ signing_key:
75
+ specification_version: 4
76
+ summary: This gem created authentication token for services running behind IAP
77
+ test_files: []