123456789_123456789_123456789_123456789_123456789_

Class: Mongo::Crypt::KMS::GCP::Credentials Private

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
self, Forwardable
Instance Chain:
Inherits: Object
Defined in: lib/mongo/crypt/kms/gcp/credentials.rb

Overview

::Mongo::Crypt::KMS::GCP Cloud Key Management Credentials object contains credentials for using ::Mongo::Crypt::KMS::GCP KMS provider.

Constant Summary

Class Method Summary

Instance Attribute Summary

Instance Method Summary

::Mongo::Crypt::KMS::Validations - Included

#validate_param

Validate if a ::Mongo::Crypt::KMS parameter is valid.

#validate_tls_options

Validate KMS TLS options.

Constructor Details

.new(opts) ⇒ Credentials

Creates an ::Mongo::Crypt::KMS::GCP KMS credentials object form a parameters hash.

Parameters:

Options Hash (opts):

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 60

def initialize(opts)
  @opts = opts
  return if empty?

  if opts[:access_token]
    @access_token = opts[:access_token]
  else
    @email = validate_param(:email, opts, FORMAT_HINT)
    @private_key = begin
      private_key_opt = validate_param(:private_key, opts, FORMAT_HINT)
      if BSON::Environment.jruby?
        # We cannot really validate private key on JRuby, so we assume
        # it is in base64 encoded DER format.
        private_key_opt
      else
        # Check if private key is in PEM format.
        pkey = OpenSSL::PKey::RSA.new(private_key_opt)
        # PEM it is, need to be converted to base64 encoded DER.
        der = if pkey.respond_to?(:private_to_der)
                pkey.private_to_der
              else
                pkey.to_der
              end
        Base64.encode64(der)
      end
    rescue OpenSSL::PKey::RSAError
      # Check if private key is in DER.
      begin
        OpenSSL::PKey.read(Base64.decode64(private_key_opt))
        # Private key is fine, use it.
        private_key_opt
      rescue OpenSSL::PKey::PKeyError
        raise ArgumentError.new(
          'The private_key option must be either either base64 encoded DER format, or PEM format.'
        )
      end
    end

    @endpoint = validate_param(
      :endpoint, opts, FORMAT_HINT, required: false
    )
  end
end

Instance Attribute Details

#access_tokenString | nil (readonly)

Returns:

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 39

attr_reader :access_token

#emailString (readonly)

Returns:

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 30

attr_reader :email

#endpointString | nil (readonly)

Returns:

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 36

attr_reader :endpoint

#private_keyString (readonly)

Returns:

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 33

attr_reader :private_key

Instance Method Details

#to_documentBSON::Document

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

[ GitHub ]

  
# File 'lib/mongo/crypt/kms/gcp/credentials.rb', line 107

def to_document
  return BSON::Document.new if empty?

  if access_token
    BSON::Document.new({ accessToken: access_token })
  else
    BSON::Document.new({
                         email: email,
                         privateKey: BSON::Binary.new(private_key, :generic),
                       }).tap do |bson|
      bson.update({ endpoint: endpoint }) unless endpoint.nil?
    end
  end
end