diff --git a/lib/googleauth/json_key_reader.rb b/lib/googleauth/json_key_reader.rb new file mode 100644 index 0000000..8e1284f --- /dev/null +++ b/lib/googleauth/json_key_reader.rb @@ -0,0 +1,45 @@ +# Copyright 2015, Google Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following disclaimer +# in the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Google Inc. nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +module Google + # Module Auth provides classes that provide Google-specific authorization + # used to access Google APIs. + module Auth + # JsonKeyReader contains the behaviour used to read private key and + # client email fields from the service account + module JsonKeyReader + def read_json_key(json_key_io) + json_key = MultiJson.load(json_key_io.read) + raise 'missing client_email' unless json_key.key?('client_email') + raise 'missing private_key' unless json_key.key?('private_key') + [json_key['private_key'], json_key['client_email']] + end + end + end +end diff --git a/lib/googleauth/service_account.rb b/lib/googleauth/service_account.rb index 2b96ed5..8ca2ea4 100644 --- a/lib/googleauth/service_account.rb +++ b/lib/googleauth/service_account.rb @@ -29,6 +29,7 @@ require 'googleauth/signet' require 'googleauth/credentials_loader' +require 'googleauth/json_key_reader' require 'jwt' require 'multi_json' require 'stringio' @@ -48,6 +49,7 @@ module Google class ServiceAccountCredentials < Signet::OAuth2::Client TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze extend CredentialsLoader + extend JsonKeyReader # Creates a ServiceAccountCredentials. # @@ -69,15 +71,6 @@ module Google signing_key: OpenSSL::PKey::RSA.new(private_key)) end - # Reads the private key and client email fields from the service account - # JSON key. - def self.read_json_key(json_key_io) - json_key = MultiJson.load(json_key_io.read) - raise 'missing client_email' unless json_key.key?('client_email') - raise 'missing private_key' unless json_key.key?('private_key') - [json_key['private_key'], json_key['client_email']] - end - # Handles certain escape sequences that sometimes appear in input. # Specifically, interprets the "\n" sequence for newline, and removes # enclosing quotes. @@ -132,6 +125,7 @@ module Google SIGNING_ALGORITHM = 'RS256'.freeze EXPIRY = 60 extend CredentialsLoader + extend JsonKeyReader # make_creds proxies the construction of a credentials instance # @@ -144,15 +138,6 @@ module Google new(json_key_io: args[0][:json_key_io]) end - # Reads the private key and client email fields from the service account - # JSON key. - def self.read_json_key(json_key_io) - json_key = MultiJson.load(json_key_io.read) - raise 'missing client_email' unless json_key.key?('client_email') - raise 'missing private_key' unless json_key.key?('private_key') - [json_key['private_key'], json_key['client_email']] - end - # Initializes a ServiceAccountJwtHeaderCredentials. # # @param json_key_io [IO] an IO from which the JSON key can be read