PACS System 0.1.0
PACS DICOM system library
Loading...
Searching...
No Matches
Public Member Functions | Private Member Functions | Private Attributes | List of all members
kcenon::pacs::web::auth::jwks_provider Class Reference

#include <jwks_provider.h>

Collaboration diagram for kcenon::pacs::web::auth::jwks_provider:
Collaboration graph

Public Member Functions

 jwks_provider ()
 
bool load_from_json (std::string_view jwks_json)
 Load keys from a JWKS JSON string.
 
void set_fetcher (jwks_fetch_callback fetcher)
 Set a callback for fetching JWKS from a URL.
 
void set_jwks_url (const std::string &url)
 Set the JWKS endpoint URL for fetching.
 
std::optional< jwk_keyget_key (std::string_view kid) const
 Get a key by Key ID (kid)
 
std::optional< jwk_keyget_key_by_alg (std::string_view alg) const
 Get the first key matching the given algorithm.
 
bool refresh ()
 Force refresh keys from the configured JWKS URL.
 
const std::vector< jwk_key > & keys () const
 Get all currently loaded keys.
 
void set_cache_ttl (std::uint32_t seconds)
 Set cache TTL in seconds (default: 3600)
 
bool is_cache_expired () const
 Check if the cache has expired.
 

Private Member Functions

bool try_refresh () const
 

Private Attributes

std::vector< jwk_keykeys_
 
jwks_fetch_callback fetcher_
 
std::string jwks_url_
 
std::uint32_t cache_ttl_seconds_ {3600}
 
std::chrono::steady_clock::time_point last_fetch_ {}
 
std::mutex mutex_
 

Detailed Description

Definition at line 68 of file jwks_provider.h.

Constructor & Destructor Documentation

◆ jwks_provider()

kcenon::pacs::web::auth::jwks_provider::jwks_provider ( )
default
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Member Function Documentation

◆ get_key()

std::optional< jwk_key > kcenon::pacs::web::auth::jwks_provider::get_key ( std::string_view kid) const
nodiscard

Get a key by Key ID (kid)

If keys are not loaded or cache has expired, attempts to refresh using the configured fetcher and JWKS URL.

Parameters
kidKey ID to look up
Returns
Key if found, std::nullopt otherwise
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 260 of file jwks_provider.cpp.

260 {
261 std::lock_guard<std::mutex> lock(mutex_);
262
263 // Try refresh if cache expired and fetcher available
264 if (is_cache_expired() && fetcher_ && !jwks_url_.empty()) {
265 try_refresh();
266 }
267
268 for (const auto& key : keys_) {
269 if (key.kid == kid) return key;
270 }
271 return std::nullopt;
272}
kcenon::pacs::web::auth::jwks_provider::fetcher_
jwks_fetch_callback fetcher_
Definition jwks_provider.h:138
kcenon::pacs::web::auth::jwks_provider::jwks_url_
std::string jwks_url_
Definition jwks_provider.h:139
kcenon::pacs::web::auth::jwks_provider::keys_
std::vector< jwk_key > keys_
Definition jwks_provider.h:137
kcenon::pacs::web::auth::jwks_provider::is_cache_expired
bool is_cache_expired() const
Check if the cache has expired.
Definition jwks_provider.cpp:301
kcenon::pacs::web::auth::jwks_provider::try_refresh
bool try_refresh() const
Definition jwks_provider.cpp:308
kcenon::pacs::web::auth::jwks_provider::mutex_
std::mutex mutex_
Definition jwks_provider.h:142

References fetcher_, is_cache_expired(), jwks_url_, keys_, mutex_, and try_refresh().

Here is the call graph for this function:

◆ get_key_by_alg()

std::optional< jwk_key > kcenon::pacs::web::auth::jwks_provider::get_key_by_alg ( std::string_view alg) const
nodiscard

Get the first key matching the given algorithm.

Parameters
algAlgorithm name (e.g., "RS256")
Returns
Key if found, std::nullopt otherwise
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 274 of file jwks_provider.cpp.

275 {
276 std::lock_guard<std::mutex> lock(mutex_);
277
278 if (is_cache_expired() && fetcher_ && !jwks_url_.empty()) {
279 try_refresh();
280 }
281
282 for (const auto& key : keys_) {
283 if (key.alg == alg) return key;
284 }
285 return std::nullopt;
286}

References fetcher_, is_cache_expired(), jwks_url_, keys_, mutex_, and try_refresh().

Here is the call graph for this function:

◆ is_cache_expired()

bool kcenon::pacs::web::auth::jwks_provider::is_cache_expired ( ) const
nodiscard

Check if the cache has expired.

Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 301 of file jwks_provider.cpp.

301 {
302 if (last_fetch_ == std::chrono::steady_clock::time_point{}) return true;
303
304 auto elapsed = std::chrono::steady_clock::now() - last_fetch_;
305 return elapsed > std::chrono::seconds(cache_ttl_seconds_);
306}
kcenon::pacs::web::auth::jwks_provider::last_fetch_
std::chrono::steady_clock::time_point last_fetch_
Definition jwks_provider.h:141
kcenon::pacs::web::auth::jwks_provider::cache_ttl_seconds_
std::uint32_t cache_ttl_seconds_
Definition jwks_provider.h:140

References cache_ttl_seconds_, and last_fetch_.

Referenced by get_key(), and get_key_by_alg().

Here is the caller graph for this function:

◆ keys()

const std::vector< jwk_key > & kcenon::pacs::web::auth::jwks_provider::keys ( ) const
nodiscard

Get all currently loaded keys.

Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 293 of file jwks_provider.cpp.

293 {
294 return keys_;
295}

References keys_.

◆ load_from_json()

bool kcenon::pacs::web::auth::jwks_provider::load_from_json ( std::string_view jwks_json)

Load keys from a JWKS JSON string.

Parses the JWKS JSON and converts JWK keys to PEM format. Replaces any previously loaded keys.

Parameters
jwks_jsonJSON string containing {"keys": [...]}
Returns
true if at least one key was successfully loaded
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 227 of file jwks_provider.cpp.

227 {
228 auto json = crow::json::load(std::string(jwks_json));
229 if (!json || !json.has("keys")) return false;
230
231 auto& keys_arr = json["keys"];
232 if (keys_arr.t() != crow::json::type::List) return false;
233
234 std::vector<jwk_key> new_keys;
235 for (size_t i = 0; i < keys_arr.size(); ++i) {
236 auto key = parse_jwk(keys_arr[i]);
237 if (key) {
238 new_keys.push_back(std::move(*key));
239 }
240 }
241
242 if (new_keys.empty()) return false;
243
244 std::lock_guard<std::mutex> lock(mutex_);
245 keys_ = std::move(new_keys);
246 last_fetch_ = std::chrono::steady_clock::now();
247 return true;
248}

References keys_, last_fetch_, and mutex_.

◆ refresh()

bool kcenon::pacs::web::auth::jwks_provider::refresh ( )

Force refresh keys from the configured JWKS URL.

Returns
true if refresh was successful
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 288 of file jwks_provider.cpp.

288 {
289 std::lock_guard<std::mutex> lock(mutex_);
290 return try_refresh();
291}

References mutex_, and try_refresh().

Here is the call graph for this function:

◆ set_cache_ttl()

void kcenon::pacs::web::auth::jwks_provider::set_cache_ttl ( std::uint32_t seconds)

Set cache TTL in seconds (default: 3600)

Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 297 of file jwks_provider.cpp.

297 {
298 cache_ttl_seconds_ = seconds;
299}

References cache_ttl_seconds_.

◆ set_fetcher()

void kcenon::pacs::web::auth::jwks_provider::set_fetcher ( jwks_fetch_callback fetcher)

Set a callback for fetching JWKS from a URL.

Parameters
fetcherCallback that receives URL and returns JSON body
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 250 of file jwks_provider.cpp.

250 {
251 std::lock_guard<std::mutex> lock(mutex_);
252 fetcher_ = std::move(fetcher);
253}

References fetcher_, and mutex_.

◆ set_jwks_url()

void kcenon::pacs::web::auth::jwks_provider::set_jwks_url ( const std::string & url)

Set the JWKS endpoint URL for fetching.

Parameters
urlJWKS endpoint URL
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 255 of file jwks_provider.cpp.

255 {
256 std::lock_guard<std::mutex> lock(mutex_);
257 jwks_url_ = url;
258}

References jwks_url_, and mutex_.

◆ try_refresh()

bool kcenon::pacs::web::auth::jwks_provider::try_refresh ( ) const
private
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 308 of file jwks_provider.cpp.

308 {
309 if (!fetcher_ || jwks_url_.empty()) return false;
310
311 auto json_body = fetcher_(jwks_url_);
312 if (!json_body) return false;
313
314 auto json = crow::json::load(*json_body);
315 if (!json || !json.has("keys")) return false;
316
317 auto& keys_arr = json["keys"];
318 if (keys_arr.t() != crow::json::type::List) return false;
319
320 std::vector<jwk_key> new_keys;
321 for (size_t i = 0; i < keys_arr.size(); ++i) {
322 auto key = parse_jwk(keys_arr[i]);
323 if (key) {
324 new_keys.push_back(std::move(*key));
325 }
326 }
327
328 if (new_keys.empty()) return false;
329
330 keys_ = std::move(new_keys);
331 last_fetch_ = std::chrono::steady_clock::now();
332 return true;
333}

References fetcher_, jwks_url_, keys_, and last_fetch_.

Referenced by get_key(), get_key_by_alg(), and refresh().

Here is the caller graph for this function:

Member Data Documentation

◆ cache_ttl_seconds_

std::uint32_t kcenon::pacs::web::auth::jwks_provider::cache_ttl_seconds_ {3600}
private
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 140 of file jwks_provider.h.

140{3600};

Referenced by is_cache_expired(), and set_cache_ttl().

◆ fetcher_

jwks_fetch_callback kcenon::pacs::web::auth::jwks_provider::fetcher_
private
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 138 of file jwks_provider.h.

Referenced by get_key(), get_key_by_alg(), set_fetcher(), and try_refresh().

◆ jwks_url_

std::string kcenon::pacs::web::auth::jwks_provider::jwks_url_
private
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 139 of file jwks_provider.h.

Referenced by get_key(), get_key_by_alg(), set_jwks_url(), and try_refresh().

◆ keys_

std::vector<jwk_key> kcenon::pacs::web::auth::jwks_provider::keys_
mutableprivate
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 137 of file jwks_provider.h.

Referenced by get_key(), get_key_by_alg(), keys(), load_from_json(), and try_refresh().

◆ last_fetch_

std::chrono::steady_clock::time_point kcenon::pacs::web::auth::jwks_provider::last_fetch_ {}
mutableprivate
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 141 of file jwks_provider.h.

141{};

Referenced by is_cache_expired(), load_from_json(), and try_refresh().

◆ mutex_

std::mutex kcenon::pacs::web::auth::jwks_provider::mutex_
mutableprivate
Examples
/home/runner/work/pacs_system/pacs_system/include/kcenon/pacs/web/auth/jwks_provider.h.

Definition at line 142 of file jwks_provider.h.

Referenced by get_key(), get_key_by_alg(), load_from_json(), refresh(), set_fetcher(), and set_jwks_url().

The documentation for this class was generated from the following files: