com.oracle.bmc.auth.internal

Class X509FederationClient

java.lang.Object

com.oracle.bmc.auth.internal.X509FederationClient

All Implemented Interfaces:

FederationClient, ProvidesConfigurableRefresh

public class X509FederationClient
extends Object
implements FederationClient, ProvidesConfigurableRefresh

This class gets a security token from the auth service by signing the request with a PKI issued leaf certificate, passing along a temporary public key that is bounded to the the security token, and the leaf certificate.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	X509FederationClient.SecurityToken
static class	X509FederationClient.X509FederationRequest Class is immutable.

Constructor Summary

Constructors

Constructor and Description
X509FederationClient(String federationEndpoint, String tenancyId, X509CertificateSupplier leafCertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> intermediateCertificateSuppliers, ClientConfigurator clientConfigurator, List<ClientConfigurator> additionalClientConfigurators, CircuitBreakerConfiguration circuitBreakerConfig) Same as #X509FederationClient(String, String, X509CertificateSupplier, SessionKeySupplier, Set, ClientConfigurator, List, String) but with ‘purpose’ set to DEFAULT_PURPOSE.
X509FederationClient(String federationEndpoint, String tenancyId, X509CertificateSupplier leafCertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> intermediateCertificateSuppliers, ClientConfigurator clientConfigurator, List<ClientConfigurator> additionalClientConfigurators, CircuitBreakerConfiguration circuitBreakerConfig, String purpose) The constructor.

Method Summary

Modifier and Type	Method and Description
X509CertificateSupplier	getLeafCertificateSupplier()
String	getSecurityToken() Gets a security token.
String	getStringClaim(String key) Return a claim embedded in the security token
String	getTenancyId()
String	refreshAndGetSecurityToken() Gets a security token from the federation endpoint.
String	refreshAndGetSecurityTokenIfExpiringWithin(Duration time) Gets a security token from the federation endpoint if the security token expires within the provided duration.
String	refreshAndGetSecurityTokenIfExpiringWithin(Duration time, boolean refreshKeys) Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

X509FederationClient

public X509FederationClient(String federationEndpoint,
                            String tenancyId,
                            X509CertificateSupplier leafCertificateSupplier,
                            SessionKeySupplier sessionKeySupplier,
                            Set<X509CertificateSupplier> intermediateCertificateSuppliers,
                            ClientConfigurator clientConfigurator,
                            List<ClientConfigurator> additionalClientConfigurators,
                            CircuitBreakerConfiguration circuitBreakerConfig)

Same as #X509FederationClient(String, String, X509CertificateSupplier, SessionKeySupplier, Set, ClientConfigurator, List, String) but with ‘purpose’ set to DEFAULT_PURPOSE.

X509FederationClient

public X509FederationClient(String federationEndpoint,
                            String tenancyId,
                            X509CertificateSupplier leafCertificateSupplier,
                            SessionKeySupplier sessionKeySupplier,
                            Set<X509CertificateSupplier> intermediateCertificateSuppliers,
                            ClientConfigurator clientConfigurator,
                            List<ClientConfigurator> additionalClientConfigurators,
                            CircuitBreakerConfiguration circuitBreakerConfig,
                            String purpose)

The constructor.

Parameters:

federationEndpoint - the auth service endpoint.

tenancyId - the tenancy id, to construct the key id

leafCertificateSupplier - the leaf certificate, used to identify the caller

sessionKeySupplier - the temporary public key, whose corresponding private key will be used to sign actual API calls

intermediateCertificateSuppliers - intermediate certificates, if there are any (else null)

clientConfigurator - client configurator used to configure the federation rest client, if any (else null)

additionalClientConfigurators - Additional client configurators to be run after the primary configurator.

purpose - The purpose that will be configured for each request.

Method Detail

getSecurityToken

public String getSecurityToken()

Gets a security token. If there is already a valid token cached, it will be returned. Else this will make a call to the auth service to get a new token, using the provided suppliers.

This method is thread-safe.

Specified by:

getSecurityToken in interface FederationClient

Returns:

the security token

Throws:

BmcException - If there is any issue with getting a token from the auth server

IllegalArgumentException - if there is a problem with the key/certificate suppliers

getStringClaim

public String getStringClaim(String key)

Return a claim embedded in the security token

Specified by:

getStringClaim in interface FederationClient

Parameters:

key - the name of the claim

Returns:

the value of the claim

refreshAndGetSecurityToken

public String refreshAndGetSecurityToken()

Description copied from interface: FederationClient

Gets a security token from the federation endpoint. This will always retreive a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityToken in interface FederationClient

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityTokenIfExpiringWithin

public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time)

Description copied from interface: ProvidesConfigurableRefresh

Gets a security token from the federation endpoint if the security token expires within the provided duration. This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh

Parameters:

time - the duration to check

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityTokenIfExpiringWithin

public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time,
                                                         boolean refreshKeys)

Description copied from interface: ProvidesConfigurableRefresh

Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys. This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh

Parameters:

time - the duration to check

refreshKeys - boolean value to enable/disable refresh of keys

Returns:

A security token that can be used to authenticate requests.

getLeafCertificateSupplier

public X509CertificateSupplier getLeafCertificateSupplier()

getTenancyId

public String getTenancyId()