Package com.oracle.bmc.auth.internal

Class X509FederationClient

    • Constructor Detail

      • X509FederationClient

        public X509FederationClient​(String federationEndpoint,
                            String tenancyId,
                            X509CertificateSupplier leafCertificateSupplier,
                            SessionKeySupplier sessionKeySupplier,
                            Set<X509CertificateSupplier> intermediateCertificateSuppliers,
                            ClientConfigurator clientConfigurator,
                            List<ClientConfigurator> additionalClientConfigurators,
                            CircuitBreakerConfiguration circuitBreakerConfig,
                            String purpose)
        The constructor.
        Parameters:
        federationEndpoint - the auth service endpoint.
        tenancyId - the tenancy id, to construct the key id
        leafCertificateSupplier - the leaf certificate, used to identify the caller
        sessionKeySupplier - the temporary public key, whose corresponding private key will be used to sign actual API calls
        intermediateCertificateSuppliers - intermediate certificates, if there are any (else null)
        clientConfigurator - client configurator used to configure the federation rest client, if any (else null)
        additionalClientConfigurators - Additional client configurators to be run after the primary configurator.
        purpose - The purpose that will be configured for each request.

    • Method Detail

      • getSecurityToken

        public String getSecurityToken()
        Gets a security token.

        If there is already a valid token cached, it will be returned. Else this will make a call to the auth service to get a new token, using the provided suppliers.

        This method is thread-safe.

        Specified by:
        getSecurityToken in interface FederationClient
        Returns:
        the security token
        Throws:
        BmcException - If there is any issue with getting a token from the auth server
        IllegalArgumentException - if there is a problem with the key/certificate suppliers

      • getStringClaim

        public String getStringClaim​(String key)
        Return a claim embedded in the security token
        Specified by:
        getStringClaim in interface FederationClient
        Parameters:
        key - the name of the claim
        Returns:
        the value of the claim

      • refreshAndGetSecurityToken

        public String refreshAndGetSecurityToken()
        Description copied from interface: FederationClient
        Gets a security token from the federation endpoint.

        This will always retreive a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityToken in interface FederationClient
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenIfExpiringWithin

        public String refreshAndGetSecurityTokenIfExpiringWithin​(Duration time)
        Description copied from interface: ProvidesConfigurableRefresh
        Gets a security token from the federation endpoint if the security token expires within the provided duration.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh
        Parameters:
        time - the duration to check
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenIfExpiringWithin

        public String refreshAndGetSecurityTokenIfExpiringWithin​(Duration time,
                                                         boolean refreshKeys)
        Description copied from interface: ProvidesConfigurableRefresh
        Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh
        Parameters:
        time - the duration to check
        refreshKeys - boolean value to enable/disable refresh of keys
        Returns:
        A security token that can be used to authenticate requests.

      • getTenancyId

        public String getTenancyId()