class OCI::Auth::Signers::X509FederationClientBasedSecurityTokenSigner

A SecurityTokenSigner where the token and private key are sourced from a provided federation_client. The token is retrieved via the client's security_token method, and the private key is retrieved by reading it from the session_key_supplier in the client.

Public Class Methods

new( federation_client, signing_strategy: OCI::BaseSigner::STANDARD, headers_to_sign_in_all_requests: OCI::BaseSigner::GENERIC_HEADERS, body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS ) click to toggle source

Creates a new X509FederationClientBasedSecurityTokenSigner

@param [<OCI::Auth::FederationClient>] federation_client The federation client to use to request a security token @param [String] signing_strategy Whether this signer is used for Object Storage requests or not. Acceptable values are {OCI::BaseSigner::STANDARD} and {OCI::BaseSigner::OBJECT_STORAGE}. If not provided, defaults to {OCI::BaseSigner::STANDARD} @param [Array<String>] headers_to_sign_in_all_requests An array of headers which will be signed in each request. If not provided, defaults to {OCI::BaseSigner::GENERIC_HEADERS} @param [Array<String>] body_headers_to_sign An array of headers which should be signed on requests with bodies. If not provided, defaults to {OCI::BaseSigner::BODY_HEADERS}

# File lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb, line 22
def initialize(
  federation_client,
  signing_strategy: OCI::BaseSigner::STANDARD,
  headers_to_sign_in_all_requests: OCI::BaseSigner::GENERIC_HEADERS,
  body_headers_to_sign: OCI::BaseSigner::BODY_HEADERS
)
  @federation_client = federation_client
  @refresh_lock = Mutex.new

  super(
    federation_client.security_token,
    federation_client.session_key_supplier.key_pair[:private_key],
    signing_strategy: signing_strategy,
    headers_to_sign_in_all_requests: headers_to_sign_in_all_requests,
    body_headers_to_sign: body_headers_to_sign
  )
end

Public Instance Methods

refresh_security_token() click to toggle source

Refreshes the security token in the federation_client used by this class @return [String] The new security token

# File lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb, line 42
def refresh_security_token
  @federation_client.security_token!
end
sign(method, uri, headers, body, operation_signing_strategy = :standard) click to toggle source

Generates the correct signature and adds it to the headers that are passed in. Also injects any required headers that might be missing.

@param [Symbol] method The HTTP method, such as :get or :post. @param [String] uri The URI, such as 'iaas.us-phoenix-1.oraclecloud.com/20160918/volumeAttachments/' @param [Hash] headers A hash of headers @param [String] body The request body @param [String] operation_signing_strategy the signing strategy for the operation. Default is :standard

Calls superclass method OCI::BaseSigner#sign
# File lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb, line 55
def sign(method, uri, headers, body, operation_signing_strategy = :standard)
  reset_signer
  super
end

Private Instance Methods

reset_signer() click to toggle source
# File lib/oci/auth/signers/x509_federation_client_based_security_token_signer.rb, line 62
def reset_signer
  @refresh_lock.lock
  @key_id = "ST$#{@federation_client.security_token}"
  @private_key_content = @federation_client.session_key_supplier.key_pair[:private_key]
  @private_key = OpenSSL::PKey::RSA.new(
    @private_key_content,
    @pass_phrase || SecureRandom.uuid
  )
ensure
  @refresh_lock.unlock if @refresh_lock.locked? && @refresh_lock.owned?
end