protected virtual IOss GetSecurityTokenClient(AliyunFileProviderConfiguration configuration)
{
Check.NotNullOrWhiteSpace(configuration.RoleArn, nameof(configuration.RoleArn));
Check.NotNullOrWhiteSpace(configuration.RoleSessionName, nameof(configuration.RoleSessionName));
var cacheItem = Cache.Get(configuration.TemporaryCredentialsCacheKey);
if (cacheItem == null)
{
IClientProfile profile = DefaultProfile.GetProfile(
configuration.RegionId,
configuration.AccessKeyId,
configuration.AccessKeySecret);
DefaultAcsClient client = new DefaultAcsClient(profile);
AssumeRoleRequest request = new AssumeRoleRequest
{
AcceptFormat = FormatType.JSON,
//eg:acs:ram::$accountID:role/$roleName
RoleArn = configuration.RoleArn,
RoleSessionName = configuration.RoleSessionName,
//Set the validity period of the temporary access credential, the unit is s, the minimum is 900, and the maximum is 3600. default 3600
DurationSeconds = configuration.DurationSeconds,
//Set additional permission policy of Token; when acquiring Token, further reduce the permission of Token by setting an additional permission policy
Policy = configuration.Policy.IsNullOrEmpty() ? null : configuration.Policy,
};
var response = client.GetAcsResponse(request);
cacheItem = SetTemporaryCredentialsCache(configuration, response.Credentials);
}
return(new OssClient(
configuration.Endpoint,
StringEncryptionService.Decrypt(cacheItem.AccessKeyId),
StringEncryptionService.Decrypt(cacheItem.AccessKeySecret),
StringEncryptionService.Decrypt(cacheItem.SecurityToken)));
}
public virtual IOss Create(AliyunFileProviderConfiguration configuration)
{
Check.NotNullOrWhiteSpace(configuration.AccessKeyId, nameof(configuration.AccessKeyId));
Check.NotNullOrWhiteSpace(configuration.AccessKeySecret, nameof(configuration.AccessKeySecret));
Check.NotNullOrWhiteSpace(configuration.Endpoint, nameof(configuration.Endpoint));
if (configuration.UseSecurityTokenService)
{
//STS temporary authorization to access OSS
return(GetSecurityTokenClient(configuration));
}
//Sub-account
return(new OssClient(configuration.Endpoint, configuration.AccessKeyId, configuration.AccessKeySecret));
}
private AliyunTemporaryCredentialsCacheItem SetTemporaryCredentialsCache(
AliyunFileProviderConfiguration configuration,
AssumeRole_Credentials credentials)
{
var temporaryCredentialsCache = new AliyunTemporaryCredentialsCacheItem(
StringEncryptionService.Encrypt(credentials.AccessKeyId),
StringEncryptionService.Encrypt(credentials.AccessKeySecret),
StringEncryptionService.Encrypt(credentials.SecurityToken));
Cache.Set(configuration.TemporaryCredentialsCacheKey, temporaryCredentialsCache,
new DistributedCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(configuration.DurationSeconds - 10)
});
return(temporaryCredentialsCache);
}
protected virtual IOss GetOssClient(AliyunFileProviderConfiguration aliyunConfig)
{
return(OssClientFactory.Create(aliyunConfig));
}
