C# (CSharp) AuthUtils.GetTenantIdFromCertificate Exemples

Exemple #1

        // Reads the leaf certificate, intermediate certificate and tenancyId from a known location
        protected void AutoDetectCertificatesUsingMetadataUrl()
        {
            logger.Info("Extracting the leaf certificate, tenantId and intermediate certificates");
            if (leafCertificateSupplier == null)
            {
                leafCertificateSupplier = new URLBasedX509CertificateSupplier(
                    GetMetadataResourceDetails(Constants.INSTANCE_CERT),
                    GetMetadataResourceDetails(Constants.PRIVATE_KEY_CERT),
                    null
                    );
                ((URLBasedX509CertificateSupplier)leafCertificateSupplier).Refresh();
            }

            if (String.IsNullOrEmpty(tenancyId))
            {
                tenancyId = AuthUtils.GetTenantIdFromCertificate(leafCertificateSupplier.GetCertificateAndKeyPair().Certificate);
                if (String.IsNullOrEmpty(tenancyId))
                {
                    throw new ArgumentNullException("TenancyId not found in the leaf certificate");
                }
                logger.Info($"Tenancy id is {tenancyId}");
            }

            if (intermediateCertificateSuppliers == null)
            {
                intermediateCertificateSuppliers = new HashSet <IX509CertificateSupplier>();
                var certificate = new URLBasedX509CertificateSupplier(
                    GetMetadataResourceDetails(Constants.INTERMEDIATE_KEY_CERT),
                    null,
                    null
                    );
                certificate.Refresh();
                intermediateCertificateSuppliers.Add(certificate);
            }
        }

Exemple #2

Fichier : X509FederationClient.cs Projet : anuj-dwivedi/oci-dotnet-sdk

        private string RefreshAndGetSecurityTokenInner(bool doFinalTokenValidityCheck)
        {
            // Check again to see if the JWT is still invalid, unless we want to skip that check
            if (!doFinalTokenValidityCheck || !this.securityTokenAdapter.IsValid())
            {
                logger.Info("Refreshing session keys");
                sessionKeySupplier.RefreshKeys();

                if (leafCertificateSupplier != null)
                {
                    try
                    {
                        this.leafCertificateSupplier.Refresh();
                    }
                    catch (Exception e)
                    {
                        throw new OciException($"Failed to refresh the leaf Certificate: ", e);
                    }

                    // When using default purpose (ex, instance principals), the token request should always be signed with the same tenant id as the certificate.
                    // For other purposes, the tenant id can be different.
                    if (this.purpose.Equals(DEFAULT_PURPOSE))
                    {
                        string newTenancyId = AuthUtils.GetTenantIdFromCertificate(this.leafCertificateSupplier.GetCertificateAndKeyPair().Certificate);

                        if (!tenancyId.Equals(newTenancyId))
                        {
                            throw new InvalidDataException("The tenancy id should never be changed in cert file!");
                        }
                    }
                }

                foreach (var supplier in intermediateCertificateSuppliers)
                {
                    try
                    {
                        supplier.Refresh();
                    }
                    catch (Exception e)
                    {
                        throw new OciException($"Failed to refresh the intermediate certificate: ", e);
                    }
                }
                securityTokenAdapter = GetSecurityTokenFromServer();
                return(securityTokenAdapter.SecurityToken);
            }
            return(securityTokenAdapter.SecurityToken);
        }