// Reads the leaf certificate, intermediate certificate and tenancyId from a known location protected void AutoDetectCertificatesUsingMetadataUrl() { logger.Info("Extracting the leaf certificate, tenantId and intermediate certificates"); if (leafCertificateSupplier == null) { leafCertificateSupplier = new URLBasedX509CertificateSupplier( GetMetadataResourceDetails(Constants.INSTANCE_CERT), GetMetadataResourceDetails(Constants.PRIVATE_KEY_CERT), null ); ((URLBasedX509CertificateSupplier)leafCertificateSupplier).Refresh(); } if (String.IsNullOrEmpty(tenancyId)) { tenancyId = AuthUtils.GetTenantIdFromCertificate(leafCertificateSupplier.GetCertificateAndKeyPair().Certificate); if (String.IsNullOrEmpty(tenancyId)) { throw new ArgumentNullException("TenancyId not found in the leaf certificate"); } logger.Info($"Tenancy id is {tenancyId}"); } if (intermediateCertificateSuppliers == null) { intermediateCertificateSuppliers = new HashSet <IX509CertificateSupplier>(); var certificate = new URLBasedX509CertificateSupplier( GetMetadataResourceDetails(Constants.INTERMEDIATE_KEY_CERT), null, null ); certificate.Refresh(); intermediateCertificateSuppliers.Add(certificate); } }
private string RefreshAndGetSecurityTokenInner(bool doFinalTokenValidityCheck) { // Check again to see if the JWT is still invalid, unless we want to skip that check if (!doFinalTokenValidityCheck || !this.securityTokenAdapter.IsValid()) { logger.Info("Refreshing session keys"); sessionKeySupplier.RefreshKeys(); if (leafCertificateSupplier != null) { try { this.leafCertificateSupplier.Refresh(); } catch (Exception e) { throw new OciException($"Failed to refresh the leaf Certificate: ", e); } // When using default purpose (ex, instance principals), the token request should always be signed with the same tenant id as the certificate. // For other purposes, the tenant id can be different. if (this.purpose.Equals(DEFAULT_PURPOSE)) { string newTenancyId = AuthUtils.GetTenantIdFromCertificate(this.leafCertificateSupplier.GetCertificateAndKeyPair().Certificate); if (!tenancyId.Equals(newTenancyId)) { throw new InvalidDataException("The tenancy id should never be changed in cert file!"); } } } foreach (var supplier in intermediateCertificateSuppliers) { try { supplier.Refresh(); } catch (Exception e) { throw new OciException($"Failed to refresh the intermediate certificate: ", e); } } securityTokenAdapter = GetSecurityTokenFromServer(); return(securityTokenAdapter.SecurityToken); } return(securityTokenAdapter.SecurityToken); }