Package oracle.nosql.driver.iam

Class SignatureProvider

java.lang.Object

oracle.nosql.driver.iam.SignatureProvider

All Implemented Interfaces:

AuthorizationProvider

public class SignatureProvider
extends java.lang.Object
implements AuthorizationProvider

Cloud service only.

An instance of AuthorizationProvider that generates and caches signature for each request as authorization string. A number of pieces of information are required for configuration. See SDK Configuration File and Required Keys and OCIDs for additional information as well as instructions on how to create required keys and OCIDs for configuration. The required information includes:

• A signing key, used to sign requests.
• A pass phrase for the key, if it is encrypted
• The fingerprint of the key pair used for signing
• The OCID of the tenancy
• The OCID of a user in the tenancy

All of this information is required to authenticate and authorize access to the service.

There are two mechanisms for providing authorization information:

1. Using a user's identity and optional profile. This authenticates and authorizes the application based on a specific user identity.
2. Using an Instance Principal, which can be done when running on a compute instance in the Oracle Cloud Infrastructure (OCI). See createWithInstancePrincipal() and Calling Services from Instances.

The latter can be simpler to use when running on an OCI compute instance, but limits the ability to use a compartment name vs OCID when naming compartments and tables in Request classes and when naming tables in queries. A specific user identity is best for naming flexibility, allowing both compartment names and OCIDs.

When using a specific user's identity there are several options to provide the required information:

• Using a configuration file. See SDK Configuration File for details on the file contents. By default the file is stored in ~/.oci/config, but you may supply a path to another location. The configuration file may include multiple profiles. The constructors that use a configuration include
  • SignatureProvider()
  • SignatureProvider(String)
  • SignatureProvider(String, String)
• Using information passed programmatically. The constructors that use this mechanism include
  • SignatureProvider(String, String, String, String, char[])
  • SignatureProvider(String, String, String, File, char[])

Constructor Summary

Constructors

Constructor	Description
SignatureProvider()	Creates a SignatureProvider using a default configuration file and profile.
SignatureProvider(java.lang.String profileName)	Creates a SignatureProvider using the specified profile.
SignatureProvider(java.lang.String configFile, java.lang.String profileName)	Creates a SignatureProvider using the specified config file and profile.
SignatureProvider(java.lang.String tenantId, java.lang.String userId, java.lang.String fingerprint, java.io.File privateKeyFile, char[] passphrase)	Creates a SignatureProvider using directly provided user authentication information.
SignatureProvider(java.lang.String tenantId, java.lang.String userId, java.lang.String fingerprint, java.lang.String privateKey, char[] passphrase)	Creates a SignatureProvider using directly provided user authentication information.

Method Summary

Modifier and Type	Method	Description
void	close()	Release resources provider is using.
static SignatureProvider	createWithInstancePrincipal()	Creates a SignatureProvider using an instance principal.
static SignatureProvider	createWithInstancePrincipal(java.lang.String iamAuthUri)	Creates a SignatureProvider using an instance principal.
java.lang.String	getAuthorizationString(Request request)	Returns an authorization string for specified request.
java.util.logging.Logger	getLogger()	Returns the logger of this provider if set, null if not.
void	setLogger(java.util.logging.Logger logger)	Sets a Logger instance for this provider.
void	setRequiredHeaders(java.lang.String authString, Request request, io.netty.handler.codec.http.HttpHeaders headers)	Set HTTP headers required by the provider.
SignatureProvider	setServiceHost(NoSQLHandleConfig config)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface oracle.nosql.driver.AuthorizationProvider

validateAuthString

Constructor Detail

SignatureProvider

public SignatureProvider()
                  throws java.io.IOException

Creates a SignatureProvider using a default configuration file and profile. The configuration file used is ~/.oci/config. See SDK Configuration File for details of the file's contents and format.

Throws:

java.io.IOException - if error loading profile from OCI configuration file

SignatureProvider

public SignatureProvider(java.lang.String profileName)
                  throws java.io.IOException

Creates a SignatureProvider using the specified profile. The configuration file used is ~/.oci/config. See SDK Configuration File for details of the file's contents and format

Parameters:

profileName - user profile name

Throws:

java.io.IOException - if error loading profile from OCI configuration file

SignatureProvider

public SignatureProvider(java.lang.String configFile,
                         java.lang.String profileName)
                  throws java.io.IOException

Creates a SignatureProvider using the specified config file and profile. See SDK Configuration File for details of the file's contents and format

Parameters:

configFile - path of configuration file

profileName - user profile name

Throws:

java.io.IOException - if error loading profile from OCI configuration file

SignatureProvider

public SignatureProvider(java.lang.String tenantId,
                         java.lang.String userId,
                         java.lang.String fingerprint,
                         java.lang.String privateKey,
                         char[] passphrase)

Creates a SignatureProvider using directly provided user authentication information. See Required Keys and OCIDs for details of the required parameters.

Parameters:

tenantId - tenant id

userId - user id

fingerprint - fingerprint of the key being used

privateKey - the string of private key used to sign request

passphrase - optional passphrase for the (encrypted) private key

SignatureProvider

public SignatureProvider(java.lang.String tenantId,
                         java.lang.String userId,
                         java.lang.String fingerprint,
                         java.io.File privateKeyFile,
                         char[] passphrase)

Creates a SignatureProvider using directly provided user authentication information. See Required Keys and OCIDs for details of the required parameters.

Parameters:

tenantId - tenant id

userId - user id

fingerprint - fingerprint of the key being used

privateKeyFile - the file of the private key used to sign request

passphrase - optional passphrase for the (encrypted) private key

Method Detail

createWithInstancePrincipal

public static SignatureProvider createWithInstancePrincipal()

Creates a SignatureProvider using an instance principal. This constructor may be used when calling the Oracle NoSQL Database Cloud Service from an Oracle Cloud compute instance. It authenticates with the instance principal and uses a security token issued by IAM to do the actual request signing.

When using an instance principal the compartment id (OCID )must be specified on each request or defaulted by using NoSQLHandleConfig.setDefaultCompartment(java.lang.String). If the compartment id is not specified for an operation an exception will be thrown.

See Calling Services from Instances.

Returns:

SignatureProvider

createWithInstancePrincipal

public static SignatureProvider createWithInstancePrincipal(java.lang.String iamAuthUri)

Creates a SignatureProvider using an instance principal. This constructor may be used when calling the Oracle NoSQL Database Cloud Service from an Oracle Cloud compute instance. It authenticates with the instance principal and uses a security token issued by IAM to do the actual request signing.

When using an instance principal the compartment id (OCID) must be specified on each request or defaulted by using NoSQLHandleConfig.setDefaultCompartment(java.lang.String). If the compartment id is not specified for an operation an exception will be thrown.

See Calling Services from Instances.

Parameters:

iamAuthUri - The URI is usually detected automatically, specify the URI if you need to overwrite the default, or encounter the Invalid IAM URI error.

Returns:

SignatureProvider

getAuthorizationString

public java.lang.String getAuthorizationString(Request request)

Description copied from interface: AuthorizationProvider

Returns an authorization string for specified request. This is sent to the server in the request for authorization. Authorization information can be request-dependent.

Specified by:

getAuthorizationString in interface AuthorizationProvider

Parameters:

request - the request being processed

Returns:

a string indicating that the application is authorized to perform the request

setRequiredHeaders

public void setRequiredHeaders(java.lang.String authString,
                               Request request,
                               io.netty.handler.codec.http.HttpHeaders headers)

Description copied from interface: AuthorizationProvider

Set HTTP headers required by the provider.

Specified by:

setRequiredHeaders in interface AuthorizationProvider

request - the request being processed

headers - the HTTP headers

close

public void close()

Description copied from interface: AuthorizationProvider

Release resources provider is using.

Specified by:

close in interface AuthorizationProvider

setServiceHost

public SignatureProvider setServiceHost(NoSQLHandleConfig config)

setLogger

public void setLogger(java.util.logging.Logger logger)

Sets a Logger instance for this provider. If not set, the logger associated with the driver is used.

Parameters:

logger - the logger

getLogger

public java.util.logging.Logger getLogger()

Returns the logger of this provider if set, null if not.

Returns:

logger