Add support for session token auth

Cloud only: added session token authentication support
  - SignatureProvider.createWithSessionToken()
  - SignatureProvider.createWithSessionToken(String profile)
  - SignatureProvider.createWithSessionToken(String configFilePath, String profile)

Author: gmfeinberg

CHANGELOG.md

@@ -5,6 +5,12 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 ## Unreleased
 
 ### Added
+- Cloud only: added session token authentication support
+  - SignatureProvider.createWithSessionToken()
+  - SignatureProvider.createWithSessionToken(String profile)
+  - SignatureProvider.createWithSessionToken(String configFilePath, String profile)
+- Cloud only: added support to read region from system environment variable
+ OCI_REGION if using user principal or session token authentication
 - Cloud only: added new OCI regions (NAP, AVZ, AGA, VAP)
 
 ### Changed

README.md

@@ -250,6 +250,7 @@ public class Quickstart {
     private final static boolean useUserPrincipal = true;
     private final static boolean useInstancePrincipal = false;
     private final static boolean useResourcePrincipal = false;
+    private final static boolean useSessionToken = false;
 
     private Quickstart(String[] args) {
         /*
@@ -327,6 +328,12 @@ public class Quickstart {
                        privateKeyFile, // File
                        passphrase);  // char[]
                     */
+                } else if (useSessionToken) {
+                    /*
+                     * There are additional constructors for Session Token,
+                     * see the javadoc
+                     */
+                    authProvider = SignatureProvider.createWithSessionToken();
                 } else {
                     if (compartment == null) {
                         throw new IllegalArgumentException(
@@ -473,7 +480,7 @@ public class Quickstart {
                     System.out.println("\t" + res);
                 }
             }
-            
+
             /*
              * Drop the table
              */

driver/pom.xml

@@ -142,7 +142,8 @@
           StoreAccessTokenProviderTest.java, ResourcePrincipalProviderTest.java,
           ConfigFileTest.java, SignatureProviderTest.java,
           UserProfileProviderTest.java, InstancePrincipalsProviderTest.java,
-          HandleConfigTest.java, JsonTest.java, ValueTest.java
+          HandleConfigTest.java, JsonTest.java, ValueTest.java,
+          SessionTokenProviderTest.java
         </included.tests>
       </properties>
     </profile>

driver/src/main/java/oracle/nosql/driver/Region.java

@@ -358,7 +358,7 @@ public String endpoint() {
             return OC24_EP_BASE.format(new Object[] { regionId });
         }
         throw new IllegalArgumentException(
-            "Unable to find endpoint for unknwon region" + regionId);
+            "Unable to find endpoint for unknown region" + regionId);
     }
 
     /**

driver/src/main/java/oracle/nosql/driver/iam/OCIConfigFileProvider.java

@@ -7,6 +7,7 @@
 
 package oracle.nosql.driver.iam;
 
+import static oracle.nosql.driver.iam.OCIConfigFileReader.*;
 import static oracle.nosql.driver.util.CheckNull.requireNonNullIAE;
 
 import java.io.File;
@@ -41,21 +42,6 @@
 class OCIConfigFileProvider
     implements UserAuthenticationProfileProvider, RegionProvider {
 
-    /**
-     * Default configuration file at <code>~/.oci/config</code>
-     */
-    public static final String DEFAULT_FILE_PATH =
-        System.getProperty("user.home") + File.separator +
-        ".oci" + File.separator + "config";
-    public static final String DEFAULT_PROFILE_NAME = "DEFAULT";
-
-    static final String FINGERPRINT_PROP = "fingerprint";
-    static final String TENANCY_PROP = "tenancy";
-    static final String USER_PROP = "user";
-    static final String KEY_FILE_PROP = "key_file";
-    static final String PASSPHRASE_PROP = "pass_phrase";
-    static final String REGION_PROP = "region";
-
     private final SimpleProfileProvider delegate;
 
     /**
@@ -127,10 +113,7 @@ private OCIConfigFileProvider(OCIConfigFile configFile) {
         }
 
         /* region is optional */
-        String regionValue = configFile.get(REGION_PROP);
-        if (regionValue != null) {
-            builder.region(Region.fromRegionId(regionValue));
-        }
+        builder.region(OCIConfigFileReader.getRegionFromConfigFile(configFile));
         this.delegate = builder.build();
 
     }
@@ -169,9 +152,4 @@ public String getKeyId() {
     public Region getRegion() {
         return this.delegate.getRegion();
     }
-
-    private String missing(String propertyName) {
-        return "Required property " + propertyName +
-            " is missing from OCI configuration file";
-    }
 }

driver/src/main/java/oracle/nosql/driver/iam/OCIConfigFileReader.java

@@ -7,8 +7,6 @@
 
 package oracle.nosql.driver.iam;
 
-import static oracle.nosql.driver.iam.OCIConfigFileProvider.DEFAULT_PROFILE_NAME;
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -20,6 +18,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import oracle.nosql.driver.Region;
+
 /**
  * Cloud service only.
  * <p>
@@ -42,6 +42,22 @@
  * </pre>
  */
 public class OCIConfigFileReader {
+    /**
+     * Default configuration file at <code>~/.oci/config</code>
+     */
+    public static final String DEFAULT_FILE_PATH =
+        System.getProperty("user.home") + File.separator +
+            ".oci" + File.separator + "config";
+    public static final String DEFAULT_PROFILE_NAME = "DEFAULT";
+
+    static final String FINGERPRINT_PROP = "fingerprint";
+    static final String TENANCY_PROP = "tenancy";
+    static final String USER_PROP = "user";
+    static final String KEY_FILE_PROP = "key_file";
+    static final String PASSPHRASE_PROP = "pass_phrase";
+    static final String REGION_PROP = "region";
+    static final String SESSION_TOKEN_FILE_PROP = "security_token_file";
+    static final String OCI_REGION_ENV_VAR_NAME = "OCI_REGION";
 
     /**
      * Create a new instance using a file at a given location.
@@ -125,6 +141,29 @@ public static OCIConfigFile parse(InputStream configStream,
         return new OCIConfigFile(accumulator, profile);
     }
 
+    static String missing(String propertyName) {
+        return "Required property " + propertyName +
+            " is missing from OCI configuration file." +
+            " For more information about OCI configuration file and" +
+            " how to get required information," +
+            " see https://docs.oracle.com" +
+            "/en-us/iaas/Content/API/Concepts/sdkconfig.htm";
+    }
+
+    static Region getRegionFromConfigFile(OCIConfigFile configFile) {
+        Region region = null;
+        String regionId = configFile.get(REGION_PROP);
+        if (regionId == null || regionId.isEmpty()) {
+            /* Attempts to read region id from env variable */
+            regionId = System.getenv(OCI_REGION_ENV_VAR_NAME);
+        }
+
+        if (regionId != null && !regionId.isEmpty()) {
+            return Region.fromRegionId(regionId);
+        }
+        return region;
+    }
+
     private OCIConfigFileReader() {}
 
     /**

driver/src/main/java/oracle/nosql/driver/iam/SessionTokenProvider.java

@@ -0,0 +1,127 @@
+/*-
+ * Copyright (c) 2011, 2023 Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Universal Permissive License v 1.0 as shown at
+ *  https://oss.oracle.com/licenses/upl/
+ */
+
+package oracle.nosql.driver.iam;
+
+import static oracle.nosql.driver.iam.OCIConfigFileReader.*;
+import static oracle.nosql.driver.util.CheckNull.requireNonNullIAE;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Scanner;
+import java.util.function.Supplier;
+
+import oracle.nosql.driver.Region;
+import oracle.nosql.driver.Region.RegionProvider;
+
+/**
+ * @hidden
+ * Internal use only
+ * <p>
+ * The authentication profile provider used to call service API using token
+ * based authentication.
+ */
+class SessionTokenProvider
+    implements AuthenticationProfileProvider, RegionProvider{
+
+    private final String sessionTokenFilePath;
+    private final String tenantId;
+    private final Supplier<InputStream> privateKeySupplier;
+    private final char[] passphrase;
+    private final Region region;
+
+    /**
+     * Creates a new instance using the config file at the default location and
+     * the default profile.
+     */
+    SessionTokenProvider() {
+        this(DEFAULT_FILE_PATH, DEFAULT_PROFILE_NAME);
+    }
+
+    /**
+     * Creates a new instance using the config file at the default location,
+     * @param profile profile to load
+     */
+    SessionTokenProvider(String profile) {
+        this(DEFAULT_FILE_PATH, profile);
+    }
+
+    /**
+     * Creates a new instance.
+     *
+     * @param configFilePath path to the OCI configuration file
+     * @param profile profile to load, optional
+     */
+    SessionTokenProvider(String configFilePath, String profile) {
+        final OCIConfigFile configFile;
+        try {
+            configFile = OCIConfigFileReader.parse(configFilePath, profile);
+        } catch (IOException e) {
+            throw new IllegalArgumentException(
+                "Error parsing config file " + configFilePath +
+                ": " + e.getMessage());
+        }
+
+        this.sessionTokenFilePath = configFile.get(SESSION_TOKEN_FILE_PROP);
+        requireNonNullIAE(sessionTokenFilePath, missing(SESSION_TOKEN_FILE_PROP));
+        this.tenantId = configFile.get(TENANCY_PROP);
+        requireNonNullIAE(tenantId, missing(TENANCY_PROP));
+        final String keyFilePath = configFile.get(KEY_FILE_PROP);
+        requireNonNullIAE(tenantId, missing(KEY_FILE_PROP));
+        this.privateKeySupplier = new PrivateKeyFileSupplier(
+            new File(Utils.expandUserHome(keyFilePath)));
+        this.region = getRegionFromConfigFile(configFile);
+
+        /* Optional parameters */
+        final String passphraseString = configFile.get(PASSPHRASE_PROP);
+        this.passphrase = (passphraseString != null) ?
+            passphraseString.toCharArray() : null;
+    }
+
+    private String refreshAndGetTokenInternal() {
+        final File sessionTokenFile = new File(
+            Utils.expandUserHome(sessionTokenFilePath));
+        final StringBuilder token = new StringBuilder();
+
+        try (Scanner reader = new Scanner(sessionTokenFile)) {
+            while (reader.hasNextLine()) {
+                token.append(reader.nextLine());
+            }
+        } catch (FileNotFoundException e) {
+            throw new IllegalArgumentException(
+                "Session token file " + sessionTokenFilePath + " not found");
+        }
+
+        return token.toString();
+    }
+
+    public String getTenantId() {
+        return this.tenantId;
+    }
+
+    @Override
+    public Region getRegion() {
+        return this.region;
+    }
+
+    @Override
+    public String getKeyId() {
+        return "ST$" + refreshAndGetTokenInternal();
+    }
+
+    @Override
+    public InputStream getPrivateKey() {
+        return privateKeySupplier.get();
+    }
+
+    @Override
+    public char[] getPassphraseCharacters() {
+        return passphrase;
+    }
+}