def get_db_token(ctx, from_json, scope, db_token_location):
if scope and "urn:oracle:db:" not in scope:
click.echo(
"scope must be a db scope i.e --scope 'urn:oracle:db::id::*'")
ctx.exit(1)
kwargs = {}
private_key = cli_util.generate_key()
public_key = private_key.public_key()
db_token_path = os.path.normpath(os.path.expanduser(db_token_location))
Path(db_token_path).mkdir(parents=True, exist_ok=True)
private_key_file_path = os.path.join(db_token_path, "oci_db_key.pem")
public_key_file_path = os.path.join(db_token_path, "oci_db_key_public.pem")
if not cli_setup.write_public_key_to_file(public_key_file_path, public_key,
True, True):
click.echo("Error: Unable to write public key at {}".format(
public_key_file_path))
ctx.exit(1)
with open(public_key_file_path, mode='r') as public_file:
public_key_from_file = public_file.read()
_details = {'scope': scope, 'publicKey': public_key_from_file}
client = cli_util.build_client('identity_data_plane', 'dataplane', ctx)
result = client.generate_scoped_access_token(
generate_scoped_access_token_details=_details, **kwargs)
response = cli_util.to_dict(result.data)
# persist private key and result db_token
if not cli_setup.write_private_key_to_file(private_key_file_path,
private_key, '', True, True):
click.echo("Error: Unable to write private key at: {}".format(
private_key_file_path))
ctx.exit(1)
else:
click.echo("Private key written at {}".format(private_key_file_path))
db_token_path = os.path.join(db_token_path, "token")
with open(db_token_path, "w") as f:
f.write(response['token'])
click.echo('db-token written at: {}'.format(db_token_path))
cli_setup.apply_user_only_access_permissions(db_token_path)
with open(db_token_path, 'r') as db_token_file:
token = db_token_file.read()
db_token_container = oci.auth.security_token_container.SecurityTokenContainer(
None, token)
db_token_file = db_token_container.get_jwt()
expiry_time = datetime.datetime.fromtimestamp(
db_token_file['exp']).strftime("%Y-%m-%d %H:%M:%S")
click.echo("db-token is valid until " + expiry_time, file=sys.stderr)
def key_pair_files():
temp_dir = os.path.join('tests', 'temp')
private_key = cli_util.generate_key()
public_key = private_key.public_key()
public_key_filename = os.path.join(temp_dir, 'key_public.pem')
private_key_filename = os.path.join(temp_dir, 'key.pem')
certificate_filename = os.path.join(temp_dir, 'certificate.pem')
with open(public_key_filename, "wb") as f:
f.write(cli_util.serialize_key(public_key=public_key))
with open(private_key_filename, "wb") as f:
f.write(cli_util.serialize_key(private_key=private_key, passphrase='secret!'))
# Various details about who we are. For a self-signed certificate the
# subject and issuer are always the same.
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"WA"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Seattle"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Oracle"),
x509.NameAttribute(NameOID.COMMON_NAME, u"company.com"),
])
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
public_key
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
# Our certificate will be valid for 10 days
datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(
x509.SubjectAlternativeName([x509.DNSName(u"localhost")]), critical=False).sign(private_key, hashes.SHA256(), default_backend())
# Write our certificate out to disk.
with open(certificate_filename, "wb") as f:
f.write(cert.public_bytes(serialization.Encoding.PEM))
result = [public_key_filename, private_key_filename, certificate_filename]
yield result
for filename in result:
if os.path.isfile(filename):
os.remove(filename)