/* * MinIO .NET Library for Amazon S3 Compatible Cloud Storage, * (C) 2021 MinIO, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ using System.Globalization; using System.Text; using Minio.DataModel; using Minio.Helper; /* * Web Identity Credential provider * https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html */ namespace Minio.Credentials; public class WebIdentityProvider : WebIdentityClientGrantsProvider { internal int ExpiryInSeconds { get; set; } internal JsonWebToken CurrentJsonWebToken { get; set; } public override AccessCredentials GetCredentials() { Validate(); return base.GetCredentials(); } public override ValueTask GetCredentialsAsync() { Validate(); return base.GetCredentialsAsync(); } internal WebIdentityProvider WithJWTSupplier(Func f) { JWTSupplier = (Func)f.Clone(); Validate(); return this; } internal override Task BuildRequest() { Validate(); CurrentJsonWebToken = JWTSupplier(); // RoleArn to be set already. _ = WithRoleAction("AssumeRoleWithWebIdentity"); _ = WithDurationInSeconds(GetDurationInSeconds(CurrentJsonWebToken.Expiry)); RoleSessionName ??= Utils.To8601String(DateTime.Now); return base.BuildRequest(); } internal override AccessCredentials ParseResponse(HttpResponseMessage response) { Validate(); var credentials = base.ParseResponse(response); using var stream = new MemoryStream(Encoding.UTF8.GetBytes(Convert.ToString(response.Content, CultureInfo.InvariantCulture)).AsMemory().ToArray()); return Utils.DeserializeXml(stream); } }