From 8d513d6cbe0d9ad41167628379516db1a5a2165c Mon Sep 17 00:00:00 2001 From: stager0909 Date: Thu, 13 Oct 2022 16:38:36 +0900 Subject: [PATCH] Modified so that connection timeout and read timeout can be set when calling oauth2.googleapis.com in ServiceAccountCredentials.refreshAccessToken() --- .../google/auth/http/TimeoutInitializer.java | 21 + .../oauth2/DefaultCredentialsProvider.java | 15 +- .../google/auth/oauth2/GoogleCredentials.java | 15 +- .../auth/oauth2/ImpersonatedCredentials.java | 101 +++-- .../oauth2/ServiceAccountCredentials.java | 149 +++--- .../DefaultCredentialsProviderTest.java | 49 +- .../auth/oauth2/GoogleCredentialsTest.java | 39 +- .../oauth2/ImpersonatedCredentialsTest.java | 86 ++-- .../oauth2/ServiceAccountCredentialsTest.java | 332 +++++++------- ...erviceAccountJwtAccessCredentialsTest.java | 426 +++++++++--------- 10 files changed, 650 insertions(+), 583 deletions(-) create mode 100644 oauth2_http/java/com/google/auth/http/TimeoutInitializer.java diff --git a/oauth2_http/java/com/google/auth/http/TimeoutInitializer.java b/oauth2_http/java/com/google/auth/http/TimeoutInitializer.java new file mode 100644 index 000000000..5eff8177e --- /dev/null +++ b/oauth2_http/java/com/google/auth/http/TimeoutInitializer.java @@ -0,0 +1,21 @@ +package com.google.auth.http; + +import com.google.api.client.http.HttpRequest; +import com.google.api.client.http.HttpRequestInitializer; + +public class TimeoutInitializer implements HttpRequestInitializer { + + private final int connectTimeoutMillis; + private final int readTimeoutMillis; + + public TimeoutInitializer(int connectTimeoutMillis, int readTimeoutMillis) { + this.connectTimeoutMillis = connectTimeoutMillis; + this.readTimeoutMillis = readTimeoutMillis; + } + + @Override + public void initialize(HttpRequest request) { + request.setConnectTimeout(connectTimeoutMillis); + request.setReadTimeout(readTimeoutMillis); + } +} diff --git a/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java b/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java index 12fff6a37..1db553ae3 100644 --- a/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java +++ b/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java @@ -31,6 +31,7 @@ package com.google.auth.oauth2; +import com.google.api.client.http.HttpRequestInitializer; import com.google.auth.http.HttpTransportFactory; import java.io.File; import java.io.FileInputStream; @@ -119,11 +120,11 @@ class DefaultCredentialsProvider { * @return the credentials instance. * @throws IOException if the credentials cannot be created in the current environment. */ - final GoogleCredentials getDefaultCredentials(HttpTransportFactory transportFactory) + final GoogleCredentials getDefaultCredentials(HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { synchronized (this) { if (cachedCredentials == null) { - cachedCredentials = getDefaultCredentialsUnsynchronized(transportFactory); + cachedCredentials = getDefaultCredentialsUnsynchronized(transportFactory, httpRequestInitializer); } if (cachedCredentials != null) { return cachedCredentials; @@ -139,7 +140,7 @@ final GoogleCredentials getDefaultCredentials(HttpTransportFactory transportFact } private final GoogleCredentials getDefaultCredentialsUnsynchronized( - HttpTransportFactory transportFactory) throws IOException { + HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { // First try the environment variable GoogleCredentials credentials = null; @@ -156,7 +157,7 @@ private final GoogleCredentials getDefaultCredentialsUnsynchronized( throw new IOException("File does not exist."); } credentialsStream = readStream(credentialsFile); - credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory); + credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory, httpRequestInitializer); } catch (IOException e) { // Although it is also the cause, the message of the caught exception can have very // important information for diagnosing errors, so include its message in the @@ -187,7 +188,7 @@ private final GoogleCredentials getDefaultCredentialsUnsynchronized( "Attempting to load credentials from well known file: %s", wellKnownFileLocation.getCanonicalPath())); credentialsStream = readStream(wellKnownFileLocation); - credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory); + credentials = GoogleCredentials.fromStream(credentialsStream, transportFactory, httpRequestInitializer); } } catch (IOException e) { throw new IOException( @@ -315,8 +316,8 @@ private final GoogleCredentials tryGetComputeCredentials(HttpTransportFactory tr checkedComputeEngine = true; if (runningOnComputeEngine) { return ComputeEngineCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .build(); + .setHttpTransportFactory(transportFactory) + .build(); } return null; } diff --git a/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java b/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java index 613c5c2da..a88a2b7e0 100644 --- a/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java @@ -31,6 +31,7 @@ package com.google.auth.oauth2; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.json.GenericJson; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.JsonObjectParser; @@ -94,7 +95,7 @@ public static GoogleCredentials create(AccessToken accessToken) { * @throws IOException if the credentials cannot be created in the current environment. */ public static GoogleCredentials getApplicationDefault() throws IOException { - return getApplicationDefault(OAuth2Utils.HTTP_TRANSPORT_FACTORY); + return getApplicationDefault(OAuth2Utils.HTTP_TRANSPORT_FACTORY, null); } /** @@ -119,10 +120,10 @@ public static GoogleCredentials getApplicationDefault() throws IOException { * @return the credentials instance. * @throws IOException if the credentials cannot be created in the current environment. */ - public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory) + public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { Preconditions.checkNotNull(transportFactory); - return defaultCredentialsProvider.getDefaultCredentials(transportFactory); + return defaultCredentialsProvider.getDefaultCredentials(transportFactory, httpRequestInitializer); } /** @@ -136,7 +137,7 @@ public static GoogleCredentials getApplicationDefault(HttpTransportFactory trans * @throws IOException if the credential cannot be created from the stream. */ public static GoogleCredentials fromStream(InputStream credentialsStream) throws IOException { - return fromStream(credentialsStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY); + return fromStream(credentialsStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY, null); } /** @@ -152,7 +153,7 @@ public static GoogleCredentials fromStream(InputStream credentialsStream) throws * @throws IOException if the credential cannot be created from the stream. */ public static GoogleCredentials fromStream( - InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException { + InputStream credentialsStream, HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { Preconditions.checkNotNull(credentialsStream); Preconditions.checkNotNull(transportFactory); @@ -169,13 +170,13 @@ public static GoogleCredentials fromStream( return UserCredentials.fromJson(fileContents, transportFactory); } if (SERVICE_ACCOUNT_FILE_TYPE.equals(fileType)) { - return ServiceAccountCredentials.fromJson(fileContents, transportFactory); + return ServiceAccountCredentials.fromJson(fileContents, transportFactory, httpRequestInitializer); } if (ExternalAccountCredentials.EXTERNAL_ACCOUNT_FILE_TYPE.equals(fileType)) { return ExternalAccountCredentials.fromJson(fileContents, transportFactory); } if ("impersonated_service_account".equals(fileType)) { - return ImpersonatedCredentials.fromJson(fileContents, transportFactory); + return ImpersonatedCredentials.fromJson(fileContents, transportFactory, httpRequestInitializer); } throw new IOException( String.format( diff --git a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java index 375d957a4..cf8eee597 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java @@ -38,6 +38,7 @@ import com.google.api.client.http.HttpContent; import com.google.api.client.http.HttpRequest; import com.google.api.client.http.HttpRequestFactory; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.http.HttpResponse; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.json.JsonHttpContent; @@ -143,13 +144,13 @@ public static ImpersonatedCredentials create( int lifetime, HttpTransportFactory transportFactory) { return ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentials) - .setTargetPrincipal(targetPrincipal) - .setDelegates(delegates) - .setScopes(scopes) - .setLifetime(lifetime) - .setHttpTransportFactory(transportFactory) - .build(); + .setSourceCredentials(sourceCredentials) + .setTargetPrincipal(targetPrincipal) + .setDelegates(delegates) + .setScopes(scopes) + .setLifetime(lifetime) + .setHttpTransportFactory(transportFactory) + .build(); } /** @@ -186,14 +187,14 @@ public static ImpersonatedCredentials create( HttpTransportFactory transportFactory, String quotaProjectId) { return ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentials) - .setTargetPrincipal(targetPrincipal) - .setDelegates(delegates) - .setScopes(scopes) - .setLifetime(lifetime) - .setHttpTransportFactory(transportFactory) - .setQuotaProjectId(quotaProjectId) - .build(); + .setSourceCredentials(sourceCredentials) + .setTargetPrincipal(targetPrincipal) + .setDelegates(delegates) + .setScopes(scopes) + .setLifetime(lifetime) + .setHttpTransportFactory(transportFactory) + .setQuotaProjectId(quotaProjectId) + .build(); } /** @@ -233,15 +234,15 @@ public static ImpersonatedCredentials create( String quotaProjectId, String iamEndpointOverride) { return ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentials) - .setTargetPrincipal(targetPrincipal) - .setDelegates(delegates) - .setScopes(scopes) - .setLifetime(lifetime) - .setHttpTransportFactory(transportFactory) - .setQuotaProjectId(quotaProjectId) - .setIamEndpointOverride(iamEndpointOverride) - .build(); + .setSourceCredentials(sourceCredentials) + .setTargetPrincipal(targetPrincipal) + .setDelegates(delegates) + .setScopes(scopes) + .setLifetime(lifetime) + .setHttpTransportFactory(transportFactory) + .setQuotaProjectId(quotaProjectId) + .setIamEndpointOverride(iamEndpointOverride) + .build(); } /** @@ -273,12 +274,12 @@ public static ImpersonatedCredentials create( List scopes, int lifetime) { return ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentials) - .setTargetPrincipal(targetPrincipal) - .setDelegates(delegates) - .setScopes(scopes) - .setLifetime(lifetime) - .build(); + .setSourceCredentials(sourceCredentials) + .setTargetPrincipal(targetPrincipal) + .setDelegates(delegates) + .setScopes(scopes) + .setLifetime(lifetime) + .build(); } static String extractTargetPrincipal(String serviceAccountImpersonationUrl) { @@ -367,7 +368,7 @@ public byte[] sign(byte[] toSign) { * @throws IOException if the credential cannot be created from the JSON. */ static ImpersonatedCredentials fromJson( - Map json, HttpTransportFactory transportFactory) throws IOException { + Map json, HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { checkNotNull(json); checkNotNull(transportFactory); @@ -396,7 +397,7 @@ static ImpersonatedCredentials fromJson( sourceCredentials = UserCredentials.fromJson(sourceCredentialsJson, transportFactory); } else if (GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE.equals(sourceCredentialsType)) { sourceCredentials = - ServiceAccountCredentials.fromJson(sourceCredentialsJson, transportFactory); + ServiceAccountCredentials.fromJson(sourceCredentialsJson, transportFactory, httpRequestInitializer); } else { throw new IOException( String.format( @@ -404,15 +405,15 @@ static ImpersonatedCredentials fromJson( sourceCredentialsType)); } return ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentials) - .setTargetPrincipal(targetPrincipal) - .setDelegates(delegates) - .setScopes(new ArrayList()) - .setLifetime(DEFAULT_LIFETIME_IN_SECONDS) - .setHttpTransportFactory(transportFactory) - .setQuotaProjectId(quotaProjectId) - .setIamEndpointOverride(serviceAccountImpersonationUrl) - .build(); + .setSourceCredentials(sourceCredentials) + .setTargetPrincipal(targetPrincipal) + .setDelegates(delegates) + .setScopes(new ArrayList()) + .setLifetime(DEFAULT_LIFETIME_IN_SECONDS) + .setHttpTransportFactory(transportFactory) + .setQuotaProjectId(quotaProjectId) + .setIamEndpointOverride(serviceAccountImpersonationUrl) + .build(); } @Override @@ -585,15 +586,15 @@ public int hashCode() { @Override public String toString() { return MoreObjects.toStringHelper(this) - .add("sourceCredentials", sourceCredentials) - .add("targetPrincipal", targetPrincipal) - .add("delegates", delegates) - .add("scopes", scopes) - .add("lifetime", lifetime) - .add("transportFactoryClassName", transportFactoryClassName) - .add("quotaProjectId", quotaProjectId) - .add("iamEndpointOverride", iamEndpointOverride) - .toString(); + .add("sourceCredentials", sourceCredentials) + .add("targetPrincipal", targetPrincipal) + .add("delegates", delegates) + .add("scopes", scopes) + .add("lifetime", lifetime) + .add("transportFactoryClassName", transportFactoryClassName) + .add("quotaProjectId", quotaProjectId) + .add("iamEndpointOverride", iamEndpointOverride) + .toString(); } @Override diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 56ffb02b9..6fbabd8fe 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -38,6 +38,7 @@ import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler; import com.google.api.client.http.HttpRequest; import com.google.api.client.http.HttpRequestFactory; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.http.HttpResponse; import com.google.api.client.http.HttpResponseException; import com.google.api.client.http.UrlEncodedContent; @@ -118,6 +119,7 @@ public class ServiceAccountCredentials extends GoogleCredentials private final boolean defaultRetriesEnabled; private transient HttpTransportFactory transportFactory; + private final HttpRequestInitializer httpRequestInitializer; /** * Internal constructor @@ -140,6 +142,7 @@ public class ServiceAccountCredentials extends GoogleCredentials firstNonNull( builder.transportFactory, getFromServiceLoader(HttpTransportFactory.class, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + this.httpRequestInitializer = builder.httpRequestInitializer; this.transportFactoryClassName = this.transportFactory.getClass().getName(); this.tokenServerUri = (builder.tokenServerUri == null) ? OAuth2Utils.TOKEN_SERVER_URI : builder.tokenServerUri; @@ -165,7 +168,7 @@ public class ServiceAccountCredentials extends GoogleCredentials * @throws IOException if the credential cannot be created from the JSON. */ static ServiceAccountCredentials fromJson( - Map json, HttpTransportFactory transportFactory) throws IOException { + Map json, HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { String clientId = (String) json.get("client_id"); String clientEmail = (String) json.get("client_email"); String privateKeyPkcs8 = (String) json.get("private_key"); @@ -193,13 +196,14 @@ static ServiceAccountCredentials fromJson( ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServerUriFromCreds) - .setProjectId(projectId) - .setQuotaProjectId(quotaProjectId); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setHttpTransportFactory(transportFactory) + .setHttpRequestInitializer(httpRequestInitializer) + .setTokenServerUri(tokenServerUriFromCreds) + .setProjectId(projectId) + .setQuotaProjectId(quotaProjectId); return fromPkcs8(privateKeyPkcs8, builder); } @@ -225,10 +229,10 @@ public static ServiceAccountCredentials fromPkcs8( throws IOException { ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes); return fromPkcs8(privateKeyPkcs8, builder); } @@ -255,10 +259,10 @@ public static ServiceAccountCredentials fromPkcs8( throws IOException { ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes, defaultScopes); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes, defaultScopes); return fromPkcs8(privateKeyPkcs8, builder); } @@ -291,12 +295,12 @@ public static ServiceAccountCredentials fromPkcs8( ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServerUri); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes) + .setHttpTransportFactory(transportFactory) + .setTokenServerUri(tokenServerUri); return fromPkcs8(privateKeyPkcs8, builder); } @@ -332,12 +336,12 @@ public static ServiceAccountCredentials fromPkcs8( ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes, defaultScopes) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServerUri); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes, defaultScopes) + .setHttpTransportFactory(transportFactory) + .setTokenServerUri(tokenServerUri); return fromPkcs8(privateKeyPkcs8, builder); } @@ -373,13 +377,13 @@ public static ServiceAccountCredentials fromPkcs8( ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServerUri) - .setServiceAccountUser(serviceAccountUser); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes) + .setHttpTransportFactory(transportFactory) + .setTokenServerUri(tokenServerUri) + .setServiceAccountUser(serviceAccountUser); return fromPkcs8(privateKeyPkcs8, builder); } @@ -417,13 +421,13 @@ public static ServiceAccountCredentials fromPkcs8( throws IOException { ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(clientId) - .setClientEmail(clientEmail) - .setPrivateKeyId(privateKeyId) - .setScopes(scopes, defaultScopes) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServerUri) - .setServiceAccountUser(serviceAccountUser); + .setClientId(clientId) + .setClientEmail(clientEmail) + .setPrivateKeyId(privateKeyId) + .setScopes(scopes, defaultScopes) + .setHttpTransportFactory(transportFactory) + .setTokenServerUri(tokenServerUri) + .setServiceAccountUser(serviceAccountUser); return fromPkcs8(privateKeyPkcs8, builder); } @@ -473,7 +477,7 @@ static PrivateKey privateKeyFromPkcs8(String privateKeyPkcs8) throws IOException */ public static ServiceAccountCredentials fromStream(InputStream credentialsStream) throws IOException { - return fromStream(credentialsStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY); + return fromStream(credentialsStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY, null); } /** @@ -487,7 +491,7 @@ public static ServiceAccountCredentials fromStream(InputStream credentialsStream * @throws IOException if the credential cannot be created from the stream. */ public static ServiceAccountCredentials fromStream( - InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException { + InputStream credentialsStream, HttpTransportFactory transportFactory, HttpRequestInitializer httpRequestInitializer) throws IOException { Preconditions.checkNotNull(credentialsStream); Preconditions.checkNotNull(transportFactory); @@ -501,7 +505,7 @@ public static ServiceAccountCredentials fromStream( throw new IOException("Error reading credentials from stream, 'type' field not specified."); } if (SERVICE_ACCOUNT_FILE_TYPE.equals(fileType)) { - return fromJson(fileContents, transportFactory); + return fromJson(fileContents, transportFactory, httpRequestInitializer); } throw new IOException( String.format( @@ -530,7 +534,7 @@ public AccessToken refreshAccessToken() throws IOException { tokenRequest.set("assertion", assertion); UrlEncodedContent content = new UrlEncodedContent(tokenRequest); - HttpRequestFactory requestFactory = transportFactory.create().createRequestFactory(); + HttpRequestFactory requestFactory = transportFactory.create().createRequestFactory(httpRequestInitializer); HttpRequest request = requestFactory.buildPostRequest(new GenericUrl(tokenServerUri), content); if (this.defaultRetriesEnabled) { @@ -761,11 +765,11 @@ public JwtCredentials jwtWithClaims(JwtClaims newClaims) { JwtClaims.Builder claimsBuilder = JwtClaims.newBuilder().setIssuer(getIssuer()).setSubject(clientEmail); return JwtCredentials.newBuilder() - .setPrivateKey(privateKey) - .setPrivateKeyId(privateKeyId) - .setJwtClaims(claimsBuilder.build().merge(newClaims)) - .setClock(clock) - .build(); + .setPrivateKey(privateKey) + .setPrivateKeyId(privateKeyId) + .setJwtClaims(claimsBuilder.build().merge(newClaims)) + .setClock(clock) + .build(); } @Override @@ -797,19 +801,19 @@ public int hashCode() { @Override public String toString() { return MoreObjects.toStringHelper(this) - .add("clientId", clientId) - .add("clientEmail", clientEmail) - .add("privateKeyId", privateKeyId) - .add("transportFactoryClassName", transportFactoryClassName) - .add("tokenServerUri", tokenServerUri) - .add("scopes", scopes) - .add("defaultScopes", defaultScopes) - .add("serviceAccountUser", serviceAccountUser) - .add("quotaProjectId", quotaProjectId) - .add("lifetime", lifetime) - .add("useJwtAccessWithScope", useJwtAccessWithScope) - .add("defaultRetriesEnabled", defaultRetriesEnabled) - .toString(); + .add("clientId", clientId) + .add("clientEmail", clientEmail) + .add("privateKeyId", privateKeyId) + .add("transportFactoryClassName", transportFactoryClassName) + .add("tokenServerUri", tokenServerUri) + .add("scopes", scopes) + .add("defaultScopes", defaultScopes) + .add("serviceAccountUser", serviceAccountUser) + .add("quotaProjectId", quotaProjectId) + .add("lifetime", lifetime) + .add("useJwtAccessWithScope", useJwtAccessWithScope) + .add("defaultRetriesEnabled", defaultRetriesEnabled) + .toString(); } @Override @@ -931,11 +935,11 @@ JwtCredentials createSelfSignedJwtCredentials(final URI uri) { claimsBuilder.setAudience(getUriForSelfSignedJWT(uri).toString()); } return JwtCredentials.newBuilder() - .setPrivateKey(privateKey) - .setPrivateKeyId(privateKeyId) - .setJwtClaims(claimsBuilder.build()) - .setClock(clock) - .build(); + .setPrivateKey(privateKey) + .setPrivateKeyId(privateKeyId) + .setJwtClaims(claimsBuilder.build()) + .setClock(clock) + .build(); } @Override @@ -1018,6 +1022,7 @@ public static class Builder extends GoogleCredentials.Builder { private int lifetime = DEFAULT_LIFETIME_IN_SECONDS; private boolean useJwtAccessWithScope = false; private boolean defaultRetriesEnabled = true; + private HttpRequestInitializer httpRequestInitializer; protected Builder() {} @@ -1029,6 +1034,7 @@ protected Builder(ServiceAccountCredentials credentials) { this.scopes = credentials.scopes; this.defaultScopes = credentials.defaultScopes; this.transportFactory = credentials.transportFactory; + this.httpRequestInitializer = credentials.httpRequestInitializer; this.tokenServerUri = credentials.tokenServerUri; this.serviceAccountUser = credentials.serviceAccountUser; this.projectId = credentials.projectId; @@ -1095,6 +1101,11 @@ public Builder setHttpTransportFactory(HttpTransportFactory transportFactory) { return this; } + public Builder setHttpRequestInitializer(HttpRequestInitializer httpRequestInitializer) { + this.httpRequestInitializer = httpRequestInitializer; + return this; + } + public Builder setQuotaProjectId(String quotaProjectId) { this.quotaProjectId = quotaProjectId; return this; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java index 8db555318..8e9586682 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java @@ -39,6 +39,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.LowLevelHttpRequest; import com.google.api.client.http.LowLevelHttpResponse; @@ -46,6 +47,7 @@ import com.google.api.client.testing.http.MockLowLevelHttpRequest; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; +import com.google.auth.http.TimeoutInitializer; import com.google.auth.oauth2.ComputeEngineCredentialsTest.MockMetadataServerTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory; @@ -106,7 +108,7 @@ public void getDefaultCredentials_noCredentials_throws() throws Exception { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException e) { String message = e.getMessage(); @@ -121,7 +123,7 @@ public void getDefaultCredentials_noCredentialsSandbox_throwsNonSecurity() throw testProvider.setFileSandbox(true); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException e) { String message = e.getMessage(); @@ -142,7 +144,7 @@ public void getDefaultCredentials_envValidSandbox_throwsNonSecurity() throws Exc testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, userPath); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException e) { String message = e.getMessage(); @@ -157,7 +159,7 @@ public void getDefaultCredentials_noCredentials_singleGceTestRequest() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException expected) { // Expected @@ -166,7 +168,7 @@ public void getDefaultCredentials_noCredentials_singleGceTestRequest() { transportFactory.transport.getRequestCount(), ComputeEngineCredentials.MAX_COMPUTE_PING_TRIES); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException expected) { // Expected @@ -180,9 +182,10 @@ public void getDefaultCredentials_noCredentials_singleGceTestRequest() { public void getDefaultCredentials_caches() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials firstCall = testProvider.getDefaultCredentials(transportFactory); - GoogleCredentials secondCall = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials firstCall = testProvider.getDefaultCredentials(transportFactory, requestInitializer); + GoogleCredentials secondCall = testProvider.getDefaultCredentials(transportFactory, requestInitializer); assertNotNull(firstCall); assertSame(firstCall, secondCall); @@ -197,7 +200,7 @@ public void getDefaultCredentials_appEngineClassWithoutRuntime_NotFoundError() { testProvider.setProperty("isOnGAEStandard7", "true"); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected when not on App Engine."); } catch (IOException e) { String message = e.getMessage(); @@ -214,7 +217,7 @@ public void getDefaultCredentials_appEngineRuntimeWithoutClass_throwsHelpfulLoad testProvider.setProperty("isOnGAEStandard7", "true"); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("Credential expected to fail to load if credential class not present."); } catch (IOException e) { String message = e.getMessage(); @@ -233,7 +236,8 @@ public void getDefaultCredentials_appEngineSkipWorks_retrievesCloudShellCredenti testProvider.setEnv(DefaultCredentialsProvider.CLOUD_SHELL_ENV_VAR, "9090"); testProvider.setEnv(DefaultCredentialsProvider.SKIP_APP_ENGINE_ENV_VAR, "true"); testProvider.setProperty("isOnGAEStanadard7", "true"); - GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory, requestInitializer); assertNotNull(credentials); assertTrue(credentials instanceof CloudShellCredentials); } @@ -243,8 +247,9 @@ public void getDefaultCredentials_compute_providesToken() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); transportFactory.transport.setAccessToken(ACCESS_TOKEN); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory, requestInitializer); assertNotNull(defaultCredentials); Map> metadata = defaultCredentials.getRequestMetadata(CALL_URI); @@ -256,8 +261,9 @@ public void getDefaultCredentials_cloudshell() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.CLOUD_SHELL_ENV_VAR, "4"); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory, requestInitializer); assertTrue(defaultCredentials instanceof CloudShellCredentials); assertEquals(((CloudShellCredentials) defaultCredentials).getAuthPort(), 4); @@ -269,8 +275,9 @@ public void getDefaultCredentials_cloudshell_withComputCredentialsPresent() thro transportFactory.transport.setAccessToken(ACCESS_TOKEN); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.CLOUD_SHELL_ENV_VAR, "4"); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory, requestInitializer); assertTrue(defaultCredentials instanceof CloudShellCredentials); assertEquals(((CloudShellCredentials) defaultCredentials).getAuthPort(), 4); @@ -284,7 +291,7 @@ public void getDefaultCredentials_envMissingFile_throws() { testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, invalidPath); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("Non existent credential should throw exception"); } catch (IOException e) { String message = e.getMessage(); @@ -304,8 +311,9 @@ public void getDefaultCredentials_envServiceAccount_providesToken() throws IOExc String serviceAccountPath = tempFilePath("service_account.json"); testProvider.addFile(serviceAccountPath, serviceAccountStream); testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, serviceAccountPath); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory, null); assertNotNull(defaultCredentials); defaultCredentials = defaultCredentials.createScoped(SCOPES); @@ -334,7 +342,7 @@ public void getDefaultCredentials_envNoGceCheck_noGceRequest() throws IOExceptio testProvider.setEnv(DefaultCredentialsProvider.NO_GCE_CHECK_ENV_VAR, "true"); try { - testProvider.getDefaultCredentials(transportFactory); + testProvider.getDefaultCredentials(transportFactory, null); fail("No credential expected."); } catch (IOException expected) { // Expected @@ -442,7 +450,8 @@ public void getDefaultCredentials_envAndWellKnownFile_envPrecedence() throws IOE transportFactory.transport.addRefreshToken(refreshTokenWkf, accessTokenWkf); transportFactory.transport.addRefreshToken(refreshTokenEnv, accessTokenEnv); - testUserProvidesToken(testProvider, transportFactory, accessTokenEnv); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + testUserProvidesToken(testProvider, transportFactory, requestInitializer, accessTokenEnv); } private String tempFilePath(String filename) { @@ -516,15 +525,17 @@ private void testUserProvidesToken( MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addClient(clientId, clientSecret); transportFactory.transport.addRefreshToken(refreshToken, ACCESS_TOKEN); - testUserProvidesToken(testProvider, transportFactory, ACCESS_TOKEN); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + testUserProvidesToken(testProvider, transportFactory, requestInitializer, ACCESS_TOKEN); } private void testUserProvidesToken( TestDefaultCredentialsProvider testProvider, HttpTransportFactory transportFactory, + HttpRequestInitializer httpRequestInitializer, String accessToken) throws IOException { - GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); + GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory, httpRequestInitializer); assertNotNull(defaultCredentials); Map> metadata = defaultCredentials.getRequestMetadata(CALL_URI); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java index f849ccbb1..71b70e675 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java @@ -37,10 +37,12 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.http.HttpTransport; import com.google.api.client.testing.http.MockHttpTransport; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; +import com.google.auth.http.TimeoutInitializer; import com.google.auth.oauth2.IdentityPoolCredentialsTest.MockExternalAccountCredentialsTransportFactory; import com.google.auth.oauth2.ImpersonatedCredentialsTest.MockIAMCredentialsServiceTransportFactory; import com.google.common.collect.ImmutableList; @@ -106,7 +108,7 @@ public HttpTransport create() { @Test public void getApplicationDefault_nullTransport_throws() throws IOException { try { - GoogleCredentials.getApplicationDefault(null); + GoogleCredentials.getApplicationDefault(null, null); fail(); } catch (NullPointerException expected) { // Expected @@ -117,7 +119,7 @@ public void getApplicationDefault_nullTransport_throws() throws IOException { public void fromStream_nullTransport_throws() throws IOException { InputStream stream = new ByteArrayInputStream("foo".getBytes()); try { - GoogleCredentials.fromStream(stream, null); + GoogleCredentials.fromStream(stream, null, null); fail("Should throw if HttpTransportFactory is null"); } catch (NullPointerException expected) { // Expected @@ -128,7 +130,7 @@ public void fromStream_nullTransport_throws() throws IOException { public void fromStream_nullStream_throws() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); try { - GoogleCredentials.fromStream(null, transportFactory); + GoogleCredentials.fromStream(null, transportFactory, null); fail("Should throw if InputStream is null"); } catch (NullPointerException expected) { // Expected @@ -142,9 +144,10 @@ public void fromStream_serviceAccount_providesToken() throws IOException { InputStream serviceAccountStream = ServiceAccountCredentialsTest.writeServiceAccountStream( SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); GoogleCredentials credentials = - GoogleCredentials.fromStream(serviceAccountStream, transportFactory); + GoogleCredentials.fromStream(serviceAccountStream, transportFactory, requestInitializer); assertNotNull(credentials); credentials = credentials.createScoped(SCOPES); @@ -200,8 +203,9 @@ public void fromStream_user_providesToken() throws IOException { InputStream userStream = UserCredentialsTest.writeUserStream( USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN, null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials credentials = GoogleCredentials.fromStream(userStream, transportFactory); + GoogleCredentials credentials = GoogleCredentials.fromStream(userStream, transportFactory, requestInitializer); assertNotNull(credentials); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -243,9 +247,10 @@ public void fromStream_identityPoolCredentials_providesToken() throws IOExceptio transportFactory.transport.getMetadataUrl(), /* serviceAccountImpersonationUrl= */ null, /* serviceAccountImpersonationOptionsMap= */ null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); GoogleCredentials credentials = - GoogleCredentials.fromStream(identityPoolCredentialStream, transportFactory); + GoogleCredentials.fromStream(identityPoolCredentialStream, transportFactory, requestInitializer); assertNotNull(credentials); credentials = credentials.createScoped(SCOPES); @@ -264,8 +269,10 @@ public void fromStream_awsCredentials_providesToken() throws IOException { transportFactory.transport.getAwsRegionUrl(), transportFactory.transport.getAwsCredentialsUrl()); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + GoogleCredentials credentials = - GoogleCredentials.fromStream(awsCredentialStream, transportFactory); + GoogleCredentials.fromStream(awsCredentialStream, transportFactory, requestInitializer); assertNotNull(credentials); credentials = credentials.createScoped(SCOPES); @@ -281,15 +288,17 @@ public void fromStream_pluggableAuthCredentials_providesToken() throws IOExcepti InputStream stream = PluggableAuthCredentialsTest.writeCredentialsStream(transportFactory.transport.getStsUrl()); - GoogleCredentials credentials = GoogleCredentials.fromStream(stream, transportFactory); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + + GoogleCredentials credentials = GoogleCredentials.fromStream(stream, transportFactory, requestInitializer); assertNotNull(credentials); // Create copy with mock executable handler. PluggableAuthCredentials copy = PluggableAuthCredentials.newBuilder((PluggableAuthCredentials) credentials) - .setExecutableHandler(options -> "pluggableAuthToken") - .build(); + .setExecutableHandler(options -> "pluggableAuthToken") + .build(); copy = copy.createScoped(SCOPES); Map> metadata = copy.getRequestMetadata(CALL_URI); @@ -318,9 +327,11 @@ public void fromStream_Impersonation_providesToken_WithQuotaProject() throws IOE ImpersonatedCredentialsTest.DELEGATES, ImpersonatedCredentialsTest.QUOTA_PROJECT_ID); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + ImpersonatedCredentials credentials = (ImpersonatedCredentials) - GoogleCredentials.fromStream(impersonationCredentialsStream, transportFactoryForSource); + GoogleCredentials.fromStream(impersonationCredentialsStream, transportFactoryForSource, requestInitializer); credentials.setTransportFactory(transportFactory); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -354,9 +365,11 @@ public void fromStream_Impersonation_providesToken_WithoutQuotaProject() throws ImpersonatedCredentialsTest.DELEGATES, null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + ImpersonatedCredentials credentials = (ImpersonatedCredentials) - GoogleCredentials.fromStream(impersonationCredentialsStream, transportFactoryForSource); + GoogleCredentials.fromStream(impersonationCredentialsStream, transportFactoryForSource, requestInitializer); credentials.setTransportFactory(transportFactory); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -387,7 +400,7 @@ public GoogleCredentials createScoped(Collection scopes) { private static void testFromStreamException(InputStream stream, String expectedMessageContent) { try { - GoogleCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY); + GoogleCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY, null); fail( String.format( "Should throw exception with message containing '%s'", expectedMessageContent)); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index 8a3819d53..fbc3c2d39 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -165,13 +165,13 @@ private GoogleCredentials getSourceCredentials() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountCredentials sourceCredentials = ServiceAccountCredentials.newBuilder() - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setScopes(IMMUTABLE_SCOPES_LIST) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(transportFactory) - .build(); + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setScopes(IMMUTABLE_SCOPES_LIST) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(transportFactory) + .build(); transportFactory.transport.addServiceAccount(SA_CLIENT_EMAIL, ACCESS_TOKEN); return sourceCredentials; @@ -188,7 +188,7 @@ public void fromJson_userAsSource_WithQuotaProjectId() throws IOException { USER_ACCOUNT_CLIENT_SECRET, REFRESH_TOKEN); ImpersonatedCredentials credentials = - ImpersonatedCredentials.fromJson(json, mockTransportFactory); + ImpersonatedCredentials.fromJson(json, mockTransportFactory, null); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId()); @@ -210,7 +210,7 @@ public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException { USER_ACCOUNT_CLIENT_SECRET, REFRESH_TOKEN); ImpersonatedCredentials credentials = - ImpersonatedCredentials.fromJson(json, mockTransportFactory); + ImpersonatedCredentials.fromJson(json, mockTransportFactory, null); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); assertNull(credentials.getQuotaProjectId()); @@ -233,7 +233,7 @@ public void fromJson_userAsSource_MissingDelegatesField() throws IOException { REFRESH_TOKEN); json.remove("delegates"); ImpersonatedCredentials credentials = - ImpersonatedCredentials.fromJson(json, mockTransportFactory); + ImpersonatedCredentials.fromJson(json, mockTransportFactory, null); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); assertNull(credentials.getQuotaProjectId()); @@ -249,7 +249,7 @@ public void fromJson_ServiceAccountAsSource() throws IOException { GenericJson json = buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, QUOTA_PROJECT_ID); ImpersonatedCredentials credentials = - ImpersonatedCredentials.fromJson(json, mockTransportFactory); + ImpersonatedCredentials.fromJson(json, mockTransportFactory, null); assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount()); assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride()); assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId()); @@ -264,7 +264,7 @@ public void fromJson_ServiceAccountAsSource() throws IOException { public void fromJson_InvalidFormat() throws IOException { GenericJson json = buildInvalidCredentialsJson(); try { - ImpersonatedCredentials.fromJson(json, mockTransportFactory); + ImpersonatedCredentials.fromJson(json, mockTransportFactory, null); fail("An exception should be thrown."); } catch (CredentialFormatException e) { assertEquals("An invalid input stream was provided.", e.getMessage()); @@ -577,15 +577,15 @@ public void refreshAccessToken_GMT_dateParsedCorrectly() mockTransportFactory.transport.setExpireTime(getFormattedTime(c.getTime())); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, - IMPERSONATED_CLIENT_EMAIL, - null, - IMMUTABLE_SCOPES_LIST, - VALID_LIFETIME, - mockTransportFactory) - .createWithCustomCalendar( - // Set system timezone to GMT - Calendar.getInstance(TimeZone.getTimeZone("GMT"))); + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + null, + IMMUTABLE_SCOPES_LIST, + VALID_LIFETIME, + mockTransportFactory) + .createWithCustomCalendar( + // Set system timezone to GMT + Calendar.getInstance(TimeZone.getTimeZone("GMT"))); assertTrue( c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli() @@ -603,15 +603,15 @@ public void refreshAccessToken_nonGMT_dateParsedCorrectly() mockTransportFactory.transport.setExpireTime(getFormattedTime(c.getTime())); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, - IMPERSONATED_CLIENT_EMAIL, - null, - IMMUTABLE_SCOPES_LIST, - VALID_LIFETIME, - mockTransportFactory) - .createWithCustomCalendar( - // Set system timezone to one different than GMT - Calendar.getInstance(TimeZone.getTimeZone("America/Los_Angeles"))); + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + null, + IMMUTABLE_SCOPES_LIST, + VALID_LIFETIME, + mockTransportFactory) + .createWithCustomCalendar( + // Set system timezone to one different than GMT + Calendar.getInstance(TimeZone.getTimeZone("America/Los_Angeles"))); assertTrue( c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli() @@ -829,9 +829,9 @@ public void idTokenWithAudience_sameAs() throws IOException { String targetAudience = "https://foo.bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(targetCredentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(targetCredentials) + .setTargetAudience(targetAudience) + .build(); tokenCredential.refresh(); assertEquals(STANDARD_ID_TOKEN, tokenCredential.getAccessToken().getTokenValue()); assertEquals(STANDARD_ID_TOKEN, tokenCredential.getIdToken().getTokenValue()); @@ -860,10 +860,10 @@ public void idTokenWithAudience_withEmail() throws IOException { String targetAudience = "https://foo.bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(targetCredentials) - .setTargetAudience(targetAudience) - .setOptions(Arrays.asList(IdTokenProvider.Option.INCLUDE_EMAIL)) - .build(); + .setIdTokenProvider(targetCredentials) + .setTargetAudience(targetAudience) + .setOptions(Arrays.asList(IdTokenProvider.Option.INCLUDE_EMAIL)) + .build(); tokenCredential.refresh(); assertEquals(TOKEN_WITH_EMAIL, tokenCredential.getAccessToken().getTokenValue()); Payload p = tokenCredential.getIdToken().getJsonWebSignature().getPayload(); @@ -892,9 +892,9 @@ public void idToken_withServerError() { String targetAudience = "https://foo.bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(targetCredentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(targetCredentials) + .setTargetAudience(targetAudience) + .build(); try { tokenCredential.refresh(); fail("Should not be able to use credential without exception."); @@ -925,9 +925,9 @@ public void idToken_withOtherError() { String targetAudience = "https://foo.bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(targetCredentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(targetCredentials) + .setTargetAudience(targetAudience) + .build(); try { tokenCredential.refresh(); fail("Should not be able to use credential without exception."); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index f0c95ef6b..73ce8aca5 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -41,6 +41,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import com.google.api.client.http.HttpRequestInitializer; import com.google.api.client.http.HttpResponseException; import com.google.api.client.json.GenericJson; import com.google.api.client.json.JsonFactory; @@ -55,6 +56,7 @@ import com.google.auth.TestUtils; import com.google.auth.http.AuthHttpConstants; import com.google.auth.http.HttpTransportFactory; +import com.google.auth.http.TimeoutInitializer; import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory; import com.google.common.collect.ImmutableSet; @@ -126,13 +128,13 @@ public class ServiceAccountCredentialsTest extends BaseSerializationTest { private ServiceAccountCredentials.Builder createDefaultBuilder() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); return ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID); } @Test @@ -174,14 +176,14 @@ public void createdScoped_clones() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .build(); List newScopes = Arrays.asList("scope1", "scope2"); ServiceAccountCredentials newCredentials = @@ -204,15 +206,15 @@ public void createdDelegated_clones() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .setQuotaProjectId(QUOTA_PROJECT) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .setQuotaProjectId(QUOTA_PROJECT) + .build(); String newServiceAccountUser = "stranger@other.org"; ServiceAccountCredentials newCredentials = @@ -236,14 +238,14 @@ public void createAssertion_correct() throws IOException { List scopes = Arrays.asList("scope1", "scope2"); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(scopes) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(scopes) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .build(); JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); @@ -265,13 +267,13 @@ public void createAssertion_defaultScopes_correct() throws IOException { List scopes = Arrays.asList("scope1", "scope2"); ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(null, scopes) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(null, scopes) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID); assertEquals(2, builder.getDefaultScopes().size()); ServiceAccountCredentials credentials = builder.build(); @@ -308,13 +310,13 @@ public void createAssertionForIdToken_correct() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .build(); JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); @@ -353,13 +355,13 @@ public void createAssertionForIdToken_incorrect() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .build(); JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); @@ -480,9 +482,10 @@ public void fromJSON_getProjectId() throws IOException { GenericJson json = writeServiceAccountJson( CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, PROJECT_ID, null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); ServiceAccountCredentials credentials = - ServiceAccountCredentials.fromJson(json, transportFactory); + ServiceAccountCredentials.fromJson(json, transportFactory, requestInitializer); assertEquals(PROJECT_ID, credentials.getProjectId()); } @@ -493,9 +496,10 @@ public void fromJSON_getProjectIdNull() throws IOException { GenericJson json = writeServiceAccountJson( CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, null, null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); ServiceAccountCredentials credentials = - ServiceAccountCredentials.fromJson(json, transportFactory); + ServiceAccountCredentials.fromJson(json, transportFactory, requestInitializer); assertNull(credentials.getProjectId()); } @@ -506,8 +510,9 @@ public void fromJSON_hasAccessToken() throws IOException { GenericJson json = writeServiceAccountJson( CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, PROJECT_ID, null); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); - GoogleCredentials credentials = ServiceAccountCredentials.fromJson(json, transportFactory); + GoogleCredentials credentials = ServiceAccountCredentials.fromJson(json, transportFactory, requestInitializer); credentials = credentials.createScoped(SCOPES); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -523,8 +528,9 @@ public void fromJSON_tokenServerUri() throws IOException { writeServiceAccountJson( CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, PROJECT_ID, null); json.put("token_uri", tokenServerUri); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); ServiceAccountCredentials credentials = - ServiceAccountCredentials.fromJson(json, transportFactory); + ServiceAccountCredentials.fromJson(json, transportFactory, requestInitializer); assertEquals(URI.create(tokenServerUri), credentials.getTokenServerUri()); } @@ -535,7 +541,8 @@ public void fromJson_hasQuotaProjectId() throws IOException { GenericJson json = writeServiceAccountJson( CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID, PROJECT_ID, QUOTA_PROJECT); - GoogleCredentials credentials = ServiceAccountCredentials.fromJson(json, transportFactory); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); + GoogleCredentials credentials = ServiceAccountCredentials.fromJson(json, transportFactory, requestInitializer); credentials = credentials.createScoped(SCOPES); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -724,14 +731,14 @@ public void refreshAccessToken_defaultRetriesDisabled() throws IOException { MockTokenServerTransport transport = transportFactory.transport; ServiceAccountCredentials credentials = ServiceAccountCredentials.fromPkcs8( - CLIENT_ID, - CLIENT_EMAIL, - PRIVATE_KEY_PKCS8, - PRIVATE_KEY_ID, - SCOPES, - transportFactory, - null) - .createWithCustomRetryStrategy(false); + CLIENT_ID, + CLIENT_EMAIL, + PRIVATE_KEY_PKCS8, + PRIVATE_KEY_ID, + SCOPES, + transportFactory, + null) + .createWithCustomRetryStrategy(false); transport.addServiceAccount(CLIENT_EMAIL, accessToken1); TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken1); @@ -827,7 +834,7 @@ public void refreshAccessToken_RequestFailure_retried() throws IOException { assertTrue(timeElapsed > 5500 && timeElapsed < 10000); assertTrue( ex.getMessage() - .contains("Error getting access token for service account: Invalid grant")); + .contains("Error getting access token for service account: Invalid grant")); assertTrue(ex.isRetryable()); assertEquals(3, ex.getRetryCount()); assertTrue(ex.getCause() instanceof IOException); @@ -892,9 +899,9 @@ public void idTokenWithAudience_correct() throws IOException { String targetAudience = "https://foo.bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(credentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(credentials) + .setTargetAudience(targetAudience) + .build(); tokenCredential.refresh(); assertEquals(DEFAULT_ID_TOKEN, tokenCredential.getAccessToken().getTokenValue()); assertEquals(DEFAULT_ID_TOKEN, tokenCredential.getIdToken().getTokenValue()); @@ -924,9 +931,9 @@ public void idTokenWithAudience_incorrect() throws IOException { String targetAudience = "https://bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(credentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(credentials) + .setTargetAudience(targetAudience) + .build(); tokenCredential.refresh(); assertNotEquals( targetAudience, @@ -1158,14 +1165,14 @@ public void toString_containsFields() throws IOException { ServiceAccountCredentials.Builder builder = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES, DEFAULT_SCOPES) - .setHttpTransportFactory(transportFactory) - .setTokenServerUri(tokenServer) - .setServiceAccountUser(USER) - .setQuotaProjectId(QUOTA_PROJECT); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES, DEFAULT_SCOPES) + .setHttpTransportFactory(transportFactory) + .setTokenServerUri(tokenServer) + .setServiceAccountUser(USER) + .setQuotaProjectId(QUOTA_PROJECT); OAuth2Credentials credentials = ServiceAccountCredentials.fromPkcs8(PRIVATE_KEY_PKCS8, builder); String expectedToString = @@ -1237,7 +1244,7 @@ public void serialize() throws IOException, ClassNotFoundException { public void fromStream_nullTransport_throws() throws IOException { InputStream stream = new ByteArrayInputStream("foo".getBytes()); try { - ServiceAccountCredentials.fromStream(stream, null); + ServiceAccountCredentials.fromStream(stream, null, null); fail("Should throw if HttpTransportFactory is null"); } catch (NullPointerException expected) { // Expected @@ -1248,7 +1255,7 @@ public void fromStream_nullTransport_throws() throws IOException { public void fromStream_nullStream_throws() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); try { - ServiceAccountCredentials.fromStream(null, transportFactory); + ServiceAccountCredentials.fromStream(null, transportFactory, null); fail("Should throw if InputStream is null"); } catch (NullPointerException expected) { // Expected @@ -1261,9 +1268,10 @@ public void fromStream_providesToken() throws IOException { transportFactory.transport.addServiceAccount(CLIENT_EMAIL, ACCESS_TOKEN); InputStream serviceAccountStream = writeServiceAccountStream(CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID); + HttpRequestInitializer requestInitializer = new TimeoutInitializer(3000, 30000); GoogleCredentials credentials = - ServiceAccountCredentials.fromStream(serviceAccountStream, transportFactory); + ServiceAccountCredentials.fromStream(serviceAccountStream, transportFactory, null); assertNotNull(credentials); credentials = credentials.createScoped(SCOPES); @@ -1305,9 +1313,9 @@ public void getIdTokenWithAudience_badEmailError_issClaimTraced() throws IOExcep String targetAudience = "https://bar"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() - .setIdTokenProvider(credentials) - .setTargetAudience(targetAudience) - .build(); + .setIdTokenProvider(credentials) + .setTargetAudience(targetAudience) + .build(); String expectedErrorMessage = String.format("iss: %s", CLIENT_EMAIL); @@ -1367,16 +1375,16 @@ public void getRequestMetadataSetsQuotaProjectId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .setQuotaProjectId("my-quota-project-id") - .setHttpTransportFactory(transportFactory) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .setQuotaProjectId("my-quota-project-id") + .setHttpTransportFactory(transportFactory) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); assertTrue(metadata.containsKey("x-goog-user-project")); @@ -1394,15 +1402,15 @@ public void getRequestMetadataNoQuotaProjectId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(transportFactory) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(transportFactory) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); assertFalse(metadata.containsKey("x-goog-user-project")); @@ -1417,16 +1425,16 @@ public void getRequestMetadataWithCallback() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .setQuotaProjectId("my-quota-project-id") - .setHttpTransportFactory(transportFactory) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .setQuotaProjectId("my-quota-project-id") + .setHttpTransportFactory(transportFactory) + .build(); final Map> plainMetadata = credentials.getRequestMetadata(); final AtomicBoolean success = new AtomicBoolean(false); @@ -1454,15 +1462,15 @@ public void getRequestMetadata_selfSignedJWT_withScopes() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(new MockTokenServerTransportFactory()) - .setUseJwtAccessWithScope(true) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(new MockTokenServerTransportFactory()) + .setUseJwtAccessWithScope(true) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); verifyJwtAccess(metadata, "dummy.scope"); @@ -1477,16 +1485,16 @@ public void refreshAccessToken_withDomainDelegation_selfSignedJWT_disabled() thr PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(SCOPES) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(transportFactory) - .setUseJwtAccessWithScope(true) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(transportFactory) + .setUseJwtAccessWithScope(true) + .build(); transport.addServiceAccount(CLIENT_EMAIL, accessToken1); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -1509,13 +1517,13 @@ public void getRequestMetadata_selfSignedJWT_withAudience() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(new MockTokenServerTransportFactory()) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(new MockTokenServerTransportFactory()) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); verifyJwtAccess(metadata, null); @@ -1526,15 +1534,15 @@ public void getRequestMetadata_selfSignedJWT_withDefaultScopes() throws IOExcept PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(null, SCOPES) - .setProjectId(PROJECT_ID) - .setHttpTransportFactory(new MockTokenServerTransportFactory()) - .setUseJwtAccessWithScope(true) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(null, SCOPES) + .setProjectId(PROJECT_ID) + .setHttpTransportFactory(new MockTokenServerTransportFactory()) + .setUseJwtAccessWithScope(true) + .build(); Map> metadata = credentials.getRequestMetadata(null); verifyJwtAccess(metadata, "dummy.scope"); @@ -1545,16 +1553,16 @@ public void getRequestMetadataWithCallback_selfSignedJWT() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); GoogleCredentials credentials = ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setProjectId(PROJECT_ID) - .setQuotaProjectId("my-quota-project-id") - .setHttpTransportFactory(new MockTokenServerTransportFactory()) - .setUseJwtAccessWithScope(true) - .setScopes(SCOPES) - .build(); + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setProjectId(PROJECT_ID) + .setQuotaProjectId("my-quota-project-id") + .setHttpTransportFactory(new MockTokenServerTransportFactory()) + .setUseJwtAccessWithScope(true) + .setScopes(SCOPES) + .build(); final AtomicBoolean success = new AtomicBoolean(false); credentials.getRequestMetadata( @@ -1647,7 +1655,7 @@ static InputStream writeServiceAccountStream( private static void testFromStreamException(InputStream stream, String expectedMessageContent) { try { - ServiceAccountCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY); + ServiceAccountCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY, null); fail( String.format( "Should throw exception with message containing '%s'", expectedMessageContent)); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java index 5020317f2..084f57b94 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java @@ -100,12 +100,12 @@ public void constructor_allParameters_constructs() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setQuotaProjectId(QUOTA_PROJECT) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setQuotaProjectId(QUOTA_PROJECT) + .build(); assertEquals(SA_CLIENT_ID, credentials.getClientId()); assertEquals(SA_CLIENT_EMAIL, credentials.getClientEmail()); @@ -118,20 +118,20 @@ public void constructor_allParameters_constructs() throws IOException { public void constructor_noClientId_constructs() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials.newBuilder() - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); } @Test public void constructor_noPrivateKeyId_constructs() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .build(); } @Test @@ -139,10 +139,10 @@ public void constructor_noEmail_throws() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); try { ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); fail("exception expected"); } catch (NullPointerException e) { // Expected @@ -153,10 +153,10 @@ public void constructor_noEmail_throws() throws IOException { public void constructor_noPrivateKey_throws() { try { ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); fail("exception expected"); } catch (NullPointerException e) { // Expected @@ -192,11 +192,11 @@ public void getRequestMetadata_blocking_hasJwtAccess() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -208,12 +208,12 @@ public void getRequestMetadata_blocking_defaultURI_hasJwtAccess() throws IOExcep PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); Credentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); Map> metadata = credentials.getRequestMetadata(); @@ -225,11 +225,11 @@ public void getRequestMetadata_blocking_noURI_throws() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); try { credentials.getRequestMetadata(); @@ -246,11 +246,11 @@ public void getRequestMetadata_blocking_cached() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); credentials.clock = testClock; Map> metadata1 = credentials.getRequestMetadata(CALL_URI); @@ -271,11 +271,11 @@ public void getRequestMetadata_blocking_cache_expired() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); credentials.clock = testClock; Map> metadata1 = credentials.getRequestMetadata(CALL_URI); @@ -294,11 +294,11 @@ public void getRequestMetadata_async_hasJwtAccess() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); MockExecutor executor = new MockExecutor(); MockRequestMetadataCallback callback = new MockRequestMetadataCallback(); @@ -313,12 +313,12 @@ public void getRequestMetadata_async_defaultURI_hasJwtAccess() throws IOExceptio PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); Credentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); MockExecutor executor = new MockExecutor(); MockRequestMetadataCallback callback = new MockRequestMetadataCallback(); @@ -333,11 +333,11 @@ public void getRequestMetadata_async_noURI_exception() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); MockExecutor executor = new MockExecutor(); MockRequestMetadataCallback callback = new MockRequestMetadataCallback(); @@ -353,11 +353,11 @@ public void getRequestMetadata_async_cache_expired() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); credentials.clock = testClock; MockExecutor executor = new MockExecutor(); @@ -381,11 +381,11 @@ public void getRequestMetadata_async_cached() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); credentials.clock = testClock; MockExecutor executor = new MockExecutor(); @@ -407,13 +407,13 @@ public void getRequestMetadata_contains_quotaProjectId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); Credentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .setQuotaProjectId(QUOTA_PROJECT) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .setQuotaProjectId(QUOTA_PROJECT) + .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); assertTrue(metadata.containsKey(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); @@ -427,11 +427,11 @@ public void getAccount_sameAs() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); assertEquals(SA_CLIENT_EMAIL, credentials.getAccount()); } @@ -442,11 +442,11 @@ public void sign_sameAs() byte[] toSign = {0xD, 0xE, 0xA, 0xD}; ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); byte[] signedBytes = credentials.sign(toSign); Signature signature = Signature.getInstance(OAuth2Utils.SIGNATURE_ALGORITHM); signature.initSign(credentials.getPrivateKey()); @@ -459,20 +459,20 @@ public void equals_true() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); assertTrue(credentials.equals(otherCredentials)); assertTrue(otherCredentials.equals(credentials)); } @@ -482,20 +482,20 @@ public void equals_false_clientId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId("otherClientId") - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId("otherClientId") + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); assertFalse(credentials.equals(otherCredentials)); assertFalse(otherCredentials.equals(credentials)); } @@ -505,20 +505,20 @@ public void equals_false_email() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail("otherClientEmail") - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail("otherClientEmail") + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); assertFalse(credentials.equals(otherCredentials)); assertFalse(otherCredentials.equals(credentials)); } @@ -528,20 +528,20 @@ public void equals_false_keyId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId("otherKeyId") - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId("otherKeyId") + .setDefaultAudience(CALL_URI) + .build(); assertFalse(credentials.equals(otherCredentials)); assertFalse(otherCredentials.equals(credentials)); } @@ -552,20 +552,20 @@ public void equals_false_callUri() throws IOException { final URI otherCallUri = URI.create("https://foo.com/bar"); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(otherCallUri) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(otherCallUri) + .build(); assertFalse(credentials.equals(otherCredentials)); assertFalse(otherCredentials.equals(credentials)); } @@ -575,13 +575,13 @@ public void toString_containsFields() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .setQuotaProjectId(QUOTA_PROJECT) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .setQuotaProjectId(QUOTA_PROJECT) + .build(); String expectedToString = String.format( "ServiceAccountJwtAccessCredentials{clientId=%s, clientEmail=%s, privateKeyId=%s, " @@ -595,20 +595,20 @@ public void hashCode_equals() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials otherCredentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); assertEquals(credentials.hashCode(), otherCredentials.hashCode()); } @@ -617,12 +617,12 @@ public void serialize() throws IOException, ClassNotFoundException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(CALL_URI) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(CALL_URI) + .build(); ServiceAccountJwtAccessCredentials deserializedCredentials = serializeAndDeserialize(credentials); verifyJwtAccess( @@ -637,7 +637,7 @@ public void serialize() throws IOException, ClassNotFoundException { public void fromStream_nullStream_throws() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); try { - ServiceAccountCredentials.fromStream(null, transportFactory); + ServiceAccountCredentials.fromStream(null, transportFactory, null); fail("Should throw if InputStream is null"); } catch (NullPointerException expected) { // Expected @@ -712,11 +712,11 @@ public void jwtWithClaims_overrideAudience() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); Credentials withAudience = credentials.jwtWithClaims(JwtClaims.newBuilder().setAudience("new-audience").build()); @@ -730,11 +730,11 @@ public void jwtWithClaims_noAudience() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .build(); try { credentials.jwtWithClaims(JwtClaims.newBuilder().build()); fail("Expected to throw exception for missing audience"); @@ -748,12 +748,12 @@ public void jwtWithClaims_defaultAudience() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(URI.create("default-audience")) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(URI.create("default-audience")) + .build(); Credentials withAudience = credentials.jwtWithClaims(JwtClaims.newBuilder().build()); Map> metadata = withAudience.getRequestMetadata(CALL_URI); @@ -765,13 +765,13 @@ public void getRequestMetadataSetsQuotaProjectId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setQuotaProjectId("my-quota-project-id") - .setDefaultAudience(URI.create("default-audience")) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setQuotaProjectId("my-quota-project-id") + .setDefaultAudience(URI.create("default-audience")) + .build(); Map> metadata = credentials.getRequestMetadata(); assertTrue(metadata.containsKey("x-goog-user-project")); @@ -785,12 +785,12 @@ public void getRequestMetadataNoQuotaProjectId() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setDefaultAudience(URI.create("default-audience")) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setDefaultAudience(URI.create("default-audience")) + .build(); Map> metadata = credentials.getRequestMetadata(); assertFalse(metadata.containsKey("x-goog-user-project")); @@ -801,13 +801,13 @@ public void getRequestMetadataWithCallback() throws IOException { PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .setQuotaProjectId("my-quota-project-id") - .setDefaultAudience(URI.create("default-audience")) - .build(); + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID) + .setQuotaProjectId("my-quota-project-id") + .setDefaultAudience(URI.create("default-audience")) + .build(); final Map> plainMetadata = credentials.getRequestMetadata(); final AtomicBoolean success = new AtomicBoolean(false);