use of com.google.auth.oauth2.ServiceAccountCredentials in project google-cloud-java by GoogleCloudPlatform.
the class StorageImplTest method testSignUrlWithOptions.
@Test
public void testSignUrlWithOptions() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
EasyMock.replay(storageRpcMock);
ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, ACCOUNT, privateKey, null, null);
storage = options.toBuilder().setCredentials(credentials).build().getService();
URL url = storage.signUrl(BLOB_INFO1, 14, TimeUnit.DAYS, Storage.SignUrlOption.httpMethod(HttpMethod.POST), Storage.SignUrlOption.withContentType(), Storage.SignUrlOption.withMd5());
String stringUrl = url.toString();
String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append('/').append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
assertTrue(stringUrl.startsWith(expectedUrl));
String signature = stringUrl.substring(expectedUrl.length());
StringBuilder signedMessageBuilder = new StringBuilder();
signedMessageBuilder.append(HttpMethod.POST).append('\n').append(BLOB_INFO1.getMd5()).append('\n').append(BLOB_INFO1.getContentType()).append('\n').append(42L + 1209600).append("\n/").append(BUCKET_NAME1).append('/').append(BLOB_NAME1);
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(publicKey);
signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
assertTrue(signer.verify(BaseEncoding.base64().decode(URLDecoder.decode(signature, UTF_8.name()))));
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project google-cloud-java by GoogleCloudPlatform.
the class StorageImplTest method testSignUrl.
@Test
public void testSignUrl() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
EasyMock.replay(storageRpcMock);
ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, ACCOUNT, privateKey, null, null);
storage = options.toBuilder().setCredentials(credentials).build().getService();
URL url = storage.signUrl(BLOB_INFO1, 14, TimeUnit.DAYS);
String stringUrl = url.toString();
String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append('/').append(BLOB_NAME1).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
assertTrue(stringUrl.startsWith(expectedUrl));
String signature = stringUrl.substring(expectedUrl.length());
StringBuilder signedMessageBuilder = new StringBuilder();
signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/").append(BUCKET_NAME1).append('/').append(BLOB_NAME1);
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(publicKey);
signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
assertTrue(signer.verify(BaseEncoding.base64().decode(URLDecoder.decode(signature, UTF_8.name()))));
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project google-cloud-java by GoogleCloudPlatform.
the class StorageImplTest method testSignUrlForBlobWithSpecialChars.
@Test
public void testSignUrlForBlobWithSpecialChars() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
// List of chars under test were taken from
// https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
char[] specialChars = new char[] { '!', '#', '$', '&', '\'', '(', ')', '*', '+', ',', ':', ';', '=', '?', '@', '[', ']' };
EasyMock.replay(storageRpcMock);
ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, ACCOUNT, privateKey, null, null);
storage = options.toBuilder().setCredentials(credentials).build().getService();
for (char specialChar : specialChars) {
String blobName = "/a" + specialChar + "b";
URL url = storage.signUrl(BlobInfo.newBuilder(BUCKET_NAME1, blobName).build(), 14, TimeUnit.DAYS);
String escapedBlobName = UrlEscapers.urlFragmentEscaper().escape(blobName).replace("?", "%3F");
String stringUrl = url.toString();
String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append(escapedBlobName).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
assertTrue(stringUrl.startsWith(expectedUrl));
String signature = stringUrl.substring(expectedUrl.length());
StringBuilder signedMessageBuilder = new StringBuilder();
signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/").append(BUCKET_NAME1).append(escapedBlobName);
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(publicKey);
signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
assertTrue(signer.verify(BaseEncoding.base64().decode(URLDecoder.decode(signature, UTF_8.name()))));
}
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project google-cloud-java by GoogleCloudPlatform.
the class StorageImplTest method testSignUrlForBlobWithSlashes.
@Test
public void testSignUrlForBlobWithSlashes() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
EasyMock.replay(storageRpcMock);
ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, ACCOUNT, privateKey, null, null);
storage = options.toBuilder().setCredentials(credentials).build().getService();
String blobName = "/foo/bar/baz #%20other cool stuff.txt";
URL url = storage.signUrl(BlobInfo.newBuilder(BUCKET_NAME1, blobName).build(), 14, TimeUnit.DAYS);
String escapedBlobName = UrlEscapers.urlFragmentEscaper().escape(blobName);
String stringUrl = url.toString();
String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append(escapedBlobName).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
assertTrue(stringUrl.startsWith(expectedUrl));
String signature = stringUrl.substring(expectedUrl.length());
StringBuilder signedMessageBuilder = new StringBuilder();
signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/").append(BUCKET_NAME1).append(escapedBlobName);
Signature signer = Signature.getInstance("SHA256withRSA");
signer.initVerify(publicKey);
signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
assertTrue(signer.verify(BaseEncoding.base64().decode(URLDecoder.decode(signature, UTF_8.name()))));
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project java-docs-samples by GoogleCloudPlatform.
the class BuildIapRequest method buildIapRequest.
/**
* Clone request and add an IAP Bearer Authorization header with signed JWT token.
*
* @param request Request to add authorization header
* @param iapClientId OAuth 2.0 client ID for IAP protected resource
* @return Clone of request with Bearer style authorization header with signed jwt token.
* @throws Exception exception creating signed JWT
*/
public static HttpRequest buildIapRequest(HttpRequest request, String iapClientId) throws Exception {
// get service account credentials
ServiceAccountCredentials credentials = getCredentials();
// get the base url of the request URL
String jwt = getSignedJwt(credentials, iapClientId);
if (jwt == null) {
throw new Exception("Unable to create a signed jwt token for : " + iapClientId + "with issuer : " + credentials.getClientEmail());
}
String idToken = getGoogleIdToken(jwt);
if (idToken == null) {
throw new Exception("Unable to retrieve open id token");
}
// Create an authorization header with bearer token
HttpHeaders httpHeaders = request.getHeaders().clone().setAuthorization("Bearer " + idToken);
// create request with jwt authorization header
return httpTransport.createRequestFactory().buildRequest(request.getRequestMethod(), request.getUrl(), request.getContent()).setHeaders(httpHeaders);
}
Aggregations