Search in sources :

Example 6 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method serviceAccountWithScopeNotToJwt.

@Test
public void serviceAccountWithScopeNotToJwt() throws Exception {
    final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE));
    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, "email@example.com", pair.getPrivate(), null, Arrays.asList("somescope")) {

        @Override
        public AccessToken refreshAccessToken() {
            return token;
        }
    };
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(method, attrs, executor, applier);
    assertEquals(1, runPendingRunnables());
    verify(applier).apply(headersCaptor.capture());
    Metadata headers = headersCaptor.getValue();
    Iterable<String> authorization = headers.getAll(AUTHORIZATION);
    assertArrayEquals(new String[] { "Bearer allyourbase" }, Iterables.toArray(authorization, String.class));
}
Also used : KeyPair(java.security.KeyPair) AccessToken(com.google.auth.oauth2.AccessToken) Metadata(io.grpc.Metadata) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Date(java.util.Date) Test(org.junit.Test)

Example 7 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method serviceAccountToJwt.

@Test
public void serviceAccountToJwt() throws Exception {
    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, "email@example.com", pair.getPrivate(), null, null) {

        @Override
        public AccessToken refreshAccessToken() {
            throw new AssertionError();
        }
    };
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(method, attrs, executor, applier);
    assertEquals(1, runPendingRunnables());
    verify(applier).apply(headersCaptor.capture());
    Metadata headers = headersCaptor.getValue();
    String[] authorization = Iterables.toArray(headers.getAll(AUTHORIZATION), String.class);
    assertEquals(1, authorization.length);
    assertTrue(authorization[0], authorization[0].startsWith("Bearer "));
    // JWT is reasonably long. Normal tokens aren't.
    assertTrue(authorization[0], authorization[0].length() > 300);
}
Also used : KeyPair(java.security.KeyPair) Metadata(io.grpc.Metadata) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Test(org.junit.Test)

Example 8 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.

the class AbstractInteropTest method serviceAccountCreds.

/** Sends a large unary rpc with service account credentials. */
public void serviceAccountCreds(String jsonKey, InputStream credentialsStream, String authScope) throws Exception {
    // cast to ServiceAccountCredentials to double-check the right type of object was created.
    GoogleCredentials credentials = ServiceAccountCredentials.class.cast(GoogleCredentials.fromStream(credentialsStream));
    credentials = credentials.createScoped(Arrays.<String>asList(authScope));
    TestServiceGrpc.TestServiceBlockingStub stub = blockingStub.withCallCredentials(MoreCallCredentials.from(credentials));
    final SimpleRequest request = SimpleRequest.newBuilder().setFillUsername(true).setFillOauthScope(true).setResponseSize(314159).setResponseType(PayloadType.COMPRESSABLE).setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[271828]))).build();
    final SimpleResponse response = stub.unaryCall(request);
    assertFalse(response.getUsername().isEmpty());
    assertTrue("Received username: " + response.getUsername(), jsonKey.contains(response.getUsername()));
    assertFalse(response.getOauthScope().isEmpty());
    assertTrue("Received oauth scope: " + response.getOauthScope(), authScope.contains(response.getOauthScope()));
    final SimpleResponse goldenResponse = SimpleResponse.newBuilder().setOauthScope(response.getOauthScope()).setUsername(response.getUsername()).setPayload(Payload.newBuilder().setType(PayloadType.COMPRESSABLE).setBody(ByteString.copyFrom(new byte[314159]))).build();
    assertEquals(goldenResponse, response);
}
Also used : SimpleResponse(io.grpc.testing.integration.Messages.SimpleResponse) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) ByteString(com.google.protobuf.ByteString) SimpleRequest(io.grpc.testing.integration.Messages.SimpleRequest)

Example 9 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project google-cloud-java by GoogleCloudPlatform.

the class StorageImplTest method testSignUrlLeadingSlash.

@Test
public void testSignUrlLeadingSlash() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
    String blobName = "/b1";
    EasyMock.replay(storageRpcMock);
    ServiceAccountCredentials credentials = new ServiceAccountCredentials(null, ACCOUNT, privateKey, null, null);
    storage = options.toBuilder().setCredentials(credentials).build().getService();
    URL url = storage.signUrl(BlobInfo.newBuilder(BUCKET_NAME1, blobName).build(), 14, TimeUnit.DAYS);
    String escapedBlobName = UrlEscapers.urlFragmentEscaper().escape(blobName);
    String stringUrl = url.toString();
    String expectedUrl = new StringBuilder("https://storage.googleapis.com/").append(BUCKET_NAME1).append(escapedBlobName).append("?GoogleAccessId=").append(ACCOUNT).append("&Expires=").append(42L + 1209600).append("&Signature=").toString();
    assertTrue(stringUrl.startsWith(expectedUrl));
    String signature = stringUrl.substring(expectedUrl.length());
    StringBuilder signedMessageBuilder = new StringBuilder();
    signedMessageBuilder.append(HttpMethod.GET).append("\n\n\n").append(42L + 1209600).append("\n/").append(BUCKET_NAME1).append(escapedBlobName);
    Signature signer = Signature.getInstance("SHA256withRSA");
    signer.initVerify(publicKey);
    signer.update(signedMessageBuilder.toString().getBytes(UTF_8));
    assertTrue(signer.verify(BaseEncoding.base64().decode(URLDecoder.decode(signature, UTF_8.name()))));
}
Also used : Signature(java.security.Signature) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) URL(java.net.URL) Test(org.junit.Test)

Example 10 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project zhcet-web by zhcet-amu.

the class FirebaseService method initializeFirebase.

private void initializeFirebase() throws IOException {
    try {
        String messagingScope = "https://www.googleapis.com/auth/firebase.messaging";
        googleCredential = GoogleCredential.fromStream(firebaseLocator.getServiceAccountStream()).createScoped(Collections.singletonList(messagingScope));
        GoogleCredentials googleCredentials = GoogleCredentials.fromStream(firebaseLocator.getServiceAccountStream());
        projectId = ((ServiceAccountCredentials) googleCredentials).getProjectId();
        if (projectId == null)
            throw new RuntimeException("Project ID must not be null");
        FirebaseOptions options = new FirebaseOptions.Builder().setCredentials(googleCredentials).setDatabaseUrl(getDatabaseUrl()).setStorageBucket(getStorageBucket()).build();
        FirebaseApp.initializeApp(options);
        log.info(ConsoleHelper.green("Firebase Initialized"));
    } catch (IllegalStateException ise) {
        log.info(ConsoleHelper.yellow("Firebase already initialized"));
    } catch (IllegalArgumentException e) {
        uninitialized = true;
        log.error("Firebase couldn't be initialized", e);
    }
}
Also used : GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) FirebaseOptions(com.google.firebase.FirebaseOptions)

Aggregations

ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)8 Test (org.junit.Test)7 URL (java.net.URL)5 Signature (java.security.Signature)5 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)2 Metadata (io.grpc.Metadata)2 SimpleRequest (io.grpc.testing.integration.Messages.SimpleRequest)2 SimpleResponse (io.grpc.testing.integration.Messages.SimpleResponse)2 KeyPair (java.security.KeyPair)2 AccessToken (com.google.auth.oauth2.AccessToken)1 FirebaseOptions (com.google.firebase.FirebaseOptions)1 ByteString (com.google.protobuf.ByteString)1 Date (java.util.Date)1