use of com.google.auth.oauth2.ServiceAccountCredentials in project google-auth-library-java by google.
the class ServiceAccountCredentialsTest method refreshAccessToken_retriesForbiddenError.
@Test
public void refreshAccessToken_retriesForbiddenError() throws IOException {
final String accessToken1 = "1/MkSJoj1xsli0AccessToken_NKPY2";
final String accessToken2 = "2/MkSJoj1xsli0AccessToken_NKPY2";
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
MockTokenServerTransport transport = transportFactory.transport;
ServiceAccountCredentials credentials = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, transportFactory, null);
transport.addServiceAccount(SA_CLIENT_EMAIL, accessToken1);
TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken1);
transport.addResponseSequence(new MockLowLevelHttpResponse().setStatusCode(403));
transport.addServiceAccount(SA_CLIENT_EMAIL, accessToken2);
credentials.refresh();
TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken2);
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.
the class GoogleAuthLibraryCallCredentialsTest method jwtAccessCredentialsInRequestMetadata.
@Test
public void jwtAccessCredentialsInRequestMetadata() throws Exception {
KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder().setClientId("test-client").setClientEmail("test-email@example.com").setPrivateKey(pair.getPrivate()).setPrivateKeyId("test-private-key-id").build();
GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
callCredentials.applyRequestMetadata(new RequestInfoImpl("example.com:123"), executor, applier);
verify(applier).apply(headersCaptor.capture());
Metadata headers = headersCaptor.getValue();
String token = Iterables.getOnlyElement(headers.getAll(AUTHORIZATION)).substring("Bearer ".length());
String[] parts = token.split("\\.", 3);
String jsonHeader = new String(BaseEncoding.base64Url().decode(parts[0]), US_ASCII);
String jsonPayload = new String(BaseEncoding.base64Url().decode(parts[1]), US_ASCII);
Map<?, ?> header = (Map<?, ?>) JsonParser.parse(jsonHeader);
assertEquals("test-private-key-id", header.get("kid"));
Map<?, ?> payload = (Map<?, ?>) JsonParser.parse(jsonPayload);
// google-auth-library-java 0.25.2 began stripping the grpc service name from the audience.
// Allow tests to pass with both the old and new versions for a while to avoid an atomic upgrade
// everywhere google-auth-library-java is used.
assertTrue("https://example.com/".equals(payload.get("aud")) || "https://example.com:123/a.service".equals(payload.get("aud")));
assertEquals("test-email@example.com", payload.get("iss"));
assertEquals("test-email@example.com", payload.get("sub"));
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.
the class AbstractInteropTest method jwtTokenCreds.
/**
* Test JWT-based auth.
*/
public void jwtTokenCreds(InputStream serviceAccountJson) throws Exception {
final SimpleRequest request = SimpleRequest.newBuilder().setResponseSize(314159).setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[271828]))).setFillUsername(true).build();
ServiceAccountCredentials credentials = (ServiceAccountCredentials) GoogleCredentials.fromStream(serviceAccountJson);
TestServiceGrpc.TestServiceBlockingStub stub = blockingStub.withCallCredentials(MoreCallCredentials.from(credentials));
SimpleResponse response = stub.unaryCall(request);
assertEquals(credentials.getClientEmail(), response.getUsername());
assertEquals(314159, response.getPayload().getBody().size());
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project thingsboard by thingsboard.
the class TbPubSubSettings method init.
@PostConstruct
private void init() throws IOException {
ServiceAccountCredentials credentials = ServiceAccountCredentials.fromStream(new ByteArrayInputStream(serviceAccount.getBytes()));
credentialsProvider = FixedCredentialsProvider.create(credentials);
}
use of com.google.auth.oauth2.ServiceAccountCredentials in project thingsboard by thingsboard.
the class TbPubSubNode method initPubSubClient.
private Publisher initPubSubClient() throws IOException {
ProjectTopicName topicName = ProjectTopicName.of(config.getProjectId(), config.getTopicName());
ServiceAccountCredentials credentials = ServiceAccountCredentials.fromStream(new ByteArrayInputStream(config.getServiceAccountKey().getBytes()));
CredentialsProvider credProvider = FixedCredentialsProvider.create(credentials);
return Publisher.newBuilder(topicName).setCredentialsProvider(credProvider).build();
}
Aggregations