Search in sources :

Example 11 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project google-auth-library-java by google.

the class ServiceAccountCredentialsTest method refreshAccessToken_retriesForbiddenError.

@Test
public void refreshAccessToken_retriesForbiddenError() throws IOException {
    final String accessToken1 = "1/MkSJoj1xsli0AccessToken_NKPY2";
    final String accessToken2 = "2/MkSJoj1xsli0AccessToken_NKPY2";
    MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
    MockTokenServerTransport transport = transportFactory.transport;
    ServiceAccountCredentials credentials = ServiceAccountCredentials.fromPkcs8(SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, transportFactory, null);
    transport.addServiceAccount(SA_CLIENT_EMAIL, accessToken1);
    TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken1);
    transport.addResponseSequence(new MockLowLevelHttpResponse().setStatusCode(403));
    transport.addServiceAccount(SA_CLIENT_EMAIL, accessToken2);
    credentials.refresh();
    TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken2);
}
Also used : MockLowLevelHttpResponse(com.google.api.client.testing.http.MockLowLevelHttpResponse) MockTokenServerTransportFactory(com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory) Test(org.junit.Test)

Example 12 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method jwtAccessCredentialsInRequestMetadata.

@Test
public void jwtAccessCredentialsInRequestMetadata() throws Exception {
    KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder().setClientId("test-client").setClientEmail("test-email@example.com").setPrivateKey(pair.getPrivate()).setPrivateKeyId("test-private-key-id").build();
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(new RequestInfoImpl("example.com:123"), executor, applier);
    verify(applier).apply(headersCaptor.capture());
    Metadata headers = headersCaptor.getValue();
    String token = Iterables.getOnlyElement(headers.getAll(AUTHORIZATION)).substring("Bearer ".length());
    String[] parts = token.split("\\.", 3);
    String jsonHeader = new String(BaseEncoding.base64Url().decode(parts[0]), US_ASCII);
    String jsonPayload = new String(BaseEncoding.base64Url().decode(parts[1]), US_ASCII);
    Map<?, ?> header = (Map<?, ?>) JsonParser.parse(jsonHeader);
    assertEquals("test-private-key-id", header.get("kid"));
    Map<?, ?> payload = (Map<?, ?>) JsonParser.parse(jsonPayload);
    // google-auth-library-java 0.25.2 began stripping the grpc service name from the audience.
    // Allow tests to pass with both the old and new versions for a while to avoid an atomic upgrade
    // everywhere google-auth-library-java is used.
    assertTrue("https://example.com/".equals(payload.get("aud")) || "https://example.com:123/a.service".equals(payload.get("aud")));
    assertEquals("test-email@example.com", payload.get("iss"));
    assertEquals("test-email@example.com", payload.get("sub"));
}
Also used : KeyPair(java.security.KeyPair) Metadata(io.grpc.Metadata) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Map(java.util.Map) Test(org.junit.Test)

Example 13 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project grpc-java by grpc.

the class AbstractInteropTest method jwtTokenCreds.

/**
 * Test JWT-based auth.
 */
public void jwtTokenCreds(InputStream serviceAccountJson) throws Exception {
    final SimpleRequest request = SimpleRequest.newBuilder().setResponseSize(314159).setPayload(Payload.newBuilder().setBody(ByteString.copyFrom(new byte[271828]))).setFillUsername(true).build();
    ServiceAccountCredentials credentials = (ServiceAccountCredentials) GoogleCredentials.fromStream(serviceAccountJson);
    TestServiceGrpc.TestServiceBlockingStub stub = blockingStub.withCallCredentials(MoreCallCredentials.from(credentials));
    SimpleResponse response = stub.unaryCall(request);
    assertEquals(credentials.getClientEmail(), response.getUsername());
    assertEquals(314159, response.getPayload().getBody().size());
}
Also used : SimpleResponse(io.grpc.testing.integration.Messages.SimpleResponse) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) SimpleRequest(io.grpc.testing.integration.Messages.SimpleRequest)

Example 14 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project thingsboard by thingsboard.

the class TbPubSubSettings method init.

@PostConstruct
private void init() throws IOException {
    ServiceAccountCredentials credentials = ServiceAccountCredentials.fromStream(new ByteArrayInputStream(serviceAccount.getBytes()));
    credentialsProvider = FixedCredentialsProvider.create(credentials);
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) PostConstruct(javax.annotation.PostConstruct)

Example 15 with ServiceAccountCredentials

use of com.google.auth.oauth2.ServiceAccountCredentials in project thingsboard by thingsboard.

the class TbPubSubNode method initPubSubClient.

private Publisher initPubSubClient() throws IOException {
    ProjectTopicName topicName = ProjectTopicName.of(config.getProjectId(), config.getTopicName());
    ServiceAccountCredentials credentials = ServiceAccountCredentials.fromStream(new ByteArrayInputStream(config.getServiceAccountKey().getBytes()));
    CredentialsProvider credProvider = FixedCredentialsProvider.create(credentials);
    return Publisher.newBuilder(topicName).setCredentialsProvider(credProvider).build();
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) ProjectTopicName(com.google.pubsub.v1.ProjectTopicName) FixedCredentialsProvider(com.google.api.gax.core.FixedCredentialsProvider) CredentialsProvider(com.google.api.gax.core.CredentialsProvider)

Aggregations

Test (org.junit.Test)18 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)12 MockTokenServerTransportFactory (com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory)10 URL (java.net.URL)5 Signature (java.security.Signature)5 MockLowLevelHttpResponse (com.google.api.client.testing.http.MockLowLevelHttpResponse)3 Metadata (io.grpc.Metadata)3 KeyPair (java.security.KeyPair)3 GenericJson (com.google.api.client.json.GenericJson)2 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)2 SimpleRequest (io.grpc.testing.integration.Messages.SimpleRequest)2 SimpleResponse (io.grpc.testing.integration.Messages.SimpleResponse)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 URI (java.net.URI)2 HttpHeaders (com.google.api.client.http.HttpHeaders)1 FixedClock (com.google.api.client.testing.http.FixedClock)1 CredentialsProvider (com.google.api.gax.core.CredentialsProvider)1 FixedCredentialsProvider (com.google.api.gax.core.FixedCredentialsProvider)1 HttpTransportFactory (com.google.auth.http.HttpTransportFactory)1