Search in sources :

Example 86 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method googleCredential_integrityDenied.

@Test
public void googleCredential_integrityDenied() {
    final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE));
    final Credentials credentials = GoogleCredentials.create(token);
    // Anything less than PRIVACY_AND_INTEGRITY should fail
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(new RequestInfoImpl(SecurityLevel.INTEGRITY), executor, applier);
    runPendingRunnables();
    verify(applier).fail(statusCaptor.capture());
    Status status = statusCaptor.getValue();
    assertEquals(Status.Code.UNAUTHENTICATED, status.getCode());
}
Also used : Status(io.grpc.Status) AccessToken(com.google.auth.oauth2.AccessToken) Date(java.util.Date) Credentials(com.google.auth.Credentials) CallCredentials(io.grpc.CallCredentials) OAuth2Credentials(com.google.auth.oauth2.OAuth2Credentials) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Test(org.junit.Test)

Example 87 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project grpc-java by grpc.

the class GoogleAuthLibraryCallCredentialsTest method googleCredential_privacyAndIntegrityAllowed.

@Test
public void googleCredential_privacyAndIntegrityAllowed() {
    final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE));
    final Credentials credentials = GoogleCredentials.create(token);
    GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials);
    callCredentials.applyRequestMetadata(new RequestInfoImpl(SecurityLevel.PRIVACY_AND_INTEGRITY), executor, applier);
    runPendingRunnables();
    verify(applier).apply(headersCaptor.capture());
    Metadata headers = headersCaptor.getValue();
    Iterable<String> authorization = headers.getAll(AUTHORIZATION);
    assertArrayEquals(new String[] { "Bearer allyourbase" }, Iterables.toArray(authorization, String.class));
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) Metadata(io.grpc.Metadata) Date(java.util.Date) Credentials(com.google.auth.Credentials) CallCredentials(io.grpc.CallCredentials) OAuth2Credentials(com.google.auth.oauth2.OAuth2Credentials) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) Test(org.junit.Test)

Example 88 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project cdap by cdapio.

the class ComputeEngineCredentials method getAccessTokenRemotely.

private AccessToken getAccessTokenRemotely(String endPoint) throws IOException {
    URL url = new URL(endPoint);
    HttpURLConnection connection = (HttpURLConnection) url.openConnection();
    if (connection instanceof HttpsURLConnection) {
        // TODO (CDAP-18047) enable ssl verification
        disableVerifySSL(((HttpsURLConnection) connection));
    }
    connection.connect();
    try (Reader reader = new InputStreamReader(connection.getInputStream(), StandardCharsets.UTF_8)) {
        if (connection.getResponseCode() != HttpResponseStatus.OK.code()) {
            throw new IOException(CharStreams.toString(reader));
        }
        GenericData token = GSON.fromJson(reader, GenericData.class);
        if (!token.containsKey(ACCESS_TOKEN_KEY) || !token.containsKey(EXPIRES_IN_KEY)) {
            throw new IOException("Received invalid token");
        }
        String key = token.get(ACCESS_TOKEN_KEY).toString();
        Double expiration = Double.parseDouble(token.get(EXPIRES_IN_KEY).toString());
        long expiresAtMilliseconds = System.currentTimeMillis() + expiration.longValue() * 1000;
        return new AccessToken(key, new Date(expiresAtMilliseconds));
    } finally {
        connection.disconnect();
    }
}
Also used : HttpURLConnection(java.net.HttpURLConnection) InputStreamReader(java.io.InputStreamReader) AccessToken(com.google.auth.oauth2.AccessToken) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) IOException(java.io.IOException) GenericData(com.google.api.client.util.GenericData) URL(java.net.URL) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) Date(java.util.Date)

Example 89 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project cdap by cdapio.

the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorReturnsValidAccessToken.

@Test
public void testRemoteAuthenticatorReturnsValidAccessToken() throws Exception {
    String accessTokenValue = "access-token";
    // This is just an arbitrary fixed point in time.
    Instant fixedInstant = Instant.ofEpochSecond(1646358109);
    Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
    GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
    AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
    when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
    GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, accessToken);
    // Verify expected credential value and that refresh was not called.
    Credential credential = gcpRemoteAuthenticator.getCredentials();
    Assert.assertEquals(accessTokenValue, credential.getValue());
    verify(mockGoogleCredentials, times(0)).refreshAccessToken();
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) AccessToken(com.google.auth.oauth2.AccessToken) Instant(java.time.Instant) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Clock(java.time.Clock) Test(org.junit.Test)

Example 90 with AccessToken

use of org.glassfish.jersey.client.oauth1.AccessToken in project terra-cli by DataBiosphere.

the class User method requiresReauthentication.

/**
 * Return true if the user credentials are expired or do not exist on disk.
 */
public boolean requiresReauthentication() {
    if (googleCredentials == null) {
        return true;
    }
    // this method call will attempt to refresh the token if it's already expired
    AccessToken accessToken = getUserAccessToken();
    // check if the token is expired
    logger.debug("Access token expiration date: {}", accessToken.getExpirationTime());
    Date cutOffDate = new Date();
    cutOffDate.setTime(cutOffDate.getTime() + CREDENTIAL_EXPIRATION_OFFSET_MS);
    return accessToken.getExpirationTime().compareTo(cutOffDate) <= 0;
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) Date(java.util.Date)

Aggregations

AccessToken (com.google.auth.oauth2.AccessToken)78 Test (org.junit.Test)44 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)33 Date (java.util.Date)23 IOException (java.io.IOException)20 AccessToken (io.vertx.ext.auth.oauth2.AccessToken)16 Instant (java.time.Instant)10 Client (javax.ws.rs.client.Client)10 AccessToken (org.glassfish.jersey.client.oauth1.AccessToken)10 ConsumerCredentials (org.glassfish.jersey.client.oauth1.ConsumerCredentials)10 JsonObject (io.vertx.core.json.JsonObject)9 URI (java.net.URI)9 Feature (javax.ws.rs.core.Feature)8 JerseyTest (org.glassfish.jersey.test.JerseyTest)8 MockHttpTransport (com.google.api.client.testing.http.MockHttpTransport)6 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)6 Credential (io.cdap.cdap.proto.security.Credential)6 InputStreamReader (java.io.InputStreamReader)6 Clock (java.time.Clock)6 WebTarget (javax.ws.rs.client.WebTarget)6