|
31 | 31 |
|
32 | 32 | package com.google.auth.oauth2; |
33 | 33 |
|
| 34 | +import static com.google.auth.Credentials.GOOGLE_DEFAULT_UNIVERSE; |
34 | 35 | import static org.junit.Assert.assertArrayEquals; |
35 | 36 | import static org.junit.Assert.assertEquals; |
36 | 37 | import static org.junit.Assert.assertFalse; |
|
41 | 42 | import static org.junit.Assert.assertTrue; |
42 | 43 | import static org.junit.Assert.fail; |
43 | 44 |
|
| 45 | +import com.google.api.client.json.GenericJson; |
44 | 46 | import com.google.api.client.json.JsonFactory; |
45 | 47 | import com.google.api.client.json.gson.GsonFactory; |
46 | 48 | import com.google.api.client.json.webtoken.JsonWebSignature; |
@@ -111,6 +113,7 @@ public void constructor_allParameters_constructs() throws IOException { |
111 | 113 | assertEquals(privateKey, credentials.getPrivateKey()); |
112 | 114 | assertEquals(SA_PRIVATE_KEY_ID, credentials.getPrivateKeyId()); |
113 | 115 | assertEquals(QUOTA_PROJECT, credentials.getQuotaProjectId()); |
| 116 | + assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); |
114 | 117 | } |
115 | 118 |
|
116 | 119 | @Test |
@@ -829,6 +832,109 @@ public void onFailure(Throwable exception) { |
829 | 832 | assertTrue("Should have run onSuccess() callback", success.get()); |
830 | 833 | } |
831 | 834 |
|
| 835 | + @Test |
| 836 | + public void fromJSON_noUniverseDomain() throws IOException { |
| 837 | + GenericJson json = |
| 838 | + writeServiceAccountJson( |
| 839 | + SA_CLIENT_ID, |
| 840 | + SA_CLIENT_EMAIL, |
| 841 | + SA_PRIVATE_KEY_PKCS8, |
| 842 | + "test-project-id", |
| 843 | + SA_PRIVATE_KEY_ID, |
| 844 | + QUOTA_PROJECT, |
| 845 | + null); |
| 846 | + ServiceAccountJwtAccessCredentials credentials = |
| 847 | + ServiceAccountJwtAccessCredentials.fromJson(json, URI.create("default-aud")); |
| 848 | + assertEquals(SA_CLIENT_ID, credentials.getClientId()); |
| 849 | + assertEquals(SA_CLIENT_EMAIL, credentials.getClientEmail()); |
| 850 | + assertEquals( |
| 851 | + OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8), credentials.getPrivateKey()); |
| 852 | + assertEquals(QUOTA_PROJECT, credentials.getQuotaProjectId()); |
| 853 | + assertEquals(GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); |
| 854 | + } |
| 855 | + |
| 856 | + @Test |
| 857 | + public void fromJSON_UniverseDomainSet() throws IOException { |
| 858 | + GenericJson json = |
| 859 | + writeServiceAccountJson( |
| 860 | + SA_CLIENT_ID, |
| 861 | + SA_CLIENT_EMAIL, |
| 862 | + SA_PRIVATE_KEY_PKCS8, |
| 863 | + "test-project-id", |
| 864 | + SA_PRIVATE_KEY_ID, |
| 865 | + QUOTA_PROJECT, |
| 866 | + "example.com"); |
| 867 | + ServiceAccountJwtAccessCredentials credentials = |
| 868 | + ServiceAccountJwtAccessCredentials.fromJson(json, URI.create("default-aud")); |
| 869 | + assertEquals(SA_CLIENT_ID, credentials.getClientId()); |
| 870 | + assertEquals(SA_CLIENT_EMAIL, credentials.getClientEmail()); |
| 871 | + assertEquals( |
| 872 | + OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8), credentials.getPrivateKey()); |
| 873 | + assertEquals(QUOTA_PROJECT, credentials.getQuotaProjectId()); |
| 874 | + assertEquals("example.com", credentials.getUniverseDomain()); |
| 875 | + } |
| 876 | + |
| 877 | + @Test |
| 878 | + public void fromPkcs8_NoUniverseDomain() throws IOException { |
| 879 | + ServiceAccountJwtAccessCredentials credentials = |
| 880 | + ServiceAccountJwtAccessCredentials.fromPkcs8( |
| 881 | + SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID); |
| 882 | + assertEquals(SA_CLIENT_ID, credentials.getClientId()); |
| 883 | + assertEquals(SA_CLIENT_EMAIL, credentials.getClientEmail()); |
| 884 | + assertEquals( |
| 885 | + OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8), credentials.getPrivateKey()); |
| 886 | + assertNull(credentials.getQuotaProjectId()); |
| 887 | + assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); |
| 888 | + } |
| 889 | + |
| 890 | + @Test |
| 891 | + public void fromPkcs8_CustomUniverseDomain() throws IOException { |
| 892 | + ServiceAccountJwtAccessCredentials credentials = |
| 893 | + ServiceAccountJwtAccessCredentials.fromPkcs8( |
| 894 | + SA_CLIENT_ID, |
| 895 | + SA_CLIENT_EMAIL, |
| 896 | + SA_PRIVATE_KEY_PKCS8, |
| 897 | + SA_PRIVATE_KEY_ID, |
| 898 | + URI.create("default-aud"), |
| 899 | + QUOTA_PROJECT, |
| 900 | + "example.com"); |
| 901 | + assertEquals(SA_CLIENT_ID, credentials.getClientId()); |
| 902 | + assertEquals(SA_CLIENT_EMAIL, credentials.getClientEmail()); |
| 903 | + assertEquals( |
| 904 | + OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8), credentials.getPrivateKey()); |
| 905 | + assertEquals(QUOTA_PROJECT, credentials.getQuotaProjectId()); |
| 906 | + assertEquals("example.com", credentials.getUniverseDomain()); |
| 907 | + } |
| 908 | + |
| 909 | + @Test |
| 910 | + public void builder_defaultUniverseDomain() throws IOException { |
| 911 | + PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); |
| 912 | + ServiceAccountJwtAccessCredentials credentials = |
| 913 | + ServiceAccountJwtAccessCredentials.newBuilder() |
| 914 | + .setClientId(SA_CLIENT_ID) |
| 915 | + .setClientEmail(SA_CLIENT_EMAIL) |
| 916 | + .setPrivateKey(privateKey) |
| 917 | + .setPrivateKeyId(SA_PRIVATE_KEY_ID) |
| 918 | + .setDefaultAudience(URI.create("default-audience")) |
| 919 | + .build(); |
| 920 | + assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); |
| 921 | + } |
| 922 | + |
| 923 | + @Test |
| 924 | + public void builder_customUniverseDomain() throws IOException { |
| 925 | + PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); |
| 926 | + ServiceAccountJwtAccessCredentials credentials = |
| 927 | + ServiceAccountJwtAccessCredentials.newBuilder() |
| 928 | + .setClientId(SA_CLIENT_ID) |
| 929 | + .setClientEmail(SA_CLIENT_EMAIL) |
| 930 | + .setPrivateKey(privateKey) |
| 931 | + .setPrivateKeyId(SA_PRIVATE_KEY_ID) |
| 932 | + .setDefaultAudience(URI.create("default-audience")) |
| 933 | + .setUniverseDomain("example.com") |
| 934 | + .build(); |
| 935 | + assertEquals("example.com", credentials.getUniverseDomain()); |
| 936 | + } |
| 937 | + |
832 | 938 | private void verifyJwtAccess( |
833 | 939 | Map<String, List<String>> metadata, |
834 | 940 | String expectedEmail, |
@@ -863,4 +969,38 @@ private static void testFromStreamException(InputStream stream, String expectedM |
863 | 969 | assertTrue(expected.getMessage().contains(expectedMessageContent)); |
864 | 970 | } |
865 | 971 | } |
| 972 | + |
| 973 | + private GenericJson writeServiceAccountJson( |
| 974 | + String clientId, |
| 975 | + String clientEmail, |
| 976 | + String privateKeyPkcs8, |
| 977 | + String privateKeyId, |
| 978 | + String projectId, |
| 979 | + String quotaProjectId, |
| 980 | + String universeDomain) { |
| 981 | + GenericJson json = new GenericJson(); |
| 982 | + if (clientId != null) { |
| 983 | + json.put("client_id", clientId); |
| 984 | + } |
| 985 | + if (clientEmail != null) { |
| 986 | + json.put("client_email", clientEmail); |
| 987 | + } |
| 988 | + if (privateKeyPkcs8 != null) { |
| 989 | + json.put("private_key", privateKeyPkcs8); |
| 990 | + } |
| 991 | + if (privateKeyId != null) { |
| 992 | + json.put("private_key_id", privateKeyId); |
| 993 | + } |
| 994 | + if (projectId != null) { |
| 995 | + json.put("project_id", projectId); |
| 996 | + } |
| 997 | + if (quotaProjectId != null) { |
| 998 | + json.put("quota_project_id", quotaProjectId); |
| 999 | + } |
| 1000 | + if (universeDomain != null) { |
| 1001 | + json.put("universe_domain", universeDomain); |
| 1002 | + } |
| 1003 | + json.put("type", GoogleCredentials.SERVICE_ACCOUNT_FILE_TYPE); |
| 1004 | + return json; |
| 1005 | + } |
866 | 1006 | } |
0 commit comments