Package com.google.auth.oauth2

Class IamUtils

  • class IamUtils
extends java.lang.Object
    This internal class provides shared utilities for interacting with the IAM API for common features like signing.

    • Constructor Summary

      Constructors 
      Constructor Description
      IamUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) static IdToken getIdToken​(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, java.lang.String targetAudience, boolean includeEmail, java.util.Map<java.lang.String,​?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics)
      Returns an IdToken issued to the serviceAccount with a specified targetAudience
      private static java.lang.String getSignature​(java.lang.String serviceAccountEmail, java.lang.String bytes, java.util.Map<java.lang.String,​?> additionalFields, com.google.api.client.http.HttpRequestFactory factory)  
      (package private) static byte[] sign​(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, java.util.Map<java.lang.String,​?> additionalFields)
      Returns a signature for the provided bytes.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • SIGN_BLOB_URL_FORMAT

        private static final java.lang.String SIGN_BLOB_URL_FORMAT
        See Also:
        Constant Field Values

      • ID_TOKEN_URL_FORMAT

        private static final java.lang.String ID_TOKEN_URL_FORMAT
        See Also:
        Constant Field Values

      • PARSE_ERROR_MESSAGE

        private static final java.lang.String PARSE_ERROR_MESSAGE
        See Also:
        Constant Field Values

      • PARSE_ERROR_SIGNATURE

        private static final java.lang.String PARSE_ERROR_SIGNATURE
        See Also:
        Constant Field Values

      • IAM_RETRYABLE_STATUS_CODES

        static final java.util.Set<java.lang.Integer> IAM_RETRYABLE_STATUS_CODES

    • Constructor Detail

      • IamUtils

        IamUtils()

    • Method Detail

      • sign

        static byte[] sign​(java.lang.String serviceAccountEmail,
                   Credentials credentials,
                   com.google.api.client.http.HttpTransport transport,
                   byte[] toSign,
                   java.util.Map<java.lang.String,​?> additionalFields)
        Returns a signature for the provided bytes.
        Parameters:
        serviceAccountEmail - the email address for the service account used for signing
        credentials - credentials required for making the IAM call
        transport - transport used for building the HTTP request
        toSign - bytes to sign
        additionalFields - additional fields to send in the IAM call
        Returns:
        signed bytes
        Throws:
        ServiceAccountSigner.SigningException - if signing fails

      • getSignature

        private static java.lang.String getSignature​(java.lang.String serviceAccountEmail,
                                             java.lang.String bytes,
                                             java.util.Map<java.lang.String,​?> additionalFields,
                                             com.google.api.client.http.HttpRequestFactory factory)
                                      throws java.io.IOException
        Throws:
        java.io.IOException

      • getIdToken

        static IdToken getIdToken​(java.lang.String serviceAccountEmail,
                          Credentials credentials,
                          com.google.api.client.http.HttpTransport transport,
                          java.lang.String targetAudience,
                          boolean includeEmail,
                          java.util.Map<java.lang.String,​?> additionalFields,
                          CredentialTypeForMetrics credentialTypeForMetrics)
                   throws java.io.IOException
        Returns an IdToken issued to the serviceAccount with a specified targetAudience
        Parameters:
        serviceAccountEmail - the email address for the service account to get an ID Token for
        credentials - credentials required for making the IAM call
        transport - transport used for building the HTTP request
        targetAudience - the audience the issued ID token should include
        additionalFields - additional fields to send in the IAM call
        credentialTypeForMetrics - credential type for credential making this call
        Returns:
        IdToken issed to the serviceAccount
        Throws:
        java.io.IOException - if the IdToken cannot be issued.
        See Also:
        ...