Package com.google.auth.oauth2

Class SecureSessionAgent

  • @ThreadSafe
public class SecureSessionAgent
extends java.lang.Object
    Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.

    mTLS configuration is queried from the MDS MTLS Autoconfiguration endpoint. See https://google.aip.dev/auth/4115 for details.

    This is an experimental utility.

    • Field Detail

      • S2A_PLAINTEXT_ADDRESS_JSON_KEY

        static final java.lang.String S2A_PLAINTEXT_ADDRESS_JSON_KEY
        See Also:
        Constant Field Values

      • S2A_MTLS_ADDRESS_JSON_KEY

        static final java.lang.String S2A_MTLS_ADDRESS_JSON_KEY
        See Also:
        Constant Field Values

      • S2A_CONFIG_ENDPOINT_POSTFIX

        static final java.lang.String S2A_CONFIG_ENDPOINT_POSTFIX
        See Also:
        Constant Field Values

      • RETRYABLE_STATUS_CODES

        private static final java.util.Set<java.lang.Integer> RETRYABLE_STATUS_CODES

      • MDS_MTLS_ENDPOINT

        private static final java.lang.String MDS_MTLS_ENDPOINT

    • Method Detail

      • getConfig

        public SecureSessionAgentConfig getConfig()
        This method makes a network call to MDS to get the SecureSessionAgentConfig which contains the plaintext and mtls address to reach the S2A (Secure Session Agent).
        Returns:
        a SecureSessionAgentConfig.

      • create

        public static SecureSessionAgent create()
        Returns:
        default instance of SecureSessionAgent

      • getSecureSessionAgentConfigFromMDS

        private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS()
        Queries the MDS mTLS Autoconfiguration endpoint and returns the SecureSessionAgentConfig.

        Returns SecureSessionAgentConfig. If S2A is not running, or if any error occurs when making the request to MDS / processing the response, SecureSessionAgentConfig will be populated with empty addresses.

        Users are expected to try to fetch the mTLS-S2A address first (via getMtlsS2AAddress). If it is empty or they have some problem loading the mTLS-MDS credentials, they should then fallback to fetching the plaintext-S2A address (via getPlaintextS2AAddress). If the plaintext-S2A address is empty it means that an error occurred when talking to the MDS / processing the response or that S2A is not running in the environment; in either case this indicates S2A shouldn't be used.

        Returns:
        the SecureSessionAgentConfig.