Package com.google.auth.oauth2

Class GdchCredentials

    • Field Detail

      • SUPPORTED_FORMAT_VERSION

        static final java.lang.String SUPPORTED_FORMAT_VERSION
        See Also:
        Constant Field Values

      • PARSE_ERROR_PREFIX

        private static final java.lang.String PARSE_ERROR_PREFIX
        See Also:
        Constant Field Values

      • DEFAULT_LIFETIME_IN_SECONDS

        private static final int DEFAULT_LIFETIME_IN_SECONDS
        See Also:
        Constant Field Values

      • privateKey

        private final java.security.PrivateKey privateKey

      • privateKeyId

        private final java.lang.String privateKeyId

      • projectId

        private final java.lang.String projectId

      • serviceIdentityName

        private final java.lang.String serviceIdentityName

      • tokenServerUri

        private final java.net.URI tokenServerUri

      • apiAudience

        private final java.net.URI apiAudience

      • lifetime

        private final int lifetime

      • transportFactoryClassName

        private final java.lang.String transportFactoryClassName

      • caCertPath

        private final java.lang.String caCertPath

    • Method Detail

      • fromJson

        static GdchCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json)
                         throws java.io.IOException
        Create GDCH service account credentials defined by JSON.
        Parameters:
        json - a map from the JSON representing the credentials.
        Returns:
        the GDCH service account credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.

      • fromJson

        static GdchCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json,
                                HttpTransportFactory transportFactory)
                         throws java.io.IOException
        Create GDCH service account credentials defined by JSON.
        Parameters:
        json - a map from the JSON representing the credentials.
        transportFactory - HTTP transport factory, creates the transport used to get access tokens.
        Returns:
        the GDCH service account credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.

      • fromPkcs8

        static GdchCredentials fromPkcs8​(java.lang.String privateKeyPkcs8,
                                 GdchCredentials.Builder builder)
                          throws java.io.IOException
        Internal constructor.
        Parameters:
        privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
        builder - A builder for GdchCredentials.
        Returns:
        an instance of GdchCredentials.
        Throws:
        java.io.IOException

      • createWithGdchAudience

        public GdchCredentials createWithGdchAudience​(java.net.URI apiAudience)
                                       throws java.io.IOException
        Create a copy of GDCH credentials with the specified audience.
        Parameters:
        apiAudience - The intended audience for GDCH credentials.
        Throws:
        java.io.IOException

      • refreshAccessToken

        public AccessToken refreshAccessToken()
                               throws java.io.IOException
        Refresh the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).

        For GDCH credentials, this class creates a self-signed JWT, and sends to the GDCH authentication endpoint (tokenServerUri) to exchange an access token for the intended api audience (apiAudience).

        Overrides:
        refreshAccessToken in class OAuth2Credentials
        Returns:
        never
        Throws:
        java.io.IOException

      • createAssertion

        java.lang.String createAssertion​(com.google.api.client.json.JsonFactory jsonFactory,
                                 long currentTime,
                                 java.net.URI apiAudience)
                          throws java.io.IOException
        Create a self-signed JWT for GDCH authentication flow.

        The self-signed JWT is used to exchange access token from GDCH authentication (tokenServerUri), not for API call. It uses the serviceIdentityName as the `iss` and `sub` claim, and the tokenServerUri as the `aud` claim. The JWT is signed with the privateKey.

        Throws:
        java.io.IOException

      • getIssuerSubjectValue

        static java.lang.String getIssuerSubjectValue​(java.lang.String projectId,
                                              java.lang.String serviceIdentityName)
        Get the issuer and subject value in the format GDCH token server required.

        This value is specific to GDCH and combined parameter used for both `iss` and `sub` fields in JWT claim.

      • getProjectId

        public final java.lang.String getProjectId()

      • getPrivateKeyId

        public final java.lang.String getPrivateKeyId()

      • getPrivateKey

        public final java.security.PrivateKey getPrivateKey()

      • getServiceIdentityName

        public final java.lang.String getServiceIdentityName()

      • getTokenServerUri

        public final java.net.URI getTokenServerUri()

      • getApiAudience

        public final java.net.URI getApiAudience()

      • getCaCertPath

        public final java.lang.String getCaCertPath()

      • readObject

        private void readObject​(java.io.ObjectInputStream input)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException

      • readStream

        static java.io.InputStream readStream​(java.io.File file)
                               throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException

      • validateField

        private static java.lang.String validateField​(java.lang.String field,
                                              java.lang.String fieldName)
                                       throws java.io.IOException
        Throws:
        java.io.IOException