Package com.google.auth.oauth2

Class ServiceAccountJwtAccessCredentials

    • Field Detail

      • LIFE_SPAN_SECS

        static final long LIFE_SPAN_SECS

      • CLOCK_SKEW

        private static final long CLOCK_SKEW

      • clientId

        private final java.lang.String clientId

      • clientEmail

        private final java.lang.String clientEmail

      • privateKey

        private final java.security.PrivateKey privateKey

      • privateKeyId

        private final java.lang.String privateKeyId

      • defaultAudience

        private final java.net.URI defaultAudience

      • quotaProjectId

        private final java.lang.String quotaProjectId

      • credentialsCache

        private transient com.google.common.cache.LoadingCache<JwtClaims,​JwtCredentials> credentialsCache

      • clock

        transient com.google.api.client.util.Clock clock

    • Constructor Detail

      • ServiceAccountJwtAccessCredentials

        private ServiceAccountJwtAccessCredentials​(java.lang.String clientId,
                                           java.lang.String clientEmail,
                                           java.security.PrivateKey privateKey,
                                           java.lang.String privateKeyId)
        Constructor with minimum identifying information.
        Parameters:
        clientId - Client ID of the service account from the console. May be null.
        clientEmail - Client email address of the service account from the console.
        privateKey - RSA private key object for the service account.
        privateKeyId - Private key identifier for the service account. May be null.

      • ServiceAccountJwtAccessCredentials

        private ServiceAccountJwtAccessCredentials​(java.lang.String clientId,
                                           java.lang.String clientEmail,
                                           java.security.PrivateKey privateKey,
                                           java.lang.String privateKeyId,
                                           java.net.URI defaultAudience,
                                           java.lang.String quotaProjectId)
        Constructor with full information.
        Parameters:
        clientId - Client ID of the service account from the console. May be null.
        clientEmail - Client email address of the service account from the console.
        privateKey - RSA private key object for the service account.
        privateKeyId - Private key identifier for the service account. May be null.
        defaultAudience - Audience to use if not provided by transport. May be null.

    • Method Detail

      • fromJson

        static ServiceAccountJwtAccessCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json)
                                            throws java.io.IOException
        Returns service account credentials defined by JSON using the format supported by the Google Developers Console.
        Parameters:
        json - a map from the JSON representing the credentials.
        Returns:
        the credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.

      • fromJson

        static ServiceAccountJwtAccessCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json,
                                                   java.net.URI defaultAudience)
                                            throws java.io.IOException
        Returns service account credentials defined by JSON using the format supported by the Google Developers Console.
        Parameters:
        json - a map from the JSON representing the credentials.
        defaultAudience - Audience to use if not provided by transport. May be null.
        Returns:
        the credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.

      • fromPkcs8

        public static ServiceAccountJwtAccessCredentials fromPkcs8​(java.lang.String clientId,
                                                           java.lang.String clientEmail,
                                                           java.lang.String privateKeyPkcs8,
                                                           java.lang.String privateKeyId)
                                                    throws java.io.IOException
        Factory using PKCS#8 for the private key.
        Parameters:
        clientId - Client ID of the service account from the console. May be null.
        clientEmail - Client email address of the service account from the console.
        privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
        privateKeyId - Private key identifier for the service account. May be null.
        Returns:
        New ServiceAccountJwtAcceessCredentials created from a private key.
        Throws:
        java.io.IOException - if the credential cannot be created from the private key.

      • fromPkcs8

        public static ServiceAccountJwtAccessCredentials fromPkcs8​(java.lang.String clientId,
                                                           java.lang.String clientEmail,
                                                           java.lang.String privateKeyPkcs8,
                                                           java.lang.String privateKeyId,
                                                           java.net.URI defaultAudience)
                                                    throws java.io.IOException
        Factory using PKCS#8 for the private key.
        Parameters:
        clientId - Client ID of the service account from the console. May be null.
        clientEmail - Client email address of the service account from the console.
        privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
        privateKeyId - Private key identifier for the service account. May be null.
        defaultAudience - Audience to use if not provided by transport. May be null.
        Returns:
        New ServiceAccountJwtAcceessCredentials created from a private key.
        Throws:
        java.io.IOException - if the credential cannot be created from the private key.

      • fromPkcs8

        static ServiceAccountJwtAccessCredentials fromPkcs8​(java.lang.String clientId,
                                                    java.lang.String clientEmail,
                                                    java.lang.String privateKeyPkcs8,
                                                    java.lang.String privateKeyId,
                                                    java.net.URI defaultAudience,
                                                    java.lang.String quotaProjectId)
                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • fromStream

        public static ServiceAccountJwtAccessCredentials fromStream​(java.io.InputStream credentialsStream)
                                                     throws java.io.IOException
        Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
        Parameters:
        credentialsStream - the stream with the credential definition.
        Returns:
        the credential defined by the credentialsStream.
        Throws:
        java.io.IOException - if the credential cannot be created from the stream.

      • fromStream

        public static ServiceAccountJwtAccessCredentials fromStream​(java.io.InputStream credentialsStream,
                                                            java.net.URI defaultAudience)
                                                     throws java.io.IOException
        Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
        Parameters:
        credentialsStream - the stream with the credential definition.
        defaultAudience - Audience to use if not provided by transport. May be null.
        Returns:
        the credential defined by the credentialsStream.
        Throws:
        java.io.IOException - if the credential cannot be created from the stream.

      • jwtWithClaims

        public JwtCredentials jwtWithClaims​(JwtClaims newClaims)
        Returns a new JwtCredentials instance with modified claims.
        Specified by:
        jwtWithClaims in interface JwtProvider
        Parameters:
        newClaims - new claims. Any unspecified claim fields will default to the the current values.
        Returns:
        new credentials

      • getAuthenticationType

        public java.lang.String getAuthenticationType()
        Description copied from class: Credentials
        A constant string name describing the authentication technology.

        E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials.hasRequestMetadataOnly() is false. Also serves as a debugging helper.

        Specified by:
        getAuthenticationType in class Credentials
        Returns:
        The type of authentication used.

      • hasRequestMetadataOnly

        public boolean hasRequestMetadataOnly()
        Description copied from class: Credentials
        Indicates whether or not the Auth mechanism works purely by including request metadata.

        This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.

        Specified by:
        hasRequestMetadataOnly in class Credentials
        Returns:
        Whether or not the Auth mechanism works purely by including request metadata.

      • getRequestMetadata

        public void getRequestMetadata​(java.net.URI uri,
                               java.util.concurrent.Executor executor,
                               RequestMetadataCallback callback)
        Description copied from class: Credentials
        Get the current request metadata without blocking.

        This should be called by the transport layer on each request, and the data should be populated in headers or other context. The implementation can either call the callback inline or asynchronously. Either way it should never block in this method. The executor is provided for tasks that may block.

        The default implementation will just call Credentials.getRequestMetadata(URI) then the callback from the given executor.

        The convention for handling binary data is for the key in the returned map to end with "-bin" and for the corresponding values to be base64 encoded.

        Overrides:
        getRequestMetadata in class Credentials
        Parameters:
        uri - URI of the entry point for the request.
        executor - Executor to perform the request.
        callback - Callback to execute when the request is finished.

      • getRequestMetadata

        public java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getRequestMetadata​(java.net.URI uri)
                                                                                          throws java.io.IOException
        Provide the request metadata by putting an access JWT directly in the metadata.
        Specified by:
        getRequestMetadata in class Credentials
        Parameters:
        uri - URI of the entry point for the request.
        Returns:
        The request metadata used for populating headers or other context.
        Throws:
        java.io.IOException - if there was an error getting up-to-date access. The exception should implement Retryable and isRetryable() will return true if the operation may be retried.

      • refresh

        public void refresh()
        Discard any cached data
        Specified by:
        refresh in class Credentials

      • getClientId

        public final java.lang.String getClientId()

      • getClientEmail

        public final java.lang.String getClientEmail()

      • getPrivateKey

        public final java.security.PrivateKey getPrivateKey()

      • getPrivateKeyId

        public final java.lang.String getPrivateKeyId()

      • getAccount

        public java.lang.String getAccount()
        Description copied from interface: ServiceAccountSigner
        Returns the service account associated with the signer.
        Specified by:
        getAccount in interface ServiceAccountSigner
        Returns:
        The service account associated with the signer.

      • sign

        public byte[] sign​(byte[] toSign)
        Description copied from interface: ServiceAccountSigner
        Signs the provided bytes using the private key associated with the service account.
        Specified by:
        sign in interface ServiceAccountSigner
        Parameters:
        toSign - bytes to sign
        Returns:
        signed bytes

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object

      • readObject

        private void readObject​(java.io.ObjectInputStream input)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException

      • getQuotaProjectId

        public java.lang.String getQuotaProjectId()
        Specified by:
        getQuotaProjectId in interface QuotaProjectIdProvider
        Returns:
        the quota project ID used for quota and billing purposes