Class IamUtils

java.lang.Object

com.google.auth.oauth2.IamUtils

class IamUtils
extends Object

This internal class provides shared utilities for interacting with the IAM API for common features like signing.

Field Summary

Fields

Modifier and Type	Field	Description
(package private) static final Set<Integer>	IAM_RETRYABLE_STATUS_CODES
private static final String	ID_TOKEN_URL_FORMAT
private static final String	PARSE_ERROR_MESSAGE
private static final String	PARSE_ERROR_SIGNATURE
private static final String	SIGN_BLOB_URL_FORMAT

Constructor Summary

Constructors

Constructor	Description
IamUtils()

Method Summary

Modifier and Type	Method	Description
(package private) static IdToken	getIdToken(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, String targetAudience, boolean includeEmail, Map<String,?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics)	Returns an IdToken issued to the serviceAccount with a specified targetAudience
private static String	getSignature(String serviceAccountEmail, String bytes, Map<String,?> additionalFields, com.google.api.client.http.HttpRequestFactory factory)
(package private) static byte[]	sign(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, Map<String,?> additionalFields)	Returns a signature for the provided bytes.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SIGN_BLOB_URL_FORMAT

private static final String SIGN_BLOB_URL_FORMAT

See Also:

• Constant Field Values

ID_TOKEN_URL_FORMAT

private static final String ID_TOKEN_URL_FORMAT

See Also:

• Constant Field Values

PARSE_ERROR_MESSAGE

private static final String PARSE_ERROR_MESSAGE

See Also:

• Constant Field Values

PARSE_ERROR_SIGNATURE

private static final String PARSE_ERROR_SIGNATURE

See Also:

• Constant Field Values

IAM_RETRYABLE_STATUS_CODES

static final Set<Integer> IAM_RETRYABLE_STATUS_CODES

Constructor Details

IamUtils

IamUtils()

Method Details

sign

static byte[] sign(String serviceAccountEmail,
 Credentials credentials,
 com.google.api.client.http.HttpTransport transport,
 byte[] toSign,
 Map<String,?> additionalFields)

Returns a signature for the provided bytes.

Parameters:

serviceAccountEmail - the email address for the service account used for signing

credentials - credentials required for making the IAM call

transport - transport used for building the HTTP request

toSign - bytes to sign

additionalFields - additional fields to send in the IAM call

Returns:

signed bytes

Throws:

ServiceAccountSigner.SigningException - if signing fails

getSignature

private static String getSignature(String serviceAccountEmail,
 String bytes,
 Map<String,?> additionalFields,
 com.google.api.client.http.HttpRequestFactory factory)
                            throws IOException

Throws:

IOException

getIdToken

static IdToken getIdToken(String serviceAccountEmail,
 Credentials credentials,
 com.google.api.client.http.HttpTransport transport,
 String targetAudience,
 boolean includeEmail,
 Map<String,?> additionalFields,
 CredentialTypeForMetrics credentialTypeForMetrics)
                   throws IOException

Returns an IdToken issued to the serviceAccount with a specified targetAudience

Parameters:

serviceAccountEmail - the email address for the service account to get an ID Token for

credentials - credentials required for making the IAM call

transport - transport used for building the HTTP request

targetAudience - the audience the issued ID token should include

additionalFields - additional fields to send in the IAM call

credentialTypeForMetrics - credential type for credential making this call

Returns:

IdToken issed to the serviceAccount

Throws:

IOException - if the IdToken cannot be issued.

See Also:

• ...