From 0f44692f2f6249a05fd7beabe9670b063a07d29c Mon Sep 17 00:00:00 2001
From: lsirac <leosiracusa@google.com>
Date: Wed, 1 Mar 2023 17:20:56 -0800
Subject: [PATCH] fix: Remove AWS credential source validation.

---
 .../google/auth/oauth2/AwsCredentials.java    | 28 ---------
 .../auth/oauth2/AwsCredentialsTest.java       | 61 ++-----------------
 2 files changed, 4 insertions(+), 85 deletions(-)

diff --git a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
index c76cb9c63..98651f295 100644
--- a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
@@ -44,8 +44,6 @@
 import com.google.common.collect.ImmutableList;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -137,32 +135,6 @@ static class AwsCredentialSource extends CredentialSource {
       } else {
         this.imdsv2SessionTokenUrl = null;
       }
-
-      this.validateMetadataServerUrls();
-    }
-
-    private void validateMetadataServerUrls() {
-      validateMetadataServerUrlIfAny(this.regionUrl, "region_url");
-      validateMetadataServerUrlIfAny(this.url, "url");
-      validateMetadataServerUrlIfAny(this.imdsv2SessionTokenUrl, "imdsv2_session_token_url");
-    }
-
-    @VisibleForTesting
-    static void validateMetadataServerUrlIfAny(String urlString, String nameInConfig) {
-      if (urlString == null || urlString.trim().length() == 0) {
-        return;
-      }
-
-      try {
-        URL url = new URL(urlString);
-        String host = url.getHost();
-        if (!host.equals("169.254.169.254") && !host.equals("[fd00:ec2::254]")) {
-          throw new IllegalArgumentException(
-              String.format("Invalid host %s for %s.", host, nameInConfig));
-        }
-      } catch (MalformedURLException malformedURLException) {
-        throw new IllegalArgumentException(malformedURLException);
-      }
     }
   }
 
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
index 098738b4d..7cf3ce3bc 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
@@ -35,7 +35,6 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -57,7 +56,6 @@
 import java.util.List;
 import java.util.Map;
 import org.junit.Test;
-import org.junit.function.ThrowingRunnable;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -106,28 +104,14 @@ public class AwsCredentialsTest extends BaseSerializationTest {
               .build();
 
   @Test
-  public void test_awsCredentialSource_ipv6() {
-    // If no exception is thrown, it means the urls were valid.
-    new AwsCredentialSource(buildAwsIpv6CredentialSourceMap());
-  }
-
-  @Test
-  public void test_awsCredentialSource_invalid_urls() {
+  public void test_awsCredentialSource() {
     String keys[] = {"region_url", "url", "imdsv2_session_token_url"};
     for (String key : keys) {
       Map<String, Object> credentialSourceWithInvalidUrl = buildAwsIpv6CredentialSourceMap();
       credentialSourceWithInvalidUrl.put(key, "https://badhost.com/fake");
-      IllegalArgumentException e =
-          assertThrows(
-              IllegalArgumentException.class,
-              new ThrowingRunnable() {
-                @Override
-                public void run() throws Throwable {
-                  new AwsCredentialSource(credentialSourceWithInvalidUrl);
-                }
-              });
-
-      assertEquals(String.format("Invalid host badhost.com for %s.", key), e.getMessage());
+
+      // Should succeed as no validation is done.
+      new AwsCredentialSource(credentialSourceWithInvalidUrl);
     }
   }
 
@@ -613,43 +597,6 @@ public void getAwsSecurityCredentials_fromEnvironmentVariables_noMetadataServerC
     assertEquals("awsSessionToken", credentials.getToken());
   }
 
-  @Test
-  public void validateMetadataServerUrlIfAny_validOrEmptyUrls() {
-    String[] urls = {
-      "http://[fd00:ec2::254]/region",
-      "http://169.254.169.254",
-      "http://169.254.169.254/xyz",
-      " ",
-      "",
-      null
-    };
-    for (String url : urls) {
-      AwsCredentialSource.validateMetadataServerUrlIfAny(url, "url");
-    }
-  }
-
-  @Test
-  public void validateMetadataServerUrlIfAny_invalidUrls() {
-    Map<String, String> urls = new HashMap<String, String>();
-    urls.put("http://[fd00:ec2::255]/region", "[fd00:ec2::255]");
-    urls.put("http://fake.com/region", "fake.com");
-    urls.put("http://169.254.169.255", "169.254.169.255");
-
-    for (Map.Entry<String, String> entry : urls.entrySet()) {
-      IllegalArgumentException e =
-          assertThrows(
-              IllegalArgumentException.class,
-              new ThrowingRunnable() {
-                @Override
-                public void run() throws Throwable {
-                  AwsCredentialSource.validateMetadataServerUrlIfAny(entry.getKey(), "url");
-                }
-              });
-
-      assertEquals(String.format("Invalid host %s for url.", entry.getValue()), e.getMessage());
-    }
-  }
-
   @Test
   public void getAwsSecurityCredentials_fromMetadataServer() throws IOException {
     MockExternalAccountCredentialsTransportFactory transportFactory =