From f8b5ec00c313d8580b7724e39c4754c4c5922ef4 Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Fri, 14 Jan 2022 19:35:20 -0800 Subject: [PATCH 01/11] feat: setting the audience to always point to google token endpoint --- .../java/com/google/auth/oauth2/ServiceAccountCredentials.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 9b9c99c54..3401e57a7 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -831,7 +831,8 @@ public boolean equals(Object obj) { && Objects.equals(this.defaultRetriesEnabled, other.defaultRetriesEnabled); } - String createAssertion(JsonFactory jsonFactory, long currentTime) throws IOException { + String createAssertion(JsonFactory jsonFactory, long currentTime) + throws IOException { JsonWebSignature.Header header = new JsonWebSignature.Header(); header.setAlgorithm("RS256"); header.setType("JWT"); From b33d17c258c374e3a92db0cef73263f03e631d10 Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Fri, 14 Jan 2022 19:40:06 -0800 Subject: [PATCH 02/11] Revert "feat: setting the audience to always point to google token endpoint" This reverts commit 14e7f547f00edaf6273cd7867b9c4ca02ba8ced9. --- .gitignore | 6 +--- .../oauth2/ServiceAccountCredentials.java | 12 ++++--- .../oauth2/ServiceAccountCredentialsTest.java | 36 +++++++++++++++++-- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index bdf3ed927..de998c86e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,6 @@ target/ .classpath .project .settings -.factorypath # Intellij *.iml @@ -13,7 +12,4 @@ target/ .idea/ # VS Code -.vscode/ - -# MacOS -.DS_Store \ No newline at end of file +.vscode/ \ No newline at end of file diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 3401e57a7..061837e05 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -522,7 +522,7 @@ public boolean createScopedRequired() { public AccessToken refreshAccessToken() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTime = clock.currentTimeMillis(); - String assertion = createAssertion(jsonFactory, currentTime); + String assertion = createAssertion(jsonFactory, currentTime, tokenServerUri.toString()); GenericData tokenRequest = new GenericData(); tokenRequest.set("grant_type", GRANT_TYPE); @@ -831,7 +831,7 @@ public boolean equals(Object obj) { && Objects.equals(this.defaultRetriesEnabled, other.defaultRetriesEnabled); } - String createAssertion(JsonFactory jsonFactory, long currentTime) + String createAssertion(JsonFactory jsonFactory, long currentTime, String audience) throws IOException { JsonWebSignature.Header header = new JsonWebSignature.Header(); header.setAlgorithm("RS256"); @@ -849,9 +849,13 @@ String createAssertion(JsonFactory jsonFactory, long currentTime) payload.put("scope", Joiner.on(' ').join(scopes)); } - payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString()); - String assertion; + if (audience == null) { + payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString()); + } else { + payload.setAudience(audience); + } + String assertion; try { assertion = JsonWebSignature.signUsingRsaSha256(privateKey, jsonFactory, header, payload); } catch (GeneralSecurityException e) { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index b67ab40a4..e9b0ed598 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -244,7 +244,7 @@ void createAssertion_correct() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -274,7 +274,7 @@ void createAssertion_defaultScopes_correct() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -292,7 +292,7 @@ void createAssertion_custom_lifetime() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -374,6 +374,36 @@ void createAssertionForIdToken_incorrect() throws IOException { assertEquals(USER, payload.getSubject()); } + @Test + void createAssertion_withTokenUri_correct() throws IOException { + PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); + List scopes = Arrays.asList("scope1", "scope2"); + ServiceAccountCredentials credentials = + ServiceAccountCredentials.newBuilder() + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(scopes) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID) + .build(); + + JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; + long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); + String assertion = + credentials.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar"); + + JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); + JsonWebToken.Payload payload = signature.getPayload(); + assertEquals(CLIENT_EMAIL, payload.getIssuer()); + assertEquals("https://foo.com/bar", payload.getAudience()); + assertEquals(currentTimeMillis / 1000, (long) payload.getIssuedAtTimeSeconds()); + assertEquals(currentTimeMillis / 1000 + 3600, (long) payload.getExpirationTimeSeconds()); + assertEquals(USER, payload.getSubject()); + assertEquals(String.join(" ", scopes), payload.get("scope")); + } + @Test void createdScoped_enablesAccessTokens() throws IOException { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); From cfdf0b7432bd9323cb27b536dfce709b0984c70f Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Tue, 12 Jul 2022 03:44:20 -0700 Subject: [PATCH 03/11] fix: add test intermittent issue --- .gitignore | 4 +- .../oauth2/ServiceAccountCredentials.java | 1 + .../auth/oauth2/MockTokenServerTransport.java | 18 +++++++++ .../google/auth/oauth2/TokenVerifierTest.java | 37 +++++++++++++++++++ 4 files changed, 59 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index de998c86e..fc3d17dc2 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,6 @@ target/ .idea/ # VS Code -.vscode/ \ No newline at end of file +.vscode/ + +.DS_Store \ No newline at end of file diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 061837e05..b9077deb3 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -181,6 +181,7 @@ static ServiceAccountCredentials fromJson( } catch (URISyntaxException e) { throw new IOException("Token server URI specified in 'token_uri' could not be parsed."); } + if (clientId == null || clientEmail == null || privateKeyPkcs8 == null diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java index 7eea7d462..40b53c0c9 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java @@ -133,6 +133,24 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce int questionMarkPos = url.indexOf('?'); final String urlWithoutQuery = (questionMarkPos > 0) ? url.substring(0, questionMarkPos) : url; final String query = (questionMarkPos > 0) ? url.substring(questionMarkPos + 1) : ""; + + if (!responseSequence.isEmpty()) { + return new MockLowLevelHttpRequest(url) { + @Override + public LowLevelHttpResponse execute() throws IOException { + try { + return responseSequence.poll().get(); + } catch (ExecutionException e) { + Throwable cause = e.getCause(); + throw (IOException) cause; + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + throw new RuntimeException("Unexpectedly interrupted"); + } + } + }; + } + if (urlWithoutQuery.equals(tokenServerUri.toString())) { return new MockLowLevelHttpRequest(url) { @Override diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index 6c6373267..990a7aeca 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -43,6 +43,7 @@ import com.google.api.client.testing.http.MockLowLevelHttpResponse; import com.google.api.client.util.Clock; import com.google.auth.http.HttpTransportFactory; +import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory; import com.google.common.io.CharStreams; import java.io.IOException; import java.io.InputStream; @@ -186,6 +187,42 @@ public LowLevelHttpResponse execute() throws IOException { assertTrue(exception.getMessage().contains("Error fetching PublicKey")); } + @Test + void verifyPublicKeyStoreIntermittentError() throws IOException { + // mock responses + MockLowLevelHttpResponse response404 = new MockLowLevelHttpResponse() + .setStatusCode(404) + .setContentType("application/json") + .setContent(""); + + MockLowLevelHttpResponse responseEmpty = new MockLowLevelHttpResponse() + .setStatusCode(200) + .setContentType("application/json") + .setContent("{\"keys\":[]}"); + + MockLowLevelHttpResponse responseGood = new MockLowLevelHttpResponse() + .setStatusCode(200) + .setContentType("application/json") + .setContent(readResourceAsString("iap_keys.json")); + + // Mock HTTP requests + MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); + + transportFactory.transport.addResponseSequence(response404, responseEmpty, responseGood); + + TokenVerifier tokenVerifier = + TokenVerifier.newBuilder() + .setClock(FIXED_CLOCK) + .setHttpTransportFactory(transportFactory) + .build(); + TokenVerifier.VerificationException exception = + assertThrows( + TokenVerifier.VerificationException.class, + () -> tokenVerifier.verify(ES256_TOKEN), + "Should have failed verification"); + assertTrue(exception.getMessage().contains("Error fetching PublicKey")); + } + @Test void verifyEs256Token() throws TokenVerifier.VerificationException, IOException { HttpTransportFactory httpTransportFactory = From 582d81fcae730d132bfa20315355ad461b864f3a Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Mon, 8 Aug 2022 18:08:01 -0700 Subject: [PATCH 04/11] fix: fixing the intermittent error when getting public keys and empty key handling --- .../com/google/auth/oauth2/TokenVerifier.java | 27 ++++++++++--------- .../google/auth/oauth2/TokenVerifierTest.java | 12 ++++++++- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java b/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java index aed9949b5..12c6af92e 100644 --- a/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java +++ b/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java @@ -314,17 +314,13 @@ public static class JsonWebKey { public Map load(String certificateUrl) throws Exception { HttpTransport httpTransport = httpTransportFactory.create(); JsonWebKeySet jwks; - try { - HttpRequest request = - httpTransport - .createRequestFactory() - .buildGetRequest(new GenericUrl(certificateUrl)) - .setParser(OAuth2Utils.JSON_FACTORY.createJsonObjectParser()); - HttpResponse response = request.execute(); - jwks = response.parseAs(JsonWebKeySet.class); - } catch (IOException io) { - return ImmutableMap.of(); - } + HttpRequest request = + httpTransport + .createRequestFactory() + .buildGetRequest(new GenericUrl(certificateUrl)) + .setParser(OAuth2Utils.JSON_FACTORY.createJsonObjectParser()); + HttpResponse response = request.execute(); + jwks = response.parseAs(JsonWebKeySet.class); ImmutableMap.Builder keyCacheBuilder = new ImmutableMap.Builder<>(); if (jwks.keys == null) { @@ -345,7 +341,14 @@ public Map load(String certificateUrl) throws Exception { } } - return keyCacheBuilder.build(); + ImmutableMap keyCache = keyCacheBuilder.build(); + + if (keyCache.isEmpty()) { + throw new VerificationException( + "No valid public key returned by the keystore: " + certificateUrl); + } + + return keyCache; } private PublicKey buildPublicKey(JsonWebKey key) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index 990a7aeca..e635e36ac 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -44,6 +44,7 @@ import com.google.api.client.util.Clock; import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory; +import com.google.auth.oauth2.TokenVerifier.VerificationException; import com.google.common.io.CharStreams; import java.io.IOException; import java.io.InputStream; @@ -188,7 +189,7 @@ public LowLevelHttpResponse execute() throws IOException { } @Test - void verifyPublicKeyStoreIntermittentError() throws IOException { + void verifyPublicKeyStoreIntermittentError() throws IOException, VerificationException { // mock responses MockLowLevelHttpResponse response404 = new MockLowLevelHttpResponse() .setStatusCode(404) @@ -221,6 +222,15 @@ void verifyPublicKeyStoreIntermittentError() throws IOException { () -> tokenVerifier.verify(ES256_TOKEN), "Should have failed verification"); assertTrue(exception.getMessage().contains("Error fetching PublicKey")); + + exception = + assertThrows( + TokenVerifier.VerificationException.class, + () -> tokenVerifier.verify(ES256_TOKEN), + "Should have failed verification"); + assertTrue(exception.getCause().getMessage().contains("No valid public key")); + + assertNotNull(tokenVerifier.verify(ES256_TOKEN)); } @Test From 87691d2dc096bad80551166ccbc9e461ec205ffa Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Mon, 8 Aug 2022 18:10:42 -0700 Subject: [PATCH 05/11] churn: revert gitignore updates --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index fc3d17dc2..bdf3ed927 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ target/ .classpath .project .settings +.factorypath # Intellij *.iml @@ -14,4 +15,5 @@ target/ # VS Code .vscode/ +# MacOS .DS_Store \ No newline at end of file From b8e917a21b3eeced5eaede4cd2a9d13361a253e4 Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Mon, 8 Aug 2022 18:13:19 -0700 Subject: [PATCH 06/11] Revert "Revert "feat: setting the audience to always point to google token endpoint"" This reverts commit b33d17c258c374e3a92db0cef73263f03e631d10. --- .../oauth2/ServiceAccountCredentials.java | 12 +++---- .../oauth2/ServiceAccountCredentialsTest.java | 36 ++----------------- 2 files changed, 7 insertions(+), 41 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index b9077deb3..abcac4952 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -523,7 +523,7 @@ public boolean createScopedRequired() { public AccessToken refreshAccessToken() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTime = clock.currentTimeMillis(); - String assertion = createAssertion(jsonFactory, currentTime, tokenServerUri.toString()); + String assertion = createAssertion(jsonFactory, currentTime); GenericData tokenRequest = new GenericData(); tokenRequest.set("grant_type", GRANT_TYPE); @@ -832,7 +832,7 @@ public boolean equals(Object obj) { && Objects.equals(this.defaultRetriesEnabled, other.defaultRetriesEnabled); } - String createAssertion(JsonFactory jsonFactory, long currentTime, String audience) + String createAssertion(JsonFactory jsonFactory, long currentTime) throws IOException { JsonWebSignature.Header header = new JsonWebSignature.Header(); header.setAlgorithm("RS256"); @@ -850,13 +850,9 @@ String createAssertion(JsonFactory jsonFactory, long currentTime, String audienc payload.put("scope", Joiner.on(' ').join(scopes)); } - if (audience == null) { - payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString()); - } else { - payload.setAudience(audience); - } - + payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString()); String assertion; + try { assertion = JsonWebSignature.signUsingRsaSha256(privateKey, jsonFactory, header, payload); } catch (GeneralSecurityException e) { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index e9b0ed598..b67ab40a4 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -244,7 +244,7 @@ void createAssertion_correct() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -274,7 +274,7 @@ void createAssertion_defaultScopes_correct() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -292,7 +292,7 @@ void createAssertion_custom_lifetime() throws IOException { JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis); JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); JsonWebToken.Payload payload = signature.getPayload(); @@ -374,36 +374,6 @@ void createAssertionForIdToken_incorrect() throws IOException { assertEquals(USER, payload.getSubject()); } - @Test - void createAssertion_withTokenUri_correct() throws IOException { - PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); - List scopes = Arrays.asList("scope1", "scope2"); - ServiceAccountCredentials credentials = - ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setScopes(scopes) - .setServiceAccountUser(USER) - .setProjectId(PROJECT_ID) - .build(); - - JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; - long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); - String assertion = - credentials.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar"); - - JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); - JsonWebToken.Payload payload = signature.getPayload(); - assertEquals(CLIENT_EMAIL, payload.getIssuer()); - assertEquals("https://foo.com/bar", payload.getAudience()); - assertEquals(currentTimeMillis / 1000, (long) payload.getIssuedAtTimeSeconds()); - assertEquals(currentTimeMillis / 1000 + 3600, (long) payload.getExpirationTimeSeconds()); - assertEquals(USER, payload.getSubject()); - assertEquals(String.join(" ", scopes), payload.get("scope")); - } - @Test void createdScoped_enablesAccessTokens() throws IOException { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); From dc59ebd65b51fa10a39fca67286a243c3827ed7e Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Tue, 9 Aug 2022 01:32:34 +0000 Subject: [PATCH 07/11] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot=20?= =?UTF-8?q?post-processor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- .../oauth2/ServiceAccountCredentials.java | 3 +-- .../auth/oauth2/MockTokenServerTransport.java | 6 ++--- .../google/auth/oauth2/TokenVerifierTest.java | 27 ++++++++++--------- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index abcac4952..123d72dc0 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -832,8 +832,7 @@ public boolean equals(Object obj) { && Objects.equals(this.defaultRetriesEnabled, other.defaultRetriesEnabled); } - String createAssertion(JsonFactory jsonFactory, long currentTime) - throws IOException { + String createAssertion(JsonFactory jsonFactory, long currentTime) throws IOException { JsonWebSignature.Header header = new JsonWebSignature.Header(); header.setAlgorithm("RS256"); header.setType("JWT"); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java index 40b53c0c9..29c8e6337 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java @@ -135,9 +135,9 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce final String query = (questionMarkPos > 0) ? url.substring(questionMarkPos + 1) : ""; if (!responseSequence.isEmpty()) { - return new MockLowLevelHttpRequest(url) { - @Override - public LowLevelHttpResponse execute() throws IOException { + return new MockLowLevelHttpRequest(url) { + @Override + public LowLevelHttpResponse execute() throws IOException { try { return responseSequence.poll().get(); } catch (ExecutionException e) { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index e635e36ac..bf5e5f700 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -191,20 +191,23 @@ public LowLevelHttpResponse execute() throws IOException { @Test void verifyPublicKeyStoreIntermittentError() throws IOException, VerificationException { // mock responses - MockLowLevelHttpResponse response404 = new MockLowLevelHttpResponse() - .setStatusCode(404) - .setContentType("application/json") - .setContent(""); + MockLowLevelHttpResponse response404 = + new MockLowLevelHttpResponse() + .setStatusCode(404) + .setContentType("application/json") + .setContent(""); - MockLowLevelHttpResponse responseEmpty = new MockLowLevelHttpResponse() - .setStatusCode(200) - .setContentType("application/json") - .setContent("{\"keys\":[]}"); + MockLowLevelHttpResponse responseEmpty = + new MockLowLevelHttpResponse() + .setStatusCode(200) + .setContentType("application/json") + .setContent("{\"keys\":[]}"); - MockLowLevelHttpResponse responseGood = new MockLowLevelHttpResponse() - .setStatusCode(200) - .setContentType("application/json") - .setContent(readResourceAsString("iap_keys.json")); + MockLowLevelHttpResponse responseGood = + new MockLowLevelHttpResponse() + .setStatusCode(200) + .setContentType("application/json") + .setContent(readResourceAsString("iap_keys.json")); // Mock HTTP requests MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); From bd2b0ea39fd4600a16eebc56d09bf701f81c8d0f Mon Sep 17 00:00:00 2001 From: Timur Sadykov Date: Tue, 9 Aug 2022 17:15:06 -0700 Subject: [PATCH 08/11] fix: update an assert in existing test case --- .../javatests/com/google/auth/oauth2/TokenVerifierTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index bf5e5f700..a493e22cd 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -147,7 +147,7 @@ public LowLevelHttpResponse execute() throws IOException { TokenVerifier.VerificationException exception = assertThrows( TokenVerifier.VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); - assertTrue(exception.getMessage().contains("Could not find PublicKey")); + assertTrue(exception.getMessage().contains("Error fetching PublicKey from certificate location")); } @Test From b2a4ec2b71bb61d630fc0aa6dc1f5c24eccf95c7 Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Wed, 10 Aug 2022 00:18:19 +0000 Subject: [PATCH 09/11] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot=20?= =?UTF-8?q?post-processor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- .../javatests/com/google/auth/oauth2/TokenVerifierTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index a493e22cd..041fbabe4 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -147,7 +147,8 @@ public LowLevelHttpResponse execute() throws IOException { TokenVerifier.VerificationException exception = assertThrows( TokenVerifier.VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); - assertTrue(exception.getMessage().contains("Error fetching PublicKey from certificate location")); + assertTrue( + exception.getMessage().contains("Error fetching PublicKey from certificate location")); } @Test From 2be9af17e607c90dd860e4760e1b6df1cd018608 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 9 Aug 2022 18:22:12 +0000 Subject: [PATCH 10/11] chore(main): release 1.10.0 (#962) :robot: I have created a release *beep* *boop* --- ## [1.10.0](https://github.com/googleapis/google-auth-library-java/compare/v1.9.0...v1.10.0) (2022-08-05) ### Features * workforce identity federation for pluggable auth ([#959](https://github.com/googleapis/google-auth-library-java/issues/959)) ([7f2c535](https://github.com/googleapis/google-auth-library-java/commit/7f2c535ab7c842a672d6761f4cd80df88e1a37ed)) ### Bug Fixes * updates executable response spec for executable-sourced credentials ([#955](https://github.com/googleapis/google-auth-library-java/issues/955)) ([48ff83d](https://github.com/googleapis/google-auth-library-java/commit/48ff83dc68e29dcae07fdea963cbbe5525f86a89)) ### Documentation * **samples:** added auth samples and tests ([#927](https://github.com/googleapis/google-auth-library-java/issues/927)) ([32c717f](https://github.com/googleapis/google-auth-library-java/commit/32c717fdf1a721f3e7ca3d75f03fcc229923689c)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- CHANGELOG.md | 17 +++++++++++++++++ appengine/pom.xml | 2 +- bom/pom.xml | 2 +- credentials/pom.xml | 2 +- oauth2_http/pom.xml | 2 +- pom.xml | 2 +- versions.txt | 12 ++++++------ 7 files changed, 28 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25e44203b..12e9025c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # Changelog +## [1.10.0](https://github.com/googleapis/google-auth-library-java/compare/v1.9.0...v1.10.0) (2022-08-05) + + +### Features + +* workforce identity federation for pluggable auth ([#959](https://github.com/googleapis/google-auth-library-java/issues/959)) ([7f2c535](https://github.com/googleapis/google-auth-library-java/commit/7f2c535ab7c842a672d6761f4cd80df88e1a37ed)) + + +### Bug Fixes + +* updates executable response spec for executable-sourced credentials ([#955](https://github.com/googleapis/google-auth-library-java/issues/955)) ([48ff83d](https://github.com/googleapis/google-auth-library-java/commit/48ff83dc68e29dcae07fdea963cbbe5525f86a89)) + + +### Documentation + +* **samples:** added auth samples and tests ([#927](https://github.com/googleapis/google-auth-library-java/issues/927)) ([32c717f](https://github.com/googleapis/google-auth-library-java/commit/32c717fdf1a721f3e7ca3d75f03fcc229923689c)) + ## [1.9.0](https://github.com/googleapis/google-auth-library-java/compare/v1.8.1...v1.9.0) (2022-08-02) diff --git a/appengine/pom.xml b/appengine/pom.xml index 6fff828c5..38b1ccf49 100644 --- a/appengine/pom.xml +++ b/appengine/pom.xml @@ -5,7 +5,7 @@ com.google.auth google-auth-library-parent - 1.9.1-SNAPSHOT + 1.10.0 ../pom.xml diff --git a/bom/pom.xml b/bom/pom.xml index 77d8f99f4..00a8dac17 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.auth google-auth-library-bom - 1.9.1-SNAPSHOT + 1.10.0 pom Google Auth Library for Java BOM diff --git a/credentials/pom.xml b/credentials/pom.xml index c1d4f46ff..c88dfebdd 100644 --- a/credentials/pom.xml +++ b/credentials/pom.xml @@ -4,7 +4,7 @@ com.google.auth google-auth-library-parent - 1.9.1-SNAPSHOT + 1.10.0 ../pom.xml diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml index 8aadf3e73..a604d4986 100644 --- a/oauth2_http/pom.xml +++ b/oauth2_http/pom.xml @@ -5,7 +5,7 @@ com.google.auth google-auth-library-parent - 1.9.1-SNAPSHOT + 1.10.0 ../pom.xml diff --git a/pom.xml b/pom.xml index 10171892d..20554ffad 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.auth google-auth-library-parent - 1.9.1-SNAPSHOT + 1.10.0 pom Google Auth Library for Java Client libraries providing authentication and diff --git a/versions.txt b/versions.txt index d8f0ea5fd..4ebc557bd 100644 --- a/versions.txt +++ b/versions.txt @@ -1,9 +1,9 @@ # Format: # module:released-version:current-version -google-auth-library:1.9.0:1.9.1-SNAPSHOT -google-auth-library-bom:1.9.0:1.9.1-SNAPSHOT -google-auth-library-parent:1.9.0:1.9.1-SNAPSHOT -google-auth-library-appengine:1.9.0:1.9.1-SNAPSHOT -google-auth-library-credentials:1.9.0:1.9.1-SNAPSHOT -google-auth-library-oauth2-http:1.9.0:1.9.1-SNAPSHOT +google-auth-library:1.10.0:1.10.0 +google-auth-library-bom:1.10.0:1.10.0 +google-auth-library-parent:1.10.0:1.10.0 +google-auth-library-appengine:1.10.0:1.10.0 +google-auth-library-credentials:1.10.0:1.10.0 +google-auth-library-oauth2-http:1.10.0:1.10.0 From f128a7c6e8817a3176e8804c8080f4882dab2894 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 9 Aug 2022 18:24:18 +0000 Subject: [PATCH 11/11] chore(main): release 1.10.1-SNAPSHOT (#970) :robot: I have created a release *beep* *boop* --- ### Updating meta-information for bleeding-edge SNAPSHOT release. --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- appengine/pom.xml | 2 +- bom/pom.xml | 2 +- credentials/pom.xml | 2 +- oauth2_http/pom.xml | 2 +- pom.xml | 2 +- versions.txt | 12 ++++++------ 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/appengine/pom.xml b/appengine/pom.xml index 38b1ccf49..ecadff5a3 100644 --- a/appengine/pom.xml +++ b/appengine/pom.xml @@ -5,7 +5,7 @@ com.google.auth google-auth-library-parent - 1.10.0 + 1.10.1-SNAPSHOT ../pom.xml diff --git a/bom/pom.xml b/bom/pom.xml index 00a8dac17..6c00beddb 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.auth google-auth-library-bom - 1.10.0 + 1.10.1-SNAPSHOT pom Google Auth Library for Java BOM diff --git a/credentials/pom.xml b/credentials/pom.xml index c88dfebdd..6048dc662 100644 --- a/credentials/pom.xml +++ b/credentials/pom.xml @@ -4,7 +4,7 @@ com.google.auth google-auth-library-parent - 1.10.0 + 1.10.1-SNAPSHOT ../pom.xml diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml index a604d4986..d9bd261b5 100644 --- a/oauth2_http/pom.xml +++ b/oauth2_http/pom.xml @@ -5,7 +5,7 @@ com.google.auth google-auth-library-parent - 1.10.0 + 1.10.1-SNAPSHOT ../pom.xml diff --git a/pom.xml b/pom.xml index 20554ffad..46e761589 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.auth google-auth-library-parent - 1.10.0 + 1.10.1-SNAPSHOT pom Google Auth Library for Java Client libraries providing authentication and diff --git a/versions.txt b/versions.txt index 4ebc557bd..36266972f 100644 --- a/versions.txt +++ b/versions.txt @@ -1,9 +1,9 @@ # Format: # module:released-version:current-version -google-auth-library:1.10.0:1.10.0 -google-auth-library-bom:1.10.0:1.10.0 -google-auth-library-parent:1.10.0:1.10.0 -google-auth-library-appengine:1.10.0:1.10.0 -google-auth-library-credentials:1.10.0:1.10.0 -google-auth-library-oauth2-http:1.10.0:1.10.0 +google-auth-library:1.10.0:1.10.1-SNAPSHOT +google-auth-library-bom:1.10.0:1.10.1-SNAPSHOT +google-auth-library-parent:1.10.0:1.10.1-SNAPSHOT +google-auth-library-appengine:1.10.0:1.10.1-SNAPSHOT +google-auth-library-credentials:1.10.0:1.10.1-SNAPSHOT +google-auth-library-oauth2-http:1.10.0:1.10.1-SNAPSHOT