From 4c04c51cf194dc25a1c40b0d6146849d036c098e Mon Sep 17 00:00:00 2001 From: Chengyuan Zhang Date: Fri, 30 Aug 2019 11:21:33 -0700 Subject: [PATCH] auth: fix builder invocation for converting Google service account to Jwt access credential (#6106) * Fixed mistaken method invocation for privateKeyId getter/setter. * Added test coverage to verify jwt credentials are applied to request metadata correctly. * No need to expose serviceUri method for testing. --- .../GoogleAuthLibraryCallCredentials.java | 4 +-- .../GoogleAuthLibraryCallCredentialsTest.java | 34 +++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java b/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java index 7ca0370707b..852fba73b20 100644 --- a/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java +++ b/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java @@ -296,8 +296,8 @@ public JwtHelper(Class rawServiceAccountClass, ClassLoader loader) methodPairs.add(new MethodPair(getter, setter)); } { - Method getter = serviceAccountClass.getMethod("getPrivateKey"); - Method setter = builderClass.getMethod("setPrivateKey", getter.getReturnType()); + Method getter = serviceAccountClass.getMethod("getPrivateKeyId"); + Method setter = builderClass.getMethod("setPrivateKeyId", getter.getReturnType()); methodPairs.add(new MethodPair(getter, setter)); } } diff --git a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java index 5d94c471516..4c798b0892f 100644 --- a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java +++ b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java @@ -34,6 +34,7 @@ import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.OAuth2Credentials; import com.google.auth.oauth2.ServiceAccountCredentials; +import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials; import com.google.common.collect.Iterables; import com.google.common.collect.LinkedListMultimap; import com.google.common.collect.ListMultimap; @@ -41,6 +42,7 @@ import io.grpc.Attributes; import io.grpc.CallCredentials; import io.grpc.CallCredentials.MetadataApplier; +import io.grpc.CallCredentials.RequestInfo; import io.grpc.Metadata; import io.grpc.MethodDescriptor; import io.grpc.SecurityLevel; @@ -388,6 +390,38 @@ public void oauthClassesNotInClassPath() throws Exception { Iterables.toArray(authorization, String.class)); } + @Test + public void jwtAccessCredentialsInRequestMetadata() throws Exception { + KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + RequestInfo requestInfo = new RequestInfoImpl("example.com:123"); + + ServiceAccountJwtAccessCredentials jwtCreds = + ServiceAccountJwtAccessCredentials.newBuilder() + .setClientId("test-client") + .setClientEmail("test-email@example.com") + .setPrivateKey(pair.getPrivate()) + .setPrivateKeyId("test-private-key-id") + .build(); + List expectedAuthMetadata = jwtCreds + .getRequestMetadata(new URI("https://example.com:123/a.service")).get("Authorization"); + + ServiceAccountCredentials credentials = + ServiceAccountCredentials.newBuilder() + .setClientId("test-client") + .setClientEmail("test-email@example.com") + .setPrivateKey(pair.getPrivate()) + .setPrivateKeyId("test-private-key-id") + .build(); + GoogleAuthLibraryCallCredentials callCredentials = + new GoogleAuthLibraryCallCredentials(credentials); + callCredentials.applyRequestMetadata(requestInfo, executor, applier); + + verify(applier).apply(headersCaptor.capture()); + Metadata headers = headersCaptor.getValue(); + assertArrayEquals(Iterables.toArray(expectedAuthMetadata, String.class), + Iterables.toArray(headers.getAll(AUTHORIZATION), String.class)); + } + private int runPendingRunnables() { ArrayList savedPendingRunnables = pendingRunnables; pendingRunnables = new ArrayList<>();