Class GdchCredentials

    • Field Detail

      • SUPPORTED_FORMAT_VERSION

        static final java.lang.String SUPPORTED_FORMAT_VERSION
        See Also:
        Constant Field Values
      • PARSE_ERROR_PREFIX

        private static final java.lang.String PARSE_ERROR_PREFIX
        See Also:
        Constant Field Values
      • DEFAULT_LIFETIME_IN_SECONDS

        private static final int DEFAULT_LIFETIME_IN_SECONDS
        See Also:
        Constant Field Values
      • privateKey

        private final java.security.PrivateKey privateKey
      • privateKeyId

        private final java.lang.String privateKeyId
      • projectId

        private final java.lang.String projectId
      • serviceIdentityName

        private final java.lang.String serviceIdentityName
      • tokenServerUri

        private final java.net.URI tokenServerUri
      • apiAudience

        private final java.net.URI apiAudience
      • lifetime

        private final int lifetime
      • transportFactoryClassName

        private final java.lang.String transportFactoryClassName
      • caCertPath

        private final java.lang.String caCertPath
    • Method Detail

      • fromJson

        static GdchCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json)
                                 throws java.io.IOException
        Create GDCH service account credentials defined by JSON.
        Parameters:
        json - a map from the JSON representing the credentials.
        Returns:
        the GDCH service account credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.
      • fromJson

        static GdchCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json,
                                        HttpTransportFactory transportFactory)
                                 throws java.io.IOException
        Create GDCH service account credentials defined by JSON.
        Parameters:
        json - a map from the JSON representing the credentials.
        transportFactory - HTTP transport factory, creates the transport used to get access tokens.
        Returns:
        the GDCH service account credentials defined by the JSON.
        Throws:
        java.io.IOException - if the credential cannot be created from the JSON.
      • fromPkcs8

        static GdchCredentials fromPkcs8​(java.lang.String privateKeyPkcs8,
                                         GdchCredentials.Builder builder)
                                  throws java.io.IOException
        Internal constructor.
        Parameters:
        privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
        builder - A builder for GdchCredentials.
        Returns:
        an instance of GdchCredentials.
        Throws:
        java.io.IOException
      • createWithGdchAudience

        public GdchCredentials createWithGdchAudience​(java.net.URI apiAudience)
                                               throws java.io.IOException
        Create a copy of GDCH credentials with the specified audience.
        Parameters:
        apiAudience - The intended audience for GDCH credentials.
        Throws:
        java.io.IOException
      • refreshAccessToken

        public AccessToken refreshAccessToken()
                                       throws java.io.IOException
        Refresh the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).

        For GDCH credentials, this class creates a self-signed JWT, and sends to the GDCH authentication endpoint (tokenServerUri) to exchange an access token for the intended api audience (apiAudience).

        Overrides:
        refreshAccessToken in class OAuth2Credentials
        Returns:
        never
        Throws:
        java.io.IOException
      • createAssertion

        java.lang.String createAssertion​(com.google.api.client.json.JsonFactory jsonFactory,
                                         long currentTime,
                                         java.net.URI apiAudience)
                                  throws java.io.IOException
        Create a self-signed JWT for GDCH authentication flow.

        The self-signed JWT is used to exchange access token from GDCH authentication (tokenServerUri), not for API call. It uses the serviceIdentityName as the `iss` and `sub` claim, and the tokenServerUri as the `aud` claim. The JWT is signed with the privateKey.

        Throws:
        java.io.IOException
      • getIssuerSubjectValue

        static java.lang.String getIssuerSubjectValue​(java.lang.String projectId,
                                                      java.lang.String serviceIdentityName)
        Get the issuer and subject value in the format GDCH token server required.

        This value is specific to GDCH and combined parameter used for both `iss` and `sub` fields in JWT claim.

      • getProjectId

        public final java.lang.String getProjectId()
      • getPrivateKeyId

        public final java.lang.String getPrivateKeyId()
      • getPrivateKey

        public final java.security.PrivateKey getPrivateKey()
      • getServiceIdentityName

        public final java.lang.String getServiceIdentityName()
      • getTokenServerUri

        public final java.net.URI getTokenServerUri()
      • getApiAudience

        public final java.net.URI getApiAudience()
      • getCaCertPath

        public final java.lang.String getCaCertPath()
      • readObject

        private void readObject​(java.io.ObjectInputStream input)
                         throws java.io.IOException,
                                java.lang.ClassNotFoundException
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException
      • readStream

        static java.io.InputStream readStream​(java.io.File file)
                                       throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException
      • validateField

        private static java.lang.String validateField​(java.lang.String field,
                                                      java.lang.String fieldName)
                                               throws java.io.IOException
        Throws:
        java.io.IOException