Class GdchCredentials

All Implemented Interfaces:
QuotaProjectIdProvider, Serializable

public class GdchCredentials extends GoogleCredentials
See Also:
  • Field Details

    • SUPPORTED_FORMAT_VERSION

      static final String SUPPORTED_FORMAT_VERSION
      See Also:
    • PARSE_ERROR_PREFIX

      private static final String PARSE_ERROR_PREFIX
      See Also:
    • DEFAULT_LIFETIME_IN_SECONDS

      private static final int DEFAULT_LIFETIME_IN_SECONDS
      See Also:
    • privateKey

      private final PrivateKey privateKey
    • privateKeyId

      private final String privateKeyId
    • projectId

      private final String projectId
    • serviceIdentityName

      private final String serviceIdentityName
    • tokenServerUri

      private final URI tokenServerUri
    • apiAudience

      private final URI apiAudience
    • lifetime

      private final int lifetime
    • transportFactoryClassName

      private final String transportFactoryClassName
    • caCertPath

      private final String caCertPath
    • transportFactory

      private transient HttpTransportFactory transportFactory
  • Constructor Details

  • Method Details

    • fromJson

      static GdchCredentials fromJson(Map<String,Object> json) throws IOException
      Create GDCH service account credentials defined by JSON.
      Parameters:
      json - a map from the JSON representing the credentials.
      Returns:
      the GDCH service account credentials defined by the JSON.
      Throws:
      IOException - if the credential cannot be created from the JSON.
    • fromJson

      static GdchCredentials fromJson(Map<String,Object> json, HttpTransportFactory transportFactory) throws IOException
      Create GDCH service account credentials defined by JSON.
      Parameters:
      json - a map from the JSON representing the credentials.
      transportFactory - HTTP transport factory, creates the transport used to get access tokens.
      Returns:
      the GDCH service account credentials defined by the JSON.
      Throws:
      IOException - if the credential cannot be created from the JSON.
    • fromPkcs8

      static GdchCredentials fromPkcs8(String privateKeyPkcs8, GdchCredentials.Builder builder) throws IOException
      Internal constructor.
      Parameters:
      privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
      builder - A builder for GdchCredentials.
      Returns:
      an instance of GdchCredentials.
      Throws:
      IOException
    • createWithGdchAudience

      public GdchCredentials createWithGdchAudience(URI apiAudience) throws IOException
      Create a copy of GDCH credentials with the specified audience.
      Parameters:
      apiAudience - The intended audience for GDCH credentials.
      Throws:
      IOException
    • refreshAccessToken

      public AccessToken refreshAccessToken() throws IOException
      Refresh the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).

      For GDCH credentials, this class creates a self-signed JWT, and sends to the GDCH authentication endpoint (tokenServerUri) to exchange an access token for the intended api audience (apiAudience).

      Overrides:
      refreshAccessToken in class OAuth2Credentials
      Returns:
      never
      Throws:
      IOException
    • createAssertion

      String createAssertion(com.google.api.client.json.JsonFactory jsonFactory, long currentTime, URI apiAudience) throws IOException
      Create a self-signed JWT for GDCH authentication flow.

      The self-signed JWT is used to exchange access token from GDCH authentication (tokenServerUri), not for API call. It uses the serviceIdentityName as the `iss` and `sub` claim, and the tokenServerUri as the `aud` claim. The JWT is signed with the privateKey.

      Throws:
      IOException
    • getIssuerSubjectValue

      static String getIssuerSubjectValue(String projectId, String serviceIdentityName)
      Get the issuer and subject value in the format GDCH token server required.

      This value is specific to GDCH and combined parameter used for both `iss` and `sub` fields in JWT claim.

    • getProjectId

      public final String getProjectId()
    • getPrivateKeyId

      public final String getPrivateKeyId()
    • getPrivateKey

      public final PrivateKey getPrivateKey()
    • getServiceIdentityName

      public final String getServiceIdentityName()
    • getTokenServerUri

      public final URI getTokenServerUri()
    • getApiAudience

      public final URI getApiAudience()
    • getTransportFactory

      public final HttpTransportFactory getTransportFactory()
    • getCaCertPath

      public final String getCaCertPath()
    • newBuilder

      public static GdchCredentials.Builder newBuilder()
    • toBuilder

      public GdchCredentials.Builder toBuilder()
      Overrides:
      toBuilder in class GoogleCredentials
    • readObject

      private void readObject(ObjectInputStream input) throws IOException, ClassNotFoundException
      Throws:
      IOException
      ClassNotFoundException
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class GoogleCredentials
    • toString

      public String toString()
      Overrides:
      toString in class GoogleCredentials
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class GoogleCredentials
    • readStream

      static InputStream readStream(File file) throws FileNotFoundException
      Throws:
      FileNotFoundException
    • validateField

      private static String validateField(String field, String fieldName) throws IOException
      Throws:
      IOException