Class IamUtils


  • class IamUtils
    extends java.lang.Object
    This internal class provides shared utilities for interacting with the IAM API for common features like signing.
    • Constructor Summary

      Constructors 
      Constructor Description
      IamUtils()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) static IdToken getIdToken​(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, java.lang.String targetAudience, boolean includeEmail, java.util.Map<java.lang.String,​?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics)
      Returns an IdToken issued to the serviceAccount with a specified targetAudience
      private static java.lang.String getSignature​(java.lang.String serviceAccountEmail, java.lang.String bytes, java.util.Map<java.lang.String,​?> additionalFields, com.google.api.client.http.HttpRequestFactory factory)  
      (package private) static byte[] sign​(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, java.util.Map<java.lang.String,​?> additionalFields)
      Returns a signature for the provided bytes.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • SIGN_BLOB_URL_FORMAT

        private static final java.lang.String SIGN_BLOB_URL_FORMAT
        See Also:
        Constant Field Values
      • ID_TOKEN_URL_FORMAT

        private static final java.lang.String ID_TOKEN_URL_FORMAT
        See Also:
        Constant Field Values
      • PARSE_ERROR_MESSAGE

        private static final java.lang.String PARSE_ERROR_MESSAGE
        See Also:
        Constant Field Values
      • PARSE_ERROR_SIGNATURE

        private static final java.lang.String PARSE_ERROR_SIGNATURE
        See Also:
        Constant Field Values
      • IAM_RETRYABLE_STATUS_CODES

        static final java.util.Set<java.lang.Integer> IAM_RETRYABLE_STATUS_CODES
    • Constructor Detail

      • IamUtils

        IamUtils()
    • Method Detail

      • sign

        static byte[] sign​(java.lang.String serviceAccountEmail,
                           Credentials credentials,
                           com.google.api.client.http.HttpTransport transport,
                           byte[] toSign,
                           java.util.Map<java.lang.String,​?> additionalFields)
        Returns a signature for the provided bytes.
        Parameters:
        serviceAccountEmail - the email address for the service account used for signing
        credentials - credentials required for making the IAM call
        transport - transport used for building the HTTP request
        toSign - bytes to sign
        additionalFields - additional fields to send in the IAM call
        Returns:
        signed bytes
        Throws:
        ServiceAccountSigner.SigningException - if signing fails
      • getSignature

        private static java.lang.String getSignature​(java.lang.String serviceAccountEmail,
                                                     java.lang.String bytes,
                                                     java.util.Map<java.lang.String,​?> additionalFields,
                                                     com.google.api.client.http.HttpRequestFactory factory)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • getIdToken

        static IdToken getIdToken​(java.lang.String serviceAccountEmail,
                                  Credentials credentials,
                                  com.google.api.client.http.HttpTransport transport,
                                  java.lang.String targetAudience,
                                  boolean includeEmail,
                                  java.util.Map<java.lang.String,​?> additionalFields,
                                  CredentialTypeForMetrics credentialTypeForMetrics)
                           throws java.io.IOException
        Returns an IdToken issued to the serviceAccount with a specified targetAudience
        Parameters:
        serviceAccountEmail - the email address for the service account to get an ID Token for
        credentials - credentials required for making the IAM call
        transport - transport used for building the HTTP request
        targetAudience - the audience the issued ID token should include
        additionalFields - additional fields to send in the IAM call
        credentialTypeForMetrics - credential type for credential making this call
        Returns:
        IdToken issed to the serviceAccount
        Throws:
        java.io.IOException - if the IdToken cannot be issued.
        See Also:
        ...