Class SecureSessionAgent
- java.lang.Object
-
- com.google.auth.oauth2.SecureSessionAgent
-
@ThreadSafe public class SecureSessionAgent extends java.lang.Object
Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.mTLS configuration is queried from the MDS MTLS Autoconfiguration endpoint. See https://google.aip.dev/auth/4115 for details.
This is an experimental utility.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SecureSessionAgent.Builder
-
Field Summary
Fields Modifier and Type Field Description (package private) static java.lang.String
GOOGLE
private static java.lang.String
MDS_MTLS_ENDPOINT
(package private) static java.lang.String
METADATA_FLAVOR
private static java.lang.String
PARSE_ERROR_S2A
private static java.util.Set<java.lang.Integer>
RETRYABLE_STATUS_CODES
(package private) static java.lang.String
S2A_CONFIG_ENDPOINT_POSTFIX
(package private) static java.lang.String
S2A_MTLS_ADDRESS_JSON_KEY
(package private) static java.lang.String
S2A_PLAINTEXT_ADDRESS_JSON_KEY
private HttpTransportFactory
transportFactory
-
Constructor Summary
Constructors Constructor Description SecureSessionAgent(SecureSessionAgent.Builder builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SecureSessionAgent
create()
SecureSessionAgentConfig
getConfig()
This method makes a network call to MDS to get theSecureSessionAgentConfig
which contains the plaintext and mtls address to reach the S2A (Secure Session Agent).private SecureSessionAgentConfig
getSecureSessionAgentConfigFromMDS()
Queries the MDS mTLS Autoconfiguration endpoint and returns theSecureSessionAgentConfig
.static SecureSessionAgent.Builder
newBuilder()
-
-
-
Field Detail
-
S2A_PLAINTEXT_ADDRESS_JSON_KEY
static final java.lang.String S2A_PLAINTEXT_ADDRESS_JSON_KEY
- See Also:
- Constant Field Values
-
S2A_MTLS_ADDRESS_JSON_KEY
static final java.lang.String S2A_MTLS_ADDRESS_JSON_KEY
- See Also:
- Constant Field Values
-
S2A_CONFIG_ENDPOINT_POSTFIX
static final java.lang.String S2A_CONFIG_ENDPOINT_POSTFIX
- See Also:
- Constant Field Values
-
METADATA_FLAVOR
static final java.lang.String METADATA_FLAVOR
- See Also:
- Constant Field Values
-
GOOGLE
static final java.lang.String GOOGLE
- See Also:
- Constant Field Values
-
RETRYABLE_STATUS_CODES
private static final java.util.Set<java.lang.Integer> RETRYABLE_STATUS_CODES
-
PARSE_ERROR_S2A
private static final java.lang.String PARSE_ERROR_S2A
- See Also:
- Constant Field Values
-
MDS_MTLS_ENDPOINT
private static final java.lang.String MDS_MTLS_ENDPOINT
-
transportFactory
private transient HttpTransportFactory transportFactory
-
-
Constructor Detail
-
SecureSessionAgent
SecureSessionAgent(SecureSessionAgent.Builder builder)
-
-
Method Detail
-
getConfig
public SecureSessionAgentConfig getConfig()
This method makes a network call to MDS to get theSecureSessionAgentConfig
which contains the plaintext and mtls address to reach the S2A (Secure Session Agent).- Returns:
- a SecureSessionAgentConfig.
-
create
public static SecureSessionAgent create()
- Returns:
- default instance of SecureSessionAgent
-
newBuilder
public static SecureSessionAgent.Builder newBuilder()
-
getSecureSessionAgentConfigFromMDS
private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS()
Queries the MDS mTLS Autoconfiguration endpoint and returns theSecureSessionAgentConfig
.Returns
SecureSessionAgentConfig
. If S2A is not running, or if any error occurs when making the request to MDS / processing the response,SecureSessionAgentConfig
will be populated with empty addresses.Users are expected to try to fetch the mTLS-S2A address first (via
getMtlsS2AAddress
). If it is empty or they have some problem loading the mTLS-MDS credentials, they should then fallback to fetching the plaintext-S2A address (viagetPlaintextS2AAddress
). If the plaintext-S2A address is empty it means that an error occurred when talking to the MDS / processing the response or that S2A is not running in the environment; in either case this indicates S2A shouldn't be used.- Returns:
- the
SecureSessionAgentConfig
.
-
-