Package com.google.auth.oauth2
Class IamUtils
- java.lang.Object
-
- com.google.auth.oauth2.IamUtils
-
class IamUtils extends java.lang.Object
This internal class provides shared utilities for interacting with the IAM API for common features like signing.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) static java.util.Set<java.lang.Integer>
IAM_RETRYABLE_STATUS_CODES
private static java.lang.String
ID_TOKEN_URL_FORMAT
private static java.lang.String
PARSE_ERROR_MESSAGE
private static java.lang.String
PARSE_ERROR_SIGNATURE
private static java.lang.String
SIGN_BLOB_URL_FORMAT
-
Constructor Summary
Constructors Constructor Description IamUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description (package private) static IdToken
getIdToken(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, java.lang.String targetAudience, boolean includeEmail, java.util.Map<java.lang.String,?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics)
Returns an IdToken issued to the serviceAccount with a specified targetAudienceprivate static java.lang.String
getSignature(java.lang.String serviceAccountEmail, java.lang.String bytes, java.util.Map<java.lang.String,?> additionalFields, com.google.api.client.http.HttpRequestFactory factory)
(package private) static byte[]
sign(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, java.util.Map<java.lang.String,?> additionalFields)
Returns a signature for the provided bytes.
-
-
-
Field Detail
-
SIGN_BLOB_URL_FORMAT
private static final java.lang.String SIGN_BLOB_URL_FORMAT
- See Also:
- Constant Field Values
-
ID_TOKEN_URL_FORMAT
private static final java.lang.String ID_TOKEN_URL_FORMAT
- See Also:
- Constant Field Values
-
PARSE_ERROR_MESSAGE
private static final java.lang.String PARSE_ERROR_MESSAGE
- See Also:
- Constant Field Values
-
PARSE_ERROR_SIGNATURE
private static final java.lang.String PARSE_ERROR_SIGNATURE
- See Also:
- Constant Field Values
-
IAM_RETRYABLE_STATUS_CODES
static final java.util.Set<java.lang.Integer> IAM_RETRYABLE_STATUS_CODES
-
-
Method Detail
-
sign
static byte[] sign(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, java.util.Map<java.lang.String,?> additionalFields)
Returns a signature for the provided bytes.- Parameters:
serviceAccountEmail
- the email address for the service account used for signingcredentials
- credentials required for making the IAM calltransport
- transport used for building the HTTP requesttoSign
- bytes to signadditionalFields
- additional fields to send in the IAM call- Returns:
- signed bytes
- Throws:
ServiceAccountSigner.SigningException
- if signing fails
-
getSignature
private static java.lang.String getSignature(java.lang.String serviceAccountEmail, java.lang.String bytes, java.util.Map<java.lang.String,?> additionalFields, com.google.api.client.http.HttpRequestFactory factory) throws java.io.IOException
- Throws:
java.io.IOException
-
getIdToken
static IdToken getIdToken(java.lang.String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, java.lang.String targetAudience, boolean includeEmail, java.util.Map<java.lang.String,?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics) throws java.io.IOException
Returns an IdToken issued to the serviceAccount with a specified targetAudience- Parameters:
serviceAccountEmail
- the email address for the service account to get an ID Token forcredentials
- credentials required for making the IAM calltransport
- transport used for building the HTTP requesttargetAudience
- the audience the issued ID token should includeadditionalFields
- additional fields to send in the IAM callcredentialTypeForMetrics
- credential type for credential making this call- Returns:
- IdToken issed to the serviceAccount
- Throws:
java.io.IOException
- if the IdToken cannot be issued.- See Also:
- ...
-
-