Package com.google.auth.oauth2
Class GdchCredentials
java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.OAuth2Credentials
com.google.auth.oauth2.GoogleCredentials
com.google.auth.oauth2.GdchCredentials
- All Implemented Interfaces:
QuotaProjectIdProvider
,Serializable
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
(package private) static class
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final URI
private final String
private static final int
private final int
private static final String
private final PrivateKey
private final String
private final String
private final String
(package private) static final String
private final URI
private HttpTransportFactory
private final String
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) String
createAssertion
(com.google.api.client.json.JsonFactory jsonFactory, long currentTime, URI apiAudience) Create a self-signed JWT for GDCH authentication flow.createWithGdchAudience
(URI apiAudience) Create a copy of GDCH credentials with the specified audience.boolean
(package private) static GdchCredentials
Create GDCH service account credentials defined by JSON.(package private) static GdchCredentials
fromJson
(Map<String, Object> json, HttpTransportFactory transportFactory) Create GDCH service account credentials defined by JSON.(package private) static GdchCredentials
fromPkcs8
(String privateKeyPkcs8, GdchCredentials.Builder builder) Internal constructor.final URI
final String
(package private) static String
getIssuerSubjectValue
(String projectId, String serviceIdentityName) Get the issuer and subject value in the format GDCH token server required.final PrivateKey
final String
final String
final String
final URI
final HttpTransportFactory
int
hashCode()
static GdchCredentials.Builder
private void
readObject
(ObjectInputStream input) (package private) static InputStream
readStream
(File file) Refresh the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).toString()
private static String
validateField
(String field, String fieldName) Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, fromStream, fromStream, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, getUniverseDomain, isDefaultUniverseDomain, isExplicitUniverseDomain, toStringHelper
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
Field Details
-
SUPPORTED_FORMAT_VERSION
- See Also:
-
PARSE_ERROR_PREFIX
- See Also:
-
DEFAULT_LIFETIME_IN_SECONDS
private static final int DEFAULT_LIFETIME_IN_SECONDS- See Also:
-
privateKey
-
privateKeyId
-
projectId
-
serviceIdentityName
-
tokenServerUri
-
apiAudience
-
lifetime
private final int lifetime -
transportFactoryClassName
-
caCertPath
-
transportFactory
-
-
Constructor Details
-
GdchCredentials
GdchCredentials(GdchCredentials.Builder builder) Internal constructor.- Parameters:
builder
- A builder forGdchCredentials
SeeGdchCredentials.Builder
.
-
-
Method Details
-
fromJson
Create GDCH service account credentials defined by JSON.- Parameters:
json
- a map from the JSON representing the credentials.- Returns:
- the GDCH service account credentials defined by the JSON.
- Throws:
IOException
- if the credential cannot be created from the JSON.
-
fromJson
static GdchCredentials fromJson(Map<String, Object> json, HttpTransportFactory transportFactory) throws IOExceptionCreate GDCH service account credentials defined by JSON.- Parameters:
json
- a map from the JSON representing the credentials.transportFactory
- HTTP transport factory, creates the transport used to get access tokens.- Returns:
- the GDCH service account credentials defined by the JSON.
- Throws:
IOException
- if the credential cannot be created from the JSON.
-
fromPkcs8
static GdchCredentials fromPkcs8(String privateKeyPkcs8, GdchCredentials.Builder builder) throws IOException Internal constructor.- Parameters:
privateKeyPkcs8
- RSA private key object for the service account in PKCS#8 format.builder
- A builder for GdchCredentials.- Returns:
- an instance of GdchCredentials.
- Throws:
IOException
-
createWithGdchAudience
Create a copy of GDCH credentials with the specified audience.- Parameters:
apiAudience
- The intended audience for GDCH credentials.- Throws:
IOException
-
refreshAccessToken
Refresh the OAuth2 access token by getting a new access token using a JSON Web Token (JWT).For GDCH credentials, this class creates a self-signed JWT, and sends to the GDCH authentication endpoint (tokenServerUri) to exchange an access token for the intended api audience (apiAudience).
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
IOException
-
createAssertion
String createAssertion(com.google.api.client.json.JsonFactory jsonFactory, long currentTime, URI apiAudience) throws IOException Create a self-signed JWT for GDCH authentication flow.The self-signed JWT is used to exchange access token from GDCH authentication (tokenServerUri), not for API call. It uses the serviceIdentityName as the `iss` and `sub` claim, and the tokenServerUri as the `aud` claim. The JWT is signed with the privateKey.
- Throws:
IOException
-
getIssuerSubjectValue
Get the issuer and subject value in the format GDCH token server required.This value is specific to GDCH and combined parameter used for both `iss` and `sub` fields in JWT claim.
-
getProjectId
-
getPrivateKeyId
-
getPrivateKey
-
getServiceIdentityName
-
getTokenServerUri
-
getApiAudience
-
getTransportFactory
-
getCaCertPath
-
newBuilder
-
toBuilder
- Overrides:
toBuilder
in classGoogleCredentials
-
readObject
- Throws:
IOException
ClassNotFoundException
-
hashCode
public int hashCode()- Overrides:
hashCode
in classGoogleCredentials
-
toString
- Overrides:
toString
in classGoogleCredentials
-
equals
- Overrides:
equals
in classGoogleCredentials
-
readStream
- Throws:
FileNotFoundException
-
validateField
- Throws:
IOException
-