From e36d46be40cf58e263cc8b463d7fa05970dcc3fd Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Wed, 24 Jun 2020 14:02:39 -0700 Subject: [PATCH 1/5] chore(iap): cleanup spotbugs warnings --- iap/src/main/java/com/example/iap/BuildIapRequest.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 2fae86f320c..05abcdbab32 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -37,8 +37,6 @@ public class BuildIapRequest { private static final HttpTransport httpTransport = new NetHttpTransport(); - private static Clock clock = Clock.systemUTC(); - private BuildIapRequest() {} private static IdTokenProvider getIdTokenProvider() throws Exception { @@ -46,7 +44,10 @@ private static IdTokenProvider getIdTokenProvider() throws Exception { GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE)); // service account credentials are required to sign the jwt token if (credentials == null || !(credentials instanceof IdTokenProvider)) { - throw new Exception("Google credentials : credentials that can provide id tokens expected"); + throw new Exception( + String.format( + "Expected credentials that can provide id tokens expected - found %s instead", + credentials.getClass().getName())); } return (IdTokenProvider) credentials; } From 7b424a107b44f8a352556be8ff36747df74cae73 Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Wed, 24 Jun 2020 14:05:02 -0700 Subject: [PATCH 2/5] chore: remove extra 'expected' --- iap/src/main/java/com/example/iap/BuildIapRequest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 05abcdbab32..542b023081c 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -46,7 +46,7 @@ private static IdTokenProvider getIdTokenProvider() throws Exception { if (credentials == null || !(credentials instanceof IdTokenProvider)) { throw new Exception( String.format( - "Expected credentials that can provide id tokens expected - found %s instead", + "Expected credentials that can provide id tokens - found %s instead", credentials.getClass().getName())); } return (IdTokenProvider) credentials; From 74041594b182e117c73a744ad1144d9fbcfa0bea Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Wed, 24 Jun 2020 14:16:45 -0700 Subject: [PATCH 3/5] fix: run formatter, remove unused constants, switch to Preconditions --- .../java/com/example/iap/BuildIapRequest.java | 36 +++++++++---------- .../iap/BuildAndVerifyIapRequestIT.java | 4 +-- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 542b023081c..957334d382c 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -25,30 +25,27 @@ import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.IdTokenCredentials; import com.google.auth.oauth2.IdTokenProvider; -import java.time.Clock; +import com.google.common.base.Preconditions; + +import java.io.IOException; import java.util.Collections; public class BuildIapRequest { private static final String IAM_SCOPE = "https://www.googleapis.com/auth/iam"; - private static final String OAUTH_TOKEN_URI = "https://www.googleapis.com/oauth2/v4/token"; - private static final String JWT_BEARER_TOKEN_GRANT_TYPE = - "urn:ietf:params:oauth:grant-type:jwt-bearer"; - private static final long EXPIRATION_TIME_IN_SECONDS = 3600L; private static final HttpTransport httpTransport = new NetHttpTransport(); private BuildIapRequest() {} - private static IdTokenProvider getIdTokenProvider() throws Exception { + private static IdTokenProvider getIdTokenProvider() throws IOException { GoogleCredentials credentials = GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE)); - // service account credentials are required to sign the jwt token - if (credentials == null || !(credentials instanceof IdTokenProvider)) { - throw new Exception( - String.format( - "Expected credentials that can provide id tokens - found %s instead", - credentials.getClass().getName())); - } + + Preconditions.checkNotNull(credentials, "Expected to load credentials"); + Preconditions.checkState( + credentials instanceof IdTokenProvider, + "Expected credentials that can provide id tokens expected"); + return (IdTokenProvider) credentials; } @@ -58,16 +55,17 @@ private static IdTokenProvider getIdTokenProvider() throws Exception { * @param request Request to add authorization header * @param iapClientId OAuth 2.0 client ID for IAP protected resource * @return Clone of request with Bearer style authorization header with signed jwt token. - * @throws Exception exception creating signed JWT + * @throws IOException exception creating signed JWT */ public static HttpRequest buildIapRequest(HttpRequest request, String iapClientId) - throws Exception { + throws IOException { IdTokenProvider idTokenProvider = getIdTokenProvider(); - IdTokenCredentials credentials = IdTokenCredentials.newBuilder() - .setIdTokenProvider(idTokenProvider) - .setTargetAudience(iapClientId) - .build(); + IdTokenCredentials credentials = + IdTokenCredentials.newBuilder() + .setIdTokenProvider(idTokenProvider) + .setTargetAudience(iapClientId) + .build(); HttpRequestInitializer httpRequestInitializer = new HttpCredentialsAdapter(credentials); diff --git a/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java b/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java index e5f52e86e67..3bef9a2824e 100644 --- a/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java +++ b/iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java @@ -33,9 +33,9 @@ import org.junit.runners.JUnit4; @RunWith(JUnit4.class) -//CHECKSTYLE OFF: AbbreviationAsWordInName +// CHECKSTYLE OFF: AbbreviationAsWordInName public class BuildAndVerifyIapRequestIT { - //CHECKSTYLE ON: AbbreviationAsWordInName + // CHECKSTYLE ON: AbbreviationAsWordInName // Update these fields to reflect your IAP protected App Engine credentials private static Long IAP_PROJECT_NUMBER = 320431926067L; From 124fe205139d459e3e5ec80a5150114f3147148d Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Wed, 24 Jun 2020 14:18:51 -0700 Subject: [PATCH 4/5] chore: fix checkstyle warning --- iap/src/main/java/com/example/iap/BuildIapRequest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 957334d382c..4c15e1c1f28 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -26,7 +26,6 @@ import com.google.auth.oauth2.IdTokenCredentials; import com.google.auth.oauth2.IdTokenProvider; import com.google.common.base.Preconditions; - import java.io.IOException; import java.util.Collections; From 89eebcc2d0b03c4e22d5e2077208653cf77815fb Mon Sep 17 00:00:00 2001 From: Jeff Ching Date: Wed, 24 Jun 2020 14:21:48 -0700 Subject: [PATCH 5/5] fix: add class name to precondition error message --- iap/src/main/java/com/example/iap/BuildIapRequest.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/iap/src/main/java/com/example/iap/BuildIapRequest.java b/iap/src/main/java/com/example/iap/BuildIapRequest.java index 4c15e1c1f28..b3d76ab10d0 100644 --- a/iap/src/main/java/com/example/iap/BuildIapRequest.java +++ b/iap/src/main/java/com/example/iap/BuildIapRequest.java @@ -43,7 +43,9 @@ private static IdTokenProvider getIdTokenProvider() throws IOException { Preconditions.checkNotNull(credentials, "Expected to load credentials"); Preconditions.checkState( credentials instanceof IdTokenProvider, - "Expected credentials that can provide id tokens expected"); + String.format( + "Expected credentials that can provide id tokens, got %s instead", + credentials.getClass().getName())); return (IdTokenProvider) credentials; }