From b4e6f1a0bd17dd31edc85ed4879cea75857fd747 Mon Sep 17 00:00:00 2001
From: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>
Date: Tue, 27 Apr 2021 13:51:27 -0700
Subject: [PATCH] fix: use orginal url as audience for self signed jwt if
 scheme or host is null (#642)

---
 .../oauth2/ServiceAccountJwtAccessCredentials.java |  2 +-
 .../ServiceAccountJwtAccessCredentialsTest.java    | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
index c4f024256..2380b1cf6 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
@@ -339,7 +339,7 @@ public boolean hasRequestMetadataOnly() {
    */
   @VisibleForTesting
   static URI getUriForSelfSignedJWT(URI uri) {
-    if (uri == null) {
+    if (uri == null || uri.getScheme() == null || uri.getHost() == null) {
       return uri;
     }
     try {
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
index 4e9aa93b1..81b5f7de3 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
@@ -181,6 +181,20 @@ public void getUriForSelfSignedJWT() {
     assertEquals(expected, ServiceAccountJwtAccessCredentials.getUriForSelfSignedJWT(uri));
   }
 
+  @Test
+  public void getUriForSelfSignedJWT_noHost() {
+    URI uri = URI.create("file:foo");
+    URI expected = URI.create("file:foo");
+    assertEquals(expected, ServiceAccountJwtAccessCredentials.getUriForSelfSignedJWT(uri));
+  }
+
+  @Test
+  public void getUriForSelfSignedJWT_forStaticAudience_returnsURI() {
+    URI uri = URI.create("compute.googleapis.com");
+    URI expected = URI.create("compute.googleapis.com");
+    assertEquals(expected, ServiceAccountJwtAccessCredentials.getUriForSelfSignedJWT(uri));
+  }
+
   @Test
   public void hasRequestMetadata_returnsTrue() throws IOException {
     Credentials credentials =