From fb80d0cbc3b94806407c54405817aad420317a72 Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 07:57:39 -0400 Subject: [PATCH 1/6] throw SigningException as promised --- .../auth/oauth2/ComputeEngineCredentials.java | 15 ++++++----- .../java/com/google/auth/oauth2/IamUtils.java | 1 + .../oauth2/ComputeEngineCredentialsTest.java | 25 +++++++++++++++++-- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index 453356f80..a64f7243e 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -304,12 +304,15 @@ public String getAccount() { */ @Override public byte[] sign(byte[] toSign) { - return IamUtils.sign( - getAccount(), - this, - transportFactory.create(), - toSign, - Collections.emptyMap()); + try { + String account = getAccount(); + return IamUtils.sign( + account, this, transportFactory.create(), toSign, Collections.emptyMap()); + } catch (SigningException ex) { + throw ex; + } catch (RuntimeException ex) { + throw new SigningException("Signing failed", ex); + } } private String getDefaultServiceAccount() throws IOException { diff --git a/oauth2_http/java/com/google/auth/oauth2/IamUtils.java b/oauth2_http/java/com/google/auth/oauth2/IamUtils.java index 596933392..d4675c963 100644 --- a/oauth2_http/java/com/google/auth/oauth2/IamUtils.java +++ b/oauth2_http/java/com/google/auth/oauth2/IamUtils.java @@ -66,6 +66,7 @@ class IamUtils { * @param toSign bytes to sign * @param additionalFields additional fields to send in the IAM call * @return signed bytes + * @throws ServiceAccountSigner.SigningException if signing fails */ static byte[] sign( String serviceAccountEmail, diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 0fc7dfaa7..3589a69bf 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -31,7 +31,6 @@ package com.google.auth.oauth2; -import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -47,9 +46,11 @@ import com.google.api.client.testing.http.MockLowLevelHttpResponse; import com.google.api.client.util.Clock; import com.google.auth.ServiceAccountSigner.SigningException; +import com.google.auth.ServiceAccountSigner; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory; + import java.io.IOException; import java.net.URI; import java.util.List; @@ -296,7 +297,27 @@ public void sign_sameAs() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - assertArrayEquals(expectedSignature, credentials.sign(expectedSignature)); + assertEquals(defaultAccountEmail, credentials.getAccount()); + } + + @Test + public void sign_getAccountFails() throws IOException { + MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); + final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; + byte[] expectedSignature = {0xD, 0xE, 0xA, 0xD}; + + transportFactory.transport.setAccessToken(accessToken); + transportFactory.transport.setSignature(expectedSignature); + ComputeEngineCredentials credentials = + ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); + + try { + credentials.sign(expectedSignature); + fail(); + } catch (ServiceAccountSigner.SigningException ex) { + assertNotNull(ex.getMessage()); + assertNotNull(ex.getCause()); + } } @Test From d3d424ae07b31feea9453d5ce09e0ce280c344d4 Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 08:03:44 -0400 Subject: [PATCH 2/6] fix up inner class --- .../com/google/auth/oauth2/ComputeEngineCredentialsTest.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 3589a69bf..a6bb137a4 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -46,7 +46,6 @@ import com.google.api.client.testing.http.MockLowLevelHttpResponse; import com.google.api.client.util.Clock; import com.google.auth.ServiceAccountSigner.SigningException; -import com.google.auth.ServiceAccountSigner; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory; @@ -314,7 +313,7 @@ public void sign_getAccountFails() throws IOException { try { credentials.sign(expectedSignature); fail(); - } catch (ServiceAccountSigner.SigningException ex) { + } catch (SigningException ex) { assertNotNull(ex.getMessage()); assertNotNull(ex.getCause()); } From 23c82ebd667fb8c34704f407f37e485a38d34e9c Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 08:16:55 -0400 Subject: [PATCH 3/6] format --- .../com/google/auth/oauth2/ComputeEngineCredentialsTest.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index a6bb137a4..8ca921b9e 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -49,7 +49,6 @@ import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory; - import java.io.IOException; import java.net.URI; import java.util.List; @@ -298,7 +297,7 @@ public void sign_sameAs() throws IOException { assertEquals(defaultAccountEmail, credentials.getAccount()); } - + @Test public void sign_getAccountFails() throws IOException { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); From 0c743f1a619cccef193af29c3d07f0593598331d Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 14:06:27 -0400 Subject: [PATCH 4/6] add todo comment --- .../com/google/auth/oauth2/ComputeEngineCredentials.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index a64f7243e..eb754f8c7 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -277,7 +277,13 @@ public static Builder newBuilder() { return new Builder(); } + /** + * Returns the email address associated with the GCE default service account. + * + * @throws RuntimeException if the default service account cannot be read + */ @Override + // todo(#314) getAccount should not throw a RuntimeException public String getAccount() { if (serviceAccountEmail == null) { try { From 3ee1cdb9cd52d692b814660a25b7dd34887edb7a Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 15:35:55 -0400 Subject: [PATCH 5/6] spot the diff --- .../java/com/google/auth/oauth2/ComputeEngineCredentials.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java index eb754f8c7..e3892ca18 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java @@ -278,8 +278,8 @@ public static Builder newBuilder() { } /** - * Returns the email address associated with the GCE default service account. - * + * Returns the email address associated with the GCE default service account. + * * @throws RuntimeException if the default service account cannot be read */ @Override From 9760822a192330b73af922edb23469055f3c1873 Mon Sep 17 00:00:00 2001 From: Elliotte Rusty Harold Date: Wed, 31 Jul 2019 17:42:41 -0400 Subject: [PATCH 6/6] restore test --- .../com/google/auth/oauth2/ComputeEngineCredentialsTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index 8ca921b9e..ec5998b4b 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -31,6 +31,7 @@ package com.google.auth.oauth2; +import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -295,7 +296,7 @@ public void sign_sameAs() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - assertEquals(defaultAccountEmail, credentials.getAccount()); + assertArrayEquals(expectedSignature, credentials.sign(expectedSignature)); } @Test