From 235523f6f9025b7660143fe116449d645345c38f Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Wed, 9 Dec 2020 22:56:01 -0800 Subject: [PATCH 1/8] feat: allow set lifetime for service account creds --- .../oauth2/ServiceAccountCredentials.java | 58 +++++++++++--- .../oauth2/ServiceAccountCredentialsTest.java | 76 ++++++++++++++++++- 2 files changed, 124 insertions(+), 10 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 974959129..a302b96cf 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -92,6 +92,10 @@ public class ServiceAccountCredentials extends GoogleCredentials private static final long serialVersionUID = 7807543542681217978L; private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer"; private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. "; + private static final int TWELVE_HOURS_IN_SECONDS = 43200; + private static final int ONE_HOUR_IN_SECONDS = 3600; + private static final String LIFETIME_EXCEEDED_ERROR = + "lifetime must be less than or equal to 43200"; private final String clientId; private final String clientEmail; @@ -103,6 +107,7 @@ public class ServiceAccountCredentials extends GoogleCredentials private final URI tokenServerUri; private final Collection scopes; private final String quotaProjectId; + private final int lifetime; private transient HttpTransportFactory transportFactory; @@ -122,6 +127,9 @@ public class ServiceAccountCredentials extends GoogleCredentials * authority to the service account. * @param projectId the project used for billing * @param quotaProjectId The project used for quota and billing purposes. May be null. + * @param lifetime Number of seconds the access token should be valid for. The value should be at + * most 43200 (12 hours). If the token is used for calling Google API, then the value should + * be at most 3600 (1 hour). */ ServiceAccountCredentials( String clientId, @@ -133,7 +141,8 @@ public class ServiceAccountCredentials extends GoogleCredentials URI tokenServerUri, String serviceAccountUser, String projectId, - String quotaProjectId) { + String quotaProjectId, + int lifetime) { this.clientId = clientId; this.clientEmail = Preconditions.checkNotNull(clientEmail); this.privateKey = Preconditions.checkNotNull(privateKey); @@ -148,6 +157,10 @@ public class ServiceAccountCredentials extends GoogleCredentials this.serviceAccountUser = serviceAccountUser; this.projectId = projectId; this.quotaProjectId = quotaProjectId; + if (lifetime > TWELVE_HOURS_IN_SECONDS) { + throw new IllegalStateException(LIFETIME_EXCEEDED_ERROR); + } + this.lifetime = lifetime; } /** @@ -324,7 +337,8 @@ static ServiceAccountCredentials fromPkcs8( tokenServerUri, serviceAccountUser, projectId, - quotaProject); + quotaProject, + ONE_HOUR_IN_SECONDS); } /** Helper to convert from a PKCS#8 String to an RSA private key */ @@ -512,7 +526,13 @@ public GoogleCredentials createScoped(Collection newScopes) { tokenServerUri, serviceAccountUser, projectId, - quotaProjectId); + quotaProjectId, + lifetime); + } + + /** Clones the service account with a new lifetime value * */ + public ServiceAccountCredentials createWithNewLifetime(int lifetime) { + return this.toBuilder().setLifetime(lifetime).build(); } @Override @@ -527,7 +547,8 @@ public GoogleCredentials createDelegated(String user) { tokenServerUri, user, projectId, - quotaProjectId); + quotaProjectId, + lifetime); } public final String getClientId() { @@ -562,6 +583,10 @@ public final URI getTokenServerUri() { return tokenServerUri; } + public final int getLifetime() { + return lifetime; + } + @Override public String getAccount() { return getClientEmail(); @@ -617,7 +642,8 @@ public int hashCode() { transportFactoryClassName, tokenServerUri, scopes, - quotaProjectId); + quotaProjectId, + lifetime); } @Override @@ -631,6 +657,7 @@ public String toString() { .add("scopes", scopes) .add("serviceAccountUser", serviceAccountUser) .add("quotaProjectId", quotaProjectId) + .add("lifetime", lifetime) .toString(); } @@ -647,7 +674,8 @@ public boolean equals(Object obj) { && Objects.equals(this.transportFactoryClassName, other.transportFactoryClassName) && Objects.equals(this.tokenServerUri, other.tokenServerUri) && Objects.equals(this.scopes, other.scopes) - && Objects.equals(this.quotaProjectId, other.quotaProjectId); + && Objects.equals(this.quotaProjectId, other.quotaProjectId) + && Objects.equals(this.lifetime, other.lifetime); } String createAssertion(JsonFactory jsonFactory, long currentTime, String audience) @@ -660,7 +688,7 @@ String createAssertion(JsonFactory jsonFactory, long currentTime, String audienc JsonWebToken.Payload payload = new JsonWebToken.Payload(); payload.setIssuer(clientEmail); payload.setIssuedAtTimeSeconds(currentTime / 1000); - payload.setExpirationTimeSeconds(currentTime / 1000 + 3600); + payload.setExpirationTimeSeconds(currentTime / 1000 + this.lifetime); payload.setSubject(serviceAccountUser); payload.put("scope", Joiner.on(' ').join(scopes)); @@ -692,7 +720,7 @@ String createAssertionForIdToken( JsonWebToken.Payload payload = new JsonWebToken.Payload(); payload.setIssuer(clientEmail); payload.setIssuedAtTimeSeconds(currentTime / 1000); - payload.setExpirationTimeSeconds(currentTime / 1000 + 3600); + payload.setExpirationTimeSeconds(currentTime / 1000 + this.lifetime); payload.setSubject(serviceAccountUser); if (audience == null) { @@ -745,6 +773,7 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private HttpTransportFactory transportFactory; private String quotaProjectId; + private int lifetime = ONE_HOUR_IN_SECONDS; protected Builder() {} @@ -759,6 +788,7 @@ protected Builder(ServiceAccountCredentials credentials) { this.serviceAccountUser = credentials.serviceAccountUser; this.projectId = credentials.projectId; this.quotaProjectId = credentials.quotaProjectId; + this.lifetime = credentials.lifetime; } public Builder setClientId(String clientId) { @@ -811,6 +841,11 @@ public Builder setQuotaProjectId(String quotaProjectId) { return this; } + public Builder setLifetime(int lifetime) { + this.lifetime = lifetime; + return this; + } + public String getClientId() { return clientId; } @@ -851,6 +886,10 @@ public String getQuotaProjectId() { return quotaProjectId; } + public int getLifetime() { + return lifetime; + } + public ServiceAccountCredentials build() { return new ServiceAccountCredentials( clientId, @@ -862,7 +901,8 @@ public ServiceAccountCredentials build() { tokenServerUri, serviceAccountUser, projectId, - quotaProjectId); + quotaProjectId, + lifetime); } } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 7d89ded8f..9c2e9a368 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -111,6 +111,51 @@ public class ServiceAccountCredentialsTest extends BaseSerializationTest { + "aXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0" + ".redacted"; private static final String QUOTA_PROJECT = "sample-quota-project-id"; + private static final int ONE_HOUR_IN_SECONDS = 3600; + private static final int INVALID_LIFETIME = 43210; + + private ServiceAccountCredentials.Builder createDefaultBuilder() throws IOException { + PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); + return ServiceAccountCredentials.newBuilder() + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setScopes(SCOPES) + .setServiceAccountUser(USER) + .setProjectId(PROJECT_ID); + } + + @Test + public void setLifetime() throws IOException { + ServiceAccountCredentials.Builder builder = createDefaultBuilder(); + assertEquals(ONE_HOUR_IN_SECONDS, builder.getLifetime()); + assertEquals(ONE_HOUR_IN_SECONDS, builder.build().getLifetime()); + + builder.setLifetime(4000); + assertEquals(4000, builder.getLifetime()); + assertEquals(4000, builder.build().getLifetime()); + } + + @Test + public void setLifetime_invalid_lifetime() throws IOException, IllegalStateException { + try { + createDefaultBuilder().setLifetime(INVALID_LIFETIME).build(); + fail( + String.format( + "Should throw exception with message containing '%s'", + "lifetime must be less than or equal to 43200")); + } catch (IllegalStateException expected) { + assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 43200")); + } + } + + @Test + public void createWithNewLifetime() throws IOException { + ServiceAccountCredentials credentials = createDefaultBuilder().build(); + credentials = credentials.createWithNewLifetime(4000); + assertEquals(4000, credentials.getLifetime()); + } @Test public void createdScoped_clones() throws IOException { @@ -202,6 +247,19 @@ public void createAssertion_correct() throws IOException { assertEquals(Joiner.on(' ').join(scopes), payload.get("scope")); } + @Test + public void createAssertion_custom_lifetime() throws IOException { + ServiceAccountCredentials credentials = createDefaultBuilder().setLifetime(4000).build(); + + JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; + long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); + String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null); + + JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); + JsonWebToken.Payload payload = signature.getPayload(); + assertEquals(currentTimeMillis / 1000 + 4000, (long) payload.getExpirationTimeSeconds()); + } + @Test public void createAssertionForIdToken_correct() throws IOException { @@ -231,6 +289,22 @@ public void createAssertionForIdToken_correct() throws IOException { assertEquals(USER, payload.getSubject()); } + @Test + public void createAssertionForIdToken_custom_lifetime() throws IOException { + + ServiceAccountCredentials credentials = createDefaultBuilder().setLifetime(4000).build(); + + JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY; + long currentTimeMillis = Clock.SYSTEM.currentTimeMillis(); + String assertion = + credentials.createAssertionForIdToken( + jsonFactory, currentTimeMillis, null, "https://foo.com/bar"); + + JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion); + JsonWebToken.Payload payload = signature.getPayload(); + assertEquals(currentTimeMillis / 1000 + 4000, (long) payload.getExpirationTimeSeconds()); + } + @Test public void createAssertionForIdToken_incorrect() throws IOException { @@ -904,7 +978,7 @@ public void toString_containsFields() throws IOException { String.format( "ServiceAccountCredentials{clientId=%s, clientEmail=%s, privateKeyId=%s, " + "transportFactoryClassName=%s, tokenServerUri=%s, scopes=%s, serviceAccountUser=%s, " - + "quotaProjectId=%s}", + + "quotaProjectId=%s, lifetime=3600}", CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_ID, From de79320370b4b16b87fdb4803de8786d31218b47 Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Thu, 10 Dec 2020 12:42:55 -0800 Subject: [PATCH 2/8] update --- .../com/google/auth/oauth2/ServiceAccountCredentials.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index a302b96cf..71278078a 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -127,8 +127,8 @@ public class ServiceAccountCredentials extends GoogleCredentials * authority to the service account. * @param projectId the project used for billing * @param quotaProjectId The project used for quota and billing purposes. May be null. - * @param lifetime Number of seconds the access token should be valid for. The value should be at - * most 43200 (12 hours). If the token is used for calling Google API, then the value should + * @param lifetime number of seconds the access token should be valid for. The value should be at + * most 43200 (12 hours). If the token is used for calling a Google API, then the value should * be at most 3600 (1 hour). */ ServiceAccountCredentials( From 37c39f4add3134f3e0b803f48fc0fcdb50376452 Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Mon, 14 Dec 2020 11:50:47 -0800 Subject: [PATCH 3/8] update name --- .../com/google/auth/oauth2/ServiceAccountCredentials.java | 2 +- .../com/google/auth/oauth2/ServiceAccountCredentialsTest.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 71278078a..8233c1d3b 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -531,7 +531,7 @@ public GoogleCredentials createScoped(Collection newScopes) { } /** Clones the service account with a new lifetime value * */ - public ServiceAccountCredentials createWithNewLifetime(int lifetime) { + public ServiceAccountCredentials createWithCustomLifetime(int lifetime) { return this.toBuilder().setLifetime(lifetime).build(); } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 9c2e9a368..a429d2443 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -151,9 +151,9 @@ public void setLifetime_invalid_lifetime() throws IOException, IllegalStateExcep } @Test - public void createWithNewLifetime() throws IOException { + public void createWithCustomLifetime() throws IOException { ServiceAccountCredentials credentials = createDefaultBuilder().build(); - credentials = credentials.createWithNewLifetime(4000); + credentials = credentials.createWithCustomLifetime(4000); assertEquals(4000, credentials.getLifetime()); } From 0419d60383e706773c5debf7f1fb26605994f136 Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Wed, 16 Dec 2020 14:49:32 -0800 Subject: [PATCH 4/8] update --- .../google/auth/oauth2/ServiceAccountCredentials.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 8233c1d3b..676d17e08 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -530,7 +530,12 @@ public GoogleCredentials createScoped(Collection newScopes) { lifetime); } - /** Clones the service account with a new lifetime value * */ + /** + * Clones the service account with a new lifetime value. + * + * @param lifetime life time value in seconds + * @return the cloned service account credentials with the given custom life time + */ public ServiceAccountCredentials createWithCustomLifetime(int lifetime) { return this.toBuilder().setLifetime(lifetime).build(); } @@ -583,7 +588,7 @@ public final URI getTokenServerUri() { return tokenServerUri; } - public final int getLifetime() { + int getLifetime() { return lifetime; } From 727aad782857f1b313ddc80fcf53da35a947e1e6 Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Wed, 16 Dec 2020 14:51:41 -0800 Subject: [PATCH 5/8] update --- .../java/com/google/auth/oauth2/ServiceAccountCredentials.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 676d17e08..03c221184 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -891,7 +891,7 @@ public String getQuotaProjectId() { return quotaProjectId; } - public int getLifetime() { + int getLifetime() { return lifetime; } From 1a1330ac867220b0b6a8a1b083074bb199eada34 Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Wed, 16 Dec 2020 15:42:21 -0800 Subject: [PATCH 6/8] change lifetime 0 to default --- .../auth/oauth2/ServiceAccountCredentials.java | 16 ++++++++++------ .../oauth2/ServiceAccountCredentialsTest.java | 9 ++++++--- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 03c221184..4c4d90456 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -93,7 +93,7 @@ public class ServiceAccountCredentials extends GoogleCredentials private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer"; private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. "; private static final int TWELVE_HOURS_IN_SECONDS = 43200; - private static final int ONE_HOUR_IN_SECONDS = 3600; + private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600; private static final String LIFETIME_EXCEEDED_ERROR = "lifetime must be less than or equal to 43200"; @@ -129,7 +129,8 @@ public class ServiceAccountCredentials extends GoogleCredentials * @param quotaProjectId The project used for quota and billing purposes. May be null. * @param lifetime number of seconds the access token should be valid for. The value should be at * most 43200 (12 hours). If the token is used for calling a Google API, then the value should - * be at most 3600 (1 hour). + * be at most 3600 (1 hour). If the given value is 0, then the default value 3600 will be used + * when creating the credentials. */ ServiceAccountCredentials( String clientId, @@ -160,7 +161,7 @@ public class ServiceAccountCredentials extends GoogleCredentials if (lifetime > TWELVE_HOURS_IN_SECONDS) { throw new IllegalStateException(LIFETIME_EXCEEDED_ERROR); } - this.lifetime = lifetime; + this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime; } /** @@ -338,7 +339,7 @@ static ServiceAccountCredentials fromPkcs8( serviceAccountUser, projectId, quotaProject, - ONE_HOUR_IN_SECONDS); + DEFAULT_LIFETIME_IN_SECONDS); } /** Helper to convert from a PKCS#8 String to an RSA private key */ @@ -533,7 +534,10 @@ public GoogleCredentials createScoped(Collection newScopes) { /** * Clones the service account with a new lifetime value. * - * @param lifetime life time value in seconds + * @param lifetime life time value in seconds. The value should be at most 43200 (12 hours). If + * the token is used for calling a Google API, then the value should be at most 3600 (1 hour). + * If the given value is 0, then the default value 3600 will be used when creating the + * credentials. * @return the cloned service account credentials with the given custom life time */ public ServiceAccountCredentials createWithCustomLifetime(int lifetime) { @@ -778,7 +782,7 @@ public static class Builder extends GoogleCredentials.Builder { private Collection scopes; private HttpTransportFactory transportFactory; private String quotaProjectId; - private int lifetime = ONE_HOUR_IN_SECONDS; + private int lifetime = DEFAULT_LIFETIME_IN_SECONDS; protected Builder() {} diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index a429d2443..77bd2862d 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -111,7 +111,7 @@ public class ServiceAccountCredentialsTest extends BaseSerializationTest { + "aXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAyMTAxNTUwODM0MjAwNzA4NTY4In0" + ".redacted"; private static final String QUOTA_PROJECT = "sample-quota-project-id"; - private static final int ONE_HOUR_IN_SECONDS = 3600; + private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600; private static final int INVALID_LIFETIME = 43210; private ServiceAccountCredentials.Builder createDefaultBuilder() throws IOException { @@ -129,12 +129,15 @@ private ServiceAccountCredentials.Builder createDefaultBuilder() throws IOExcept @Test public void setLifetime() throws IOException { ServiceAccountCredentials.Builder builder = createDefaultBuilder(); - assertEquals(ONE_HOUR_IN_SECONDS, builder.getLifetime()); - assertEquals(ONE_HOUR_IN_SECONDS, builder.build().getLifetime()); + assertEquals(DEFAULT_LIFETIME_IN_SECONDS, builder.getLifetime()); + assertEquals(DEFAULT_LIFETIME_IN_SECONDS, builder.build().getLifetime()); builder.setLifetime(4000); assertEquals(4000, builder.getLifetime()); assertEquals(4000, builder.build().getLifetime()); + + builder.setLifetime(0); + assertEquals(DEFAULT_LIFETIME_IN_SECONDS, builder.build().getLifetime()); } @Test From 6154d902ac8ba4663ead5ee208435306a6b5763a Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Thu, 17 Dec 2020 11:23:35 -0800 Subject: [PATCH 7/8] update --- .../com/google/auth/oauth2/ServiceAccountCredentials.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index 4c4d90456..aeb373de9 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -94,8 +94,6 @@ public class ServiceAccountCredentials extends GoogleCredentials private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. "; private static final int TWELVE_HOURS_IN_SECONDS = 43200; private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600; - private static final String LIFETIME_EXCEEDED_ERROR = - "lifetime must be less than or equal to 43200"; private final String clientId; private final String clientEmail; @@ -159,7 +157,7 @@ public class ServiceAccountCredentials extends GoogleCredentials this.projectId = projectId; this.quotaProjectId = quotaProjectId; if (lifetime > TWELVE_HOURS_IN_SECONDS) { - throw new IllegalStateException(LIFETIME_EXCEEDED_ERROR); + throw new IllegalStateException("lifetime must be less than or equal to 43200"); } this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime; } @@ -592,6 +590,7 @@ public final URI getTokenServerUri() { return tokenServerUri; } + @VisibleForTesting int getLifetime() { return lifetime; } @@ -895,7 +894,7 @@ public String getQuotaProjectId() { return quotaProjectId; } - int getLifetime() { + public int getLifetime() { return lifetime; } From 39476f1cde7a588588a1041e9b8155f9d5e686dd Mon Sep 17 00:00:00 2001 From: arithmetic1728 Date: Thu, 17 Dec 2020 11:28:58 -0800 Subject: [PATCH 8/8] update --- .../com/google/auth/oauth2/ServiceAccountCredentials.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java index aeb373de9..b0d580336 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java @@ -159,7 +159,7 @@ public class ServiceAccountCredentials extends GoogleCredentials if (lifetime > TWELVE_HOURS_IN_SECONDS) { throw new IllegalStateException("lifetime must be less than or equal to 43200"); } - this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime; + this.lifetime = lifetime; } /** @@ -850,7 +850,7 @@ public Builder setQuotaProjectId(String quotaProjectId) { } public Builder setLifetime(int lifetime) { - this.lifetime = lifetime; + this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime; return this; }