• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2022 Google LLC
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *    * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *    * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *
15  *    * Neither the name of Google LLC nor the names of its
16  * contributors may be used to endorse or promote products derived from
17  * this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 package com.google.auth.oauth2.functional;
33 
34 import static org.junit.Assert.assertEquals;
35 import static org.junit.Assert.assertNotNull;
36 import static org.junit.Assert.assertNull;
37 import static org.junit.Assert.assertTrue;
38 
39 import com.google.api.client.json.gson.GsonFactory;
40 import com.google.api.client.json.webtoken.JsonWebSignature;
41 import com.google.auth.oauth2.AccessToken;
42 import com.google.auth.oauth2.ComputeEngineCredentials;
43 import com.google.auth.oauth2.GoogleCredentials;
44 import com.google.auth.oauth2.IdToken;
45 import com.google.auth.oauth2.IdTokenCredentials;
46 import com.google.auth.oauth2.IdTokenProvider;
47 import org.junit.Test;
48 
49 public final class FTComputeEngineCredentialsTest {
50   private final String computeUrl =
51       "https://compute.googleapis.com/compute/v1/projects/gcloud-devel/zones/us-central1-a/instances";
52   private final String cloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform";
53 
54   @Test
RefreshCredentials()55   public void RefreshCredentials() throws Exception {
56     final ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
57 
58     AccessToken accessToken = credentials.refreshAccessToken();
59     assertNotNull(accessToken);
60     assertNotNull(credentials.getAccount());
61     assertTrue(accessToken.getExpirationTime().getTime() > System.currentTimeMillis());
62   }
63 
64   @Test
DefaultCredentials()65   public void DefaultCredentials() throws Exception {
66     final GoogleCredentials defaultCredential =
67         GoogleCredentials.getApplicationDefault().createScoped(cloudPlatformScope);
68 
69     AccessToken accessToken = defaultCredential.refreshAccessToken();
70     assertNotNull(accessToken);
71     assertTrue(accessToken.getExpirationTime().getTime() > System.currentTimeMillis());
72   }
73 
74   @Test
IdTokenFromMetadata()75   public void IdTokenFromMetadata() throws Exception {
76     final ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
77     IdToken idToken = credentials.idTokenWithAudience(computeUrl, null);
78     assertNotNull(idToken);
79     assertTrue(idToken.getExpirationTime().getTime() > System.currentTimeMillis());
80     JsonWebSignature jws =
81         JsonWebSignature.parse(GsonFactory.getDefaultInstance(), idToken.getTokenValue());
82     assertEquals(computeUrl, jws.getPayload().get("aud"));
83     assertEquals("https://accounts.google.com", jws.getPayload().get("iss"));
84   }
85 
86   @Test
FetchIdToken()87   public void FetchIdToken() throws Exception {
88     final ComputeEngineCredentials credentials = ComputeEngineCredentials.create();
89     IdTokenCredentials idTokenCredential =
90         IdTokenCredentials.newBuilder()
91             .setIdTokenProvider((IdTokenProvider) credentials)
92             .setTargetAudience(computeUrl)
93             .build();
94 
95     assertNull(idTokenCredential.getIdToken());
96     idTokenCredential.refresh();
97     IdToken idToken = idTokenCredential.getIdToken();
98     assertNotNull(idToken);
99     assertTrue(idToken.getExpirationTime().getTime() > System.currentTimeMillis());
100     JsonWebSignature jws =
101         JsonWebSignature.parse(GsonFactory.getDefaultInstance(), idToken.getTokenValue());
102     assertEquals(computeUrl, jws.getPayload().get("aud"));
103     assertEquals("https://accounts.google.com", jws.getPayload().get("iss"));
104   }
105 }
106