1 /* 2 * Copyright 2022 Google Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 import static com.google.common.truth.Truth.assertThat; 18 import static com.google.common.truth.Truth.assertWithMessage; 19 20 import com.google.auth.oauth2.IdToken; 21 import com.google.auth.oauth2.IdTokenProvider.Option; 22 import com.google.auth.oauth2.ServiceAccountCredentials; 23 import java.io.ByteArrayOutputStream; 24 import java.io.FileInputStream; 25 import java.io.IOException; 26 import java.io.PrintStream; 27 import java.security.GeneralSecurityException; 28 import java.util.Arrays; 29 import java.util.List; 30 import org.junit.After; 31 import org.junit.AfterClass; 32 import org.junit.Before; 33 import org.junit.BeforeClass; 34 import org.junit.Test; 35 import org.junit.runner.RunWith; 36 import org.junit.runners.JUnit4; 37 38 @RunWith(JUnit4.class) 39 public class SnippetsIT { 40 41 private static final String PROJECT_ID = System.getenv("GOOGLE_CLOUD_PROJECT"); 42 private static final String CREDENTIALS = System.getenv("GOOGLE_APPLICATION_CREDENTIALS"); 43 private ByteArrayOutputStream stdOut; 44 45 // Check if the required environment variables are set. requireEnvVar(String envVarName)46 public static void requireEnvVar(String envVarName) { 47 assertWithMessage(String.format("Missing environment variable '%s' ", envVarName)) 48 .that(System.getenv(envVarName)) 49 .isNotEmpty(); 50 } 51 52 @BeforeClass setup()53 public static void setup() throws IOException { 54 final PrintStream out = System.out; 55 ByteArrayOutputStream stdOut = new ByteArrayOutputStream(); 56 System.setOut(new PrintStream(stdOut)); 57 requireEnvVar("GOOGLE_APPLICATION_CREDENTIALS"); 58 requireEnvVar("GOOGLE_CLOUD_PROJECT"); 59 60 stdOut.close(); 61 System.setOut(out); 62 } 63 64 @AfterClass cleanup()65 public static void cleanup() {} 66 67 @Before beforeEach()68 public void beforeEach() { 69 stdOut = new ByteArrayOutputStream(); 70 System.setOut(new PrintStream(stdOut)); 71 } 72 73 @After afterEach()74 public void afterEach() { 75 stdOut = null; 76 System.setOut(null); 77 } 78 79 // Get an id token from a Google service account. getIdTokenFromServiceAccount( String jsonCredentialPath, String targetAudience)80 private static String getIdTokenFromServiceAccount( 81 String jsonCredentialPath, String targetAudience) throws IOException { 82 83 // Initialize the Service Account Credentials class with the path to the json file. 84 ServiceAccountCredentials serviceAccountCredentials = 85 ServiceAccountCredentials.fromStream(new FileInputStream(jsonCredentialPath)); 86 87 // Obtain the id token by providing the target audience. 88 // tokenOption: Enum of various credential-specific options to apply to the token. Applicable 89 // only for credentials obtained through Compute Engine or Impersonation. 90 List<Option> tokenOption = Arrays.asList(); 91 IdToken idToken = serviceAccountCredentials.idTokenWithAudience(targetAudience, tokenOption); 92 93 return idToken.getTokenValue(); 94 } 95 96 @Test testIdTokenFromServiceAccount()97 public void testIdTokenFromServiceAccount() throws IOException { 98 IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com"); 99 assertThat(stdOut.toString()).contains("Generated ID token."); 100 } 101 102 @Test testVerifyGoogleIdToken()103 public void testVerifyGoogleIdToken() throws IOException { 104 String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com"); 105 106 VerifyGoogleIdToken.verifyGoogleIdToken( 107 idToken, "https://example.com", "https://www.googleapis.com/oauth2/v3/certs"); 108 } 109 110 @Test testIdTokenFromMetadataServer()111 public void testIdTokenFromMetadataServer() throws GeneralSecurityException, IOException { 112 IdTokenFromMetadataServer.getIdTokenFromMetadataServer("https://www.google.com"); 113 assertThat(stdOut.toString()).contains("Generated ID token."); 114 } 115 116 @Test testAuthenticateImplicitWithAdc()117 public void testAuthenticateImplicitWithAdc() throws IOException { 118 AuthenticateImplicitWithAdc.authenticateImplicitWithAdc(PROJECT_ID); 119 assertThat(stdOut.toString()).contains("Listed all storage buckets."); 120 } 121 122 @Test testAuthenticateExplicit()123 public void testAuthenticateExplicit() throws IOException { 124 AuthenticateExplicit.authenticateExplicit(PROJECT_ID); 125 assertThat(stdOut.toString()).contains("Listed all storage buckets."); 126 } 127 } 128