1 /* 2 * Copyright 2024 Google LLC 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google LLC nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.oauth2; 33 34 import static com.google.auth.oauth2.FileIdentityPoolSubjectTokenSupplier.parseToken; 35 36 import com.google.api.client.http.GenericUrl; 37 import com.google.api.client.http.HttpHeaders; 38 import com.google.api.client.http.HttpRequest; 39 import com.google.api.client.http.HttpResponse; 40 import com.google.api.client.json.JsonObjectParser; 41 import com.google.auth.http.HttpTransportFactory; 42 import java.io.IOException; 43 44 /** 45 * Provider for retrieving subject tokens for {@Link IdentityPoolCredentials} to exchange for GCP 46 * access tokens. The subject token is retrieved by calling a URL that returns the token. 47 */ 48 class UrlIdentityPoolSubjectTokenSupplier implements IdentityPoolSubjectTokenSupplier { 49 50 private static final long serialVersionUID = 4964578313468011844L; 51 52 private final IdentityPoolCredentialSource credentialSource; 53 private final transient HttpTransportFactory transportFactory; 54 55 /** 56 * Constructor for UrlIdentityPoolSubjectTokenProvider. 57 * 58 * @param credentialSource the credential source to use. 59 * @param transportFactory the transport factory to use for calling the URL. 60 */ UrlIdentityPoolSubjectTokenSupplier( IdentityPoolCredentialSource credentialSource, HttpTransportFactory transportFactory)61 UrlIdentityPoolSubjectTokenSupplier( 62 IdentityPoolCredentialSource credentialSource, HttpTransportFactory transportFactory) { 63 this.credentialSource = credentialSource; 64 this.transportFactory = transportFactory; 65 } 66 67 @Override getSubjectToken(ExternalAccountSupplierContext context)68 public String getSubjectToken(ExternalAccountSupplierContext context) throws IOException { 69 HttpRequest request = 70 transportFactory 71 .create() 72 .createRequestFactory() 73 .buildGetRequest(new GenericUrl(credentialSource.credentialLocation)); 74 request.setParser(new JsonObjectParser(OAuth2Utils.JSON_FACTORY)); 75 76 if (credentialSource.hasHeaders()) { 77 HttpHeaders headers = new HttpHeaders(); 78 headers.putAll(credentialSource.headers); 79 request.setHeaders(headers); 80 } 81 82 try { 83 HttpResponse response = request.execute(); 84 return parseToken(response.getContent(), this.credentialSource); 85 } catch (IOException e) { 86 throw new IOException( 87 String.format("Error getting subject token from metadata server: %s", e.getMessage()), e); 88 } 89 } 90 } 91