1 /* 2 * Copyright 2024 Google LLC 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google LLC nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.oauth2; 33 34 import com.google.auth.oauth2.ExternalAccountCredentials.SubjectTokenTypes; 35 import com.google.errorprone.annotations.CanIgnoreReturnValue; 36 import java.io.Serializable; 37 38 /** 39 * Context object to pass relevant variables from external account credentials to suppliers. This 40 * will be passed on any call made to {@link IdentityPoolSubjectTokenSupplier} or {@link 41 * AwsSecurityCredentialsSupplier}. 42 */ 43 public class ExternalAccountSupplierContext implements Serializable { 44 45 private static final long serialVersionUID = -7852130853542313494L; 46 47 private final String audience; 48 private final String subjectTokenType; 49 50 /** Internal constructor. See {@link ExternalAccountSupplierContext.Builder}. */ ExternalAccountSupplierContext(Builder builder)51 private ExternalAccountSupplierContext(Builder builder) { 52 this.audience = builder.audience; 53 this.subjectTokenType = builder.subjectTokenType; 54 } 55 56 /** 57 * Returns the credentials' expected audience. 58 * 59 * @return the requested audience. For example: 60 * "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID". 61 */ getAudience()62 public String getAudience() { 63 return audience; 64 } 65 66 /** 67 * Returns the credentials' expected Security Token Service subject token type based on the OAuth 68 * 2.0 token exchange spec. 69 * 70 * <p>Expected values: 71 * 72 * <p>"urn:ietf:params:oauth:token-type:jwt" "urn:ietf:params:aws:token-type:aws4_request" 73 * "urn:ietf:params:oauth:token-type:saml2" "urn:ietf:params:oauth:token-type:id_token" 74 * 75 * @return the requested subject token type. For example: "urn:ietf:params:oauth:token-type:jwt". 76 */ getSubjectTokenType()77 public String getSubjectTokenType() { 78 return subjectTokenType; 79 } 80 newBuilder()81 static Builder newBuilder() { 82 return new Builder(); 83 } 84 85 /** Builder for external account supplier context. */ 86 static class Builder { 87 88 protected String audience; 89 protected String subjectTokenType; 90 91 /** 92 * Sets the Audience. 93 * 94 * @param audience the audience to set 95 * @return this {@code Builder} object 96 */ 97 @CanIgnoreReturnValue setAudience(String audience)98 Builder setAudience(String audience) { 99 this.audience = audience; 100 return this; 101 } 102 103 /** 104 * Sets the subject token type. 105 * 106 * @param subjectTokenType the subjectTokenType to set. 107 * @return this {@code Builder} object 108 */ 109 @CanIgnoreReturnValue setSubjectTokenType(String subjectTokenType)110 Builder setSubjectTokenType(String subjectTokenType) { 111 this.subjectTokenType = subjectTokenType; 112 return this; 113 } 114 115 /** 116 * Sets the subject token type. 117 * 118 * @param subjectTokenType the subjectTokenType to set. 119 * @return this {@code Builder} object 120 */ 121 @CanIgnoreReturnValue setSubjectTokenType(SubjectTokenTypes subjectTokenType)122 Builder setSubjectTokenType(SubjectTokenTypes subjectTokenType) { 123 this.subjectTokenType = subjectTokenType.value; 124 return this; 125 } 126 build()127 ExternalAccountSupplierContext build() { 128 return new ExternalAccountSupplierContext(this); 129 } 130 } 131 } 132