com.rt.storage.auth.oauth2.RtStorageCredentials Maven / Gradle / Ivy
package com.rt.storage.auth.oauth2;
import com.rt.storage.api.client.json.GenericJson;
import com.rt.storage.api.client.json.JsonFactory;
import com.rt.storage.api.client.json.JsonObjectParser;
import com.rt.storage.api.client.util.Preconditions;
import com.rt.storage.auth.http.HttpTransportFactory;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** Base type for credentials for authorizing calls to Google APIs using OAuth2. */
public class RtStorageCredentials extends OAuth2Credentials {
private static final long serialVersionUID = -1522852442442473691L;
static final String QUOTA_PROJECT_ID_HEADER_KEY = "x-goog-user-project";
static final String USER_FILE_TYPE = "authorized_user";
static final String SERVICE_ACCOUNT_FILE_TYPE = "service_account";
private static final DefaultCredentialsProvider defaultCredentialsProvider =
new DefaultCredentialsProvider();
/**
* Returns the credentials instance from the given access token.
*
* @param accessToken the access token
* @return the credentials instance
*/
public static RtStorageCredentials create(AccessToken accessToken) {
return RtStorageCredentials.newBuilder().setAccessToken(accessToken).build();
}
/**
* Returns the Application Default Credentials.
*
* Returns the Application Default Credentials which are used to identify and authorize the
* whole application. The following are searched (in order) to find the Application Default
* Credentials:
*
*
* @return the credentials instance.
* @throws IOException if the credentials cannot be created in the current environment.
*/
public static RtStorageCredentials getApplicationDefault() throws IOException {
return getApplicationDefault(OAuth2Utils.HTTP_TRANSPORT_FACTORY);
}
/**
* Returns the Application Default Credentials.
*
*
Returns the Application Default Credentials which are used to identify and authorize the
* whole application. The following are searched (in order) to find the Application Default
* Credentials:
*
*
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.
* @return the credentials instance.
* @throws IOException if the credentials cannot be created in the current environment.
*/
public static RtStorageCredentials getApplicationDefault(HttpTransportFactory transportFactory)
throws IOException {
Preconditions.checkNotNull(transportFactory);
return defaultCredentialsProvider.getDefaultCredentials(transportFactory);
}
/**
* Returns credentials defined by a JSON file stream.
*
*
The stream can contain a Service Account key file in JSON format from the Developers
* Console or a stored user credential using the format supported by the Cloud SDK.
*
* @param credentialsStream the stream with the credential definition.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
*/
public static RtStorageCredentials fromStream(InputStream credentialsStream) throws IOException {
return fromStream(credentialsStream, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
}
/**
* Returns credentials defined by a JSON file stream.
*
*
The stream can contain a Service Account key file in JSON format from the Developers
* Console or a stored user credential using the format supported by the Cloud SDK.
*
* @param credentialsStream the stream with the credential definition.
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
*/
public static RtStorageCredentials fromStream(
InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException {
Preconditions.checkNotNull(credentialsStream);
Preconditions.checkNotNull(transportFactory);
JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
JsonObjectParser parser = new JsonObjectParser(jsonFactory);
GenericJson fileContents =
parser.parseAndClose(credentialsStream, OAuth2Utils.UTF_8, GenericJson.class);
String fileType = (String) fileContents.get("type");
if (fileType == null) {
throw new IOException("Error reading credentials from stream, 'type' field not specified.");
}
if (USER_FILE_TYPE.equals(fileType)) {
return UserCredentials.fromJson(fileContents, transportFactory);
}
if (SERVICE_ACCOUNT_FILE_TYPE.equals(fileType)) {
return ServiceAccountCredentials.fromJson(fileContents, transportFactory);
}
throw new IOException(
String.format(
"Error reading credentials from stream, 'type' value '%s' not recognized."
+ " Expecting '%s' or '%s'.",
fileType, USER_FILE_TYPE, SERVICE_ACCOUNT_FILE_TYPE));
}
/**
* Adds quota project ID to requestMetadata if present.
*
* @return a new map with quotaProjectId added if needed
*/
static Map> addQuotaProjectIdToRequestMetadata(
String quotaProjectId, Map> requestMetadata) {
Preconditions.checkNotNull(requestMetadata);
Map> newRequestMetadata = new HashMap<>(requestMetadata);
if (quotaProjectId != null && !requestMetadata.containsKey(QUOTA_PROJECT_ID_HEADER_KEY)) {
newRequestMetadata.put(
QUOTA_PROJECT_ID_HEADER_KEY, Collections.singletonList(quotaProjectId));
}
return Collections.unmodifiableMap(newRequestMetadata);
}
/** Default constructor. */
protected RtStorageCredentials() {
this(null);
}
/**
* Constructor with explicit access token.
*
* @param accessToken initial or temporary access token
*/
public RtStorageCredentials(AccessToken accessToken) {
super(accessToken);
}
public static Builder newBuilder() {
return new Builder();
}
public Builder toBuilder() {
return new Builder(this);
}
/**
* Indicates whether the credentials require scopes to be specified via a call to {@link
* RtStorageCredentials#createScoped} before use.
*
* @return Whether the credentials require scopes to be specified.
*/
public boolean createScopedRequired() {
return false;
}
/**
* If the credentials support scopes, creates a copy of the the identity with the specified
* scopes; otherwise, returns the same instance.
*
* @param scopes Collection of scopes to request.
* @return RtStorageCredentials with requested scopes.
*/
public RtStorageCredentials createScoped(Collection scopes) {
return this;
}
/**
* If the credentials support scopes, creates a copy of the the identity with the specified
* scopes; otherwise, returns the same instance.
*
* @param scopes Collection of scopes to request.
* @return RtStorageCredentials with requested scopes.
*/
public RtStorageCredentials createScoped(String... scopes) {
return createScoped(ImmutableList.copyOf(scopes));
}
/**
* If the credentials support domain-wide delegation, creates a copy of the identity so that it
* impersonates the specified user; otherwise, returns the same instance.
*
* @param user User to impersonate.
* @return RtStorageCredentials with a delegated user.
*/
public RtStorageCredentials createDelegated(String user) {
return this;
}
public static class Builder extends OAuth2Credentials.Builder {
protected Builder() {}
protected Builder(RtStorageCredentials credentials) {
setAccessToken(credentials.getAccessToken());
}
public RtStorageCredentials build() {
return new RtStorageCredentials(getAccessToken());
}
@Override
public Builder setAccessToken(AccessToken token) {
super.setAccessToken(token);
return this;
}
}
}