fix: JSON parsing of S2A addresses.

rmehta19 · rmehta19 · commit 57ab3c7ca05d · 2024-12-09T15:44:38.000-08:00
diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java
@@ -97,8 +97,8 @@ class OAuth2Utils {
 
   static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
 
-  private static String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found.";
-  private static String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type.";
+  static final String VALUE_NOT_FOUND_MESSAGE = "%sExpected value %s not found.";
+  static final String VALUE_WRONG_TYPE_MESSAGE = "%sExpected %s value %s of wrong type.";
 
   static final String BEARER_PREFIX = AuthHttpConstants.BEARER + " ";
 
diff --git a/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java b/oauth2_http/java/com/google/auth/oauth2/SecureSessionAgent.java
@@ -45,6 +45,7 @@
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.ServiceLoader;
 import java.util.Set;
 import javax.annotation.concurrent.ThreadSafe;
@@ -59,6 +60,7 @@
  */
 @ThreadSafe
 public class SecureSessionAgent {
+  static final String S2A_JSON_KEY = "s2a";
   static final String S2A_PLAINTEXT_ADDRESS_JSON_KEY = "plaintext_address";
   static final String S2A_MTLS_ADDRESS_JSON_KEY = "mtls_address";
   static final String S2A_CONFIG_ENDPOINT_POSTFIX =
@@ -190,15 +192,14 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() {
     String mtlsS2AAddress = "";
     try {
       plaintextS2AAddress =
-          OAuth2Utils.validateString(responseData, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A);
+          validateString(responseData, S2A_PLAINTEXT_ADDRESS_JSON_KEY, PARSE_ERROR_S2A);
     } catch (IOException ignore) {
       /*
        * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}.
        */
     }
     try {
-      mtlsS2AAddress =
-          OAuth2Utils.validateString(responseData, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A);
+      mtlsS2AAddress = validateString(responseData, S2A_MTLS_ADDRESS_JSON_KEY, PARSE_ERROR_S2A);
     } catch (IOException ignore) {
       /*
        * Do not throw error because of parsing error, just leave the address as empty in {@link SecureSessionAgentConfig}.
@@ -210,4 +211,23 @@ private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS() {
         .setMtlsAddress(mtlsS2AAddress)
         .build();
   }
+
+  private static String validateString(Map<String, Object> map, String key, String errorPrefix)
+      throws IOException {
+    Object value = map.get(S2A_JSON_KEY);
+    if (value == null) {
+      throw new IOException(
+          String.format(OAuth2Utils.VALUE_NOT_FOUND_MESSAGE, errorPrefix, S2A_JSON_KEY));
+    }
+    if (!(value instanceof Map)) {
+      throw new IOException(
+          String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "Map", S2A_JSON_KEY));
+    }
+    Object address = ((Map<String, Object>) value).get(key);
+    if (!(address instanceof String)) {
+      throw new IOException(
+          String.format(OAuth2Utils.VALUE_WRONG_TYPE_MESSAGE, errorPrefix, "string", key));
+    }
+    return (String) address;
+  }
 }
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java
@@ -300,9 +300,7 @@ public LowLevelHttpResponse execute() throws IOException {
         GenericJson content = new GenericJson();
         content.setFactory(OAuth2Utils.JSON_FACTORY);
         if (requestStatusCode == 200) {
-          for (Map.Entry<String, String> entrySet : s2aContentMap.entrySet()) {
-            content.put(entrySet.getKey(), entrySet.getValue());
-          }
+          content.put("s2a", s2aContentMap);
         }
         String contentText = content.toPrettyString();
 
