AssertNull and AssertThrows changes. Documentation changes.

Author: vverman

oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java

@@ -707,7 +707,7 @@ public String getAccount() {
   }
 
   @Override
-  Boolean supportsTrustBoundary() {
+  boolean supportsTrustBoundary() {
     return true;
   }
 

oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java

@@ -344,7 +344,7 @@ TrustBoundary getTrustBoundary() {
    *
    * @return {@code true} if the credentials support trust boundary, {@code false} otherwise.
    */
-  Boolean supportsTrustBoundary() {
+  boolean supportsTrustBoundary() {
     return false;
   }
 
@@ -433,7 +433,7 @@ protected boolean isExplicitUniverseDomain() {
    * @return true if universe domain equals to {@link Credentials#GOOGLE_DEFAULT_UNIVERSE}, false
    *     otherwise
    */
-  public boolean isDefaultUniverseDomain() throws IOException {
+  boolean isDefaultUniverseDomain() throws IOException {
     return getUniverseDomain().equals(Credentials.GOOGLE_DEFAULT_UNIVERSE);
   }
 

oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java

@@ -326,7 +326,7 @@ public GoogleCredentials getSourceCredentials() {
   }
 
   @Override
-  Boolean supportsTrustBoundary() {
+  boolean supportsTrustBoundary() {
     return true;
   }
 

oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java

@@ -94,7 +94,7 @@ public class OAuth2Utils {
 
   static final URI TOKEN_REVOKE_URI = URI.create("https://oauth2.googleapis.com/revoke");
 
-  public static final String IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_SERVICE_ACCOUNT =
+  static final String IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_SERVICE_ACCOUNT =
       "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s/allowedLocations";
   static final URI USER_AUTH_URI = URI.create("https://accounts.google.com/o/oauth2/auth");
 

oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

@@ -824,7 +824,7 @@ public boolean getUseJwtAccessWithScope() {
   }
 
   @Override
-  Boolean supportsTrustBoundary() {
+  boolean supportsTrustBoundary() {
     return true;
   }
 

oauth2_http/java/com/google/auth/oauth2/TrustBoundary.java

@@ -211,6 +211,10 @@ static TrustBoundary refresh(
       throw new IOException("TrustBoundary: Failure while getting trust boundaries:", e);
     }
     String encodedLocations = json.getEncodedLocations();
+    // The encodedLocations is the value attached to the x-allowed-locations header and
+    // it should always have a value. In case of NO_OP the lookup endpoint returns
+    // encodedLocations as '0x0' and locations as null. That is why we only check for
+    // encodedLocations.
     if (encodedLocations == null) {
       throw new IOException(
           "TrustBoundary: Malformed response from lookup endpoint - `encodedLocations` was null.");

oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java

@@ -1183,14 +1183,12 @@ public void refresh_trustBoundaryFails_throwsIOException() throws IOException {
     ComputeEngineCredentials credentials =
         ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build();
 
-    try {
-      credentials.refresh();
-    } catch (IOException e) {
-      assertTrue(
-          "The exception message should explain why the refresh failed.",
-          e.getMessage()
-              .contains("Failed to refresh trust boundary and no cached value is available."));
-    }
+    IOException exception = assertThrows(IOException.class, () -> credentials.refresh());
+    assertTrue(
+        "The exception message should explain why the refresh failed.",
+        exception
+            .getMessage()
+            .contains("Failed to refresh trust boundary and no cached value is available."));
   }
 
   static class MockMetadataServerTransportFactory implements HttpTransportFactory {

oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java

@@ -36,6 +36,7 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -960,7 +961,7 @@ public void trustBoundary_shouldNotCallLookupEndpointWhenDisabled() throws IOExc
             .build();
 
     credentials.getRequestMetadata();
-    assertEquals(credentials.getTrustBoundary(), null);
+    assertNull(credentials.getTrustBoundary());
   }
 
   @Test
@@ -1076,12 +1077,9 @@ public void trustBoundary_refreshShouldThrowWhenNoValidAccessTokenIsPassed() thr
             .setScopes(SCOPES)
             .build();
 
-    try {
-      credentials.getRequestMetadata();
-      fail("Should have thrown an IOException.");
-    } catch (IllegalArgumentException e) {
-      assertEquals("The provided access token is expired.", e.getMessage());
-    }
+    IllegalArgumentException exception =
+        assertThrows(IllegalArgumentException.class, () -> credentials.getRequestMetadata());
+    assertEquals("The provided access token is expired.", exception.getMessage());
   }
 
   @Test
@@ -1194,15 +1192,11 @@ public void trustBoundary_refreshShouldThrowIfCallToLookupFailsAndNoCachedTb()
             .setHttpTransportFactory(() -> transport)
             .setScopes(SCOPES)
             .build();
-
-    try {
-      credentials.refresh();
-      fail("Should have thrown an IOException.");
-    } catch (IOException e) {
-      assertTrue(
-          e.getMessage()
-              .contains("Failed to refresh trust boundary and no cached value is available."));
-    }
+    IOException exception = assertThrows(IOException.class, () -> credentials.refresh());
+    assertTrue(
+        exception
+            .getMessage()
+            .contains("Failed to refresh trust boundary and no cached value is available."));
   }
 
   @Test
@@ -1225,14 +1219,11 @@ public void trustBoundary_refreshShouldThrowInCaseOfMalformedResponse() throws I
             .setScopes(SCOPES)
             .build();
 
-    try {
-      credentials.refresh();
-      fail("Should have thrown an IOException.");
-    } catch (IOException e) {
-      assertTrue(
-          e.getMessage()
-              .contains("Failed to refresh trust boundary and no cached value is available."));
-    }
+    IOException exception = assertThrows(IOException.class, () -> credentials.refresh());
+    assertTrue(
+        exception
+            .getMessage()
+            .contains("Failed to refresh trust boundary and no cached value is available."));
   }
 
   @Test

oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java

@@ -1334,14 +1334,12 @@ public void refresh_trustBoundaryFails_throwsIOException() throws IOException {
             VALID_LIFETIME,
             mockTransportFactory);
 
-    try {
-      targetCredentials.refresh();
-    } catch (IOException e) {
-      assertTrue(
-          "The exception message should explain why the refresh failed.",
-          e.getMessage()
-              .contains("Failed to refresh trust boundary and no cached value is available."));
-    }
+    IOException exception = assertThrows(IOException.class, () -> targetCredentials.refresh());
+    assertTrue(
+        "The exception message should explain why the refresh failed.",
+        exception
+            .getMessage()
+            .contains("Failed to refresh trust boundary and no cached value is available."));
   }
 
   public static String getDefaultExpireTime() {

oauth2_http/javatests/com/google/auth/oauth2/LoggingTest.java

@@ -441,7 +441,7 @@ public void getRequestMetadata_hasAccessToken() throws IOException {
 
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
 
-    assertEquals(6, testAppender.events.size());
+    assertEquals(8, testAppender.events.size());
 
     ILoggingEvent defaultServiceAccountRequest = testAppender.events.get(0);
     assertEquals(