Address comments (add javadoc and use assertThrows in tests)

Author: nbayati

cab-token-generator/javatests/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java

@@ -35,7 +35,6 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThrows;
-import static org.junit.Assert.fail;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -136,8 +135,7 @@ public void fetchIntermediateCredentials() throws Exception {
   public void fetchIntermediateCredentials_withCustomUniverseDomain() throws IOException {
     String universeDomain = "foobar";
     GoogleCredentials sourceCredentials =
-        getServiceAccountSourceCredentials(mockTokenServerTransportFactory)
-            .toBuilder()
+        getServiceAccountSourceCredentials(mockTokenServerTransportFactory).toBuilder()
             .setUniverseDomain(universeDomain)
             .build();
 
@@ -360,25 +358,21 @@ public void refreshCredentialsIfRequired_sourceCredentialCannotRefresh_throwsIOE
             .setHttpTransportFactory(mockStsTransportFactory)
             .build();
 
-    try {
-      factory.refreshCredentialsIfRequired(); // Expecting an IOException
-      fail("Should fail as the source credential should not be able to be refreshed.");
-    } catch (IOException e) {
-      assertEquals("Unable to refresh the provided source credential.", e.getMessage());
-    }
+    IOException exception = assertThrows(IOException.class, factory::refreshCredentialsIfRequired);
+    assertEquals("Unable to refresh the provided source credential.", exception.getMessage());
   }
 
   // Tests related to the builder methods
   @Test
   public void builder_noSourceCredential_throws() {
-    try {
-      ClientSideCredentialAccessBoundaryFactory.newBuilder()
-          .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
-          .build();
-      fail("Should fail as the source credential is null.");
-    } catch (NullPointerException e) {
-      assertEquals("Source credential must not be null.", e.getMessage());
-    }
+    NullPointerException exception =
+        assertThrows(
+            NullPointerException.class,
+            () ->
+                ClientSideCredentialAccessBoundaryFactory.newBuilder()
+                    .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY)
+                    .build());
+    assertEquals("Source credential must not be null.", exception.getMessage());
   }
 
   @Test
@@ -461,18 +455,17 @@ public void builder_universeDomainMismatch_throws() throws IOException {
     GoogleCredentials sourceCredentials =
         getServiceAccountSourceCredentials(mockTokenServerTransportFactory);
 
-    try {
-      ClientSideCredentialAccessBoundaryFactory.newBuilder()
-          .setSourceCredential(sourceCredentials)
-          .setUniverseDomain("differentUniverseDomain")
-          .build();
-
-      fail("Should fail with universe domain mismatch.");
-    } catch (IllegalArgumentException e) {
-      assertEquals(
-          "The client side access boundary credential's universe domain must be the same as the source credential.",
-          e.getMessage());
-    }
+    IllegalArgumentException exception =
+        assertThrows(
+            IllegalArgumentException.class,
+            () ->
+                ClientSideCredentialAccessBoundaryFactory.newBuilder()
+                    .setSourceCredential(sourceCredentials)
+                    .setUniverseDomain("differentUniverseDomain")
+                    .build());
+    assertEquals(
+        "The client side access boundary credential's universe domain must be the same as the source credential.",
+        exception.getMessage());
   }
 
   private static GoogleCredentials getServiceAccountSourceCredentials(
@@ -548,6 +541,7 @@ private static void triggerConcurrentRefresh(
       throws InterruptedException {
     Thread[] threads = new Thread[numThreads];
     CountDownLatch latch = new CountDownLatch(numThreads);
+    long timeoutMillis = 5000; // 5 seconds
 
     // Create and start the threads
     for (int i = 0; i < numThreads; i++) {
@@ -567,7 +561,14 @@ private static void triggerConcurrentRefresh(
       threads[i].start();
     }
     for (Thread thread : threads) {
-      thread.join(); // Wait for each thread to complete
+      thread.join(timeoutMillis); // Wait for each thread to complete
+      if (thread.isAlive()) {
+        thread.interrupt(); // Interrupt the thread if it's still running after the timeout
+        throw new AssertionError(
+            "Thread running refreshCredentialsIfRequired timed out after "
+                + timeoutMillis
+                + " milliseconds.");
+      }
     }
   }
 }

oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java

@@ -256,7 +256,14 @@ static Map<String, Object> validateMap(Map<String, Object> map, String key, Stri
     return (Map) value;
   }
 
-  /** Helper to convert from a PKCS#8 String to an RSA private key */
+  /**
+   * Converts a PKCS#8 string to an RSA private key.
+   *
+   * @param privateKeyPkcs8 the PKCS#8 string.
+   * @return the RSA private key.
+   * @throws IOException if the PKCS#8 data is invalid or if an unexpected exception occurs during
+   *     key creation.
+   */
   public static PrivateKey privateKeyFromPkcs8(String privateKeyPkcs8) throws IOException {
     Reader reader = new StringReader(privateKeyPkcs8);
     Section section = PemReader.readFirstSectionAndClose(reader, "PRIVATE KEY");