diff --git a/appengine/javatests/com/google/auth/appengine/AppEngineCredentialsTest.java b/appengine/javatests/com/google/auth/appengine/AppEngineCredentialsTest.java index 05f81d578..3830d62dd 100644 --- a/appengine/javatests/com/google/auth/appengine/AppEngineCredentialsTest.java +++ b/appengine/javatests/com/google/auth/appengine/AppEngineCredentialsTest.java @@ -36,8 +36,8 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.auth.Credentials; import com.google.auth.oauth2.AccessToken; @@ -135,11 +135,7 @@ void createScoped_clonesWithScopes() throws IOException { .setAppIdentityService(appIdentity) .build(); assertTrue(credentials.createScopedRequired()); - try { - credentials.getRequestMetadata(CALL_URI); - fail("Should not be able to use credential without scopes."); - } catch (Exception expected) { - } + assertThrows(IOException.class, () -> credentials.getRequestMetadata(CALL_URI)); assertEquals(0, appIdentity.getGetAccessTokenCallCount()); GoogleCredentials scopedCredentials = credentials.createScoped(SCOPES); diff --git a/oauth2_http/javatests/com/google/auth/TestUtils.java b/oauth2_http/javatests/com/google/auth/TestUtils.java index d794ba184..a242f4ee8 100644 --- a/oauth2_http/javatests/com/google/auth/TestUtils.java +++ b/oauth2_http/javatests/com/google/auth/TestUtils.java @@ -46,9 +46,9 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; @@ -90,15 +90,11 @@ private static boolean hasBearerToken(Map> metadata, String public static InputStream jsonToInputStream(GenericJson json) throws IOException { json.setFactory(JSON_FACTORY); String text = json.toPrettyString(); - return new ByteArrayInputStream(text.getBytes("UTF-8")); + return new ByteArrayInputStream(text.getBytes(StandardCharsets.UTF_8)); } public static InputStream stringToInputStream(String text) { - try { - return new ByteArrayInputStream(text.getBytes("UTF-8")); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException("Unexpected encoding exception", e); - } + return new ByteArrayInputStream(text.getBytes(StandardCharsets.UTF_8)); } public static Map parseQuery(String query) throws IOException { diff --git a/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java b/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java index 10d2141fd..666be521e 100644 --- a/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java +++ b/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java @@ -79,7 +79,7 @@ void initialize_populatesOAuth2Credentials() throws IOException { HttpHeaders requestHeaders = request.getHeaders(); String authorizationHeader = requestHeaders.getAuthorization(); - assertEquals(authorizationHeader, expectedAuthorization); + assertEquals(expectedAuthorization, authorizationHeader); } @Test diff --git a/oauth2_http/javatests/com/google/auth/mtls/SecureConnectProviderTest.java b/oauth2_http/javatests/com/google/auth/mtls/SecureConnectProviderTest.java index 7e962014a..fab805fa9 100644 --- a/oauth2_http/javatests/com/google/auth/mtls/SecureConnectProviderTest.java +++ b/oauth2_http/javatests/com/google/auth/mtls/SecureConnectProviderTest.java @@ -38,7 +38,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.security.GeneralSecurityException; import java.util.List; import org.junit.jupiter.api.Test; @@ -70,7 +69,7 @@ public InputStream getErrorStream() { } @Override - public int waitFor() throws InterruptedException { + public int waitFor() { return 0; } @@ -83,7 +82,9 @@ public int exitValue() { } @Override - public void destroy() {} + public void destroy() { + // Nothing was initialized and nothing needs to be destroyed + } } static class TestProcessProvider implements SecureConnectProvider.ProcessProvider { @@ -102,19 +103,22 @@ public Process createProcess(InputStream metadata) throws IOException { @Test void testGetKeyStoreNonZeroExitCode() { - InputStream metadata = + try (InputStream metadata = this.getClass() .getClassLoader() - .getResourceAsStream("com/google/api/gax/rpc/mtls/mtlsCertAndKey.pem"); - IOException actual = - assertThrows( - IOException.class, - () -> SecureConnectProvider.getKeyStore(metadata, new TestProcessProvider(1))); - assertTrue( - actual - .getMessage() - .contains("SecureConnect: Cert provider command failed with exit code: 1"), - "expected to fail with nonzero exit code"); + .getResourceAsStream("com/google/api/gax/rpc/mtls/mtlsCertAndKey.pem")) { + IOException actual = + assertThrows( + IOException.class, + () -> SecureConnectProvider.getKeyStore(metadata, new TestProcessProvider(1))); + assertTrue( + actual + .getMessage() + .contains("SecureConnect: Cert provider command failed with exit code: 1"), + "expected to fail with nonzero exit code"); + } catch (IOException e) { + throw new RuntimeException(e); + } } @Test @@ -147,8 +151,7 @@ void testRunCertificateProviderCommandTimeout() { } @Test - void testGetKeyStore_FileNotFoundException() - throws IOException, GeneralSecurityException, InterruptedException { + void testGetKeyStore_FileNotFoundException() { SecureConnectProvider provider = new SecureConnectProvider(new TestProcessProvider(0), "/invalid/metadata/path.json"); diff --git a/oauth2_http/javatests/com/google/auth/mtls/WorkloadCertificateConfigurationTest.java b/oauth2_http/javatests/com/google/auth/mtls/WorkloadCertificateConfigurationTest.java index bd17436c1..8d74f7978 100644 --- a/oauth2_http/javatests/com/google/auth/mtls/WorkloadCertificateConfigurationTest.java +++ b/oauth2_http/javatests/com/google/auth/mtls/WorkloadCertificateConfigurationTest.java @@ -58,71 +58,77 @@ void workloadCertificateConfig_fromStream_Succeeds() throws IOException { void workloadCertificateConfig_fromStreamMissingCertPath_Fails() throws IOException { String certPath = ""; String privateKeyPath = "key.crt"; - InputStream configStream = writeWorkloadCertificateConfigStream(certPath, privateKeyPath); - - IllegalArgumentException exception = - assertThrows( - IllegalArgumentException.class, - () -> - WorkloadCertificateConfiguration.fromCertificateConfigurationStream(configStream)); - assertTrue( - exception - .getMessage() - .contains( - "The cert_path field must be provided in the workload certificate configuration.")); + try (InputStream configStream = + writeWorkloadCertificateConfigStream(certPath, privateKeyPath)) { + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + () -> + WorkloadCertificateConfiguration.fromCertificateConfigurationStream( + configStream)); + assertTrue( + exception + .getMessage() + .contains( + "The cert_path field must be provided in the workload certificate configuration.")); + } } @Test void workloadCertificateConfig_fromStreamMissingPrivateKeyPath_Fails() throws IOException { String certPath = "cert.crt"; String privateKeyPath = ""; - InputStream configStream = writeWorkloadCertificateConfigStream(certPath, privateKeyPath); - - IllegalArgumentException exception = - assertThrows( - IllegalArgumentException.class, - () -> - WorkloadCertificateConfiguration.fromCertificateConfigurationStream(configStream)); - assertTrue( - exception - .getMessage() - .contains( - "The key_path field must be provided in the workload certificate configuration.")); + try (InputStream configStream = + writeWorkloadCertificateConfigStream(certPath, privateKeyPath)) { + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + () -> + WorkloadCertificateConfiguration.fromCertificateConfigurationStream( + configStream)); + assertTrue( + exception + .getMessage() + .contains( + "The key_path field must be provided in the workload certificate configuration.")); + } } @Test void workloadCertificateConfig_fromStreamMissingWorkload_Fails() throws IOException { GenericJson json = new GenericJson(); json.put("cert_configs", new GenericJson()); - InputStream configStream = TestUtils.jsonToInputStream(json); - - CertificateSourceUnavailableException exception = - assertThrows( - CertificateSourceUnavailableException.class, - () -> - WorkloadCertificateConfiguration.fromCertificateConfigurationStream(configStream)); - assertTrue( - exception - .getMessage() - .contains( - "A workload certificate configuration must be provided in the cert_configs object.")); + try (InputStream configStream = TestUtils.jsonToInputStream(json)) { + CertificateSourceUnavailableException exception = + assertThrows( + CertificateSourceUnavailableException.class, + () -> + WorkloadCertificateConfiguration.fromCertificateConfigurationStream( + configStream)); + assertTrue( + exception + .getMessage() + .contains( + "A workload certificate configuration must be provided in the cert_configs object.")); + } } @Test void workloadCertificateConfig_fromStreamMissingCertConfig_Fails() throws IOException { GenericJson json = new GenericJson(); - InputStream configStream = TestUtils.jsonToInputStream(json); - - IllegalArgumentException exception = - assertThrows( - IllegalArgumentException.class, - () -> - WorkloadCertificateConfiguration.fromCertificateConfigurationStream(configStream)); - assertTrue( - exception - .getMessage() - .contains( - "The cert_configs object must be provided in the certificate configuration file.")); + try (InputStream configStream = TestUtils.jsonToInputStream(json)) { + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + () -> + WorkloadCertificateConfiguration.fromCertificateConfigurationStream( + configStream)); + assertTrue( + exception + .getMessage() + .contains( + "The cert_configs object must be provided in the certificate configuration file.")); + } } static InputStream writeWorkloadCertificateConfigStream(String certPath, String privateKeyPath) diff --git a/oauth2_http/javatests/com/google/auth/mtls/X509ProviderTest.java b/oauth2_http/javatests/com/google/auth/mtls/X509ProviderTest.java index 7f3927654..e6f2b95d1 100644 --- a/oauth2_http/javatests/com/google/auth/mtls/X509ProviderTest.java +++ b/oauth2_http/javatests/com/google/auth/mtls/X509ProviderTest.java @@ -140,24 +140,24 @@ void x509Provider_succeeds_withEnvVariable() String certConfigPath = "certConfig.txt"; String certPath = "cert.crt"; String keyPath = "key.crt"; - InputStream certConfigStream = + try (InputStream certConfigStream = WorkloadCertificateConfigurationTest.writeWorkloadCertificateConfigStream( - certPath, keyPath); - - TestX509Provider testProvider = new TestX509Provider(); - testProvider.setEnv("GOOGLE_API_CERTIFICATE_CONFIG", certConfigPath); - testProvider.addFile(certConfigPath, certConfigStream); - testProvider.addFile(certPath, new ByteArrayInputStream(TEST_CERT.getBytes())); - testProvider.addFile(keyPath, new ByteArrayInputStream(TEST_PRIVATE_KEY.getBytes())); - - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - Certificate expectedCert = - cf.generateCertificate(new ByteArrayInputStream(TEST_CERT.getBytes())); - - // Assert that the store has the expected certificate and only the expected certificate. - KeyStore store = testProvider.getKeyStore(); - assertEquals(1, store.size()); - assertNotNull(store.getCertificateAlias(expectedCert)); + certPath, keyPath)) { + TestX509Provider testProvider = new TestX509Provider(); + testProvider.setEnv(certConfigPath); + testProvider.addFile(certConfigPath, certConfigStream); + testProvider.addFile(certPath, new ByteArrayInputStream(TEST_CERT.getBytes())); + testProvider.addFile(keyPath, new ByteArrayInputStream(TEST_PRIVATE_KEY.getBytes())); + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate expectedCert = + cf.generateCertificate(new ByteArrayInputStream(TEST_CERT.getBytes())); + + // Assert that the store has the expected certificate and only the expected certificate. + KeyStore store = testProvider.getKeyStore(); + assertEquals(1, store.size()); + assertNotNull(store.getCertificateAlias(expectedCert)); + } } @Test @@ -166,24 +166,24 @@ void x509Provider_succeeds_withWellKnownPath() String certConfigPath = "certConfig.txt"; String certPath = "cert.crt"; String keyPath = "key.crt"; - InputStream certConfigStream = + try (InputStream certConfigStream = WorkloadCertificateConfigurationTest.writeWorkloadCertificateConfigStream( - certPath, keyPath); - - TestX509Provider testProvider = new TestX509Provider(); - testProvider.setEnv("GOOGLE_API_CERTIFICATE_CONFIG", certConfigPath); - testProvider.addFile(certConfigPath, certConfigStream); - testProvider.addFile(certPath, new ByteArrayInputStream(TEST_CERT.getBytes())); - testProvider.addFile(keyPath, new ByteArrayInputStream(TEST_PRIVATE_KEY.getBytes())); - - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - Certificate expectedCert = - cf.generateCertificate(new ByteArrayInputStream(TEST_CERT.getBytes())); - - // Assert that the store has the expected certificate and only the expected certificate. - KeyStore store = testProvider.getKeyStore(); - assertEquals(1, store.size()); - assertNotNull(store.getCertificateAlias(expectedCert)); + certPath, keyPath)) { + TestX509Provider testProvider = new TestX509Provider(); + testProvider.setEnv(certConfigPath); + testProvider.addFile(certConfigPath, certConfigStream); + testProvider.addFile(certPath, new ByteArrayInputStream(TEST_CERT.getBytes())); + testProvider.addFile(keyPath, new ByteArrayInputStream(TEST_PRIVATE_KEY.getBytes())); + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate expectedCert = + cf.generateCertificate(new ByteArrayInputStream(TEST_CERT.getBytes())); + + // Assert that the store has the expected certificate and only the expected certificate. + KeyStore store = testProvider.getKeyStore(); + assertEquals(1, store.size()); + assertNotNull(store.getCertificateAlias(expectedCert)); + } } static class TestX509Provider extends X509Provider { @@ -211,8 +211,8 @@ String getEnv(String name) { return variables.get(name); } - void setEnv(String name, String value) { - variables.put(name, value); + void setEnv(String value) { + variables.put("GOOGLE_API_CERTIFICATE_CONFIG", value); } @Override diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AccessTokenTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AccessTokenTest.java index d93e2c98f..f9ebaa2bb 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/AccessTokenTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/AccessTokenTest.java @@ -32,14 +32,14 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotSame; import static org.junit.jupiter.api.Assertions.assertSame; -import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.List; import org.junit.jupiter.api.Test; @@ -92,7 +92,7 @@ void builder() { .setTokenValue(TOKEN) .setScopes("dummy") .build(); - assertEquals(Arrays.asList("dummy"), accessToken.getScopes()); + assertEquals(Collections.singletonList("dummy"), accessToken.getScopes()); // empty scope accessToken = @@ -105,7 +105,7 @@ void builder() { } @Test - void equals_true() throws IOException { + void equals_true() { AccessToken accessToken = AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) @@ -121,12 +121,12 @@ void equals_true() throws IOException { .setScopes(SCOPES) .build(); - assertTrue(accessToken.equals(otherAccessToken)); - assertTrue(otherAccessToken.equals(accessToken)); + assertEquals(accessToken, otherAccessToken); + assertEquals(otherAccessToken, accessToken); } @Test - void equals_false_scopes() throws IOException { + void equals_false_scopes() { AccessToken accessToken = AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) @@ -138,15 +138,15 @@ void equals_false_scopes() throws IOException { AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) .setTokenValue(TOKEN) - .setScopes(Arrays.asList("scope1")) + .setScopes(Collections.singletonList("scope1")) .build(); - assertFalse(accessToken.equals(otherAccessToken)); - assertFalse(otherAccessToken.equals(accessToken)); + assertNotEquals(accessToken, otherAccessToken); + assertNotEquals(otherAccessToken, accessToken); } @Test - void equals_false_token() throws IOException { + void equals_false_token() { AccessToken accessToken = AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) @@ -161,12 +161,12 @@ void equals_false_token() throws IOException { .setScopes(SCOPES) .build(); - assertFalse(accessToken.equals(otherAccessToken)); - assertFalse(otherAccessToken.equals(accessToken)); + assertNotEquals(accessToken, otherAccessToken); + assertNotEquals(otherAccessToken, accessToken); } @Test - void equals_false_expirationDate() throws IOException { + void equals_false_expirationDate() { AccessToken accessToken = AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) @@ -181,8 +181,8 @@ void equals_false_expirationDate() throws IOException { .setScopes(SCOPES) .build(); - assertFalse(accessToken.equals(otherAccessToken)); - assertFalse(otherAccessToken.equals(accessToken)); + assertNotEquals(accessToken, otherAccessToken); + assertNotEquals(otherAccessToken, accessToken); } @Test @@ -201,7 +201,7 @@ void toString_containsFields() { } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { AccessToken accessToken = AccessToken.newBuilder() .setExpirationTime(EXPIRATION_DATE) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AppEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AppEngineCredentialsTest.java index 43139e2be..eb885d184 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/AppEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/AppEngineCredentialsTest.java @@ -37,8 +37,8 @@ import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.common.collect.ImmutableMap; import java.io.IOException; @@ -77,18 +77,15 @@ void constructor_usesAppIdentityService() throws IOException { @Test void constructor_noAppEngineRuntime_throwsHelpfulLoadError() { - try { - new TestAppEngineCredentialsNoSdk(); - fail("Credential expected to fail to load if credential class not present."); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.contains("Check that the App Engine SDK is deployed.")); - assertInstanceOf(ClassNotFoundException.class, e.getCause()); - assertTrue( - e.getCause() - .getMessage() - .contains(AppEngineCredentials.APP_IDENTITY_SERVICE_FACTORY_CLASS)); - } + IOException exception = assertThrows(IOException.class, TestAppEngineCredentialsNoSdk::new); + String message = exception.getMessage(); + assertTrue(message.contains("Check that the App Engine SDK is deployed.")); + assertInstanceOf(ClassNotFoundException.class, exception.getCause()); + assertTrue( + exception + .getCause() + .getMessage() + .contains(AppEngineCredentials.APP_IDENTITY_SERVICE_FACTORY_CLASS)); } @Test @@ -115,12 +112,7 @@ void sign_sameAs() throws IOException { void createScoped_clonesWithScopes() throws IOException { TestAppEngineCredentials credentials = new TestAppEngineCredentials(null); assertTrue(credentials.createScopedRequired()); - try { - credentials.refreshAccessToken(); - fail("Should not be able to use credential without scopes."); - } catch (Exception expected) { - // Expected - } + assertThrows(IOException.class, credentials::refreshAccessToken); GoogleCredentials scopedCredentials = credentials.createScoped(SCOPES); assertNotSame(credentials, scopedCredentials); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java index 4764d27ec..e401ae853 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java @@ -32,12 +32,13 @@ package com.google.auth.oauth2; import static com.google.auth.Credentials.GOOGLE_DEFAULT_UNIVERSE; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.json.GenericJson; import com.google.api.client.json.JsonParser; @@ -55,7 +56,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.function.Supplier; import org.junit.jupiter.api.Test; /** Tests for {@link AwsCredentials}. */ @@ -86,7 +86,6 @@ class AwsCredentialsTest extends BaseSerializationTest { } }; - private static final Map EMPTY_METADATA_HEADERS = Collections.emptyMap(); private static final Map EMPTY_STRING_HEADERS = Collections.emptyMap(); private static final AwsCredentialSource AWS_CREDENTIAL_SOURCE = @@ -110,13 +109,13 @@ class AwsCredentialsTest extends BaseSerializationTest { @Test void test_awsCredentialSource() { - String keys[] = {"region_url", "url", "imdsv2_session_token_url"}; + String[] keys = {"region_url", "url", "imdsv2_session_token_url"}; for (String key : keys) { Map credentialSourceWithInvalidUrl = buildAwsIpv6CredentialSourceMap(); credentialSourceWithInvalidUrl.put(key, "https://badhost.com/fake"); // Should succeed as no validation is done. - new AwsCredentialSource(credentialSourceWithInvalidUrl); + assertDoesNotThrow(() -> new AwsCredentialSource(credentialSourceWithInvalidUrl)); } } @@ -190,7 +189,7 @@ void refreshAccessToken_withServiceAccountImpersonationOptions() throws IOExcept .setServiceAccountImpersonationUrl( transportFactory.transport.getServiceAccountImpersonationUrl()) .setServiceAccountImpersonationOptions( - ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800)) + ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions()) .build(); AccessToken accessToken = awsCredential.refreshAccessToken(); @@ -199,17 +198,17 @@ void refreshAccessToken_withServiceAccountImpersonationOptions() throws IOExcept transportFactory.transport.getServiceAccountAccessToken(), accessToken.getTokenValue()); // Validate that default lifetime was set correctly on the request. - GenericJson query = - OAuth2Utils.JSON_FACTORY - .createJsonParser(transportFactory.transport.getLastRequest().getContentAsString()) - .parseAndClose(GenericJson.class); - - assertEquals("2800s", query.get("lifetime")); - - // Validate metrics header is set correctly on the sts request. - Map> headers = - transportFactory.transport.getRequests().get(6).getHeaders(); - ExternalAccountCredentialsTest.validateMetricsHeader(headers, "aws", true, true); + try (JsonParser jsonParser = + OAuth2Utils.JSON_FACTORY.createJsonParser( + transportFactory.transport.getLastRequest().getContentAsString())) { + GenericJson query = jsonParser.parseAndClose(GenericJson.class); + assertEquals("2800s", query.get("lifetime")); + + // Validate metrics header is set correctly on the sts request. + Map> headers = + transportFactory.transport.getRequests().get(6).getHeaders(); + ExternalAccountCredentialsTest.validateMetricsHeader(headers, "aws", true, true); + } } @Test @@ -485,12 +484,8 @@ void retrieveSubjectToken_noRegion_expectThrows() { .setCredentialSource(buildAwsCredentialSource(transportFactory)) .build(); - try { - awsCredential.retrieveSubjectToken(); - fail("Should not be able to use credential without exception."); - } catch (IOException exception) { - assertEquals("Failed to retrieve AWS region.", exception.getMessage()); - } + IOException exception = assertThrows(IOException.class, awsCredential::retrieveSubjectToken); + assertEquals("Failed to retrieve AWS region.", exception.getMessage()); List requests = transportFactory.transport.getRequests(); assertEquals(1, requests.size()); @@ -514,12 +509,8 @@ void retrieveSubjectToken_noRole_expectThrows() { .setCredentialSource(buildAwsCredentialSource(transportFactory)) .build(); - try { - awsCredential.retrieveSubjectToken(); - fail("Should not be able to use credential without exception."); - } catch (IOException exception) { - assertEquals("Failed to retrieve AWS IAM role.", exception.getMessage()); - } + IOException exception = assertThrows(IOException.class, awsCredential::retrieveSubjectToken); + assertEquals("Failed to retrieve AWS IAM role.", exception.getMessage()); List requests = transportFactory.transport.getRequests(); assertEquals(2, requests.size()); @@ -546,12 +537,8 @@ void retrieveSubjectToken_noCredentials_expectThrows() { .setCredentialSource(buildAwsCredentialSource(transportFactory)) .build(); - try { - awsCredential.retrieveSubjectToken(); - fail("Should not be able to use credential without exception."); - } catch (IOException exception) { - assertEquals("Failed to retrieve AWS credentials.", exception.getMessage()); - } + IOException exception = assertThrows(IOException.class, awsCredential::retrieveSubjectToken); + assertEquals("Failed to retrieve AWS credentials.", exception.getMessage()); List requests = transportFactory.transport.getRequests(); assertEquals(3, requests.size()); @@ -581,15 +568,11 @@ void retrieveSubjectToken_noRegionUrlProvided() { .setCredentialSource(new AwsCredentialSource(credentialSource)) .build(); - try { - awsCredential.retrieveSubjectToken(); - fail("Should not be able to use credential without exception."); - } catch (IOException exception) { - assertEquals( - "Unable to determine the AWS region. The credential source does not " - + "contain the region URL.", - exception.getMessage()); - } + IOException exception = assertThrows(IOException.class, awsCredential::retrieveSubjectToken); + assertEquals( + "Unable to determine the AWS region. The credential source does not " + + "contain the region URL.", + exception.getMessage()); // No requests because the credential source does not contain region URL. List requests = transportFactory.transport.getRequests(); @@ -679,7 +662,7 @@ void retrieveSubjectToken_withProgrammaticRefreshSessionToken() throws IOExcepti } @Test - void retrieveSubjectToken_passesContext() throws IOException { + void retrieveSubjectToken_passesContext() { MockExternalAccountCredentialsTransportFactory transportFactory = new MockExternalAccountCredentialsTransportFactory(); @@ -705,11 +688,11 @@ void retrieveSubjectToken_passesContext() throws IOException { .setSubjectTokenType("subjectTokenType") .build(); - awsCredential.retrieveSubjectToken(); + assertDoesNotThrow(awsCredential::retrieveSubjectToken); } @Test - void retrieveSubjectToken_withProgrammaticRefreshThrowsError() throws IOException { + void retrieveSubjectToken_withProgrammaticRefreshThrowsError() { MockExternalAccountCredentialsTransportFactory transportFactory = new MockExternalAccountCredentialsTransportFactory(); @@ -727,12 +710,8 @@ void retrieveSubjectToken_withProgrammaticRefreshThrowsError() throws IOExceptio .setSubjectTokenType("subjectTokenType") .build(); - try { - String subjectToken = URLDecoder.decode(awsCredential.retrieveSubjectToken(), "UTF-8"); - fail("retrieveSubjectToken should not succeed"); - } catch (IOException e) { - assertEquals("test", e.getMessage()); - } + IOException exception = assertThrows(IOException.class, awsCredential::retrieveSubjectToken); + assertEquals("test", exception.getMessage()); } @Test @@ -853,14 +832,13 @@ void getAwsSecurityCredentials_fromMetadataServer_noUrlProvided() { .setCredentialSource(new AwsCredentialSource(credentialSource)) .build(); - try { - awsCredential.getAwsSecurityCredentialsSupplier().getCredentials(emptyContext); - fail("Should not be able to use credential without exception."); - } catch (IOException exception) { - assertEquals( - "Unable to determine the AWS IAM role name. The credential source does not contain the url field.", - exception.getMessage()); - } + IOException exception = + assertThrows( + IOException.class, + () -> awsCredential.getAwsSecurityCredentialsSupplier().getCredentials(emptyContext)); + assertEquals( + "Unable to determine the AWS IAM role name. The credential source does not contain the url field.", + exception.getMessage()); // No requests because url field is not present in credential source. List requests = transportFactory.transport.getRequests(); @@ -946,7 +924,7 @@ void getAwsRegion_metadataServer() throws IOException { } @Test - void createdScoped_clonedCredentialWithAddedScopes() throws IOException { + void createdScoped_clonedCredentialWithAddedScopes() { AwsCredentials credentials = AwsCredentials.newBuilder(AWS_CREDENTIAL) .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) @@ -982,12 +960,10 @@ void credentialSource_invalidAwsEnvironmentId() { credentialSource.put("regional_cred_verification_url", GET_CALLER_IDENTITY_URL); credentialSource.put("environment_id", "azure1"); - try { - new AwsCredentialSource(credentialSource); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals("Invalid AWS environment ID.", e.getMessage()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, () -> new AwsCredentialSource(credentialSource)); + assertEquals("Invalid AWS environment ID.", exception.getMessage()); } @Test @@ -997,31 +973,27 @@ void credentialSource_invalidAwsEnvironmentVersion() { credentialSource.put("regional_cred_verification_url", GET_CALLER_IDENTITY_URL); credentialSource.put("environment_id", "aws" + environmentVersion); - try { - new AwsCredentialSource(credentialSource); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - String.format( - "AWS version %s is not supported in the current build.", environmentVersion), - e.getMessage()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, () -> new AwsCredentialSource(credentialSource)); + assertEquals( + String.format("AWS version %s is not supported in the current build.", environmentVersion), + exception.getMessage()); } @Test void credentialSource_missingRegionalCredVerificationUrl() { - try { - new AwsCredentialSource(new HashMap()); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - "A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.", - e.getMessage()); - } + HashMap credentialSourceMap = new HashMap<>(); + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, () -> new AwsCredentialSource(credentialSourceMap)); + assertEquals( + "A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.", + exception.getMessage()); } @Test - void builder_allFields() throws IOException { + void builder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); AwsCredentials credentials = @@ -1057,7 +1029,7 @@ void builder_allFields() throws IOException { } @Test - void builder_missingUniverseDomain_defaults() throws IOException { + void builder_missingUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); AwsCredentials credentials = @@ -1094,7 +1066,7 @@ void builder_missingUniverseDomain_defaults() throws IOException { } @Test - void newBuilder_allFields() throws IOException { + void newBuilder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); AwsCredentials credentials = @@ -1132,7 +1104,7 @@ void newBuilder_allFields() throws IOException { } @Test - void newBuilder_noUniverseDomain_defaults() throws IOException { + void newBuilder_noUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); AwsCredentials credentials = @@ -1169,7 +1141,7 @@ void newBuilder_noUniverseDomain_defaults() throws IOException { } @Test - void builder_defaultRegionalCredentialVerificationUrlOverride() throws IOException { + void builder_defaultRegionalCredentialVerificationUrlOverride() { List scopes = Arrays.asList("scope1", "scope2"); AwsSecurityCredentialsSupplier supplier = @@ -1197,63 +1169,55 @@ void builder_defaultRegionalCredentialVerificationUrlOverride() throws IOExcepti } @Test - void builder_supplierAndCredSourceThrows() throws IOException { + void builder_supplierAndCredSourceThrows() { List scopes = Arrays.asList("scope1", "scope2"); AwsSecurityCredentialsSupplier supplier = new TestAwsSecurityCredentialsSupplier("region", null, null, null); - try { - AwsCredentials credentials = - AwsCredentials.newBuilder() - .setAwsSecurityCredentialsSupplier(supplier) - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("tokenInfoUrl") - .setCredentialSource(AWS_CREDENTIAL_SOURCE) - .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) - .setQuotaProjectId("quotaProjectId") - .setClientId("clientId") - .setClientSecret("clientSecret") - .setScopes(scopes) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "AwsCredentials cannot have both an awsSecurityCredentialsSupplier and a credentialSource.", - exception.getMessage()); - } + AwsCredentials.Builder builder = + AwsCredentials.newBuilder() + .setAwsSecurityCredentialsSupplier(supplier) + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("tokenInfoUrl") + .setCredentialSource(AWS_CREDENTIAL_SOURCE) + .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) + .setQuotaProjectId("quotaProjectId") + .setClientId("clientId") + .setClientSecret("clientSecret") + .setScopes(scopes); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "AwsCredentials cannot have both an awsSecurityCredentialsSupplier and a credentialSource.", + exception.getMessage()); } @Test - void builder_noSupplieOrCredSourceThrows() throws IOException { + void builder_noSupplieOrCredSourceThrows() { List scopes = Arrays.asList("scope1", "scope2"); - Supplier testSupplier = () -> null; - - try { - AwsCredentials credentials = - AwsCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("tokenInfoUrl") - .setTokenInfoUrl("tokenInfoUrl") - .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) - .setQuotaProjectId("quotaProjectId") - .setClientId("clientId") - .setClientSecret("clientSecret") - .setScopes(scopes) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "An awsSecurityCredentialsSupplier or a credentialSource must be provided.", - exception.getMessage()); - } + AwsCredentials.Builder builder = + AwsCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("tokenInfoUrl") + .setTokenInfoUrl("tokenInfoUrl") + .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) + .setQuotaProjectId("quotaProjectId") + .setClientId("clientId") + .setClientSecret("clientSecret") + .setScopes(scopes); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "An awsSecurityCredentialsSupplier or a credentialSource must be provided.", + exception.getMessage()); } @Test @@ -1281,7 +1245,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(testCredentials, deserializedCredentials); assertEquals(testCredentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(testCredentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } private static void ValidateRequest( @@ -1353,12 +1317,12 @@ static InputStream writeAwsCredentialsStream(String stsUrl, String regionUrl, St return TestUtils.jsonToInputStream(json); } - class TestAwsSecurityCredentialsSupplier implements AwsSecurityCredentialsSupplier { + static class TestAwsSecurityCredentialsSupplier implements AwsSecurityCredentialsSupplier { - private String region; - private AwsSecurityCredentials credentials; - private IOException credentialException; - private ExternalAccountSupplierContext expectedContext; + private final String region; + private final AwsSecurityCredentials credentials; + private final IOException credentialException; + private final ExternalAccountSupplierContext expectedContext; TestAwsSecurityCredentialsSupplier( String region, diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AwsRequestSignerTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AwsRequestSignerTest.java index a1125edef..750390aea 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/AwsRequestSignerTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/AwsRequestSignerTest.java @@ -49,8 +49,9 @@ /** * Tests for {@link AwsRequestSigner}. * - *

Examples of sigv4 signed requests: - * https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html + *

Examples + * of sigv4 signed requests */ class AwsRequestSignerTest { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/CertificateIdentityPoolSubjectTokenSupplierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/CertificateIdentityPoolSubjectTokenSupplierTest.java index 9ff8f7f5f..dfb81281d 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/CertificateIdentityPoolSubjectTokenSupplierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/CertificateIdentityPoolSubjectTokenSupplierTest.java @@ -32,6 +32,7 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -254,8 +255,9 @@ void getSubjectToken_trustChainWrongOrder_throwsIllegalArgumentException() { Throwable cause = exception.getCause(); assertNotNull(cause, "Exception cause should not be null"); - assertTrue( - cause instanceof IllegalArgumentException, + assertInstanceOf( + IllegalArgumentException.class, + cause, "Exception cause should be an IllegalArgumentException"); assertEquals(expectedRootErrorMessage, cause.getMessage()); } @@ -301,7 +303,7 @@ void getSubjectToken_trustChainFileNotFound_throwsIOException() { assertThrows(IOException.class, () -> supplier.getSubjectToken(mockContext)); // Check that the cause is NoSuchFileException from readTrustChain. - assertTrue(exception.getCause() instanceof NoSuchFileException); + assertInstanceOf(NoSuchFileException.class, exception.getCause()); // Check the outer exception message added in getSubjectToken. assertEquals("Trust chain file not found: " + nonExistentPath, exception.getMessage()); @@ -328,7 +330,7 @@ void getSubjectToken_trustChainInvalidFormat_throwsIOException() throws Exceptio exception.getMessage()); // Check that the cause is CertificateException from readTrustChain - assertTrue(exception.getCause() instanceof CertificateException); + assertInstanceOf(CertificateException.class, exception.getCause()); // Verify the cause's message specifically points to the trust chain parsing failure // and includes the path of the invalid trust chain file. @@ -357,8 +359,8 @@ void getSubjectToken_leafCertFileNotFound_throwsIOException() { // Check that the cause is the original NoSuchFileException. assertNotNull(exception.getCause(), "Exception should have a cause"); - assertTrue( - exception.getCause() instanceof NoSuchFileException, "Cause should be NoSuchFileException"); + assertInstanceOf( + NoSuchFileException.class, exception.getCause(), "Cause should be NoSuchFileException"); // Check the message of the cause (which is the path) in a platform-agnostic way. Path expectedCausePath = Paths.get(nonExistentPath); @@ -385,7 +387,7 @@ void getSubjectToken_leafCertInvalidFormat_throwsIOException() throws Exception // Check that the cause is CertificateException from parseCertificate (via // loadLeafCertificate) - assertTrue(exception.getCause() instanceof CertificateException); + assertInstanceOf(CertificateException.class, exception.getCause()); assertEquals("Failed to parse X.509 certificate data.", exception.getCause().getMessage()); // Check the outer exception message diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ClientIdTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ClientIdTest.java index c002cf7e4..eaceca0ea 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ClientIdTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ClientIdTest.java @@ -31,6 +31,7 @@ package com.google.auth.oauth2; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -57,9 +58,8 @@ void constructor() { @Test void constructor_nullClientId_throws() { - assertThrows( - NullPointerException.class, - () -> ClientId.newBuilder().setClientSecret(CLIENT_SECRET).build()); + ClientId.Builder builder = ClientId.newBuilder().setClientSecret(CLIENT_SECRET); + assertThrows(NullPointerException.class, builder::build); } @Test @@ -100,21 +100,21 @@ void fromJson_installedNoSecret() throws IOException { } @Test - void fromJson_invalidType_throws() throws IOException { + void fromJson_invalidType_throws() { GenericJson json = writeClientIdJson("invalid", CLIENT_ID, null); assertThrows(IOException.class, () -> ClientId.fromJson(json)); } @Test - void fromJson_noClientId_throws() throws IOException { + void fromJson_noClientId_throws() { GenericJson json = writeClientIdJson("web", null, null); assertThrows(IOException.class, () -> ClientId.fromJson(json)); } @Test - void fromJson_zeroLengthClientId_throws() throws IOException { + void fromJson_zeroLengthClientId_throws() { GenericJson json = writeClientIdJson("web", "", null); assertThrows(IOException.class, () -> ClientId.fromJson(json)); @@ -129,7 +129,7 @@ void fromResource() throws IOException { } @Test - void fromResource_badResource() throws IOException { + void fromResource_badResource() { assertThrows( NullPointerException.class, () -> ClientId.fromResource(ClientIdTest.class, "invalid.json")); @@ -168,9 +168,9 @@ void fromStream_invalidJson_doesNotThrow() throws IOException { + CLIENT_SECRET + "\"" + "}"; // No closing brace - InputStream stream = TestUtils.stringToInputStream(invalidJson); - - ClientId.fromStream(stream); + try (InputStream stream = TestUtils.stringToInputStream(invalidJson)) { + assertDoesNotThrow(() -> ClientId.fromStream(stream)); + } } private GenericJson writeClientIdJson(String type, String clientId, String clientSecret) { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/CloudShellCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/CloudShellCredentialsTest.java index 2f0dde620..21abe335f 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/CloudShellCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/CloudShellCredentialsTest.java @@ -32,9 +32,8 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertSame; -import static org.junit.jupiter.api.Assertions.assertTrue; import com.google.api.client.util.Clock; import java.io.BufferedReader; @@ -50,63 +49,57 @@ class CloudShellCredentialsTest extends BaseSerializationTest { @Test void refreshAccessToken() throws IOException { - final ServerSocket authSocket = new ServerSocket(0); - try { + try (ServerSocket authSocket = new ServerSocket(0)) { Runnable serverTask = - new Runnable() { - @Override - public void run() { - try { - Socket clientSocket = authSocket.accept(); - BufferedReader input = - new BufferedReader(new InputStreamReader(clientSocket.getInputStream())); - String lines = input.readLine(); - lines += '\n' + input.readLine(); - assertEquals(lines, CloudShellCredentials.GET_AUTH_TOKEN_REQUEST); - - PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true); - out.println("32\n[\"email\", \"project-id\", \"token\"]"); - } catch (Exception reThrown) { - throw new RuntimeException(reThrown); - } + () -> { + try { + Socket clientSocket = authSocket.accept(); + BufferedReader input = + new BufferedReader(new InputStreamReader(clientSocket.getInputStream())); + String lines = input.readLine(); + lines += '\n' + input.readLine(); + assertEquals(CloudShellCredentials.GET_AUTH_TOKEN_REQUEST, lines); + + PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true); + out.println("32\n[\"email\", \"project-id\", \"token\"]"); + } catch (Exception reThrown) { + throw new RuntimeException(reThrown); } }; Thread serverThread = new Thread(serverTask); serverThread.start(); - GoogleCredentials creds = + GoogleCredentials credentials = CloudShellCredentials.newBuilder().setAuthPort(authSocket.getLocalPort()).build(); - assertEquals("token", creds.refreshAccessToken().getTokenValue()); - } finally { - authSocket.close(); + assertEquals("token", credentials.refreshAccessToken().getTokenValue()); } } @Test - void equals_true() throws IOException { + void equals_true() { GoogleCredentials credentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); GoogleCredentials otherCredentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test - void equals_false_authPort() throws IOException { + void equals_false_authPort() { GoogleCredentials credentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); GoogleCredentials otherCredentials = CloudShellCredentials.newBuilder().setAuthPort(43).build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void toString_containsFields() throws IOException { + void toString_containsFields() { String expectedToString = String.format("CloudShellCredentials{authPort=%d}", 42); GoogleCredentials credentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); assertEquals(expectedToString, credentials.toString()); } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { GoogleCredentials credentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); GoogleCredentials otherCredentials = CloudShellCredentials.newBuilder().setAuthPort(42).build(); assertEquals(credentials.hashCode(), otherCredentials.hashCode()); @@ -119,7 +112,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java index c41f7a770..756b56730 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java @@ -36,12 +36,13 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpStatusCodes; import com.google.api.client.http.HttpTransport; @@ -151,7 +152,7 @@ void buildTokenUrlWithScopes_empty_scopes() { @Test void buildTokenUrlWithScopes_single_scope() { ComputeEngineCredentials credentials = - ComputeEngineCredentials.newBuilder().setScopes(Arrays.asList("foo")).build(); + ComputeEngineCredentials.newBuilder().setScopes(Collections.singletonList("foo")).build(); String tokenUrlWithScopes = credentials.createTokenUrlWithScopes(); Collection scopes = credentials.getScopes(); @@ -295,11 +296,11 @@ void buildTokenUrlHardDirectPathBound_alts_transport() { } @Test - void buildScoped_scopesPresent() throws IOException { + void buildScoped_scopesPresent() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setScopes(null).build(); ComputeEngineCredentials scopedCredentials = - (ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo")); + (ComputeEngineCredentials) credentials.createScoped(Collections.singletonList("foo")); Collection scopes = scopedCredentials.getScopes(); assertEquals(1, scopes.size()); @@ -307,11 +308,11 @@ void buildScoped_scopesPresent() throws IOException { } @Test - void buildScoped_correctMargins() throws IOException { + void buildScoped_correctMargins() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setScopes(null).build(); ComputeEngineCredentials scopedCredentials = - (ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo")); + (ComputeEngineCredentials) credentials.createScoped(Collections.singletonList("foo")); assertEquals( ComputeEngineCredentials.COMPUTE_EXPIRATION_MARGIN, @@ -328,7 +329,7 @@ void buildScoped_explicitUniverse() throws IOException { .setUniverseDomain("some-universe") .build(); ComputeEngineCredentials scopedCredentials = - (ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo")); + (ComputeEngineCredentials) credentials.createScoped(Collections.singletonList("foo")); assertEquals("some-universe", scopedCredentials.getUniverseDomain()); assertTrue(scopedCredentials.isExplicitUniverseDomain()); @@ -337,7 +338,7 @@ void buildScoped_explicitUniverse() throws IOException { @Test void createScoped_defaultScopes() { GoogleCredentials credentials = - ComputeEngineCredentials.create().createScoped(null, Arrays.asList("foo")); + ComputeEngineCredentials.create().createScoped(null, Collections.singletonList("foo")); Collection scopes = ((ComputeEngineCredentials) credentials).getScopes(); assertEquals(1, scopes.size()); @@ -345,14 +346,14 @@ void createScoped_defaultScopes() { } @Test - void buildScoped_quotaProjectId() throws IOException { + void buildScoped_quotaProjectId() { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder() .setScopes(null) .setQuotaProjectId("some-project-id") .build(); ComputeEngineCredentials scopedCredentials = - (ComputeEngineCredentials) credentials.createScoped(Arrays.asList("foo")); + (ComputeEngineCredentials) credentials.createScoped(Collections.singletonList("foo")); assertEquals("some-project-id", scopedCredentials.getQuotaProjectId()); } @@ -365,7 +366,7 @@ void buildDefaultScoped_explicitUniverse() throws IOException { .setUniverseDomain("some-universe") .build(); ComputeEngineCredentials scopedCredentials = - (ComputeEngineCredentials) credentials.createScoped(null, Arrays.asList("foo")); + (ComputeEngineCredentials) credentials.createScoped(null, Collections.singletonList("foo")); assertEquals("some-universe", scopedCredentials.getUniverseDomain()); assertTrue(scopedCredentials.isExplicitUniverseDomain()); @@ -374,7 +375,7 @@ void buildDefaultScoped_explicitUniverse() throws IOException { @Test void create_scoped_correctMargins() { GoogleCredentials credentials = - ComputeEngineCredentials.create().createScoped(null, Arrays.asList("foo")); + ComputeEngineCredentials.create().createScoped(null, Collections.singletonList("foo")); assertEquals( ComputeEngineCredentials.COMPUTE_EXPIRATION_MARGIN, credentials.getExpirationMargin()); @@ -425,15 +426,12 @@ void getRequestMetadata_missingServiceAccount_throws() { transportFactory.transport.setServiceAccountEmail("SA_CLIENT_EMAIL"); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - try { - credentials.getRequestMetadata(CALL_URI); - fail("Expected error refreshing token."); - } catch (IOException expected) { - String message = expected.getMessage(); - assertTrue(message.contains(Integer.toString(HttpStatusCodes.STATUS_CODE_NOT_FOUND))); - // Message should mention scopes are missing on the VM. - assertTrue(message.contains("scope")); - } + IOException exception = + assertThrows(IOException.class, () -> credentials.getRequestMetadata(CALL_URI)); + String message = exception.getMessage(); + assertTrue(message.contains(Integer.toString(HttpStatusCodes.STATUS_CODE_NOT_FOUND))); + // Message should mention scopes are missing on the VM. + assertTrue(message.contains("scope")); } @Test @@ -443,14 +441,11 @@ void getRequestMetadata_serverError_throws() { transportFactory.transport.setServiceAccountEmail("SA_CLIENT_EMAIL"); ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - try { - credentials.getRequestMetadata(CALL_URI); - fail("Expected error refreshing token."); - } catch (IOException expected) { - String message = expected.getMessage(); - assertTrue(message.contains(Integer.toString(HttpStatusCodes.STATUS_CODE_SERVER_ERROR))); - assertTrue(message.contains("Unexpected")); - } + IOException exception = + assertThrows(IOException.class, () -> credentials.getRequestMetadata(CALL_URI)); + String message = exception.getMessage(); + assertTrue(message.contains(Integer.toString(HttpStatusCodes.STATUS_CODE_SERVER_ERROR))); + assertTrue(message.contains("Unexpected")); } @Test @@ -464,19 +459,19 @@ void equals_true() throws IOException { ComputeEngineCredentials otherCredentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, otherCredentials.getUniverseDomain()); - assertFalse(explicitUniverseCredentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(explicitUniverseCredentials)); + assertNotEquals(explicitUniverseCredentials, otherCredentials); + assertNotEquals(otherCredentials, explicitUniverseCredentials); ComputeEngineCredentials otherExplicitUniverseCredentials = ComputeEngineCredentials.newBuilder() .setUniverseDomain(Credentials.GOOGLE_DEFAULT_UNIVERSE) .setHttpTransportFactory(transportFactory) .build(); - assertTrue(explicitUniverseCredentials.equals(otherExplicitUniverseCredentials)); - assertTrue(otherExplicitUniverseCredentials.equals(explicitUniverseCredentials)); + assertEquals(explicitUniverseCredentials, otherExplicitUniverseCredentials); + assertEquals(otherExplicitUniverseCredentials, explicitUniverseCredentials); } @Test - void equals_false_transportFactory() throws IOException { + void equals_false_transportFactory() { MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory(); MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); @@ -486,12 +481,12 @@ void equals_false_transportFactory() throws IOException { .build(); ComputeEngineCredentials otherCredentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(httpTransportFactory).build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void toString_explicit_containsFields() throws IOException { + void toString_explicit_containsFields() { MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); String expectedToString = @@ -513,7 +508,7 @@ void toString_explicit_containsFields() throws IOException { } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { MockMetadataServerTransportFactory serverTransportFactory = new MockMetadataServerTransportFactory(); ComputeEngineCredentials credentials = @@ -552,17 +547,17 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); credentials = ComputeEngineCredentials.newBuilder().build(); deserializedCredentials = serializeAndDeserialize(credentials); assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test - void getAccount_sameAs() throws IOException { + void getAccount_sameAs() { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); String defaultAccountEmail = "mail@mail.com"; @@ -603,14 +598,10 @@ public LowLevelHttpResponse execute() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - try { - credentials.getAccount(); - fail("Fetching default service account should have failed"); - } catch (RuntimeException e) { - assertEquals("Failed to get service account", e.getMessage()); - assertNotNull(e.getCause()); - assertTrue(e.getCause().getMessage().contains("404")); - } + RuntimeException exception = assertThrows(RuntimeException.class, credentials::getAccount); + assertEquals("Failed to get service account", exception.getMessage()); + assertNotNull(exception.getCause()); + assertTrue(exception.getCause().getMessage().contains("404")); } @Test @@ -638,14 +629,10 @@ public LowLevelHttpResponse execute() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - try { - credentials.getAccount(); - fail("Fetching default service account should have failed"); - } catch (RuntimeException e) { - assertEquals("Failed to get service account", e.getMessage()); - assertNotNull(e.getCause()); - assertTrue(e.getCause().getMessage().contains("Empty content")); - } + RuntimeException exception = assertThrows(RuntimeException.class, credentials::getAccount); + assertEquals("Failed to get service account", exception.getMessage()); + assertNotNull(exception.getCause()); + assertTrue(exception.getCause().getMessage().contains("Empty content")); } @Test @@ -793,9 +780,9 @@ public LowLevelHttpResponse execute() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - IOException exception = assertThrows(IOException.class, () -> credentials.refreshAccessToken()); + IOException exception = assertThrows(IOException.class, credentials::refreshAccessToken); assertTrue(exception.getCause().getMessage().contains("503")); - assertTrue(exception instanceof GoogleAuthException); + assertInstanceOf(GoogleAuthException.class, exception); assertTrue(((GoogleAuthException) exception).isRetryable()); } @@ -803,7 +790,7 @@ public LowLevelHttpResponse execute() throws IOException { void refresh_non503_ioexception_throws() { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); final Queue responseSequence = new ArrayDeque<>(); - IntStream.rangeClosed(400, 600).forEach(i -> responseSequence.add(i)); + IntStream.rangeClosed(400, 600).forEach(responseSequence::add); while (!responseSequence.isEmpty()) { if (responseSequence.peek() == 503) { @@ -829,8 +816,7 @@ public LowLevelHttpResponse execute() throws IOException { ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); - IOException exception = - assertThrows(IOException.class, () -> credentials.refreshAccessToken()); + IOException exception = assertThrows(IOException.class, credentials::refreshAccessToken); assertFalse(exception instanceof GoogleAuthException); } } @@ -859,7 +845,7 @@ public LowLevelHttpResponse execute() throws IOException { String universeDomain = credentials.getUniverseDomain(); assertEquals("some-universe.xyz", universeDomain); - assertEquals(false, credentials.isExplicitUniverseDomain()); + assertFalse(credentials.isExplicitUniverseDomain()); } @Test @@ -886,7 +872,7 @@ public LowLevelHttpResponse execute() throws IOException { String universeDomain = credentials.getUniverseDomain(); assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, universeDomain); - assertEquals(false, credentials.isExplicitUniverseDomain()); + assertFalse(credentials.isExplicitUniverseDomain()); } @Test @@ -913,7 +899,7 @@ public LowLevelHttpResponse execute() throws IOException { String universeDomain = credentials.getUniverseDomain(); assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, universeDomain); - assertEquals(false, credentials.isExplicitUniverseDomain()); + assertFalse(credentials.isExplicitUniverseDomain()); } @Test @@ -929,7 +915,7 @@ void getUniverseDomain_explicitSet_NoMdsCall() throws IOException { String universeDomain = credentials.getUniverseDomain(); assertEquals("explicit.universe", universeDomain); - assertEquals(true, credentials.isExplicitUniverseDomain()); + assertTrue(credentials.isExplicitUniverseDomain()); assertEquals(0, transportFactory.transport.getRequestCount()); } @@ -946,14 +932,13 @@ void getUniverseDomain_explicitGduSet_NoMdsCall() throws IOException { String universeDomain = credentials.getUniverseDomain(); assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, universeDomain); - assertEquals(true, credentials.isExplicitUniverseDomain()); + assertTrue(credentials.isExplicitUniverseDomain()); assertEquals(0, transportFactory.transport.getRequestCount()); } @Test - void getUniverseDomain_fromMetadata_non404error_throws() throws IOException { + void getUniverseDomain_fromMetadata_non404error_throws() { MockMetadataServerTransportFactory transportFactory = new MockMetadataServerTransportFactory(); - MockMetadataServerTransport transport = transportFactory.transport; ComputeEngineCredentials credentials = ComputeEngineCredentials.newBuilder().setHttpTransportFactory(transportFactory).build(); @@ -963,13 +948,10 @@ void getUniverseDomain_fromMetadata_non404error_throws() throws IOException { if (status == 404) { continue; } - try { - transportFactory.transport.setStatusCode(status); - credentials.getUniverseDomain(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertTrue(ex.isRetryable()); - } + transportFactory.transport.setStatusCode(status); + GoogleAuthException ex = + assertThrows(GoogleAuthException.class, credentials::getUniverseDomain); + assertTrue(ex.isRetryable()); } } @@ -985,7 +967,7 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce if (isSignRequestUrl(url)) { return new MockLowLevelHttpRequest(url) { @Override - public LowLevelHttpResponse execute() throws IOException { + public LowLevelHttpResponse execute() { return new MockLowLevelHttpResponse() .setStatusCode(HttpStatusCodes.STATUS_CODE_OK); } @@ -1061,7 +1043,7 @@ void idTokenWithAudience_full() throws IOException { IdTokenCredentials.newBuilder() .setIdTokenProvider(credentials) .setTargetAudience(targetAudience) - .setOptions(Arrays.asList(IdTokenProvider.Option.FORMAT_FULL)) + .setOptions(Collections.singletonList(IdTokenProvider.Option.FORMAT_FULL)) .build(); tokenCredential.refresh(); Payload p = tokenCredential.getIdToken().getJsonWebSignature().getPayload(); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/CredentialAccessBoundaryTest.java b/oauth2_http/javatests/com/google/auth/oauth2/CredentialAccessBoundaryTest.java index 0dee7011e..04abd3d9d 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/CredentialAccessBoundaryTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/CredentialAccessBoundaryTest.java @@ -33,7 +33,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.auth.oauth2.CredentialAccessBoundary.AccessBoundaryRule; import com.google.auth.oauth2.CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition; @@ -90,22 +90,17 @@ void credentialAccessBoundary() { @Test void credentialAccessBoundary_nullRules_throws() { - try { - CredentialAccessBoundary.newBuilder().build(); - fail("Should fail."); - } catch (NullPointerException e) { - // Expected. - } + CredentialAccessBoundary.Builder builder = CredentialAccessBoundary.newBuilder(); + assertThrows(NullPointerException.class, builder::build); } @Test void credentialAccessBoundary_withoutRules_throws() { - try { - CredentialAccessBoundary.newBuilder().setRules(new ArrayList()).build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("At least one access boundary rule must be provided.", e.getMessage()); - } + CredentialAccessBoundary.Builder builder = + CredentialAccessBoundary.newBuilder().setRules(new ArrayList<>()); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("At least one access boundary rule must be provided.", exception.getMessage()); } @Test @@ -121,12 +116,10 @@ void credentialAccessBoundary_ruleCountExceeded_throws() { builder.addRule(rule); } - try { - builder.build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("The provided list has more than 10 access boundary rules.", e.getMessage()); - } + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "The provided list has more than 10 access boundary rules.", exception.getMessage()); } @Test @@ -204,74 +197,58 @@ void accessBoundaryRule_requiredFields() { @Test void accessBoundaryRule_withEmptyAvailableResource_throws() { - try { - AccessBoundaryRule.newBuilder() - .setAvailableResource("") - .addAvailablePermission("permission") - .build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("The provided availableResource is empty.", e.getMessage()); - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder() + .setAvailableResource("") + .addAvailablePermission("permission"); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("The provided availableResource is empty.", exception.getMessage()); } @Test void accessBoundaryRule_withoutAvailableResource_throws() { - try { - AccessBoundaryRule.newBuilder().addAvailablePermission("permission").build(); - fail("Should fail."); - } catch (NullPointerException e) { - // Expected. - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder().addAvailablePermission("permission"); + assertThrows(NullPointerException.class, builder::build); } @Test void accessBoundaryRule_withoutAvailablePermissions_throws() { - try { - AccessBoundaryRule.newBuilder().setAvailableResource("resource").build(); - fail("Should fail."); - } catch (NullPointerException e) { - // Expected. - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder().setAvailableResource("resource"); + assertThrows(NullPointerException.class, builder::build); } @Test void accessBoundaryRule_withEmptyAvailablePermissions_throws() { - try { - AccessBoundaryRule.newBuilder() - .setAvailableResource("resource") - .setAvailablePermissions(new ArrayList()) - .build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("The list of provided availablePermissions is empty.", e.getMessage()); - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder() + .setAvailableResource("resource") + .setAvailablePermissions(new ArrayList<>()); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("The list of provided availablePermissions is empty.", exception.getMessage()); } @Test void accessBoundaryRule_withNullAvailablePermissions_throws() { - try { - AccessBoundaryRule.newBuilder() - .setAvailableResource("resource") - .addAvailablePermission(null) - .build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("One of the provided available permissions is null.", e.getMessage()); - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder() + .setAvailableResource("resource") + .addAvailablePermission(null); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("One of the provided available permissions is null.", exception.getMessage()); } @Test void accessBoundaryRule_withEmptyAvailablePermission_throws() { - try { - AccessBoundaryRule.newBuilder() - .setAvailableResource("resource") - .addAvailablePermission("") - .build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("One of the provided available permissions is empty.", e.getMessage()); - } + AccessBoundaryRule.Builder builder = + AccessBoundaryRule.newBuilder().setAvailableResource("resource").addAvailablePermission(""); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("One of the provided available permissions is empty.", exception.getMessage()); } @Test @@ -300,21 +277,15 @@ void availabilityCondition_expressionOnly() { @Test void availabilityCondition_nullExpression_throws() { - try { - AvailabilityCondition.newBuilder().setExpression(null).build(); - fail("Should fail."); - } catch (NullPointerException e) { - // Expected. - } + AvailabilityCondition.Builder builder = AvailabilityCondition.newBuilder().setExpression(null); + assertThrows(NullPointerException.class, builder::build); } @Test void availabilityCondition_emptyExpression_throws() { - try { - AvailabilityCondition.newBuilder().setExpression("").build(); - fail("Should fail."); - } catch (IllegalArgumentException e) { - assertEquals("The provided expression is empty.", e.getMessage()); - } + AvailabilityCondition.Builder builder = AvailabilityCondition.newBuilder().setExpression(""); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals("The provided expression is empty.", exception.getMessage()); } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java index 1852629ee..f5c1e1a60 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java @@ -33,11 +33,13 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.LowLevelHttpRequest; @@ -107,28 +109,22 @@ void getDefaultCredentials_noCredentials_throws() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - } + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); } @Test void getDefaultCredentials_noCredentialsSandbox_throwsNonSecurity() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - testProvider.setFileSandbox(true); - - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - } + testProvider.setFileSandbox(); + + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); } @Test @@ -138,18 +134,15 @@ void getDefaultCredentials_envValidSandbox_throwsNonSecurity() throws Exception UserCredentialsTest.writeUserStream( USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN, QUOTA_PROJECT); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - testProvider.setFileSandbox(true); + testProvider.setFileSandbox(); String userPath = tempFilePath("user.json"); testProvider.addFile(userPath, userStream); testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, userPath); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - } + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); } @Test @@ -158,44 +151,34 @@ void getDefaultCredentials_noCredentials_singleGceTestRequest() { new MockRequestCountingTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException expected) { - String message = expected.getMessage(); - assertTrue(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - } + IOException expected = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = expected.getMessage(); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); assertEquals( - transportFactory.transport.getRequestCount(), - ComputeEngineCredentials.MAX_COMPUTE_PING_TRIES); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException expected) { - // Expected - } + ComputeEngineCredentials.MAX_COMPUTE_PING_TRIES, + transportFactory.transport.getRequestCount()); + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); assertEquals( - transportFactory.transport.getRequestCount(), - ComputeEngineCredentials.MAX_COMPUTE_PING_TRIES); + ComputeEngineCredentials.MAX_COMPUTE_PING_TRIES, + transportFactory.transport.getRequestCount()); } @Test - void getDefaultCredentials_noCredentials_linuxNotGce() throws IOException { + void getDefaultCredentials_noCredentials_linuxNotGce() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setProperty("os.name", "Linux"); - String productFilePath = SMBIOS_PATH_LINUX; InputStream productStream = new ByteArrayInputStream("test".getBytes()); - testProvider.addFile(productFilePath, productStream); + testProvider.addFile(SMBIOS_PATH_LINUX, productStream); assertFalse(ComputeEngineCredentials.checkStaticGceDetection(testProvider)); } @Test - void getDefaultCredentials_static_linux() throws IOException { + void getDefaultCredentials_static_linux() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setProperty("os.name", "Linux"); - String productFilePath = SMBIOS_PATH_LINUX; - File productFile = new File(productFilePath); + File productFile = new File(SMBIOS_PATH_LINUX); InputStream productStream = new ByteArrayInputStream("Googlekdjsfhg".getBytes()); testProvider.addFile(productFile.getAbsolutePath(), productStream); @@ -203,23 +186,21 @@ void getDefaultCredentials_static_linux() throws IOException { } @Test - void getDefaultCredentials_static_windows_configuredAsLinux_notGce() throws IOException { + void getDefaultCredentials_static_windows_configuredAsLinux_notGce() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setProperty("os.name", "windows"); - String productFilePath = SMBIOS_PATH_LINUX; InputStream productStream = new ByteArrayInputStream("Googlekdjsfhg".getBytes()); - testProvider.addFile(productFilePath, productStream); + testProvider.addFile(SMBIOS_PATH_LINUX, productStream); assertFalse(ComputeEngineCredentials.checkStaticGceDetection(testProvider)); } @Test - void getDefaultCredentials_static_unsupportedPlatform_notGce() throws IOException { + void getDefaultCredentials_static_unsupportedPlatform_notGce() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setProperty("os.name", "macos"); - String productFilePath = SMBIOS_PATH_LINUX; InputStream productStream = new ByteArrayInputStream("Googlekdjsfhg".getBytes()); - testProvider.addFile(productFilePath, productStream); + testProvider.addFile(SMBIOS_PATH_LINUX, productStream); assertFalse(ComputeEngineCredentials.checkStaticGceDetection(testProvider)); } @@ -253,49 +234,40 @@ void getDefaultCredentials_caches() throws IOException { void getDefaultCredentials_appEngineClassWithoutRuntime_NotFoundError() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - testProvider.addType( - DefaultCredentialsProvider.APP_ENGINE_SIGNAL_CLASS, MockOffAppEngineSystemProperty.class); + testProvider.addType(MockOffAppEngineSystemProperty.class); testProvider.setProperty("isOnGAEStandard7", "true"); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected when not on App Engine."); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - } + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); } @Test void getDefaultCredentials_appEngineRuntimeWithoutClass_throwsHelpfulLoadError() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - testProvider.addType( - DefaultCredentialsProvider.APP_ENGINE_SIGNAL_CLASS, MockAppEngineSystemProperty.class); + testProvider.addType(MockAppEngineSystemProperty.class); testProvider.setProperty("isOnGAEStandard7", "true"); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("Credential expected to fail to load if credential class not present."); - } catch (IOException e) { - String message = e.getMessage(); - assertFalse(message.equals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS)); - assertTrue(message.contains("Check that the App Engine SDK is deployed.")); - } + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertNotEquals(DefaultCredentialsProvider.CLOUDSDK_MISSING_CREDENTIALS, message); + assertTrue(message.contains("Check that the App Engine SDK is deployed.")); } @Test void getDefaultCredentials_appEngineSkipWorks_retrievesCloudShellCredential() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); - testProvider.addType( - DefaultCredentialsProvider.APP_ENGINE_SIGNAL_CLASS, MockOffAppEngineSystemProperty.class); + testProvider.addType(MockOffAppEngineSystemProperty.class); testProvider.setEnv(DefaultCredentialsProvider.CLOUD_SHELL_ENV_VAR, "9090"); testProvider.setEnv(DefaultCredentialsProvider.SKIP_APP_ENGINE_ENV_VAR, "true"); testProvider.setProperty("isOnGAEStanadard7", "true"); GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof CloudShellCredentials); + assertInstanceOf(CloudShellCredentials.class, credentials); } @Test @@ -319,8 +291,8 @@ void getDefaultCredentials_cloudshell() throws IOException { GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); - assertTrue(defaultCredentials instanceof CloudShellCredentials); - assertEquals(((CloudShellCredentials) defaultCredentials).getAuthPort(), 4); + assertInstanceOf(CloudShellCredentials.class, defaultCredentials); + assertEquals(4, ((CloudShellCredentials) defaultCredentials).getAuthPort()); } @Test @@ -331,8 +303,8 @@ void getDefaultCredentials_cloudshell_withComputCredentialsPresent() throws IOEx GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); - assertTrue(defaultCredentials instanceof CloudShellCredentials); - assertEquals(((CloudShellCredentials) defaultCredentials).getAuthPort(), 4); + assertInstanceOf(CloudShellCredentials.class, defaultCredentials); + assertEquals(4, ((CloudShellCredentials) defaultCredentials).getAuthPort()); } @Test @@ -342,14 +314,11 @@ void getDefaultCredentials_envMissingFile_throws() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, invalidPath); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("Non existent credential should throw exception"); - } catch (IOException e) { - String message = e.getMessage(); - assertTrue(message.contains(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR)); - assertTrue(message.contains(invalidPath)); - } + IOException e = + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + String message = e.getMessage(); + assertTrue(message.contains(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR)); + assertTrue(message.contains(invalidPath)); } @Test @@ -382,7 +351,7 @@ void getDefaultCredentials_envUser_providesToken() throws IOException { testProvider.addFile(userPath, userStream); testProvider.setEnv(DefaultCredentialsProvider.CREDENTIAL_ENV_VAR, userPath); - testUserProvidesToken(testProvider, USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, USER_CLIENT_ID); } @Test @@ -405,7 +374,7 @@ void getDefaultCredentials_GdchServiceAccount() throws IOException { GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(defaultCredentials); - assertTrue(defaultCredentials instanceof GdchCredentials); + assertInstanceOf(GdchCredentials.class, defaultCredentials); assertEquals(GDCH_SA_PROJECT_ID, defaultCredentials.getProjectId()); assertEquals( GDCH_SA_SERVICE_IDENTITY_NAME, @@ -418,7 +387,7 @@ void getDefaultCredentials_GdchServiceAccount() throws IOException { defaultCredentials = ((GdchCredentials) defaultCredentials).createWithGdchAudience(GDCH_SA_API_AUDIENCE); assertNotNull(defaultCredentials); - assertTrue(defaultCredentials instanceof GdchCredentials); + assertInstanceOf(GdchCredentials.class, defaultCredentials); assertEquals(GDCH_SA_PROJECT_ID, defaultCredentials.getProjectId()); assertEquals( GDCH_SA_SERVICE_IDENTITY_NAME, @@ -451,7 +420,7 @@ void getDefaultCredentials_quota_project() throws IOException { credentials = credentials.toBuilder().setQuotaProjectId(QUOTA_PROJECT_EXPLICIT).build(); assertEquals(QUOTA_PROJECT_EXPLICIT, credentials.getQuotaProjectId()); - testUserProvidesToken(testProvider, USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, USER_CLIENT_ID); } @Test @@ -463,7 +432,7 @@ void getDefaultCredentials_compute_quotaProject() throws IOException { GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); - assertTrue(defaultCredentials instanceof ComputeEngineCredentials); + assertInstanceOf(ComputeEngineCredentials.class, defaultCredentials); assertEquals(QUOTA_PROJECT_FROM_ENVIRONMENT, defaultCredentials.getQuotaProjectId()); // verify metrics header @@ -482,44 +451,33 @@ void getDefaultCredentials_cloudshell_quotaProject() throws IOException { GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transportFactory); - assertTrue(defaultCredentials instanceof CloudShellCredentials); + assertInstanceOf(CloudShellCredentials.class, defaultCredentials); assertEquals(QUOTA_PROJECT_FROM_ENVIRONMENT, defaultCredentials.getQuotaProjectId()); } @Test - void getDefaultCredentials_envNoGceCheck_noGceRequest() throws IOException { + void getDefaultCredentials_envNoGceCheck_noGceRequest() { MockRequestCountingTransportFactory transportFactory = new MockRequestCountingTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.NO_GCE_CHECK_ENV_VAR, "true"); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException expected) { - // Expected - } - assertEquals(transportFactory.transport.getRequestCount(), 0); + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + assertEquals(0, transportFactory.transport.getRequestCount()); } @Test - void getDefaultCredentials_linuxSetup_envNoGceCheck_noGce() throws IOException { + void getDefaultCredentials_linuxSetup_envNoGceCheck_noGce() { MockRequestCountingTransportFactory transportFactory = new MockRequestCountingTransportFactory(); TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.NO_GCE_CHECK_ENV_VAR, "true"); testProvider.setProperty("os.name", "Linux"); - String productFilePath = SMBIOS_PATH_LINUX; - File productFile = new File(productFilePath); + File productFile = new File(SMBIOS_PATH_LINUX); InputStream productStream = new ByteArrayInputStream("Googlekdjsfhg".getBytes()); testProvider.addFile(productFile.getAbsolutePath(), productStream); - try { - testProvider.getDefaultCredentials(transportFactory); - fail("No credential expected."); - } catch (IOException expected) { - // Expected - } - assertEquals(transportFactory.transport.getRequestCount(), 0); + assertThrows(IOException.class, () -> testProvider.getDefaultCredentials(transportFactory)); + assertEquals(0, transportFactory.transport.getRequestCount()); } @Test @@ -527,7 +485,7 @@ void getDefaultCredentials_envGceMetadataHost_setsMetadataServerUrl() { String testUrl = "192.0.2.0"; TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.GCE_METADATA_HOST_ENV_VAR, testUrl); - assertEquals(ComputeEngineCredentials.getMetadataServerUrl(testProvider), "http://" + testUrl); + assertEquals("http://" + testUrl, ComputeEngineCredentials.getMetadataServerUrl(testProvider)); } @Test @@ -536,8 +494,8 @@ void getDefaultCredentials_envGceMetadataHost_setsTokenServerUrl() { TestDefaultCredentialsProvider testProvider = new TestDefaultCredentialsProvider(); testProvider.setEnv(DefaultCredentialsProvider.GCE_METADATA_HOST_ENV_VAR, testUrl); assertEquals( - ComputeEngineCredentials.getTokenServerEncodedUrl(testProvider), - "http://" + testUrl + "/computeMetadata/v1/instance/service-accounts/default/token"); + "http://" + testUrl + "/computeMetadata/v1/instance/service-accounts/default/token", + ComputeEngineCredentials.getTokenServerEncodedUrl(testProvider)); } @Test @@ -552,7 +510,7 @@ void getDefaultCredentials_wellKnownFileEnv_providesToken() throws IOException { testProvider.setEnv("CLOUDSDK_CONFIG", cloudConfigDir.getAbsolutePath()); testProvider.addFile(wellKnownFile.getAbsolutePath(), userStream); - testUserProvidesToken(testProvider, USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, USER_CLIENT_ID); } @Test @@ -570,7 +528,7 @@ void getDefaultCredentials_wellKnownFileNonWindows_providesToken() throws IOExce testProvider.setProperty("user.home", homeDir.getAbsolutePath()); testProvider.addFile(wellKnownFile.getAbsolutePath(), userStream); - testUserProvidesToken(testProvider, USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, USER_CLIENT_ID); } @Test @@ -587,7 +545,7 @@ void getDefaultCredentials_wellKnownFileWindows_providesToken() throws IOExcepti testProvider.setEnv("APPDATA", homeDir.getAbsolutePath()); testProvider.addFile(wellKnownFile.getAbsolutePath(), userStream); - testUserProvidesToken(testProvider, USER_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, USER_CLIENT_ID); } @Test @@ -629,12 +587,12 @@ private String tempFilePath(String filename) { return Paths.get(System.getProperty("java.io.tmpdir"), filename).toString(); } - private class LogHandler extends Handler { + private static class LogHandler extends Handler { LogRecord lastRecord; @Override - public void publish(LogRecord record) { - lastRecord = record; + public void publish(LogRecord logRecord) { + this.lastRecord = logRecord; } public LogRecord getRecord() { @@ -642,10 +600,14 @@ public LogRecord getRecord() { } @Override - public void close() {} + public void close() { + // Test implementation. Nothing to close + } @Override - public void flush() {} + public void flush() { + // Test implementation. Nothing to flush + } } @Test @@ -653,8 +615,7 @@ void getDefaultCredentials_wellKnownFile_logsGcloudWarning() throws IOException LogRecord message = getCredentialsAndReturnLogMessage(false, true); assertNotNull(message); assertEquals(Level.WARNING, message.getLevel()); - assertTrue( - message.getMessage().equals(DefaultCredentialsProvider.CLOUDSDK_CREDENTIALS_WARNING)); + assertEquals(DefaultCredentialsProvider.CLOUDSDK_CREDENTIALS_WARNING, message.getMessage()); } @Test @@ -690,13 +651,12 @@ private LogRecord getCredentialsAndReturnLogMessage(boolean suppressWarning, boo testProvider.setProperty("os.name", "linux"); testProvider.setProperty("user.home", homeDir.getAbsolutePath()); if (isGce) { - String productFilePath = SMBIOS_PATH_LINUX; - File productFile = new File(productFilePath); + File productFile = new File(SMBIOS_PATH_LINUX); InputStream productStream = new ByteArrayInputStream("Googlekdjsfhg".getBytes()); testProvider.addFile(productFile.getAbsolutePath(), productStream); } testProvider.addFile(wellKnownFile.getAbsolutePath(), userStream); - testUserProvidesToken(testProvider, GCLOUDSDK_CLIENT_ID, USER_CLIENT_SECRET, REFRESH_TOKEN); + testUserProvidesToken(testProvider, GCLOUDSDK_CLIENT_ID); return handler.getRecord(); } @@ -704,15 +664,13 @@ private static File getTempDirectory() { return new File(System.getProperty("java.io.tmpdir")); } - private void testUserProvidesToken( - TestDefaultCredentialsProvider testProvider, - String clientId, - String clientSecret, - String refreshToken) + private void testUserProvidesToken(TestDefaultCredentialsProvider testProvider, String clientId) throws IOException { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); - transportFactory.transport.addClient(clientId, clientSecret); - transportFactory.transport.addRefreshToken(refreshToken, ACCESS_TOKEN); + transportFactory.transport.addClient( + clientId, DefaultCredentialsProviderTest.USER_CLIENT_SECRET); + transportFactory.transport.addRefreshToken( + DefaultCredentialsProviderTest.REFRESH_TOKEN, ACCESS_TOKEN); testUserProvidesToken(testProvider, transportFactory, ACCESS_TOKEN); } @@ -755,7 +713,7 @@ void getDefaultCredentials_envVarSet_serviceAccountCredentials_correctCredential GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof ServiceAccountCredentials); + assertInstanceOf(ServiceAccountCredentials.class, credentials); Map credentialInfo = credentials.getCredentialInfo(); assertEquals( String.format( @@ -780,7 +738,7 @@ void getDefaultCredentials_envVarSet_userCredential_correctCredentialInfo() thro GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof UserCredentials); + assertInstanceOf(UserCredentials.class, credentials); Map credentialInfo = credentials.getCredentialInfo(); assertEquals( String.format( @@ -808,7 +766,7 @@ void getDefaultCredentials_wellKnownFile_userCredential_correctCredentialInfo() GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof UserCredentials); + assertInstanceOf(UserCredentials.class, credentials); Map credentialInfo = credentials.getCredentialInfo(); assertEquals( String.format("Well Known File at %s", wellKnownFile.getCanonicalPath()), @@ -827,7 +785,7 @@ void getDefaultCredentials_computeEngineCredentials_defaultMDSUrl_correctCredent GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof ComputeEngineCredentials); + assertInstanceOf(ComputeEngineCredentials.class, credentials); Map credentialInfo = credentials.getCredentialInfo(); assertEquals( String.format( @@ -849,7 +807,7 @@ void getDefaultCredentials_computeEngineCredentials_customMDSUrl_correctCredenti GoogleCredentials credentials = testProvider.getDefaultCredentials(transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof ComputeEngineCredentials); + assertInstanceOf(ComputeEngineCredentials.class, credentials); Map credentialInfo = credentials.getCredentialInfo(); assertEquals( String.format("Metadata Server URL set to http://%s", gceMetadataHost), @@ -868,7 +826,7 @@ private static class MockAppEngineSystemProperty { @SuppressWarnings("unused") public static final MockEnvironment environment = - new MockEnvironment(MockEnvironmentEnum.Production); + new MockEnvironment(MockEnvironmentEnum.PRODUCTION); } private static class MockOffAppEngineSystemProperty { @@ -878,13 +836,13 @@ private static class MockOffAppEngineSystemProperty { } private enum MockEnvironmentEnum { - Production, - Development; + PRODUCTION, + DEVELOPMENT; } public static class MockEnvironment { - private MockEnvironmentEnum innerValue; + private final MockEnvironmentEnum innerValue; MockEnvironment(MockEnvironmentEnum value) { this.innerValue = value; @@ -934,8 +892,8 @@ void addFile(String file, InputStream stream) { files.put(file, stream); } - void addType(String className, Class type) { - types.put(className, type); + void addType(Class type) { + types.put(DefaultCredentialsProvider.APP_ENGINE_SIGNAL_CLASS, type); } @Override @@ -991,8 +949,8 @@ InputStream readStream(File file) throws FileNotFoundException { return stream; } - void setFileSandbox(boolean fileSandbox) { - this.fileSandbox = fileSandbox; + void setFileSandbox() { + this.fileSandbox = true; } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java index 114e27298..34e9be380 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/DefaultPKCEProviderTest.java @@ -54,11 +54,11 @@ void testPkceExpected() throws NoSuchAlgorithmException { String expectedCodeChallengeMethod = "S256"; assertEquals(pkce.getCodeChallenge(), expectedCodeChallenge); - assertEquals(pkce.getCodeChallengeMethod(), expectedCodeChallengeMethod); + assertEquals(expectedCodeChallengeMethod, pkce.getCodeChallengeMethod()); } @Test - void testNoBase64Padding() throws NoSuchAlgorithmException { + void testNoBase64Padding() { PKCEProvider pkce = new DefaultPKCEProvider(); assertFalse(pkce.getCodeChallenge().endsWith("=")); assertFalse(pkce.getCodeChallenge().contains("=")); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java index 31c4e776e..34a52b415 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java @@ -35,7 +35,7 @@ import static com.google.auth.oauth2.OAuth2Utils.TOKEN_EXCHANGE_URL_FORMAT; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.api.client.http.HttpTransport; import com.google.auth.TestUtils; @@ -188,38 +188,25 @@ void refreshAccessToken_cantRefreshSourceCredentials_throws() throws IOException .setHttpTransportFactory(transportFactory) .build(); - try { - downscopedCredentials.refreshAccessToken(); - fail("Should fail as the source credential should not be able to be refreshed."); - } catch (IOException e) { - assertEquals("Unable to refresh the provided source credential.", e.getMessage()); - } + IOException e = assertThrows(IOException.class, downscopedCredentials::refreshAccessToken); + assertEquals("Unable to refresh the provided source credential.", e.getMessage()); } @Test void builder_noSourceCredential_throws() { - try { - DownscopedCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setCredentialAccessBoundary(CREDENTIAL_ACCESS_BOUNDARY) - .build(); - fail("Should fail as the source credential is null."); - } catch (NullPointerException e) { - // Expected. - } + DownscopedCredentials.Builder builder = + DownscopedCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY); + assertThrows(NullPointerException.class, builder::build); } @Test void builder_noCredentialAccessBoundary_throws() throws IOException { - try { - DownscopedCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setSourceCredential(getServiceAccountSourceCredentials(/* canRefresh= */ true)) - .build(); - fail("Should fail as no access boundary was provided."); - } catch (NullPointerException e) { - // Expected. - } + DownscopedCredentials.Builder builder = + DownscopedCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setSourceCredential(getServiceAccountSourceCredentials(/* canRefresh= */ true)); + assertThrows(NullPointerException.class, builder::build); } @Test @@ -263,37 +250,31 @@ void builder_universeDomainMismatch_throws() throws IOException { GoogleCredentials sourceCredentials = getServiceAccountSourceCredentials(/* canRefresh= */ true); - try { - DownscopedCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setSourceCredential(sourceCredentials) - .setCredentialAccessBoundary(CREDENTIAL_ACCESS_BOUNDARY) - .setUniverseDomain("differentUniverseDomain") - .build(); - fail("Should fail with universe domain mismatch."); - } catch (IllegalArgumentException e) { - assertEquals( - "The downscoped credential's universe domain must be the same as the source credential.", - e.getMessage()); - } + DownscopedCredentials.Builder builder = + DownscopedCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setSourceCredential(sourceCredentials) + .setCredentialAccessBoundary(CREDENTIAL_ACCESS_BOUNDARY) + .setUniverseDomain("differentUniverseDomain"); + IllegalArgumentException e = assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "The downscoped credential's universe domain must be the same as the source credential.", + e.getMessage()); } @Test - void builder_sourceUniverseDomainUnavailable_throws() throws IOException { + void builder_sourceUniverseDomainUnavailable_throws() { GoogleCredentials sourceCredentials = new MockSourceCredentialWithoutUniverseDomain(); - try { - DownscopedCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setSourceCredential(sourceCredentials) - .setCredentialAccessBoundary(CREDENTIAL_ACCESS_BOUNDARY) - .build(); - fail("Should fail to retrieve source credential universe domain."); - } catch (IllegalStateException e) { - assertEquals( - "Error occurred when attempting to retrieve source credential universe domain.", - e.getMessage()); - } + DownscopedCredentials.Builder builder = + DownscopedCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setSourceCredential(sourceCredentials) + .setCredentialAccessBoundary(CREDENTIAL_ACCESS_BOUNDARY); + IllegalStateException e = assertThrows(IllegalStateException.class, builder::build); + assertEquals( + "Error occurred when attempting to retrieve source credential universe domain.", + e.getMessage()); } private static GoogleCredentials getServiceAccountSourceCredentials(boolean canRefresh) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExecutableResponseTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExecutableResponseTest.java index da7ea8cc6..d9923e968 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ExecutableResponseTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ExecutableResponseTest.java @@ -34,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.json.GenericJson; import java.io.IOException; @@ -128,129 +128,107 @@ void constructor_validErrorResponse() throws IOException { } @Test - void constructor_errorResponseMissingCode_throws() throws IOException { + void constructor_errorResponseMissingCode_throws() { GenericJson jsonResponse = buildErrorResponse(); Object[] values = new Object[] {null, ""}; for (Object value : values) { jsonResponse.put("code", value); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain " - + "`error` and `message` fields when unsuccessful.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain " + + "`error` and `message` fields when unsuccessful.", + exception.getMessage()); } } @Test - void constructor_errorResponseMissingMessage_throws() throws IOException { + void constructor_errorResponseMissingMessage_throws() { GenericJson jsonResponse = buildErrorResponse(); Object[] values = new Object[] {null, ""}; for (Object value : values) { jsonResponse.put("message", value); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain " - + "`error` and `message` fields when unsuccessful.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain " + + "`error` and `message` fields when unsuccessful.", + exception.getMessage()); } } @Test - void constructor_successResponseMissingVersionField_throws() throws IOException { + void constructor_successResponseMissingVersionField_throws() { GenericJson jsonResponse = buildOidcResponse(); jsonResponse.remove("version"); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " - + "`version` field.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " + + "`version` field.", + exception.getMessage()); } @Test - void constructor_successResponseMissingSuccessField_throws() throws Exception { + void constructor_successResponseMissingSuccessField_throws() { GenericJson jsonResponse = buildOidcResponse(); jsonResponse.remove("success"); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " - + "`success` field.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " + + "`success` field.", + exception.getMessage()); } @Test - void constructor_successResponseMissingTokenTypeField_throws() throws IOException { + void constructor_successResponseMissingTokenTypeField_throws() { GenericJson jsonResponse = buildOidcResponse(); jsonResponse.remove("token_type"); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " - + "`token_type` field.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response is missing the " + + "`token_type` field.", + exception.getMessage()); } @Test - void constructor_samlResponseMissingSubjectToken_throws() throws IOException { + void constructor_samlResponseMissingSubjectToken_throws() { GenericJson jsonResponse = buildSamlResponse(); Object[] values = new Object[] {null, ""}; for (Object value : values) { jsonResponse.put("saml_response", value); - - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response does not " - + "contain a valid token.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response does not " + + "contain a valid token.", + exception.getMessage()); } } @Test - void constructor_oidcResponseMissingSubjectToken_throws() throws IOException { + void constructor_oidcResponseMissingSubjectToken_throws() { GenericJson jsonResponse = buildOidcResponse(); Object[] values = new Object[] {null, ""}; for (Object value : values) { jsonResponse.put("id_token", value); - try { - new ExecutableResponse(jsonResponse); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response does not " - + "contain a valid token.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows(PluggableAuthException.class, () -> new ExecutableResponse(jsonResponse)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response does not " + + "contain a valid token.", + exception.getMessage()); } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java index 4913e5aec..78bb68119 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentialsTest.java @@ -39,7 +39,6 @@ import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpTransport; import com.google.api.client.json.GenericJson; @@ -51,12 +50,12 @@ import com.google.auth.oauth2.GoogleCredentials.GoogleCredentialsInfo; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; -import com.google.common.io.BaseEncoding; import java.io.IOException; import java.io.InputStream; import java.net.URI; import java.nio.charset.StandardCharsets; import java.util.Arrays; +import java.util.Base64; import java.util.Collection; import java.util.Collections; import java.util.Date; @@ -84,8 +83,8 @@ class ExternalAccountAuthorizedUserCredentialsTest extends BaseSerializationTest private static final String BASIC_AUTH = String.format( "Basic %s", - BaseEncoding.base64() - .encode( + Base64.getEncoder() + .encodeToString( String.format("%s:%s", CLIENT_ID, CLIENT_SECRET) .getBytes(StandardCharsets.UTF_8))); @@ -246,70 +245,59 @@ void builder_accessTokenWithMissingRefreshFields() { @Test void builder_accessAndRefreshTokenNull_throws() { - try { - ExternalAccountAuthorizedUserCredentials.newBuilder().build(); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + ExternalAccountAuthorizedUserCredentials.Builder builder = + ExternalAccountAuthorizedUserCredentials.newBuilder(); + IllegalStateException exception = assertThrows(IllegalStateException.class, builder::build); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test void builder_missingTokenUrl_throws() { - try { - ExternalAccountAuthorizedUserCredentials.newBuilder() - .setRefreshToken(REFRESH_TOKEN) - .setClientId(CLIENT_ID) - .setClientSecret(CLIENT_SECRET) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + ExternalAccountAuthorizedUserCredentials.Builder builder = + ExternalAccountAuthorizedUserCredentials.newBuilder() + .setRefreshToken(REFRESH_TOKEN) + .setClientId(CLIENT_ID) + .setClientSecret(CLIENT_SECRET); + IllegalStateException exception = assertThrows(IllegalStateException.class, builder::build); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test void builder_missingClientId_throws() { - try { - ExternalAccountAuthorizedUserCredentials.newBuilder() - .setRefreshToken(REFRESH_TOKEN) - .setTokenUrl(TOKEN_URL) - .setClientSecret(CLIENT_SECRET) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + ExternalAccountAuthorizedUserCredentials.Builder builder = + ExternalAccountAuthorizedUserCredentials.newBuilder() + .setRefreshToken(REFRESH_TOKEN) + .setTokenUrl(TOKEN_URL) + .setClientSecret(CLIENT_SECRET); + IllegalStateException exception = assertThrows(IllegalStateException.class, builder::build); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test void builder_missingClientSecret_throws() { - try { - ExternalAccountAuthorizedUserCredentials.newBuilder() - .setRefreshToken(REFRESH_TOKEN) - .setTokenUrl(TOKEN_URL) - .setClientId(CLIENT_ID) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + ExternalAccountAuthorizedUserCredentials.Builder builder = + ExternalAccountAuthorizedUserCredentials.newBuilder() + .setRefreshToken(REFRESH_TOKEN) + .setTokenUrl(TOKEN_URL) + .setClientId(CLIENT_ID); + IllegalStateException exception = assertThrows(IllegalStateException.class, builder::build); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test @@ -421,84 +409,89 @@ void fromJson_minimumRequiredFieldsForRefresh() throws IOException { } @Test - void fromJson_accessTokenOnly_notSupported() throws IOException { + void fromJson_accessTokenOnly_notSupported() { GenericJson json = new GenericJson(); json.put("access_token", ACCESS_TOKEN); - try { - ExternalAccountAuthorizedUserCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> + ExternalAccountAuthorizedUserCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test - void fromJson_missingRefreshToken_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("refresh_token"); - ExternalAccountAuthorizedUserCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + void fromJson_missingRefreshToken_throws() { + GenericJson json = buildJsonCredentials(); + json.remove("refresh_token"); + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> + ExternalAccountAuthorizedUserCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test - void fromJson_missingTokenUrl_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("token_url"); - ExternalAccountAuthorizedUserCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + void fromJson_missingTokenUrl_throws() { + GenericJson json = buildJsonCredentials(); + json.remove("token_url"); + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> + ExternalAccountAuthorizedUserCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test - void fromJson_missingClientId_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("client_id"); - ExternalAccountAuthorizedUserCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + void fromJson_missingClientId_throws() { + GenericJson json = buildJsonCredentials(); + json.remove("client_id"); + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> + ExternalAccountAuthorizedUserCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test - void fromJson_missingClientSecret_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("client_secret"); - ExternalAccountAuthorizedUserCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { - assertEquals( - "ExternalAccountAuthorizedUserCredentials must be initialized with " - + "an access token or fields to enable refresh: " - + "('refresh_token', 'token_url', 'client_id', 'client_secret').", - exception.getMessage()); - } + void fromJson_missingClientSecret_throws() { + GenericJson json = buildJsonCredentials(); + json.remove("client_secret"); + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> + ExternalAccountAuthorizedUserCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "ExternalAccountAuthorizedUserCredentials must be initialized with " + + "an access token or fields to enable refresh: " + + "('refresh_token', 'token_url', 'client_id', 'client_secret').", + exception.getMessage()); } @Test @@ -567,10 +560,11 @@ void fromStream_accessTokenOnly_notSupported() throws IOException { json.put("access_token", ACCESS_TOKEN); json.put( "type", GoogleCredentialsInfo.EXTERNAL_ACCOUNT_AUTHORIZED_USER_CREDENTIALS.getFileType()); - try { - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals( "ExternalAccountAuthorizedUserCredentials must be initialized with " + "an access token or fields to enable refresh: " @@ -581,12 +575,13 @@ void fromStream_accessTokenOnly_notSupported() throws IOException { @Test void fromStream_missingRefreshToken_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("refresh_token"); - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { + GenericJson json = buildJsonCredentials(); + json.remove("refresh_token"); + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals( "ExternalAccountAuthorizedUserCredentials must be initialized with " + "an access token or fields to enable refresh: " @@ -597,12 +592,13 @@ void fromStream_missingRefreshToken_throws() throws IOException { @Test void fromStream_missingTokenUrl_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("token_url"); - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { + GenericJson json = buildJsonCredentials(); + json.remove("token_url"); + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals( "ExternalAccountAuthorizedUserCredentials must be initialized with " + "an access token or fields to enable refresh: " @@ -613,12 +609,13 @@ void fromStream_missingTokenUrl_throws() throws IOException { @Test void fromStream_missingClientId_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("client_id"); - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { + GenericJson json = buildJsonCredentials(); + json.remove("client_id"); + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals( "ExternalAccountAuthorizedUserCredentials must be initialized with " + "an access token or fields to enable refresh: " @@ -629,12 +626,13 @@ void fromStream_missingClientId_throws() throws IOException { @Test void fromStream_missingClientSecret_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.remove("client_secret"); - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (IllegalStateException exception) { + GenericJson json = buildJsonCredentials(); + json.remove("client_secret"); + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + IllegalStateException exception = + assertThrows( + IllegalStateException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals( "ExternalAccountAuthorizedUserCredentials must be initialized with " + "an access token or fields to enable refresh: " @@ -664,12 +662,13 @@ void fromStream_missingUniverseDomain_defaults() throws IOException { @Test void fromStream_invalidInputStream_throws() throws IOException { - try { - GenericJson json = buildJsonCredentials(); - json.put("audience", new HashMap<>()); - ExternalAccountAuthorizedUserCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should not be able to continue without exception."); - } catch (CredentialFormatException e) { + GenericJson json = buildJsonCredentials(); + json.put("audience", new HashMap<>()); + try (InputStream credentialsStream = TestUtils.jsonToInputStream(json)) { + CredentialFormatException e = + assertThrows( + CredentialFormatException.class, + () -> ExternalAccountAuthorizedUserCredentials.fromStream(credentialsStream)); assertEquals("Invalid input stream provided.", e.getMessage()); } } @@ -720,8 +719,8 @@ void getRequestMetadata_withQuotaProjectId() throws IOException { assertTrue(metadata.containsKey(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); assertEquals( - metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY), - Collections.singletonList(QUOTA_PROJECT)); + Collections.singletonList(QUOTA_PROJECT), + metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); validateAuthHeader(transportFactory.transport.getRequest()); } @@ -775,13 +774,9 @@ void refreshAccessToken_genericAuthError_throws() throws IOException { ExternalAccountAuthorizedUserCredentials credentials = ExternalAccountAuthorizedUserCredentials.fromJson(buildJsonCredentials(), transportFactory); - try { - credentials.refreshAccessToken(); - fail(""); - } catch (OAuthException e) { - assertEquals("invalid_request", e.getErrorCode()); - assertEquals("Invalid request.", e.getErrorDescription()); - } + OAuthException e = assertThrows(OAuthException.class, credentials::refreshAccessToken); + assertEquals("invalid_request", e.getErrorCode()); + assertEquals("Invalid request.", e.getErrorDescription()); } @Test @@ -791,11 +786,11 @@ void refreshAccessToken_genericIOError_throws() throws IOException { ExternalAccountAuthorizedUserCredentials credentials = ExternalAccountAuthorizedUserCredentials.fromJson(buildJsonCredentials(), transportFactory); - assertThrows(IOException.class, () -> credentials.refreshAccessToken()); + assertThrows(IOException.class, credentials::refreshAccessToken); } @Test - void refreshAccessToken_missingRefreshFields_throws() throws IOException { + void refreshAccessToken_missingRefreshFields_throws() { ExternalAccountAuthorizedUserCredentials credentials = ExternalAccountAuthorizedUserCredentials.newBuilder() .setClientId(CLIENT_ID) @@ -805,7 +800,7 @@ void refreshAccessToken_missingRefreshFields_throws() throws IOException { .setHttpTransportFactory(transportFactory) .build(); - assertThrows(IllegalStateException.class, () -> credentials.refreshAccessToken()); + assertThrows(IllegalStateException.class, credentials::refreshAccessToken); } @Test @@ -1238,7 +1233,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } static GenericJson buildJsonCredentials() { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java index d45979cfb..1338c0d68 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java @@ -32,15 +32,18 @@ package com.google.auth.oauth2; import static com.google.auth.oauth2.MockExternalAccountCredentialsTransport.SERVICE_ACCOUNT_IMPERSONATION_URL; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpTransport; import com.google.api.client.json.GenericJson; +import com.google.api.client.json.JsonParser; import com.google.api.client.util.Clock; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; @@ -97,7 +100,7 @@ void fromStream_identityPoolCredentials() throws IOException { ExternalAccountCredentials credential = ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json)); - assertTrue(credential instanceof IdentityPoolCredentials); + assertInstanceOf(IdentityPoolCredentials.class, credential); } @Test @@ -107,7 +110,7 @@ void fromStream_awsCredentials() throws IOException { ExternalAccountCredentials credential = ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json)); - assertTrue(credential instanceof AwsCredentials); + assertInstanceOf(AwsCredentials.class, credential); } @Test @@ -117,32 +120,29 @@ void fromStream_pluggableAuthCredentials() throws IOException { ExternalAccountCredentials credential = ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json)); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); } @Test - void fromStream_invalidStream_throws() throws IOException { + void fromStream_invalidStream_throws() { GenericJson json = buildJsonAwsCredential(); json.put("audience", new HashMap<>()); - try { - ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("Should fail."); - } catch (CredentialFormatException e) { - assertEquals("An invalid input stream was provided.", e.getMessage()); - } + CredentialFormatException e = + assertThrows( + CredentialFormatException.class, + () -> ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json))); + assertEquals("An invalid input stream was provided.", e.getMessage()); } @Test - void fromStream_nullTransport_throws() throws IOException { - try { - ExternalAccountCredentials.fromStream( - new ByteArrayInputStream("foo".getBytes()), /* transportFactory= */ null); - fail("NullPointerException should be thrown."); - } catch (NullPointerException e) { - // Expected. - } + void fromStream_nullTransport_throws() { + ByteArrayInputStream credentialsStream = new ByteArrayInputStream("foo".getBytes()); + assertThrows( + NullPointerException.class, + () -> + ExternalAccountCredentials.fromStream(credentialsStream, /* transportFactory= */ null)); } @Test @@ -164,36 +164,32 @@ void fromStream_nullOptionalField() throws IOException { } @Test - void fromStream_nullStream_throws() throws IOException { - try { - ExternalAccountCredentials.fromStream( - /* credentialsStream= */ null, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("NullPointerException should be thrown."); - } catch (NullPointerException e) { - // Expected. - } + void fromStream_nullStream_throws() { + assertThrows( + NullPointerException.class, + () -> + ExternalAccountCredentials.fromStream( + /* credentialsStream= */ null, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); } @Test - void fromStream_invalidWorkloadAudience_throws() throws IOException { - try { - GenericJson json = buildJsonIdentityPoolWorkforceCredential(); - json.put("audience", "invalidAudience"); - ExternalAccountCredentials credential = - ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json)); - fail("CredentialFormatException should be thrown."); - } catch (CredentialFormatException e) { - assertEquals("An invalid input stream was provided.", e.getMessage()); - } + void fromStream_invalidWorkloadAudience_throws() { + GenericJson json = buildJsonIdentityPoolWorkforceCredential(); + json.put("audience", "invalidAudience"); + CredentialFormatException e = + assertThrows( + CredentialFormatException.class, + () -> ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(json))); + assertEquals("An invalid input stream was provided.", e.getMessage()); } @Test - void fromJson_identityPoolCredentialsWorkload() throws IOException { + void fromJson_identityPoolCredentialsWorkload() { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( buildJsonIdentityPoolCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof IdentityPoolCredentials); + assertInstanceOf(IdentityPoolCredentials.class, credential); assertEquals( "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider", credential.getAudience()); @@ -205,12 +201,12 @@ void fromJson_identityPoolCredentialsWorkload() throws IOException { } @Test - void fromJson_identityPoolCredentialsWorkforce() throws IOException { + void fromJson_identityPoolCredentialsWorkforce() { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( buildJsonIdentityPoolWorkforceCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof IdentityPoolCredentials); + assertInstanceOf(IdentityPoolCredentials.class, credential); assertEquals( "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider", credential.getAudience()); @@ -223,16 +219,16 @@ void fromJson_identityPoolCredentialsWorkforce() throws IOException { } @Test - void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptions() throws IOException { + void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptions() { GenericJson identityPoolCredentialJson = buildJsonIdentityPoolCredential(); identityPoolCredentialJson.set( - "service_account_impersonation", buildServiceAccountImpersonationOptions(2800)); + "service_account_impersonation", buildServiceAccountImpersonationOptions()); ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( identityPoolCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof IdentityPoolCredentials); + assertInstanceOf(IdentityPoolCredentials.class, credential); assertEquals( "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider", credential.getAudience()); @@ -245,7 +241,7 @@ void fromJson_identityPoolCredentialsWithServiceAccountImpersonationOptions() th } @Test - void fromJson_identityPoolCredentialsWithUniverseDomain() throws IOException { + void fromJson_identityPoolCredentialsWithUniverseDomain() { GenericJson identityPoolCredentialJson = buildJsonIdentityPoolCredential(); identityPoolCredentialJson.set("universe_domain", "universeDomain"); @@ -253,7 +249,7 @@ void fromJson_identityPoolCredentialsWithUniverseDomain() throws IOException { ExternalAccountCredentials.fromJson( identityPoolCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof IdentityPoolCredentials); + assertInstanceOf(IdentityPoolCredentials.class, credential); assertNotNull(credential.getCredentialSource()); assertEquals( "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider", @@ -265,12 +261,12 @@ void fromJson_identityPoolCredentialsWithUniverseDomain() throws IOException { } @Test - void fromJson_awsCredentials() throws IOException { + void fromJson_awsCredentials() { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( buildJsonAwsCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof AwsCredentials); + assertInstanceOf(AwsCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -280,15 +276,15 @@ void fromJson_awsCredentials() throws IOException { } @Test - void fromJson_awsCredentialsWithServiceAccountImpersonationOptions() throws IOException { + void fromJson_awsCredentialsWithServiceAccountImpersonationOptions() { GenericJson awsCredentialJson = buildJsonAwsCredential(); awsCredentialJson.set( - "service_account_impersonation", buildServiceAccountImpersonationOptions(2800)); + "service_account_impersonation", buildServiceAccountImpersonationOptions()); ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson(awsCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof AwsCredentials); + assertInstanceOf(AwsCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -299,14 +295,14 @@ void fromJson_awsCredentialsWithServiceAccountImpersonationOptions() throws IOEx } @Test - void fromJson_awsCredentialsWithUniverseDomain() throws IOException { + void fromJson_awsCredentialsWithUniverseDomain() { GenericJson awsCredentialJson = buildJsonAwsCredential(); awsCredentialJson.set("universe_domain", "universeDomain"); ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson(awsCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof AwsCredentials); + assertInstanceOf(AwsCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -316,12 +312,12 @@ void fromJson_awsCredentialsWithUniverseDomain() throws IOException { } @Test - void fromJson_pluggableAuthCredentials() throws IOException { + void fromJson_pluggableAuthCredentials() { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( buildJsonPluggableAuthCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -337,12 +333,12 @@ void fromJson_pluggableAuthCredentials() throws IOException { } @Test - void fromJson_pluggableAuthCredentialsWorkforce() throws IOException { + void fromJson_pluggableAuthCredentialsWorkforce() { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( buildJsonPluggableAuthWorkforceCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals( "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider", credential.getAudience()); @@ -363,7 +359,7 @@ void fromJson_pluggableAuthCredentialsWorkforce() throws IOException { @Test @SuppressWarnings("unchecked") - void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() throws IOException { + void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() { GenericJson json = buildJsonPluggableAuthCredential(); Map credentialSourceMap = (Map) json.get("credential_source"); // Add optional params to the executable config (timeout, output file path). @@ -375,7 +371,7 @@ void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() throws IOExcept ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -391,17 +387,16 @@ void fromJson_pluggableAuthCredentials_allExecutableOptionsSet() throws IOExcept } @Test - void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOptions() - throws IOException { + void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOptions() { GenericJson pluggableAuthCredentialJson = buildJsonPluggableAuthCredential(); pluggableAuthCredentialJson.set( - "service_account_impersonation", buildServiceAccountImpersonationOptions(2800)); + "service_account_impersonation", buildServiceAccountImpersonationOptions()); ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson( pluggableAuthCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -419,7 +414,7 @@ void fromJson_pluggableAuthCredentialsWithServiceAccountImpersonationOptions() @Test @SuppressWarnings("unchecked") - void fromJson_pluggableAuthCredentials_withUniverseDomain() throws IOException { + void fromJson_pluggableAuthCredentials_withUniverseDomain() { GenericJson json = buildJsonPluggableAuthCredential(); json.set("universe_domain", "universeDomain"); @@ -433,7 +428,7 @@ void fromJson_pluggableAuthCredentials_withUniverseDomain() throws IOException { ExternalAccountCredentials credential = ExternalAccountCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -449,7 +444,7 @@ void fromJson_pluggableAuthCredentials_withUniverseDomain() throws IOException { } @Test - void fromJson_pluggableAuthCredentialsWithUniverseDomain() throws IOException { + void fromJson_pluggableAuthCredentialsWithUniverseDomain() { GenericJson pluggableAuthCredentialJson = buildJsonPluggableAuthCredential(); pluggableAuthCredentialJson.set("universe_domain", "universeDomain"); @@ -457,7 +452,7 @@ void fromJson_pluggableAuthCredentialsWithUniverseDomain() throws IOException { ExternalAccountCredentials.fromJson( pluggableAuthCredentialJson, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - assertTrue(credential instanceof PluggableAuthCredentials); + assertInstanceOf(PluggableAuthCredentials.class, credential); assertEquals("audience", credential.getAudience()); assertEquals("subjectTokenType", credential.getSubjectTokenType()); assertEquals(STS_URL, credential.getTokenUrl()); @@ -473,31 +468,26 @@ void fromJson_pluggableAuthCredentialsWithUniverseDomain() throws IOException { } @Test - void fromJson_nullJson_throws() throws IOException { - try { - ExternalAccountCredentials.fromJson(/* json= */ null, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Exception should be thrown."); - } catch (NullPointerException e) { - // Expected. - } + void fromJson_nullJson_throws() { + assertThrows( + NullPointerException.class, + () -> + ExternalAccountCredentials.fromJson( + /* json= */ null, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); } @Test - void fromJson_nullTransport_throws() throws IOException { - try { - ExternalAccountCredentials.fromJson( - new HashMap(), /* transportFactory= */ null); - fail("Exception should be thrown."); - } catch (NullPointerException e) { - // Expected. - } + void fromJson_nullTransport_throws() { + HashMap json = new HashMap<>(); + assertThrows(NullPointerException.class, () -> ExternalAccountCredentials.fromJson(json, null)); } @Test - void fromJson_invalidWorkforceAudiences_throws() throws IOException { + void fromJson_invalidWorkforceAudiences_throws() { List invalidAudiences = Arrays.asList( - "//iam.googleapis.com/locations/global/workloadIdentityPools/pool/providers/provider", + "", + "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers", @@ -507,23 +497,25 @@ void fromJson_invalidWorkforceAudiences_throws() throws IOException { "//iam.googleapis.com/locations/global/workforce/providers"); for (String audience : invalidAudiences) { - try { - GenericJson json = buildJsonIdentityPoolCredential(); - json.put("audience", audience); - json.put("workforce_pool_user_project", "userProject"); - - ExternalAccountCredentials.fromJson(json, OAuth2Utils.HTTP_TRANSPORT_FACTORY); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", - e.getMessage()); - } + GenericJson json = buildJsonIdentityPoolCredential(); + json.put("audience", audience); + json.put("workforce_pool_user_project", "userProject"); + + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> + ExternalAccountCredentials.fromJson( + json, OAuth2Utils.HTTP_TRANSPORT_FACTORY)); + assertEquals( + "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", + e.getMessage()); } } @Test - void constructor_builder() throws IOException { + void constructor_builder() { HashMap credentialSource = new HashMap<>(); credentialSource.put("file", "file"); @@ -617,37 +609,37 @@ void constructor_builder_subjectTokenTypeEnum() { @Test void constructor_builder_invalidTokenUrl() { - try { - ExternalAccountCredentials.Builder builder = - TestExternalAccountCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl("tokenUrl") - .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)); - new TestExternalAccountCredentials(builder); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals("The provided token URL is invalid.", exception.getMessage()); - } + ExternalAccountCredentials.Builder builder = + TestExternalAccountCredentials.newBuilder() + .setHttpTransportFactory(transportFactory) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl("tokenUrl") + .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)); + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> new TestExternalAccountCredentials(builder)); + assertEquals("The provided token URL is invalid.", exception.getMessage()); } @Test void constructor_builder_invalidServiceAccountImpersonationUrl() { - try { - ExternalAccountCredentials.Builder builder = - TestExternalAccountCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl("tokenUrl") - .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) - .setServiceAccountImpersonationUrl("serviceAccountImpersonationUrl"); - new TestExternalAccountCredentials(builder); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals("The provided token URL is invalid.", exception.getMessage()); - } + ExternalAccountCredentials.Builder builder = + TestExternalAccountCredentials.newBuilder() + .setHttpTransportFactory(transportFactory) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl("tokenUrl") + .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) + .setServiceAccountImpersonationUrl("serviceAccountImpersonationUrl"); + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> new TestExternalAccountCredentials(builder)); + assertEquals("The provided token URL is invalid.", exception.getMessage()); } @Test @@ -667,21 +659,22 @@ void constructor_builderWithInvalidWorkforceAudiences_throws() { HashMap credentialSource = new HashMap<>(); credentialSource.put("file", "file"); for (String audience : invalidAudiences) { - try { - TestExternalAccountCredentials.newBuilder() - .setWorkforcePoolUserProject("workforcePoolUserProject") - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience(audience) - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setCredentialSource(new TestCredentialSource(credentialSource)) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", - exception.getMessage()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> + TestExternalAccountCredentials.newBuilder() + .setWorkforcePoolUserProject("workforcePoolUserProject") + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience(audience) + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setCredentialSource(new TestCredentialSource(credentialSource)) + .build()); + assertEquals( + "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", + exception.getMessage()); } } @@ -690,14 +683,16 @@ void constructor_builderWithEmptyWorkforceUserProjectAndWorkforceAudience() { HashMap credentialSource = new HashMap<>(); credentialSource.put("file", "file"); // No exception should be thrown. - TestExternalAccountCredentials.newBuilder() - .setWorkforcePoolUserProject("") - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setCredentialSource(new TestCredentialSource(credentialSource)) - .build(); + ExternalAccountCredentials.Builder builder = + TestExternalAccountCredentials.newBuilder() + .setWorkforcePoolUserProject("") + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience( + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setCredentialSource(new TestCredentialSource(credentialSource)); + assertDoesNotThrow(builder::build); } @Test @@ -705,31 +700,32 @@ void constructor_builder_invalidTokenLifetime_throws() { Map invalidOptionsMap = new HashMap(); invalidOptionsMap.put("token_lifetime_seconds", "thisIsAString"); - try { - IdentityPoolCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .setAudience( - "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("https://tokeninfo.com") - .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) - .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) - .setScopes(Arrays.asList("scope1", "scope2")) - .setQuotaProjectId("projectId") - .setClientId("clientId") - .setClientSecret("clientSecret") - .setWorkforcePoolUserProject("workforcePoolUserProject") - .setUniverseDomain("universeDomain") - .setServiceAccountImpersonationOptions(invalidOptionsMap) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", - exception.getMessage()); - assertEquals(NumberFormatException.class, exception.getCause().getClass()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> + IdentityPoolCredentials.newBuilder() + .setHttpTransportFactory(transportFactory) + .setAudience( + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("https://tokeninfo.com") + .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) + .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) + .setScopes(Arrays.asList("scope1", "scope2")) + .setQuotaProjectId("projectId") + .setClientId("clientId") + .setClientSecret("clientSecret") + .setWorkforcePoolUserProject("workforcePoolUserProject") + .setUniverseDomain("universeDomain") + .setServiceAccountImpersonationOptions(invalidOptionsMap) + .build()); + assertEquals( + "Value of \"token_lifetime_seconds\" field could not be parsed into an integer.", + exception.getMessage()); + assertEquals(NumberFormatException.class, exception.getCause().getClass()); } @Test @@ -789,7 +785,7 @@ void constructor_builder_bigDecimalTokenLifetime() { @Test void constructor_builder_integerTokenLifetime() { Map optionsMap = new HashMap(); - optionsMap.put("token_lifetime_seconds", Integer.valueOf(2800)); + optionsMap.put("token_lifetime_seconds", 2800); ExternalAccountCredentials credentials = IdentityPoolCredentials.newBuilder() @@ -818,59 +814,61 @@ void constructor_builder_lowTokenLifetime_throws() { Map optionsMap = new HashMap(); optionsMap.put("token_lifetime_seconds", 599); - try { - IdentityPoolCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .setAudience( - "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("https://tokeninfo.com") - .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) - .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) - .setScopes(Arrays.asList("scope1", "scope2")) - .setQuotaProjectId("projectId") - .setClientId("clientId") - .setClientSecret("clientSecret") - .setWorkforcePoolUserProject("workforcePoolUserProject") - .setUniverseDomain("universeDomain") - .setServiceAccountImpersonationOptions(optionsMap) - .build(); - } catch (IllegalArgumentException e) { - assertEquals( - "The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.", - e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> + IdentityPoolCredentials.newBuilder() + .setHttpTransportFactory(transportFactory) + .setAudience( + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("https://tokeninfo.com") + .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) + .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) + .setScopes(Arrays.asList("scope1", "scope2")) + .setQuotaProjectId("projectId") + .setClientId("clientId") + .setClientSecret("clientSecret") + .setWorkforcePoolUserProject("workforcePoolUserProject") + .setUniverseDomain("universeDomain") + .setServiceAccountImpersonationOptions(optionsMap) + .build()); + assertEquals( + "The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.", + e.getMessage()); } @Test void constructor_builder_highTokenLifetime_throws() { - Map optionsMap = new HashMap(); + Map optionsMap = new HashMap<>(); optionsMap.put("token_lifetime_seconds", 43201); - try { - IdentityPoolCredentials.newBuilder() - .setHttpTransportFactory(transportFactory) - .setAudience( - "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("https://tokeninfo.com") - .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) - .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) - .setScopes(Arrays.asList("scope1", "scope2")) - .setQuotaProjectId("projectId") - .setClientId("clientId") - .setClientSecret("clientSecret") - .setWorkforcePoolUserProject("workforcePoolUserProject") - .setUniverseDomain("universeDomain") - .setServiceAccountImpersonationOptions(optionsMap) - .build(); - } catch (IllegalArgumentException e) { - assertEquals( - "The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.", - e.getMessage()); - } + IdentityPoolCredentials.Builder builder = + IdentityPoolCredentials.newBuilder() + .setHttpTransportFactory(transportFactory) + .setAudience( + "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("https://tokeninfo.com") + .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) + .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)) + .setScopes(Arrays.asList("scope1", "scope2")) + .setQuotaProjectId("projectId") + .setClientId("clientId") + .setClientSecret("clientSecret") + .setWorkforcePoolUserProject("workforcePoolUserProject") + .setUniverseDomain("universeDomain"); + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> builder.setServiceAccountImpersonationOptions(optionsMap)); + assertEquals( + "The \"token_lifetime_seconds\" field must be between 600 and 43200 seconds.", + e.getMessage()); } @Test @@ -1006,17 +1004,18 @@ void exchangeExternalCredentialForAccessToken_withServiceAccountImpersonation() transportFactory.transport.getServiceAccountAccessToken(), returnedToken.getTokenValue()); // Validate that default lifetime was set correctly on the request. - GenericJson query = - OAuth2Utils.JSON_FACTORY - .createJsonParser(transportFactory.transport.getLastRequest().getContentAsString()) - .parseAndClose(GenericJson.class); + try (JsonParser jsonParser = + OAuth2Utils.JSON_FACTORY.createJsonParser( + transportFactory.transport.getLastRequest().getContentAsString())) { + GenericJson query = jsonParser.parseAndClose(GenericJson.class); - assertEquals("3600s", query.get("lifetime")); + assertEquals("3600s", query.get("lifetime")); - // Validate metrics header is set correctly on the sts request. - Map> headers = - transportFactory.transport.getRequests().get(1).getHeaders(); - validateMetricsHeader(headers, "url", true, false); + // Validate metrics header is set correctly on the sts request. + Map> headers = + transportFactory.transport.getRequests().get(1).getHeaders(); + validateMetricsHeader(headers, "url", true, false); + } } @Test @@ -1030,7 +1029,7 @@ void exchangeExternalCredentialForAccessToken_withServiceAccountImpersonationOpt transportFactory.transport.getStsUrl(), transportFactory.transport.getMetadataUrl(), transportFactory.transport.getServiceAccountImpersonationUrl(), - buildServiceAccountImpersonationOptions(2800)), + buildServiceAccountImpersonationOptions()), transportFactory); StsTokenExchangeRequest stsTokenExchangeRequest = @@ -1043,16 +1042,16 @@ void exchangeExternalCredentialForAccessToken_withServiceAccountImpersonationOpt transportFactory.transport.getServiceAccountAccessToken(), returnedToken.getTokenValue()); // Validate that lifetime was set correctly on the request. - GenericJson query = - OAuth2Utils.JSON_FACTORY - .createJsonParser(transportFactory.transport.getLastRequest().getContentAsString()) - .parseAndClose(GenericJson.class); - - // Validate metrics header is set correctly on the sts request. - Map> headers = - transportFactory.transport.getRequests().get(1).getHeaders(); - validateMetricsHeader(headers, "url", true, true); - assertEquals("2800s", query.get("lifetime")); + try (JsonParser jsonParser = + OAuth2Utils.JSON_FACTORY.createJsonParser( + transportFactory.transport.getLastRequest().getContentAsString())) { + GenericJson query = jsonParser.parseAndClose(GenericJson.class); + // Validate metrics header is set correctly on the sts request. + Map> headers = + transportFactory.transport.getRequests().get(1).getHeaders(); + validateMetricsHeader(headers, "url", true, true); + assertEquals("2800s", query.get("lifetime")); + } } @Test @@ -1069,19 +1068,18 @@ void exchangeExternalCredentialForAccessToken_throws() throws IOException { StsTokenExchangeRequest stsTokenExchangeRequest = StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build(); - try { - credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest); - fail("Exception should be thrown."); - } catch (OAuthException e) { - assertEquals(errorCode, e.getErrorCode()); - assertEquals(errorDescription, e.getErrorDescription()); - assertEquals(errorUri, e.getErrorUri()); - } + OAuthException e = + assertThrows( + OAuthException.class, + (org.junit.jupiter.api.function.Executable) + () -> credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest)); + assertEquals(errorCode, e.getErrorCode()); + assertEquals(errorDescription, e.getErrorDescription()); + assertEquals(errorUri, e.getErrorUri()); } @Test - void exchangeExternalCredentialForAccessToken_invalidImpersonatedCredentialsThrows() - throws IOException { + void exchangeExternalCredentialForAccessToken_invalidImpersonatedCredentialsThrows() { GenericJson json = buildJsonIdentityPoolCredential(); json.put("service_account_impersonation_url", "https://iamcredentials.googleapis.com"); ExternalAccountCredentials credential = @@ -1090,14 +1088,13 @@ void exchangeExternalCredentialForAccessToken_invalidImpersonatedCredentialsThro StsTokenExchangeRequest stsTokenExchangeRequest = StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build(); - try { - credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - "Unable to determine target principal from service account impersonation URL.", - e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> credential.exchangeExternalCredentialForAccessToken(stsTokenExchangeRequest)); + assertEquals( + "Unable to determine target principal from service account impersonation URL.", + e.getMessage()); } @Test @@ -1147,7 +1144,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals( testCredentials.getServiceAccountImpersonationOptions().getLifetime(), deserializedCredentials.getServiceAccountImpersonationOptions().getLifetime()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); assertEquals( MockExternalAccountCredentialsTransportFactory.class, deserializedCredentials.toBuilder().getHttpTransportFactory().getClass()); @@ -1189,12 +1186,11 @@ void validateTokenUrl_invalidUrls() { "https://us- -1.sts.googleapis.com"); for (String url : invalidUrls) { - try { - ExternalAccountCredentials.validateTokenUrl(url); - fail("Should have failed since an invalid URL was passed."); - } catch (IllegalArgumentException e) { - assertEquals("The provided token URL is invalid.", e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> ExternalAccountCredentials.validateTokenUrl(url)); + assertEquals("The provided token URL is invalid.", e.getMessage()); } } @@ -1235,12 +1231,12 @@ void validateServiceAccountImpersonationUrls_invalidUrls() { "https://us- -1.iamcredentials.googleapis.com"); for (String url : invalidUrls) { - try { - ExternalAccountCredentials.validateServiceAccountImpersonationInfoUrl(url); - fail("Should have failed since an invalid URL was passed."); - } catch (IllegalArgumentException e) { - assertEquals("The provided service account impersonation URL is invalid.", e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + (org.junit.jupiter.api.function.Executable) + () -> ExternalAccountCredentials.validateServiceAccountImpersonationInfoUrl(url)); + assertEquals("The provided service account impersonation URL is invalid.", e.getMessage()); } } @@ -1318,10 +1314,9 @@ private GenericJson buildJsonPluggableAuthWorkforceCredential() { return json; } - static Map buildServiceAccountImpersonationOptions(Integer lifetime) { + static Map buildServiceAccountImpersonationOptions() { Map map = new HashMap(); - map.put("token_lifetime_seconds", lifetime); - + map.put("token_lifetime_seconds", 2800); return map; } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java index b55514916..bcf9f7f42 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java @@ -32,12 +32,12 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.json.GenericJson; import com.google.api.client.json.JsonFactory; @@ -149,7 +149,7 @@ void fromJSON_getTokenServerUri() throws IOException { } @Test - void fromJSON_nullFormatVersion() throws IOException { + void fromJSON_nullFormatVersion() { GenericJson json = writeGdchServiceAccountJson( null, @@ -160,22 +160,18 @@ void fromJSON_nullFormatVersion() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "format_version"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "format_version"))); } @Test - void fromJSON_nullProjectId() throws IOException { + void fromJSON_nullProjectId() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -186,22 +182,18 @@ void fromJSON_nullProjectId() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "project"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "project"))); } @Test - void fromJSON_nullPrivateKeyId() throws IOException { + void fromJSON_nullPrivateKeyId() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -212,22 +204,18 @@ void fromJSON_nullPrivateKeyId() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "private_key_id"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "private_key_id"))); } @Test - void fromJSON_nullPrivateKey() throws IOException { + void fromJSON_nullPrivateKey() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -238,22 +226,18 @@ void fromJSON_nullPrivateKey() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "private_key"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "private_key"))); } @Test - void fromJSON_nullServiceIdentityName() throws IOException { + void fromJSON_nullServiceIdentityName() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -264,18 +248,14 @@ void fromJSON_nullServiceIdentityName() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "name"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "name"))); } @Test @@ -294,7 +274,7 @@ void fromJSON_nullCaCertPath() throws IOException { } @Test - void fromJSON_nullTokenServerUri() throws IOException { + void fromJSON_nullTokenServerUri() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -305,22 +285,18 @@ void fromJSON_nullTokenServerUri() throws IOException { CA_CERT_PATH, null); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains( - String.format( - "Error reading GDCH service account credential from JSON, " - + "%s is misconfigured.", - "token_uri"))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains( + String.format( + "Error reading GDCH service account credential from JSON, " + + "%s is misconfigured.", + "token_uri"))); } @Test - void fromJSON_invalidFormatVersion() throws IOException { + void fromJSON_invalidFormatVersion() { GenericJson json = writeGdchServiceAccountJson( "100", @@ -331,18 +307,14 @@ void fromJSON_invalidFormatVersion() throws IOException { CA_CERT_PATH, TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue( - ex.getMessage() - .contains(String.format("Only format version %s is supported", FORMAT_VERSION))); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue( + ex.getMessage() + .contains(String.format("Only format version %s is supported", FORMAT_VERSION))); } @Test - void fromJSON_invalidCaCertPath() throws IOException { + void fromJSON_invalidCaCertPath() { GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -353,12 +325,8 @@ void fromJSON_invalidCaCertPath() throws IOException { "/path/to/missing/file", TOKEN_SERVER_URI); - try { - GdchCredentials credentials = GdchCredentials.fromJson(json); - fail("Should not be able to create GDCH credential without exception."); - } catch (IOException ex) { - assertTrue(ex.getMessage().contains("Error reading certificate file from CA cert path")); - } + IOException ex = assertThrows(IOException.class, () -> GdchCredentials.fromJson(json)); + assertTrue(ex.getMessage().contains("Error reading certificate file from CA cert path")); } @Test @@ -455,12 +423,9 @@ void createWithGdchAudience_nullApiAudience() throws IOException { TOKEN_SERVER_URI); GdchCredentials credentials = GdchCredentials.fromJson(json); - try { - GdchCredentials gdchWithAudience = credentials.createWithGdchAudience(null); - fail("Should not be able to create GDCH credential without exception."); - } catch (NullPointerException ex) { - assertTrue(ex.getMessage().contains("Audience are not configured for GDCH service account")); - } + NullPointerException ex = + assertThrows(NullPointerException.class, () -> credentials.createWithGdchAudience(null)); + assertTrue(ex.getMessage().contains("Audience are not configured for GDCH service account")); } @Test @@ -548,30 +513,17 @@ void refreshAccessToken_nullApiAudience() throws IOException { transportFactory.transport.addGdchServiceAccount( GdchCredentials.getIssuerSubjectValue(PROJECT_ID, SERVICE_IDENTITY_NAME), tokenString); transportFactory.transport.setTokenServerUri(TOKEN_SERVER_URI); - try { - AccessToken accessToken = credentials.refreshAccessToken(); - fail("Should not be able to refresh access token without exception."); - } catch (NullPointerException ex) { - assertTrue( - ex.getMessage() - .contains( - "Audience are not configured for GDCH service account. Specify the " - + "audience by calling createWithGDCHAudience")); - } + NullPointerException ex = + assertThrows(NullPointerException.class, credentials::refreshAccessToken); + assertTrue( + ex.getMessage() + .contains( + "Audience are not configured for GDCH service account. Specify the " + + "audience by calling createWithGDCHAudience")); } @Test - void getIssuerSubjectValue_correct() throws IOException { - GenericJson json = - writeGdchServiceAccountJson( - FORMAT_VERSION, - PROJECT_ID, - PRIVATE_KEY_ID, - PRIVATE_KEY_PKCS8, - SERVICE_IDENTITY_NAME, - CA_CERT_PATH, - TOKEN_SERVER_URI); - GdchCredentials credentials = GdchCredentials.fromJson(json); + void getIssuerSubjectValue_correct() { Object expectedIssSubValue = String.format("system:serviceaccount:%s:%s", PROJECT_ID, SERVICE_IDENTITY_NAME); assertEquals( @@ -590,7 +542,7 @@ void equals_same() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -600,14 +552,14 @@ void equals_same() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test @@ -621,7 +573,7 @@ void equals_false_projectId() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -631,14 +583,14 @@ void equals_false_projectId() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -652,7 +604,7 @@ void equals_false_keyId() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -662,14 +614,14 @@ void equals_false_keyId() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -683,7 +635,7 @@ void equals_false_serviceIdentityName() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -693,20 +645,22 @@ void equals_false_serviceIdentityName() throws IOException { "otherServiceIdentityName", CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test void equals_false_caCertPath() throws IOException { File tmpDirectory = Files.createTempDirectory("tmpDirectory").toFile(); + tmpDirectory.deleteOnExit(); File testCaCertFile = File.createTempFile("testCert", ".pem", tmpDirectory); + testCaCertFile.deleteOnExit(); GenericJson json = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -716,7 +670,7 @@ void equals_false_caCertPath() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -726,16 +680,14 @@ void equals_false_caCertPath() throws IOException { SERVICE_IDENTITY_NAME, testCaCertFile.getPath(), TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); - - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); - testCaCertFile.delete(); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -749,7 +701,7 @@ void equals_false_tokenServer() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -759,14 +711,14 @@ void equals_false_tokenServer() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, URI.create("https://foo1.com/bar")); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -782,7 +734,7 @@ void equals_false_apiAudience() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -792,13 +744,12 @@ void equals_false_apiAudience() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = - ((GdchCredentials) otherCredentials).createWithGdchAudience(otherApiAudience); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(otherApiAudience); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -812,8 +763,8 @@ void toString_containsFields() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); + GdchCredentials credentials = GdchCredentials.fromJson(json); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); String expectedToString = String.format( "GdchCredentials{projectId=%s, privateKeyId=%s, serviceIdentityName=%s, " @@ -839,7 +790,7 @@ void hashCode_equals() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials credentials = GdchCredentials.fromJson(json); + GdchCredentials credentials = GdchCredentials.fromJson(json); GenericJson otherJson = writeGdchServiceAccountJson( FORMAT_VERSION, @@ -849,11 +800,11 @@ void hashCode_equals() throws IOException { SERVICE_IDENTITY_NAME, CA_CERT_PATH, TOKEN_SERVER_URI); - OAuth2Credentials otherCredentials = GdchCredentials.fromJson(otherJson); + GdchCredentials otherCredentials = GdchCredentials.fromJson(otherJson); assertEquals(credentials.hashCode(), otherCredentials.hashCode()); - credentials = ((GdchCredentials) credentials).createWithGdchAudience(API_AUDIENCE); - otherCredentials = ((GdchCredentials) otherCredentials).createWithGdchAudience(API_AUDIENCE); + credentials = credentials.createWithGdchAudience(API_AUDIENCE); + otherCredentials = otherCredentials.createWithGdchAudience(API_AUDIENCE); assertEquals(credentials.hashCode(), otherCredentials.hashCode()); } @@ -876,7 +827,7 @@ void serialize_correct() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); assertEquals( MockTokenServerTransportFactory.class, deserializedCredentials.toBuilder().getHttpTransportFactory().getClass()); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleAuthUtilsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleAuthUtilsTest.java index 7c883df0f..de7077ef6 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/GoogleAuthUtilsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/GoogleAuthUtilsTest.java @@ -47,8 +47,9 @@ void getWellKnownCredentialsPath_correct() { // the base folder will be an empty string using. File homeDir = new File(""); File configDir = new File(homeDir, ".config"); - File cloudConfigDir = new File(configDir, provider.CLOUDSDK_CONFIG_DIRECTORY); - File wellKnownFile = new File(cloudConfigDir, provider.WELL_KNOWN_CREDENTIALS_FILE); + File cloudConfigDir = new File(configDir, DefaultCredentialsProvider.CLOUDSDK_CONFIG_DIRECTORY); + File wellKnownFile = + new File(cloudConfigDir, DefaultCredentialsProvider.WELL_KNOWN_CREDENTIALS_FILE); String obtainedPath = GoogleAuthUtils.getWellKnownCredentialsPath(provider); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java index 503c87d54..21bd1a081 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java @@ -33,12 +33,12 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpStatusCodes; import com.google.api.client.json.GenericJson; @@ -100,13 +100,8 @@ class GoogleCredentialsTest extends BaseSerializationTest { private static final String TPC_UNIVERSE = "foo.bar"; @Test - void getApplicationDefault_nullTransport_throws() throws IOException { - try { - GoogleCredentials.getApplicationDefault(null); - fail(); - } catch (NullPointerException expected) { - // Expected - } + void getApplicationDefault_nullTransport_throws() { + assertThrows(NullPointerException.class, () -> GoogleCredentials.getApplicationDefault(null)); } @Test @@ -114,29 +109,23 @@ void fromStream_unknownType_throws() throws IOException { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); GenericJson json = new GenericJson(); json.put("type", "unsupported_credential"); - InputStream stream = TestUtils.jsonToInputStream(json); - try { - GoogleCredentials.fromStream(stream, transportFactory); - fail("Should throw if type is unknown."); - } catch (IOException expected) { + try (InputStream stream = TestUtils.jsonToInputStream(json)) { + IOException exception = + assertThrows( + IOException.class, () -> GoogleCredentials.fromStream(stream, transportFactory)); String expectedError = "Error reading credentials from stream, 'type' value " + "'unsupported_credential' not recognized. Valid values are 'authorized_user', " + "'service_account', 'gdch_service_account', 'external_account', " + "'external_account_authorized_user', 'impersonated_service_account'."; - assertTrue(expected.getMessage().contains(expectedError)); + assertTrue(exception.getMessage().contains(expectedError)); } } @Test - void fromStream_nullTransport_throws() throws IOException { + void fromStream_nullTransport_throws() { InputStream stream = new ByteArrayInputStream("foo".getBytes()); - try { - GoogleCredentials.fromStream(stream, null); - fail("Should throw if HttpTransportFactory is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows(NullPointerException.class, () -> GoogleCredentials.fromStream(stream, null)); } @Test @@ -146,19 +135,17 @@ void fromStream_noType_throws() throws IOException { ServiceAccountCredentialsTest.writeServiceAccountJson( "project_id", QUOTA_PROJECT, "universe"); json.remove("type"); - InputStream stream = TestUtils.jsonToInputStream(json); - try { - GoogleCredentials.fromStream(stream, transportFactory); - fail("Should throw if type is unknown."); - } catch (IOException expected) { + try (InputStream stream = TestUtils.jsonToInputStream(json)) { + IOException exception = + assertThrows( + IOException.class, () -> GoogleCredentials.fromStream(stream, transportFactory)); String expectedError = "Error reading credentials from stream, 'type' field not specified."; - assertEquals(expectedError, expected.getMessage()); + assertEquals(expectedError, exception.getMessage()); } } @Test void fromStream_nullStream_throws() { - MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); assertThrows(NullPointerException.class, () -> GoogleCredentials.parseJsonInputStream(null)); } @@ -175,7 +162,7 @@ void fromStream_serviceAccount_noUniverse_providesToken() throws IOException { assertNotNull(credentials); assertEquals(GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); - assertEquals(false, credentials.isExplicitUniverseDomain()); + assertFalse(credentials.isExplicitUniverseDomain()); credentials = credentials.createScoped(SCOPES); Map> metadata = credentials.getRequestMetadata(CALL_URI); TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN); @@ -198,46 +185,62 @@ void fromStream_serviceAccount_Universe_noToken() throws IOException { assertNotNull(credentials); assertEquals(TPC_UNIVERSE, credentials.getUniverseDomain()); - assertEquals(true, credentials.isExplicitUniverseDomain()); + assertTrue(credentials.isExplicitUniverseDomain()); credentials = credentials.createScoped(SCOPES); - Map> metadata = credentials.getRequestMetadata(CALL_URI); + credentials.getRequestMetadata(CALL_URI); assertNotNull(((ServiceAccountCredentials) credentials).getSelfSignedJwtCredentialsWithScope()); } @Test void fromStream_serviceAccountNoClientId_throws() throws IOException { - InputStream serviceAccountStream = + try (InputStream serviceAccountStream = ServiceAccountCredentialsTest.writeServiceAccountStream( - null, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID); - - testFromStreamException(serviceAccountStream, "client_id"); + null, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_id")); + } } @Test void fromStream_serviceAccountNoClientEmail_throws() throws IOException { - InputStream serviceAccountStream = + try (InputStream serviceAccountStream = ServiceAccountCredentialsTest.writeServiceAccountStream( - SA_CLIENT_ID, null, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID); - - testFromStreamException(serviceAccountStream, "client_email"); + SA_CLIENT_ID, null, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_email")); + } } @Test void fromStream_serviceAccountNoPrivateKey_throws() throws IOException { - InputStream serviceAccountStream = + try (InputStream serviceAccountStream = ServiceAccountCredentialsTest.writeServiceAccountStream( - SA_CLIENT_ID, SA_CLIENT_EMAIL, null, SA_PRIVATE_KEY_ID); - - testFromStreamException(serviceAccountStream, "private_key"); + SA_CLIENT_ID, SA_CLIENT_EMAIL, null, SA_PRIVATE_KEY_ID)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key")); + } } @Test void fromStream_serviceAccountNoPrivateKeyId_throws() throws IOException { - InputStream serviceAccountStream = + try (InputStream serviceAccountStream = ServiceAccountCredentialsTest.writeServiceAccountStream( - SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, null); - - testFromStreamException(serviceAccountStream, "private_key_id"); + SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, null)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key_id")); + } } @Test @@ -256,8 +259,8 @@ void fromStream_gdchServiceAccount_correct() throws IOException { GoogleCredentials.fromStream(gdchServiceAccountStream, transportFactory); assertNotNull(credentials); - assertTrue(credentials instanceof GdchCredentials); - assertEquals(GDCH_SA_PROJECT_ID, ((GdchCredentials) credentials).getProjectId()); + assertInstanceOf(GdchCredentials.class, credentials); + assertEquals(GDCH_SA_PROJECT_ID, credentials.getProjectId()); assertEquals( GDCH_SA_SERVICE_IDENTITY_NAME, ((GdchCredentials) credentials).getServiceIdentityName()); assertEquals(GDCH_SA_TOKEN_SERVER_URI, ((GdchCredentials) credentials).getTokenServerUri()); @@ -267,8 +270,8 @@ void fromStream_gdchServiceAccount_correct() throws IOException { credentials = ((GdchCredentials) credentials).createWithGdchAudience(GDCH_API_AUDIENCE); assertNotNull(credentials); - assertTrue(credentials instanceof GdchCredentials); - assertEquals(GDCH_SA_PROJECT_ID, ((GdchCredentials) credentials).getProjectId()); + assertTrue(true); + assertEquals(GDCH_SA_PROJECT_ID, credentials.getProjectId()); assertEquals( GDCH_SA_SERVICE_IDENTITY_NAME, ((GdchCredentials) credentials).getServiceIdentityName()); assertEquals(GDCH_SA_TOKEN_SERVER_URI, ((GdchCredentials) credentials).getTokenServerUri()); @@ -278,7 +281,7 @@ void fromStream_gdchServiceAccount_correct() throws IOException { @Test void fromStream_gdchServiceAccountNoFormatVersion_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( null, GDCH_SA_PROJECT_ID, @@ -286,14 +289,19 @@ void fromStream_gdchServiceAccountNoFormatVersion_throws() throws IOException { GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException(gdchServiceAccountStream, "format_version"); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("format_version")); + } } @Test void fromStream_gdchServiceAccountNoProjectId_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, null, @@ -301,14 +309,19 @@ void fromStream_gdchServiceAccountNoProjectId_throws() throws IOException { GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException(gdchServiceAccountStream, "project"); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("project")); + } } @Test void fromStream_gdchServiceAccountNoPrivateKeyId_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, GDCH_SA_PROJECT_ID, @@ -316,14 +329,19 @@ void fromStream_gdchServiceAccountNoPrivateKeyId_throws() throws IOException { GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException(gdchServiceAccountStream, "private_key_id"); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key_id")); + } } @Test void fromStream_gdchServiceAccountNoPrivateKey_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, GDCH_SA_PROJECT_ID, @@ -331,14 +349,19 @@ void fromStream_gdchServiceAccountNoPrivateKey_throws() throws IOException { null, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException(gdchServiceAccountStream, "private_key"); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key")); + } } @Test void fromStream_gdchServiceAccountNoServiceIdentityName_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, GDCH_SA_PROJECT_ID, @@ -346,14 +369,19 @@ void fromStream_gdchServiceAccountNoServiceIdentityName_throws() throws IOExcept GDCH_SA_PRIVATE_KEY_PKC8, null, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException(gdchServiceAccountStream, "name"); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("name")); + } } @Test void fromStream_gdchServiceAccountNoTokenServerUri_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, GDCH_SA_PROJECT_ID, @@ -361,14 +389,19 @@ void fromStream_gdchServiceAccountNoTokenServerUri_throws() throws IOException { GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - null); - - testFromStreamException(gdchServiceAccountStream, "token_uri"); + null)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("token_uri")); + } } @Test void fromStream_gdchServiceAccountInvalidFormatVersion_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( "100", GDCH_SA_PROJECT_ID, @@ -376,16 +409,23 @@ void fromStream_gdchServiceAccountInvalidFormatVersion_throws() throws IOExcepti GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, GDCH_SA_CA_CERT_PATH, - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException( - gdchServiceAccountStream, - String.format("Only format version %s is supported", GDCH_SA_FORMAT_VERSION)); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue( + exception + .getMessage() + .contains( + String.format("Only format version %s is supported", GDCH_SA_FORMAT_VERSION))); + } } @Test void fromStream_gdchServiceAccountInvalidCaCertPath_throws() throws IOException { - InputStream gdchServiceAccountStream = + try (InputStream gdchServiceAccountStream = GdchCredentialsTest.writeGdchServiceAccountStream( GDCH_SA_FORMAT_VERSION, GDCH_SA_PROJECT_ID, @@ -393,11 +433,15 @@ void fromStream_gdchServiceAccountInvalidCaCertPath_throws() throws IOException GDCH_SA_PRIVATE_KEY_PKC8, GDCH_SA_SERVICE_IDENTITY_NAME, "/path/to/missing/file", - GDCH_SA_TOKEN_SERVER_URI); - - testFromStreamException( - gdchServiceAccountStream, - String.format("Error reading certificate file from CA cert path")); + GDCH_SA_TOKEN_SERVER_URI)) { + IOException exception = + assertThrows( + IOException.class, + () -> + GoogleCredentials.fromStream(gdchServiceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue( + exception.getMessage().contains("Error reading certificate file from CA cert path")); + } } @Test @@ -430,27 +474,40 @@ void fromStream_userCredentials_defaultUniverse() throws IOException { @Test void fromStream_userCredentials_NoClientId_throws() throws IOException { - InputStream userStream = - UserCredentialsTest.writeUserStream(null, USER_CLIENT_SECRET, REFRESH_TOKEN, QUOTA_PROJECT); - - testFromStreamException(userStream, "client_id"); + try (InputStream userStream = + UserCredentialsTest.writeUserStream( + null, USER_CLIENT_SECRET, REFRESH_TOKEN, QUOTA_PROJECT)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(userStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_id")); + } } @Test void fromStream_userCredentials_NoClientSecret_throws() throws IOException { - InputStream userStream = - UserCredentialsTest.writeUserStream(USER_CLIENT_ID, null, REFRESH_TOKEN, QUOTA_PROJECT); - - testFromStreamException(userStream, "client_secret"); + try (InputStream userStream = + UserCredentialsTest.writeUserStream(USER_CLIENT_ID, null, REFRESH_TOKEN, QUOTA_PROJECT)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(userStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_secret")); + } } @Test void fromStream_userCredentials_NoRefreshToken_throws() throws IOException { - InputStream userStream = + try (InputStream userStream = UserCredentialsTest.writeUserStream( - USER_CLIENT_ID, USER_CLIENT_SECRET, null, QUOTA_PROJECT); - - testFromStreamException(userStream, "refresh_token"); + USER_CLIENT_ID, USER_CLIENT_SECRET, null, QUOTA_PROJECT)) { + IOException exception = + assertThrows( + IOException.class, + () -> GoogleCredentials.fromStream(userStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("refresh_token")); + } } @Test @@ -723,7 +780,7 @@ void create_withoutUniverse() throws IOException { GoogleCredentials credentials = GoogleCredentials.create(token); assertEquals(GOOGLE_DEFAULT_UNIVERSE, credentials.getUniverseDomain()); - assertEquals(false, credentials.isExplicitUniverseDomain()); + assertFalse(credentials.isExplicitUniverseDomain()); } @Test @@ -732,7 +789,7 @@ void create_withUniverse() throws IOException { GoogleCredentials credentials = GoogleCredentials.create("some-universe", token); assertEquals("some-universe", credentials.getUniverseDomain()); - assertEquals(true, credentials.isExplicitUniverseDomain()); + assertTrue(credentials.isExplicitUniverseDomain()); } @Test @@ -748,7 +805,7 @@ void buildWithQuotaProject() { assertEquals("", withEmptyQuota.getQuotaProjectId()); GoogleCredentials sameCredentials = googleCredentials.createWithQuotaProject(null); - assertEquals(null, sameCredentials.getQuotaProjectId()); + assertNull(sameCredentials.getQuotaProjectId()); } @Test @@ -758,17 +815,17 @@ void buildWithUniverseDomain() throws IOException { GoogleCredentials updated = original.toBuilder().setUniverseDomain("universe2").build(); assertEquals("universe1", original.getUniverseDomain()); - assertEquals(true, original.isExplicitUniverseDomain()); + assertTrue(original.isExplicitUniverseDomain()); assertEquals("universe2", updated.getUniverseDomain()); - assertEquals(true, updated.isExplicitUniverseDomain()); + assertTrue(updated.isExplicitUniverseDomain()); GoogleCredentials withEmpty = original.toBuilder().setUniverseDomain("").build(); assertEquals(GOOGLE_DEFAULT_UNIVERSE, withEmpty.getUniverseDomain()); - assertEquals(false, withEmpty.isExplicitUniverseDomain()); + assertFalse(withEmpty.isExplicitUniverseDomain()); GoogleCredentials withNull = original.toBuilder().setUniverseDomain(null).build(); assertEquals(GOOGLE_DEFAULT_UNIVERSE, withNull.getUniverseDomain()); - assertEquals(false, withNull.isExplicitUniverseDomain()); + assertFalse(withNull.isExplicitUniverseDomain()); } @Test @@ -778,22 +835,22 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(testCredentials, deserializedCredentials); assertEquals(testCredentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(testCredentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test - void toString_containsFields() throws IOException { + void toString_containsFields() { String expectedToString = String.format( "GoogleCredentials{quotaProjectId=%s, universeDomain=%s, isExplicitUniverseDomain=%s}", - "some-project", "googleapis.com", false, "[some scope]"); + "some-project", "googleapis.com", false); GoogleCredentials credentials = GoogleCredentials.newBuilder().setQuotaProjectId("some-project").build(); assertEquals(expectedToString, credentials.toString()); } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { GoogleCredentials credentials = GoogleCredentials.newBuilder().setUniverseDomain("some-domain").build(); GoogleCredentials otherCredentials = @@ -802,24 +859,13 @@ void hashCode_equals() throws IOException { } @Test - void equals_true() throws IOException { + void equals_true() { GoogleCredentials credentials = GoogleCredentials.newBuilder().setUniverseDomain("some-domain").build(); GoogleCredentials otherCredentials = GoogleCredentials.newBuilder().setUniverseDomain("some-domain").build(); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); - } - - private static void testFromStreamException(InputStream stream, String expectedMessageContent) { - try { - GoogleCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY); - fail( - String.format( - "Should throw exception with message containing '%s'", expectedMessageContent)); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessageContent)); - } + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ITDownscopingTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ITDownscopingTest.java index 2a04d7710..5422760c4 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ITDownscopingTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ITDownscopingTest.java @@ -32,8 +32,8 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.GenericUrl; import com.google.api.client.http.HttpRequest; @@ -122,12 +122,11 @@ public AccessToken refreshAccessToken() throws IOException { // Attempt to retrieve the object that the downscoped token does not have access to. This should // fail. - try { - retrieveObjectFromGcs(credentials, GCS_OBJECT_NAME_WITHOUT_PERMISSION); - fail("Call to GCS should have failed."); - } catch (HttpResponseException e) { - assertEquals(403, e.getStatusCode()); - } + HttpResponseException e = + assertThrows( + HttpResponseException.class, + () -> retrieveObjectFromGcs(credentials, GCS_OBJECT_NAME_WITHOUT_PERMISSION)); + assertEquals(403, e.getStatusCode()); } private void retrieveObjectFromGcs(Credentials credentials, String objectName) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ITWorkloadIdentityFederationTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ITWorkloadIdentityFederationTest.java index d1574a06a..0f1cdd309 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ITWorkloadIdentityFederationTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ITWorkloadIdentityFederationTest.java @@ -312,13 +312,13 @@ private GenericJson buildIdentityPoolCredentialConfig() throws IOException { private GenericJson buildPluggableCredentialConfig() throws IOException { String idToken = generateGoogleIdToken(OIDC_AUDIENCE); - Instant expiration_time = Instant.now().plusSeconds(60 * 60); + Instant expirationTime = Instant.now().plusSeconds(60 * 60); GenericJson executableJson = new GenericJson(); executableJson.setFactory(OAuth2Utils.JSON_FACTORY); executableJson.put("success", true); executableJson.put("version", 1); - executableJson.put("expiration_time", expiration_time.toEpochMilli()); + executableJson.put("expirationTime", expirationTime.toEpochMilli()); executableJson.put("token_type", "urn:ietf:params:oauth:token-type:jwt"); executableJson.put("id_token", idToken); @@ -403,8 +403,8 @@ private void callGcs(GoogleCredentials credentials) throws IOException { } /** - * Generates a Google ID token using the iamcredentials generateIdToken API. - * https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-oidc + * Generates a Google ID token using the iamcredentials generateIdToken API. ... */ private String generateGoogleIdToken(String audience) throws IOException { GoogleCredentials googleCredentials = @@ -451,10 +451,10 @@ private String getXmlValueByTagName(String rawXml, String tagName) { return null; } - private class ITAwsSecurityCredentialsProvider implements AwsSecurityCredentialsSupplier { + private static class ITAwsSecurityCredentialsProvider implements AwsSecurityCredentialsSupplier { - private String region; - private AwsSecurityCredentials credentials; + private final String region; + private final AwsSecurityCredentials credentials; ITAwsSecurityCredentialsProvider(String region, AwsSecurityCredentials credentials) { this.region = region; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdTokenTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdTokenTest.java index 52fa2c008..6ab42fa49 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/IdTokenTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/IdTokenTest.java @@ -32,8 +32,7 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import java.io.IOException; import java.util.Date; @@ -61,16 +60,16 @@ void constructor() throws IOException { void equals_true() throws IOException { IdToken accessToken = IdToken.create(TOKEN_1); IdToken otherAccessToken = IdToken.create(TOKEN_1); - assertTrue(accessToken.equals(otherAccessToken)); - assertTrue(otherAccessToken.equals(accessToken)); + assertEquals(accessToken, otherAccessToken); + assertEquals(otherAccessToken, accessToken); } @Test void equals_false_token() throws IOException { IdToken accessToken = IdToken.create(TOKEN_1); IdToken otherAccessToken = IdToken.create(TOKEN_2); - assertFalse(accessToken.equals(otherAccessToken)); - assertFalse(otherAccessToken.equals(accessToken)); + assertNotEquals(accessToken, otherAccessToken); + assertNotEquals(otherAccessToken, accessToken); } @Test diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java index 6997c79b0..0ce63627c 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java @@ -34,12 +34,12 @@ import static com.google.auth.Credentials.GOOGLE_DEFAULT_UNIVERSE; import static com.google.auth.oauth2.MockExternalAccountCredentialsTransport.SERVICE_ACCOUNT_IMPERSONATION_URL; import static com.google.auth.oauth2.OAuth2Utils.JSON_FACTORY; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; @@ -78,7 +78,7 @@ class IdentityPoolCredentialsTest extends BaseSerializationTest { (ExternalAccountSupplierContext context) -> "testSubjectToken"; @Test - void createdScoped_clonedCredentialWithAddedScopes() throws IOException { + void createdScoped_clonedCredentialWithAddedScopes() { IdentityPoolCredentials credentials = IdentityPoolCredentials.newBuilder(createBaseFileSourcedCredentials()) .setServiceAccountImpersonationUrl(SERVICE_ACCOUNT_IMPERSONATION_URL) @@ -188,12 +188,11 @@ void retrieveSubjectToken_fileSourcedWithNullFormat_throws() throws IOException credentialSourceMap.put("file", file.getAbsolutePath()); credentialSourceMap.put("format", formatMap); - try { - new IdentityPoolCredentialSource(credentialSourceMap); - fail("Exception should be thrown due to null format."); - } catch (IllegalArgumentException e) { - assertEquals("Invalid credential source format type: null.", e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> new IdentityPoolCredentialSource(credentialSourceMap)); + assertEquals("Invalid credential source format type: null.", e.getMessage()); } @Test @@ -209,14 +208,10 @@ void retrieveSubjectToken_noFile_throws() { .setCredentialSource(credentialSource) .build(); - try { - credentials.retrieveSubjectToken(); - fail("Exception should be thrown."); - } catch (IOException e) { - assertEquals( - String.format("Invalid credential location. The file at %s does not exist.", path), - e.getMessage()); - } + IOException e = assertThrows(IOException.class, credentials::retrieveSubjectToken); + assertEquals( + String.format("Invalid credential location. The file at %s does not exist.", path), + e.getMessage()); } @Test @@ -276,15 +271,11 @@ void retrieveSubjectToken_urlSourcedCredential_throws() { buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl())) .build(); - try { - credential.retrieveSubjectToken(); - fail("Exception should be thrown."); - } catch (IOException e) { - assertEquals( - String.format( - "Error getting subject token from metadata server: %s", response.getMessage()), - e.getMessage()); - } + IOException e = assertThrows(IOException.class, credential::retrieveSubjectToken); + assertEquals( + String.format( + "Error getting subject token from metadata server: %s", response.getMessage()), + e.getMessage()); } @Test @@ -303,7 +294,7 @@ void retrieveSubjectToken_provider() throws IOException { } @Test - void retrieveSubjectToken_providerThrowsError() throws IOException { + void retrieveSubjectToken_providerThrowsError() { IOException testException = new IOException("test"); IdentityPoolSubjectTokenSupplier errorProvider = @@ -316,12 +307,8 @@ void retrieveSubjectToken_providerThrowsError() throws IOException { .setSubjectTokenSupplier(errorProvider) .build(); - try { - String subjectToken = credentials.retrieveSubjectToken(); - fail("retrieveSubjectToken should fail."); - } catch (IOException e) { - assertEquals("test", e.getMessage()); - } + IOException e = assertThrows(IOException.class, credentials::retrieveSubjectToken); + assertEquals("test", e.getMessage()); } @Test @@ -458,7 +445,7 @@ void refreshAccessToken_withServiceAccountImpersonationOptions() throws IOExcept .setCredentialSource( buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl())) .setServiceAccountImpersonationOptions( - ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800)) + ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions()) .build(); AccessToken accessToken = credential.refreshAccessToken(); @@ -590,7 +577,7 @@ void refreshAccessToken_workforceWithServiceAccountImpersonationOptions() throws buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl())) .setWorkforcePoolUserProject("userProject") .setServiceAccountImpersonationOptions( - ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800)) + ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions()) .build(); AccessToken accessToken = credential.refreshAccessToken(); @@ -646,7 +633,7 @@ void identityPoolCredentialSource_validFormats() { credentialSourceMapWithUrlJsonTextSource); for (Map source : sources) { // Should not throw. - new IdentityPoolCredentialSource(source); + assertDoesNotThrow(() -> new IdentityPoolCredentialSource(source)); } } @@ -689,20 +676,20 @@ void identityPoolCredentialSource_caseInsensitive() { credentialSourceMapWithUrlJsonTextSource); for (Map source : sources) { // Should not throw. - new IdentityPoolCredentialSource(source); + assertDoesNotThrow(() -> new IdentityPoolCredentialSource(source)); } } @Test void identityPoolCredentialSource_invalidSourceType() { - try { - new IdentityPoolCredentialSource(new HashMap<>()); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "Missing credential source file location, URL, or certificate. At least one must be specified.", - exception.getMessage()); - } + HashMap credentialSourceMap = new HashMap<>(); + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> new IdentityPoolCredentialSource(credentialSourceMap)); + assertEquals( + "Missing credential source file location, URL, or certificate. At least one must be specified.", + e.getMessage()); } @Test @@ -714,12 +701,11 @@ void identityPoolCredentialSource_invalidFormatType() { format.put("type", "unsupportedType"); credentialSourceMap.put("format", format); - try { - new IdentityPoolCredentialSource(credentialSourceMap); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals("Invalid credential source format type: unsupportedType.", e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> new IdentityPoolCredentialSource(credentialSourceMap)); + assertEquals("Invalid credential source format type: unsupportedType.", e.getMessage()); } @Test @@ -731,12 +717,11 @@ void identityPoolCredentialSource_nullFormatType() { format.put("type", null); credentialSourceMap.put("format", format); - try { - new IdentityPoolCredentialSource(credentialSourceMap); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals("Invalid credential source format type: null.", e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> new IdentityPoolCredentialSource(credentialSourceMap)); + assertEquals("Invalid credential source format type: null.", e.getMessage()); } @Test @@ -748,18 +733,17 @@ void identityPoolCredentialSource_subjectTokenFieldNameUnset() { format.put("type", "json"); credentialSourceMap.put("format", format); - try { - new IdentityPoolCredentialSource(credentialSourceMap); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - "When specifying a JSON credential type, the subject_token_field_name must be set.", - e.getMessage()); - } + IllegalArgumentException e = + assertThrows( + IllegalArgumentException.class, + () -> new IdentityPoolCredentialSource(credentialSourceMap)); + assertEquals( + "When specifying a JSON credential type, the subject_token_field_name must be set.", + e.getMessage()); } @Test - void builder_allFields() throws IOException { + void builder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); IdentityPoolCredentialSource credentialSource = createFileCredentialSource(); @@ -831,23 +815,20 @@ void builder_invalidWorkforceAudiences_throws() { "//iam.googleapis.com/locations/global/workforce/providers"); for (String audience : invalidAudiences) { - try { - IdentityPoolCredentials.newBuilder() - .setWorkforcePoolUserProject("workforcePoolUserProject") - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience(audience) - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setTokenInfoUrl("tokenInfoUrl") - .setCredentialSource(createFileCredentialSource()) - .setQuotaProjectId("quotaProjectId") - .build(); - fail("Exception should be thrown."); - } catch (IllegalArgumentException e) { - assertEquals( - "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", - e.getMessage()); - } + IdentityPoolCredentials.Builder builder = + IdentityPoolCredentials.newBuilder() + .setWorkforcePoolUserProject("workforcePoolUserProject") + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience(audience) + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setTokenInfoUrl("tokenInfoUrl") + .setCredentialSource(createFileCredentialSource()) + .setQuotaProjectId("quotaProjectId"); + IllegalArgumentException e = assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", + e.getMessage()); } } @@ -872,44 +853,37 @@ void builder_emptyWorkforceUserProjectWithWorkforceAudience() { @Test void builder_supplierAndCredSourceThrows() { - try { - IdentityPoolCredentials credentials = - IdentityPoolCredentials.newBuilder() - .setSubjectTokenSupplier(testProvider) - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .setCredentialSource(createFileCredentialSource()) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "IdentityPoolCredentials cannot have both a subjectTokenSupplier and a credentialSource.", - exception.getMessage()); - } + IdentityPoolCredentials.Builder builder = + IdentityPoolCredentials.newBuilder() + .setSubjectTokenSupplier(testProvider) + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL) + .setCredentialSource(createFileCredentialSource()); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "IdentityPoolCredentials cannot have both a subjectTokenSupplier and a credentialSource.", + exception.getMessage()); } @Test - void builder_noSupplierOrCredSourceThrows() throws IOException { - - try { - IdentityPoolCredentials credentials = - IdentityPoolCredentials.newBuilder() - .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) - .setAudience("audience") - .setSubjectTokenType("subjectTokenType") - .setTokenUrl(STS_URL) - .build(); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "A subjectTokenSupplier or a credentialSource must be provided.", exception.getMessage()); - } + void builder_noSupplierOrCredSourceThrows() { + IdentityPoolCredentials.Builder builder = + IdentityPoolCredentials.newBuilder() + .setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY) + .setAudience("audience") + .setSubjectTokenType("subjectTokenType") + .setTokenUrl(STS_URL); + IllegalArgumentException exception = + assertThrows(IllegalArgumentException.class, builder::build); + assertEquals( + "A subjectTokenSupplier or a credentialSource must be provided.", exception.getMessage()); } @Test - void builder_missingUniverseDomain_defaults() throws IOException { + void builder_missingUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); IdentityPoolCredentialSource credentialSource = createFileCredentialSource(); @@ -944,7 +918,7 @@ void builder_missingUniverseDomain_defaults() throws IOException { } @Test - void newBuilder_allFields() throws IOException { + void newBuilder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); IdentityPoolCredentials credentials = @@ -986,7 +960,7 @@ void newBuilder_allFields() throws IOException { } @Test - void newBuilder_noUniverseDomain_defaults() throws IOException { + void newBuilder_noUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); IdentityPoolCredentials credentials = diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index d85f2db80..ba790be3e 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -34,12 +34,12 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -47,6 +47,7 @@ import com.google.api.client.json.GenericJson; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.JsonGenerator; +import com.google.api.client.json.JsonParser; import com.google.api.client.json.gson.GsonFactory; import com.google.api.client.json.webtoken.JsonWebToken.Payload; import com.google.api.client.testing.http.MockLowLevelHttpRequest; @@ -125,10 +126,6 @@ class ImpersonatedCredentialsTest extends BaseSerializationTest { private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ssX"; private static final String TEST_UNIVERSE_DOMAIN = "test.xyz"; - private static final String OLD_IMPERSONATION_URL = - "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/" - + IMPERSONATED_CLIENT_EMAIL - + ":generateAccessToken"; public static final String DEFAULT_IMPERSONATION_URL = String.format( IamUtils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT, @@ -196,8 +193,7 @@ void fromJson_userAsSource_WithQuotaProjectId() throws IOException { assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(IMMUTABLE_SCOPES_LIST, credentials.getScopes()); assertEquals(3600, credentials.getLifetime()); - GoogleCredentials sourceCredentials = credentials.getSourceCredentials(); - assertTrue(sourceCredentials instanceof UserCredentials); + assertInstanceOf(UserCredentials.class, credentials.getSourceCredentials()); } @Test() @@ -219,8 +215,7 @@ void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException { assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(IMMUTABLE_SCOPES_LIST, credentials.getScopes()); assertEquals(3600, credentials.getLifetime()); - GoogleCredentials sourceCredentials = credentials.getSourceCredentials(); - assertTrue(sourceCredentials instanceof UserCredentials); + assertInstanceOf(UserCredentials.class, credentials.getSourceCredentials()); } @Test() @@ -243,8 +238,7 @@ void fromJson_userAsSource_MissingDelegatesField() throws IOException { assertEquals(new ArrayList(), credentials.getDelegates()); assertEquals(IMMUTABLE_SCOPES_LIST, credentials.getScopes()); assertEquals(3600, credentials.getLifetime()); - GoogleCredentials sourceCredentials = credentials.getSourceCredentials(); - assertTrue(sourceCredentials instanceof UserCredentials); + assertInstanceOf(UserCredentials.class, credentials.getSourceCredentials()); } @Test() @@ -260,19 +254,17 @@ void fromJson_ServiceAccountAsSource() throws IOException { assertEquals(DELEGATES, credentials.getDelegates()); assertEquals(IMMUTABLE_SCOPES_LIST, credentials.getScopes()); assertEquals(3600, credentials.getLifetime()); - GoogleCredentials sourceCredentials = credentials.getSourceCredentials(); - assertTrue(sourceCredentials instanceof ServiceAccountCredentials); + assertInstanceOf(ServiceAccountCredentials.class, credentials.getSourceCredentials()); } @Test() - void fromJson_InvalidFormat() throws IOException { + void fromJson_InvalidFormat() { GenericJson json = buildInvalidCredentialsJson(); - try { - ImpersonatedCredentials.fromJson(json, mockTransportFactory); - fail("An exception should be thrown."); - } catch (CredentialFormatException e) { - assertEquals("An invalid input stream was provided.", e.getMessage()); - } + CredentialFormatException e = + assertThrows( + CredentialFormatException.class, + () -> ImpersonatedCredentials.fromJson(json, mockTransportFactory)); + assertEquals("An invalid input stream was provided.", e.getMessage()); } @Test() @@ -282,7 +274,7 @@ void createScopedRequired_True() { sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, - new ArrayList(), + new ArrayList<>(), VALID_LIFETIME, mockTransportFactory); assertTrue(targetCredentials.createScopedRequired()); @@ -313,15 +305,15 @@ void createScoped() { mockTransportFactory, QUOTA_PROJECT_ID); - ImpersonatedCredentials scoped_credentials = + ImpersonatedCredentials scopedCredentials = (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_LIST); - assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); - assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); - assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); + assertEquals(targetCredentials.getAccount(), scopedCredentials.getAccount()); + assertEquals(targetCredentials.getDelegates(), scopedCredentials.getDelegates()); + assertEquals(targetCredentials.getLifetime(), scopedCredentials.getLifetime()); assertEquals( - targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials()); - assertEquals(targetCredentials.getQuotaProjectId(), scoped_credentials.getQuotaProjectId()); - assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes()); + targetCredentials.getSourceCredentials(), scopedCredentials.getSourceCredentials()); + assertEquals(targetCredentials.getQuotaProjectId(), scopedCredentials.getQuotaProjectId()); + assertEquals(Arrays.asList("scope1", "scope2"), scopedCredentials.getScopes()); } @Test @@ -343,10 +335,10 @@ void createScoped_existingAccessTokenInvalidated() throws IOException { targetCredentials.refresh(); assertEquals(ACCESS_TOKEN, targetCredentials.getAccessToken().getTokenValue()); - ImpersonatedCredentials scoped_credentials = + ImpersonatedCredentials scopedCredentials = (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_LIST); - assertNull(scoped_credentials.getAccessToken()); + assertNull(scopedCredentials.getAccessToken()); } @Test @@ -361,15 +353,15 @@ void createScopedWithImmutableScopes() { mockTransportFactory, QUOTA_PROJECT_ID); - ImpersonatedCredentials scoped_credentials = + ImpersonatedCredentials scopedCredentials = (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); - assertEquals(targetCredentials.getAccount(), scoped_credentials.getAccount()); - assertEquals(targetCredentials.getDelegates(), scoped_credentials.getDelegates()); - assertEquals(targetCredentials.getLifetime(), scoped_credentials.getLifetime()); + assertEquals(targetCredentials.getAccount(), scopedCredentials.getAccount()); + assertEquals(targetCredentials.getDelegates(), scopedCredentials.getDelegates()); + assertEquals(targetCredentials.getLifetime(), scopedCredentials.getLifetime()); assertEquals( - targetCredentials.getSourceCredentials(), scoped_credentials.getSourceCredentials()); - assertEquals(targetCredentials.getQuotaProjectId(), scoped_credentials.getQuotaProjectId()); - assertEquals(Arrays.asList("scope1", "scope2"), scoped_credentials.getScopes()); + targetCredentials.getSourceCredentials(), scopedCredentials.getSourceCredentials()); + assertEquals(targetCredentials.getQuotaProjectId(), scopedCredentials.getQuotaProjectId()); + assertEquals(Arrays.asList("scope1", "scope2"), scopedCredentials.getScopes()); } @Test @@ -385,10 +377,10 @@ void createScopedWithIamEndpointOverride() { QUOTA_PROJECT_ID, IMPERSONATION_OVERRIDE_URL); - ImpersonatedCredentials scoped_credentials = + ImpersonatedCredentials scopedCredentials = (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET); assertEquals( - targetCredentials.getIamEndpointOverride(), scoped_credentials.getIamEndpointOverride()); + targetCredentials.getIamEndpointOverride(), scopedCredentials.getIamEndpointOverride()); } @Test @@ -411,13 +403,9 @@ void refreshAccessToken_unauthorized() throws IOException { VALID_LIFETIME, mockTransportFactory); - try { - targetCredentials.refreshAccessToken().getTokenValue(); - fail(String.format("Should throw exception with message containing '%s'", expectedMessage)); - } catch (IOException expected) { - assertEquals("Error requesting access token", expected.getMessage()); - assertTrue(expected.getCause().getMessage().contains(expectedMessage)); - } + IOException expected = assertThrows(IOException.class, targetCredentials::refreshAccessToken); + assertEquals("Error requesting access token", expected.getMessage()); + assertTrue(expected.getCause().getMessage().contains(expectedMessage)); } @Test() @@ -441,13 +429,9 @@ void refreshAccessToken_malformedTarget() throws IOException { VALID_LIFETIME, mockTransportFactory); - try { - targetCredentials.refreshAccessToken().getTokenValue(); - fail(String.format("Should throw exception with message containing '%s'", expectedMessage)); - } catch (IOException expected) { - assertEquals("Error requesting access token", expected.getMessage()); - assertTrue(expected.getCause().getMessage().contains(expectedMessage)); - } + IOException expected = assertThrows(IOException.class, targetCredentials::refreshAccessToken); + assertEquals("Error requesting access token", expected.getMessage()); + assertTrue(expected.getCause().getMessage().contains(expectedMessage)); } @Test() @@ -459,28 +443,22 @@ void credential_with_zero_lifetime() throws IllegalStateException { } @Test() - void credential_with_invalid_lifetime() throws IOException, IllegalStateException { - - try { - ImpersonatedCredentials targetCredentials = - ImpersonatedCredentials.create( - sourceCredentials, - IMPERSONATED_CLIENT_EMAIL, - null, - IMMUTABLE_SCOPES_LIST, - INVALID_LIFETIME); - targetCredentials.refreshAccessToken().getTokenValue(); - fail( - String.format( - "Should throw exception with message containing '%s'", - "lifetime must be less than or equal to 43200")); - } catch (IllegalStateException expected) { - assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 43200")); - } + void credential_with_invalid_lifetime() throws IllegalStateException { + IllegalStateException expected = + assertThrows( + IllegalStateException.class, + () -> + ImpersonatedCredentials.create( + sourceCredentials, + IMPERSONATED_CLIENT_EMAIL, + null, + IMMUTABLE_SCOPES_LIST, + INVALID_LIFETIME)); + assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 43200")); } @Test() - void credential_with_invalid_scope() throws IOException, IllegalStateException { + void credential_with_invalid_scope() throws IllegalStateException { assertThrows( NullPointerException.class, () -> @@ -674,9 +652,9 @@ void refreshAccessToken_GMT_dateParsedCorrectly() throws IOException, IllegalSta // Set system timezone to GMT Calendar.getInstance(TimeZone.getTimeZone("GMT"))); - assertTrue( - c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli() - == targetCredentials.refreshAccessToken().getExpirationTimeMillis()); + assertEquals( + c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli(), + (long) targetCredentials.refreshAccessToken().getExpirationTimeMillis()); } @Test @@ -700,9 +678,9 @@ void refreshAccessToken_nonGMT_dateParsedCorrectly() throws IOException, Illegal // Set system timezone to one different than GMT Calendar.getInstance(TimeZone.getTimeZone("America/Los_Angeles"))); - assertTrue( - c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli() - == targetCredentials.refreshAccessToken().getExpirationTimeMillis()); + assertEquals( + c.getTime().toInstant().truncatedTo(ChronoUnit.SECONDS).toEpochMilli(), + (long) targetCredentials.refreshAccessToken().getExpirationTimeMillis()); } @Test @@ -721,12 +699,8 @@ void refreshAccessToken_invalidDate() throws IllegalStateException { VALID_LIFETIME, mockTransportFactory); - try { - targetCredentials.refreshAccessToken().getTokenValue(); - fail(String.format("Should throw exception with message containing '%s'", expectedMessage)); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessage)); - } + IOException expected = assertThrows(IOException.class, targetCredentials::refreshAccessToken); + assertTrue(expected.getMessage().contains(expectedMessage)); } @Test @@ -792,13 +766,13 @@ void sign_requestIncludesDelegates() throws IOException { assertArrayEquals(expectedSignature, targetCredentials.sign(expectedSignature)); MockLowLevelHttpRequest request = mockTransportFactory.getTransport().getRequest(); - GenericJson body = - JSON_FACTORY - .createJsonParser(request.getContentAsString()) - .parseAndClose(GenericJson.class); - List delegates = new ArrayList<>(); - delegates.add("delegate@example.com"); - assertEquals(delegates, body.get("delegates")); + + try (JsonParser jsonParser = JSON_FACTORY.createJsonParser(request.getContentAsString())) { + GenericJson body = jsonParser.parseAndClose(GenericJson.class); + List delegates = new ArrayList<>(); + delegates.add("delegate@example.com"); + assertEquals(delegates, body.get("delegates")); + } } @Test @@ -806,7 +780,7 @@ void sign_usesSourceCredentials() { Calendar c = Calendar.getInstance(); c.add(Calendar.DATE, 1); Date expiry = c.getTime(); - GoogleCredentials sourceCredentials = + GoogleCredentials sourceCred = new GoogleCredentials.Builder() .setAccessToken(new AccessToken("source-token", expiry)) .build(); @@ -817,7 +791,7 @@ void sign_usesSourceCredentials() { mockTransportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, ""); ImpersonatedCredentials targetCredentials = ImpersonatedCredentials.create( - sourceCredentials, + sourceCred, IMPERSONATED_CLIENT_EMAIL, ImmutableList.of("delegate@example.com"), IMMUTABLE_SCOPES_LIST, @@ -857,15 +831,11 @@ void sign_accessDenied_throws() { .getTransport() .addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_FORBIDDEN, "Sign Error"); - try { - byte[] bytes = {0xD, 0xE, 0xA, 0xD}; - targetCredentials.sign(bytes); - fail("Signing should have failed"); - } catch (SigningException e) { - assertEquals("Failed to sign the provided bytes", e.getMessage()); - assertNotNull(e.getCause()); - assertTrue(e.getCause().getMessage().contains("403")); - } + SigningException e = + assertThrows(SigningException.class, () -> targetCredentials.sign(expectedSignature)); + assertEquals("Failed to sign the provided bytes", e.getMessage()); + assertNotNull(e.getCause()); + assertTrue(e.getCause().getMessage().contains("403")); } @Test @@ -890,15 +860,11 @@ void sign_serverError_throws() { .getTransport() .addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_NOT_FOUND, "Sign Error"); - try { - byte[] bytes = {0xD, 0xE, 0xA, 0xD}; - targetCredentials.sign(bytes); - fail("Signing should have failed"); - } catch (SigningException e) { - assertEquals("Failed to sign the provided bytes", e.getMessage()); - assertNotNull(e.getCause()); - assertTrue(e.getCause().getMessage().contains("404")); - } + SigningException e = + assertThrows(SigningException.class, () -> targetCredentials.sign(expectedSignature)); + assertEquals("Failed to sign the provided bytes", e.getMessage()); + assertNotNull(e.getCause()); + assertTrue(e.getCause().getMessage().contains("404")); } @Test @@ -1093,12 +1059,8 @@ void idToken_withServerError() { .setIdTokenProvider(targetCredentials) .setTargetAudience(targetAudience) .build(); - try { - tokenCredential.refresh(); - fail("Should not be able to use credential without exception."); - } catch (IOException e) { - assertTrue(e.getMessage().contains("Error code 500 trying to getIDToken")); - } + IOException e = assertThrows(IOException.class, tokenCredential::refresh); + assertTrue(e.getMessage().contains("Error code 500 trying to getIDToken")); } @Test @@ -1127,12 +1089,8 @@ void idToken_withOtherError() { .setIdTokenProvider(targetCredentials) .setTargetAudience(targetAudience) .build(); - try { - tokenCredential.refresh(); - fail("Should not be able to use credential without exception."); - } catch (IOException e) { - assertTrue(e.getMessage().contains("Unexpected Error code 301 trying to getIDToken")); - } + IOException e = assertThrows(IOException.class, tokenCredential::refresh); + assertTrue(e.getMessage().contains("Unexpected Error code 301 trying to getIDToken")); } @Test @@ -1169,22 +1127,20 @@ void universeDomain_getFromSourceCredentials() throws IOException { } @Test - void universeDomain_whenExplicit_notAllowedIfNotMatchToSourceUD() throws IOException { + void universeDomain_whenExplicit_notAllowedIfNotMatchToSourceUD() { GoogleCredentials sourceCredentialsNonGDU = sourceCredentials.toBuilder().setUniverseDomain("source.domain.xyz").build(); + GoogleCredentials.Builder builder = + ImpersonatedCredentials.newBuilder() + .setSourceCredentials(sourceCredentialsNonGDU) + .setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL) + .setDelegates(null) + .setScopes(IMMUTABLE_SCOPES_LIST) + .setLifetime(VALID_LIFETIME) + .setHttpTransportFactory(mockTransportFactory) + .setUniverseDomain("explicit.domain.com"); IllegalStateException illegalStateException = - assertThrows( - IllegalStateException.class, - () -> - ImpersonatedCredentials.newBuilder() - .setSourceCredentials(sourceCredentialsNonGDU) - .setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL) - .setDelegates(null) - .setScopes(IMMUTABLE_SCOPES_LIST) - .setLifetime(VALID_LIFETIME) - .setHttpTransportFactory(mockTransportFactory) - .setUniverseDomain("explicit.domain.com") - .build()); + assertThrows(IllegalStateException.class, builder::build); assertEquals( "Universe domain source.domain.xyz in source credentials" + " does not match explicit.domain.com universe domain set for impersonated credentials.", @@ -1249,7 +1205,7 @@ void scopes_userConfiguredAndFromJson() throws IOException { } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { mockTransportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL); mockTransportFactory.getTransport().setAccessToken(ACCESS_TOKEN); mockTransportFactory.getTransport().setExpireTime(getDefaultExpireTime()); @@ -1294,7 +1250,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(targetCredentials, deserializedCredentials); assertEquals(targetCredentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(targetCredentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } public static String getDefaultExpireTime() { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/JwtCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/JwtCredentialsTest.java index 95a4e3f4d..dc93eede2 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/JwtCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/JwtCredentialsTest.java @@ -35,7 +35,7 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; -import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.gson.GsonFactory; @@ -95,51 +95,38 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.getClock(), Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.getClock()); } @Test void builder_requiresPrivateKey() { - try { - JwtClaims claims = - JwtClaims.newBuilder() - .setAudience("some-audience") - .setIssuer("some-issuer") - .setSubject("some-subject") - .build(); - JwtCredentials.newBuilder().setJwtClaims(claims).setPrivateKeyId(PRIVATE_KEY_ID).build(); - fail("Should throw exception"); - } catch (NullPointerException ex) { - // expected - } + JwtClaims claims = + JwtClaims.newBuilder() + .setAudience("some-audience") + .setIssuer("some-issuer") + .setSubject("some-subject") + .build(); + JwtCredentials.Builder builder = + JwtCredentials.newBuilder().setJwtClaims(claims).setPrivateKeyId(PRIVATE_KEY_ID); + assertThrows(NullPointerException.class, builder::build); } @Test void builder_requiresClaims() { - try { - JwtCredentials.newBuilder() - .setPrivateKeyId(PRIVATE_KEY_ID) - .setPrivateKey(getPrivateKey()) - .build(); - fail("Should throw exception"); - } catch (NullPointerException ex) { - // expected - } + JwtCredentials.Builder builder = + JwtCredentials.newBuilder().setPrivateKeyId(PRIVATE_KEY_ID).setPrivateKey(getPrivateKey()); + assertThrows(NullPointerException.class, builder::build); } @Test void builder_requiresCompleteClaims() { - try { - JwtClaims claims = JwtClaims.newBuilder().build(); - JwtCredentials.newBuilder() - .setJwtClaims(claims) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setPrivateKey(getPrivateKey()) - .build(); - fail("Should throw exception"); - } catch (IllegalStateException ex) { - // expected - } + JwtClaims claims = JwtClaims.newBuilder().build(); + JwtCredentials.Builder builder = + JwtCredentials.newBuilder() + .setJwtClaims(claims) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setPrivateKey(getPrivateKey()); + assertThrows(IllegalStateException.class, builder::build); } @Test diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java index fc9f8ba3e..7719b08d2 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockExternalAccountCredentialsTransport.java @@ -84,11 +84,11 @@ public class MockExternalAccountCredentialsTransport extends MockHttpTransport { static final String IAM_ENDPOINT = "https://iamcredentials.googleapis.com"; - private Queue responseSequence = new ArrayDeque<>(); - private Queue responseErrorSequence = new ArrayDeque<>(); - private Queue refreshTokenSequence = new ArrayDeque<>(); - private Queue> scopeSequence = new ArrayDeque<>(); - private List requests = new ArrayList<>(); + private final Queue responseSequence = new ArrayDeque<>(); + private final Queue responseErrorSequence = new ArrayDeque<>(); + private final Queue refreshTokenSequence = new ArrayDeque<>(); + private final Queue> scopeSequence = new ArrayDeque<>(); + private final List requests = new ArrayList<>(); private String expireTime; private String metadataServerContentType; private String stsContent; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransportFactory.java b/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransportFactory.java index a1df56b4b..c21a42f37 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransportFactory.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransportFactory.java @@ -35,7 +35,7 @@ import com.google.auth.http.HttpTransportFactory; public class MockIAMCredentialsServiceTransportFactory implements HttpTransportFactory { - private MockIAMCredentialsServiceTransport transport; + private final MockIAMCredentialsServiceTransport transport; MockIAMCredentialsServiceTransportFactory() { this(Credentials.GOOGLE_DEFAULT_UNIVERSE); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java index 725a124fc..1b218b73e 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockMetadataServerTransport.java @@ -44,8 +44,7 @@ import com.google.common.io.BaseEncoding; import java.io.IOException; import java.io.UnsupportedEncodingException; -import java.net.MalformedURLException; -import java.net.URL; +import java.net.URI; import java.net.URLDecoder; import java.util.HashMap; import java.util.List; @@ -168,10 +167,9 @@ public LowLevelHttpResponse execute() throws IOException { GenericJson signContents = new GenericJson(); signContents.setFactory(OAuth2Utils.JSON_FACTORY); signContents.put("signedBlob", BaseEncoding.base64().encode(signature)); - - String signature = signContents.toPrettyString(); - - return new MockLowLevelHttpResponse().setContentType(Json.MEDIA_TYPE).setContent(signature); + return new MockLowLevelHttpResponse() + .setContentType(Json.MEDIA_TYPE) + .setContent(signContents.toPrettyString()); } }; } @@ -228,7 +226,7 @@ public LowLevelHttpResponse execute() throws IOException { } private MockLowLevelHttpRequest getMockRequestForIdentityDocument(String url) - throws MalformedURLException, UnsupportedEncodingException { + throws UnsupportedEncodingException { if (statusCode != null && statusCode != HttpStatusCodes.STATUS_CODE_OK) { return new MockLowLevelHttpRequest(url) { @Override @@ -254,7 +252,7 @@ public LowLevelHttpResponse execute() { // https://cloud.google.com/compute/docs/instances/verifying-instance-identity#token_format Map queryPairs = new HashMap(); - String query = (new URL(url)).getQuery(); + String query = (URI.create(url)).getQuery(); String[] pairs = query.split("&"); for (String pair : pairs) { int idx = pair.indexOf("="); @@ -263,33 +261,29 @@ public LowLevelHttpResponse execute() { URLDecoder.decode(pair.substring(idx + 1), "UTF-8")); } - if (queryPairs.containsKey("format")) { - if (((String) queryPairs.get("format")).equals("full")) { - - // return licenses only if format=full is set - if (queryPairs.containsKey("licenses")) { - // The metadata server defaults to false and matches "on", "off" and ::absl::SimpleAtob. - // See https://abseil.io/docs/cpp/guides/strings#numericConversion for more information. - if (BOOL_PARAMETER_VALUE.matcher((String) queryPairs.get("licenses")).matches()) { - return new MockLowLevelHttpRequest(url) { - @Override - public LowLevelHttpResponse execute() throws IOException { - return new MockLowLevelHttpResponse() - .setContent(ComputeEngineCredentialsTest.FULL_ID_TOKEN_WITH_LICENSES); - } - }; - } - } - // otherwise return full format + if (queryPairs.containsKey("format") && queryPairs.get("format").equals("full")) { + // return licenses only if format=full is set + if (queryPairs.containsKey("licenses") + && BOOL_PARAMETER_VALUE.matcher(queryPairs.get("licenses")).matches()) { return new MockLowLevelHttpRequest(url) { @Override public LowLevelHttpResponse execute() throws IOException { return new MockLowLevelHttpResponse() - .setContent(ComputeEngineCredentialsTest.FULL_ID_TOKEN); + .setContent(ComputeEngineCredentialsTest.FULL_ID_TOKEN_WITH_LICENSES); } }; } + + // otherwise return full format + return new MockLowLevelHttpRequest(url) { + @Override + public LowLevelHttpResponse execute() throws IOException { + return new MockLowLevelHttpResponse() + .setContent(ComputeEngineCredentialsTest.FULL_ID_TOKEN); + } + }; } + // Return default format if nothing is set return new MockLowLevelHttpRequest(url) { @Override diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenCheckingTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenCheckingTransport.java index 3ef4df2fe..11af02041 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenCheckingTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenCheckingTransport.java @@ -44,8 +44,8 @@ public class MockTokenCheckingTransport extends HttpTransport { public static final String SUCCESS_CONTENT = "{\"key\":\"value\"}"; - private MockTokenServerTransport tokenServer; - private String refreshToken; + private final MockTokenServerTransport tokenServer; + private final String refreshToken; public MockTokenCheckingTransport(MockTokenServerTransport tokenServer, String refreshToken) { this.tokenServer = tokenServer; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java index a61c185b5..56fa54c39 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java @@ -75,7 +75,6 @@ public class MockTokenServerTransport extends MockHttpTransport { private final Queue> responseSequence = new ArrayDeque<>(); private int expiresInSeconds = 3600; private MockLowLevelHttpRequest request; - private ClientAuthenticationType clientAuthenticationType; private PKCEProvider pkceProvider; public MockTokenServerTransport() {} @@ -88,9 +87,7 @@ public void setTokenServerUri(URI tokenServerUri) { this.tokenServerUri = tokenServerUri; } - public void setClientAuthType(ClientAuthenticationType type) { - this.clientAuthenticationType = type; - } + public void setClientAuthType(ClientAuthenticationType type) {} public void setPkceProvider(PKCEProvider pkceProvider) { this.pkceProvider = pkceProvider; @@ -141,9 +138,9 @@ public void setError(IOException error) { this.error = error; } - public void addResponseErrorSequence(IOException... errors) { - for (IOException error : errors) { - responseSequence.add(Futures.immediateFailedFuture(error)); + public void addResponseErrorSequence(IOException... ioExceptions) { + for (IOException ioException : ioExceptions) { + responseSequence.add(Futures.immediateFailedFuture(ioException)); } } @@ -173,7 +170,6 @@ public LowLevelHttpRequest buildRequest(String method, String url) throws IOExce } int questionMarkPos = url.indexOf('?'); final String urlWithoutQuery = (questionMarkPos > 0) ? url.substring(0, questionMarkPos) : url; - final String query = (questionMarkPos > 0) ? url.substring(questionMarkPos + 1) : ""; if (!responseSequence.isEmpty()) { request = @@ -258,13 +254,12 @@ public LowLevelHttpResponse execute() throws IOException { JsonWebSignature signature = JsonWebSignature.parse(JSON_FACTORY, assertion); if (OAuth2Utils.GRANT_TYPE_JWT_BEARER.equals(grantType)) { String foundEmail = signature.getPayload().getIssuer(); - if (!serviceAccounts.containsKey(foundEmail)) {} accessToken = serviceAccounts.get(foundEmail); String foundTargetAudience = (String) signature.getPayload().get("target_audience"); String foundScopes = (String) signature.getPayload().get("scope"); - if ((foundScopes == null || foundScopes.length() == 0) - && (foundTargetAudience == null || foundTargetAudience.length() == 0)) { + if ((foundScopes == null || foundScopes.isEmpty()) + && (foundTargetAudience == null || foundTargetAudience.isEmpty())) { throw new IOException("Either target_audience or scopes must be specified."); } @@ -285,7 +280,7 @@ public LowLevelHttpResponse execute() throws IOException { } accessToken = gdchServiceAccounts.get(foundServiceIdentityName); String foundApiAudience = (String) signature.getPayload().get("api_audience"); - if ((foundApiAudience == null || foundApiAudience.length() == 0)) { + if ((foundApiAudience == null || foundApiAudience.isEmpty())) { throw new IOException("Api_audience must be specified."); } } else { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java index a54765abc..c72600618 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java @@ -32,14 +32,15 @@ package com.google.auth.oauth2; import static java.util.concurrent.TimeUnit.HOURS; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.util.Clock; import com.google.auth.TestClock; @@ -100,7 +101,7 @@ void tearDown() { void constructor_storesAccessToken() { OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(ACCESS_TOKEN, null)).build(); - assertEquals(credentials.getAccessToken().getTokenValue(), ACCESS_TOKEN); + assertEquals(ACCESS_TOKEN, credentials.getAccessToken().getTokenValue()); } @Test @@ -169,7 +170,7 @@ public AccessToken refreshAccessToken() throws IOException { assertEquals(lastMetadata, callback.awaitResult()); waitForRefreshTaskCompletion(credentials); assertEquals(1, refreshCount.get()); - lastMetadata = credentials.getRequestMetadata(); + credentials.getRequestMetadata(); refreshCount.set(0); // Fast forward to expired @@ -181,7 +182,7 @@ public AccessToken refreshAccessToken() throws IOException { TestUtils.assertContainsBearerToken(callback.awaitResult(), newToken.getTokenValue()); assertEquals(1, refreshCount.get()); waitForRefreshTaskCompletion(credentials); - lastMetadata = credentials.getRequestMetadata(); + credentials.getRequestMetadata(); } @Test @@ -192,7 +193,7 @@ void getAuthenticationType_returnsOAuth2() { .setClientSecret(CLIENT_SECRET) .setRefreshToken(REFRESH_TOKEN) .build(); - assertEquals(credentials.getAuthenticationType(), "OAuth2"); + assertEquals("OAuth2", credentials.getAuthenticationType()); } @Test @@ -214,7 +215,7 @@ void hasRequestMetadataOnly_returnsTrue() { .setClientSecret(CLIENT_SECRET) .setRefreshToken(REFRESH_TOKEN) .build(); - assertTrue(credentials.hasRequestMetadata()); + assertTrue(credentials.hasRequestMetadataOnly()); } @Test @@ -331,13 +332,9 @@ void getRequestMetadata_blocking_cachesExpiringToken() throws IOException { clock.addToCurrentTime(60 * 60 * 1000); assertEquals(0, transportFactory.transport.buildRequestCount); - try { - credentials.getRequestMetadata(CALL_URI); - fail("Should throw"); - } catch (IOException e) { - assertSame(error, e.getCause()); - assertEquals(1, transportFactory.transport.buildRequestCount--); - } + IOException e = assertThrows(IOException.class, () -> credentials.getRequestMetadata(CALL_URI)); + assertSame(error, e.getCause()); + assertEquals(1, transportFactory.transport.buildRequestCount--); // Reset the error and try again transportFactory.transport.setError(null); @@ -347,7 +344,7 @@ void getRequestMetadata_blocking_cachesExpiringToken() throws IOException { } @Test - void getRequestMetadata_async() throws IOException { + void getRequestMetadata_async() { final String accessToken1 = "1/MkSJoj1xsli0AccessToken_NKPY2"; final String accessToken2 = "2/MkSJoj1xsli0AccessToken_NKPY2"; MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); @@ -668,12 +665,12 @@ public Map> call() throws Exception { // Get the error that getRequestMetadata(uri) created Throwable actualBlockingError = - assertThrows(ExecutionException.class, () -> blockingCall.get()).getCause(); + assertThrows(ExecutionException.class, blockingCall::get).getCause(); assertEquals(error, actualBlockingError); RuntimeException actualAsyncError = - assertThrows(RuntimeException.class, () -> callback1.awaitResult()); + assertThrows(RuntimeException.class, callback1::awaitResult); assertEquals(error, actualAsyncError); } @@ -692,12 +689,9 @@ public AccessToken refreshAccessToken() { expectedStacktrace = expectedStacktrace.subList(1, expectedStacktrace.size()); AtomicReference actualError = new AtomicReference<>(); - try { - creds.getRequestMetadata(CALL_URI); - fail("Should not be able to use credential without exception."); - } catch (Exception refreshError) { - actualError.set(refreshError); - } + Exception refreshError = + assertThrows(RuntimeException.class, () -> creds.getRequestMetadata(CALL_URI)); + actualError.set(refreshError); List actualStacktrace = Arrays.asList(actualError.get().getStackTrace()); actualStacktrace = @@ -789,37 +783,37 @@ void refreshIfExpired_refreshesToken() throws IOException { } @Test - void refresh_temporaryToken_throws() throws IOException { + void refresh_temporaryToken_throws() { OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(ACCESS_TOKEN, null)).build(); - assertThrows(IllegalStateException.class, () -> credentials.refresh()); + assertThrows(IllegalStateException.class, credentials::refresh); } @Test - void equals_true() throws IOException { + void equals_true() { final String accessToken1 = "1/MkSJoj1xsli0AccessToken_NKPY2"; OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(accessToken1, null)).build(); OAuth2Credentials otherCredentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(accessToken1, null)).build(); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test - void equals_false_accessToken() throws IOException { + void equals_false_accessToken() { final String accessToken1 = "1/MkSJoj1xsli0AccessToken_NKPY2"; final String accessToken2 = "2/MkSJoj1xsli0AccessToken_NKPY2"; OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(accessToken1, null)).build(); OAuth2Credentials otherCredentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(accessToken2, null)).build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void toString_containsFields() throws IOException { + void toString_containsFields() { AccessToken accessToken = new AccessToken("1/MkSJoj1xsli0AccessToken_NKPY2", null); OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(accessToken).build(); @@ -829,12 +823,12 @@ void toString_containsFields() throws IOException { ImmutableMap.of( AuthHttpConstants.AUTHORIZATION, ImmutableList.of(OAuth2Utils.BEARER_PREFIX + accessToken.getTokenValue())), - accessToken.toString()); + accessToken); assertEquals(expectedToString, credentials.toString()); } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2"; OAuth2Credentials credentials = OAuth2Credentials.newBuilder().setAccessToken(new AccessToken(accessToken, null)).build(); @@ -852,7 +846,7 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test @@ -862,65 +856,16 @@ void updateTokenValueBeforeWake() throws IOException, InterruptedException { AccessToken refreshedToken = new AccessToken("2/MkSJoj1xsli0AccessToken_NKPY2", null); refreshedTokenFuture.set(refreshedToken); - final ListenableFutureTask task = - ListenableFutureTask.create( - new Callable() { - @Override - public OAuthValue call() throws Exception { - return OAuthValue.create(refreshedToken, new HashMap<>()); - } - }); - - OAuth2Credentials creds = - new OAuth2Credentials() { - @Override - public AccessToken refreshAccessToken() { - synchronized (this) { - // Wake up the main thread. This is done now because the child thread (t) is known to - // have the refresh task. Now we want the main thread to wake up and create a future - // in order to wait for the refresh to complete. - this.notify(); - } - RefreshTaskListener listener = - new RefreshTaskListener(task) { - @Override - public void run() { - try { - // Sleep before setting accessToken to new accessToken. Refresh should not - // complete before this, and the accessToken is `null` until it is. - Thread.sleep(300); - super.run(); - } catch (Exception e) { - fail("Unexpected error. Exception: " + e); - } - } - }; - - this.refreshTask = new RefreshTask(task, listener); - - try { - // Sleep for 100 milliseconds to give parent thread time to create a refresh future. - Thread.sleep(100); - return refreshedTokenFuture.get(); - } catch (Exception e) { - throw new RuntimeException(e); - } - } - }; + OAuth2Credentials creds = getOAuth2Credentials(refreshedToken, refreshedTokenFuture); Thread t = new Thread( - new Runnable() { - @Override - public void run() { - try { - creds.refresh(); - assertNotNull(creds.getAccessToken()); - } catch (Exception e) { - fail("Unexpected error. Exception: " + e); - } - } - }); + () -> + assertDoesNotThrow( + () -> { + creds.refresh(); + assertNotNull(creds.getAccessToken()); + })); t.start(); synchronized (creds) { @@ -941,6 +886,47 @@ public void run() { t.join(); } + private OAuth2Credentials getOAuth2Credentials( + AccessToken refreshedToken, SettableFuture refreshedTokenFuture) { + final ListenableFutureTask task = + ListenableFutureTask.create(() -> OAuthValue.create(refreshedToken, new HashMap<>())); + + return new OAuth2Credentials() { + @Override + public AccessToken refreshAccessToken() { + synchronized (this) { + // Wake up the main thread. This is done now because the child thread (t) is known to + // have the refresh task. Now we want the main thread to wake up and create a future + // in order to wait for the refresh to complete. + this.notify(); + } + RefreshTaskListener listener = + new RefreshTaskListener(task) { + @Override + public void run() { + assertDoesNotThrow( + () -> { + // Sleep before setting accessToken to new accessToken. Refresh should not + // complete before this, and the accessToken is `null` until it is. + Thread.sleep(300); + super.run(); + }); + } + }; + + this.refreshTask = new RefreshTask(task, listener); + + try { + // Sleep for 100 milliseconds to give parent thread time to create a refresh future. + Thread.sleep(100); + return refreshedTokenFuture.get(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + }; + } + private void waitForRefreshTaskCompletion(OAuth2Credentials credentials) throws TimeoutException, InterruptedException { for (int i = 0; i < 100; i++) { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java index 2c285c549..a6b437eab 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java @@ -33,8 +33,9 @@ import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_EXPIRATION_MARGIN; import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_REFRESH_MARGIN; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.fail; +import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.auth.TestUtils; import java.io.IOException; @@ -150,37 +151,24 @@ public AccessToken refreshAccessToken() { @Test void builder_noAccessToken() { - OAuth2CredentialsWithRefresh.newBuilder() - .setRefreshHandler( - new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() { - @Override - public AccessToken refreshAccessToken() { - return null; - } - }) - .build(); + OAuth2CredentialsWithRefresh.Builder builder = + OAuth2CredentialsWithRefresh.newBuilder().setRefreshHandler(() -> null); + assertDoesNotThrow(builder::build); } @Test void builder_noRefreshHandler_throws() { - try { - OAuth2CredentialsWithRefresh.newBuilder().setAccessToken(ACCESS_TOKEN).build(); - fail("Should fail as a refresh handler must be provided."); - } catch (NullPointerException e) { - // Expected. - } + OAuth2CredentialsWithRefresh.Builder builder = + OAuth2CredentialsWithRefresh.newBuilder().setAccessToken(ACCESS_TOKEN); + assertThrows(NullPointerException.class, builder::build); } @Test void builder_noExpirationTimeInAccessToken_throws() { - try { - OAuth2CredentialsWithRefresh.newBuilder() - .setAccessToken(new AccessToken("accessToken", null)) - .build(); - fail("Should fail as a refresh handler must be provided."); - } catch (IllegalArgumentException e) { - // Expected. - } + OAuth2CredentialsWithRefresh.Builder builder = + OAuth2CredentialsWithRefresh.newBuilder() + .setAccessToken(new AccessToken("accessToken", null)); + assertThrows(IllegalArgumentException.class, builder::build); } @Test @@ -189,13 +177,7 @@ void refreshAccessToken_delegateToRefreshHandler() throws IOException { OAuth2CredentialsWithRefresh credentials = OAuth2CredentialsWithRefresh.newBuilder() .setAccessToken(ACCESS_TOKEN) - .setRefreshHandler( - new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() { - @Override - public AccessToken refreshAccessToken() { - return refreshedToken; - } - }) + .setRefreshHandler(() -> refreshedToken) .build(); AccessToken accessToken = credentials.refreshAccessToken(); @@ -210,13 +192,7 @@ void getRequestMetadata() throws IOException { OAuth2CredentialsWithRefresh credentials = OAuth2CredentialsWithRefresh.newBuilder() .setAccessToken(ACCESS_TOKEN) - .setRefreshHandler( - new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() { - @Override - public AccessToken refreshAccessToken() { - return refreshedToken; - } - }) + .setRefreshHandler(() -> refreshedToken) .build(); Map> metadata = credentials.getRequestMetadata(uri); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java index 9832c7821..094b21f9d 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java @@ -36,7 +36,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpTransport; import com.google.api.client.json.GenericJson; @@ -94,7 +93,7 @@ void retrieveSubjectToken_shouldDelegateToHandler() throws IOException { .setExecutableHandler(options -> "pluggableAuthToken") .build(); String subjectToken = credential.retrieveSubjectToken(); - assertEquals(subjectToken, "pluggableAuthToken"); + assertEquals("pluggableAuthToken", subjectToken); } @Test @@ -119,24 +118,24 @@ void retrieveSubjectToken_shouldPassAllOptionsToHandler() throws IOException { String subjectToken = credential.retrieveSubjectToken(); - assertEquals(subjectToken, "pluggableAuthToken"); + assertEquals("pluggableAuthToken", subjectToken); // Validate that the correct options were passed to the executable handler. ExecutableOptions options = providedOptions[0]; - assertEquals(options.getExecutableCommand(), command); + assertEquals(command, options.getExecutableCommand()); assertEquals(options.getExecutableTimeoutMs(), Integer.parseInt(timeout)); - assertEquals(options.getOutputFilePath(), outputFile); + assertEquals(outputFile, options.getOutputFilePath()); Map envMap = options.getEnvironmentMap(); - assertEquals(envMap.size(), 5); + assertEquals(5, envMap.size()); assertEquals(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE"), credential.getAudience()); assertEquals( envMap.get("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE"), credential.getSubjectTokenType()); - assertEquals(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE"), "0"); + assertEquals("0", envMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE")); assertEquals( envMap.get("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL"), credential.getServiceAccountEmail()); - assertEquals(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE"), outputFile); + assertEquals(outputFile, envMap.get("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE")); } @Test @@ -159,20 +158,20 @@ void retrieveSubjectToken_shouldPassMinimalOptionsToHandler() throws IOException String subjectToken = credential.retrieveSubjectToken(); - assertEquals(subjectToken, "pluggableAuthToken"); + assertEquals("pluggableAuthToken", subjectToken); // Validate that the correct options were passed to the executable handler. ExecutableOptions options = providedOptions[0]; - assertEquals(options.getExecutableCommand(), command); - assertEquals(options.getExecutableTimeoutMs(), DEFAULT_EXECUTABLE_TIMEOUT_MS); + assertEquals(command, options.getExecutableCommand()); + assertEquals(DEFAULT_EXECUTABLE_TIMEOUT_MS, options.getExecutableTimeoutMs()); assertNull(options.getOutputFilePath()); Map envMap = options.getEnvironmentMap(); - assertEquals(envMap.size(), 3); + assertEquals(3, envMap.size()); assertEquals(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE"), credential.getAudience()); assertEquals( envMap.get("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE"), credential.getSubjectTokenType()); - assertEquals(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE"), "0"); + assertEquals("0", envMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE")); assertNull(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL")); assertNull(envMap.get("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE")); } @@ -198,7 +197,7 @@ void refreshAccessToken_withoutServiceAccountImpersonation() throws IOException // Validate that the correct subject token was passed to STS. Map query = TestUtils.parseQuery(transportFactory.transport.getRequests().get(0).getContentAsString()); - assertEquals(query.get("subject_token"), "pluggableAuthToken"); + assertEquals("pluggableAuthToken", query.get("subject_token")); // Validate metrics header is set correctly on the sts request. Map> headers = @@ -239,7 +238,7 @@ void refreshAccessToken_withServiceAccountImpersonation() throws IOException { // Validate that the correct subject token was passed to STS. Map query = TestUtils.parseQuery(transportFactory.transport.getRequests().get(0).getContentAsString()); - assertEquals(query.get("subject_token"), "pluggableAuthToken"); + assertEquals("pluggableAuthToken", query.get("subject_token")); // Validate metrics header is set correctly on the sts request. Map> headers = @@ -265,7 +264,7 @@ void refreshAccessToken_withServiceAccountImpersonationOptions() throws IOExcept .setServiceAccountImpersonationUrl( transportFactory.transport.getServiceAccountImpersonationUrl()) .setServiceAccountImpersonationOptions( - ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800)) + ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions()) .setHttpTransportFactory(transportFactory) .build(); @@ -304,9 +303,9 @@ void pluggableAuthCredentialSource_allFields() { PluggableAuthCredentialSource credentialSource = new PluggableAuthCredentialSource(source); - assertEquals(credentialSource.getCommand(), "/path/to/executable"); - assertEquals(credentialSource.getTimeoutMs(), 10000); - assertEquals(credentialSource.getOutputFilePath(), "/path/to/output/file"); + assertEquals("/path/to/executable", credentialSource.getCommand()); + assertEquals(10000, credentialSource.getTimeoutMs()); + assertEquals("/path/to/output/file", credentialSource.getOutputFilePath()); } @Test @@ -317,8 +316,8 @@ void pluggableAuthCredentialSource_noTimeoutProvided_setToDefault() { executable.put("command", "command"); PluggableAuthCredentialSource credentialSource = new PluggableAuthCredentialSource(source); - assertEquals(credentialSource.getCommand(), "command"); - assertEquals(credentialSource.getTimeoutMs(), DEFAULT_EXECUTABLE_TIMEOUT_MS); + assertEquals("command", credentialSource.getCommand()); + assertEquals(DEFAULT_EXECUTABLE_TIMEOUT_MS, credentialSource.getTimeoutMs()); assertNull(credentialSource.getOutputFilePath()); } @@ -335,16 +334,14 @@ void pluggableAuthCredentialSource_timeoutProvidedOutOfRange_throws() { for (int value : possibleOutOfRangeValues) { executable.put("timeout_millis", value); - try { - new PluggableAuthCredentialSource(source); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - String.format( - "The executable timeout must be between %s and %s milliseconds.", - MINIMUM_EXECUTABLE_TIMEOUT_MS, MAXIMUM_EXECUTABLE_TIMEOUT_MS), - exception.getMessage()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, () -> new PluggableAuthCredentialSource(source)); + assertEquals( + String.format( + "The executable timeout must be between %s and %s milliseconds.", + MINIMUM_EXECUTABLE_TIMEOUT_MS, MAXIMUM_EXECUTABLE_TIMEOUT_MS), + exception.getMessage()); } } @@ -362,21 +359,21 @@ void pluggableAuthCredentialSource_validTimeoutProvided() { executable.put("timeout_millis", value); PluggableAuthCredentialSource credentialSource = new PluggableAuthCredentialSource(source); - assertEquals(credentialSource.getCommand(), "command"); - assertEquals(credentialSource.getTimeoutMs(), 10000); + assertEquals("command", credentialSource.getCommand()); + assertEquals(10000, credentialSource.getTimeoutMs()); assertNull(credentialSource.getOutputFilePath()); } } @Test void pluggableAuthCredentialSource_missingExecutableField_throws() { - try { - new PluggableAuthCredentialSource(new HashMap<>()); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "Invalid credential source for PluggableAuth credentials.", exception.getMessage()); - } + HashMap credentialSourceMap = new HashMap<>(); + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, + () -> new PluggableAuthCredentialSource(credentialSourceMap)); + assertEquals( + "Invalid credential source for PluggableAuth credentials.", exception.getMessage()); } @Test @@ -385,18 +382,16 @@ void pluggableAuthCredentialSource_missingExecutableCommandField_throws() { Map executable = new HashMap<>(); source.put("executable", executable); - try { - new PluggableAuthCredentialSource(source); - fail("Should not be able to continue without exception."); - } catch (IllegalArgumentException exception) { - assertEquals( - "The PluggableAuthCredentialSource is missing the required 'command' field.", - exception.getMessage()); - } + IllegalArgumentException exception = + assertThrows( + IllegalArgumentException.class, () -> new PluggableAuthCredentialSource(source)); + assertEquals( + "The PluggableAuthCredentialSource is missing the required 'command' field.", + exception.getMessage()); } @Test - void builder_allFields() throws IOException { + void builder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); PluggableAuthCredentialSource source = buildCredentialSource(); @@ -436,7 +431,7 @@ void builder_allFields() throws IOException { } @Test - void builder_missingUniverseDomain_defaults() throws IOException { + void builder_missingUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); PluggableAuthCredentialSource source = buildCredentialSource(); @@ -475,7 +470,7 @@ void builder_missingUniverseDomain_defaults() throws IOException { } @Test - void newBuilder_allFields() throws IOException { + void newBuilder_allFields() { List scopes = Arrays.asList("scope1", "scope2"); PluggableAuthCredentialSource source = buildCredentialSource(); @@ -517,7 +512,7 @@ void newBuilder_allFields() throws IOException { } @Test - void newBuilder_noUniverseDomain_defaults() throws IOException { + void newBuilder_noUniverseDomain_defaults() { List scopes = Arrays.asList("scope1", "scope2"); PluggableAuthCredentialSource source = buildCredentialSource(); @@ -558,7 +553,7 @@ void newBuilder_noUniverseDomain_defaults() throws IOException { } @Test - void createdScoped_clonedCredentialWithAddedScopes() throws IOException { + void createdScoped_clonedCredentialWithAddedScopes() { PluggableAuthCredentials credentials = PluggableAuthCredentials.newBuilder(CREDENTIAL) .setExecutableHandler(options -> "pluggableAuthToken") @@ -591,7 +586,7 @@ void createdScoped_clonedCredentialWithAddedScopes() throws IOException { } @Test - void serialize() throws IOException, ClassNotFoundException { + void serialize() { PluggableAuthCredentials testCredentials = PluggableAuthCredentials.newBuilder(CREDENTIAL) .setExecutableHandler(options -> "pluggableAuthToken") diff --git a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthExceptionTest.java b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthExceptionTest.java index f924d4137..534ad9f33 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthExceptionTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthExceptionTest.java @@ -39,8 +39,6 @@ /** Tests for {@link PluggableAuthException}. */ class PluggableAuthExceptionTest { - private static final String MESSAGE_FORMAT = "Error code %s: %s"; - @Test void constructor() { PluggableAuthException e = new PluggableAuthException("errorCode", "errorDescription"); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthHandlerTest.java b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthHandlerTest.java index c31266d27..1566c7eed 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthHandlerTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthHandlerTest.java @@ -33,8 +33,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.any; @@ -189,7 +189,7 @@ void retrieveTokenFromExecutable_samlResponse() throws IOException, InterruptedE } @Test - void retrieveTokenFromExecutable_errorResponse_throws() throws InterruptedException, IOException { + void retrieveTokenFromExecutable_errorResponse_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -211,13 +211,12 @@ void retrieveTokenFromExecutable_errorResponse_throws() throws InterruptedExcept PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call retrieveTokenFromExecutable(). - try { - handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("401", e.getErrorCode()); - assertEquals("Caller not authorized.", e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, + () -> handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS)); + assertEquals("401", e.getErrorCode()); + assertEquals("Caller not authorized.", e.getErrorDescription()); } @Test @@ -281,7 +280,7 @@ void retrieveTokenFromExecutable_successResponseWithoutExpirationTimeField() @Test void retrieveTokenFromExecutable_successResponseWithoutExpirationTimeFieldWithOutputFileSpecified_throws() - throws InterruptedException, IOException { + throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -333,19 +332,14 @@ public String getOutputFilePath() { PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); - // Call retrieveTokenFromExecutable() should throw an exception as the STDOUT response - // is missing - // the `expiration_time` field and an output file was specified in the configuration. - try { - handler.retrieveTokenFromExecutable(options); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain the " - + "`expiration_time` field for successful responses when an output_file has been specified in the" - + " configuration.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows( + PluggableAuthException.class, () -> handler.retrieveTokenFromExecutable(options)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain the " + + "`expiration_time` field for successful responses when an output_file has been specified in the" + + " configuration.", + exception.getMessage()); verify(mockProcess, times(i + 1)).destroy(); verify(mockProcess, times(i + 1)) @@ -410,16 +404,14 @@ public String getOutputFilePath() { // Call retrieveTokenFromExecutable() which should throw an exception as the output file // response is missing // the `expiration_time` field. - try { - handler.retrieveTokenFromExecutable(options); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException exception) { - assertEquals( - "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain the " - + "`expiration_time` field for successful responses when an output_file has been specified in the" - + " configuration.", - exception.getMessage()); - } + PluggableAuthException exception = + assertThrows( + PluggableAuthException.class, () -> handler.retrieveTokenFromExecutable(options)); + assertEquals( + "Error code INVALID_EXECUTABLE_RESPONSE: The executable response must contain the " + + "`expiration_time` field for successful responses when an output_file has been specified in the" + + " configuration.", + exception.getMessage()); // Validate executable not invoked. verify(mockProcess, times(0)).destroyForcibly(); @@ -485,8 +477,7 @@ public String getOutputFilePath() { } @Test - void retrieveTokenFromExecutable_withInvalidOutputFile_throws() - throws IOException, InterruptedException { + void retrieveTokenFromExecutable_withInvalidOutputFile_throws() throws IOException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -530,12 +521,10 @@ public String getOutputFilePath() { PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call retrieveTokenFromExecutable(). - try { - handler.retrieveTokenFromExecutable(options); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("INVALID_OUTPUT_FILE", e.getErrorCode()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, () -> handler.retrieveTokenFromExecutable(options)); + assertEquals("INVALID_OUTPUT_FILE", e.getErrorCode()); } @Test @@ -629,18 +618,16 @@ void retrieveTokenFromExecutable_expiredResponse_throws() PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call retrieveTokenFromExecutable(). - try { - handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("INVALID_RESPONSE", e.getErrorCode()); - assertEquals("The executable response is expired.", e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, + () -> handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS)); + assertEquals("INVALID_RESPONSE", e.getErrorCode()); + assertEquals("The executable response is expired.", e.getErrorDescription()); } @Test - void retrieveTokenFromExecutable_invalidVersion_throws() - throws InterruptedException, IOException { + void retrieveTokenFromExecutable_invalidVersion_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -663,22 +650,20 @@ void retrieveTokenFromExecutable_invalidVersion_throws() PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call retrieveTokenFromExecutable(). - try { - handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("UNSUPPORTED_VERSION", e.getErrorCode()); - assertEquals( - "The version of the executable response is not supported. " - + String.format( - "The maximum version currently supported is %s.", - EXECUTABLE_SUPPORTED_MAX_VERSION), - e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, + () -> handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS)); + assertEquals("UNSUPPORTED_VERSION", e.getErrorCode()); + assertEquals( + "The version of the executable response is not supported. " + + String.format( + "The maximum version currently supported is %s.", EXECUTABLE_SUPPORTED_MAX_VERSION), + e.getErrorDescription()); } @Test - void retrieveTokenFromExecutable_allowExecutablesDisabled_throws() throws IOException { + void retrieveTokenFromExecutable_allowExecutablesDisabled_throws() { // In order to use Pluggable Auth, GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES must be set to 1. // If set to 0, a runtime exception should be thrown. TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); @@ -686,16 +671,15 @@ void retrieveTokenFromExecutable_allowExecutablesDisabled_throws() throws IOExce PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider); - try { - handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("PLUGGABLE_AUTH_DISABLED", e.getErrorCode()); - assertEquals( - "Pluggable Auth executables need to be explicitly allowed to run by " - + "setting the GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES environment variable to 1.", - e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, + () -> handler.retrieveTokenFromExecutable(DEFAULT_OPTIONS)); + assertEquals("PLUGGABLE_AUTH_DISABLED", e.getErrorCode()); + assertEquals( + "Pluggable Auth executables need to be explicitly allowed to run by " + + "setting the GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES environment variable to 1.", + e.getErrorDescription()); } @Test @@ -853,7 +837,7 @@ void getExecutableResponse_errorResponse() throws IOException, InterruptedExcept } @Test - void getExecutableResponse_timeoutExceeded_throws() throws InterruptedException, IOException { + void getExecutableResponse_timeoutExceeded_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -867,14 +851,12 @@ void getExecutableResponse_timeoutExceeded_throws() throws InterruptedException, PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call getExecutableResponse(). - try { - handler.getExecutableResponse(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("TIMEOUT_EXCEEDED", e.getErrorCode()); - assertEquals( - "The executable failed to finish within the timeout specified.", e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, () -> handler.getExecutableResponse(DEFAULT_OPTIONS)); + assertEquals("TIMEOUT_EXCEEDED", e.getErrorCode()); + assertEquals( + "The executable failed to finish within the timeout specified.", e.getErrorDescription()); verify(mockProcess, times(1)) .waitFor( @@ -883,7 +865,7 @@ void getExecutableResponse_timeoutExceeded_throws() throws InterruptedException, } @Test - void getExecutableResponse_nonZeroExitCode_throws() throws InterruptedException, IOException { + void getExecutableResponse_nonZeroExitCode_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -899,15 +881,13 @@ void getExecutableResponse_nonZeroExitCode_throws() throws InterruptedException, PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call getExecutableResponse(). - try { - handler.getExecutableResponse(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("EXIT_CODE", e.getErrorCode()); - assertEquals( - String.format("The executable failed with exit code %s.", EXIT_CODE_FAIL), - e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, () -> handler.getExecutableResponse(DEFAULT_OPTIONS)); + assertEquals("EXIT_CODE", e.getErrorCode()); + assertEquals( + String.format("The executable failed with exit code %s.", EXIT_CODE_FAIL), + e.getErrorDescription()); verify(mockProcess, times(1)) .waitFor( @@ -916,7 +896,7 @@ void getExecutableResponse_nonZeroExitCode_throws() throws InterruptedException, } @Test - void getExecutableResponse_processInterrupted_throws() throws InterruptedException, IOException { + void getExecutableResponse_processInterrupted_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -931,15 +911,13 @@ void getExecutableResponse_processInterrupted_throws() throws InterruptedExcepti PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call getExecutableResponse(). - try { - handler.getExecutableResponse(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("INTERRUPTED", e.getErrorCode()); - assertEquals( - String.format("The execution was interrupted: %s.", new InterruptedException()), - e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, () -> handler.getExecutableResponse(DEFAULT_OPTIONS)); + assertEquals("INTERRUPTED", e.getErrorCode()); + assertEquals( + String.format("The execution was interrupted: %s.", new InterruptedException()), + e.getErrorDescription()); verify(mockProcess, times(1)) .waitFor( @@ -948,7 +926,7 @@ void getExecutableResponse_processInterrupted_throws() throws InterruptedExcepti } @Test - void getExecutableResponse_invalidResponse_throws() throws InterruptedException, IOException { + void getExecutableResponse_invalidResponse_throws() throws InterruptedException { TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); environmentProvider.setEnv("GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES", "1"); @@ -969,15 +947,13 @@ void getExecutableResponse_invalidResponse_throws() throws InterruptedException, PluggableAuthHandler handler = new PluggableAuthHandler(environmentProvider, processBuilder); // Call getExecutableResponse(). - try { - handler.getExecutableResponse(DEFAULT_OPTIONS); - fail("Should not be able to continue without exception."); - } catch (PluggableAuthException e) { - assertEquals("INVALID_RESPONSE", e.getErrorCode()); - assertEquals( - String.format("The executable returned an invalid response: %s.", badResponse), - e.getErrorDescription()); - } + PluggableAuthException e = + assertThrows( + PluggableAuthException.class, () -> handler.getExecutableResponse(DEFAULT_OPTIONS)); + assertEquals("INVALID_RESPONSE", e.getErrorCode()); + assertEquals( + String.format("The executable returned an invalid response: %s.", badResponse), + e.getErrorDescription()); verify(mockProcess, times(1)) .waitFor( diff --git a/oauth2_http/javatests/com/google/auth/oauth2/SecureSessionAgentConfigTest.java b/oauth2_http/javatests/com/google/auth/oauth2/SecureSessionAgentConfigTest.java index b9249517c..3dc07f494 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/SecureSessionAgentConfigTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/SecureSessionAgentConfigTest.java @@ -35,7 +35,7 @@ import org.junit.jupiter.api.Test; -/** Test cases for {@linkSecureSessionAgentConfig}. */ +/** Test cases for {@link SecureSessionAgentConfig}. */ class SecureSessionAgentConfigTest { private static final String S2A_PLAINTEXT_ADDRESS = "plaintext"; private static final String S2A_MTLS_ADDRESS = "mtls"; diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 2c516a9b2..ed26a0af3 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -32,6 +32,7 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotEquals; @@ -139,17 +140,14 @@ private static ServiceAccountCredentials.Builder createDefaultBuilderWithScopes( private static ServiceAccountCredentials.Builder createDefaultBuilderWithKey( PrivateKey privateKey) { - ServiceAccountCredentials.Builder builder = - ServiceAccountCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientEmail(CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(PRIVATE_KEY_ID) - .setProjectId(PROJECT_ID) - .setQuotaProjectId(QUOTA_PROJECT) - .setHttpTransportFactory(new MockHttpTransportFactory()); - - return builder; + return ServiceAccountCredentials.newBuilder() + .setClientId(CLIENT_ID) + .setClientEmail(CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(PRIVATE_KEY_ID) + .setProjectId(PROJECT_ID) + .setQuotaProjectId(QUOTA_PROJECT) + .setHttpTransportFactory(new MockHttpTransportFactory()); } static ServiceAccountCredentials.Builder createDefaultBuilder() throws IOException { @@ -172,16 +170,11 @@ void setLifetime() throws IOException { } @Test - void setLifetime_invalid_lifetime() throws IOException, IllegalStateException { - try { - createDefaultBuilder().setLifetime(INVALID_LIFETIME).build(); - fail( - String.format( - "Should throw exception with message containing '%s'", - "lifetime must be less than or equal to 43200")); - } catch (IllegalStateException expected) { - assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 43200")); - } + void setLifetime_invalid_lifetime() throws IllegalStateException, IOException { + ServiceAccountCredentials.Builder builder = + createDefaultBuilder().setLifetime(INVALID_LIFETIME); + IllegalStateException exception = assertThrows(IllegalStateException.class, builder::build); + assertTrue(exception.getMessage().contains("lifetime must be less than or equal to 43200")); } @Test @@ -300,7 +293,6 @@ void createAssertion_custom_lifetime() throws IOException { @Test void createAssertionForIdToken_correct() throws IOException { - PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8); ServiceAccountCredentials credentials = createDefaultBuilder() .setPrivateKeyId(PRIVATE_KEY_ID) @@ -369,14 +361,11 @@ void createdScoped_withAud_noUniverse_jwtWithScopesDisabled_accessToken() throws GoogleCredentials credentials = createDefaultBuilderWithToken(ACCESS_TOKEN).build(); // No aud, no scopes gives an exception. - try { - credentials.getRequestMetadata(null); - fail("Should not be able to get token without scopes"); - } catch (IOException e) { - assertTrue( - e.getMessage().contains("Scopes and uri are not configured for service account"), - "expected to fail with exception"); - } + IOException exception = + assertThrows(IOException.class, () -> credentials.getRequestMetadata(null)); + assertTrue( + exception.getMessage().contains("Scopes and uri are not configured for service account"), + "expected to fail with exception"); GoogleCredentials scopedCredentials = credentials.createScoped(SCOPES); assertEquals(false, credentials.isExplicitUniverseDomain()); @@ -389,15 +378,10 @@ void createdScoped_withAud_noUniverse_jwtWithScopesDisabled_accessToken() throws void createdScoped_withUniverse_selfSignedJwt() throws IOException { ServiceAccountCredentials credentials = createDefaultBuilder().setUniverseDomain("foo.bar").build(); - - try { - credentials.getRequestMetadata(null); - fail("Should not be able to get token without scopes"); - } catch (IOException e) { - assertTrue( - e.getMessage().contains("Scopes and uri are not configured for service account"), - "expected to fail with exception"); - } + IOException exception = + assertThrows(IOException.class, () -> credentials.getRequestMetadata(null)); + assertTrue( + exception.getMessage().contains("Scopes and uri are not configured for service account")); GoogleCredentials scopedCredentials = credentials.createScoped("dummy.scope"); Map> metadata = scopedCredentials.getRequestMetadata(null); @@ -429,14 +413,10 @@ void createdScoped_withUniverse_selfSignedJwt() throws IOException { void noScopes_withUniverse_selfSignedJwt() throws IOException { GoogleCredentials credentials = createDefaultBuilder().setUniverseDomain("foo.bar").build(); - try { - credentials.getRequestMetadata(null); - fail("Should not be able to get token without scopes"); - } catch (IOException e) { - assertTrue( - e.getMessage().contains("Scopes and uri are not configured for service account"), - "expected to fail with exception"); - } + IOException exception = + assertThrows(IOException.class, () -> credentials.getRequestMetadata(null)); + assertTrue( + exception.getMessage().contains("Scopes and uri are not configured for service account")); Map> metadata = credentials.getRequestMetadata(CALL_URI); assertNull(((ServiceAccountCredentials) credentials).getSelfSignedJwtCredentialsWithScope()); @@ -588,8 +568,8 @@ void fromJson_hasQuotaProjectId() throws IOException { assertTrue(metadata.containsKey(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); assertEquals( - metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY), - Collections.singletonList(QUOTA_PROJECT)); + Collections.singletonList(QUOTA_PROJECT), + metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); } @Test @@ -602,15 +582,15 @@ void getRequestMetadata_hasAccessToken() throws IOException { @Test void getRequestMetadata_customTokenServer_hasAccessToken() throws IOException { - final URI TOKEN_SERVER = URI.create("https://foo.com/bar"); + final URI tokenServerUri = URI.create("https://foo.com/bar"); MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addServiceAccount(CLIENT_EMAIL, ACCESS_TOKEN); - transportFactory.transport.setTokenServerUri(TOKEN_SERVER); + transportFactory.transport.setTokenServerUri(tokenServerUri); OAuth2Credentials credentials = createDefaultBuilder() .setScopes(SCOPES) .setHttpTransportFactory(transportFactory) - .setTokenServerUri(TOKEN_SERVER) + .setTokenServerUri(tokenServerUri) .build(); Map> metadata = credentials.getRequestMetadata(CALL_URI); @@ -672,7 +652,6 @@ void refreshAccessToken_IOException_Retry() throws IOException { MockTokenServerTransport transport = transportFactory.transport; ServiceAccountCredentials credentials = createDefaultBuilder().setScopes(SCOPES).setHttpTransportFactory(transportFactory).build(); - ; transport.addServiceAccount(CLIENT_EMAIL, accessToken1); TestUtils.assertContainsBearerToken(credentials.getRequestMetadata(CALL_URI), accessToken1); @@ -743,15 +722,11 @@ void refreshAccessToken_defaultRetriesDisabled() throws IOException { MockLowLevelHttpResponse response429 = new MockLowLevelHttpResponse().setStatusCode(429); transport.addServiceAccount(CLIENT_EMAIL, accessToken2); - try { - transport.addResponseSequence(response408, response429); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertTrue(ex.getMessage().contains("Error getting access token for service account: 408")); - assertTrue(ex.isRetryable()); - assertEquals(0, ex.getRetryCount()); - } + transport.addResponseSequence(response408, response429); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + assertTrue(ex.getMessage().contains("Error getting access token for service account: 408")); + assertTrue(ex.isRetryable()); + assertEquals(0, ex.getRetryCount()); } @Test @@ -770,21 +745,17 @@ void refreshAccessToken_maxRetries_maxDelay() throws IOException { MockLowLevelHttpResponse response503 = new MockLowLevelHttpResponse().setStatusCode(503); Instant start = Instant.now(); - try { - transport.addResponseSequence(response408, response429, response500, response503); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - Instant finish = Instant.now(); - long timeElapsed = Duration.between(start, finish).toMillis(); - - // we expect max retry time of 7 sec +/- jitter - assertTrue(timeElapsed > 5500 && timeElapsed < 10000); - assertTrue(ex.getMessage().contains("Error getting access token for service account: 503")); - assertTrue(ex.isRetryable()); - assertEquals(3, ex.getRetryCount()); - assertTrue(ex.getCause() instanceof HttpResponseException); - } + transport.addResponseSequence(response408, response429, response500, response503); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + Instant finish = Instant.now(); + long timeElapsed = Duration.between(start, finish).toMillis(); + + // we expect max retry time of 7 sec +/- jitter + assertTrue(timeElapsed > 5500 && timeElapsed < 10000); + assertTrue(ex.getMessage().contains("Error getting access token for service account: 503")); + assertTrue(ex.isRetryable()); + assertEquals(3, ex.getRetryCount()); + assertTrue(ex.getCause() instanceof HttpResponseException); } @Test @@ -801,24 +772,19 @@ void refreshAccessToken_RequestFailure_retried() throws IOException { MockLowLevelHttpResponse response503 = new MockLowLevelHttpResponse().setStatusCode(503); Instant start = Instant.now(); - try { - transport.addResponseSequence(response503); - transport.addResponseErrorSequence(error, error, error); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - Instant finish = Instant.now(); - long timeElapsed = Duration.between(start, finish).toMillis(); - - // we expect max retry time of 7 sec +/- jitter - assertTrue(timeElapsed > 5500 && timeElapsed < 10000); - assertTrue( - ex.getMessage() - .contains("Error getting access token for service account: Invalid grant")); - assertTrue(ex.isRetryable()); - assertEquals(3, ex.getRetryCount()); - assertTrue(ex.getCause() instanceof IOException); - } + transport.addResponseSequence(response503); + transport.addResponseErrorSequence(error, error, error); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + Instant finish = Instant.now(); + long timeElapsed = Duration.between(start, finish).toMillis(); + + // we expect max retry time of 7 sec +/- jitter + assertTrue(timeElapsed > 5500 && timeElapsed < 10000); + assertTrue( + ex.getMessage().contains("Error getting access token for service account: Invalid grant")); + assertTrue(ex.isRetryable()); + assertEquals(3, ex.getRetryCount()); + assertTrue(ex.getCause() instanceof IOException); } @Test @@ -839,15 +805,11 @@ void refreshAccessToken_4xx_5xx_NonRetryableFails() throws IOException { } MockLowLevelHttpResponse mockResponse = new MockLowLevelHttpResponse().setStatusCode(status); - try { - transport.addResponseSequence(mockResponse); - transport.addServiceAccount(CLIENT_EMAIL, accessToken2); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertFalse(ex.isRetryable()); - assertEquals(0, ex.getRetryCount()); - } + transport.addResponseSequence(mockResponse); + transport.addServiceAccount(CLIENT_EMAIL, accessToken2); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + assertFalse(ex.isRetryable()); + assertEquals(0, ex.getRetryCount()); } } @@ -1071,8 +1033,8 @@ void equals_true() throws IOException { SCOPES, transportFactory, tokenServer); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test @@ -1097,8 +1059,8 @@ void equals_false_clientId() throws IOException { SCOPES, serverTransportFactory, tokenServer1); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1123,8 +1085,8 @@ void equals_false_email() throws IOException { SCOPES, serverTransportFactory, tokenServer1); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1152,8 +1114,8 @@ void equals_false_super() throws IOException { .toBuilder() .setUniverseDomain("universe.com") .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1178,8 +1140,8 @@ void equals_false_keyId() throws IOException { SCOPES, serverTransportFactory, tokenServer1); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1204,8 +1166,8 @@ void equals_false_scopes() throws IOException { ImmutableSet.of(), serverTransportFactory, tokenServer1); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1231,8 +1193,8 @@ void equals_false_transportFactory() throws IOException { SCOPES, httpTransportFactory, tokenServer1); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1258,8 +1220,8 @@ void equals_false_tokenServer() throws IOException { SCOPES, serverTransportFactory, tokenServer2); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -1373,38 +1335,30 @@ void serialize() throws IOException, ClassNotFoundException { ByteArrayOutputStream bytes = new ByteArrayOutputStream(); try (ObjectOutputStream output = new ObjectOutputStream(bytes)) { output.writeObject(credentials); - String s = output.toString(); } ServiceAccountCredentials deserializedCredentials = serializeAndDeserialize(credentials); assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); assertEquals( MockTokenServerTransportFactory.class, deserializedCredentials.toBuilder().getHttpTransportFactory().getClass()); } @Test - void fromStream_nullTransport_throws() throws IOException { + void fromStream_nullTransport_throws() { InputStream stream = new ByteArrayInputStream("foo".getBytes()); - try { - ServiceAccountCredentials.fromStream(stream, null); - fail("Should throw if HttpTransportFactory is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows( + NullPointerException.class, () -> ServiceAccountCredentials.fromStream(stream, null)); } @Test - void fromStream_nullStream_throws() throws IOException { + void fromStream_nullStream_throws() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); - try { - ServiceAccountCredentials.fromStream(null, transportFactory); - fail("Should throw if InputStream is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows( + NullPointerException.class, + () -> ServiceAccountCredentials.fromStream(null, transportFactory)); } @Test @@ -1428,7 +1382,13 @@ void fromStream_noClientId_throws() throws IOException { InputStream serviceAccountStream = writeServiceAccountStream(null, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID); - testFromStreamException(serviceAccountStream, "client_id"); + IOException exception = + assertThrows( + IOException.class, + () -> + ServiceAccountCredentials.fromStream( + serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_id")); } @Test @@ -1436,7 +1396,13 @@ void fromStream_noClientEmail_throws() throws IOException { InputStream serviceAccountStream = writeServiceAccountStream(CLIENT_ID, null, PRIVATE_KEY_PKCS8, PRIVATE_KEY_ID); - testFromStreamException(serviceAccountStream, "client_email"); + IOException exception = + assertThrows( + IOException.class, + () -> + ServiceAccountCredentials.fromStream( + serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("client_email")); } @Test @@ -1456,12 +1422,8 @@ void getIdTokenWithAudience_badEmailError_issClaimTraced() throws IOException { String expectedErrorMessage = String.format("iss: %s", CLIENT_EMAIL); - try { - tokenCredential.refresh(); - fail("Should not be able to use credential without exception."); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedErrorMessage)); - } + IOException exception = assertThrows(IOException.class, tokenCredential::refresh); + assertTrue(exception.getMessage().contains(expectedErrorMessage)); } @Test @@ -1469,7 +1431,13 @@ void fromStream_noPrivateKey_throws() throws IOException { InputStream serviceAccountStream = writeServiceAccountStream(CLIENT_ID, CLIENT_EMAIL, null, PRIVATE_KEY_ID); - testFromStreamException(serviceAccountStream, "private_key"); + IOException exception = + assertThrows( + IOException.class, + () -> + ServiceAccountCredentials.fromStream( + serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key")); } @Test @@ -1477,7 +1445,13 @@ void fromStream_noPrivateKeyId_throws() throws IOException { InputStream serviceAccountStream = writeServiceAccountStream(CLIENT_ID, CLIENT_EMAIL, PRIVATE_KEY_PKCS8, null); - testFromStreamException(serviceAccountStream, "private_key_id"); + IOException exception = + assertThrows( + IOException.class, + () -> + ServiceAccountCredentials.fromStream( + serviceAccountStream, DUMMY_TRANSPORT_FACTORY)); + assertTrue(exception.getMessage().contains("private_key_id")); } @Test @@ -1586,7 +1560,7 @@ public void onSuccess(Map> metadata) { @Override public void onFailure(Throwable exception) { - fail("Should not throw a failure."); + // Test framework should fail if this is called and success.set(true) is not reached. } }); @@ -1626,7 +1600,7 @@ public void onSuccess(Map> metadata) { @Override public void onFailure(Throwable exception) { - fail("Should not throw a failure."); + // Test framework should fail if this is called and success.set(true) is not reached. } }); @@ -1683,12 +1657,7 @@ void refreshAccessToken_withDomainDelegation_selfSignedJWT_disabled() throws IOE Map> metadata = credentials.getRequestMetadata(CALL_URI); TestUtils.assertContainsBearerToken(metadata, accessToken1); - try { - verifyJwtAccess(metadata, "dummy.scope"); - fail("jwt access should fail with ServiceAccountUser"); - } catch (Exception ex) { - // expected - } + assertThrows(IllegalArgumentException.class, () -> verifyJwtAccess(metadata, "dummy.scope")); transport.addServiceAccount(CLIENT_EMAIL, accessToken2); credentials.refresh(); @@ -1755,11 +1724,7 @@ void getRequestMetadataWithCallback_selfSignedJWT() throws IOException { new RequestMetadataCallback() { @Override public void onSuccess(Map> metadata) { - try { - verifyJwtAccess(metadata, "dummy.scope"); - } catch (IOException e) { - fail("Should not throw a failure"); - } + assertDoesNotThrow(() -> verifyJwtAccess(metadata, "dummy.scope")); success.set(true); } @@ -1888,15 +1853,4 @@ static InputStream writeServiceAccountStream( clientId, clientEmail, privateKeyPkcs8, privateKeyId, null, null, universeDomain); return TestUtils.jsonToInputStream(json); } - - private static void testFromStreamException(InputStream stream, String expectedMessageContent) { - try { - ServiceAccountCredentials.fromStream(stream, DUMMY_TRANSPORT_FACTORY); - fail( - String.format( - "Should throw exception with message containing '%s'", expectedMessageContent)); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessageContent)); - } - } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java index 8d6966631..d961f7b1b 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java @@ -33,12 +33,14 @@ import static com.google.auth.Credentials.GOOGLE_DEFAULT_UNIVERSE; import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; @@ -117,50 +119,44 @@ void constructor_allParameters_constructs() throws IOException { @Test void constructor_noClientId_constructs() throws IOException { PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); - ServiceAccountJwtAccessCredentials.newBuilder() - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); + ServiceAccountJwtAccessCredentials.Builder builder = + ServiceAccountJwtAccessCredentials.newBuilder() + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID); + assertDoesNotThrow(builder::build); } @Test void constructor_noPrivateKeyId_constructs() throws IOException { PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); - ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKey(privateKey) - .build(); + ServiceAccountJwtAccessCredentials.Builder builder = + ServiceAccountJwtAccessCredentials.newBuilder() + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKey(privateKey); + assertDoesNotThrow(builder::build); } @Test void constructor_noEmail_throws() throws IOException { PrivateKey privateKey = OAuth2Utils.privateKeyFromPkcs8(SA_PRIVATE_KEY_PKCS8); - try { - ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setPrivateKey(privateKey) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); - fail("exception expected"); - } catch (NullPointerException e) { - // Expected - } + ServiceAccountJwtAccessCredentials.Builder builder = + ServiceAccountJwtAccessCredentials.newBuilder() + .setClientId(SA_CLIENT_ID) + .setPrivateKey(privateKey) + .setPrivateKeyId(SA_PRIVATE_KEY_ID); + assertThrows(NullPointerException.class, builder::build); } @Test void constructor_noPrivateKey_throws() { - try { - ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId(SA_CLIENT_ID) - .setClientEmail(SA_CLIENT_EMAIL) - .setPrivateKeyId(SA_PRIVATE_KEY_ID) - .build(); - fail("exception expected"); - } catch (NullPointerException e) { - // Expected - } + ServiceAccountJwtAccessCredentials.Builder builder = + ServiceAccountJwtAccessCredentials.newBuilder() + .setClientId(SA_CLIENT_ID) + .setClientEmail(SA_CLIENT_EMAIL) + .setPrivateKeyId(SA_PRIVATE_KEY_ID); + assertThrows(NullPointerException.class, builder::build); } @Test @@ -168,7 +164,7 @@ void getAuthenticationType_returnsJwtAccess() throws IOException { Credentials credentials = ServiceAccountJwtAccessCredentials.fromPkcs8( SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID); - assertEquals(credentials.getAuthenticationType(), "JWTAccess"); + assertEquals("JWTAccess", credentials.getAuthenticationType()); } @Test @@ -200,7 +196,7 @@ void getRequestMetadata_blocking_hasJwtAccess() throws IOException { Map> metadata = credentials.getRequestMetadata(CALL_URI); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, CALL_URI); } @Test @@ -217,7 +213,7 @@ void getRequestMetadata_blocking_defaultURI_hasJwtAccess() throws IOException { Map> metadata = credentials.getRequestMetadata(); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, CALL_URI); } @Test @@ -231,12 +227,7 @@ void getRequestMetadata_blocking_noURI_throws() throws IOException { .setPrivateKeyId(SA_PRIVATE_KEY_ID) .build(); - try { - credentials.getRequestMetadata(); - fail("exception expected"); - } catch (IOException e) { - // Expected - } + assertThrows(IOException.class, credentials::getRequestMetadata); } @Test @@ -305,7 +296,7 @@ void getRequestMetadata_async_hasJwtAccess() throws IOException { credentials.getRequestMetadata(CALL_URI, executor, callback); assertEquals(0, executor.numTasks()); assertNotNull(callback.metadata); - verifyJwtAccess(callback.metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(callback.metadata, CALL_URI); } @Test @@ -325,7 +316,7 @@ void getRequestMetadata_async_defaultURI_hasJwtAccess() throws IOException { credentials.getRequestMetadata(null, executor, callback); assertEquals(0, executor.numTasks()); assertNotNull(callback.metadata); - verifyJwtAccess(callback.metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(callback.metadata, CALL_URI); } @Test @@ -418,8 +409,8 @@ void getRequestMetadata_contains_quotaProjectId() throws IOException { Map> metadata = credentials.getRequestMetadata(CALL_URI); assertTrue(metadata.containsKey(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); assertEquals( - metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY), - Collections.singletonList(QUOTA_PROJECT)); + Collections.singletonList(QUOTA_PROJECT), + metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); } @Test @@ -473,8 +464,8 @@ void equals_true() throws IOException { .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setDefaultAudience(CALL_URI) .build(); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test @@ -496,8 +487,8 @@ void equals_false_clientId() throws IOException { .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setDefaultAudience(CALL_URI) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -519,8 +510,8 @@ void equals_false_email() throws IOException { .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setDefaultAudience(CALL_URI) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -542,8 +533,8 @@ void equals_false_keyId() throws IOException { .setPrivateKeyId("otherKeyId") .setDefaultAudience(CALL_URI) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -566,8 +557,8 @@ void equals_false_callUri() throws IOException { .setPrivateKeyId(SA_PRIVATE_KEY_ID) .setDefaultAudience(otherCallUri) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test @@ -625,23 +616,19 @@ void serialize() throws IOException, ClassNotFoundException { .build(); ServiceAccountJwtAccessCredentials deserializedCredentials = serializeAndDeserialize(credentials); - verifyJwtAccess( - deserializedCredentials.getRequestMetadata(), SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(deserializedCredentials.getRequestMetadata(), CALL_URI); assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test - void fromStream_nullStream_throws() throws IOException { + void fromStream_nullStream_throws() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); - try { - ServiceAccountCredentials.fromStream(null, transportFactory); - fail("Should throw if InputStream is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows( + NullPointerException.class, + () -> ServiceAccountCredentials.fromStream(null, transportFactory)); } @Test @@ -654,7 +641,7 @@ void fromStream_hasJwtAccess() throws IOException { assertNotNull(credentials); Map> metadata = credentials.getRequestMetadata(CALL_URI); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, CALL_URI); } @Test @@ -668,7 +655,7 @@ void fromStream_defaultURI_hasJwtAccess() throws IOException { assertNotNull(credentials); Map> metadata = credentials.getRequestMetadata(null); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, CALL_URI, SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, CALL_URI); } @Test @@ -722,7 +709,7 @@ void jwtWithClaims_overrideAudience() throws IOException { Map> metadata = withAudience.getRequestMetadata(CALL_URI); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, URI.create("new-audience"), SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, URI.create("new-audience")); } @Test @@ -735,12 +722,8 @@ void jwtWithClaims_noAudience() throws IOException { .setPrivateKey(privateKey) .setPrivateKeyId(SA_PRIVATE_KEY_ID) .build(); - try { - credentials.jwtWithClaims(JwtClaims.newBuilder().build()); - fail("Expected to throw exception for missing audience"); - } catch (IllegalStateException ex) { - // expected exception - } + JwtClaims claims = JwtClaims.newBuilder().build(); + assertThrows(IllegalStateException.class, () -> credentials.jwtWithClaims(claims)); } @Test @@ -757,7 +740,7 @@ void jwtWithClaims_defaultAudience() throws IOException { Credentials withAudience = credentials.jwtWithClaims(JwtClaims.newBuilder().build()); Map> metadata = withAudience.getRequestMetadata(CALL_URI); - verifyJwtAccess(metadata, SA_CLIENT_EMAIL, URI.create("default-audience"), SA_PRIVATE_KEY_ID); + verifyJwtAccess(metadata, URI.create("default-audience")); } @Test @@ -832,15 +815,7 @@ public void onFailure(Throwable exception) { @Test void fromJSON_noUniverseDomain() throws IOException { - GenericJson json = - writeServiceAccountJson( - SA_CLIENT_ID, - SA_CLIENT_EMAIL, - SA_PRIVATE_KEY_PKCS8, - "test-project-id", - SA_PRIVATE_KEY_ID, - QUOTA_PROJECT, - null); + GenericJson json = writeServiceAccountJson(null); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.fromJson(json, URI.create("default-aud")); assertEquals(SA_CLIENT_ID, credentials.getClientId()); @@ -853,15 +828,7 @@ void fromJSON_noUniverseDomain() throws IOException { @Test void fromJSON_UniverseDomainSet() throws IOException { - GenericJson json = - writeServiceAccountJson( - SA_CLIENT_ID, - SA_CLIENT_EMAIL, - SA_PRIVATE_KEY_PKCS8, - "test-project-id", - SA_PRIVATE_KEY_ID, - QUOTA_PROJECT, - "example.com"); + GenericJson json = writeServiceAccountJson("example.com"); ServiceAccountJwtAccessCredentials credentials = ServiceAccountJwtAccessCredentials.fromJson(json, URI.create("default-aud")); assertEquals(SA_CLIENT_ID, credentials.getClientId()); @@ -933,11 +900,7 @@ void builder_customUniverseDomain() throws IOException { assertEquals("example.com", credentials.getUniverseDomain()); } - private void verifyJwtAccess( - Map> metadata, - String expectedEmail, - URI expectedAudience, - String expectedKeyId) + private void verifyJwtAccess(Map> metadata, URI expectedAudience) throws IOException { assertNotNull(metadata); List authorizations = metadata.get(AuthHttpConstants.AUTHORIZATION); @@ -951,50 +914,32 @@ private void verifyJwtAccess( } assertNotNull(assertion, "Bearer assertion not found"); JsonWebSignature signature = JsonWebSignature.parse(JSON_FACTORY, assertion); - assertEquals(expectedEmail, signature.getPayload().getIssuer()); - assertEquals(expectedEmail, signature.getPayload().getSubject()); + assertEquals( + ServiceAccountJwtAccessCredentialsTest.SA_CLIENT_EMAIL, signature.getPayload().getIssuer()); + assertEquals( + ServiceAccountJwtAccessCredentialsTest.SA_CLIENT_EMAIL, + signature.getPayload().getSubject()); assertEquals(expectedAudience.toString(), signature.getPayload().getAudience()); - assertEquals(expectedKeyId, signature.getHeader().getKeyId()); + assertEquals( + ServiceAccountJwtAccessCredentialsTest.SA_PRIVATE_KEY_ID, signature.getHeader().getKeyId()); } private static void testFromStreamException(InputStream stream, String expectedMessageContent) { - try { - ServiceAccountJwtAccessCredentials.fromStream(stream, CALL_URI); - fail( - String.format( - "Should throw exception with message containing '%s'", expectedMessageContent)); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessageContent)); - } + IOException expected = + assertThrows( + IOException.class, + () -> ServiceAccountJwtAccessCredentials.fromStream(stream, CALL_URI)); + assertTrue(expected.getMessage().contains(expectedMessageContent)); } - private GenericJson writeServiceAccountJson( - String clientId, - String clientEmail, - String privateKeyPkcs8, - String privateKeyId, - String projectId, - String quotaProjectId, - String universeDomain) { + private GenericJson writeServiceAccountJson(String universeDomain) { GenericJson json = new GenericJson(); - if (clientId != null) { - json.put("client_id", clientId); - } - if (clientEmail != null) { - json.put("client_email", clientEmail); - } - if (privateKeyPkcs8 != null) { - json.put("private_key", privateKeyPkcs8); - } - if (privateKeyId != null) { - json.put("private_key_id", privateKeyId); - } - if (projectId != null) { - json.put("project_id", projectId); - } - if (quotaProjectId != null) { - json.put("quota_project_id", quotaProjectId); - } + json.put("client_id", ServiceAccountJwtAccessCredentialsTest.SA_CLIENT_ID); + json.put("client_email", ServiceAccountJwtAccessCredentialsTest.SA_CLIENT_EMAIL); + json.put("private_key", ServiceAccountJwtAccessCredentialsTest.SA_PRIVATE_KEY_PKCS8); + json.put("private_key_id", "test-project-id"); + json.put("project_id", ServiceAccountJwtAccessCredentialsTest.SA_PRIVATE_KEY_ID); + json.put("quota_project_id", ServiceAccountJwtAccessCredentialsTest.QUOTA_PROJECT); if (universeDomain != null) { json.put("universe_domain", universeDomain); } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/StsRequestHandlerTest.java b/oauth2_http/javatests/com/google/auth/oauth2/StsRequestHandlerTest.java index 6607403a4..a0e2090d2 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/StsRequestHandlerTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/StsRequestHandlerTest.java @@ -176,7 +176,7 @@ void exchangeToken_throwsException() throws IOException { TestUtils.buildHttpResponseException( "invalidRequest", /* errorDescription= */ null, /* errorUri= */ null)); - OAuthException e = assertThrows(OAuthException.class, () -> requestHandler.exchangeToken()); + OAuthException e = assertThrows(OAuthException.class, requestHandler::exchangeToken); assertEquals("invalidRequest", e.getErrorCode()); assertNull(e.getErrorDescription()); @@ -196,7 +196,7 @@ void exchangeToken_withOptionalParams_throwsException() throws IOException { transport.addResponseErrorSequence( TestUtils.buildHttpResponseException("invalidRequest", "errorDescription", "errorUri")); - OAuthException e = assertThrows(OAuthException.class, () -> requestHandler.exchangeToken()); + OAuthException e = assertThrows(OAuthException.class, requestHandler::exchangeToken); assertEquals("invalidRequest", e.getErrorCode()); assertEquals("errorDescription", e.getErrorDescription()); @@ -216,8 +216,7 @@ void exchangeToken_ioException() { IOException e = new IOException(); transport.addResponseErrorSequence(e); - IOException thrownException = - assertThrows(IOException.class, () -> requestHandler.exchangeToken()); + IOException thrownException = assertThrows(IOException.class, requestHandler::exchangeToken); assertEquals(e, thrownException); } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java index 6872214f0..81847ffd2 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java @@ -32,8 +32,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.HttpTransport; import com.google.api.client.http.LowLevelHttpRequest; @@ -84,12 +84,9 @@ public long currentTimeMillis() { void verifyExpiredToken() { for (String token : ALL_TOKENS) { TokenVerifier tokenVerifier = TokenVerifier.newBuilder().build(); - try { - tokenVerifier.verify(token); - fail("Should have thrown a VerificationException"); - } catch (TokenVerifier.VerificationException e) { - assertTrue(e.getMessage().contains("expired")); - } + VerificationException e = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(token)); + assertTrue(e.getMessage().contains("expired")); } } @@ -98,12 +95,9 @@ void verifyExpectedAudience() { TokenVerifier tokenVerifier = TokenVerifier.newBuilder().setAudience("expected audience").build(); for (String token : ALL_TOKENS) { - try { - tokenVerifier.verify(token); - fail("Should have thrown a VerificationException"); - } catch (TokenVerifier.VerificationException e) { - assertTrue(e.getMessage().contains("audience does not match")); - } + VerificationException e = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(token)); + assertTrue(e.getMessage().contains("audience does not match")); } } @@ -111,12 +105,9 @@ void verifyExpectedAudience() { void verifyExpectedIssuer() { TokenVerifier tokenVerifier = TokenVerifier.newBuilder().setIssuer("expected issuer").build(); for (String token : ALL_TOKENS) { - try { - tokenVerifier.verify(token); - fail("Should have thrown a VerificationException"); - } catch (TokenVerifier.VerificationException e) { - assertTrue(e.getMessage().contains("issuer does not match")); - } + VerificationException e = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(token)); + assertTrue(e.getMessage().contains("issuer does not match")); } } @@ -151,13 +142,10 @@ public LowLevelHttpResponse execute() throws IOException { .setHttpTransportFactory(httpTransportFactory) .build(); - try { - tokenVerifier.verify(ES256_TOKEN); - fail("Should not be able to continue without exception."); - } catch (TokenVerifier.VerificationException exception) { - assertTrue( - exception.getMessage().contains("Error fetching PublicKey from certificate location")); - } + VerificationException exception = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); + assertTrue( + exception.getMessage().contains("Error fetching PublicKey from certificate location")); } @Test @@ -189,12 +177,9 @@ public LowLevelHttpResponse execute() throws IOException { .setClock(FIXED_CLOCK) .setHttpTransportFactory(httpTransportFactory) .build(); - try { - tokenVerifier.verify(ES256_TOKEN); - fail("Should have failed verification"); - } catch (TokenVerifier.VerificationException e) { - assertTrue(e.getMessage().contains("Error fetching PublicKey")); - } + VerificationException e = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); + assertTrue(e.getMessage().contains("Error fetching PublicKey")); } @Test @@ -230,19 +215,12 @@ void verifyPublicKeyStoreIntermittentError() throws VerificationException, IOExc .setHttpTransportFactory(transportFactory) .build(); - try { - tokenVerifier.verify(ES256_TOKEN); - fail("Should not be able to continue without exception."); - } catch (TokenVerifier.VerificationException exception) { - assertTrue(exception.getMessage().contains("Error fetching PublicKey")); - } + VerificationException exception = + assertThrows(VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); + assertTrue(exception.getMessage().contains("Error fetching PublicKey")); - try { - tokenVerifier.verify(ES256_TOKEN); - fail("Should not be able to continue without exception."); - } catch (TokenVerifier.VerificationException exception) { - assertTrue(exception.getCause().getMessage().contains("No valid public key")); - } + exception = assertThrows(VerificationException.class, () -> tokenVerifier.verify(ES256_TOKEN)); + assertTrue(exception.getCause().getMessage().contains("No valid public key")); assertNotNull(tokenVerifier.verify(ES256_TOKEN)); } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java index 050a9d199..bcde55b00 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java @@ -40,7 +40,6 @@ import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.auth.TestUtils; import com.google.auth.http.HttpTransportFactory; @@ -66,7 +65,7 @@ class UserAuthorizerTest { private static final List GRANTED_SCOPES = Arrays.asList("scope1", "scope2"); private static final String GRANTED_SCOPES_STRING = String.join(" ", GRANTED_SCOPES); private static final String DUMMY_SCOPE = "dummy_scope"; - private static final List DUMMY_SCOPES = Arrays.asList(DUMMY_SCOPE); + private static final List DUMMY_SCOPES = Collections.singletonList(DUMMY_SCOPE); private static final Long EXPIRATION_TIME = 504000300L; private static final AccessToken ACCESS_TOKEN = AccessToken.newBuilder() @@ -147,20 +146,15 @@ void constructorWithClientAuthenticationTypeNone() { @Test void constructorCommon_nullClientId_throws() { - assertThrows( - NullPointerException.class, - () -> - UserAuthorizer.newBuilder() - .setScopes(DUMMY_SCOPES) - .setCallbackUri(CALLBACK_URI) - .build()); + UserAuthorizer.Builder builder = + UserAuthorizer.newBuilder().setScopes(DUMMY_SCOPES).setCallbackUri(CALLBACK_URI); + assertThrows(NullPointerException.class, builder::build); } @Test void constructorCommon_nullScopes_throws() { - assertThrows( - NullPointerException.class, - () -> UserAuthorizer.newBuilder().setClientId(CLIENT_ID).build()); + UserAuthorizer.Builder builder = UserAuthorizer.newBuilder().setClientId(CLIENT_ID); + assertThrows(NullPointerException.class, builder::build); } @Test @@ -181,30 +175,30 @@ void getCallbackUri_relativeToBase() { @Test void getAuthorizationUrl() throws IOException { - final String CUSTOM_STATE = "custom_state"; - final String PROTOCOL = "https"; - final String HOST = "accounts.test.com"; - final String PATH = "/o/o/oauth2/auth"; - final URI AUTH_URI = URI.create(PROTOCOL + "://" + HOST + PATH); + final String customState = "custom_state"; + final String protocol = "https"; + final String host = "accounts.test.com"; + final String path = "/o/o/oauth2/auth"; + final URI authUri = URI.create(protocol + "://" + host + path); final String EXPECTED_CALLBACK = "http://example.com" + CALLBACK_URI.toString(); UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) .setScopes(DUMMY_SCOPES) .setCallbackUri(CALLBACK_URI) - .setUserAuthUri(AUTH_URI) + .setUserAuthUri(authUri) .setPKCEProvider(pkce) .build(); - URL authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI); + URL authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, customState, BASE_URI); - assertEquals(PROTOCOL, authorizationUrl.getProtocol()); + assertEquals(protocol, authorizationUrl.getProtocol()); assertEquals(-1, authorizationUrl.getPort()); - assertEquals(PATH, authorizationUrl.getPath()); - assertEquals(HOST, authorizationUrl.getHost()); + assertEquals(path, authorizationUrl.getPath()); + assertEquals(host, authorizationUrl.getHost()); String query = authorizationUrl.getQuery(); Map parameters = TestUtils.parseQuery(query); - assertEquals(CUSTOM_STATE, parameters.get("state")); + assertEquals(customState, parameters.get("state")); assertEquals(USER_ID, parameters.get("login_hint")); assertEquals(EXPECTED_CALLBACK, parameters.get("redirect_uri")); assertEquals(CLIENT_ID_VALUE, parameters.get("client_id")); @@ -217,18 +211,17 @@ void getAuthorizationUrl() throws IOException { @Test void getAuthorizationUrl_additionalParameters() throws IOException { - final String CUSTOM_STATE = "custom_state"; - final String PROTOCOL = "https"; - final String HOST = "accounts.test.com"; - final String PATH = "/o/o/oauth2/auth"; - final URI AUTH_URI = URI.create(PROTOCOL + "://" + HOST + PATH); - final String EXPECTED_CALLBACK = "http://example.com" + CALLBACK_URI.toString(); + final String customState = "custom_state"; + final String protocol = "https"; + final String host = "accounts.test.com"; + final String path = "/o/o/oauth2/auth"; + final URI authUri = URI.create(protocol + "://" + host + path); UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) .setScopes(DUMMY_SCOPES) .setCallbackUri(CALLBACK_URI) - .setUserAuthUri(AUTH_URI) + .setUserAuthUri(authUri) .build(); Map additionalParameters = new HashMap(); additionalParameters.put("param1", "value1"); @@ -236,7 +229,7 @@ void getAuthorizationUrl_additionalParameters() throws IOException { // Verify that the authorization URL doesn't include the additional parameters if they are not // passed in. - URL authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI); + URL authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, customState, BASE_URI); String query = authorizationUrl.getQuery(); Map parameters = TestUtils.parseQuery(query); assertFalse(parameters.containsKey("param1")); @@ -244,7 +237,7 @@ void getAuthorizationUrl_additionalParameters() throws IOException { // Verify that the authorization URL includes the additional parameters if they are passed in. authorizationUrl = - authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI, additionalParameters); + authorizer.getAuthorizationUrl(USER_ID, customState, BASE_URI, additionalParameters); query = authorizationUrl.getQuery(); parameters = TestUtils.parseQuery(query); assertEquals("value1", parameters.get("param1")); @@ -252,7 +245,7 @@ void getAuthorizationUrl_additionalParameters() throws IOException { // Verify that the authorization URL doesn't include the additional parameters passed in the // previous call to the authorizer - authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI); + authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, customState, BASE_URI); query = authorizationUrl.getQuery(); parameters = TestUtils.parseQuery(query); assertFalse(parameters.containsKey("param1")); @@ -392,7 +385,7 @@ void testGetTokenResponseFromAuthCodeExchange_missingAuthCode_throws() { } @Test - void testGetTokenResponseFromAuthCodeExchange_missingAccessToken_throws() throws IOException { + void testGetTokenResponseFromAuthCodeExchange_missingAccessToken_throws() { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addClient(CLIENT_ID_VALUE, CLIENT_SECRET); // Missing access token. @@ -452,7 +445,7 @@ void getCredentials_storedCredentials_returnsStored() throws IOException { } @Test - void getCredentials_nullUserId_throws() throws IOException { + void getCredentials_nullUserId_throws() { TokenStore tokenStore = new MemoryTokensStorage(); UserAuthorizer authorizer = UserAuthorizer.newBuilder() @@ -643,7 +636,7 @@ void getCredentialsFromCode_additionalParameters() throws IOException { } @Test - void getCredentialsFromCode_nullCode_throws() throws IOException { + void getCredentialsFromCode_nullCode_throws() { UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) @@ -695,7 +688,7 @@ void getAndStoreCredentialsFromCode_getAndStoresCredentials() throws IOException } @Test - void getAndStoreCredentialsFromCode_nullCode_throws() throws IOException { + void getAndStoreCredentialsFromCode_nullCode_throws() { UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) @@ -709,7 +702,7 @@ void getAndStoreCredentialsFromCode_nullCode_throws() throws IOException { } @Test - void getAndStoreCredentialsFromCode_nullUserId_throws() throws IOException { + void getAndStoreCredentialsFromCode_nullUserId_throws() { UserAuthorizer authorizer = UserAuthorizer.newBuilder() .setClientId(CLIENT_ID) @@ -756,19 +749,14 @@ void revokeAuthorization_revokesAndClears() throws IOException { authorizer.revokeAuthorization(USER_ID); - try { - credentials1.refresh(); - fail("Credentials should not refresh after revoke."); - } catch (IOException expected) { - // Expected - } + assertThrows(IOException.class, credentials1::refresh); UserCredentials credentials2 = authorizer.getCredentials(USER_ID); assertNull(credentials2); } @Test void nullCodeVerifierPKCEProvider() { - PKCEProvider pkce = + PKCEProvider pkceProvider = new PKCEProvider() { @Override public String getCodeVerifier() { @@ -786,20 +774,17 @@ public String getCodeChallenge() { } }; - assertThrows( - IllegalArgumentException.class, - () -> - UserAuthorizer.newBuilder() - .setClientId(CLIENT_ID) - .setScopes(DUMMY_SCOPES) - .setTokenStore(new MemoryTokensStorage()) - .setPKCEProvider(pkce) - .build()); + UserAuthorizer.Builder builder = + UserAuthorizer.newBuilder() + .setClientId(CLIENT_ID) + .setScopes(DUMMY_SCOPES) + .setTokenStore(new MemoryTokensStorage()); + assertThrows(IllegalArgumentException.class, () -> builder.setPKCEProvider(pkceProvider)); } @Test void nullCodeChallengePKCEProvider() { - PKCEProvider pkce = + PKCEProvider pkceProvider = new PKCEProvider() { @Override public String getCodeVerifier() { @@ -817,20 +802,17 @@ public String getCodeChallenge() { } }; - assertThrows( - IllegalArgumentException.class, - () -> - UserAuthorizer.newBuilder() - .setClientId(CLIENT_ID) - .setScopes(DUMMY_SCOPES) - .setTokenStore(new MemoryTokensStorage()) - .setPKCEProvider(pkce) - .build()); + UserAuthorizer.Builder builder = + UserAuthorizer.newBuilder() + .setClientId(CLIENT_ID) + .setScopes(DUMMY_SCOPES) + .setTokenStore(new MemoryTokensStorage()); + assertThrows(IllegalArgumentException.class, () -> builder.setPKCEProvider(pkceProvider)); } @Test void nullCodeChallengeMethodPKCEProvider() { - PKCEProvider pkce = + PKCEProvider pkceProvider = new PKCEProvider() { @Override public String getCodeVerifier() { @@ -848,15 +830,12 @@ public String getCodeChallenge() { } }; - assertThrows( - IllegalArgumentException.class, - () -> - UserAuthorizer.newBuilder() - .setClientId(CLIENT_ID) - .setScopes(DUMMY_SCOPES) - .setTokenStore(new MemoryTokensStorage()) - .setPKCEProvider(pkce) - .build()); + UserAuthorizer.Builder builder = + UserAuthorizer.newBuilder() + .setClientId(CLIENT_ID) + .setScopes(DUMMY_SCOPES) + .setTokenStore(new MemoryTokensStorage()); + assertThrows(IllegalArgumentException.class, () -> builder.setPKCEProvider(pkceProvider)); } @Test diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java index e5a6c658a..aaabf4aee 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java @@ -31,6 +31,7 @@ package com.google.auth.oauth2; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotEquals; @@ -85,13 +86,9 @@ class UserCredentialsTest extends BaseSerializationTest { @Test void constructor_accessAndRefreshTokenNull_throws() { - assertThrows( - IllegalStateException.class, - () -> - UserCredentials.newBuilder() - .setClientId(CLIENT_ID) - .setClientSecret(CLIENT_SECRET) - .build()); + UserCredentials.Builder builder = + UserCredentials.newBuilder().setClientId(CLIENT_ID).setClientSecret(CLIENT_SECRET); + assertThrows(IllegalStateException.class, builder::build); } @Test @@ -180,8 +177,8 @@ void fromJson_hasQuotaProjectId() throws IOException { Map> metadata = credentials.getRequestMetadata(CALL_URI); assertTrue(metadata.containsKey(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); assertEquals( - metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY), - Collections.singletonList(QUOTA_PROJECT)); + Collections.singletonList(QUOTA_PROJECT), + metadata.get(GoogleCredentials.QUOTA_PROJECT_ID_HEADER_KEY)); } @Test @@ -203,7 +200,7 @@ void getRequestMetadata_initialToken_hasAccessToken() throws IOException { } @Test - void getRequestMetadata_initialTokenRefreshed_throws() throws IOException { + void getRequestMetadata_initialTokenRefreshed_throws() { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); @@ -215,12 +212,7 @@ void getRequestMetadata_initialTokenRefreshed_throws() throws IOException { .setHttpTransportFactory(transportFactory) .build(); - try { - userCredentials.refresh(); - fail("Should not be able to refresh without refresh token."); - } catch (IllegalStateException expected) { - // Expected - } + assertThrows(IllegalStateException.class, userCredentials::refresh); } @Test @@ -243,18 +235,18 @@ void getRequestMetadata_fromRefreshToken_hasAccessToken() throws IOException { @Test void getRequestMetadata_customTokenServer_hasAccessToken() throws IOException { - final URI TOKEN_SERVER = URI.create("https://foo.com/bar"); + final URI tokenServerUri = URI.create("https://foo.com/bar"); MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.addClient(CLIENT_ID, CLIENT_SECRET); transportFactory.transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN); - transportFactory.transport.setTokenServerUri(TOKEN_SERVER); + transportFactory.transport.setTokenServerUri(tokenServerUri); UserCredentials userCredentials = UserCredentials.newBuilder() .setClientId(CLIENT_ID) .setClientSecret(CLIENT_SECRET) .setRefreshToken(REFRESH_TOKEN) .setHttpTransportFactory(transportFactory) - .setTokenServerUri(TOKEN_SERVER) + .setTokenServerUri(tokenServerUri) .build(); Map> metadata = userCredentials.getRequestMetadata(CALL_URI); @@ -263,7 +255,7 @@ void getRequestMetadata_customTokenServer_hasAccessToken() throws IOException { } @Test - void equals_true() throws IOException { + void equals_true() { final URI tokenServer = URI.create("https://foo.com/bar"); MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); @@ -287,12 +279,12 @@ void equals_true() throws IOException { .setTokenServerUri(tokenServer) .setQuotaProjectId(QUOTA_PROJECT) .build(); - assertTrue(credentials.equals(otherCredentials)); - assertTrue(otherCredentials.equals(credentials)); + assertEquals(credentials, otherCredentials); + assertEquals(otherCredentials, credentials); } @Test - void equals_false_clientId() throws IOException { + void equals_false_clientId() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory(); @@ -314,12 +306,12 @@ void equals_false_clientId() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setTokenServerUri(tokenServer1) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void equals_false_clientSecret() throws IOException { + void equals_false_clientSecret() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory(); @@ -341,12 +333,12 @@ void equals_false_clientSecret() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setTokenServerUri(tokenServer1) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void equals_false_refreshToken() throws IOException { + void equals_false_refreshToken() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory(); @@ -368,12 +360,12 @@ void equals_false_refreshToken() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setTokenServerUri(tokenServer1) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void equals_false_accessToken() throws IOException { + void equals_false_accessToken() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); AccessToken otherAccessToken = new AccessToken("otherAccessToken", null); @@ -396,13 +388,13 @@ void equals_false_accessToken() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setTokenServerUri(tokenServer1) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); assertNotEquals(credentials.hashCode(), otherAccessToken.hashCode()); } @Test - void equals_false_transportFactory() throws IOException { + void equals_false_transportFactory() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory(); @@ -425,12 +417,12 @@ void equals_false_transportFactory() throws IOException { .setHttpTransportFactory(serverTransportFactory) .setTokenServerUri(tokenServer1) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void equals_false_tokenServer() throws IOException { + void equals_false_tokenServer() { final URI tokenServer1 = URI.create("https://foo1.com/bar"); final URI tokenServer2 = URI.create("https://foo2.com/bar"); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); @@ -453,12 +445,12 @@ void equals_false_tokenServer() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setTokenServerUri(tokenServer2) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void equals_false_quotaProjectId() throws IOException { + void equals_false_quotaProjectId() { final String quotaProject1 = "sample-id-1"; final String quotaProject2 = "sample-id-2"; AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); @@ -481,12 +473,12 @@ void equals_false_quotaProjectId() throws IOException { .setHttpTransportFactory(httpTransportFactory) .setQuotaProjectId(quotaProject2) .build(); - assertFalse(credentials.equals(otherCredentials)); - assertFalse(otherCredentials.equals(credentials)); + assertNotEquals(credentials, otherCredentials); + assertNotEquals(otherCredentials, credentials); } @Test - void toString_containsFields() throws IOException { + void toString_containsFields() { AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); final URI tokenServer = URI.create("https://foo.com/bar"); MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); @@ -518,7 +510,7 @@ void toString_containsFields() throws IOException { } @Test - void hashCode_equals() throws IOException { + void hashCode_equals() { final URI tokenServer = URI.create("https://foo.com/bar"); MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null); @@ -563,29 +555,20 @@ void serialize() throws IOException, ClassNotFoundException { assertEquals(credentials, deserializedCredentials); assertEquals(credentials.hashCode(), deserializedCredentials.hashCode()); assertEquals(credentials.toString(), deserializedCredentials.toString()); - assertSame(deserializedCredentials.clock, Clock.SYSTEM); + assertSame(Clock.SYSTEM, deserializedCredentials.clock); } @Test - void fromStream_nullTransport_throws() throws IOException { + void fromStream_nullTransport_throws() { InputStream stream = new ByteArrayInputStream("foo".getBytes()); - try { - UserCredentials.fromStream(stream, null); - fail("Should throw if HttpTransportFactory is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows(NullPointerException.class, () -> UserCredentials.fromStream(stream, null)); } @Test - void fromStream_nullStream_throws() throws IOException { + void fromStream_nullStream_throws() { MockHttpTransportFactory transportFactory = new MockHttpTransportFactory(); - try { - UserCredentials.fromStream(null, transportFactory); - fail("Should throw if InputStream is null"); - } catch (NullPointerException expected) { - // Expected - } + assertThrows( + NullPointerException.class, () -> UserCredentials.fromStream(null, transportFactory)); } @Test @@ -607,25 +590,31 @@ void fromStream_user_providesToken() throws IOException { void fromStream_userNoClientId_throws() throws IOException { InputStream userStream = writeUserStream(null, CLIENT_SECRET, REFRESH_TOKEN, QUOTA_PROJECT); - testFromStreamException(userStream, "client_id"); + IOException exception = + assertThrows(IOException.class, () -> UserCredentials.fromStream(userStream)); + assertTrue(exception.getMessage().contains("client_id")); } @Test void fromStream_userNoClientSecret_throws() throws IOException { InputStream userStream = writeUserStream(CLIENT_ID, null, REFRESH_TOKEN, QUOTA_PROJECT); - testFromStreamException(userStream, "client_secret"); + IOException exception = + assertThrows(IOException.class, () -> UserCredentials.fromStream(userStream)); + assertTrue(exception.getMessage().contains("client_secret")); } @Test void fromStream_userNoRefreshToken_throws() throws IOException { InputStream userStream = writeUserStream(CLIENT_ID, CLIENT_SECRET, null, QUOTA_PROJECT); - testFromStreamException(userStream, "refresh_token"); + IOException exception = + assertThrows(IOException.class, () -> UserCredentials.fromStream(userStream)); + assertTrue(exception.getMessage().contains("refresh_token")); } @Test - void saveUserCredentials_saved_throws() throws IOException { + void saveUserCredentials_saved_doesNotThrow() throws IOException { UserCredentials userCredentials = UserCredentials.newBuilder() .setClientId(CLIENT_ID) @@ -636,11 +625,11 @@ void saveUserCredentials_saved_throws() throws IOException { file.deleteOnExit(); String filePath = file.getAbsolutePath(); - userCredentials.save(filePath); + assertDoesNotThrow(() -> userCredentials.save(filePath)); } @Test - void saveAndRestoreUserCredential_saveAndRestored_throws() throws IOException { + void saveAndRestoreUserCredential_saveAndRestored_doesNotThrow() throws IOException { UserCredentials userCredentials = UserCredentials.newBuilder() .setClientId(CLIENT_ID) @@ -653,15 +642,14 @@ void saveAndRestoreUserCredential_saveAndRestored_throws() throws IOException { String filePath = file.getAbsolutePath(); - userCredentials.save(filePath); - - FileInputStream inputStream = new FileInputStream(new File(filePath)); - - UserCredentials restoredCredentials = UserCredentials.fromStream(inputStream); + assertDoesNotThrow(() -> userCredentials.save(filePath)); - assertEquals(userCredentials.getClientId(), restoredCredentials.getClientId()); - assertEquals(userCredentials.getClientSecret(), restoredCredentials.getClientSecret()); - assertEquals(userCredentials.getRefreshToken(), restoredCredentials.getRefreshToken()); + try (FileInputStream inputStream = new FileInputStream(filePath)) { + UserCredentials restoredCredentials = UserCredentials.fromStream(inputStream); + assertEquals(userCredentials.getClientId(), restoredCredentials.getClientId()); + assertEquals(userCredentials.getClientSecret(), restoredCredentials.getClientSecret()); + assertEquals(userCredentials.getRefreshToken(), restoredCredentials.getRefreshToken()); + } } @Test @@ -791,15 +779,11 @@ void IdTokenCredentials_NoRetry_RetryableStatus_throws() throws IOException { UserCredentials credentials = UserCredentials.fromStream(userStream, transportFactory); - try { - transportFactory.transport.addResponseSequence(response408, response429); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertTrue(ex.getMessage().contains("com.google.api.client.http.HttpResponseException: 408")); - assertTrue(ex.isRetryable()); - assertEquals(0, ex.getRetryCount()); - } + transportFactory.transport.addResponseSequence(response408, response429); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + assertTrue(ex.getMessage().contains("com.google.api.client.http.HttpResponseException: 408")); + assertTrue(ex.isRetryable()); + assertEquals(0, ex.getRetryCount()); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder().setIdTokenProvider(credentials).build(); @@ -808,14 +792,11 @@ void IdTokenCredentials_NoRetry_RetryableStatus_throws() throws IOException { assertNull(tokenCredential.getIdToken()); // trigger the refresh like it would happen during a request build - try { - tokenCredential.getRequestMetadata(CALL_URI); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertTrue(ex.getMessage().contains("com.google.api.client.http.HttpResponseException: 429")); - assertTrue(ex.isRetryable()); - assertEquals(0, ex.getRetryCount()); - } + GoogleAuthException ex2 = + assertThrows(GoogleAuthException.class, () -> tokenCredential.getRequestMetadata(CALL_URI)); + assertTrue(ex2.getMessage().contains("com.google.api.client.http.HttpResponseException: 429")); + assertTrue(ex2.isRetryable()); + assertEquals(0, ex2.getRetryCount()); } @Test @@ -850,14 +831,10 @@ void refreshAccessToken_4xx_5xx_NonRetryableFails() throws IOException { } MockLowLevelHttpResponse mockResponse = new MockLowLevelHttpResponse().setStatusCode(status); - try { - transportFactory.transport.addResponseSequence(mockResponse); - credentials.refresh(); - fail("Should not be able to use credential without exception."); - } catch (GoogleAuthException ex) { - assertFalse(ex.isRetryable()); - assertEquals(0, ex.getRetryCount()); - } + transportFactory.transport.addResponseSequence(mockResponse); + GoogleAuthException ex = assertThrows(GoogleAuthException.class, credentials::refresh); + assertFalse(ex.isRetryable()); + assertEquals(0, ex.getRetryCount()); } } @@ -880,12 +857,8 @@ void IdTokenCredentials_NoUserEmailScope_throws() throws IOException { + " login'. The latter form would not work for Cloud Run, but would still generate an" + " id token."; - try { - tokenCredential.refresh(); - fail("Should not be able to use credential without exception."); - } catch (IOException expected) { - assertTrue(expected.getMessage().equals(expectedMessageContent)); - } + IOException exception = assertThrows(IOException.class, tokenCredential::refresh); + assertEquals(exception.getMessage(), expectedMessageContent); } @Test @@ -940,15 +913,4 @@ static InputStream writeUserStream( GenericJson json = writeUserJson(clientId, clientSecret, refreshToken, quotaProjectId, null); return TestUtils.jsonToInputStream(json); } - - private static void testFromStreamException(InputStream stream, String expectedMessageContent) { - try { - UserCredentials.fromStream(stream); - fail( - String.format( - "Should throw exception with message containing '%s'", expectedMessageContent)); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessageContent)); - } - } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/functional/FTQuotaProjectId.java b/oauth2_http/javatests/com/google/auth/oauth2/functional/FTQuotaProjectId.java index 034507e07..842781219 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/functional/FTQuotaProjectId.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/functional/FTQuotaProjectId.java @@ -39,7 +39,7 @@ import java.io.IOException; import org.junit.jupiter.api.Test; -public final class FTQuotaProjectId { +final class FTQuotaProjectId { @Test void validate_quota_from_environment_used() throws IOException { diff --git a/oauth2_http/javatests/com/google/auth/oauth2/functional/FTServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/functional/FTServiceAccountCredentialsTest.java index ca0ec4fc1..82ba93961 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/functional/FTServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/functional/FTServiceAccountCredentialsTest.java @@ -34,8 +34,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; import com.google.api.client.http.GenericUrl; import com.google.api.client.http.HttpRequest; @@ -50,7 +50,6 @@ import com.google.auth.oauth2.IdTokenCredentials; import com.google.auth.oauth2.IdTokenProvider; import com.google.auth.oauth2.OAuth2Utils; -import java.io.FileNotFoundException; import java.io.IOException; import org.junit.jupiter.api.Test; @@ -135,36 +134,35 @@ void ScopeSetNoAudienceOnePlatformTest() throws Exception { } @Test - void WrongScopeComputeTest() throws Exception { + void WrongScopeComputeTest() { executeRequestWrongScope(computeUrl); } @Test - void WrongScopeStorageTest() throws Exception { + void WrongScopeStorageTest() { executeRequestWrongScope(storageUrl); } @Test - void WrongScopeBigQueryTest() throws Exception { + void WrongScopeBigQueryTest() { executeRequestWrongScope(bigQueryUrl); } @Test - void WrongScopeOnePlatformTest() throws Exception { + void WrongScopeOnePlatformTest() { executeRequestWrongScope(cloudTasksUrl); } - private void executeRequestWrongScope(String serviceUri) - throws FileNotFoundException, IOException { + private void executeRequestWrongScope(String serviceUri) { String expectedMessage = "403 Forbidden"; - try { - executeRequestWithCredentialsWithScope( - serviceUri, "https://www.googleapis.com/auth/adexchange.buyer"); - fail("Should throw exception: " + expectedMessage); - } catch (IOException expected) { - assertTrue(expected.getMessage().contains(expectedMessage)); - } + IOException expected = + assertThrows( + IOException.class, + () -> + executeRequestWithCredentialsWithScope( + serviceUri, "https://www.googleapis.com/auth/adexchange.buyer")); + assertTrue(expected.getMessage().contains(expectedMessage)); } private HttpResponse executeRequestWithCredentialsWithoutScope(String serviceUrl)