feat: add logic to set universe domain to ServiceAccountJwtAccessCredentials (#3806)

Follow-up PR to
googleapis/google-auth-library-java#1754
For java-bigtable's use case, when GOOGLE_APPLICATION_CREDENTIALS is set
to a service account's JSON path, these lines get exercised when
creating `ServiceAccountJwtAccessCredentials`:

https://github.com/googleapis/sdk-platform-java/blob/49a7ae50071e75fe0d161a4eb9360a4fe4e6147b/gax-java/gax/src/main/java/com/google/api/gax/core/GoogleCredentialsProvider.java#L82-L92
See https://github.com/mpeddada1/sa-universe-domain for full test setup.

Author: mpeddada1

gax-java/gax/src/main/java/com/google/api/gax/core/GoogleCredentialsProvider.java

@@ -88,6 +88,7 @@ public Credentials getCredentials() throws IOException {
           .setPrivateKey(serviceAccount.getPrivateKey())
           .setPrivateKeyId(serviceAccount.getPrivateKeyId())
           .setQuotaProjectId(serviceAccount.getQuotaProjectId())
+          .setUniverseDomain(serviceAccount.getUniverseDomain())
           .build();
     }
 

gax-java/gax/src/test/java/com/google/api/gax/core/GoogleCredentialsProviderTest.java

@@ -68,6 +68,51 @@ void serviceAccountReplacedWithJwtTokens() throws Exception {
     assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
     assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
     assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
+    assertThat(jwtCreds.getUniverseDomain()).isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
+  }
+
+  @Test
+  void serviceAccountReplacedWithJwtTokens_setEmptyDomain() throws Exception {
+    ServiceAccountCredentials serviceAccountCredentials =
+        CreateServiceAccountCredentials().toBuilder().setUniverseDomain("").build();
+
+    GoogleCredentialsProvider provider =
+        GoogleCredentialsProvider.newBuilder()
+            .setScopesToApply(ImmutableList.of("scope1", "scope2"))
+            .setJwtEnabledScopes(ImmutableList.of("scope1"))
+            .setOAuth2Credentials(serviceAccountCredentials)
+            .build();
+
+    Credentials credentials = provider.getCredentials();
+    assertThat(credentials).isInstanceOf(ServiceAccountJwtAccessCredentials.class);
+    ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials;
+    assertThat(jwtCreds.getClientId()).isEqualTo(serviceAccountCredentials.getClientId());
+    assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
+    assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
+    assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
+    assertThat(jwtCreds.getUniverseDomain()).isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
+  }
+
+  @Test
+  void serviceAccountReplacedWithJwtTokens_customUniverseDomain() throws Exception {
+    ServiceAccountCredentials serviceAccountCredentials =
+        CreateServiceAccountCredentials().toBuilder().setUniverseDomain("example.com").build();
+
+    GoogleCredentialsProvider provider =
+        GoogleCredentialsProvider.newBuilder()
+            .setScopesToApply(ImmutableList.of("scope1", "scope2"))
+            .setJwtEnabledScopes(ImmutableList.of("scope1"))
+            .setOAuth2Credentials(serviceAccountCredentials)
+            .build();
+
+    Credentials credentials = provider.getCredentials();
+    assertThat(credentials).isInstanceOf(ServiceAccountJwtAccessCredentials.class);
+    ServiceAccountJwtAccessCredentials jwtCreds = (ServiceAccountJwtAccessCredentials) credentials;
+    assertThat(jwtCreds.getClientId()).isEqualTo(serviceAccountCredentials.getClientId());
+    assertThat(jwtCreds.getClientEmail()).isEqualTo(serviceAccountCredentials.getClientEmail());
+    assertThat(jwtCreds.getPrivateKeyId()).isEqualTo(serviceAccountCredentials.getPrivateKeyId());
+    assertThat(jwtCreds.getPrivateKey()).isEqualTo(serviceAccountCredentials.getPrivateKey());
+    assertThat(jwtCreds.getUniverseDomain()).isEqualTo("example.com");
   }
 
   @Test
@@ -94,6 +139,8 @@ void noJwtWithoutScopeMatch() throws Exception {
     assertThat(serviceAccountCredentials2.getPrivateKey())
         .isEqualTo(serviceAccountCredentials.getPrivateKey());
     assertThat(serviceAccountCredentials2.getScopes()).containsExactly("scope1", "scope2");
+    assertThat(serviceAccountCredentials2.getUniverseDomain())
+        .isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
   }
 
   @Test
@@ -120,5 +167,7 @@ void useJwtAccessWithScope() throws Exception {
     assertThat(serviceAccountCredentials2.getPrivateKey())
         .isEqualTo(serviceAccountCredentials.getPrivateKey());
     assertTrue(serviceAccountCredentials2.getUseJwtAccessWithScope());
+    assertThat(serviceAccountCredentials2.getUniverseDomain())
+        .isEqualTo(Credentials.GOOGLE_DEFAULT_UNIVERSE);
   }
 }