move iam endpoint format strings from OAuth2Utils to IamUtils.

zhumin8 · zhumin8 · commit d81aafeeeaf3 · 2024-11-04T13:53:29.000-05:00
diff --git a/oauth2_http/java/com/google/auth/oauth2/IamUtils.java b/oauth2_http/java/com/google/auth/oauth2/IamUtils.java
@@ -62,6 +62,14 @@
  * features like signing.
  */
 class IamUtils {
+
+  // iam credentials endpoints are to be formatted with universe domain and client email
+  static final String IAM_ID_TOKEN_ENDPOINT_FORMAT =
+      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:generateIdToken";
+  static final String IAM_ACCESS_TOKEN_ENDPOINT_FORMAT =
+      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:generateAccessToken";
+  static final String IAM_SIGN_BLOB_ENDPOINT_FORMAT =
+      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:signBlob";
   private static final String PARSE_ERROR_MESSAGE = "Error parsing error message response. ";
   private static final String PARSE_ERROR_SIGNATURE = "Error parsing signature response. ";
 
@@ -114,8 +122,7 @@ private static String getSignature(
       HttpRequestFactory factory)
       throws IOException {
     String signBlobUrl =
-        String.format(
-            OAuth2Utils.IAM_SIGN_BLOB_ENDPOINT_FORMAT, universeDomain, serviceAccountEmail);
+        String.format(IAM_SIGN_BLOB_ENDPOINT_FORMAT, universeDomain, serviceAccountEmail);
     GenericUrl genericUrl = new GenericUrl(signBlobUrl);
 
     GenericData signRequest = new GenericData();
@@ -203,8 +210,7 @@ static IdToken getIdToken(
       throws IOException {
 
     String idTokenUrl =
-        String.format(
-            OAuth2Utils.IAM_ID_TOKEN_ENDPOINT_FORMAT, universeDomain, serviceAccountEmail);
+        String.format(IAM_ID_TOKEN_ENDPOINT_FORMAT, universeDomain, serviceAccountEmail);
     GenericUrl genericUrl = new GenericUrl(idTokenUrl);
 
     GenericData idTokenRequest = new GenericData();
diff --git a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java
@@ -532,7 +532,7 @@ public AccessToken refreshAccessToken() throws IOException {
         this.iamEndpointOverride != null
             ? this.iamEndpointOverride
             : String.format(
-                OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
+                IamUtils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
                 getUniverseDomain(),
                 this.targetPrincipal);
 
diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java
@@ -77,15 +77,6 @@ class OAuth2Utils {
   static final String TOKEN_TYPE_TOKEN_EXCHANGE = "urn:ietf:params:oauth:token-type:token-exchange";
   static final String GRANT_TYPE_JWT_BEARER = "urn:ietf:params:oauth:grant-type:jwt-bearer";
 
-  // iam credentials endpoints are to be formatted with universe domain and client email
-  static final String IAM_ID_TOKEN_ENDPOINT_FORMAT =
-      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:generateIdToken";
-
-  static final String IAM_ACCESS_TOKEN_ENDPOINT_FORMAT =
-      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:generateAccessToken";
-  static final String IAM_SIGN_BLOB_ENDPOINT_FORMAT =
-      "https://iamcredentials.%s/v1/projects/-/serviceAccounts/%s:signBlob";
-
   static final URI TOKEN_SERVER_URI = URI.create("https://oauth2.googleapis.com/token");
 
   static final URI TOKEN_REVOKE_URI = URI.create("https://oauth2.googleapis.com/revoke");
diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
@@ -636,8 +636,7 @@ private IdToken getIdTokenIamEndpoint(String targetAudience) throws IOException
     // `getUniverseDomain()` throws an IOException that would need to be caught
     URI iamIdTokenUri =
         URI.create(
-            String.format(
-                OAuth2Utils.IAM_ID_TOKEN_ENDPOINT_FORMAT, getUniverseDomain(), clientEmail));
+            String.format(IamUtils.IAM_ID_TOKEN_ENDPOINT_FORMAT, getUniverseDomain(), clientEmail));
     HttpRequest request = buildIdTokenRequest(iamIdTokenUri, transportFactory, content);
     // Use the Access Token from the SSJWT to request the ID Token from IAM Endpoint
     request.setHeaders(new HttpHeaders().set(AuthHttpConstants.AUTHORIZATION, accessToken));
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
@@ -133,12 +133,12 @@ public class ImpersonatedCredentialsTest extends BaseSerializationTest {
           + ":generateAccessToken";
   public static final String DEFAULT_IMPERSONATION_URL =
       String.format(
-          OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
+          IamUtils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
           DEFAULT_UNIVERSE_DOMAIN,
           IMPERSONATED_CLIENT_EMAIL);
   private static final String NONGDU_IMPERSONATION_URL =
       String.format(
-          OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
+          IamUtils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
           TEST_UNIVERSE_DOMAIN,
           IMPERSONATED_CLIENT_EMAIL);
   public static final String IMPERSONATION_OVERRIDE_URL =
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockIAMCredentialsServiceTransport.java
@@ -31,7 +31,7 @@
 
 package com.google.auth.oauth2;
 
-import static com.google.auth.oauth2.OAuth2Utils.IAM_ID_TOKEN_ENDPOINT_FORMAT;
+import static com.google.auth.oauth2.IamUtils.IAM_ID_TOKEN_ENDPOINT_FORMAT;
 
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.api.client.http.LowLevelHttpRequest;
