api: Application Default Credentials: Fix bug detecting GAE and improve error message.

anthmgoogle · anthmgoogle · commit 76170e2885a3 · 2014-10-09T13:43:41.000-07:00
diff --git a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProvider.java b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProvider.java
@@ -29,7 +29,9 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.security.AccessControlException;
 import java.util.Locale;
 
@@ -206,27 +208,74 @@ Class<?> forName(String className) throws ClassNotFoundException {
     return Class.forName(className);
   }
 
+  private boolean runningOnAppEngine() {
+    Class<?> systemPropertyClass = null;
+    try {
+      systemPropertyClass = forName("com.google.appengine.api.utils.SystemProperty");
+    } catch (ClassNotFoundException expected) {
+      // SystemProperty will always be present on App Engine.
+      return false;
+    }
+    Exception cause = null;
+    Field environmentField;
+    try {
+      environmentField = systemPropertyClass.getField("environment");
+      Object environmentValue = environmentField.get(null);
+      Class<?> environmentType = environmentField.getType();
+      Method valueMethod = environmentType.getMethod("value");
+      Object environmentValueValue = valueMethod.invoke(environmentValue);
+      return (environmentValueValue != null);
+    } catch (NoSuchFieldException exception) {
+      cause = exception;
+    } catch (SecurityException exception) {
+      cause = exception;
+    } catch (IllegalArgumentException exception) {
+      cause = exception;
+    } catch (IllegalAccessException exception) {
+      cause = exception;
+    } catch (NoSuchMethodException exception) {
+      cause = exception;
+    } catch (InvocationTargetException exception) {
+      cause = exception;
+    }
+    throw OAuth2Utils.exceptionWithCause(new RuntimeException(String.format(
+        "Unexpcted error trying to determine if runnning on Google App Engine: %s",
+        cause.getMessage())), cause);
+  }
+
   private final GoogleCredential tryGetAppEngineCredential(
-      HttpTransport transport, JsonFactory jsonFactory) {
+      HttpTransport transport, JsonFactory jsonFactory) throws IOException {
     // Checking for App Engine requires a class load, so check only once
     if (checkedAppEngine) {
       return null;
     }
+    boolean onAppEngine = runningOnAppEngine();
     checkedAppEngine = true;
-
+    if (!onAppEngine) {
+      return null;
+    }
+    Exception innerException = null;
     try {
       Class<?> credentialClass = forName(APP_ENGINE_CREDENTIAL_CLASS);
       Constructor<?> constructor = credentialClass
           .getConstructor(HttpTransport.class, JsonFactory.class);
       return (GoogleCredential) constructor.newInstance(transport, jsonFactory);
-      // Reflection expected to fail when not on App Engine
-    } catch (ClassNotFoundException expected) {
-    } catch (NoSuchMethodException expected) {
-    } catch (InstantiationException expected) {
-    } catch (IllegalAccessException expected) {
-    } catch (InvocationTargetException expected) {
+    } catch (ClassNotFoundException e) {
+      innerException = e;
+    } catch (NoSuchMethodException e) {
+      innerException = e;
+    } catch (InstantiationException e) {
+      innerException = e;
+    } catch (IllegalAccessException e) {
+      innerException = e;
+    } catch (InvocationTargetException e) {
+      innerException = e;
     }
-    return null;
+    throw OAuth2Utils.exceptionWithCause(new IOException(String.format(
+        "Application Default Credentials failed to create the Google App Engine service account"
+            + " credentials class %s. Check that the component 'google-api-client-appengine' is"
+            + " deployed.",
+        APP_ENGINE_CREDENTIAL_CLASS)), innerException);
   }
 
   private final GoogleCredential tryGetComputeCredential(
diff --git a/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProviderTest.java b/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProviderTest.java
@@ -68,15 +68,18 @@ public class DefaultCredentialProviderTest  extends TestCase  {
       + "==\n-----END PRIVATE KEY-----\n";
   private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
 
+  private static final String GAE_SIGNAL_CLASS = "com.google.appengine.api.utils.SystemProperty";
+
   private static final Lock lock = new ReentrantLock();
 
   private static File tempDirectory = null;
 
-  public void testDefaultCredentialAppEngine() throws IOException  {
+  public void testDefaultCredentialAppEngineDeployed() throws IOException  {
     HttpTransport transport = new MockHttpTransport();
     TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
     testProvider.addType(DefaultCredentialProvider.APP_ENGINE_CREDENTIAL_CLASS,
         MockAppEngineCredential.class);
+    testProvider.addType(GAE_SIGNAL_CLASS, MockAppEngineSystemProperty.class);
 
     Credential defaultCredential = testProvider.getDefaultCredential(transport, JSON_FACTORY);
 
@@ -86,7 +89,38 @@ public void testDefaultCredentialAppEngine() throws IOException  {
     assertSame(JSON_FACTORY, defaultCredential.getJsonFactory());
   }
 
-  public void testDefaultCredentialAppEngineSingleAttempt() {
+  public void testDefaultCredentialAppEngineComponentOffAppEngineGivesNotFoundError() {
+    HttpTransport transport = new MockHttpTransport();
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    testProvider.addType(DefaultCredentialProvider.APP_ENGINE_CREDENTIAL_CLASS,
+        MockAppEngineCredential.class);
+    testProvider.addType(GAE_SIGNAL_CLASS, MockOffAppEngineSystemProperty.class);
+
+    try {
+      testProvider.getDefaultCredential(transport, JSON_FACTORY);
+      fail("No credential expected when not on App Engine.");
+    } catch (IOException e) {
+      String message = e.getMessage();
+      assertTrue(message.contains(DefaultCredentialProvider.HELP_PERMALINK));
+    }
+  }
+
+  public void testDefaultCredentialAppEngineWithoutDependencyThrowsHelpfulLoadError() {
+    HttpTransport transport = new MockHttpTransport();
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    testProvider.addType(GAE_SIGNAL_CLASS, MockAppEngineSystemProperty.class);
+
+    try {
+      testProvider.getDefaultCredential(transport, JSON_FACTORY);
+      fail("Credential expected to fail to load if credential class not present.");
+    } catch (IOException e) {
+      String message = e.getMessage();
+      assertFalse(message.contains(DefaultCredentialProvider.HELP_PERMALINK));
+      assertTrue(message.contains(DefaultCredentialProvider.APP_ENGINE_CREDENTIAL_CLASS));
+    }
+  }
+
+  public void testDefaultCredentialAppEngineSingleClassLoadAttempt() {
     HttpTransport transport = new MockHttpTransport();
     TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
     try {
@@ -109,6 +143,7 @@ public void testDefaultCredentialCaches() throws IOException  {
     TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
     testProvider.addType(DefaultCredentialProvider.APP_ENGINE_CREDENTIAL_CLASS,
         MockAppEngineCredential.class);
+    testProvider.addType(GAE_SIGNAL_CLASS, MockAppEngineSystemProperty.class);
 
     Credential firstCall = testProvider.getDefaultCredential(transport, JSON_FACTORY);
 
@@ -448,6 +483,46 @@ public MockAppEngineCredential(HttpTransport transport, JsonFactory jsonFactory)
     }
   }
 
+  /*
+   * App Engine is detected by calling SystemProperty.environment.value() via Reflection.
+   * The following mock types simulate the shape and behavior of that call sequence.
+   */
+
+  private static class MockAppEngineSystemProperty {
+
+    @SuppressWarnings("unused")
+    public static final MockEnvironment environment =
+      new MockEnvironment(MockEnvironmentEnum.Production);
+  }
+
+  private static class MockOffAppEngineSystemProperty {
+
+    @SuppressWarnings("unused")
+    public static final MockEnvironment environment = new MockEnvironment(null);
+  }
+
+  private enum MockEnvironmentEnum {
+    Production,
+    Development;
+  }
+
+  public static class MockEnvironment {
+
+    private MockEnvironmentEnum innerValue;
+
+    MockEnvironment(MockEnvironmentEnum value) {
+      this.innerValue = value;
+    }
+
+    public MockEnvironmentEnum value() {
+      return innerValue;
+    }
+  }
+
+  /*
+   * End of types simulating SystemProperty.environment.value()
+   */
+
   private static class MockRequestCountingTransport extends MockHttpTransport {
     int requestCount = 0;
 
