api: Default credential support for well known file from Cloud SDK.

https://codereview.appspot.com/92730043/

Author: anthmgoogle

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProvider.java

@@ -28,6 +28,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Constructor;
+import java.security.AccessControlException;
+import java.util.Locale;
 
 /**
  * {@link Beta} <br/>
@@ -41,6 +43,10 @@ class DefaultCredentialProvider {
 
   static final String CREDENTIAL_ENV_VAR = "GOOGLE_CREDENTIALS_DEFAULT";
 
+  static final String WELL_KNOWN_CREDENTIALS_FILE = "credentials_default.json";
+
+  static final String CLOUDSDK_CONFIG_DIRECTORY = "gcloud";
+
   static final String HELP_PERMALINK =
       "https://developers.google.com/accounts/docs/default-credential";
 
@@ -112,6 +118,8 @@ private final GoogleCredential getDefaultCredentialUnsynchronized(
         throw OAuth2Utils.exceptionWithCause(new IOException(String.format(
             "Error reading credential file from environment variable %s, value '%s': %s",
             CREDENTIAL_ENV_VAR, credentialsPath, e.getMessage())), e);
+      } catch (AccessControlException expected) {
+        // Exception querying file system is expected on App-Engine
       }
       finally {
         if (credentialsStream != null) {
@@ -120,6 +128,29 @@ private final GoogleCredential getDefaultCredentialUnsynchronized(
       }
     }
 
+    // Then try the well-known file
+    File wellKnownFileLocation = getWellKnownCredentialsFile();
+    try {
+      if (fileExists(wellKnownFileLocation)) {
+        InputStream credentialsStream = null;
+        try {
+          credentialsStream = new FileInputStream(wellKnownFileLocation);
+          credential = GoogleCredential.fromStream(credentialsStream, transport, jsonFactory);
+        } catch (IOException e) {
+          throw new IOException(String.format(
+              "Error reading credential file from location %s: %s",
+              wellKnownFileLocation, e.getMessage()));
+        }
+        finally {
+          if (credentialsStream != null) {
+            credentialsStream.close();
+          }
+        }
+      }
+    } catch (AccessControlException expected) {
+      // Exception querying file system is expected on App-Engine
+    }
+
     // Then try App Engine
     if (credential == null) {
       credential = tryGetAppEngineCredential(transport, jsonFactory);
@@ -132,13 +163,41 @@ private final GoogleCredential getDefaultCredentialUnsynchronized(
     return credential;
   }
 
+  private final File getWellKnownCredentialsFile() {
+    File cloudConfigPath = null;
+    String os = getProperty("os.name", "").toLowerCase(Locale.US);
+    if (os.indexOf("windows") >= 0) {
+      File appDataPath = new File(getEnv("APPDATA"));
+      cloudConfigPath = new File(appDataPath, CLOUDSDK_CONFIG_DIRECTORY);
+    } else {
+      File configPath = new File(getProperty("user.home", ""), ".config");
+      cloudConfigPath = new File(configPath, CLOUDSDK_CONFIG_DIRECTORY);
+    }
+    File credentialFilePath = new File(cloudConfigPath, WELL_KNOWN_CREDENTIALS_FILE);
+    return credentialFilePath;
+  }
+
   /**
    * Override in test code to isolate from environment.
    */
   String getEnv(String name) {
     return System.getenv(name);
   }
 
+  /**
+   * Override in test code to isolate from environment.
+   */
+  boolean fileExists(File file) {
+    return file.exists() && !file.isDirectory();
+  }
+
+  /**
+   * Override in test code to isolate from environment.
+   */
+  String getProperty(String property, String def) {
+    return System.getProperty(property, def);
+  }
+
   /**
    * Override in test code to isolate from environment
    */

google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProviderTest.java

@@ -24,7 +24,6 @@
 import com.google.api.client.json.jackson2.JacksonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpRequest;
-import com.google.api.client.util.Joiner;
 
 import junit.framework.TestCase;
 
@@ -34,7 +33,9 @@
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 
@@ -225,6 +226,61 @@ public void testDefaultCredentialUser() throws IOException {
     if (userCredentialFile.exists()) {
       userCredentialFile.delete();
     }
+
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    // Point the default credential to the file
+    testProvider.setEnv(DefaultCredentialProvider.CREDENTIAL_ENV_VAR,
+        userCredentialFile.getAbsolutePath());
+
+    testDefaultCredentialUser(userCredentialFile, testProvider);
+  }
+
+  public void testDefaultCredentialWellKnownFileNonWindows() throws IOException {
+    // Simulate where the SDK puts the well-known file on non-Windows platforms
+    File homeDir = getTempDirectory();
+    File configDir = new File(homeDir, ".config");
+    if (!configDir.exists()) {
+      configDir.mkdir();
+    }
+    File cloudConfigDir = new File(configDir, DefaultCredentialProvider.CLOUDSDK_CONFIG_DIRECTORY);
+    if (!cloudConfigDir.exists()) {
+      cloudConfigDir.mkdir();
+    }
+    File wellKnownFile = new File(
+        cloudConfigDir, DefaultCredentialProvider.WELL_KNOWN_CREDENTIALS_FILE);
+    if (wellKnownFile.exists()) {
+      wellKnownFile.delete();
+    }
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    testProvider.addFile(wellKnownFile.getAbsolutePath());
+    testProvider.setProperty("os.name", "linux");
+    testProvider.setProperty("user.home", homeDir.getAbsolutePath());
+
+    testDefaultCredentialUser(wellKnownFile, testProvider);
+  }
+
+  public void testDefaultCredentialWellKnownFileWindows() throws IOException {
+    // Simulate where the SDK puts the well-known file on Windows
+    File appDataDir = getTempDirectory();
+    File cloudConfigDir = new File(appDataDir, DefaultCredentialProvider.CLOUDSDK_CONFIG_DIRECTORY);
+    if (!cloudConfigDir.exists()) {
+      cloudConfigDir.mkdir();
+    }
+    File wellKnownFile = new File(
+        cloudConfigDir, DefaultCredentialProvider.WELL_KNOWN_CREDENTIALS_FILE);
+    if (wellKnownFile.exists()) {
+      wellKnownFile.delete();
+    }
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    testProvider.addFile(wellKnownFile.getAbsolutePath());
+    testProvider.setProperty("os.name", "windows");
+    testProvider.setEnv("APPDATA", appDataDir.getAbsolutePath());
+
+    testDefaultCredentialUser(wellKnownFile, testProvider);
+  }
+
+  private void testDefaultCredentialUser(File userFile, TestDefaultCredentialProvider testProvider)
+      throws IOException {
     final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
     final String CLIENT_SECRET = "jakuaL9YyieakhECKL2SwZcu";
     final String CLIENT_ID = "ya29.1.AADtN_UtlxH8cruGAxrN2XQnZTVRvDyVWnYq4I6dws";
@@ -235,26 +291,14 @@ public void testDefaultCredentialUser() throws IOException {
     transport.addClient(CLIENT_ID, CLIENT_SECRET);
     transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN);
 
-    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    String json = GoogleCredentialTest.createUserJson(CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN);
+
     try {
       // Write out user file
-      GenericJson userCredentialContents = new GenericJson();
-      userCredentialContents.setFactory(JSON_FACTORY);
-      userCredentialContents.put("client_id", CLIENT_ID);
-      userCredentialContents.put("client_secret", CLIENT_SECRET);
-      userCredentialContents.put("refresh_token", REFRESH_TOKEN);
-      String scopesAsString = Joiner.on(' ').join(SCOPES);
-      userCredentialContents.put("scopes", scopesAsString);
-      userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
-      PrintWriter writer = new PrintWriter(userCredentialFile);
-      String json = userCredentialContents.toPrettyString();
+      PrintWriter writer = new PrintWriter(userFile);
       writer.println(json);
       writer.close();
 
-      // Point the default credential to the file
-      testProvider.setEnv(DefaultCredentialProvider.CREDENTIAL_ENV_VAR,
-          userCredentialFile.getAbsolutePath());
-
       Credential credential = testProvider.getDefaultCredential(transport, JSON_FACTORY);
 
       assertNotNull(credential);
@@ -263,8 +307,8 @@ public void testDefaultCredentialUser() throws IOException {
       assertTrue(credential.refreshToken());
       assertEquals(ACCESS_TOKEN, credential.getAccessToken());
     } finally {
-      if (userCredentialFile.exists()) {
-        userCredentialFile.delete();
+      if (userFile.exists()) {
+        userFile.delete();
       }
     }
   }
@@ -321,11 +365,17 @@ private static class TestDefaultCredentialProvider extends DefaultCredentialProv
 
     private Map<String, Class<?>> types = new HashMap<String, Class<?>>();
     private Map<String, String> variables = new HashMap<String, String>();
+    private Map<String, String> properties = new HashMap<String, String>();
+    private Set<String> files = new HashSet<String>();
     private int forNameCallCount = 0;
 
     TestDefaultCredentialProvider() {
     }
 
+    void addFile(String file) {
+      files.add(file);
+    }
+
     void addType(String className, Class<?> type) {
       types.put(className, type);
     }
@@ -339,6 +389,21 @@ void setEnv(String name, String value) {
       variables.put(name, value);
     }
 
+    @Override
+    String getProperty(String property, String def) {
+      String value = properties.get(property);
+      return value == null ? def : value;
+    }
+
+    void setProperty(String property, String value) {
+      properties.put(property, value);
+    }
+
+    @Override
+    boolean fileExists(File file) {
+      return files.contains(file.getAbsolutePath());
+    }
+
     @Override
     Class<?> forName(String className) throws ClassNotFoundException {
       forNameCallCount++;

google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredentialTest.java

@@ -20,7 +20,6 @@
 import com.google.api.client.json.jackson2.JacksonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.util.SecurityTestUtils;
-import com.google.api.client.util.Joiner;
 
 import junit.framework.TestCase;
 
@@ -311,15 +310,7 @@ public void testFromStreamUser() throws IOException {
     transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN);
 
     // Create user stream.
-    GenericJson userCredentialContents = new GenericJson();
-    userCredentialContents.setFactory(JSON_FACTORY);
-    userCredentialContents.put("client_id", CLIENT_ID);
-    userCredentialContents.put("client_secret", CLIENT_SECRET);
-    userCredentialContents.put("refresh_token", REFRESH_TOKEN);
-    String scopesAsString = Joiner.on(' ').join(SCOPES);
-    userCredentialContents.put("scopes", scopesAsString);
-    userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
-    String json = userCredentialContents.toPrettyString();
+    String json = createUserJson(CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN);
     InputStream userStream = new ByteArrayInputStream(json.getBytes());
 
     GoogleCredential defaultCredential = GoogleCredential
@@ -343,14 +334,7 @@ public void testFromStreamUsertMissingClientIdThrows() throws IOException {
     transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN);
 
     // Write out user file
-    GenericJson userCredentialContents = new GenericJson();
-    userCredentialContents.setFactory(JSON_FACTORY);
-    userCredentialContents.put("client_secret", CLIENT_SECRET);
-    userCredentialContents.put("refresh_token", REFRESH_TOKEN);
-    String scopesAsString = Joiner.on(' ').join(SCOPES);
-    userCredentialContents.put("scopes", scopesAsString);
-    userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
-    String json = userCredentialContents.toPrettyString();
+    String json = createUserJson(null, CLIENT_SECRET, REFRESH_TOKEN);
     InputStream userStream = new ByteArrayInputStream(json.getBytes());
 
     try {
@@ -372,14 +356,7 @@ public void testFromStreamUsertMissingClientSecretThrows() throws IOException {
     transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN);
 
     // Write out user file
-    GenericJson userCredentialContents = new GenericJson();
-    userCredentialContents.setFactory(JSON_FACTORY);
-    userCredentialContents.put("client_id", CLIENT_ID);
-    userCredentialContents.put("refresh_token", REFRESH_TOKEN);
-    String scopesAsString = Joiner.on(' ').join(SCOPES);
-    userCredentialContents.put("scopes", scopesAsString);
-    userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
-    String json = userCredentialContents.toPrettyString();
+    String json = createUserJson(CLIENT_ID, null, REFRESH_TOKEN);
     InputStream userStream = new ByteArrayInputStream(json.getBytes());
 
     try {
@@ -401,13 +378,7 @@ public void testFromStreamUsertMissingRefreshTokenThrows() throws IOException {
     transport.addRefreshToken(REFRESH_TOKEN, ACCESS_TOKEN);
 
     // Write out user file
-    GenericJson userCredentialContents = new GenericJson();
-    userCredentialContents.setFactory(JSON_FACTORY);
-    userCredentialContents.put("client_id", CLIENT_ID);
-    String scopesAsString = Joiner.on(' ').join(SCOPES);
-    userCredentialContents.put("scopes", scopesAsString);
-    userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
-    String json = userCredentialContents.toPrettyString();
+    String json = createUserJson(CLIENT_ID, CLIENT_SECRET, null);
     InputStream userStream = new ByteArrayInputStream(json.getBytes());
 
     try {
@@ -417,4 +388,22 @@ public void testFromStreamUsertMissingRefreshTokenThrows() throws IOException {
       assertTrue(expected.getMessage().contains("refresh_token"));
     }
   }
+
+  static String createUserJson(String clientId, String clientSecret, String refreshToken)
+      throws IOException {
+    GenericJson userCredentialContents = new GenericJson();
+    userCredentialContents.setFactory(JSON_FACTORY);
+    if (clientId != null) {
+      userCredentialContents.put("client_id", clientId);
+    }
+    if (clientSecret != null) {
+      userCredentialContents.put("client_secret", clientSecret);
+    }
+    if (refreshToken != null) {
+      userCredentialContents.put("refresh_token", refreshToken);
+    }
+    userCredentialContents.put("type", GoogleCredential.USER_FILE_TYPE);
+    String json = userCredentialContents.toPrettyString();
+    return json;
+  }
 }