@Test
public void testGetAccessTokenWithScope() {
Date beforeRequest = new Date();
List<String> scopes = new ArrayList<>();
scopes.add("https://www.googleapis.com/auth/urlshortener");
AppIdentityService.GetAccessTokenResult tokenResult = appIdentity.getAccessToken(scopes);
Assert.assertNotNull(tokenResult);
Assert.assertTrue("Token should not be blank.", !tokenResult.getAccessToken().isEmpty());
String errMsg =
"Expiration time should at least be after request time. "
+ dateDebugStr("Before-Request", beforeRequest)
+ ", "
+ dateDebugStr("Expiration-Time=", tokenResult.getExpirationTime());
Assert.assertTrue(errMsg, beforeRequest.getTime() < tokenResult.getExpirationTime().getTime());
log.info(
"AccessToken: "
+ tokenResult.getAccessToken()
+ " Expiration: "
+ tokenResult.getExpirationTime());
// Retrieve it again, should be same since it grabs it from a cache.
AppIdentityService.GetAccessTokenResult tokenResult2 = appIdentity.getAccessToken(scopes);
Assert.assertEquals(tokenResult.getAccessToken(), tokenResult2.getAccessToken());
}
@Test
public void testGetAccessTokenUncached() {
Date beforeRequest = new Date();
List<String> scopes = new ArrayList<>();
scopes.add("https://www.googleapis.com/auth/urlshortener");
// Although we do not verify whether the result came from the cache or not,
// the token should at least be valid.
AppIdentityService.GetAccessTokenResult tokenResult =
appIdentity.getAccessTokenUncached(scopes);
Assert.assertNotNull(tokenResult);
Assert.assertTrue("Token should not be blank.", !tokenResult.getAccessToken().isEmpty());
String errMsg =
"Expiration time should at least be after request time. "
+ dateDebugStr("Before-Request", beforeRequest)
+ ", "
+ dateDebugStr("Expiration-Time=", tokenResult.getExpirationTime());
Assert.assertTrue(errMsg, beforeRequest.getTime() < tokenResult.getExpirationTime().getTime());
log.info(
"AccessToken: "
+ tokenResult.getAccessToken()
+ " Expiration: "
+ tokenResult.getExpirationTime());
}
@Test
/**
* Verify that all certificates returned will validate signForApp(). Any invalid signature or
* exception will cause the test to fail.
*/
public void testSignForApp() throws Exception {
Collection<PublicCertificate> certs = appIdentity.getPublicCertificatesForApp();
byte[] blob = "abcdefg".getBytes();
AppIdentityService.SigningResult result = appIdentity.signForApp(blob);
byte[] signedBlob = result.getSignature();
boolean res = verifySignatureWithAllCertsForApp(blob, signedBlob, certs);
// assertTrue(res) returns null, so using assertEquals()
Assert.assertEquals("signature.verify() returned false. See logs.", true, res);
Assert.assertTrue(!result.getKeyName().isEmpty());
}
@Test
public void testGetServiceAccountName() {
assumeEnvironment(Environment.APPSPOT, Environment.CAPEDWARF);
String serviceAccountName = appIdentity.getServiceAccountName();
String errMsg = serviceAccountName + " is not valid.";
Assert.assertTrue(errMsg, EmailValidator.getInstance().isValid(serviceAccountName));
}
@Test
public void testParseFullAppId() {
// [(partition)~][(domain):](display-app-id)
ApiProxy.Environment env = ApiProxy.getCurrentEnvironment();
String hostname =
(String) env.getAttributes().get("com.google.appengine.runtime.default_version_hostname");
AppIdentityService.ParsedAppId parsed = appIdentity.parseFullAppId(hostname);
String message = createParsed(parsed);
Assert.assertEquals(
message,
property("testParseFullAppId_partition").getPropertyValue(),
parsed.getPartition());
Assert.assertEquals(
message, getExpectedAppHostname("testParseFullAppId_domain"), parsed.getDomain());
Assert.assertEquals(message, getExpectedAppId("testParseFullAppId_id"), parsed.getId());
}
/*
* Retrieve the default Google Cloud Storage bucket name.
*/
@Test
public void testGetDefaultGcsBucketName() {
ApiProxy.Environment env = ApiProxy.getCurrentEnvironment();
String expectedBucketName;
Property property = property("testGetDefaultGcsBucketName");
if (property.exists()) {
expectedBucketName = property.getPropertyValue();
} else {
expectedBucketName =
(String) env.getAttributes().get("com.google.appengine.runtime.default_version_hostname");
}
try {
String bucketName = appIdentity.getDefaultGcsBucketName();
Assert.assertEquals(expectedBucketName, bucketName);
} catch (AppIdentityServiceFailureException aisfe) {
// TODO: This means that there is no default bucket setup for this project. Have a better way
// to verify this.
}
}
@Test
public void testGetPublicCertificates() throws Exception {
Collection<PublicCertificate> certs = appIdentity.getPublicCertificatesForApp();
Assert.assertTrue("No certificates returned.", !certs.isEmpty());
for (PublicCertificate publicCert : certs) {
Assert.assertTrue(
"No name for certificate.", !publicCert.getCertificateName().trim().isEmpty());
String pemFormat = publicCert.getX509CertificateInPemFormat();
String errMsg = "getX509CertificateInPemFormat():" + pemFormat;
// TODO better check?
Assert.assertTrue(errMsg, pemFormat.startsWith("-----BEGIN"));
Assert.assertTrue(errMsg, pemFormat.contains("-----END"));
InputStream stream =
new ByteArrayInputStream(publicCert.getX509CertificateInPemFormat().getBytes("UTF-8"));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(stream);
PublicKey pk = cert.getPublicKey();
Assert.assertNotNull(pk.getEncoded());
}
}
