[Git][java-team/google-oauth-client-java][master] 3 commits: New upstream version 1.34.1
Tony Mancill (@tmancill)
gitlab at salsa.debian.org
Mon Jul 18 05:04:31 BST 2022
Tony Mancill pushed to branch master at Debian Java Maintainers / google-oauth-client-java
Commits:
09f05ba1 by tony mancill at 2022-07-17T20:42:52-07:00
New upstream version 1.34.1
- - - - -
61539c8c by tony mancill at 2022-07-17T20:42:52-07:00
Bump Standards-Version to 4.6.1
- - - - -
a2ded5ae by tony mancill at 2022-07-17T20:44:46-07:00
Prepare changelog for upload to unstable
- - - - -
26 changed files:
- .github/.OwlBot.lock.yaml
- + .github/auto-label.yaml
- .github/release-please.yml
- .github/sync-repo-settings.yaml
- .kokoro/build.sh
- + .kokoro/presubmit/graalvm-native-17.cfg
- .repo-metadata.json
- CHANGELOG.md
- debian/changelog
- debian/control
- google-oauth-client-appengine/pom.xml
- google-oauth-client-assembly/pom.xml
- google-oauth-client-bom/pom.xml
- google-oauth-client-java6/pom.xml
- google-oauth-client-jetty/pom.xml
- google-oauth-client-servlet/pom.xml
- google-oauth-client/pom.xml
- google-oauth-client/src/main/java/com/google/api/client/auth/openidconnect/IdTokenVerifier.java
- google-oauth-client/src/test/java/com/google/api/client/auth/openidconnect/IdTokenVerifierTest.java
- pom.xml
- renovate.json
- samples/dailymotion-cmdline-sample/pom.xml
- samples/keycloak-pkce-cmdline-sample/pom.xml
- samples/pom.xml
- samples/snippets/pom.xml
- versions.txt
Changes:
=====================================
.github/.OwlBot.lock.yaml
=====================================
@@ -13,4 +13,5 @@
# limitations under the License.
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:b0b1c1c89570e229b1026372a2b8989ba31495007055b8d30178b7648503eefa
+ digest: sha256:2567a120ce90fadb6201999b87d649d9f67459de28815ad239bce9ebfaa18a74
+# created: 2022-05-19T15:12:45.278246753Z
=====================================
.github/auto-label.yaml
=====================================
@@ -0,0 +1,15 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+requestsize:
+ enabled: true
=====================================
.github/release-please.yml
=====================================
@@ -10,3 +10,7 @@ branches:
handleGHRelease: true
releaseType: java-backport
branch: 1.32.x
+ - bumpMinorPreMajor: true
+ handleGHRelease: true
+ releaseType: java-backport
+ branch: 1.33.x
=====================================
.github/sync-repo-settings.yaml
=====================================
@@ -41,6 +41,19 @@ branchProtectionRules:
- dependencies (11)
- clirr
- cla/google
+ - pattern: 1.33.x
+ isAdminEnforced: true
+ requiredApprovingReviewCount: 1
+ requiresCodeOwnerReviews: true
+ requiresStrictStatusChecks: false
+ requiredStatusCheckContexts:
+ - checkstyle
+ - units (8)
+ - units (11)
+ - dependencies (8)
+ - dependencies (11)
+ - clirr
+ - cla/google
permissionRules:
- team: yoshi-admins
permission: admin
=====================================
.kokoro/build.sh
=====================================
@@ -74,6 +74,11 @@ graalvm)
mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
RETURN_CODE=$?
;;
+graalvm17)
+ # Run Unit and Integration Tests with Native Image
+ mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
+ RETURN_CODE=$?
+ ;;
samples)
SAMPLES_DIR=samples
# only run ITs in snapshot/ on presubmit PRs. run ITs in all 3 samples/ subdirectories otherwise.
=====================================
.kokoro/presubmit/graalvm-native-17.cfg
=====================================
@@ -0,0 +1,33 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+ key: "TRAMPOLINE_IMAGE"
+ value: "gcr.io/cloud-devrel-kokoro-resources/graalvm17"
+}
+
+env_vars: {
+ key: "JOB_TYPE"
+ value: "graalvm17"
+}
+
+# TODO: remove this after we've migrated all tests and scripts
+env_vars: {
+ key: "GCLOUD_PROJECT"
+ value: "gcloud-devel"
+}
+
+env_vars: {
+ key: "GOOGLE_CLOUD_PROJECT"
+ value: "gcloud-devel"
+}
+
+env_vars: {
+ key: "GOOGLE_APPLICATION_CREDENTIALS"
+ value: "secret_manager/java-it-service-account"
+}
+
+env_vars: {
+ key: "SECRET_MANAGER_KEYS"
+ value: "java-it-service-account"
+}
\ No newline at end of file
=====================================
.repo-metadata.json
=====================================
@@ -1,7 +1,7 @@
{
"api_shortname": "google-oauth-client",
"name_pretty": "Google OAuth Java Client",
- "client_documentation": "oauths://googleapis.dev/java/google-oauth-client/latest/",
+ "client_documentation": "https://googleapis.dev/java/google-oauth-client/latest/",
"release_level": "stable",
"language": "java",
"repo": "googleapis/google-oauth-java-client",
=====================================
CHANGELOG.md
=====================================
@@ -1,5 +1,30 @@
# Changelog
+## [1.34.1](https://github.com/googleapis/google-oauth-java-client/compare/v1.34.0...v1.34.1) (2022-06-09)
+
+
+### Bug Fixes
+
+* .repo-metadata.json file with https: [#813](https://github.com/googleapis/google-oauth-java-client/issues/813) ([#898](https://github.com/googleapis/google-oauth-java-client/issues/898)) ([be4d54a](https://github.com/googleapis/google-oauth-java-client/commit/be4d54ad6b3264a1246cd1bd5789140112407681))
+
+
+### Dependencies
+
+* update project.http.version to v1.42.0 ([#902](https://github.com/googleapis/google-oauth-java-client/issues/902)) ([51c1eb5](https://github.com/googleapis/google-oauth-java-client/commit/51c1eb5e4c6797b51b4347046422681780bd0d81))
+
+## [1.34.0](https://github.com/googleapis/google-oauth-java-client/compare/v1.33.3...v1.34.0) (2022-06-02)
+
+
+### Features
+
+* add build scripts for native image testing in Java 17 ([#1440](https://github.com/googleapis/google-oauth-java-client/issues/1440)) ([#890](https://github.com/googleapis/google-oauth-java-client/issues/890)) ([373891e](https://github.com/googleapis/google-oauth-java-client/commit/373891e2dc9742fdf8954cc590b18caf4c8c44f7))
+* next release from main branch is 1.34.0 ([#875](https://github.com/googleapis/google-oauth-java-client/issues/875)) ([187651e](https://github.com/googleapis/google-oauth-java-client/commit/187651eeb963c490c1a5595222548bbdba660c22))
+
+
+### Bug Fixes
+
+* fix IdTokenVerifier so it does not cache empty entries ([#892](https://github.com/googleapis/google-oauth-java-client/issues/892)) ([773b388](https://github.com/googleapis/google-oauth-java-client/commit/773b38844cd6a0a72a360cc25692412e9b36b1e7))
+
### [1.33.3](https://github.com/googleapis/google-oauth-java-client/compare/v1.33.2...v1.33.3) (2022-04-13)
=====================================
debian/changelog
=====================================
@@ -1,7 +1,15 @@
+google-oauth-client-java (1.34.1-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream version 1.34.1
+ * Bump Standards-Version to 4.6.1
+
+ -- tony mancill <tmancill at debian.org> Sun, 17 Jul 2022 20:31:04 -0700
+
google-oauth-client-java (1.33.3-1) unstable; urgency=high
* Team upload
- * New upstream version 1.33.3
+ * New upstream version 1.33.3
Upstream fix for CVE-2021-22573 (Closes: #1010657)
* Refresh patches for new upstream version
* Remove CVE-2020-7692.patch; applied upstream in version 1.31.0
=====================================
debian/control
=====================================
@@ -9,7 +9,7 @@ Build-Depends: debhelper-compat (= 13),
libgoogle-http-client-java (>= 1.41.8-2),
libgrpc-java,
maven-debian-helper,
-Standards-Version: 4.5.1
+Standards-Version: 4.6.1
Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/java-team/google-oauth-client-java.git
Vcs-Browser: https://salsa.debian.org/java-team/google-oauth-client-java
=====================================
google-oauth-client-appengine/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>google-oauth-client-appengine</artifactId>
@@ -77,7 +77,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>5.1.4</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-SymbolicName>com.google.oauth-client-appengine</Bundle-SymbolicName>
=====================================
google-oauth-client-assembly/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>com.google.oauth-client</groupId>
=====================================
google-oauth-client-bom/pom.xml
=====================================
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-bom</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<packaging>pom</packaging>
<name>Google OAuth Client Library for Java BOM</name>
@@ -63,27 +63,27 @@
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-appengine</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-java6</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-servlet</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
</dependency>
</dependencies>
</dependencyManagement>
@@ -92,7 +92,7 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.12</version>
+ <version>1.6.13</version>
<extensions>true</extensions>
<configuration>
<serverId>sonatype-nexus-staging</serverId>
@@ -102,14 +102,14 @@
</plugin>
<plugin>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.3.2</version>
+ <version>3.4.0</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<artifactId>maven-site-plugin</artifactId>
- <version>3.11.0</version>
+ <version>3.12.0</version>
<configuration>
<skip>true</skip>
</configuration>
=====================================
google-oauth-client-java6/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>google-oauth-client-java6</artifactId>
@@ -62,7 +62,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>5.1.4</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-SymbolicName>com.google.oauth-client-java6</Bundle-SymbolicName>
=====================================
google-oauth-client-jetty/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>google-oauth-client-jetty</artifactId>
@@ -64,7 +64,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>5.1.4</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-SymbolicName>com.google.oauth-client-jetty</Bundle-SymbolicName>
=====================================
google-oauth-client-servlet/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>google-oauth-client-servlet</artifactId>
@@ -88,7 +88,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>5.1.4</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-SymbolicName>com.google.oauth-client-servlet</Bundle-SymbolicName>
=====================================
google-oauth-client/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>google-oauth-client</artifactId>
@@ -55,7 +55,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>5.1.4</version>
+ <version>5.1.6</version>
<configuration>
<instructions>
<Bundle-SymbolicName>com.google.oauth-client</Bundle-SymbolicName>
=====================================
google-oauth-client/src/main/java/com/google/api/client/auth/openidconnect/IdTokenVerifier.java
=====================================
@@ -233,12 +233,9 @@ public class IdTokenVerifier {
* @return {@code true} if verified successfully or {@code false} if failed
*/
public boolean verify(IdToken idToken) {
- boolean tokenFieldsValid =
- (issuers == null || idToken.verifyIssuer(issuers))
- && (audience == null || idToken.verifyAudience(audience))
- && idToken.verifyTime(clock.currentTimeMillis(), acceptableTimeSkewSeconds);
+ boolean payloadValid = verifyPayload(idToken);
- if (!tokenFieldsValid) {
+ if (!payloadValid) {
return false;
}
@@ -254,6 +251,35 @@ public class IdTokenVerifier {
}
}
+ /**
+ * Verifies the payload of the given ID token
+ *
+ * <p>It verifies:
+ *
+ * <ul>
+ * <li>The issuer is one of {@link #getIssuers()} by calling {@link
+ * IdToken#verifyIssuer(String)}.
+ * <li>The audience is one of {@link #getAudience()} by calling {@link
+ * IdToken#verifyAudience(Collection)}.
+ * <li>The current time against the issued at and expiration time, using the {@link #getClock()}
+ * and allowing for a time skew specified in {@link #getAcceptableTimeSkewSeconds()} , by
+ * calling {@link IdToken#verifyTime(long, long)}.
+ * </ul>
+ *
+ * <p>Overriding is allowed, but it must call the super implementation.
+ *
+ * @param idToken ID token
+ * @return {@code true} if verified successfully or {@code false} if failed
+ */
+ protected boolean verifyPayload(IdToken idToken) {
+ boolean tokenPayloadValid =
+ (issuers == null || idToken.verifyIssuer(issuers))
+ && (audience == null || idToken.verifyAudience(audience))
+ && idToken.verifyTime(clock.currentTimeMillis(), acceptableTimeSkewSeconds);
+
+ return tokenPayloadValid;
+ }
+
@VisibleForTesting
boolean verifySignature(IdToken idToken) throws VerificationException {
if (Boolean.parseBoolean(environment.getVariable(SKIP_SIGNATURE_ENV_VAR))) {
@@ -272,12 +298,12 @@ public class IdTokenVerifier {
publicKeyToUse = publicKeyCache.get(certificateLocation).get(idToken.getHeader().getKeyId());
} catch (ExecutionException | UncheckedExecutionException e) {
throw new VerificationException(
- "Error fetching PublicKey from certificate location " + certificatesLocation, e);
+ "Error fetching public key from certificate location " + certificatesLocation, e);
}
if (publicKeyToUse == null) {
throw new VerificationException(
- "Could not find PublicKey for provided keyId: " + idToken.getHeader().getKeyId());
+ "Could not find public key for provided keyId: " + idToken.getHeader().getKeyId());
}
try {
@@ -380,7 +406,7 @@ public class IdTokenVerifier {
}
/**
- * Override the location URL that contains published public keys. Defaults to well-known Google
+ * Overrides the location URL that contains published public keys. Defaults to well-known Google
* locations.
*
* @param certificatesLocation URL to published public keys
@@ -534,7 +560,7 @@ public class IdTokenVerifier {
Level.WARNING,
"Failed to get a certificate from certificate location " + certificateUrl,
io);
- return ImmutableMap.of();
+ throw io;
}
ImmutableMap.Builder<String, PublicKey> keyCacheBuilder = new ImmutableMap.Builder<>();
@@ -556,6 +582,13 @@ public class IdTokenVerifier {
}
}
+ ImmutableMap<String, PublicKey> keyCache = keyCacheBuilder.build();
+
+ if (keyCache.isEmpty()) {
+ throw new VerificationException(
+ "No valid public key returned by the keystore: " + certificateUrl);
+ }
+
return keyCacheBuilder.build();
}
=====================================
google-oauth-client/src/test/java/com/google/api/client/auth/openidconnect/IdTokenVerifierTest.java
=====================================
@@ -33,12 +33,15 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
+import java.util.ArrayDeque;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Queue;
import junit.framework.TestCase;
+import org.junit.Assert;
/**
* Tests {@link IdTokenVerifier}.
@@ -101,7 +104,7 @@ public class IdTokenVerifierTest extends TestCase {
assertEquals(TRUSTED_CLIENT_IDS, Lists.newArrayList(verifier.getAudience()));
}
- public void testVerify() throws Exception {
+ public void testVerifyPayload() throws Exception {
MockClock clock = new MockClock();
MockEnvironment testEnvironment = new MockEnvironment();
testEnvironment.setVariable(IdTokenVerifier.SKIP_SIGNATURE_ENV_VAR, "true");
@@ -121,21 +124,31 @@ public class IdTokenVerifierTest extends TestCase {
clock.timeMillis = 1500000L;
IdToken idToken = newIdToken(ISSUER, CLIENT_ID);
assertTrue(verifier.verify(idToken));
+ assertTrue(verifier.verifyPayload(idToken));
assertTrue(verifierFlexible.verify(newIdToken(ISSUER2, CLIENT_ID)));
+ assertTrue(verifierFlexible.verifyPayload(newIdToken(ISSUER2, CLIENT_ID)));
assertFalse(verifier.verify(newIdToken(ISSUER2, CLIENT_ID)));
+ assertFalse(verifier.verifyPayload(newIdToken(ISSUER2, CLIENT_ID)));
assertTrue(verifier.verify(newIdToken(ISSUER3, CLIENT_ID)));
+ assertTrue(verifier.verifyPayload(newIdToken(ISSUER3, CLIENT_ID)));
// audience
assertTrue(verifierFlexible.verify(newIdToken(ISSUER, CLIENT_ID2)));
+ assertTrue(verifierFlexible.verifyPayload(newIdToken(ISSUER, CLIENT_ID2)));
assertFalse(verifier.verify(newIdToken(ISSUER, CLIENT_ID2)));
+ assertFalse(verifier.verifyPayload(newIdToken(ISSUER, CLIENT_ID2)));
// time
clock.timeMillis = 700000L;
assertTrue(verifier.verify(idToken));
+ assertTrue(verifier.verifyPayload(idToken));
clock.timeMillis = 2300000L;
assertTrue(verifier.verify(idToken));
+ assertTrue(verifier.verifyPayload(idToken));
clock.timeMillis = 699999L;
assertFalse(verifier.verify(idToken));
+ assertFalse(verifier.verifyPayload(idToken));
clock.timeMillis = 2300001L;
assertFalse(verifier.verify(idToken));
+ assertFalse(verifier.verifyPayload(idToken));
}
public void testEmptyIssuersFails() throws Exception {
@@ -187,28 +200,52 @@ public class IdTokenVerifierTest extends TestCase {
public void testVerifyEs256TokenPublicKeyMismatch() throws Exception {
// Mock HTTP requests
- HttpTransportFactory httpTransportFactory =
- new HttpTransportFactory() {
+ MockLowLevelHttpRequest failedRequest =
+ new MockLowLevelHttpRequest() {
@Override
- public HttpTransport create() {
- return new MockHttpTransport() {
- @Override
- public LowLevelHttpRequest buildRequest(String method, String url)
- throws IOException {
- return new MockLowLevelHttpRequest() {
- @Override
- public LowLevelHttpResponse execute() throws IOException {
- MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
- response.setStatusCode(200);
- response.setContentType("application/json");
- response.setContent("");
- return response;
- }
- };
- }
- };
+ public LowLevelHttpResponse execute() throws IOException {
+ throw new IOException("test io exception");
+ }
+ };
+
+ MockLowLevelHttpRequest badRequest =
+ new MockLowLevelHttpRequest() {
+ @Override
+ public LowLevelHttpResponse execute() throws IOException {
+ MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
+ response.setStatusCode(404);
+ response.setContentType("application/json");
+ response.setContent("");
+ return response;
+ }
+ };
+
+ MockLowLevelHttpRequest emptyRequest =
+ new MockLowLevelHttpRequest() {
+ @Override
+ public LowLevelHttpResponse execute() throws IOException {
+ MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
+ response.setStatusCode(200);
+ response.setContentType("application/json");
+ response.setContent("{\"keys\":[]}");
+ return response;
+ }
+ };
+
+ MockLowLevelHttpRequest goodRequest =
+ new MockLowLevelHttpRequest() {
+ @Override
+ public LowLevelHttpResponse execute() throws IOException {
+ MockLowLevelHttpResponse response = new MockLowLevelHttpResponse();
+ response.setStatusCode(200);
+ response.setContentType("application/json");
+ response.setContent(readResourceAsString("iap_keys.json"));
+ return response;
}
};
+
+ HttpTransportFactory httpTransportFactory =
+ mockTransport(failedRequest, badRequest, emptyRequest, goodRequest);
IdTokenVerifier tokenVerifier =
new IdTokenVerifier.Builder()
.setClock(FIXED_CLOCK)
@@ -219,8 +256,24 @@ public class IdTokenVerifierTest extends TestCase {
tokenVerifier.verifySignature(IdToken.parse(JSON_FACTORY, ES256_TOKEN));
fail("Should have failed verification");
} catch (VerificationException ex) {
- assertTrue(ex.getMessage().contains("Error fetching PublicKey"));
+ assertTrue(ex.getMessage().contains("Error fetching public key"));
+ }
+
+ try {
+ tokenVerifier.verifySignature(IdToken.parse(JSON_FACTORY, ES256_TOKEN));
+ fail("Should have failed verification");
+ } catch (VerificationException ex) {
+ assertTrue(ex.getMessage().contains("Error fetching public key"));
}
+
+ try {
+ tokenVerifier.verifySignature(IdToken.parse(JSON_FACTORY, ES256_TOKEN));
+ fail("Should have failed verification");
+ } catch (VerificationException ex) {
+ assertTrue(ex.getCause().getMessage().contains("No valid public key returned"));
+ }
+
+ Assert.assertTrue(tokenVerifier.verifySignature(IdToken.parse(JSON_FACTORY, ES256_TOKEN)));
}
public void testVerifyEs256Token() throws VerificationException, IOException {
@@ -284,6 +337,25 @@ public class IdTokenVerifierTest extends TestCase {
}
}
+ static HttpTransportFactory mockTransport(LowLevelHttpRequest... requests) {
+ final LowLevelHttpRequest firstRequest = requests[0];
+ final Queue<LowLevelHttpRequest> requestQueue = new ArrayDeque<>();
+ for (LowLevelHttpRequest request : requests) {
+ requestQueue.add(request);
+ }
+ return new HttpTransportFactory() {
+ @Override
+ public HttpTransport create() {
+ return new MockHttpTransport() {
+ @Override
+ public LowLevelHttpRequest buildRequest(String method, String url) throws IOException {
+ return requestQueue.poll();
+ }
+ };
+ }
+ };
+ }
+
static HttpTransportFactory mockTransport(String url, String certificates) {
final String certificatesContent = certificates;
final String certificatesUrl = url;
=====================================
pom.xml
=====================================
@@ -5,7 +5,7 @@
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<packaging>pom</packaging>
<name>Parent for the Google OAuth Client Library for Java</name>
<description>Google OAuth Client Library for Java</description>
@@ -184,7 +184,7 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.12</version>
+ <version>1.6.13</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
@@ -220,7 +220,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.3.2</version>
+ <version>3.4.0</version>
<executions>
<execution>
<id>attach-javadocs</id>
@@ -244,7 +244,7 @@
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
- <version>3.0.0-M6</version>
+ <version>3.0.0-M7</version>
<configuration>
<argLine>-Xmx1024m</argLine>
<reportNameSuffix>sponge_log</reportNameSuffix>
@@ -272,12 +272,12 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
- <version>3.2.2</version>
+ <version>3.3.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
- <version>3.11.0</version>
+ <version>3.12.0</version>
</plugin>
</plugins>
</pluginManagement>
@@ -459,9 +459,9 @@
- google-api-java-client/google-api-client-assembly/android-properties (make the filenames match the version here)
- Internally, update the default features.json file
-->
- <project.appengine.version>2.0.4</project.appengine.version>
+ <project.appengine.version>2.0.5</project.appengine.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.http.version>1.41.7</project.http.version>
+ <project.http.version>1.42.0</project.http.version>
<project.jsr305.version>3.0.2</project.jsr305.version>
<project.guava.version>31.1-android</project.guava.version>
<project.xpp3.version>1.1.4c</project.xpp3.version>
@@ -470,7 +470,7 @@
<project.transaction-api.version>1.1</project.transaction-api.version>
<project.datanucleus-core.version>3.2.15</project.datanucleus-core.version>
<project.datanucleus-api-jdo.version>3.2.8</project.datanucleus-api-jdo.version>
- <project.datanucleus-rdbms.version>5.2.10</project.datanucleus-rdbms.version>
+ <project.datanucleus-rdbms.version>5.2.11</project.datanucleus-rdbms.version>
<project.datanucleus-maven-plugin.version>5.2.1</project.datanucleus-maven-plugin.version>
<project.servlet-api.version>2.5</project.servlet-api.version>
<deploy.autorelease>false</deploy.autorelease>
@@ -534,7 +534,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>3.3.2</version>
+ <version>3.4.0</version>
<configuration>
<doclet>com.microsoft.doclet.DocFxDoclet</doclet>
<useStandardDocletOptions>false</useStandardDocletOptions>
=====================================
renovate.json
=====================================
@@ -21,5 +21,6 @@
"packagePatterns": ["^com.google.appengine:appengine-"],
"groupName": "AppEngine packages"
}
- ]
+ ],
+ "dependencyDashboard": true
}
=====================================
samples/dailymotion-cmdline-sample/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>dailymotion-simple-cmdline-sample</artifactId>
@@ -76,7 +76,7 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.12</version>
+ <version>1.6.13</version>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
=====================================
samples/keycloak-pkce-cmdline-sample/pom.xml
=====================================
@@ -4,7 +4,7 @@
<parent>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-parent</artifactId>
- <version>1.33.3</version><!-- {x-version-update:google-oauth-client:current} -->
+ <version>1.34.1</version><!-- {x-version-update:google-oauth-client:current} -->
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>keycloak-pkce-cmdline-sample</artifactId>
@@ -76,7 +76,7 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.12</version>
+ <version>1.6.13</version>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
=====================================
samples/pom.xml
=====================================
@@ -46,7 +46,7 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.12</version>
+ <version>1.6.13</version>
<configuration>
<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
</configuration>
=====================================
samples/snippets/pom.xml
=====================================
@@ -30,7 +30,7 @@
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>libraries-bom</artifactId>
- <version>25.1.0</version>
+ <version>25.4.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -41,7 +41,7 @@
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client</artifactId>
- <version>1.33.2</version>
+ <version>1.34.0</version>
</dependency>
<!-- [END google-oauth-client_install_with_bom] -->
=====================================
versions.txt
=====================================
@@ -1,4 +1,4 @@
# Format:
# module:released-version:current-version
-google-oauth-client:1.33.3:1.33.3
+google-oauth-client:1.34.1:1.34.1
View it on GitLab: https://salsa.debian.org/java-team/google-oauth-client-java/-/compare/1b040fcb08e24d3b1406e1c7688d07af79afbaeb...a2ded5ae3a8a40a300947113e0b2ff4f4bcd3dbd
--
View it on GitLab: https://salsa.debian.org/java-team/google-oauth-client-java/-/compare/1b040fcb08e24d3b1406e1c7688d07af79afbaeb...a2ded5ae3a8a40a300947113e0b2ff4f4bcd3dbd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20220718/94d3b23f/attachment.htm>
More information about the pkg-java-commits
mailing list