mirror of
https://github.com/google/nomulus.git
synced 2025-05-01 04:27:51 +02:00
fea8c96f79
It turns out that we don't actually need it for the system to function normally. When the next version of the OAuth2 API is released and this is included, I'll add the call back in. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=132359891
234 lines
8.5 KiB
Java
234 lines
8.5 KiB
Java
// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google.registry.request;
|
|
|
|
import static com.google.appengine.api.datastore.DatastoreServiceFactory.getDatastoreService;
|
|
import static java.nio.charset.StandardCharsets.UTF_8;
|
|
|
|
import com.google.api.client.extensions.appengine.http.UrlFetchTransport;
|
|
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
|
|
import com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential;
|
|
import com.google.api.client.http.HttpRequestInitializer;
|
|
import com.google.api.client.http.HttpTransport;
|
|
import com.google.api.client.json.JsonFactory;
|
|
import com.google.api.client.json.jackson2.JacksonFactory;
|
|
import com.google.appengine.api.datastore.DatastoreService;
|
|
import com.google.appengine.api.modules.ModulesService;
|
|
import com.google.appengine.api.modules.ModulesServiceFactory;
|
|
import com.google.appengine.api.urlfetch.URLFetchService;
|
|
import com.google.appengine.api.urlfetch.URLFetchServiceFactory;
|
|
import com.google.appengine.api.users.UserService;
|
|
import com.google.appengine.api.users.UserServiceFactory;
|
|
import com.google.common.base.Function;
|
|
import dagger.Binds;
|
|
import dagger.Module;
|
|
import dagger.Provides;
|
|
import google.registry.config.ConfigModule.Config;
|
|
import google.registry.keyring.api.KeyModule.Key;
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.IOException;
|
|
import java.util.Set;
|
|
import javax.inject.Named;
|
|
import javax.inject.Provider;
|
|
import javax.inject.Singleton;
|
|
|
|
/** Dagger modules for App Engine services and other vendor classes. */
|
|
public final class Modules {
|
|
|
|
/** Dagger module for {@link DatastoreService}. */
|
|
@Module
|
|
public static final class DatastoreServiceModule {
|
|
private static final DatastoreService datastoreService = getDatastoreService();
|
|
|
|
@Provides
|
|
static DatastoreService provideDatastoreService() {
|
|
return datastoreService;
|
|
}
|
|
}
|
|
|
|
/** Dagger module for {@link ModulesService}. */
|
|
@Module
|
|
public static final class ModulesServiceModule {
|
|
private static final ModulesService modulesService = ModulesServiceFactory.getModulesService();
|
|
|
|
@Provides
|
|
static ModulesService provideModulesService() {
|
|
return modulesService;
|
|
}
|
|
}
|
|
|
|
/** Dagger module for {@link URLFetchService}. */
|
|
@Module
|
|
public static final class URLFetchServiceModule {
|
|
private static final URLFetchService fetchService = URLFetchServiceFactory.getURLFetchService();
|
|
|
|
@Provides
|
|
static URLFetchService provideURLFetchService() {
|
|
return fetchService;
|
|
}
|
|
}
|
|
|
|
/** Dagger module for {@link UserService}. */
|
|
@Module
|
|
public static final class UserServiceModule {
|
|
private static final UserService userService = UserServiceFactory.getUserService();
|
|
|
|
@Provides
|
|
static UserService provideUserService() {
|
|
return userService;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Dagger module that causes the Jackson2 JSON parser to be used for Google APIs requests.
|
|
*
|
|
* <p>Jackson1 and GSON can also satisfy the {@link JsonFactory} interface, but we've decided to
|
|
* go with Jackson2, since it's what's used in the public examples for using Google APIs.
|
|
*/
|
|
@Module
|
|
public static final class Jackson2Module {
|
|
@Provides
|
|
static JsonFactory provideJsonFactory() {
|
|
return JacksonFactory.getDefaultInstance();
|
|
}
|
|
}
|
|
|
|
/** Dagger module that causes the App Engine's URL fetcher to be used for Google APIs requests. */
|
|
@Module
|
|
public static final class UrlFetchTransportModule {
|
|
private static final UrlFetchTransport HTTP_TRANSPORT = new UrlFetchTransport();
|
|
|
|
@Provides
|
|
static HttpTransport provideHttpTransport() {
|
|
return HTTP_TRANSPORT;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Dagger module providing {@link AppIdentityCredential}.
|
|
*
|
|
* <p>This can be used to authenticate to Google APIs using the identity of your GAE app.
|
|
*
|
|
* @see UseAppIdentityCredentialForGoogleApisModule
|
|
*/
|
|
@Module
|
|
public static final class AppIdentityCredentialModule {
|
|
@Provides
|
|
static Function<Set<String>, AppIdentityCredential> provideAppIdentityCredential() {
|
|
return new Function<Set<String>, AppIdentityCredential>() {
|
|
@Override
|
|
public AppIdentityCredential apply(Set<String> scopes) {
|
|
return new AppIdentityCredential(scopes);
|
|
}
|
|
};
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Dagger module causing Google APIs requests to be authorized with your GAE app identity.
|
|
*
|
|
* <p>You must also use the {@link AppIdentityCredentialModule}.
|
|
*/
|
|
@Module
|
|
public abstract static class UseAppIdentityCredentialForGoogleApisModule {
|
|
@Binds
|
|
abstract Function<Set<String>, ? extends HttpRequestInitializer>
|
|
provideHttpRequestInitializer(Function<Set<String>, AppIdentityCredential> credential);
|
|
}
|
|
|
|
/**
|
|
* Module indicating Google API requests should be authorized with JSON {@link GoogleCredential}.
|
|
*
|
|
* <p>This is useful when configuring a component that runs the registry outside of the App Engine
|
|
* environment, for example, in a command line environment.
|
|
*
|
|
* <p>You must also use the {@link GoogleCredentialModule}.
|
|
*/
|
|
@Module
|
|
public abstract static class UseGoogleCredentialForGoogleApisModule {
|
|
@Binds
|
|
abstract Function<Set<String>, ? extends HttpRequestInitializer>
|
|
provideHttpRequestInitializer(Function<Set<String>, GoogleCredential> credential);
|
|
}
|
|
|
|
/**
|
|
* Dagger module providing {@link GoogleCredential} from a JSON key file contents.
|
|
*
|
|
* <p>This satisfies the {@link HttpRequestInitializer} interface for authenticating Google APIs
|
|
* requests, just like {@link AppIdentityCredential}.
|
|
*
|
|
* <p>But we consider GAE authentication more desirable and easier to manage operations-wise. So
|
|
* this authentication method should only be used for the following situations:
|
|
*
|
|
* <ol>
|
|
* <li>Locally-running programs (which aren't executing on the App Engine platform)
|
|
* <li>Spreadsheet service (which can't use {@link AppIdentityCredential} due to an old library)
|
|
* </ol>
|
|
*
|
|
* @see google.registry.keyring.api.Keyring#getJsonCredential()
|
|
*/
|
|
@Module
|
|
public static final class GoogleCredentialModule {
|
|
|
|
@Provides
|
|
@Singleton
|
|
static GoogleCredential provideGoogleCredential(
|
|
HttpTransport httpTransport,
|
|
JsonFactory jsonFactory,
|
|
@Key("jsonCredential") String jsonCredential) {
|
|
try {
|
|
return GoogleCredential.fromStream(
|
|
new ByteArrayInputStream(jsonCredential.getBytes(UTF_8)), httpTransport, jsonFactory);
|
|
} catch (IOException e) {
|
|
throw new RuntimeException(e);
|
|
}
|
|
}
|
|
|
|
@Provides
|
|
static Function<Set<String>, GoogleCredential> provideScopedGoogleCredential(
|
|
final Provider<GoogleCredential> googleCredentialProvider) {
|
|
return new Function<Set<String>, GoogleCredential>() {
|
|
@Override
|
|
public GoogleCredential apply(Set<String> scopes) {
|
|
return googleCredentialProvider.get().createScoped(scopes);
|
|
}
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Provides a GoogleCredential that will connect to GAE using delegated admin access. This is
|
|
* needed for API calls requiring domain admin access to the relevant GAFYD using delegated
|
|
* scopes, e.g. the Directory API and the Groupssettings API.
|
|
*/
|
|
@Provides
|
|
@Singleton
|
|
@Named("delegatedAdmin")
|
|
static GoogleCredential provideDelegatedAdminGoogleCredential(
|
|
GoogleCredential googleCredential,
|
|
HttpTransport httpTransport,
|
|
@Config("googleAppsAdminEmailAddress") String googleAppsAdminEmailAddress) {
|
|
return new GoogleCredential.Builder()
|
|
.setTransport(httpTransport)
|
|
.setJsonFactory(googleCredential.getJsonFactory())
|
|
.setServiceAccountId(googleCredential.getServiceAccountId())
|
|
.setServiceAccountPrivateKey(googleCredential.getServiceAccountPrivateKey())
|
|
// TODO(b/31317128): Also set serviceAccountProjectId from value off googleCredential when
|
|
// that functionality is publicly released.
|
|
.setServiceAccountScopes(googleCredential.getServiceAccountScopes())
|
|
.setServiceAccountUser(googleAppsAdminEmailAddress)
|
|
.build();
|
|
}
|
|
}
|
|
}
|