package com.napa.pulse.security; import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.IdTokenCredentials; import com.google.auth.oauth2.IdTokenProvider; import com.google.gson.JsonObject; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import java.io.ByteArrayInputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; @Service public class GCPAuthenticationService { @Value("${service-path:https://replenishmentservice-clr-y33igacw2a-uk.a.run.app}") private String targetAudience; private String serviceAccountKey = "{\n" + " \"type\": \"service_account\",\n" + " \"project_id\": \"gpc-d-invplnng\",\n" + " \"private_key_id\": \"8a415ad2c44517c0f2139093c3a3e5f5a1dcfe66\",\n" + " \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCI9vSTnIo6JHQx\\nsPEIMXheJVwQ4W6C41aUp4mUjZIhPIixfPU0JDZ9pyNnLU5GwCgPXshKl3BJ7z0U\\nZ9faLUfShQTO5KSgWTbijXku/el8ypiqrRojB5y855PaJ6phXZJBnGMBD/XeRX1n\\nFKjn65tPjDvqxgPUhiOaeFq823ba4BD+rRnNuuBwaRVCHSjnH2rmoO63i7iHNDMh\\nNAsrSvf7UL34dyAtz1bjgDwm3Gh5SzBnJUtQp2DFsH/MCwg424aNq2TG9qgOv3kj\\nBr8DJJNv7JUFNIOz1/krgut6vupzJb9idIx/m6kQLWUbsqrUc6QTJGkf9lN1OT2e\\nueWSo5E3AgMBAAECggEACP/A3hoA8wUGJWWs0I7/i6AExo8pRaxOOgIwBfSvT0O8\\n73x4V+6xLdxXdSYC6J8jgq8FlfERTapMZxTTl+A1wd0/jaB0OJzkAEqvVakVOD/P\\nfBdXikmrwLWufzzv8unE/E6cKquzyeDi9mzjFCnk0Hs0TJ6qDcKqgDG8NIBu9L5/\\nhAAr/BB6wPPvrpdjeQzo6K5bM0n4qyXmV5WNz00zjYzU1LjU4BCkSulKQx6tOg81\\nhcBRUlWou0FGqQeeVpFYfnAYxiNuZ179OAhn8WDRXkPwqbVvfdcX3iRvFMBqoeyP\\nvFD7oQGdVPdk0T/7WQ3d45K9x5IUWlPGM1P983cvsQKBgQC8ZZ0Y6kgzKmI07hom\\nwbq05KgjKwSSZmfEzzEKrotDvtB4/bMJnCFpuYU0E1vmpgbu+GFAP0OOQGsVTqh7\\nmIEC5Wi2+6RkwjIhOBpYm5mTPYa6Oy7YEvOnKt1jNWKSJY43y59PKLQtYUi5FE6d\\ntIIvDb9tiDPNNSZ+TBf9Yewk7QKBgQC6HLUpa68meGasz7od0xbU0//vt4Bfut06\\nCIkK5mTt+psACrgaUhg0iGpBe3yufUXx8qPBqlxjDadHZRyr4xPSgN5AgfIJlT0M\\nWlvQesKaeDxNUH8eaexsU2LBJ8iVhLE7rSToj8kGDX9g9lcOIiFRvWuPnAx8trtS\\nV2CNf7hOMwKBgD1Z4eThNo3i+YQ/HakNYZ3S8KYzNhPu4VAIIPJXkOaI1x7vj0RL\\n4d2qGqSwwTbFTnC31gO0Fm3WsIiJyvgk265zwrwECq79RpHm0T2Vvldiq+Mtrr2S\\nvmHr5ZiPJABv1nZ5CvIeUT6N9b6/zDIzPEnSckpbFnN3IYfzg8RyBRKpAoGASmt8\\nTYnPydRPSj7uL0rfUE9Ngi+gV6dDGxeapQ8nwLl7DXM71tqI70i1JGYanzNcqrjZ\\nnnFe7ATjpPrbkigFHyGEvcq4W/ifJrdjC2RrOJVnl4reqey1K0PUs2QTIyaiMDi2\\nD4CfY5o2GzGl8fLX2/WgcxZ1L9Fp6i0iYLJ3ol0CgYAzjcWoIRzqYpaL9jGIKLh2\\nMU4rjQX9T73DFHs/nD2K0xb13o51y9M11k6QjRk9zJyyGepArODpk6eUWdpSnecl\\nNpmJZ6XKRoFStOfzItdZCsCVTJChAmNniVz8OnxpNSE1MqFJ3Lt3Va7meltdZNuY\\nHbsGkQv0yyPcm2AKepndPw==\\n-----END PRIVATE KEY-----\\n\",\n" + " \"client_email\": \"gpc-invplnng-onprem-sa@gpc-d-invplnng.iam.gserviceaccount.com\",\n" + " \"client_id\": \"100479495210488273457\",\n" + " \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n" + " \"token_uri\": \"https://oauth2.googleapis.com/token\",\n" + " \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n" + " \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/gpc-invplnng-onprem-sa%40gpc-d-invplnng.iam.gserviceaccount.com\",\n" + " \"universe_domain\": \"googleapis.com\"\n" + "}"; public void setServiceAccountKey(final String serviceAccountKey) { this.serviceAccountKey = serviceAccountKey; } public String getToken() throws IOException { if (serviceAccountKey == null) { throw new IllegalStateException("Service account key is not set"); } final GoogleCredentials googleCredentials = GoogleCredentials .fromStream(new ByteArrayInputStream(serviceAccountKey.getBytes(StandardCharsets.UTF_8))); if (!(googleCredentials instanceof IdTokenProvider)) { throw new IllegalArgumentException("Credentials are not an instance of IdTokenProvider."); } final IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider((IdTokenProvider) googleCredentials) .setTargetAudience(targetAudience) .build(); tokenCredential.refreshIfExpired(); return tokenCredential.getIdToken().getTokenValue(); } }