You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by Adrian Cole <no...@github.com> on 2014/11/11 19:43:02 UTC

[jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Now, we can safely use bearer tokens or "none" alg without guice crapping out. I also refactored naming of things.

As always in this api, there's more shoveling to do, but this is certainly a step forwards cognitively and also from a tech debt pov.

replaces #87
You can merge this Pull Request by running:

  git pull https://github.com/adriancole/jclouds-labs-google adrian.massive-oauth-cleanup

Or you can view, comment on it, or merge it online at:

  https://github.com/jclouds/jclouds-labs-google/pull/90

-- Commit Summary --

  * Refactor OAuth so that it doesn't require private keys when we aren't signing anything.

-- File Changes --

    M google-cloud-storage/src/main/java/org/jclouds/googlecloudstorage/GoogleCloudStorageApiMetadata.java (4)
    M google-cloud-storage/src/test/java/org/jclouds/googlecloudstorage/internal/BaseGoogleCloudStorageExpectTest.java (15)
    M google-compute-engine/src/main/java/org/jclouds/googlecomputeengine/GoogleComputeEngineApiMetadata.java (4)
    M google-compute-engine/src/main/java/org/jclouds/googlecomputeengine/config/GoogleComputeEngineProperties.java (2)
    M google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/BaseGoogleComputeEngineApiMockTest.java (3)
    M google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/BaseGoogleComputeEngineExpectTest.java (6)
    M google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java (6)
    M google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/TestProperties.java (13)
    M oauth/README (6)
    M oauth/pom.xml (4)
    A oauth/src/main/java/org/jclouds/oauth/v2/JWSAlgorithms.java (75)
    M oauth/src/main/java/org/jclouds/oauth/v2/OAuthApi.java (8)
    M oauth/src/main/java/org/jclouds/oauth/v2/OAuthApiMetadata.java (8)
    D oauth/src/main/java/org/jclouds/oauth/v2/OAuthConstants.java (78)
    R oauth/src/main/java/org/jclouds/oauth/v2/binders/TokenBinder.java (9)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/CredentialType.java (20)
    R oauth/src/main/java/org/jclouds/oauth/v2/config/OAuth.java (6)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthAuthenticationModule.java (10)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthHttpApiModule.java (2)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java (45)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthProperties.java (18)
    M oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java (3)
    M oauth/src/main/java/org/jclouds/oauth/v2/domain/Header.java (2)
    D oauth/src/main/java/org/jclouds/oauth/v2/domain/OAuthCredentials.java (129)
    M oauth/src/main/java/org/jclouds/oauth/v2/filters/BearerTokenAuthenticator.java (7)
    M oauth/src/main/java/org/jclouds/oauth/v2/filters/OAuthAuthenticator.java (15)
    M oauth/src/main/java/org/jclouds/oauth/v2/functions/BuildTokenRequest.java (92)
    D oauth/src/main/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplier.java (130)
    A oauth/src/main/java/org/jclouds/oauth/v2/functions/PrivateKeySupplier.java (105)
    M oauth/src/main/java/org/jclouds/oauth/v2/functions/SignOrProduceMacForToken.java (59)
    M oauth/src/test/java/org/jclouds/oauth/v2/OAuthApiMetadataTest.java (5)
    M oauth/src/test/java/org/jclouds/oauth/v2/OAuthTestUtils.java (7)
    R oauth/src/test/java/org/jclouds/oauth/v2/binders/TokenBinderTest.java (7)
    M oauth/src/test/java/org/jclouds/oauth/v2/features/OAuthApiLiveTest.java (17)
    D oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsFromPKTest.java (62)
    D oauth/src/test/java/org/jclouds/oauth/v2/functions/OAuthCredentialsSupplierTest.java (56)
    A oauth/src/test/java/org/jclouds/oauth/v2/functions/PrivateKeySupplierTest.java (83)
    M oauth/src/test/java/org/jclouds/oauth/v2/functions/SignerFunctionTest.java (9)
    M oauth/src/test/java/org/jclouds/oauth/v2/handlers/OAuthErrorHandlerTest.java (16)
    M oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthApiLiveTest.java (7)
    M oauth/src/test/java/org/jclouds/oauth/v2/internal/BaseOAuthAuthenticatedApiLiveTest.java (14)

-- Patch Links --

https://github.com/jclouds/jclouds-labs-google/pull/90.patch
https://github.com/jclouds/jclouds-labs-google/pull/90.diff

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

>     private final Json json;
>  
> -   @Inject OAuthTokenBinder(Function<byte[], byte[]> signer, Json json) {
> +   @Inject TokenBinder(Supplier<Function<byte[], byte[]>> signer, Json json) {

this is the trick! using a supplier, you shield other valid config like bearer token from a tree of deps!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171563

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

> +import java.security.NoSuchAlgorithmException;
> +import java.util.List;
> +
> +import com.google.common.collect.ImmutableList;
> +
> +/**
> + * JSON Web Signature Algorithms
> + * <p/>
> + * We only support <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-3.1">required
> + * or recommended algorithms, with the exception of {@code none}, which is only supported in tests</a>.
> + */
> +public final class JWSAlgorithms {
> +   /** This is a marker algorithm only supported in tests. */
> +   public static final String NONE = "none";
> +
> +   private static final List<String> SUPPORTED_ALGS = ImmutableList.of("ES256", "RS256", "HS256", NONE);

Curious: not using an enum here?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220225

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds-labs-google #1694](https://buildhive.cloudbees.com/job/jclouds/job/jclouds-labs-google/1694/) SUCCESS
This pull request looks good
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62596856

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-labs-google-pull-requests #276](https://jclouds.ci.cloudbees.com/job/jclouds-labs-google-pull-requests/276/) SUCCESS
This pull request looks good

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62596751

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-labs-google-pull-requests #275](https://jclouds.ci.cloudbees.com/job/jclouds-labs-google-pull-requests/275/) FAILURE
Looks like there's a problem with this pull request

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62596070

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -35,7 +35,7 @@
>      <test.oauth.identity>FIX_ME</test.oauth.identity>
>      <test.oauth.credential>FIX_ME</test.oauth.credential>
>      <test.oauth.endpoint>FIX_ME</test.oauth.endpoint>
> -    <test.jclouds.oauth.signature-or-mac-algorithm>FIX_ME</test.jclouds.oauth.signature-or-mac-algorithm>
> +    <test.jclouds.oauth.jws-alg>RS256</test.jclouds.oauth.jws-alg>

Yep there's a default now (highly doubt anyone actually tested the other
algs).

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20225504

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -78,7 +78,7 @@ protected Properties setupProperties() {
>        Properties props = super.setupProperties();
>        props.put(PROJECT_NAME, "party");
>        // use no sig algorithm for expect tests (means no credential is required either)
> -      props.put(SIGNATURE_OR_MAC_ALGORITHM, NO_ALGORITHM);

no longer needed as implied

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171229

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

and.. in!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62647408

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> -               return null;
> -            }
> -         };
> -      } else if (signatureOrMacAlgorithm.startsWith("SHA")) {
> -         this.signatureOrMacFunction = new SignatureGenerator(signatureOrMacAlgorithm, credentials.get().privateKey);
> -      } else {
> -         this.signatureOrMacFunction = new MessageAuthenticationCodeGenerator(signatureOrMacAlgorithm,
> -                 credentials.get().privateKey);
> +   @Override public Function<byte[], byte[]> get() {
> +      try {
> +         if (macOrSignature.startsWith("SHA")) {
> +            return new SignatureGenerator(macOrSignature, credentials.get());
> +         }
> +         return new MessageAuthenticationCodeGenerator(macOrSignature, credentials.get());
> +      } catch (NoSuchAlgorithmException e) {
> +         throw new AssertionError("Invalid contents in JWSAlgorithms! " + e.getMessage());

That means somebody placed a non portable value in the file. That's a
mistake of the developer.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20225856

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

>        // since the session interval is also the token expiration time requested to the server make the token expire a
>        // bit before the deadline to make sure there aren't session expiration exceptions
> -      sessionIntervalInSeconds = sessionIntervalInSeconds > 30 ? sessionIntervalInSeconds - 30 :
> -              sessionIntervalInSeconds;
> -      return CacheBuilder.newBuilder().expireAfterWrite(sessionIntervalInSeconds, TimeUnit.SECONDS).build(CacheLoader
> -              .from(getAccess));
> +      expirationSeconds = expirationSeconds > 30 ? expirationSeconds - 30 : expirationSeconds;
> +      return CacheBuilder.newBuilder().expireAfterWrite(expirationSeconds, SECONDS).build(CacheLoader.from(getAccess));
> +   }
> +
> +   /**
> +    * Defers instantiation of {@linkplain SignOrProduceMacForToken} so as to avoid requiring private keys when the alg
> +    * is set to {@linkplain org.jclouds.oauth.v2.JWSAlgorithms#NONE}.

Nice!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220490

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -37,7 +37,7 @@
>          <test.google-compute-engine.credential>Private key (PEM encoded PKCS12 file or literal) associated with the client_email</test.google-compute-engine.credential>
>          <!-- Add this property to use a different project, or avoid looking up the project for each test. -->
>          <test.jclouds.google-compute-engine.project-name></test.jclouds.google-compute-engine.project-name>
> -        <test.jclouds.oauth.credential-type>serviceAccountCredentials</test.jclouds.oauth.credential-type>
> +        <test.jclouds.oauth.credential-type>p12PrivateKeyCredentials</test.jclouds.oauth.credential-type>

difference!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171105

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -74,7 +72,6 @@ protected ContextBuilder builder() {
>        overrides.put(PROJECT_NAME, "party");
>        overrides.put(IMAGE_PROJECTS, "debian-cloud");
>        overrides.put(CREDENTIAL_TYPE, BEARER_TOKEN_CREDENTIALS.toString());
> -      overrides.put(SIGNATURE_OR_MAC_ALGORITHM, NO_ALGORITHM); // TODO: this should be implied by the above.

no longer needed!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171207

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -41,15 +42,15 @@
>   * <li>Creates the full url encoded payload as described in: <a href="https://developers.google.com/accounts/docs/OAuth2ServiceAccount">OAuth2ServiceAccount</a></li>
>   * </ol>
>   */
> -public final class OAuthTokenBinder implements Binder {
> +public final class TokenBinder implements Binder {

this is not an oauth token, really, it is a json web token. However, I'm not convinced even that's a good name yet, so just avoiding naming it properly for now.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171529

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> +import java.security.NoSuchAlgorithmException;
> +import java.util.List;
> +
> +import com.google.common.collect.ImmutableList;
> +
> +/**
> + * JSON Web Signature Algorithms
> + * <p/>
> + * We only support <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-3.1">required
> + * or recommended algorithms, with the exception of {@code none}, which is only supported in tests</a>.
> + */
> +public final class JWSAlgorithms {
> +   /** This is a marker algorithm only supported in tests. */
> +   public static final String NONE = "none";
> +
> +   private static final List<String> SUPPORTED_ALGS = ImmutableList.of("ES256", "RS256", "HS256", NONE);

Not an enum as this is spec is a draft still. Though it may not hurt as
this is input only. That said doing so would complicate other data
structures to now have mixed type.. I think it is ok. Good question though!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20225663

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

Nice! +1 from me too. Just minor comments and questions that can be ignored or addressed as part of future work.

Thanks, @adriancole!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62724634

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

> @@ -35,7 +35,7 @@
>      <test.oauth.identity>FIX_ME</test.oauth.identity>
>      <test.oauth.credential>FIX_ME</test.oauth.credential>
>      <test.oauth.endpoint>FIX_ME</test.oauth.endpoint>
> -    <test.jclouds.oauth.signature-or-mac-algorithm>FIX_ME</test.jclouds.oauth.signature-or-mac-algorithm>
> +    <test.jclouds.oauth.jws-alg>RS256</test.jclouds.oauth.jws-alg>

I guess the idea behind FIX_ME was that users would specify that property themselves. We're setting it now to RS256 by default, with the possibility to override. Just wanted to make sure that's what is intended..?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220165

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

> -               return null;
> -            }
> -         };
> -      } else if (signatureOrMacAlgorithm.startsWith("SHA")) {
> -         this.signatureOrMacFunction = new SignatureGenerator(signatureOrMacAlgorithm, credentials.get().privateKey);
> -      } else {
> -         this.signatureOrMacFunction = new MessageAuthenticationCodeGenerator(signatureOrMacAlgorithm,
> -                 credentials.get().privateKey);
> +   @Override public Function<byte[], byte[]> get() {
> +      try {
> +         if (macOrSignature.startsWith("SHA")) {
> +            return new SignatureGenerator(macOrSignature, credentials.get());
> +         }
> +         return new MessageAuthenticationCodeGenerator(macOrSignature, credentials.get());
> +      } catch (NoSuchAlgorithmException e) {
> +         throw new AssertionError("Invalid contents in JWSAlgorithms! " + e.getMessage());

Curious why we know here the problem is with JWSAlgorithms?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220973

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by CloudBees pull request builder plugin <no...@github.com>.

[jclouds-labs-google-pull-requests #274](https://jclouds.ci.cloudbees.com/job/jclouds-labs-google-pull-requests/274/) FAILURE
Looks like there's a problem with this pull request

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62595400

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Chris Custine <no...@github.com>.

+1 Its been a bit of a moving target anyway :-)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62635337

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> + */
> +package org.jclouds.oauth.v2;
> +
> +import static com.google.common.base.Preconditions.checkArgument;
> +import static com.google.common.base.Preconditions.checkNotNull;
> +
> +import java.security.KeyFactory;
> +import java.security.NoSuchAlgorithmException;
> +import java.util.List;
> +
> +import com.google.common.collect.ImmutableList;
> +
> +/**
> + * JSON Web Signature Algorithms
> + * <p/>
> + * We only support <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-3.1">required

oops.. long a tag. will fix before merge.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20186176

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

@ccustine maybe you'll like this one!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62595240

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

I will follow-up with these items in a later PR.. some things like enum I might end up doing after all.

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62743311

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

Same test results as always in GCE

```
Results :

Failed tests: 
  GoogleComputeEngineServiceLiveTest>BaseComputeServiceLiveTest.testCreateAndRunAService:706->BaseComputeServiceLiveTest.createAndRunAServiceInGroup:723 » RunNodes
  GoogleComputeEngineServiceLiveTest>BaseComputeServiceLiveTest.testAScriptExecutionAfterBootWithBasicTemplate:223 » RunNodes
  GoogleComputeEngineServiceLiveTest>BaseComputeServiceLiveTest.testConcurrentUseOfComputeServiceToCreateNodes:475 » Execution

Tests run: 116, Failures: 3, Errors: 0, Skipped: 13
```

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62630950

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds-labs-google #1693](https://buildhive.cloudbees.com/job/jclouds/job/jclouds-labs-google/1693/) SUCCESS
This pull request looks good
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62596072

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Adrian Cole <no...@github.com>.

> @@ -31,5 +31,5 @@
>  @Retention(value = RetentionPolicy.RUNTIME)
>  @Target(value = {ElementType.TYPE, ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
>  @Qualifier
> -public @interface Authentication {

terrible name, particularly as oauth covers facets including both authentication and authorization!

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20171618

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

> +
> +   /** Ordered list of supported algorithms by recommendation. */
> +   public static List<String> supportedAlgs() {
> +      return SUPPORTED_ALGS;
> +   }
> +
> +   public static String macOrSignature(String jwsAlg) {
> +      return ALG_TO_SIGNATURE_ALG_AND_KEY_FACTORY.get(indexOf(jwsAlg)).get(1);
> +   }
> +
> +   public static KeyFactory keyFactory(String jwsAlg) {
> +      String keyFactoryAlgorithm = ALG_TO_SIGNATURE_ALG_AND_KEY_FACTORY.get(indexOf(jwsAlg)).get(2);
> +      try {
> +         return KeyFactory.getInstance(keyFactoryAlgorithm);
> +      } catch (NoSuchAlgorithmException e) {
> +         throw new AssertionError("Invalid contents in JWSAlgorithms! " + e.getMessage());

[minor] Include the contents of `ALG_TO_SIGNATURE_ALG_AND_KEY_FACTORY` in the error message?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220352

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by BuildHive <no...@github.com>.

[jclouds » jclouds-labs-google #1695](https://buildhive.cloudbees.com/job/jclouds/job/jclouds-labs-google/1695/) SUCCESS
This pull request looks good
[(what's this?)](https://www.cloudbees.com/what-is-buildhive)

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90#issuecomment-62597812

Re: [jclouds-labs-google] Refactor OAuth so that it doesn't require private keys when we aren't signing anything (#90)

Posted by Andrew Phillips <no...@github.com>.

> +package org.jclouds.oauth.v2;
> +
> +import static com.google.common.base.Preconditions.checkArgument;
> +import static com.google.common.base.Preconditions.checkNotNull;
> +
> +import java.security.KeyFactory;
> +import java.security.NoSuchAlgorithmException;
> +import java.util.List;
> +
> +import com.google.common.collect.ImmutableList;
> +
> +/**
> + * JSON Web Signature Algorithms
> + * <p/>
> + * We only support <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-3.1">required
> + * or recommended algorithms, with the exception of {@code none}, which is only supported in tests</a>.

[minor] `{@code NONE}`?

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs-google/pull/90/files#r20220190