public class org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule extends org.finos.legend.authentication.intermediationrule.IntermediationRule
{
private static final com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER;
public static final java.lang.String STS;
public static final java.lang.String HTTPS;
public static final java.lang.String AWS_STS_HOST;
public static final java.lang.String GCP_STS_HOST;
public static final java.lang.String GCP_IAM_CREDENTIALS_HOST;
public static final java.lang.String ISO8601BasicFormat;
public void <init>(org.finos.legend.authentication.vault.CredentialVaultProvider)
{
org.finos.legend.authentication.vault.CredentialVaultProvider v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: org.finos.legend.authentication.vault.CredentialVaultProvider;
specialinvoke v.<org.finos.legend.authentication.intermediationrule.IntermediationRule: void <init>(org.finos.legend.authentication.vault.CredentialVaultProvider)>(v);
return;
}
public org.finos.legend.engine.shared.core.identity.credential.OAuthCredential makeCredential(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification, org.finos.legend.engine.shared.core.identity.Credential, org.finos.legend.engine.shared.core.identity.Identity) throws java.lang.Exception
{
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$WorkloadConfiguration v;
org.finos.legend.engine.shared.core.identity.Identity v;
java.lang.Object[] v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification v;
java.util.Date v;
software.amazon.awssdk.services.sts.model.Credentials v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
java.lang.String v, v, v, v, v, v, v, v, v, v, v, v;
org.finos.legend.engine.shared.core.identity.Credential v;
org.finos.legend.engine.shared.core.identity.credential.OAuthCredential v;
java.util.List v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification;
v := @parameter: org.finos.legend.engine.shared.core.identity.Credential;
v := @parameter: org.finos.legend.engine.shared.core.identity.Identity;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration idPConfiguration>;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$WorkloadConfiguration workloadConfiguration>;
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: software.amazon.awssdk.services.sts.model.Credentials assumeAWSRoleAndGetCredentials(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration)>(v);
v = new java.util.Date;
specialinvoke v.<java.util.Date: void <init>()>();
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: java.lang.String getUTCDate(java.util.Date)>(v);
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: java.lang.String region>;
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: java.lang.String computeCanonicalAWSRequestSignature(software.amazon.awssdk.services.sts.model.Credentials,java.util.Date,java.lang.String)>(v, v, v);
v = newarray (java.lang.Object)[3];
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$WorkloadConfiguration: java.lang.String projectNumber>;
v[0] = v;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$WorkloadConfiguration: java.lang.String poolId>;
v[1] = v;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$WorkloadConfiguration: java.lang.String providerId>;
v[2] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("//iam.googleapis.com/projects/%s/locations/global/workloadIdentityPools/%s/providers/%s", v);
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: java.lang.String makeAWSCallerIdentityToken(software.amazon.awssdk.services.sts.model.Credentials,java.lang.String,java.lang.String,java.lang.String)>(v, v, v, v);
v = staticinvoke <software.amazon.awssdk.utils.http.SdkHttpUtils: java.lang.String urlEncode(java.lang.String)>(v);
v = virtualinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: java.lang.String getGCPFederatedAccessToken(java.lang.String,java.lang.String,java.lang.String)>(v, v, "urn:ietf:params:aws:token-type:aws4_request");
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification: java.lang.String serviceAccountEmail>;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification: java.util.List additionalGcpScopes>;
v = virtualinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: java.lang.String getGCPServiceAccountAccessToken(java.lang.String,java.lang.String,java.util.List)>(v, v, v);
v = new org.finos.legend.engine.shared.core.identity.credential.OAuthCredential;
specialinvoke v.<org.finos.legend.engine.shared.core.identity.credential.OAuthCredential: void <init>(java.lang.String)>(v);
return v;
}
private software.amazon.awssdk.auth.credentials.AwsCredentialsProvider configureStsClient(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials) throws java.lang.Exception
{
software.amazon.awssdk.auth.credentials.StaticCredentialsProvider v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.CredentialVaultSecret v, v;
java.lang.String v, v, v, v;
boolean v, v;
java.lang.UnsupportedOperationException v;
software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider$Builder v;
software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials v;
java.lang.Class v;
software.amazon.awssdk.auth.credentials.AwsBasicCredentials v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials;
v = v instanceof org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSDefaultCredentials;
if v == 0 goto label;
v = staticinvoke <software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider: software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider$Builder builder()>();
v = virtualinvoke v.<software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider$Builder: software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider build()>();
return v;
label:
v = v instanceof org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSStaticCredentials;
if v == 0 goto label;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSStaticCredentials: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.CredentialVaultSecret accessKeyId>;
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.IntermediationRule: java.lang.String lookupSecret(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.CredentialVaultSecret)>(v);
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSStaticCredentials: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.CredentialVaultSecret secretAccessKey>;
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.IntermediationRule: java.lang.String lookupSecret(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.CredentialVaultSecret)>(v);
v = staticinvoke <software.amazon.awssdk.auth.credentials.AwsBasicCredentials: software.amazon.awssdk.auth.credentials.AwsBasicCredentials create(java.lang.String,java.lang.String)>(v, v);
v = staticinvoke <software.amazon.awssdk.auth.credentials.StaticCredentialsProvider: software.amazon.awssdk.auth.credentials.StaticCredentialsProvider create(software.amazon.awssdk.auth.credentials.AwsCredentials)>(v);
return v;
label:
v = new java.lang.UnsupportedOperationException;
v = virtualinvoke v.<java.lang.Object: java.lang.Class getClass()>();
v = virtualinvoke v.<java.lang.Class: java.lang.String getCanonicalName()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Unsupported AWSCredentials of type \u0001");
specialinvoke v.<java.lang.UnsupportedOperationException: void <init>(java.lang.String)>(v);
throw v;
}
private software.amazon.awssdk.services.sts.model.Credentials assumeAWSRoleAndGetCredentials(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration) throws java.lang.Exception
{
java.lang.Object[] v;
software.amazon.awssdk.auth.credentials.AwsCredentialsProvider v;
software.amazon.awssdk.services.sts.model.Credentials v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder v, v, v;
java.lang.String v, v, v, v, v;
software.amazon.awssdk.regions.Region v;
software.amazon.awssdk.services.sts.StsClientBuilder v;
software.amazon.awssdk.awscore.client.builder.AwsClientBuilder v, v;
software.amazon.awssdk.services.sts.model.AssumeRoleResponse v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials v;
java.lang.Object v, v;
org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration;
v = newarray (java.lang.Object)[2];
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: java.lang.String accountId>;
v[0] = v;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: java.lang.String role>;
v[1] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("arn:aws:iam::%s:role/%s", v);
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: java.lang.String role>;
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: java.lang.String region>;
v = staticinvoke <software.amazon.awssdk.services.sts.StsClient: software.amazon.awssdk.services.sts.StsClientBuilder builder()>();
v = staticinvoke <software.amazon.awssdk.regions.Region: software.amazon.awssdk.regions.Region of(java.lang.String)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.StsClientBuilder: software.amazon.awssdk.awscore.client.builder.AwsClientBuilder region(software.amazon.awssdk.regions.Region)>(v);
v = v.<org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.specification.GCPWIFWithAWSIdPAuthenticationSpecification$IdPConfiguration: org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials awsCredentials>;
v = specialinvoke v.<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: software.amazon.awssdk.auth.credentials.AwsCredentialsProvider configureStsClient(org.finos.legend.engine.protocol.pure.v.model.packageableElement.authentication.vault.aws.AWSCredentials)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.StsClientBuilder: software.amazon.awssdk.awscore.client.builder.AwsClientBuilder credentialsProvider(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.StsClientBuilder: java.lang.Object build()>();
v = staticinvoke <software.amazon.awssdk.services.sts.model.AssumeRoleRequest: software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder builder()>();
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder: software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder roleArn(java.lang.String)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder: software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder roleSessionName(java.lang.String)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.model.AssumeRoleRequest$Builder: java.lang.Object build()>();
v = interfaceinvoke v.<software.amazon.awssdk.services.sts.StsClient: software.amazon.awssdk.services.sts.model.AssumeRoleResponse assumeRole(software.amazon.awssdk.services.sts.model.AssumeRoleRequest)>(v);
v = virtualinvoke v.<software.amazon.awssdk.services.sts.model.AssumeRoleResponse: software.amazon.awssdk.services.sts.model.Credentials credentials()>();
return v;
}
private java.lang.String getUTCDate(java.util.Date)
{
java.util.Date v;
java.text.SimpleDateFormat v;
java.lang.String v;
java.util.SimpleTimeZone v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: java.util.Date;
v = new java.text.SimpleDateFormat;
specialinvoke v.<java.text.SimpleDateFormat: void <init>(java.lang.String)>("yyyyMMdd\'T\'HHmmss\'Z\'");
v = new java.util.SimpleTimeZone;
specialinvoke v.<java.util.SimpleTimeZone: void <init>(int,java.lang.String)>(0, "UTC");
virtualinvoke v.<java.text.SimpleDateFormat: void setTimeZone(java.util.TimeZone)>(v);
v = virtualinvoke v.<java.text.SimpleDateFormat: java.lang.String format(java.util.Date)>(v);
return v;
}
private java.lang.String computeCanonicalAWSRequestSignature(software.amazon.awssdk.services.sts.model.Credentials, java.util.Date, java.lang.String)
{
java.util.Date v;
software.amazon.awssdk.auth.signer.params.Aws4SignerParams v;
software.amazon.awssdk.auth.credentials.AwsSessionCredentials v;
software.amazon.awssdk.services.sts.model.Credentials v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
java.util.Map v;
software.amazon.awssdk.http.SdkHttpMethod v;
java.lang.String v, v, v, v;
java.time.ZoneOffset v;
software.amazon.awssdk.http.SdkHttpFullRequest v, v;
software.amazon.awssdk.regions.Region v;
software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder v, v, v, v, v;
software.amazon.awssdk.auth.signer.Aws4Signer v;
software.amazon.awssdk.http.SdkHttpFullRequest$Builder v, v, v, v, v, v;
java.time.Instant v;
java.time.Clock v;
java.lang.Object v, v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: software.amazon.awssdk.services.sts.model.Credentials;
v := @parameter: java.util.Date;
v := @parameter: java.lang.String;
v = staticinvoke <software.amazon.awssdk.auth.signer.Aws4Signer: software.amazon.awssdk.auth.signer.Aws4Signer create()>();
v = staticinvoke <software.amazon.awssdk.auth.signer.params.Aws4SignerParams: software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder builder()>();
v = staticinvoke <software.amazon.awssdk.regions.Region: software.amazon.awssdk.regions.Region of(java.lang.String)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder: software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder signingRegion(software.amazon.awssdk.regions.Region)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder: software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder signingName(java.lang.String)>("sts");
v = virtualinvoke v.<software.amazon.awssdk.services.sts.model.Credentials: java.lang.String accessKeyId()>();
v = virtualinvoke v.<software.amazon.awssdk.services.sts.model.Credentials: java.lang.String secretAccessKey()>();
v = virtualinvoke v.<software.amazon.awssdk.services.sts.model.Credentials: java.lang.String sessionToken()>();
v = staticinvoke <software.amazon.awssdk.auth.credentials.AwsSessionCredentials: software.amazon.awssdk.auth.credentials.AwsSessionCredentials create(java.lang.String,java.lang.String,java.lang.String)>(v, v, v);
v = interfaceinvoke v.<software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder: software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder awsCredentials(software.amazon.awssdk.auth.credentials.AwsCredentials)>(v);
v = virtualinvoke v.<java.util.Date: java.time.Instant toInstant()>();
v = <java.time.ZoneOffset: java.time.ZoneOffset UTC>;
v = staticinvoke <java.time.Clock: java.time.Clock fixed(java.time.Instant,java.time.ZoneId)>(v, v);
v = interfaceinvoke v.<software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder: software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder signingClockOverride(java.time.Clock)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.auth.signer.params.Aws4SignerParams$Builder: software.amazon.awssdk.auth.signer.params.Aws4SignerParams build()>();
v = staticinvoke <software.amazon.awssdk.http.SdkHttpFullRequest: software.amazon.awssdk.http.SdkHttpFullRequest$Builder builder()>();
v = <software.amazon.awssdk.http.SdkHttpMethod: software.amazon.awssdk.http.SdkHttpMethod POST>;
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest$Builder method(software.amazon.awssdk.http.SdkHttpMethod)>(v);
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest$Builder host(java.lang.String)>("sts.amazonaws.com");
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest$Builder appendRawQueryParameter(java.lang.String,java.lang.String)>("Action", "GetCallerIdentity");
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest$Builder appendRawQueryParameter(java.lang.String,java.lang.String)>("Version", "2011-06-15");
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest$Builder protocol(java.lang.String)>("https");
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest$Builder: software.amazon.awssdk.http.SdkHttpFullRequest build()>();
v = virtualinvoke v.<software.amazon.awssdk.auth.signer.Aws4Signer: software.amazon.awssdk.http.SdkHttpFullRequest sign(software.amazon.awssdk.http.SdkHttpFullRequest,software.amazon.awssdk.auth.signer.params.Aws4SignerParams)>(v, v);
v = interfaceinvoke v.<software.amazon.awssdk.http.SdkHttpFullRequest: java.util.Map headers()>();
v = interfaceinvoke v.<java.util.Map: java.lang.Object get(java.lang.Object)>("Authorization");
v = interfaceinvoke v.<java.util.List: java.lang.Object get(int)>(0);
return v;
}
private java.lang.String makeAWSCallerIdentityToken(software.amazon.awssdk.services.sts.model.Credentials, java.lang.String, java.lang.String, java.lang.String)
{
java.lang.String v, v, v, v, v;
software.amazon.awssdk.services.sts.model.Credentials v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: software.amazon.awssdk.services.sts.model.Credentials;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = virtualinvoke v.<software.amazon.awssdk.services.sts.model.Credentials: java.lang.String sessionToken()>();
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String,java.lang.String,java.lang.String)>(v, v, v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("{\"url\": \"https://sts.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15\",\"method\": \"POST\",\"headers\": [{ \"key\": \"Authorization\", \"value\": \"\u0001\" },{ \"key\": \"host\", \"value\" : \"sts.amazonaws.com\" },{ \"key\": \"x-amz-date\", \"value\": \"\u0001\"},{ \"key\": \"x-goog-cloud-target-resource\", \"value\": \"\u0001\" },{ \"key\": \"x-amz-security-token\", \"value\": \"\u0001\" }]}");
return v;
}
public java.lang.String getGCPFederatedAccessToken(java.lang.String, java.lang.String, java.lang.String) throws java.io.IOException, java.net.URISyntaxException
{
java.lang.Throwable v, v;
org.apache.http.client.methods.HttpPost v;
org.apache.http.StatusLine v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
org.apache.http.client.methods.CloseableHttpResponse v;
int v;
com.fasterxml.jackson.databind.JsonNode v, v;
java.lang.String v, v, v, v, v, v, v;
java.net.URI v;
org.apache.http.impl.client.CloseableHttpClient v;
org.apache.http.client.utils.URIBuilder v, v, v, v;
com.fasterxml.jackson.databind.ObjectMapper v;
org.apache.http.HttpEntity v, v;
org.apache.http.entity.StringEntity v;
java.lang.RuntimeException v, v;
java.lang.Exception v;
java.io.InputStream v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String,java.lang.String,java.lang.String)>(v, v, v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("{\"audience\": \"\u0001\",\"grantType\": \"urn:ietf:params:oauth:grant-type:token-exchange\",\"requestedTokenType\": \"urn:ietf:params:oauth:token-type:access_token\",\"scope\": \"https://www.googleapis.com/auth/cloud-platform\",\"subjectTokenType\": \"\u0001\",\"subjectToken\": \"\u0001\"}");
v = new org.apache.http.client.methods.HttpPost;
v = new org.apache.http.client.utils.URIBuilder;
specialinvoke v.<org.apache.http.client.utils.URIBuilder: void <init>()>();
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setScheme(java.lang.String)>("https");
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setHost(java.lang.String)>("sts.googleapis.com");
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setPath(java.lang.String)>("v1beta/token");
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: java.net.URI build()>();
specialinvoke v.<org.apache.http.client.methods.HttpPost: void <init>(java.net.URI)>(v);
v = new org.apache.http.entity.StringEntity;
specialinvoke v.<org.apache.http.entity.StringEntity: void <init>(java.lang.String)>(v);
virtualinvoke v.<org.apache.http.entity.StringEntity: void setContentType(java.lang.String)>("application/json");
virtualinvoke v.<org.apache.http.client.methods.HttpPost: void setEntity(org.apache.http.HttpEntity)>(v);
label:
v = staticinvoke <org.apache.http.impl.client.HttpClients: org.apache.http.impl.client.CloseableHttpClient createDefault()>();
label:
v = virtualinvoke v.<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>(v);
label:
v = interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: org.apache.http.StatusLine getStatusLine()>();
v = interfaceinvoke v.<org.apache.http.StatusLine: int getStatusCode()>();
if v == 200 goto label;
v = interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: org.apache.http.HttpEntity getEntity()>();
v = staticinvoke <org.apache.http.util.EntityUtils: java.lang.String toString(org.apache.http.HttpEntity)>(v);
v = new java.lang.RuntimeException;
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Failed to obtain token : Response from GCP=\u0001");
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String)>(v);
throw v;
label:
v = <org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER>;
v = interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: org.apache.http.HttpEntity getEntity()>();
v = interfaceinvoke v.<org.apache.http.HttpEntity: java.io.InputStream getContent()>();
v = virtualinvoke v.<com.fasterxml.jackson.databind.ObjectMapper: com.fasterxml.jackson.databind.JsonNode readTree(java.io.InputStream)>(v);
v = virtualinvoke v.<com.fasterxml.jackson.databind.JsonNode: com.fasterxml.jackson.databind.JsonNode path(java.lang.String)>("access_token");
v = virtualinvoke v.<com.fasterxml.jackson.databind.JsonNode: java.lang.String asText()>();
label:
interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: void close()>();
label:
virtualinvoke v.<org.apache.http.impl.client.CloseableHttpClient: void close()>();
label:
return v;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String,java.lang.Throwable)>("Failed to get Federated Access Token", v);
throw v;
catch java.lang.Throwable from label to label with label;
catch java.lang.Throwable from label to label with label;
catch java.lang.Exception from label to label with label;
}
public java.lang.String getGCPServiceAccountAccessToken(java.lang.String, java.lang.String, java.util.List) throws java.net.URISyntaxException, java.io.UnsupportedEncodingException, com.fasterxml.jackson.core.JsonProcessingException
{
java.lang.Throwable v, v;
org.apache.http.client.methods.HttpPost v;
java.lang.Object[] v;
java.util.HashMap v;
org.eclipse.collections.impl.list.mutable.FastList v;
org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule v;
org.apache.http.client.methods.CloseableHttpResponse v;
com.fasterxml.jackson.databind.JsonNode v, v;
java.lang.String v, v, v, v, v, v;
java.net.URI v;
org.apache.http.impl.client.CloseableHttpClient v;
org.apache.http.client.utils.URIBuilder v, v, v, v;
com.fasterxml.jackson.databind.ObjectMapper v, v;
org.apache.http.HttpEntity v;
org.apache.http.entity.StringEntity v;
java.lang.RuntimeException v;
java.lang.Exception v;
java.util.List v;
java.io.InputStream v;
v := @this: org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule;
v := @parameter: java.lang.String;
v := @parameter: java.lang.String;
v := @parameter: java.util.List;
if v != null goto label;
v = staticinvoke <org.eclipse.collections.impl.list.mutable.FastList: org.eclipse.collections.impl.list.mutable.FastList newList()>();
goto label;
label:
v = staticinvoke <org.eclipse.collections.impl.list.mutable.FastList: org.eclipse.collections.impl.list.mutable.FastList newList(java.lang.Iterable)>(v);
label:
interfaceinvoke v.<java.util.List: boolean add(java.lang.Object)>("https://www.googleapis.com/auth/bigquery");
v = new java.util.HashMap;
specialinvoke v.<java.util.HashMap: void <init>()>();
interfaceinvoke v.<java.util.Map: java.lang.Object put(java.lang.Object,java.lang.Object)>("scope", v);
v = <org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER>;
v = virtualinvoke v.<com.fasterxml.jackson.databind.ObjectMapper: java.lang.String writeValueAsString(java.lang.Object)>(v);
v = new org.apache.http.client.methods.HttpPost;
v = new org.apache.http.client.utils.URIBuilder;
specialinvoke v.<org.apache.http.client.utils.URIBuilder: void <init>()>();
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setScheme(java.lang.String)>("https");
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setHost(java.lang.String)>("iamcredentials.googleapis.com");
v = newarray (java.lang.Object)[1];
v[0] = v;
v = staticinvoke <java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>("v1/projects/-/serviceAccounts/%s:generateAccessToken", v);
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: org.apache.http.client.utils.URIBuilder setPath(java.lang.String)>(v);
v = virtualinvoke v.<org.apache.http.client.utils.URIBuilder: java.net.URI build()>();
specialinvoke v.<org.apache.http.client.methods.HttpPost: void <init>(java.net.URI)>(v);
v = new org.apache.http.entity.StringEntity;
specialinvoke v.<org.apache.http.entity.StringEntity: void <init>(java.lang.String)>(v);
virtualinvoke v.<org.apache.http.entity.StringEntity: void setContentType(java.lang.String)>("application/json");
virtualinvoke v.<org.apache.http.client.methods.HttpPost: void setEntity(org.apache.http.HttpEntity)>(v);
v = dynamicinvoke "makeConcatWithConstants" <java.lang.String (java.lang.String)>(v) <java.lang.invoke.StringConcatFactory: java.lang.invoke.CallSite makeConcatWithConstants(java.lang.invoke.MethodHandles$Lookup,java.lang.String,java.lang.invoke.MethodType,java.lang.String,java.lang.Object[])>("Bearer \u0001");
virtualinvoke v.<org.apache.http.client.methods.HttpPost: void setHeader(java.lang.String,java.lang.String)>("Authorization", v);
label:
v = staticinvoke <org.apache.http.impl.client.HttpClients: org.apache.http.impl.client.CloseableHttpClient createDefault()>();
label:
v = virtualinvoke v.<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>(v);
label:
v = <org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER>;
v = interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: org.apache.http.HttpEntity getEntity()>();
v = interfaceinvoke v.<org.apache.http.HttpEntity: java.io.InputStream getContent()>();
v = virtualinvoke v.<com.fasterxml.jackson.databind.ObjectMapper: com.fasterxml.jackson.databind.JsonNode readTree(java.io.InputStream)>(v);
v = virtualinvoke v.<com.fasterxml.jackson.databind.JsonNode: com.fasterxml.jackson.databind.JsonNode path(java.lang.String)>("accessToken");
v = virtualinvoke v.<com.fasterxml.jackson.databind.JsonNode: java.lang.String asText()>();
label:
interfaceinvoke v.<org.apache.http.client.methods.CloseableHttpResponse: void close()>();
label:
virtualinvoke v.<org.apache.http.impl.client.CloseableHttpClient: void close()>();
label:
return v;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
throw v;
label:
v := @caughtexception;
v = new java.lang.RuntimeException;
specialinvoke v.<java.lang.RuntimeException: void <init>(java.lang.String,java.lang.Throwable)>("Failed to get Service Account Access Token", v);
throw v;
catch java.lang.Throwable from label to label with label;
catch java.lang.Throwable from label to label with label;
catch java.lang.Exception from label to label with label;
}
static void <clinit>()
{
com.fasterxml.jackson.databind.ObjectMapper v;
v = new com.fasterxml.jackson.databind.ObjectMapper;
specialinvoke v.<com.fasterxml.jackson.databind.ObjectMapper: void <init>()>();
<org.finos.legend.authentication.intermediationrule.impl.GCPWIFWithAWSIdPRule: com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER> = v;
return;
}
}