Java tutorial
/* * Copyright 2014 Google Inc. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.google.cloud.bigtable.hbase; import com.google.api.client.googleapis.compute.ComputeCredential; import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; import com.google.api.client.http.HttpTransport; import com.google.api.client.util.SecurityUtils; import com.google.auth.Credentials; import com.google.auth.oauth2.ComputeEngineCredentials; import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.ServiceAccountCredentials; import com.google.common.collect.ImmutableList; import java.io.FileInputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.PrivateKey; import java.util.List; /** * Simple factory for creating OAuth Credential objects for use with Bigtable. */ public class CredentialFactory { /** * The OAuth scope required to perform administrator actions such as creating tables. */ public static final String CLOUD_BIGTABLE_ADMIN_SCOPE = "https://www.googleapis.com/auth/cloud-bigtable.admin"; /** * The OAuth scope required to read data from tables. */ public static final String CLOUD_BIGTABLE_READER_SCOPE = "https://www.googleapis.com/auth/cloud-bigtable.data.readonly"; /** * The OAuth scope required to write data to tables. */ public static final String CLOUD_BIGTABLE_WRITER_SCOPE = "https://www.googleapis.com/auth/cloud-bigtable.data"; /** * Scopes required to read and write data from tables. */ public static final List<String> CLOUD_BIGTABLE_READ_WRITE_SCOPES = ImmutableList .of(CLOUD_BIGTABLE_READER_SCOPE, CLOUD_BIGTABLE_WRITER_SCOPE); /** * Scopes required for full access to cloud bigtable. */ public static final List<String> CLOUD_BIGTABLE_ALL_SCOPES = ImmutableList.of(CLOUD_BIGTABLE_READER_SCOPE, CLOUD_BIGTABLE_WRITER_SCOPE, CLOUD_BIGTABLE_ADMIN_SCOPE); // HTTP transport used for created credentials to perform token-refresh handshakes with remote // credential servers. Initialized lazily to move the possibility of throwing // GeneralSecurityException to the time a caller actually tries to get a credential. private static HttpTransport httpTransport = null; /** * Returns shared httpTransport instance; initializes httpTransport if it hasn't already been * initialized. */ private static synchronized HttpTransport getHttpTransport() throws IOException, GeneralSecurityException { if (httpTransport == null) { httpTransport = GoogleNetHttpTransport.newTrustedTransport(); } return httpTransport; } /** * Initializes OAuth2 credential using preconfigured ServiceAccount settings on the local * GCE VM. See: <a href="https://developers.google.com/compute/docs/authentication" * >Authenticating from Google Compute Engine</a>. */ public static Credentials getCredentialFromMetadataServiceAccount() throws IOException, GeneralSecurityException { Credentials cred = new ComputeEngineCredentials(getHttpTransport()); try { cred.refresh(); } catch (IOException e) { throw new IOException("Error getting access token from metadata server at: " + ComputeCredential.TOKEN_SERVER_ENCODED_URL, e); } return cred; } /** * Initializes OAuth2 credential from a private keyfile, as described in * <a href="https://code.google.com/p/google-api-java-client/wiki/OAuth2#Service_Accounts" * > OAuth2 Service Accounts</a>. * * @param serviceAccountEmail Email address of the service account associated with the keyfile. * @param privateKeyFile Full local path to private keyfile. */ public static Credentials getCredentialFromPrivateKeyServiceAccount(String serviceAccountEmail, String privateKeyFile) throws IOException, GeneralSecurityException { return getCredentialFromPrivateKeyServiceAccount(serviceAccountEmail, privateKeyFile, CLOUD_BIGTABLE_ALL_SCOPES); } /** * Initializes OAuth2 credential from a private keyfile, as described in * <a href="https://code.google.com/p/google-api-java-client/wiki/OAuth2#Service_Accounts" * > OAuth2 Service Accounts</a>. * * @param serviceAccountEmail Email address of the service account associated with the keyfile. * @param privateKeyFile Full local path to private keyfile. * @param scopes List of well-formed desired scopes to use with the credential. */ public static Credentials getCredentialFromPrivateKeyServiceAccount(String serviceAccountEmail, String privateKeyFile, List<String> scopes) throws IOException, GeneralSecurityException { String clientId = null; String privateKeyId = null; PrivateKey privateKey = SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(), new FileInputStream(privateKeyFile), "notasecret", "privatekey", "notasecret"); return new ServiceAccountCredentials(clientId, serviceAccountEmail, privateKey, privateKeyId, scopes); } /** * Initializes OAuth2 application default credentials based on the environment the code is running * in. If a service account is to be used with JSON file, set the environment variable with name * "GOOGLE_APPLICATION_CREDENTIALS" to the JSON file path. For more details on application default * credentials: * <a href="https://developers.google.com/accounts/docs/application-default-credentials" > * Application Default Credentials</a>. */ public static Credentials getApplicationDefaultCredential() throws IOException { return GoogleCredentials.getApplicationDefault().createScoped(CLOUD_BIGTABLE_ALL_SCOPES); } }