in token-service/src/main/java/com/google/solutions/tokenservice/oauth/ServiceAccount.java [105:147]
public String signJwt(
JsonWebToken.Payload payload
) throws ApiException, IOException {
Preconditions.checkNotNull(payload, "payload");
try
{
if (payload.getFactory() == null) {
payload.setFactory(new GsonFactory());
}
var payloadJson = payload.toString();
assert (payloadJson.startsWith("{"));
var request = new SignJwtRequest()
.setPayload(payloadJson);
return createClient()
.projects()
.serviceAccounts()
.signJwt(resourceName(), request)
.execute()
.getSignedJwt();
}
catch (GoogleJsonResponseException e) {
switch (e.getStatusCode()) {
case 400:
throw new IllegalArgumentException(
"Signing JWT failed",
ApiException.from(e));
case 401:
throw new NotAuthenticatedException(
"Not authenticated",
ApiException.from(e));
case 403:
throw new AccessDeniedException(
String.format("Access to service account '%s' was denied", this.id),
ApiException.from(e));
default:
throw ApiException.from((GoogleJsonResponseException)e.fillInStackTrace());
}
}
}