in sources/src/main/java/com/google/solutions/jitaccess/apis/clients/IamCredentialsClient.java [68:111]
public String signJwt(
@NotNull ServiceAccountId serviceAccount,
@NotNull JsonWebToken.Payload payload
) throws AccessException, IOException {
Preconditions.checkNotNull(serviceAccount, "serviceAccount");
Preconditions.checkNotNull(payload, "payload");
try
{
if (payload.getFactory() == null) {
payload.setFactory(new GsonFactory());
}
var payloadJson = payload.toString();
assert (payloadJson.startsWith("{"));
var request = new SignJwtRequest()
.setPayload(payloadJson);
return createClient()
.projects()
.serviceAccounts()
.signJwt(
String.format("projects/-/serviceAccounts/%s", serviceAccount.value()),
request)
.execute()
.getSignedJwt();
}
catch (GoogleJsonResponseException e) {
switch (e.getStatusCode()) {
case 401:
throw new NotAuthenticatedException("Not authenticated", e);
case 403:
throw new AccessDeniedException(
String.format(
"Denied access to service account '%s': %s",
serviceAccount.value(),
e.getMessage()),
e);
default:
throw (GoogleJsonResponseException)e.fillInStackTrace();
}
}
}