in priam/src/main/java/com/netflix/priam/google/GoogleEncryptedFileSystem.java [125:176]
private Credential constructGcsCredential() throws Exception {
if (this.credential != null) {
return this.credential;
}
synchronized (this) {
if (this.credential == null) {
String service_acct_email =
new String(this.gcsCredential.getValue(KEY.GCS_SERVICE_ID));
if (this.config.getGcsServiceAccountPrivateKeyLoc() == null
|| this.config.getGcsServiceAccountPrivateKeyLoc().isEmpty()) {
throw new NullPointerException(
"Fast property for the the GCS private key file is null/empty.");
}
// Take the encrypted private key, decrypted into an in-transit file which is passed
// to GCS
File gcsPrivateKeyHandle =
new File(this.config.getGcsServiceAccountPrivateKeyLoc() + ".output");
ByteArrayOutputStream byteos = new ByteArrayOutputStream();
byte[] gcsPrivateKeyPlainText =
this.gcsCredential.getValue(KEY.GCS_PRIVATE_KEY_LOC);
try (BufferedOutputStream bos =
new BufferedOutputStream(new FileOutputStream(gcsPrivateKeyHandle))) {
byteos.write(gcsPrivateKeyPlainText);
byteos.writeTo(bos);
} catch (IOException e) {
throw new IOException(
"Exception when writing decrypted gcs private key value to disk.", e);
}
Collection<String> scopes = new ArrayList<>(1);
scopes.add(StorageScopes.DEVSTORAGE_READ_ONLY);
// Cryptex decrypted service account key derive from the GCS console
this.credential =
new GoogleCredential.Builder()
.setTransport(this.httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(service_acct_email)
.setServiceAccountScopes(scopes)
.setServiceAccountPrivateKeyFromP12File(gcsPrivateKeyHandle)
.build();
}
}
return this.credential;
}