1. 技术文章
  2. Use a .p12 File from classpath for GoogleCredential

Use a .p12 File from classpath for GoogleCredential

梦想的初衷 提交于 2019-12-31 01:23:29

问题


I am making a java command line application packaged in a single JAR file that uses some of Google's API.

I need to set up a GoogleCredential object from a private key "Credentials.p12".

GoogleCredential credential = new GoogleCredential.Builder()
                    .setTransport(httpTransport)
                    .setJsonFactory(jsonFactory)
                    .setServiceAccountId("xxxxx@developer.gserviceaccount.com")
                    .setServiceAccountScopes(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_GROUP, DirectoryScopes.ADMIN_DIRECTORY_USER, DirectoryScopes.ADMIN_DIRECTORY_ORGUNIT))
                    .setServiceAccountUser(emailAccount)
                    //THE CODE BELOW IS IMPORTANT: I need to change this
                    .setServiceAccountPrivateKeyFromP12File(new File("Credentials.p12"))
                    .build();

        directory = new Directory.Builder(httpTransport, jsonFactory, credential)
                .setApplicationName("My Cmd App")
                .build();

Right now I was able to make it work, but the file "Credentials.p12" is located outside the packaged JAR file.

How do I make it work using a p12 file from inside the JAR?

From this documentation, the only other alternative that I think I can use is the method variant that uses a PrivateKey object. I am thinking of using InputStream to get the p12 file from the classpath:

InputStream is = this.getClass().getResourceAsStream("Credentials.p12");

I absolutely have no idea how to do that.

Before you answer, please make sure that you have experience using the Google OAuth2 library. And Please, no hacks like copying the resource to a temporary file: the singular version of Credential.p12 should remain inside the JAR for a reason.


回答1:


After digging through the GoogleCredential.Builder class source code I realized the following:

  • the password for the p12 file generated from Google's developer console is always "notasecret" as well as the password for the alias
  • the alias for the private key is always "privatekey"

using the following code to build the private key from the resource InputStream:

KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(this.getClass().getClassLoader().getResourceAsStream("Credentials.p12"), "notasecret".toCharArray());
PrivateKey pk = (PrivateKey)keystore.getKey("privatekey", "notasecret".toCharArray());

I was able to load the private key into the GoogleCredential Builder:

GoogleCredential credential = new GoogleCredential.Builder()
                    .setTransport(httpTransport)
                    .setJsonFactory(jsonFactory)
                    .setServiceAccountId("xxxxxx@developer.gserviceaccount.com")
                    .setServiceAccountScopes(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_GROUP, DirectoryScopes.ADMIN_DIRECTORY_USER, DirectoryScopes.ADMIN_DIRECTORY_ORGUNIT))
                    .setServiceAccountUser(emailAccount)
                    .setServiceAccountPrivateKey(pk) //<----THIS
                    .build();



回答2:


Or you can just specify the key file when instantiating the the credential.

GoogleCredential credential = new GoogleCredential.Builder()
            .setTransport(httpTransport)
            .setJsonFactory(JSON_FACTORY)
            .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
            .setServiceAccountPrivateKeyFromP12File(new File(KEY_FILE_LOCATION))
            .setServiceAccountScopes(AnalyticsScopes.all())
            .build();


来源:https://stackoverflow.com/questions/32365546/use-a-p12-file-from-classpath-for-googlecredential

标签
java
private-key
google-oauth2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!