fix(gdch): support EC private keys by diegomarquezp · Pull Request #1896 · googleapis/google-auth-library-java

diegomarquezp · 2026-03-04T22:19:21Z

Context: b/488439640

Implementation originally proposed in b/431924643#comment9

The primary objective is to enable support for Elliptic Curve (EC) keys and non-URI audience formats, aligning the Java SDK with the behavior of the Python and Go implementations. Additionally, the GDCH key creation tool creates EC keys only, meaning the GDCH implementation was not following the convention.

Key Changes

Algorithm Support: Updated the credential signing process to use the ES256 (ECDSA) algorithm, which is the required standard for GDCH service accounts.
Audience Flexibility: Changed the apiAudience field from a URI to a String to accommodate "magic" non-URI strings (e.g., specific administrative audiences) required by certain GDCH services.
OAuth2Utils Refactoring: Enhanced privateKeyFromPkcs8 to accept an algorithm parameter, allowing the library to parse EC keys instead of defaulting exclusively to RSA.
Test fixes: Fixes in a couple of test files as per Sonarqube analysis.

Testing

Updated GdchCredentialsTest to include test cases for EC key parsing and token signing.

sonarqubecloud · 2026-03-10T22:02:47Z

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

diegomarquezp added 4 commits March 4, 2026 16:47

fix: allow for ES algorithm in GdchCredentials

dc5b79c

test: partially adapt tests

0c5e423

test: finish adjusting tests

5851b3e

chore: format

258ac9d

product-auto-label bot added the size: l Pull request size is large. label Mar 4, 2026

diegomarquezp added 4 commits March 4, 2026 17:24

fix: restore credential name

e8511bb

docs: restore license

a4d0f93

fix: restore removed code

e3d5302

test: increase coverage

e6635c6

diegomarquezp marked this pull request as ready for review March 9, 2026 21:36

diegomarquezp requested review from a team as code owners March 9, 2026 21:36

diegomarquezp added 12 commits March 10, 2026 16:52

test(gdch): parameterize test

cc49dba

test: remove unused var

f58f593

chore: remove unused throw clause

42f2662

test: parameterize more

91a3751

fix: remove unused parameter

b83a511

fix: make variables final as intended

625741e

fix: remove unused throw clause

1e0a7c3

fix: remove unused throw clause

24cd25d

fix: make OAuth2Credentials clock package private for production code

027a242

fix: use non deprecated base 64 encoder

a8b459b

test: parameterize flagged tests

4e8af24

chore: format

f257a81

diegomarquezp requested a review from a team as a code owner March 10, 2026 21:22

diegomarquezp added 3 commits March 10, 2026 17:27

test: fix assertion

c523df2

build: remove unused dependency

ed026a4

test: run linux gce only on linux envs

1528e76

diegomarquezp changed the title ~~feat(gdch): support EC private keys~~ fix(gdch): support EC private keys Mar 10, 2026

fix: sonarqube flags (use java.util.Base64)

7300e59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(gdch): support EC private keys#1896

fix(gdch): support EC private keys#1896
diegomarquezp wants to merge 24 commits intomainfrom
b/488439640

diegomarquezp commented Mar 4, 2026 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Mar 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

diegomarquezp commented Mar 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Key Changes

Testing

Uh oh!

sonarqubecloud bot commented Mar 10, 2026

Quality Gate failed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

diegomarquezp commented Mar 4, 2026 •

edited

Loading