1+ /*
2+ * Copyright 2026 Google LLC
3+ *
4+ * Redistribution and use in source and binary forms, with or without
5+ * modification, are permitted provided that the following conditions are
6+ * met:
7+ *
8+ * * Redistributions of source code must retain the above copyright
9+ * notice, this list of conditions and the following disclaimer.
10+ * * Redistributions in binary form must reproduce the above
11+ * copyright notice, this list of conditions and the following disclaimer
12+ * in the documentation and/or other materials provided with the
13+ * distribution.
14+ * * Neither the name of Google LLC nor the names of its
15+ * contributors may be used to endorse or promote products derived from
16+ * this software without specific prior written permission.
17+ *
18+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29+ */
30+
131package com .google .auth .mtls ;
232
333import com .google .auth .oauth2 .EnvironmentProvider ;
1444 *
1545 * <p>For internal use only.
1646 */
17- public class MtlsUtils {
47+ class MtlsUtils {
1848 static final String CERTIFICATE_CONFIGURATION_ENV_VARIABLE = "GOOGLE_API_CERTIFICATE_CONFIG" ;
1949 static final String WELL_KNOWN_CERTIFICATE_CONFIG_FILE = "certificate_config.json" ;
2050 static final String CLOUDSDK_CONFIG_DIRECTORY = "gcloud" ;
@@ -30,7 +60,7 @@ private MtlsUtils() {
3060 * @return The path to the certificate file.
3161 * @throws IOException if the certificate configuration cannot be found or loaded.
3262 */
33- public static String getCertificatePath (
63+ static String getCertificatePath (
3464 EnvironmentProvider envProvider , PropertyProvider propProvider , String certConfigPathOverride )
3565 throws IOException {
3666 String certPath =
@@ -43,7 +73,21 @@ public static String getCertificatePath(
4373 return certPath ;
4474 }
4575
46- public static WorkloadCertificateConfiguration getWorkloadCertificateConfiguration (
76+ /**
77+ * Resolves and loads the workload certificate configuration.
78+ *
79+ * <p>The configuration file is resolved in the following order of precedence: 1. The provided
80+ * certConfigPathOverride (if not null). 2. The path specified by the
81+ * GOOGLE_API_CERTIFICATE_CONFIG environment variable. 3. The well-known certificate configuration
82+ * file in the gcloud config directory.
83+ *
84+ * @param envProvider the environment provider to use for resolving environment variables
85+ * @param propProvider the property provider to use for resolving system properties
86+ * @param certConfigPathOverride optional override path for the configuration file
87+ * @return the loaded WorkloadCertificateConfiguration
88+ * @throws IOException if the configuration file cannot be found, read, or parsed
89+ */
90+ static WorkloadCertificateConfiguration getWorkloadCertificateConfiguration (
4791 EnvironmentProvider envProvider , PropertyProvider propProvider , String certConfigPathOverride )
4892 throws IOException {
4993 File certConfig ;
0 commit comments