refactor: remove validation reflection by making signUsingEsSha256 package-private

diegomarquezp · diegomarquezp · commit 90fe11dc513c · 2026-03-23T19:13:30.000-04:00
diff --git a/oauth2_http/java/com/google/auth/oauth2/GdchCredentials.java b/oauth2_http/java/com/google/auth/oauth2/GdchCredentials.java
@@ -681,7 +681,7 @@ private void setTransport(String caCertPath) throws IOException {
    * @throws IOException If serialization or transcoding fails.
    */
   @VisibleForTesting
-  private static String signUsingEsSha256(
+  static String signUsingEsSha256(
       PrivateKey privateKey,
       JsonFactory jsonFactory,
       JsonWebSignature.Header header,
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java
@@ -1189,17 +1189,8 @@ void signUsingEsSha256_producesVerifiableSignature() throws Exception {
     payload.setIssuer("test-issuer");
     payload.setAudience("test-audience");
 
-    // Use reflection to call the private method.
-    Method signMethod =
-        GdchCredentials.class.getDeclaredMethod(
-            "signUsingEsSha256",
-            PrivateKey.class,
-            JsonFactory.class,
-            JsonWebSignature.Header.class,
-            JsonWebToken.Payload.class);
-    signMethod.setAccessible(true);
     String signedJws =
-        (String) signMethod.invoke(null, keyPair.getPrivate(), jsonFactory, header, payload);
+        GdchCredentials.signUsingEsSha256(keyPair.getPrivate(), jsonFactory, header, payload);
 
     // Verify the signature.
     JsonWebSignature jws = JsonWebSignature.parse(jsonFactory, signedJws);
@@ -1224,16 +1215,7 @@ void signUsingEsSha256_validStructure() throws Exception {
     payload.setIssuedAtTimeSeconds(1000L);
     payload.setExpirationTimeSeconds(2000L);
 
-    // Reflectively call the private signUsingEsSha256 method
-    Method signMethod =
-        GdchCredentials.class.getDeclaredMethod(
-            "signUsingEsSha256",
-            PrivateKey.class,
-            JsonFactory.class,
-            JsonWebSignature.Header.class,
-            JsonWebToken.Payload.class);
-    signMethod.setAccessible(true);
-    String signedJws = (String) signMethod.invoke(null, privateKey, jsonFactory, header, payload);
+    String signedJws = GdchCredentials.signUsingEsSha256(privateKey, jsonFactory, header, payload);
 
     // Verify JWS structure
     String[] parts = signedJws.split("\\.");
