public class CertificateIdentityPoolSubjectTokenSupplier extends Object implements IdentityPoolSubjectTokenSupplier
IdentityPoolCredentials by reading an
X.509 certificate from the filesystem. The certificate file (e.g., PEM or DER encoded) is read,
the leaf certificate is base64-encoded (DER format), wrapped in a JSON array, and used as the
subject token for STS exchange.| Modifier and Type | Method and Description |
|---|---|
String |
getSubjectToken(ExternalAccountSupplierContext context)
Retrieves the X509 subject token.
|
public String getSubjectToken(ExternalAccountSupplierContext context) throws IOException
credentialSource.credentialLocation. If a trust chain path is configured in the credentialSource.certificateConfig, it also loads and includes the trust chain certificates.
The subject token is constructed as a JSON array containing the base64-encoded (DER format)
leaf certificate, followed by the base64-encoded (DER format) certificates in the trust chain.
This JSON array serves as the subject token for mTLS authentication.getSubjectToken in interface IdentityPoolSubjectTokenSuppliercontext - The external account supplier context. This parameter is currently not used in
this implementation.IOException - If an I/O error occurs while reading the certificate file(s).Copyright © 2025 Google. All rights reserved.