Auth: Consider catching IllegalArgumentException in GoogleCredential.fromStream

[Capstan]

https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java#L231

In #1661, Utils.getDefaultJsonFactory() was changed to use the GsonFactory. Gson, in part because of an underspecification of thrown exceptions googleapis/google-http-java-client#1353, will throw IllegalArgumentException instead of IOException when it gets invalid data (or even valid data that it cannot coerce into the Java class's members; e.g., 34.0 cannot be treated as an int).

Mutating the exception thrown by a JsonFactory is mildly problematic, but auth failures are such a crucial problem domain, having these types of errors escape their handlers seems more significant.

Thus, unless the JsonParser spec is updated and the GsonParser amended to abide by that spec, I would like to suggest a local workaround to reduce the likelihood of problems here by wrapping the call to parseAndClose and catch IllegalArgumentException, rethrowing it as an IOException.

Environment details

1. API: Auth (or Core)
2. OS type and version: 5.17.6-1rodete1-amd64
3. Java version: OpenJDK Runtime Environment (build 11.0.13+8-google-release-451398016) OpenJDK 64-Bit Server VM (build 11.0.13+8-google-release-451398016, mixed mode, sharing)
4. version(s): ~head (with local patches)

Steps to reproduce

1. Create a bogus credential InputStream, e.g., from a string like "Invalid JSON"
2. Call GoogleCredential.fromStream(malformedInputStream) on said stream

Stack trace

Caused by: java.lang.IllegalArgumentException: expected primitive class, but got: class com.google.api.client.json.GenericJson
	at com.google.api.client.util.Data.parsePrimitiveValue(Data.java:467)
	at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:870)
	at com.google.api.client.json.JsonParser.parse(JsonParser.java:361)
	at com.google.api.client.json.JsonParser.parse(JsonParser.java:336)
	at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:79)
	at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:73)
	at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.fromStream(GoogleCredential.java:250)
	at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.fromStream(GoogleCredential.java:226)

External references such as API reference guides

• JsonParser.parse javadoc – has no mention of accepted unchecked exceptions it should generate

[meltsufin]

@TimurSadykov Is this something in your wheelhouse? Thanks!

[diegomarquezp]

Seems like wrapping and rethrowing the exception should do. @TimurSadykov, are you able to take on this? Thanks!

[TimurSadykov]

The subject class is deprecated for some time, it is basically a duplicate functionality. Normally we won't fix improvements to it unless a security issue. However, we can review contributions.

[blakeli0]

As @TimurSadykov mentioned, this class is deprecated for some time and we do not plan to fix it, closing as not planned.