From d7eb015c8df7dd30dff1e4a1171f229c643c90cb Mon Sep 17 00:00:00 2001
From: Josh Mahonin <jmahonin@decodable.co>
Date: Fri, 13 Jan 2023 15:07:29 -0500
Subject: [PATCH] Add unit test for ExternalAccountCredentials test. Discovered
 ServiceAccountImpersonationOptions needed be serializable as well.

---
 .../oauth2/ExternalAccountCredentials.java    |  7 ++++-
 .../ExternalAccountCredentialsTest.java       | 28 ++++++++++++++++++-
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
index db6d2c570..46d993838 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -66,6 +66,8 @@
  */
 public abstract class ExternalAccountCredentials extends GoogleCredentials {
 
+  private static final long serialVersionUID = 8049126194174465023L;
+
   /** Base credential source class. Dictates the retrieval method of the external credential. */
   abstract static class CredentialSource implements Serializable {
 
@@ -639,12 +641,15 @@ private static boolean isValidUrl(String url) {
    * }
    * </pre>
    */
-  static final class ServiceAccountImpersonationOptions {
+  static final class ServiceAccountImpersonationOptions implements Serializable {
+
+    private static final long serialVersionUID = 4250771921886280953L;
     private static final int DEFAULT_TOKEN_LIFETIME_SECONDS = 3600;
     private static final int MAXIMUM_TOKEN_LIFETIME_SECONDS = 43200;
     private static final int MINIMUM_TOKEN_LIFETIME_SECONDS = 600;
     private static final String TOKEN_LIFETIME_SECONDS_KEY = "token_lifetime_seconds";
 
+
     private final int lifetime;
 
     ServiceAccountImpersonationOptions(Map<String, Object> optionsMap) {
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
index 2350af89d..13ac5bba3 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
@@ -35,11 +35,13 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.json.GenericJson;
+import com.google.api.client.util.Clock;
 import com.google.auth.TestUtils;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.oauth2.ExternalAccountCredentialsTest.TestExternalAccountCredentials.TestCredentialSource;
@@ -62,7 +64,7 @@
 
 /** Tests for {@link ExternalAccountCredentials}. */
 @RunWith(JUnit4.class)
-public class ExternalAccountCredentialsTest {
+public class ExternalAccountCredentialsTest extends BaseSerializationTest {
 
   private static final String STS_URL = "https://sts.googleapis.com";
 
@@ -954,6 +956,30 @@ public void getRequestMetadata_withQuotaProjectId() throws IOException {
     assertEquals("quotaProjectId", requestMetadata.get("x-goog-user-project").get(0));
   }
 
+  @Test
+  public void serialize() throws IOException, ClassNotFoundException {
+    Map<String, Object> impersonationOpts = new HashMap<String, Object>(){{ put("token_lifetime_seconds", 1000); }};
+
+    TestExternalAccountCredentials testCredentials =
+            (TestExternalAccountCredentials)
+                    TestExternalAccountCredentials.newBuilder()
+                            .setHttpTransportFactory(transportFactory)
+                            .setAudience("audience")
+                            .setSubjectTokenType("subjectTokenType")
+                            .setTokenUrl(STS_URL)
+                            .setCredentialSource(new TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP))
+                            .setServiceAccountImpersonationOptions(impersonationOpts)
+                            .build();
+
+    TestExternalAccountCredentials deserializedCredentials = serializeAndDeserialize(testCredentials);
+    assertEquals(testCredentials, deserializedCredentials);
+    assertEquals(testCredentials.hashCode(), deserializedCredentials.hashCode());
+    assertEquals(testCredentials.toString(), deserializedCredentials.toString());
+    assertEquals(testCredentials.getServiceAccountImpersonationOptions().getLifetime(),
+            deserializedCredentials.getServiceAccountImpersonationOptions().getLifetime());
+    assertSame(deserializedCredentials.clock, Clock.SYSTEM);
+  }
+
   @Test
   public void validateTokenUrl_validUrls() {
     List<String> validUrls =