chore(iap): cleanup spotbugs warnings

iap/src/main/java/com/example/iap/BuildIapRequest.java

@@ -25,29 +25,28 @@
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.auth.oauth2.IdTokenCredentials;
 import com.google.auth.oauth2.IdTokenProvider;
-import java.time.Clock;
+import com.google.common.base.Preconditions;
+import java.io.IOException;
 import java.util.Collections;
 
 public class BuildIapRequest {
   private static final String IAM_SCOPE = "https://www.googleapis.com/auth/iam";
-  private static final String OAUTH_TOKEN_URI = "https://www.googleapis.com/oauth2/v4/token";
-  private static final String JWT_BEARER_TOKEN_GRANT_TYPE =
-      "urn:ietf:params:oauth:grant-type:jwt-bearer";
-  private static final long EXPIRATION_TIME_IN_SECONDS = 3600L;
 
   private static final HttpTransport httpTransport = new NetHttpTransport();
 
-  private static Clock clock = Clock.systemUTC();
-
   private BuildIapRequest() {}
 
-  private static IdTokenProvider getIdTokenProvider() throws Exception {
+  private static IdTokenProvider getIdTokenProvider() throws IOException {
     GoogleCredentials credentials =
         GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE));
-    // service account credentials are required to sign the jwt token
-    if (credentials == null || !(credentials instanceof IdTokenProvider)) {
-      throw new Exception("Google credentials : credentials that can provide id tokens expected");
-    }
+
+    Preconditions.checkNotNull(credentials, "Expected to load credentials");
+    Preconditions.checkState(
+        credentials instanceof IdTokenProvider,
+        String.format(
+            "Expected credentials that can provide id tokens, got %s instead",
+            credentials.getClass().getName()));
+
     return (IdTokenProvider) credentials;
   }
 
@@ -57,16 +56,17 @@ private static IdTokenProvider getIdTokenProvider() throws Exception {
    * @param request Request to add authorization header
    * @param iapClientId OAuth 2.0 client ID for IAP protected resource
    * @return Clone of request with Bearer style authorization header with signed jwt token.
-   * @throws Exception exception creating signed JWT
+   * @throws IOException exception creating signed JWT
    */
   public static HttpRequest buildIapRequest(HttpRequest request, String iapClientId)
-      throws Exception {
+      throws IOException {
 
     IdTokenProvider idTokenProvider = getIdTokenProvider();
-    IdTokenCredentials credentials = IdTokenCredentials.newBuilder()
-        .setIdTokenProvider(idTokenProvider)
-        .setTargetAudience(iapClientId)
-        .build();
+    IdTokenCredentials credentials =
+        IdTokenCredentials.newBuilder()
+            .setIdTokenProvider(idTokenProvider)
+            .setTargetAudience(iapClientId)
+            .build();
 
     HttpRequestInitializer httpRequestInitializer = new HttpCredentialsAdapter(credentials);
 

iap/src/test/java/com/example/iap/BuildAndVerifyIapRequestIT.java

@@ -33,9 +33,9 @@
 import org.junit.runners.JUnit4;
 
 @RunWith(JUnit4.class)
-//CHECKSTYLE OFF: AbbreviationAsWordInName
+// CHECKSTYLE OFF: AbbreviationAsWordInName
 public class BuildAndVerifyIapRequestIT {
-  //CHECKSTYLE ON: AbbreviationAsWordInName
+  // CHECKSTYLE ON: AbbreviationAsWordInName
 
   // Update these fields to reflect your IAP protected App Engine credentials
   private static Long IAP_PROJECT_NUMBER = 320431926067L;