SNOW-1825482: PAT + OAuth Authorization Code + OAuth Client Credentials support

FIPS/scripts/check_content.sh

@@ -6,7 +6,7 @@ set -o pipefail
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
 
-if jar tvf $DIR/../target/snowflake-jdbc-fips.jar  | awk '{print $8}' | grep -v -E "/$" | grep -v -E "^(net|com)/snowflake" | grep -v -E "(com|net)/\$" | grep -v -E "^META-INF" | grep -v -E "^mozilla" | grep -v -E "^com/sun/jna" | grep -v com/sun/ | grep -v mime.types | grep -v -E "^com/github/luben/zstd/" | grep -v -E "^aix/" | grep -v -E "^darwin/" | grep -v -E "^freebsd/" | grep -v -E "^linux/" | grep -v -E "^win/"; then
+if jar tvf $DIR/../target/snowflake-jdbc-fips.jar  | awk '{print $8}' | grep -v -E "/$" | grep -v -E "^(net|com)/snowflake" | grep -v -E "(com|net)/\$" | grep -v -E "^META-INF" | grep -v -E "^iso3166_" | grep -v -E "^mozilla" | grep -v -E "^com/sun/jna" | grep -v com/sun/ | grep -v mime.types | grep -v -E "^com/github/luben/zstd/" | grep -v -E "^aix/" | grep -v -E "^darwin/" | grep -v -E "^freebsd/" | grep -v -E "^linux/" | grep -v -E "^win/"; then
   echo "[ERROR] JDBC jar includes class not under the snowflake namespace"
   exit 1
 fi

ci/scripts/check_content.sh

@@ -8,7 +8,7 @@ set -o pipefail
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
 
-if jar tvf $DIR/../../target/snowflake-jdbc${package_modifier}.jar | awk '{print $8}' | grep -v -E "/$" | grep -v -E "^(net|com)/snowflake" | grep -v -E "(com|net)/\$" | grep -v -E "^META-INF" | grep -v -E "^mozilla" | grep -v -E "^com/sun/jna" | grep -v com/sun/ | grep -v mime.types | grep -v -E "^com/github/luben/zstd/" | grep -v -E "^aix/" | grep -v -E "^darwin/" | grep -v -E "^freebsd/" | grep -v -E "^linux/" | grep -v -E "^win/"; then
+if jar $DIR/../../target/snowflake-jdbc${package_modifier}.jar | awk '{print $8}' | grep -v -E "/$" | grep -v -E "^(net|com)/snowflake" | grep -v -E "(com|net)/\$" | grep -v -E "^META-INF" | grep -v -E "^iso3166_" | grep -v -E "^mozilla" | grep -v -E "^com/sun/jna" | grep -v com/sun/ | grep -v mime.types | grep -v -E "^com/github/luben/zstd/" | grep -v -E "^aix/" | grep -v -E "^darwin/" | grep -v -E "^freebsd/" | grep -v -E "^linux/" | grep -v -E "^win/"; then
   echo "[ERROR] JDBC jar includes class not under the snowflake namespace"
   exit 1
 fi

linkage-checker-exclusion-rules.xml

@@ -29,6 +29,7 @@
         <Source><Package name="com.google.api.gax"/></Source>
         <Reason>?</Reason>
     </LinkageError>
+
     <LinkageError>
         <Target><Package name="org.osgi"/></Target>
         <Source><Package name="org.apache.tika.config"/></Source>
@@ -49,6 +50,26 @@
         <Source><Package name="org.bouncycastle.pqc.legacy.crypto.ntru"/></Source>
         <Reason>?</Reason>
     </LinkageError>
+    <LinkageError>
+        <Target><Package name="org.cryptomator"/></Target>
+        <Source><Package name="com.nimbusds"/></Source>
+        <Reason>?</Reason>
+    </LinkageError>
+    <LinkageError>
+        <Target><Package name="org.opensaml"/></Target>
+        <Source><Package name="com.nimbusds"/></Source>
+        <Reason>?</Reason>
+    </LinkageError>
+    <LinkageError>
+        <Target><Package name="jakarta.servlet"/></Target>
+        <Source><Package name="com.nimbusds"/></Source>
+        <Reason>?</Reason>
+    </LinkageError>
+    <LinkageError>
+        <Target><Package name="net.shibboleth.utilities"/></Target>
+        <Source><Package name="com.nimbusds"/></Source>
+        <Reason>?</Reason>
+    </LinkageError>
     <!--
     <LinkageError>
         <Target><Package name=""/></Target>

parent-pom.xml

@@ -21,7 +21,7 @@
     <apache.httpcore.version>4.4.16</apache.httpcore.version>
     <zstd-jni.version>1.5.6-5</zstd-jni.version>
     <arrow.version>17.0.0</arrow.version>
-    <asm.version>9.3</asm.version>
+    <asm.version>9.6</asm.version>
     <avro.version>1.8.1</avro.version>
     <awaitility.version>4.2.0</awaitility.version>
     <awssdk.version>1.12.655</awssdk.version>
@@ -60,7 +60,7 @@
     <javax.servlet.version>3.1.0</javax.servlet.version>
     <jna.version>5.13.0</jna.version>
     <joda.time.version>2.8.1</joda.time.version>
-    <json.smart.version>2.4.9</json.smart.version>
+    <json.smart.version>2.5.1</json.smart.version>
     <junit4.version>4.13.2</junit4.version>
     <junit.version>5.11.1</junit.version>
     <junit.platform.version>1.11.1</junit.platform.version>
@@ -69,7 +69,8 @@
     <metrics.version>2.2.0</metrics.version>
     <mockito.version>4.11.0</mockito.version>
     <netty.version>4.1.115.Final</netty.version>
-    <nimbusds.version>9.37.3</nimbusds.version>
+    <nimbusds.version>9.40</nimbusds.version>
+    <nimbusds.oauth2.version>11.20.1</nimbusds.oauth2.version>
     <opencensus.version>0.31.1</opencensus.version>
     <plexus.container.version>1.0-alpha-9-stable-1</plexus.container.version>
     <plexus.utils.version>3.4.2</plexus.utils.version>
@@ -219,6 +220,11 @@
         <artifactId>nimbus-jose-jwt</artifactId>
         <version>${nimbusds.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.nimbusds</groupId>
+        <artifactId>oauth2-oidc-sdk</artifactId>
+        <version>${nimbusds.oauth2.version}</version>
+      </dependency>
       <dependency>
         <groupId>com.yammer.metrics</groupId>
         <artifactId>metrics-core</artifactId>
@@ -646,6 +652,10 @@
       <groupId>com.nimbusds</groupId>
       <artifactId>nimbus-jose-jwt</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.nimbusds</groupId>
+      <artifactId>oauth2-oidc-sdk</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.yammer.metrics</groupId>
       <artifactId>metrics-core</artifactId>

src/main/java/net/snowflake/client/core/AssertUtil.java

@@ -16,7 +16,8 @@ public class AssertUtil {
    * @param internalErrorMesg The error message to display if condition is false
    * @throws SFException Will be thrown if condition is false
    */
-  static void assertTrue(boolean condition, String internalErrorMesg) throws SFException {
+  @SnowflakeJdbcInternalApi
+  public static void assertTrue(boolean condition, String internalErrorMesg) throws SFException {
     if (!condition) {
       throw new SFException(ErrorCode.INTERNAL_ERROR, internalErrorMesg);
     }

src/main/java/net/snowflake/client/core/CachedCredentialType.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2024 Snowflake Computing Inc. All rights reserved.
+ */
+
+package net.snowflake.client.core;
+
+enum CachedCredentialType {
+  ID_TOKEN("ID_TOKEN"),
+  MFA_TOKEN("MFATOKEN"),
+  OAUTH_ACCESS_TOKEN("OAUTH_ACCESS_TOKEN"),
+  OAUTH_REFRESH_TOKEN("OAUTH_REFRESH_TOKEN");
+
+  private final String value;
+
+  CachedCredentialType(String value) {
+    this.value = value;
+  }
+
+  String getValue() {
+    return value;
+  }
+}

src/main/java/net/snowflake/client/core/Constants.java

@@ -22,6 +22,10 @@ public final class Constants {
   // Error code for all invalid id token cases during login request
   public static final int ID_TOKEN_INVALID_LOGIN_REQUEST_GS_CODE = 390195;
 
+  public static final int OAUTH_ACCESS_TOKEN_EXPIRED_GS_CODE = 390318;
+
+  public static final int OAUTH_ACCESS_TOKEN_INVALID_GS_CODE = 390303;
+
   // Error message for IOException when no space is left for GET
   public static final String NO_SPACE_LEFT_ON_DEVICE_ERR = "No space left on device";