clean up and add test.

oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java

@@ -612,12 +612,12 @@ public void fromStream_Impersonation_providesToken_WithQuotaProject() throws IOE
         .setExpireTime(ImpersonatedCredentialsTest.getDefaultExpireTime());
     transportFactory
         .getTransport()
-        .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_URL);
+        .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL);
     transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, "");
 
     InputStream impersonationCredentialsStream =
         ImpersonatedCredentialsTest.writeImpersonationCredentialsStream(
-            ImpersonatedCredentialsTest.IMPERSONATION_URL,
+            ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL,
             ImpersonatedCredentialsTest.DELEGATES,
             ImpersonatedCredentialsTest.QUOTA_PROJECT_ID);
 
@@ -647,7 +647,7 @@ public void fromStream_Impersonation_defaultUniverse() throws IOException {
 
     InputStream impersonationCredentialsStream =
         ImpersonatedCredentialsTest.writeImpersonationCredentialsStream(
-            ImpersonatedCredentialsTest.IMPERSONATION_URL,
+            ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL,
             ImpersonatedCredentialsTest.DELEGATES,
             ImpersonatedCredentialsTest.QUOTA_PROJECT_ID);
 
@@ -677,12 +677,12 @@ public void fromStream_Impersonation_providesToken_WithoutQuotaProject() throws
         .setExpireTime(ImpersonatedCredentialsTest.getDefaultExpireTime());
     transportFactory
         .getTransport()
-        .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_URL);
+        .setAccessTokenEndpoint(ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL);
     transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, "");
 
     InputStream impersonationCredentialsStream =
         ImpersonatedCredentialsTest.writeImpersonationCredentialsStream(
-            ImpersonatedCredentialsTest.IMPERSONATION_URL,
+            ImpersonatedCredentialsTest.IMPERSONATION_OVERRIDE_URL,
             ImpersonatedCredentialsTest.DELEGATES,
             null);
 

oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java

@@ -123,11 +123,24 @@ public class ImpersonatedCredentialsTest extends BaseSerializationTest {
   private static JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
 
   private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ssX";
-  public static final String DEFAULT_IMPERSONATION_URL =
+
+  private static final String DEFAULT_UNIVERSE_DOMAIN = "googleapis.com";
+  private static final String TEST_UNIVERSE_DOMAIN = "test.xyz";
+  private static final String OLD_IMPERSONATION_URL =
       "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
           + IMPERSONATED_CLIENT_EMAIL
           + ":generateAccessToken";
-  public static final String IMPERSONATION_URL =
+  public static final String DEFAULT_IMPERSONATION_URL =
+      String.format(
+          OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
+          DEFAULT_UNIVERSE_DOMAIN,
+          IMPERSONATED_CLIENT_EMAIL);
+  private static final String NONGDU_IMPERSONATION_URL =
+      String.format(
+          OAuth2Utils.IAM_ACCESS_TOKEN_ENDPOINT_FORMAT,
+          TEST_UNIVERSE_DOMAIN,
+          IMPERSONATED_CLIENT_EMAIL);
+  public static final String IMPERSONATION_OVERRIDE_URL =
       "https://us-east1-iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/"
           + IMPERSONATED_CLIENT_EMAIL
           + ":generateAccessToken";
@@ -169,7 +182,7 @@ private GoogleCredentials getSourceCredentials() throws IOException {
   public void fromJson_userAsSource_WithQuotaProjectId() throws IOException {
     GenericJson json =
         buildImpersonationCredentialsJson(
-            IMPERSONATION_URL,
+            IMPERSONATION_OVERRIDE_URL,
             DELEGATES,
             QUOTA_PROJECT_ID,
             USER_ACCOUNT_CLIENT_ID,
@@ -178,7 +191,7 @@ public void fromJson_userAsSource_WithQuotaProjectId() throws IOException {
     ImpersonatedCredentials credentials =
         ImpersonatedCredentials.fromJson(json, mockTransportFactory);
     assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount());
-    assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride());
+    assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride());
     assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId());
     assertEquals(DELEGATES, credentials.getDelegates());
     assertEquals(new ArrayList<String>(), credentials.getScopes());
@@ -191,7 +204,7 @@ public void fromJson_userAsSource_WithQuotaProjectId() throws IOException {
   public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException {
     GenericJson json =
         buildImpersonationCredentialsJson(
-            IMPERSONATION_URL,
+            IMPERSONATION_OVERRIDE_URL,
             DELEGATES,
             null,
             USER_ACCOUNT_CLIENT_ID,
@@ -200,7 +213,7 @@ public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException {
     ImpersonatedCredentials credentials =
         ImpersonatedCredentials.fromJson(json, mockTransportFactory);
     assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount());
-    assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride());
+    assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride());
     assertNull(credentials.getQuotaProjectId());
     assertEquals(DELEGATES, credentials.getDelegates());
     assertEquals(new ArrayList<String>(), credentials.getScopes());
@@ -213,7 +226,7 @@ public void fromJson_userAsSource_WithoutQuotaProjectId() throws IOException {
   public void fromJson_userAsSource_MissingDelegatesField() throws IOException {
     GenericJson json =
         buildImpersonationCredentialsJson(
-            IMPERSONATION_URL,
+            IMPERSONATION_OVERRIDE_URL,
             DELEGATES,
             null,
             USER_ACCOUNT_CLIENT_ID,
@@ -223,7 +236,7 @@ public void fromJson_userAsSource_MissingDelegatesField() throws IOException {
     ImpersonatedCredentials credentials =
         ImpersonatedCredentials.fromJson(json, mockTransportFactory);
     assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount());
-    assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride());
+    assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride());
     assertNull(credentials.getQuotaProjectId());
     assertEquals(new ArrayList<String>(), credentials.getDelegates());
     assertEquals(new ArrayList<String>(), credentials.getScopes());
@@ -235,11 +248,11 @@ public void fromJson_userAsSource_MissingDelegatesField() throws IOException {
   @Test()
   public void fromJson_ServiceAccountAsSource() throws IOException {
     GenericJson json =
-        buildImpersonationCredentialsJson(IMPERSONATION_URL, DELEGATES, QUOTA_PROJECT_ID);
+        buildImpersonationCredentialsJson(IMPERSONATION_OVERRIDE_URL, DELEGATES, QUOTA_PROJECT_ID);
     ImpersonatedCredentials credentials =
         ImpersonatedCredentials.fromJson(json, mockTransportFactory);
     assertEquals(IMPERSONATED_CLIENT_EMAIL, credentials.getAccount());
-    assertEquals(IMPERSONATION_URL, credentials.getIamEndpointOverride());
+    assertEquals(IMPERSONATION_OVERRIDE_URL, credentials.getIamEndpointOverride());
     assertEquals(QUOTA_PROJECT_ID, credentials.getQuotaProjectId());
     assertEquals(DELEGATES, credentials.getDelegates());
     assertEquals(new ArrayList<String>(), credentials.getScopes());
@@ -342,7 +355,7 @@ public void createScopedWithIamEndpointOverride() {
             VALID_LIFETIME,
             mockTransportFactory,
             QUOTA_PROJECT_ID,
-            IMPERSONATION_URL);
+            IMPERSONATION_OVERRIDE_URL);
 
     ImpersonatedCredentials scoped_credentials =
         (ImpersonatedCredentials) targetCredentials.createScoped(IMMUTABLE_SCOPES_SET);
@@ -480,12 +493,36 @@ public void refreshAccessToken_success() throws IOException, IllegalStateExcepti
     assertTrue(requestHeader.containsKey("authorization"));
   }
 
+  @Test()
+  public void refreshAccessToken_success_nonGDU() throws IOException, IllegalStateException {
+    MockIAMCredentialsServiceTransportFactory transportFactory =
+        new MockIAMCredentialsServiceTransportFactory(TEST_UNIVERSE_DOMAIN);
+    transportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
+    transportFactory.getTransport().setAccessToken(ACCESS_TOKEN);
+    transportFactory.getTransport().setExpireTime(getDefaultExpireTime());
+    transportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, "");
+
+    GoogleCredentials sourceCredentialsNonGDU =
+        sourceCredentials.toBuilder().setUniverseDomain(TEST_UNIVERSE_DOMAIN).build();
+    ImpersonatedCredentials targetCredentials =
+        ImpersonatedCredentials.create(
+            sourceCredentialsNonGDU,
+            IMPERSONATED_CLIENT_EMAIL,
+            null,
+            IMMUTABLE_SCOPES_LIST,
+            VALID_LIFETIME,
+            transportFactory);
+
+    assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue());
+    assertEquals(NONGDU_IMPERSONATION_URL, transportFactory.getTransport().getRequest().getUrl());
+  }
+
   @Test
   public void refreshAccessToken_endpointOverride() throws IOException, IllegalStateException {
     mockTransportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
     mockTransportFactory.getTransport().setAccessToken(ACCESS_TOKEN);
     mockTransportFactory.getTransport().setExpireTime(getDefaultExpireTime());
-    mockTransportFactory.getTransport().setAccessTokenEndpoint(IMPERSONATION_URL);
+    mockTransportFactory.getTransport().setAccessTokenEndpoint(IMPERSONATION_OVERRIDE_URL);
     mockTransportFactory.getTransport().addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_OK, "");
 
     ImpersonatedCredentials targetCredentials =
@@ -497,10 +534,11 @@ public void refreshAccessToken_endpointOverride() throws IOException, IllegalSta
             VALID_LIFETIME,
             mockTransportFactory,
             QUOTA_PROJECT_ID,
-            IMPERSONATION_URL);
+            IMPERSONATION_OVERRIDE_URL);
 
     assertEquals(ACCESS_TOKEN, targetCredentials.refreshAccessToken().getTokenValue());
-    assertEquals(IMPERSONATION_URL, mockTransportFactory.getTransport().getRequest().getUrl());
+    assertEquals(
+        IMPERSONATION_OVERRIDE_URL, mockTransportFactory.getTransport().getRequest().getUrl());
   }
 
   @Test()
@@ -953,20 +991,15 @@ public void idToken_withOtherError() {
 
   @Test
   public void getUniverseDomain_defaultUniverse() throws IOException {
-
-    mockTransportFactory.getTransport().setTargetPrincipal(IMPERSONATED_CLIENT_EMAIL);
-    mockTransportFactory.getTransport().setAccessToken(ACCESS_TOKEN);
-    mockTransportFactory.getTransport().setExpireTime(getDefaultExpireTime());
-
-    ImpersonatedCredentials targetCredentials =
+    ImpersonatedCredentials impersonatedCredentials =
         ImpersonatedCredentials.create(
             sourceCredentials,
             IMPERSONATED_CLIENT_EMAIL,
             null,
             IMMUTABLE_SCOPES_LIST,
             VALID_LIFETIME,
             mockTransportFactory);
-    assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, targetCredentials.getUniverseDomain());
+    assertEquals(Credentials.GOOGLE_DEFAULT_UNIVERSE, impersonatedCredentials.getUniverseDomain());
   }
 
   @Test
@@ -988,9 +1021,8 @@ public void universeDomain_getFromSourceCredentials() throws IOException {
 
   @Test
   public void universeDomain_whenExplicit() throws IOException {
-
     GoogleCredentials sourceCredentialsNonGDU =
-        sourceCredentials.toBuilder().setUniverseDomain("source.domain.com").build();
+        sourceCredentials.toBuilder().setUniverseDomain("source.domain.xyz").build();
     ImpersonatedCredentials impersonatedCredentials =
         ImpersonatedCredentials.newBuilder()
             .setSourceCredentials(sourceCredentialsNonGDU)