starred/fake-gcs-server
1
0
Fork 0
mirror of https://github.com/fsouza/fake-gcs-server.git synced 2026-04-25 21:55:56 +03:00
Code Issues 117 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1073] Cannot use signed url with java #162

New issue
Closed
opened 2026-03-03 12:08:50 +03:00 by kerem · 5 comments
kerem commented 2026-03-03 12:08:50 +03:00
Owner
Copy link

Originally created by @marcelocamanho on GitHub (Feb 14, 2023).
Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1073

Was anyone able to use them?
I am using a simple code to init the storage service and to access it, but it fails.

StorageOptions.Builder storageOptions = StorageOptions.newBuilder().setProjectId(projectId);
storageOptions.setHost("http://localhost:1234");
BlobInfo blobInfo = BlobInfo.newBuilder(BlobId.of(bucketName, objectName)).build();
URL url = storage.signUrl(blobInfo, 10, TimeUnit.MINUTES, Storage.SignUrlOption.withV4Signature());

This causes the error:

java.lang.IllegalStateException: Signing key was not provided and could not be derived
	at com.google.common.base.Preconditions.checkState(Preconditions.java:444) ~[guava-20.0.jar:na]
	at com.google.cloud.storage.StorageImpl.signUrl(StorageImpl.java:627) ~[google-cloud-storage-2.8.1.jar:2.8.1]

Was anyone able to work around this please?

Thanks

Originally created by @marcelocamanho on GitHub (Feb 14, 2023). Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1073 Was anyone able to use them? I am using a simple code to init the storage service and to access it, but it fails. ``` StorageOptions.Builder storageOptions = StorageOptions.newBuilder().setProjectId(projectId); storageOptions.setHost("http://localhost:1234"); BlobInfo blobInfo = BlobInfo.newBuilder(BlobId.of(bucketName, objectName)).build(); URL url = storage.signUrl(blobInfo, 10, TimeUnit.MINUTES, Storage.SignUrlOption.withV4Signature()); ``` This causes the error: ``` java.lang.IllegalStateException: Signing key was not provided and could not be derived at com.google.common.base.Preconditions.checkState(Preconditions.java:444) ~[guava-20.0.jar:na] at com.google.cloud.storage.StorageImpl.signUrl(StorageImpl.java:627) ~[google-cloud-storage-2.8.1.jar:2.8.1] ``` Was anyone able to work around this please? Thanks
kerem 2026-03-03 12:08:50 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-03-03 12:08:51 +03:00
Author
Owner
Copy link

@fsouza commented on GitHub (May 2, 2023):

Hey @marcelocamanho, sorry for such a delayed response, I completely missed this issue. Signing URLs doesn't really involve the server, so you need a valid key to sign even if you're using a fake server. What I've seen other folks do in the past is generating some sort of X.509 certificate or even generating a real one from Google, invalidating it and then using in tests/CI.

<!-- gh-comment-id:1531676516 --> @fsouza commented on GitHub (May 2, 2023): Hey @marcelocamanho, sorry for such a delayed response, I completely missed this issue. Signing URLs doesn't really involve the server, so you need a valid key to sign even if you're using a fake server. What I've seen other folks do in the past is generating some sort of X.509 certificate or even generating a real one from Google, invalidating it and then using in tests/CI.
kerem commented 2026-03-03 12:08:51 +03:00
Author
Owner
Copy link

@SamueLacmene commented on GitHub (Dec 21, 2023):

@marcelocamanho Did you find a solution to your Problem? I'm facing the same issue. If yes can you please share you solution ?! :-)

<!-- gh-comment-id:1865998403 --> @SamueLacmene commented on GitHub (Dec 21, 2023): @marcelocamanho Did you find a solution to your Problem? I'm facing the same issue. If yes can you please share you solution ?! :-)
kerem commented 2026-03-03 12:08:51 +03:00
Author
Owner
Copy link

@SamueLacmene commented on GitHub (Dec 21, 2023):

I managed to mock the credential, so that the method storage.signUrl was able to work without having to use a service-account-key.json. Here is the solution:

@Configuration
class GoogleCloudStorageConfiguration {

  @Value("\${gcs.port}")
  private lateinit var gcsContainerPort: String

  @Bean
  @Primary
  fun storage(): Storage {
    val serviceAccountCredentials = mock<ServiceAccountCredentials> {
      on { account } doReturn "Account"
      on { sign(any()) } doReturn byteArrayOf(123456.toByte())
    }

    return StorageOptions.getUnauthenticatedInstance().toBuilder()
      .setHost("http://localhost:$gcsContainerPort")
      .setCredentials(serviceAccountCredentials)
      .build()
      .service
  }
}

I'm using Sprint + kotlin + mockito

import org.mockito.kotlin.any
import org.mockito.kotlin.doReturn
import org.mockito.kotlin.mock
<!-- gh-comment-id:1866654869 --> @SamueLacmene commented on GitHub (Dec 21, 2023): I managed to mock the credential, so that the method `storage.signUrl` was able to work without having to use a `service-account-key.json`. Here is the solution: ``` @Configuration class GoogleCloudStorageConfiguration { @Value("\${gcs.port}") private lateinit var gcsContainerPort: String @Bean @Primary fun storage(): Storage { val serviceAccountCredentials = mock<ServiceAccountCredentials> { on { account } doReturn "Account" on { sign(any()) } doReturn byteArrayOf(123456.toByte()) } return StorageOptions.getUnauthenticatedInstance().toBuilder() .setHost("http://localhost:$gcsContainerPort") .setCredentials(serviceAccountCredentials) .build() .service } } ``` I'm using Sprint + kotlin + mockito ``` import org.mockito.kotlin.any import org.mockito.kotlin.doReturn import org.mockito.kotlin.mock ```
kerem commented 2026-03-03 12:08:51 +03:00
Author
Owner
Copy link

@Burtan commented on GitHub (Dec 27, 2023):

While the fake signing is working for me. The generated url does not use the fake gcs url, but https://storage.googleapis.com/.
I see, it is working as intended.
https://github.com/fsouza/fake-gcs-server#using-with-signed-urls

<!-- gh-comment-id:1870119197 --> @Burtan commented on GitHub (Dec 27, 2023): While the fake signing is working for me. The generated url does not use the fake gcs url, but https://storage.googleapis.com/. I see, it is working as intended. https://github.com/fsouza/fake-gcs-server#using-with-signed-urls
kerem commented 2026-03-03 12:08:51 +03:00
Author
Owner
Copy link

@tlusk commented on GitHub (Jun 26, 2025):

Here's a way you can create a new ServiceAccountCredentials object without needing to mock it like the above solution:

val storage = StorageOptions.newBuilder()
  .setCredentials(
      ServiceAccountCredentials.newBuilder().apply {
          clientEmail = "TestAccount"
          privateKey = KeyPairGenerator.getInstance("RSA").generateKeyPair().private
      }.build(),
  )
  .build().service
<!-- gh-comment-id:3010259966 --> @tlusk commented on GitHub (Jun 26, 2025): Here's a way you can create a new `ServiceAccountCredentials` object without needing to mock it like the above solution: ```kotlin val storage = StorageOptions.newBuilder() .setCredentials( ServiceAccountCredentials.newBuilder().apply { clientEmail = "TestAccount" privateKey = KeyPairGenerator.getInstance("RSA").generateKeyPair().private }.build(), ) .build().service ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/npm_and_yarn/examples/node/fast-xml-parser-5.7.1
dependabot/github_actions/goreleaser/goreleaser-action-7.1.0
dependabot/github_actions/actions/cache-5.0.5
v1.54.0
v1.53.1
v1.53.0
v1.52.3
v1.52.2
v1.52.1
v1.52.0
v1.51.0
v1.50.2
v1.50.1
v1.50.0
v1.49.3
v1.49.2
v1.49.1
v1.49.0
v1.48.0
v1.47.8
v1.47.7
v1.47.6
v1.47.5
v1.47.4
v1.47.3
v1.47.2
v1.47.1
v1.47.0
v1.46.0
v1.45.2
v1.45.1
v1.45.0
v1.44.2
v1.44.1
v1.44.0
v1.43.0
v1.42.2
v1.42.1
v1.42.0
v1.41.0
v1.40.3
v1.40.2
v1.40.1
v1.40.0
v1.39.0
v1.38.4
v1.38.3
v1.38.2
v1.38.1
v1.38.0
v1.37.12
v1.37.11
v1.37.10
v1.37.9
v1.37.8
v1.37.3
v1.37.2
v1.37.1
v1.37.0
v1.36.3
v1.36.2
v1.36.1
v1.36.0
v1.35.0
v1.34.1
v1.34.0
v1.33.1
v1.33.0
v1.32.2
v1.32.1
v1.32.0
v1.31.1
v1.31.0
v1.30.2
v1.30.1
v1.30.0
1.29.2
v1.29.1
v1.29.0
v1.28.0
v1.27.0
v1.26.0
v1.25.2
v1.25.1
v1.25.0
v1.24.0
v1.23.1
v1.23.0
v1.22.7
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.21.2
v1.21.1
v1.21.0
v1.20.0
v1.19.5
v1.19.4
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.1
v1.17.0
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.0
v1.14.1
v1.14.0
v1.13.1
v1.13.0
v1.12.1
v1.12.0
v1.11.6
v1.11.5
v1.11.4
v1.11.3
v1.11.2
v1.11.1
v1.11.0
v1.10.1
v1.10.0
v1.9.0
v1.8.0
v1.7.1
v1.7.0
v1.6.2
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.2
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
Labels
Clear labels   
bug

   
compatibility-issue

   
docker

   
documentation

   
enhancement

   
help wanted

   
needs information

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
unfortunate

   
wontfix
No labels
bug
compatibility-issue
docker
documentation
enhancement
help wanted
needs information
pull-request
question
stale
unfortunate
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/fake-gcs-server#162
No description provided.