alts: Make GoogleDefaultChannelCredentials take a CallCredentials (#8548)

DirectPath is going to support non-default service account. This commit
allows users to pass CallCredentials to GoogleDefaultChannelCredentials.
See design in go/directpath-file-credential-google-default-creds

alts/src/main/java/io/grpc/alts/GoogleDefaultChannelCredentials.java

@@ -44,30 +44,65 @@ public final class GoogleDefaultChannelCredentials {
    * as fallback.
    */
   public static ChannelCredentials create() {
-    ChannelCredentials nettyCredentials =
+    return newBuilder().build();
-        InternalNettyChannelCredentials.create(createClientFactory());
-    CallCredentials callCredentials;
-    try {
-      callCredentials = MoreCallCredentials.from(GoogleCredentials.getApplicationDefault());
-    } catch (IOException e) {
-      callCredentials = new FailingCallCredentials(
-          Status.UNAUTHENTICATED
-              .withDescription("Failed to get Google default credentials")
-              .withCause(e));
-    }
-    return CompositeChannelCredentials.create(nettyCredentials, callCredentials);
   }
 
-  private static InternalProtocolNegotiator.ClientFactory createClientFactory() {
+  /**
-    SslContext sslContext;
+   * Returns a new instance of {@link Builder}.
-    try {
+   *
-      sslContext = GrpcSslContexts.forClient().build();
+   * @since 1.42.0
-    } catch (SSLException e) {
+   */
-      throw new RuntimeException(e);
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  /**
+   * Builder for {@link GoogleDefaultChannelCredentials} instances.
+   *
+   * @since 1.42.0
+   */
+  public static final class Builder {
+    private CallCredentials callCredentials;
+
+    private Builder() {}
+
+    /** Constructs GoogleDefaultChannelCredentials with a given call credential. */
+    public Builder callCredentials(CallCredentials callCreds) {
+      callCredentials = callCreds;
+      return this;
+    }
+
+    /** Builds a GoogleDefaultChannelCredentials instance. */
+    public ChannelCredentials build() {
+      ChannelCredentials nettyCredentials =
+          InternalNettyChannelCredentials.create(createClientFactory());
+      if (callCredentials != null) {
+        return CompositeChannelCredentials.create(nettyCredentials, callCredentials);
+      }
+      CallCredentials callCreds;
+      try {
+        callCreds = MoreCallCredentials.from(GoogleCredentials.getApplicationDefault());
+      } catch (IOException e) {
+        callCreds =
+            new FailingCallCredentials(
+                Status.UNAUTHENTICATED
+                    .withDescription("Failed to get Google default credentials")
+                    .withCause(e));
+      }
+      return CompositeChannelCredentials.create(nettyCredentials, callCreds);
+    }
+
+    private static InternalProtocolNegotiator.ClientFactory createClientFactory() {
+      SslContext sslContext;
+      try {
+        sslContext = GrpcSslContexts.forClient().build();
+      } catch (SSLException e) {
+        throw new RuntimeException(e);
+      }
+      return new GoogleDefaultProtocolNegotiatorFactory(
+          /* targetServiceAccounts= */ ImmutableList.<String>of(),
+          SharedResourcePool.forResource(HandshakerServiceChannel.SHARED_HANDSHAKER_CHANNEL),
+          sslContext);
     }
-    return new GoogleDefaultProtocolNegotiatorFactory(
-        /* targetServiceAccounts= */ ImmutableList.<String>of(),
-        SharedResourcePool.forResource(HandshakerServiceChannel.SHARED_HANDSHAKER_CHANNEL),
-        sslContext);
   }
 }