/**
* @param string $path
* @param int $ttl
* @return string|null
*/
public function getSignedUrl($path, $ttl = 7200)
{
$adapter = $this->getRealAdapter();
if ($adapter instanceof GoogleStorageAdapter) {
// see https://cloud.google.com/storage/docs/access-control?hl=en#Signed-URLs
$expires = time() + $ttl;
$bucket = trim($adapter->getBucket(), '/');
$path = trim($path, '/');
$raw = sprintf("GET\n\n\n%d\n/%s/%s", $expires, $bucket, $path);
// we need to grab the auth class which contains the credentials
// in order to get the credentials, we've had to extend google's Google_Auth_OAuth2 class to create a public
// getAssertionCredentials() function
$service = $adapter->getService();
$client = $service->getClient();
$auth = $client->getAuth();
/** @var GoogleAuthOauth2 $auth */
$credentials = $auth->getAssertionCredentials();
$signer = new \Google_Signer_P12($credentials->privateKey, $credentials->privateKeyPassword);
$signature = $signer->sign($raw);
$params = array('GoogleAccessId' => $credentials->serviceAccountName, 'Expires' => $expires, 'Signature' => base64_encode($signature));
return sprintf('https://storage.googleapis.com/%s/%s?%s', $bucket, $path, http_build_query($params));
} elseif ($adapter instanceof Local) {
// local adapter doesn't support signed urls
// files are assumed to be public
return $this->getPublicUrl($path);
}
return null;
}
private function makeSignedJwt($payload)
{
$header = array("typ" => "JWT", "alg" => "RS256");
$segments = array();
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($header));
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload));
$signing_input = implode(".", $segments);
$signature = $this->signer->sign($signing_input);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
/**
* Creates a signed JWT.
* @param array $payload
* @return string The signed JWT.
*/
private function makeSignedJwt($payload)
{
$header = array('typ' => 'JWT', 'alg' => 'RS256');
$payload = json_encode($payload);
// Handle some overzealous escaping in PHP json that seemed to cause some errors
// with claimsets.
$payload = str_replace('\\/', '/', $payload);
$segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode($payload));
$signingInput = implode('.', $segments);
$signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword);
$signature = $signer->sign($signingInput);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
public function getGcsSignedUrl($path)
{
$expires = time() + 3600;
$stringToSign = "GET\n\n\n{$expires}\n/{$path}";
$link = "http://storage.googleapis.com/{$path}";
$googleAccessId = str_replace('.apps.googleusercontent.com', '@developer.gserviceaccount.com', $this->environment->getPlatformConfigValue(GoogleCEPlatformModule::CLIENT_ID));
$signer = new Google_Signer_P12(base64_decode($this->environment->getPlatformConfigValue(GoogleCEPlatformModule::KEY)), 'notasecret');
$signature = $signer->sign($stringToSign);
$signature = urlencode(base64_encode($signature));
return "{$link}?GoogleAccessId={$googleAccessId}&Expires={$expires}&Signature={$signature}";
}
/**
* Creates a signed JWT.
* @param array $payload
* @return string The signed JWT.
*/
private function makeSignedJwt($payload)
{
$header = array('typ' => 'JWT', 'alg' => 'RS256');
$segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode(json_encode($payload)));
$signingInput = implode('.', $segments);
$signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword);
$signature = $signer->sign($signingInput);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
public function getGcsSignedUrl($path)
{
$expires = time() + 3600;
$stringToSign = "GET\n\n\n{$expires}\n/{$path}";
$link = "http://storage.googleapis.com/{$path}";
$googleAccessId = str_replace('.apps.googleusercontent.com', '@developer.gserviceaccount.com', $this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_CLIENT_ID]);
$signer = new Google_Signer_P12(base64_decode($this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_KEY]), $this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_JSON_KEY] ? null : 'notasecret');
$signature = $signer->sign($stringToSign);
$signature = urlencode(base64_encode($signature));
return "{$link}?GoogleAccessId={$googleAccessId}&Expires={$expires}&Signature={$signature}";
}
public function makeSignedJwt($payload, $cred)
{
$header = array("typ" => "JWT", "alg" => "RS256");
$segments = array();
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($header));
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload));
$signing_input = implode(".", $segments);
$signer = new Google_Signer_P12($cred->privateKey, $cred->privateKeyPassword);
$signature = $signer->sign($signing_input);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
