public function testStrLen() { $this->assertEquals(0, Google_Utils::getStrLen(null)); $this->assertEquals(0, Google_Utils::getStrLen(false)); $this->assertEquals(0, Google_Utils::getStrLen("")); $this->assertEquals(1, Google_Utils::getStrLen(" ")); $this->assertEquals(2, Google_Utils::getStrLen(" 1")); $this->assertEquals(7, Google_Utils::getStrLen("0a\\n\n\r\n")); }
/** * Creates a signed JWT. * @param array $payload * @return string The signed JWT. */ private function makeSignedJwt($payload) { $header = array('typ' => 'JWT', 'alg' => 'RS256'); $segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode(json_encode($payload))); $signingInput = implode('.', $segments); $signer = new Google_P12Signer($this->privateKey, $this->privateKeyPassword); $signature = $signer->sign($signingInput); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
private function makeSignedJwt($payload) { $header = array("typ" => "JWT", "alg" => "RS256"); $segments = array(); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($header)); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload)); $signing_input = implode(".", $segments); $signature = $this->signer->sign($signing_input); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
/** * Set current attribute to entry (for specified product) * * @param Mage_Catalog_Model_Product $product * @param Google_Service_ShoppingContent_Product $shoppingProduct * @return Google_Service_ShoppingContent_Product */ public function convertAttribute($product, $shoppingProduct) { if (is_null($this->getName())) { return $shoppingProduct; } $productAttribute = Mage::helper('googleshoppingapi/product')->getProductAttribute($product, $this->getAttributeId()); $type = $this->getGcontentAttributeType($productAttribute); $value = $this->getProductAttributeValue($product); if (!is_null($value)) { $name = Google_Utils::camelCase($this->getName()); $shoppingProduct->offsetSet($name, $value); } return $shoppingProduct; }
/** * Initialize this object's properties from an array. * * @param array $array Used to seed this object's properties. * @return void */ protected function mapTypes($array) { // Hard initilise simple types, lazy load more complex ones. foreach ($array as $key => $val) { if (!property_exists($this, $this->keyType($key)) && property_exists($this, $key)) { $this->{$key} = $val; unset($array[$key]); } elseif (property_exists($this, $camelKey = Google_Utils::camelCase($key))) { // This checks if property exists as camelCase, leaving it in array as snake_case // in case of backwards compatibility issues. $this->{$camelKey} = $val; } } $this->modelData = $array; }
/** * Most of the logic for ID token validation is in AuthTest - * this is just a general check to ensure we verify a valid * id token if one exists. */ public function testValidateIdToken() { if (!$this->checkToken()) { return; } $client = $this->getClient(); $token = json_decode($client->getAccessToken()); $segments = explode(".", $token->id_token); $this->assertEquals(3, count($segments)); // Extract the client ID in this case as it wont be set on the test client. $data = json_decode(Google_Utils::urlSafeB64Decode($segments[1])); $oauth = new Google_Auth_OAuth2($client); $this->assertInstanceOf("Google_Auth_LoginTicket", $oauth->verifyIdToken($token->id_token, $data->aud)); // TODO(ianbarber): Need to be smart about testing/disabling the // caching for this test to make sense. Not sure how to do that // at the moment. $client = $this->getClient(); $client->setIo(new Google_IO_Stream($client)); $data = json_decode(Google_Utils::urlSafeB64Decode($segments[1])); $oauth = new Google_Auth_OAuth2($client); $this->assertInstanceOf("Google_Auth_LoginTicket", $oauth->verifyIdToken($token->id_token, $data->aud)); }
function verifySignedJwtWithCerts($jwt, $certs, $required_audience) { $segments = explode(".", $jwt); if (count($segments) != 3) { throw new Google_AuthException("Wrong number of segments in token: {$jwt}"); } $signed = $segments[0] . "." . $segments[1]; $signature = Google_Utils::urlSafeB64Decode($segments[2]); // Parse envelope. $envelope = json_decode(Google_Utils::urlSafeB64Decode($segments[0]), true); if (!$envelope) { throw new Google_AuthException("Can't parse token envelope: " . $segments[0]); } // Parse token $json_body = Google_Utils::urlSafeB64Decode($segments[1]); $payload = json_decode($json_body, true); if (!$payload) { throw new Google_AuthException("Can't parse token payload: " . $segments[1]); } // Check signature $verified = false; foreach ($certs as $keyName => $pem) { $public_key = new googlePemVerifier($pem); if ($public_key->verify($signed, $signature)) { $verified = true; break; } } if (!$verified) { throw new Google_AuthException("Invalid token signature: {$jwt}"); } // Check issued-at timestamp $iat = 0; if (array_key_exists("iat", $payload)) { $iat = $payload["iat"]; } if (!$iat) { throw new Google_AuthException("No issue time in token: {$json_body}"); } $earliest = $iat - self::CLOCK_SKEW_SECS; // Check expiration timestamp $now = time(); $exp = 0; if (array_key_exists("exp", $payload)) { $exp = $payload["exp"]; } if (!$exp) { throw new Google_AuthException("No expiration time in token: {$json_body}"); } if ($exp >= $now + self::MAX_TOKEN_LIFETIME_SECS) { throw new Google_AuthException("Expiration time too far in future: {$json_body}"); } $latest = $exp + self::CLOCK_SKEW_SECS; if ($now < $earliest) { throw new Google_AuthException("Token used too early, {$now} < {$earliest}: {$json_body}"); } if ($now > $latest) { throw new Google_AuthException("Token used too late, {$now} > {$latest}: {$json_body}"); } // TODO(beaton): check issuer field? // Check audience $aud = $payload["aud"]; if ($aud != $required_audience) { throw new Google_AuthException("Wrong recipient, {$aud} != {$required_audience}: {$json_body}"); } // All good. return new Google_LoginTicket($envelope, $payload); }
private function getResumeUri() { $result = null; $body = $this->request->getPostBody(); if ($body) { $headers = array('content-type' => 'application/json; charset=UTF-8', 'content-length' => Google_Utils::getStrLen($body), 'x-upload-content-type' => $this->mimeType, 'x-upload-content-length' => $this->size, 'expect' => ''); $this->request->setRequestHeaders($headers); } $response = $this->client->getIo()->makeRequest($this->request); $location = $response->getResponseHeader('location'); $code = $response->getResponseHttpCode(); if (200 == $code && true == $location) { return $location; } $message = $code; $body = @json_decode($response->getResponseBody()); if (!empty($body->error->errors)) { $message .= ': '; foreach ($body->error->errors as $error) { $message .= "{$error->domain}, {$error->message};"; } $message = rtrim($message, ';'); } $error = "Failed to start the resumable upload (HTTP {$message})"; $this->client->getLogger()->error($error); throw new Google_Exception($error); }
/** * Creates a signed JWT. * @param array $payload * @return string The signed JWT. */ private function makeSignedJwt($payload) { $header = array('typ' => 'JWT', 'alg' => 'RS256'); $payload = json_encode($payload); // Handle some overzealous escaping in PHP json that seemed to cause some errors // with claimsets. $payload = str_replace('\\/', '/', $payload); $segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode($payload)); $signingInput = implode('.', $segments); $signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword); $signature = $signer->sign($signingInput); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
/** * Verifies the id token, returns the verified token contents. * * @param $jwt string the token * @param $certs array of certificates * @param $required_audience string the expected consumer of the token * @param [$issuer] the expected issues, defaults to Google * @param [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS * @throws Google_Auth_Exception * @return mixed token information if valid, false if not */ public function verifySignedJwtWithCerts($jwt, $certs, $required_audience, $issuer = null, $max_expiry = null) { if (!$max_expiry) { // Set the maximum time we will accept a token for. $max_expiry = self::MAX_TOKEN_LIFETIME_SECS; } $segments = explode(".", $jwt); if (count($segments) != 3) { throw new Google_Auth_Exception("Wrong number of segments in token: {$jwt}"); } $signed = $segments[0] . "." . $segments[1]; $signature = Google_Utils::urlSafeB64Decode($segments[2]); // Parse envelope. $envelope = json_decode(Google_Utils::urlSafeB64Decode($segments[0]), true); if (!$envelope) { throw new Google_Auth_Exception("Can't parse token envelope: " . $segments[0]); } // Parse token $json_body = Google_Utils::urlSafeB64Decode($segments[1]); $payload = json_decode($json_body, true); if (!$payload) { throw new Google_Auth_Exception("Can't parse token payload: " . $segments[1]); } // Check signature $verified = false; foreach ($certs as $keyName => $pem) { $public_key = new Google_Verifier_Pem($pem); if ($public_key->verify($signed, $signature)) { $verified = true; break; } } if (!$verified) { throw new Google_Auth_Exception("Invalid token signature: {$jwt}"); } // Check issued-at timestamp $iat = 0; if (array_key_exists("iat", $payload)) { $iat = $payload["iat"]; } if (!$iat) { throw new Google_Auth_Exception("No issue time in token: {$json_body}"); } $earliest = $iat - self::CLOCK_SKEW_SECS; // Check expiration timestamp $now = time(); $exp = 0; if (array_key_exists("exp", $payload)) { $exp = $payload["exp"]; } if (!$exp) { throw new Google_Auth_Exception("No expiration time in token: {$json_body}"); } if ($exp >= $now + $max_expiry) { throw new Google_Auth_Exception(sprintf("Expiration time too far in future: %s", $json_body)); } $latest = $exp + self::CLOCK_SKEW_SECS; if ($now < $earliest) { throw new Google_Auth_Exception(sprintf("Token used too early, %s < %s: %s", $now, $earliest, $json_body)); } if ($now > $latest) { throw new Google_Auth_Exception(sprintf("Token used too late, %s > %s: %s", $now, $latest, $json_body)); } $iss = $payload['iss']; if ($issuer && $iss != $issuer) { throw new Google_Auth_Exception(sprintf("Invalid issuer, %s != %s: %s", $iss, $issuer, $json_body)); } // Check audience $aud = $payload["aud"]; if ($aud != $required_audience) { throw new Google_Auth_Exception(sprintf("Wrong recipient, %s != %s:", $aud, $required_audience, $json_body)); } // All good. return new Google_Auth_LoginTicket($envelope, $payload); }
/** * Invokes the UploadAccount API. * * @param string $hashAlgorithm password hash algorithm. See Gitkit doc for * supported names. * @param string $hashKey raw key for the algorithm * @param array $accounts array of account info to be uploaded */ public function uploadAccount($hashAlgorithm, $hashKey, $accounts) { $data = array('hashAlgorithm' => $hashAlgorithm, 'signerKey' => Google_Utils::urlSafeB64Encode($hashKey), 'users' => $accounts); $this->invokeGitkitApiWithServiceAccount('uploadAccount', $data); }
/** * Invokes the UploadAccount API. * * @param string $hashAlgorithm password hash algorithm. See Gitkit doc for * supported names. * @param string $hashKey raw key for the algorithm * @param array $accounts array of account info to be uploaded * @param null|int $rounds Rounds of the hash function * @param null|int $memoryCost Memory cost of the hash function */ public function uploadAccount($hashAlgorithm, $hashKey, $accounts, $rounds, $memoryCost) { $data = array('hashAlgorithm' => $hashAlgorithm, 'signerKey' => Google_Utils::urlSafeB64Encode($hashKey), 'users' => $accounts); if ($rounds) { $data['rounds'] = $rounds; } if ($memoryCost) { $data['memoryCost'] = $memoryCost; } $this->invokeGitkitApiWithServiceAccount('uploadAccount', $data); }
/** * Converts Gitkit account array to json request. * * @param array $accounts Gitkit account array * @return array json request */ private function toJsonRequest($accounts) { $jsonUsers = array(); foreach ($accounts as $account) { $user = array('email' => $account->getEmail(), 'localId' => $account->getUserId(), 'passwordHash' => Google_Utils::urlSafeB64Encode($account->getPasswordHash()), 'salt' => Google_Utils::urlSafeB64Encode($account->getSalt())); array_push($jsonUsers, $user); } return $jsonUsers; }
private function getResumeUri() { $result = null; $body = $this->request->getPostBody(); if ($body) { $headers = array('content-type' => 'application/json; charset=UTF-8', 'content-length' => Google_Utils::getStrLen($body), 'x-upload-content-type' => $this->mimeType, 'x-upload-content-length' => $this->size, 'expect' => ''); $this->request->setRequestHeaders($headers); } $response = $this->client->getIo()->makeRequest($this->request); $location = $response->getResponseHeader('location'); $code = $response->getResponseHttpCode(); if (200 == $code && true == $location) { return $location; } throw new Google_Exception("Failed to start the resumable upload"); }
/** * @param $name * @param $arguments * @return Google_HttpRequest|array * @throws Google_Exception */ public function __call($name, $arguments) { if (!isset($this->methods[$name])) { throw new Google_Exception("Unknown function: {$this->serviceName}->{$this->resourceName}->{$name}()"); } $method = $this->methods[$name]; $parameters = $arguments[0]; // postBody is a special case since it's not defined in the discovery document as parameter, but we abuse the param entry for storing it $postBody = null; if (isset($parameters['postBody'])) { if (is_object($parameters['postBody'])) { $this->stripNull($parameters['postBody']); } // Some APIs require the postBody to be set under the data key. if (is_array($parameters['postBody']) && 'latitude' == $this->serviceName) { if (!isset($parameters['postBody']['data'])) { $rawBody = $parameters['postBody']; unset($parameters['postBody']); $parameters['postBody']['data'] = $rawBody; } } $postBody = is_array($parameters['postBody']) || is_object($parameters['postBody']) ? json_encode($parameters['postBody']) : $parameters['postBody']; unset($parameters['postBody']); if (isset($parameters['optParams'])) { $optParams = $parameters['optParams']; unset($parameters['optParams']); $parameters = array_merge($parameters, $optParams); } } if (!isset($method['parameters'])) { $method['parameters'] = array(); } $method['parameters'] = array_merge($method['parameters'], $this->stackParameters); foreach ($parameters as $key => $val) { if ($key != 'postBody' && !isset($method['parameters'][$key])) { throw new Google_Exception("({$name}) unknown parameter: '{$key}'"); } } if (isset($method['parameters'])) { foreach ($method['parameters'] as $paramName => $paramSpec) { if (isset($paramSpec['required']) && $paramSpec['required'] && !isset($parameters[$paramName])) { throw new Google_Exception("({$name}) missing required param: '{$paramName}'"); } if (isset($parameters[$paramName])) { $value = $parameters[$paramName]; $parameters[$paramName] = $paramSpec; $parameters[$paramName]['value'] = $value; unset($parameters[$paramName]['required']); } else { unset($parameters[$paramName]); } } } // Discovery v1.0 puts the canonical method id under the 'id' field. if (!isset($method['id'])) { $method['id'] = $method['rpcMethod']; } // Discovery v1.0 puts the canonical path under the 'path' field. if (!isset($method['path'])) { $method['path'] = $method['restPath']; } $servicePath = $this->service->servicePath; // Process Media Request $contentType = false; if (isset($method['mediaUpload'])) { $media = Google_MediaFileUpload::process($postBody, $parameters); if ($media) { $contentType = isset($media['content-type']) ? $media['content-type'] : null; $postBody = isset($media['postBody']) ? $media['postBody'] : null; $servicePath = $method['mediaUpload']['protocols']['simple']['path']; $method['path'] = ''; } } $url = Google_REST::createRequestUri($servicePath, $method['path'], $parameters); $httpRequest = new Google_HttpRequest($url, $method['httpMethod'], null, $postBody); if ($postBody) { $contentTypeHeader = array(); if (isset($contentType) && $contentType) { $contentTypeHeader['content-type'] = $contentType; } else { $contentTypeHeader['content-type'] = 'application/json; charset=UTF-8'; $contentTypeHeader['content-length'] = Google_Utils::getStrLen($postBody); } $httpRequest->setRequestHeaders($contentTypeHeader); } $httpRequest = Google_Client::$auth->sign($httpRequest); if (Google_Client::$useBatch) { return $httpRequest; } // Terminate immediatly if this is a resumable request. if (isset($parameters['uploadType']['value']) && 'resumable' == $parameters['uploadType']['value']) { return $httpRequest; } return Google_REST::execute($httpRequest); }
/** * @param array $headers The HTTP request headers * to be set and normalized. */ public function setRequestHeaders($headers) { $headers = Google_Utils::normalize($headers); if ($this->requestHeaders) { $headers = array_merge($this->requestHeaders, $headers); } $this->requestHeaders = $headers; }
public function makeSignedJwt($payload, $cred) { $header = array("typ" => "JWT", "alg" => "RS256"); $segments = array(); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($header)); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload)); $signing_input = implode(".", $segments); $signer = new Google_Signer_P12($cred->privateKey, $cred->privateKeyPassword); $signature = $signer->sign($signing_input); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }