private function makeSignedJwt($payload) { $header = array("typ" => "JWT", "alg" => "RS256"); $segments = array(); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($header)); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload)); $signing_input = implode(".", $segments); $signature = $this->signer->sign($signing_input); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
/** * @param string $path * @param int $ttl * @return string|null */ public function getSignedUrl($path, $ttl = 7200) { $adapter = $this->getRealAdapter(); if ($adapter instanceof GoogleStorageAdapter) { // see https://cloud.google.com/storage/docs/access-control?hl=en#Signed-URLs $expires = time() + $ttl; $bucket = trim($adapter->getBucket(), '/'); $path = trim($path, '/'); $raw = sprintf("GET\n\n\n%d\n/%s/%s", $expires, $bucket, $path); // we need to grab the auth class which contains the credentials // in order to get the credentials, we've had to extend google's Google_Auth_OAuth2 class to create a public // getAssertionCredentials() function $service = $adapter->getService(); $client = $service->getClient(); $auth = $client->getAuth(); /** @var GoogleAuthOauth2 $auth */ $credentials = $auth->getAssertionCredentials(); $signer = new \Google_Signer_P12($credentials->privateKey, $credentials->privateKeyPassword); $signature = $signer->sign($raw); $params = array('GoogleAccessId' => $credentials->serviceAccountName, 'Expires' => $expires, 'Signature' => base64_encode($signature)); return sprintf('https://storage.googleapis.com/%s/%s?%s', $bucket, $path, http_build_query($params)); } elseif ($adapter instanceof Local) { // local adapter doesn't support signed urls // files are assumed to be public return $this->getPublicUrl($path); } return null; }
/** * Creates a signed JWT. * @param array $payload * @return string The signed JWT. */ private function makeSignedJwt($payload) { $header = array('typ' => 'JWT', 'alg' => 'RS256'); $payload = json_encode($payload); // Handle some overzealous escaping in PHP json that seemed to cause some errors // with claimsets. $payload = str_replace('\\/', '/', $payload); $segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode($payload)); $signingInput = implode('.', $segments); $signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword); $signature = $signer->sign($signingInput); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
public function getGcsSignedUrl($path) { $expires = time() + 3600; $stringToSign = "GET\n\n\n{$expires}\n/{$path}"; $link = "http://storage.googleapis.com/{$path}"; $googleAccessId = str_replace('.apps.googleusercontent.com', '@developer.gserviceaccount.com', $this->environment->getPlatformConfigValue(GoogleCEPlatformModule::CLIENT_ID)); $signer = new Google_Signer_P12(base64_decode($this->environment->getPlatformConfigValue(GoogleCEPlatformModule::KEY)), 'notasecret'); $signature = $signer->sign($stringToSign); $signature = urlencode(base64_encode($signature)); return "{$link}?GoogleAccessId={$googleAccessId}&Expires={$expires}&Signature={$signature}"; }
/** * Creates a signed JWT. * @param array $payload * @return string The signed JWT. */ private function makeSignedJwt($payload) { $header = array('typ' => 'JWT', 'alg' => 'RS256'); $segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode(json_encode($payload))); $signingInput = implode('.', $segments); $signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword); $signature = $signer->sign($signingInput); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }
public function getGcsSignedUrl($path) { $expires = time() + 3600; $stringToSign = "GET\n\n\n{$expires}\n/{$path}"; $link = "http://storage.googleapis.com/{$path}"; $googleAccessId = str_replace('.apps.googleusercontent.com', '@developer.gserviceaccount.com', $this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_CLIENT_ID]); $signer = new Google_Signer_P12(base64_decode($this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_KEY]), $this->environment->cloudCredentials(SERVER_PLATFORMS::GCE)->properties[Entity\CloudCredentialsProperty::GCE_JSON_KEY] ? null : 'notasecret'); $signature = $signer->sign($stringToSign); $signature = urlencode(base64_encode($signature)); return "{$link}?GoogleAccessId={$googleAccessId}&Expires={$expires}&Signature={$signature}"; }
public function makeSignedJwt($payload, $cred) { $header = array("typ" => "JWT", "alg" => "RS256"); $segments = array(); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($header)); $segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload)); $signing_input = implode(".", $segments); $signer = new Google_Signer_P12($cred->privateKey, $cred->privateKeyPassword); $signature = $signer->sign($signing_input); $segments[] = Google_Utils::urlSafeB64Encode($signature); return implode(".", $segments); }