This method reads the file and then calls setAuthSubPrivateKey()
with the file contents.
| public setAuthSubPrivateKeyFile ( string $file, string $passphrase = null, boolean $useIncludePath = false ) : void | ||
| $file | string | The location of the file containing the PEM key |
| $passphrase | string | The optional private key passphrase |
| $useIncludePath | boolean | Whether to search the include_path for the file |
| return | void | |
public function testSecureAuthSubSigning()
{
if (!extension_loaded('openssl')) {
$this->markTestSkipped('The openssl extension is not available');
} else {
$c = new Zend_Gdata_HttpClient();
$c->setAuthSubPrivateKeyFile("Zend/Gdata/_files/RsaKey.pem", null, true);
$c->setAuthSubToken('abcdefg');
$requestData = $c->filterHttpRequest('POST', 'http://www.example.com/feed', array(), 'foo bar', 'text/plain');
$authHeaderCheckPassed = false;
$headers = $requestData['headers'];
foreach ($headers as $headerName => $headerValue) {
if (strtolower($headerName) == 'authorization') {
preg_match('/data="([^"]*)"/', $headerValue, $matches);
$dataToSign = $matches[1];
preg_match('/sig="([^"]*)"/', $headerValue, $matches);
$sig = $matches[1];
if (function_exists('openssl_verify')) {
$fp = fopen('Zend/Gdata/_files/RsaCert.pem', 'r', true);
$cert = '';
while (!feof($fp)) {
$cert .= fread($fp, 8192);
}
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
$verified = openssl_verify($dataToSign, base64_decode($sig), $pubkeyid);
$this->assertEquals(1, $verified, 'The generated signature was unable ' . 'to be verified.');
$authHeaderCheckPassed = true;
}
}
}
$this->assertEquals(true, $authHeaderCheckPassed, 'Auth header not found for sig verification.');
}
}
/**
* Returns a HTTP client object with the appropriate headers for communicating
* with Google using AuthSub authentication.
*
* @return Zend_Http_Client
*/
protected function _getAuthSubHttpClient()
{
$client = new Zend_Gdata_HttpClient();
#$this->_client = Zend_Gdata_AuthSub::getHttpClient($this->_sessionNs->sessionToken);
// This sets your private key to be used to sign subsequent requests
$client->setAuthSubPrivateKeyFile('/pub/www/core_live/application/configs/core.key', null, true);
return $client;
}
function authenticate($singleUseToken = null)
{
$sessionToken = isset($_SESSION['sessionToken']) ? $_SESSION['sessionToken'] : null;
// If there is no AuthSub session or one-time token waiting for us,
// redirect the user to Google Health's AuthSub handler to get one.
if (!$sessionToken && !$singleUseToken) {
$next = getCurrentUrl();
$secure = 1;
$session = 1;
$authSubHandler = 'https://www.google.com/h9/authsub';
$permission = 1;
// 1 - allows reading of the profile && posting notices
$authSubURL = Zend_Gdata_AuthSub::getAuthSubTokenUri($next, SCOPE, $secure, $session, $authSubHandler);
$authSubURL .= '&permission=' . $permission;
echo '<a href="' . $authSubURL . '">Link your Google Health Account</a>';
exit;
}
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile(HEALTH_PRIVATE_KEY, null, true);
// Convert an AuthSub one-time token into a session token if needed
if ($singleUseToken && !$sessionToken) {
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken, $client);
$_SESSION['sessionToken'] = $sessionToken;
}
$client->setAuthSubToken($sessionToken);
return $client;
}
public function getAuthSubHttpClient() {
// Security check
$this->throwForbiddenUnless(SecurityUtil::checkPermission('IWagendas::', '::', ACCESS_READ));
//global $_SESSION, $_GET, $_authSubKeyFile, $_authSubKeyFilePassphrase;
$client = new Zend_Gdata_HttpClient();
if ($_authSubKeyFile != null) {
// set the AuthSub key
$client->setAuthSubPrivateKeyFile($_authSubKeyFile, $_authSubKeyFilePassphrase, true);
}
if (!isset($_SESSION['sessionToken']) && isset($_GET['token'])) {
$_SESSION['sessionToken'] = Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client);
}
$client->setAuthSubToken($_SESSION['sessionToken']);
return $client;
}
/**
* Returns a HTTP client object with the appropriate headers for communicating
* with Google using AuthSub authentication.
*
* Uses the $_SESSION['sessionToken'] to store the AuthSub session token after
* it is obtained. The single use token supplied in the URL when redirected
* after the user succesfully authenticated to Google is retrieved from the
* $_GET['token'] variable.
*
* @return Zend_Http_Client
*/
public function getAuthSubHttpClient()
{
global $_SESSION, $_GET, $_authSubKeyFile, $_authSubKeyFilePassphrase;
$client = new Zend_Gdata_HttpClient();
if ($_authSubKeyFile != null) {
// set the AuthSub key
$client->setAuthSubPrivateKeyFile($_authSubKeyFile, $_authSubKeyFilePassphrase, true);
}
if (!isset($_SESSION['sessionToken']) && isset($_GET['token'])) {
$_SESSION['sessionToken'] = Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client);
}
$client->setAuthSubToken($_SESSION['sessionToken']);
return $client;
}
public function testPrivateKeyNotFound()
{
$this->setExpectedException('Zend_Gdata_App_InvalidArgumentException');
if (!extension_loaded('openssl')) {
$this->markTestSkipped('The openssl extension is not available');
} else {
$c = new Zend_Gdata_HttpClient();
$c->setAuthSubPrivateKeyFile("zendauthsubfilenotfound", null, true);
}
}
/**
* N.B.: A session token must be available before calling this method
*
* @return void
*/
public function init()
{
if (!is_object($this->service)) {
$pathToKey = sfConfig::get('sf_root_dir') . '/' . sfConfig::get('app_googleCalendarIntegration_privateKeyPath');
$client = new Zend_Gdata_HttpClient();
$client->setAuthSubPrivateKeyFile($pathToKey, null, true);
$sessionToken = $this->getSessionToken();
if (!$sessionToken) {
throw new Exception("GoogleCalendarInterface: missing session token");
}
$client->setAuthSubToken($sessionToken);
$this->service = new Zend_Gdata_Calendar($client, 'google-calendar-plancake-integration');
$this->service->setMajorProtocolVersion(2);
$this->service->setMinorProtocolVersion(null);
}
}
if (!isset($_GET['token'])) {
// Parameters to give to AuthSub server
$next = getCurrentUrl();
$scope = GoogleCalendarInterface::GCAL_INTEGRATION_SCOPE;
$secure = false;
$session = true;
// Redirect the user to the AuthSub server to sign in
$authSubUrl = Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session);
header("HTTP/1.0 307 Temporary redirect");
header("Location: " . $authSubUrl);
exit;
} else {
try {
$client = new Zend_Gdata_HttpClient();
$pathToKey = sfConfig::get('sf_root_dir') . '/' . sfConfig::get('app_googleCalendarIntegration_privateKeyPath');
$client->setAuthSubPrivateKeyFile($pathToKey, null, true);
$sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET['token'], $client);
} catch (Exception $e) {
sfErrorNotifier::alert("Google Calendar Init: " . $e->getMessage());
$this->redirect('default', array('module' => 'googleCalendarIntegration', 'action' => 'step3Error'));
}
$redirectUrl = '';
if ($sessionToken) {
$loggedInUser = PcUserPeer::getLoggedInUser();
if ($loggedInUser) {
$googleCalendarInterface = new GoogleCalendarInterface($loggedInUser);
$googleCalendarInterface->resetDbEntry();
$googleCalendarInterface->setSessionToken($sessionToken);
}
$configuration->loadHelpers('Url');
$redirectUrl = 'http://' . sfConfig::get('app_site_url') . '/' . sfConfig::get('app_accountApp_frontController') . '/googleCalendarIntegration/step3';
