public function testStrLen()
{
$this->assertEquals(0, Google_Utils::getStrLen(null));
$this->assertEquals(0, Google_Utils::getStrLen(false));
$this->assertEquals(0, Google_Utils::getStrLen(""));
$this->assertEquals(1, Google_Utils::getStrLen(" "));
$this->assertEquals(2, Google_Utils::getStrLen(" 1"));
$this->assertEquals(7, Google_Utils::getStrLen("0a\\n\n\r\n"));
}
/**
* Creates a signed JWT.
* @param array $payload
* @return string The signed JWT.
*/
private function makeSignedJwt($payload)
{
$header = array('typ' => 'JWT', 'alg' => 'RS256');
$segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode(json_encode($payload)));
$signingInput = implode('.', $segments);
$signer = new Google_P12Signer($this->privateKey, $this->privateKeyPassword);
$signature = $signer->sign($signingInput);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
private function makeSignedJwt($payload)
{
$header = array("typ" => "JWT", "alg" => "RS256");
$segments = array();
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($header));
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload));
$signing_input = implode(".", $segments);
$signature = $this->signer->sign($signing_input);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
/**
* Set current attribute to entry (for specified product)
*
* @param Mage_Catalog_Model_Product $product
* @param Google_Service_ShoppingContent_Product $shoppingProduct
* @return Google_Service_ShoppingContent_Product
*/
public function convertAttribute($product, $shoppingProduct)
{
if (is_null($this->getName())) {
return $shoppingProduct;
}
$productAttribute = Mage::helper('googleshoppingapi/product')->getProductAttribute($product, $this->getAttributeId());
$type = $this->getGcontentAttributeType($productAttribute);
$value = $this->getProductAttributeValue($product);
if (!is_null($value)) {
$name = Google_Utils::camelCase($this->getName());
$shoppingProduct->offsetSet($name, $value);
}
return $shoppingProduct;
}
/**
* Initialize this object's properties from an array.
*
* @param array $array Used to seed this object's properties.
* @return void
*/
protected function mapTypes($array)
{
// Hard initilise simple types, lazy load more complex ones.
foreach ($array as $key => $val) {
if (!property_exists($this, $this->keyType($key)) && property_exists($this, $key)) {
$this->{$key} = $val;
unset($array[$key]);
} elseif (property_exists($this, $camelKey = Google_Utils::camelCase($key))) {
// This checks if property exists as camelCase, leaving it in array as snake_case
// in case of backwards compatibility issues.
$this->{$camelKey} = $val;
}
}
$this->modelData = $array;
}
/**
* Most of the logic for ID token validation is in AuthTest -
* this is just a general check to ensure we verify a valid
* id token if one exists.
*/
public function testValidateIdToken()
{
if (!$this->checkToken()) {
return;
}
$client = $this->getClient();
$token = json_decode($client->getAccessToken());
$segments = explode(".", $token->id_token);
$this->assertEquals(3, count($segments));
// Extract the client ID in this case as it wont be set on the test client.
$data = json_decode(Google_Utils::urlSafeB64Decode($segments[1]));
$oauth = new Google_Auth_OAuth2($client);
$this->assertInstanceOf("Google_Auth_LoginTicket", $oauth->verifyIdToken($token->id_token, $data->aud));
// TODO(ianbarber): Need to be smart about testing/disabling the
// caching for this test to make sense. Not sure how to do that
// at the moment.
$client = $this->getClient();
$client->setIo(new Google_IO_Stream($client));
$data = json_decode(Google_Utils::urlSafeB64Decode($segments[1]));
$oauth = new Google_Auth_OAuth2($client);
$this->assertInstanceOf("Google_Auth_LoginTicket", $oauth->verifyIdToken($token->id_token, $data->aud));
}
function verifySignedJwtWithCerts($jwt, $certs, $required_audience)
{
$segments = explode(".", $jwt);
if (count($segments) != 3) {
throw new Google_AuthException("Wrong number of segments in token: {$jwt}");
}
$signed = $segments[0] . "." . $segments[1];
$signature = Google_Utils::urlSafeB64Decode($segments[2]);
// Parse envelope.
$envelope = json_decode(Google_Utils::urlSafeB64Decode($segments[0]), true);
if (!$envelope) {
throw new Google_AuthException("Can't parse token envelope: " . $segments[0]);
}
// Parse token
$json_body = Google_Utils::urlSafeB64Decode($segments[1]);
$payload = json_decode($json_body, true);
if (!$payload) {
throw new Google_AuthException("Can't parse token payload: " . $segments[1]);
}
// Check signature
$verified = false;
foreach ($certs as $keyName => $pem) {
$public_key = new googlePemVerifier($pem);
if ($public_key->verify($signed, $signature)) {
$verified = true;
break;
}
}
if (!$verified) {
throw new Google_AuthException("Invalid token signature: {$jwt}");
}
// Check issued-at timestamp
$iat = 0;
if (array_key_exists("iat", $payload)) {
$iat = $payload["iat"];
}
if (!$iat) {
throw new Google_AuthException("No issue time in token: {$json_body}");
}
$earliest = $iat - self::CLOCK_SKEW_SECS;
// Check expiration timestamp
$now = time();
$exp = 0;
if (array_key_exists("exp", $payload)) {
$exp = $payload["exp"];
}
if (!$exp) {
throw new Google_AuthException("No expiration time in token: {$json_body}");
}
if ($exp >= $now + self::MAX_TOKEN_LIFETIME_SECS) {
throw new Google_AuthException("Expiration time too far in future: {$json_body}");
}
$latest = $exp + self::CLOCK_SKEW_SECS;
if ($now < $earliest) {
throw new Google_AuthException("Token used too early, {$now} < {$earliest}: {$json_body}");
}
if ($now > $latest) {
throw new Google_AuthException("Token used too late, {$now} > {$latest}: {$json_body}");
}
// TODO(beaton): check issuer field?
// Check audience
$aud = $payload["aud"];
if ($aud != $required_audience) {
throw new Google_AuthException("Wrong recipient, {$aud} != {$required_audience}: {$json_body}");
}
// All good.
return new Google_LoginTicket($envelope, $payload);
}
private function getResumeUri()
{
$result = null;
$body = $this->request->getPostBody();
if ($body) {
$headers = array('content-type' => 'application/json; charset=UTF-8', 'content-length' => Google_Utils::getStrLen($body), 'x-upload-content-type' => $this->mimeType, 'x-upload-content-length' => $this->size, 'expect' => '');
$this->request->setRequestHeaders($headers);
}
$response = $this->client->getIo()->makeRequest($this->request);
$location = $response->getResponseHeader('location');
$code = $response->getResponseHttpCode();
if (200 == $code && true == $location) {
return $location;
}
$message = $code;
$body = @json_decode($response->getResponseBody());
if (!empty($body->error->errors)) {
$message .= ': ';
foreach ($body->error->errors as $error) {
$message .= "{$error->domain}, {$error->message};";
}
$message = rtrim($message, ';');
}
$error = "Failed to start the resumable upload (HTTP {$message})";
$this->client->getLogger()->error($error);
throw new Google_Exception($error);
}
/**
* Creates a signed JWT.
* @param array $payload
* @return string The signed JWT.
*/
private function makeSignedJwt($payload)
{
$header = array('typ' => 'JWT', 'alg' => 'RS256');
$payload = json_encode($payload);
// Handle some overzealous escaping in PHP json that seemed to cause some errors
// with claimsets.
$payload = str_replace('\\/', '/', $payload);
$segments = array(Google_Utils::urlSafeB64Encode(json_encode($header)), Google_Utils::urlSafeB64Encode($payload));
$signingInput = implode('.', $segments);
$signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword);
$signature = $signer->sign($signingInput);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
/**
* Verifies the id token, returns the verified token contents.
*
* @param $jwt string the token
* @param $certs array of certificates
* @param $required_audience string the expected consumer of the token
* @param [$issuer] the expected issues, defaults to Google
* @param [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS
* @throws Google_Auth_Exception
* @return mixed token information if valid, false if not
*/
public function verifySignedJwtWithCerts($jwt, $certs, $required_audience, $issuer = null, $max_expiry = null)
{
if (!$max_expiry) {
// Set the maximum time we will accept a token for.
$max_expiry = self::MAX_TOKEN_LIFETIME_SECS;
}
$segments = explode(".", $jwt);
if (count($segments) != 3) {
throw new Google_Auth_Exception("Wrong number of segments in token: {$jwt}");
}
$signed = $segments[0] . "." . $segments[1];
$signature = Google_Utils::urlSafeB64Decode($segments[2]);
// Parse envelope.
$envelope = json_decode(Google_Utils::urlSafeB64Decode($segments[0]), true);
if (!$envelope) {
throw new Google_Auth_Exception("Can't parse token envelope: " . $segments[0]);
}
// Parse token
$json_body = Google_Utils::urlSafeB64Decode($segments[1]);
$payload = json_decode($json_body, true);
if (!$payload) {
throw new Google_Auth_Exception("Can't parse token payload: " . $segments[1]);
}
// Check signature
$verified = false;
foreach ($certs as $keyName => $pem) {
$public_key = new Google_Verifier_Pem($pem);
if ($public_key->verify($signed, $signature)) {
$verified = true;
break;
}
}
if (!$verified) {
throw new Google_Auth_Exception("Invalid token signature: {$jwt}");
}
// Check issued-at timestamp
$iat = 0;
if (array_key_exists("iat", $payload)) {
$iat = $payload["iat"];
}
if (!$iat) {
throw new Google_Auth_Exception("No issue time in token: {$json_body}");
}
$earliest = $iat - self::CLOCK_SKEW_SECS;
// Check expiration timestamp
$now = time();
$exp = 0;
if (array_key_exists("exp", $payload)) {
$exp = $payload["exp"];
}
if (!$exp) {
throw new Google_Auth_Exception("No expiration time in token: {$json_body}");
}
if ($exp >= $now + $max_expiry) {
throw new Google_Auth_Exception(sprintf("Expiration time too far in future: %s", $json_body));
}
$latest = $exp + self::CLOCK_SKEW_SECS;
if ($now < $earliest) {
throw new Google_Auth_Exception(sprintf("Token used too early, %s < %s: %s", $now, $earliest, $json_body));
}
if ($now > $latest) {
throw new Google_Auth_Exception(sprintf("Token used too late, %s > %s: %s", $now, $latest, $json_body));
}
$iss = $payload['iss'];
if ($issuer && $iss != $issuer) {
throw new Google_Auth_Exception(sprintf("Invalid issuer, %s != %s: %s", $iss, $issuer, $json_body));
}
// Check audience
$aud = $payload["aud"];
if ($aud != $required_audience) {
throw new Google_Auth_Exception(sprintf("Wrong recipient, %s != %s:", $aud, $required_audience, $json_body));
}
// All good.
return new Google_Auth_LoginTicket($envelope, $payload);
}
/**
* Invokes the UploadAccount API.
*
* @param string $hashAlgorithm password hash algorithm. See Gitkit doc for
* supported names.
* @param string $hashKey raw key for the algorithm
* @param array $accounts array of account info to be uploaded
*/
public function uploadAccount($hashAlgorithm, $hashKey, $accounts)
{
$data = array('hashAlgorithm' => $hashAlgorithm, 'signerKey' => Google_Utils::urlSafeB64Encode($hashKey), 'users' => $accounts);
$this->invokeGitkitApiWithServiceAccount('uploadAccount', $data);
}
/**
* Invokes the UploadAccount API.
*
* @param string $hashAlgorithm password hash algorithm. See Gitkit doc for
* supported names.
* @param string $hashKey raw key for the algorithm
* @param array $accounts array of account info to be uploaded
* @param null|int $rounds Rounds of the hash function
* @param null|int $memoryCost Memory cost of the hash function
*/
public function uploadAccount($hashAlgorithm, $hashKey, $accounts, $rounds, $memoryCost)
{
$data = array('hashAlgorithm' => $hashAlgorithm, 'signerKey' => Google_Utils::urlSafeB64Encode($hashKey), 'users' => $accounts);
if ($rounds) {
$data['rounds'] = $rounds;
}
if ($memoryCost) {
$data['memoryCost'] = $memoryCost;
}
$this->invokeGitkitApiWithServiceAccount('uploadAccount', $data);
}
/**
* Converts Gitkit account array to json request.
*
* @param array $accounts Gitkit account array
* @return array json request
*/
private function toJsonRequest($accounts)
{
$jsonUsers = array();
foreach ($accounts as $account) {
$user = array('email' => $account->getEmail(), 'localId' => $account->getUserId(), 'passwordHash' => Google_Utils::urlSafeB64Encode($account->getPasswordHash()), 'salt' => Google_Utils::urlSafeB64Encode($account->getSalt()));
array_push($jsonUsers, $user);
}
return $jsonUsers;
}
private function getResumeUri()
{
$result = null;
$body = $this->request->getPostBody();
if ($body) {
$headers = array('content-type' => 'application/json; charset=UTF-8', 'content-length' => Google_Utils::getStrLen($body), 'x-upload-content-type' => $this->mimeType, 'x-upload-content-length' => $this->size, 'expect' => '');
$this->request->setRequestHeaders($headers);
}
$response = $this->client->getIo()->makeRequest($this->request);
$location = $response->getResponseHeader('location');
$code = $response->getResponseHttpCode();
if (200 == $code && true == $location) {
return $location;
}
throw new Google_Exception("Failed to start the resumable upload");
}
/**
* @param $name
* @param $arguments
* @return Google_HttpRequest|array
* @throws Google_Exception
*/
public function __call($name, $arguments)
{
if (!isset($this->methods[$name])) {
throw new Google_Exception("Unknown function: {$this->serviceName}->{$this->resourceName}->{$name}()");
}
$method = $this->methods[$name];
$parameters = $arguments[0];
// postBody is a special case since it's not defined in the discovery document as parameter, but we abuse the param entry for storing it
$postBody = null;
if (isset($parameters['postBody'])) {
if (is_object($parameters['postBody'])) {
$this->stripNull($parameters['postBody']);
}
// Some APIs require the postBody to be set under the data key.
if (is_array($parameters['postBody']) && 'latitude' == $this->serviceName) {
if (!isset($parameters['postBody']['data'])) {
$rawBody = $parameters['postBody'];
unset($parameters['postBody']);
$parameters['postBody']['data'] = $rawBody;
}
}
$postBody = is_array($parameters['postBody']) || is_object($parameters['postBody']) ? json_encode($parameters['postBody']) : $parameters['postBody'];
unset($parameters['postBody']);
if (isset($parameters['optParams'])) {
$optParams = $parameters['optParams'];
unset($parameters['optParams']);
$parameters = array_merge($parameters, $optParams);
}
}
if (!isset($method['parameters'])) {
$method['parameters'] = array();
}
$method['parameters'] = array_merge($method['parameters'], $this->stackParameters);
foreach ($parameters as $key => $val) {
if ($key != 'postBody' && !isset($method['parameters'][$key])) {
throw new Google_Exception("({$name}) unknown parameter: '{$key}'");
}
}
if (isset($method['parameters'])) {
foreach ($method['parameters'] as $paramName => $paramSpec) {
if (isset($paramSpec['required']) && $paramSpec['required'] && !isset($parameters[$paramName])) {
throw new Google_Exception("({$name}) missing required param: '{$paramName}'");
}
if (isset($parameters[$paramName])) {
$value = $parameters[$paramName];
$parameters[$paramName] = $paramSpec;
$parameters[$paramName]['value'] = $value;
unset($parameters[$paramName]['required']);
} else {
unset($parameters[$paramName]);
}
}
}
// Discovery v1.0 puts the canonical method id under the 'id' field.
if (!isset($method['id'])) {
$method['id'] = $method['rpcMethod'];
}
// Discovery v1.0 puts the canonical path under the 'path' field.
if (!isset($method['path'])) {
$method['path'] = $method['restPath'];
}
$servicePath = $this->service->servicePath;
// Process Media Request
$contentType = false;
if (isset($method['mediaUpload'])) {
$media = Google_MediaFileUpload::process($postBody, $parameters);
if ($media) {
$contentType = isset($media['content-type']) ? $media['content-type'] : null;
$postBody = isset($media['postBody']) ? $media['postBody'] : null;
$servicePath = $method['mediaUpload']['protocols']['simple']['path'];
$method['path'] = '';
}
}
$url = Google_REST::createRequestUri($servicePath, $method['path'], $parameters);
$httpRequest = new Google_HttpRequest($url, $method['httpMethod'], null, $postBody);
if ($postBody) {
$contentTypeHeader = array();
if (isset($contentType) && $contentType) {
$contentTypeHeader['content-type'] = $contentType;
} else {
$contentTypeHeader['content-type'] = 'application/json; charset=UTF-8';
$contentTypeHeader['content-length'] = Google_Utils::getStrLen($postBody);
}
$httpRequest->setRequestHeaders($contentTypeHeader);
}
$httpRequest = Google_Client::$auth->sign($httpRequest);
if (Google_Client::$useBatch) {
return $httpRequest;
}
// Terminate immediatly if this is a resumable request.
if (isset($parameters['uploadType']['value']) && 'resumable' == $parameters['uploadType']['value']) {
return $httpRequest;
}
return Google_REST::execute($httpRequest);
}
/**
* @param array $headers The HTTP request headers
* to be set and normalized.
*/
public function setRequestHeaders($headers)
{
$headers = Google_Utils::normalize($headers);
if ($this->requestHeaders) {
$headers = array_merge($this->requestHeaders, $headers);
}
$this->requestHeaders = $headers;
}
public function makeSignedJwt($payload, $cred)
{
$header = array("typ" => "JWT", "alg" => "RS256");
$segments = array();
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($header));
$segments[] = Google_Utils::urlSafeB64Encode(json_encode($payload));
$signing_input = implode(".", $segments);
$signer = new Google_Signer_P12($cred->privateKey, $cred->privateKeyPassword);
$signature = $signer->sign($signing_input);
$segments[] = Google_Utils::urlSafeB64Encode($signature);
return implode(".", $segments);
}
