<?php

[0] Fix | Delete

/*

[1] Fix | Delete

* Copyright 2012 Google Inc.

[2] Fix | Delete

*

[3] Fix | Delete

* Licensed under the Apache License, Version 2.0 (the "License");

[4] Fix | Delete

* you may not use this file except in compliance with the License.

[5] Fix | Delete

* You may obtain a copy of the License at

[6] Fix | Delete

*

[7] Fix | Delete

* http://www.apache.org/licenses/LICENSE-2.0

[8] Fix | Delete

*

[9] Fix | Delete

* Unless required by applicable law or agreed to in writing, software

[10] Fix | Delete

* distributed under the License is distributed on an "AS IS" BASIS,

[11] Fix | Delete

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

[12] Fix | Delete

* See the License for the specific language governing permissions and

[13] Fix | Delete

* limitations under the License.

[14] Fix | Delete

*/

[15] Fix | Delete

[16] Fix | Delete

if (!class_exists('UDP_Google_Client')) {

[17] Fix | Delete

require_once dirname(__FILE__) . '/../autoload.php';

[18] Fix | Delete

}

[19] Fix | Delete

[20] Fix | Delete

/**

[21] Fix | Delete

* Credentials object used for OAuth 2.0 Signed JWT assertion grants.

[22] Fix | Delete

*/

[23] Fix | Delete

class Google_Auth_AssertionCredentials

[24] Fix | Delete

{

[25] Fix | Delete

const MAX_TOKEN_LIFETIME_SECS = 3600;

[26] Fix | Delete

[27] Fix | Delete

public $serviceAccountName;

[28] Fix | Delete

public $scopes;

[29] Fix | Delete

public $privateKey;

[30] Fix | Delete

public $privateKeyPassword;

[31] Fix | Delete

public $assertionType;

[32] Fix | Delete

public $sub;

[33] Fix | Delete

/**

[34] Fix | Delete

* @deprecated

[35] Fix | Delete

* @link http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-06

[36] Fix | Delete

*/

[37] Fix | Delete

public $prn;

[38] Fix | Delete

private $useCache;

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* @param $serviceAccountName

[42] Fix | Delete

* @param $scopes array List of scopes

[43] Fix | Delete

* @param $privateKey

[44] Fix | Delete

* @param string $privateKeyPassword

[45] Fix | Delete

* @param string $assertionType

[46] Fix | Delete

* @param bool|string $sub The email address of the user for which the

[47] Fix | Delete

* application is requesting delegated access.

[48] Fix | Delete

* @param bool useCache Whether to generate a cache key and allow

[49] Fix | Delete

* automatic caching of the generated token.

[50] Fix | Delete

*/

[51] Fix | Delete

public function __construct(

[52] Fix | Delete

$serviceAccountName,

[53] Fix | Delete

$scopes,

[54] Fix | Delete

$privateKey,

[55] Fix | Delete

$privateKeyPassword = 'notasecret',

[56] Fix | Delete

$assertionType = 'http://oauth.net/grant_type/jwt/1.0/bearer',

[57] Fix | Delete

$sub = false,

[58] Fix | Delete

$useCache = true

[59] Fix | Delete

) {

[60] Fix | Delete

$this->serviceAccountName = $serviceAccountName;

[61] Fix | Delete

$this->scopes = is_string($scopes) ? $scopes : implode(' ', $scopes);

[62] Fix | Delete

$this->privateKey = $privateKey;

[63] Fix | Delete

$this->privateKeyPassword = $privateKeyPassword;

[64] Fix | Delete

$this->assertionType = $assertionType;

[65] Fix | Delete

$this->sub = $sub;

[66] Fix | Delete

$this->prn = $sub;

[67] Fix | Delete

$this->useCache = $useCache;

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete

/**

[71] Fix | Delete

* Generate a unique key to represent this credential.

[72] Fix | Delete

* @return string

[73] Fix | Delete

*/

[74] Fix | Delete

public function getCacheKey()

[75] Fix | Delete

{

[76] Fix | Delete

if (!$this->useCache) {

[77] Fix | Delete

return false;

[78] Fix | Delete

}

[79] Fix | Delete

$h = $this->sub;

[80] Fix | Delete

$h .= $this->assertionType;

[81] Fix | Delete

$h .= $this->privateKey;

[82] Fix | Delete

$h .= $this->scopes;

[83] Fix | Delete

$h .= $this->serviceAccountName;

[84] Fix | Delete

return md5($h);

[85] Fix | Delete

}

[86] Fix | Delete

[87] Fix | Delete

public function generateAssertion()

[88] Fix | Delete

{

[89] Fix | Delete

$now = time();

[90] Fix | Delete

[91] Fix | Delete

$jwtParams = array(

[92] Fix | Delete

'aud' => Google_Auth_OAuth2::OAUTH2_TOKEN_URI,

[93] Fix | Delete

'scope' => $this->scopes,

[94] Fix | Delete

'iat' => $now,

[95] Fix | Delete

'exp' => $now + self::MAX_TOKEN_LIFETIME_SECS,

[96] Fix | Delete

'iss' => $this->serviceAccountName,

[97] Fix | Delete

);

[98] Fix | Delete

[99] Fix | Delete

if ($this->sub !== false) {

[100] Fix | Delete

$jwtParams['sub'] = $this->sub;

[101] Fix | Delete

} else if ($this->prn !== false) {

[102] Fix | Delete

$jwtParams['prn'] = $this->prn;

[103] Fix | Delete

}

[104] Fix | Delete

[105] Fix | Delete

return $this->makeSignedJwt($jwtParams);

[106] Fix | Delete

}

[107] Fix | Delete

[108] Fix | Delete

/**

[109] Fix | Delete

* Creates a signed JWT.

[110] Fix | Delete

* @param array $payload

[111] Fix | Delete

* @return string The signed JWT.

[112] Fix | Delete

*/

[113] Fix | Delete

private function makeSignedJwt($payload)

[114] Fix | Delete

{

[115] Fix | Delete

$header = array('typ' => 'JWT', 'alg' => 'RS256');

[116] Fix | Delete

[117] Fix | Delete

$payload = json_encode($payload);

[118] Fix | Delete

// Handle some overzealous escaping in PHP json that seemed to cause some errors

[119] Fix | Delete

// with claimsets.

[120] Fix | Delete

$payload = str_replace('\/', '/', $payload);

[121] Fix | Delete

[122] Fix | Delete

$segments = array(

[123] Fix | Delete

Google_Utils::urlSafeB64Encode(json_encode($header)),

[124] Fix | Delete

Google_Utils::urlSafeB64Encode($payload)

[125] Fix | Delete

);

[126] Fix | Delete

[127] Fix | Delete

$signingInput = implode('.', $segments);

[128] Fix | Delete

$signer = new Google_Signer_P12($this->privateKey, $this->privateKeyPassword);

[129] Fix | Delete

$signature = $signer->sign($signingInput);

[130] Fix | Delete

$segments[] = Google_Utils::urlSafeB64Encode($signature);

[131] Fix | Delete

[132] Fix | Delete

return implode(".", $segments);

[133] Fix | Delete

}

[134] Fix | Delete

}

[135] Fix | Delete

[136] Fix | Delete