[Summary view] [Print] [Text view]

   1  <?php
   2  /*
   3   * Copyright 2011 Google Inc.
   4   *
   5   * Licensed under the Apache License, Version 2.0 (the "License");
   6   * you may not use this file except in compliance with the License.
   7   * You may obtain a copy of the License at
   8   *
   9   *     http://www.apache.org/licenses/LICENSE-2.0
  10   *
  11   * Unless required by applicable law or agreed to in writing, software
  12   * distributed under the License is distributed on an "AS IS" BASIS,
  13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14   * See the License for the specific language governing permissions and
  15   * limitations under the License.
  16   */
  17  
  18  require_once 'Google/Auth/Exception.php';
  19  require_once 'Google/Signer/Abstract.php';
  20  
  21  /**
  22   * Signs data.
  23   *
  24   * Only used for testing.
  25   *
  26   * @author Brian Eaton <[email protected]>
  27   */
  28  class Google_Signer_P12 extends Google_Signer_Abstract
  29  {
  30    // OpenSSL private key resource
  31    private $privateKey;
  32  
  33    // Creates a new signer from a .p12 file.
  34    public function __construct($p12, $password)
  35    {
  36      if (!function_exists('openssl_x509_read')) {
  37        throw new Google_Exception(
  38            'The Google PHP API library needs the openssl PHP extension'
  39        );
  40      }
  41  
  42      // If the private key is provided directly, then this isn't in the p12
  43      // format. Different versions of openssl support different p12 formats
  44      // and the key from google wasn't being accepted by the version available
  45      // at the time.
  46      if (!$password && strpos($p12, "-----BEGIN RSA PRIVATE KEY-----") !== false) {
  47        $this->privateKey = openssl_pkey_get_private($p12);
  48      } else {
  49        // This throws on error
  50        $certs = array();
  51        if (!openssl_pkcs12_read($p12, $certs, $password)) {
  52          throw new Google_Auth_Exception(
  53              "Unable to parse the p12 file.  " .
  54              "Is this a .p12 file?  Is the password correct?  OpenSSL error: " .
  55              openssl_error_string()
  56          );
  57        }
  58        // TODO(beaton): is this part of the contract for the openssl_pkcs12_read
  59        // method?  What happens if there are multiple private keys?  Do we care?
  60        if (!array_key_exists("pkey", $certs) || !$certs["pkey"]) {
  61          throw new Google_Auth_Exception("No private key found in p12 file.");
  62        }
  63        $this->privateKey = openssl_pkey_get_private($certs['pkey']);
  64      }
  65  
  66      if (!$this->privateKey) {
  67        throw new Google_Auth_Exception("Unable to load private key");
  68      }
  69    }
  70  
  71    public function __destruct()
  72    {
  73      if ($this->privateKey) {
  74        openssl_pkey_free($this->privateKey);
  75      }
  76    }
  77  
  78    public function sign($data)
  79    {
  80      if (version_compare(PHP_VERSION, '5.3.0') < 0) {
  81        throw new Google_Auth_Exception(
  82            "PHP 5.3.0 or higher is required to use service accounts."
  83        );
  84      }
  85      $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256";
  86      if (!openssl_sign($data, $signature, $this->privateKey, $hash)) {
  87        throw new Google_Auth_Exception("Unable to sign data");
  88      }
  89      return $signature;
  90    }
  91  }