Marcofbb Noticias y Artículos Webmasters



Publicidad marcored

Signed manually url google storage PHP

  • 08/05/2020
  • 12:44 pm
  • marcofbb

Dejo un código para firmar URL para google storage con el lenguaje de programación PHP

<?php 
/*
DOCS:
https://cloud.google.com/storage/docs/access-control/signed-urls
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
Translate to PHP of code Python: https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/storage/signed_urls/generate_signed_urls.py
*/
function generate_signed_url_google($service_account_file, $bucket_name, $object_name, $subresource = null, $expiration=604800, $http_method='GET', $query_parameters = array(), $headers = array()){
		date_default_timezone_set('UTC');
		if($expiration > 604800){
			echo 'Expiration Time can\'t be longer than 604800 seconds (7 days).';
			return;
		}
 
		$google_credentials = json_decode(file_get_contents($service_account_file), true);
		if(empty($google_credentials)){
			echo 'Error credentials.';
			return;
		}
 
		$escaped_object_name = implode('/', array_map('rawurlencode', explode('/', $object_name)));
		$canonical_uri = '/'.$escaped_object_name;
 
		$datetime_now = time();
		$request_timestamp = date('Ymd\THis\Z', $datetime_now);
		$datestamp = date('Ymd', $datetime_now);
 
		$client_email = $google_credentials['client_email'];
		$credential_scope = $datestamp.'/auto/storage/goog4_request';
		$credential = $client_email.'/'.$credential_scope;
 
		$host = $bucket_name.'.storage.googleapis.com';
		$headers['host'] = $bucket_name.'.storage.googleapis.com';
 
		$canonical_headers = '';
		$signed_headers = '';
 
		$ordered_headers = $headers;
		ksort($ordered_headers, SORT_STRING);
 
		foreach($ordered_headers as $key => $value){
			$key = strtolower($key);
			$value = ($value);
			$canonical_headers .= $key.':'.$value."\n";
			$signed_headers .= $key.';';
		}
 
		$signed_headers = substr($signed_headers, 0, -1);
 
 
		$query_parameters['X-Goog-Algorithm'] = 'GOOG4-RSA-SHA256';
		$query_parameters['X-Goog-Credential'] = $credential;
		$query_parameters['X-Goog-Date'] = $request_timestamp;
		$query_parameters['X-Goog-Expires'] = $expiration;
		$query_parameters['X-Goog-SignedHeaders'] = $signed_headers;
 
		if(!empty($subresource)){
			$query_parameters[$subresource] = '';
		}
 
		$canonical_query_string = '';
		$ordered_query_parameters = $query_parameters;
		ksort($ordered_query_parameters, SORT_STRING);
 
		foreach($ordered_query_parameters as $key => $value){
			$key = rawurlencode($key);
			$value = rawurlencode($value);
			$canonical_query_string .= $key.'='.$value.'&';
		}
 
		$canonical_query_string = substr($canonical_query_string, 0, -1);
 
		$canonical_request = implode("\n",array($http_method, $canonical_uri, $canonical_query_string, $canonical_headers, $signed_headers, 'UNSIGNED-PAYLOAD'));
 
		$canonical_request_hash = hash('sha256', utf8_encode($canonical_request));
 
		$string_to_sign = implode("\n",array('GOOG4-RSA-SHA256', $request_timestamp, $credential_scope, $canonical_request_hash));
 
		$pkeyid = $google_credentials['private_key'];
		if(!openssl_sign($string_to_sign,$signature,$pkeyid,'sha256')) {
			$signature = 'none';
		} else {
			$signature = bin2hex($signature);
		}
 
		$scheme_and_host = 'https://'.$host;
		$signed_url = $scheme_and_host.$canonical_uri.'?'.$canonical_query_string.'&x-goog-signature='.$signature;
 
		return $signed_url;
	}

Gist: https://gist.github.com/marcofbb/97c875bb51f2dc9740588f8e550aac77

¿Necesitas ayuda? o ¿Asesoramiento webmaster? Registrate en nuestro foro de consultas

Posts Relacionados

Enviar Comentario

(*)

(*)