PageRenderTime 23ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/google/src/Google/Auth/ComputeEngine.php

https://gitlab.com/unofficial-mirrors/moodle
PHP | 146 lines | 81 code | 15 blank | 50 comment | 10 complexity | cb48a5d14cede8ca98088e58732972a6 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  * Copyright 2014 Google Inc.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License");
    6. 

  6.  * you may not use this file except in compliance with the License.
    7. 

  7.  * You may obtain a copy of the License at
    8. 

  8.  *
    9. 

  9.  *     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  * Unless required by applicable law or agreed to in writing, software
    12. 

  12.  * distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.  * See the License for the specific language governing permissions and
    15. 

  15.  * limitations under the License.
    16. 

  16.  */
    17. 

  17. 

  18. if (!class_exists('Google_Client')) {
    19. 

  19.   require_once dirname(__FILE__) . '/../autoload.php';
    20. 

  20. }
    21. 

  21. 

  22. /**
    23. 

  23.  * Authentication via built-in Compute Engine service accounts.
    24. 

  24.  * The instance must be pre-configured with a service account
    25. 

  25.  * and the appropriate scopes.
    26. 

  26.  * @author Jonathan Parrott <jon.wayne.parrott@gmail.com>
    27. 

  27.  */
    28. 

  28. class Google_Auth_ComputeEngine extends Google_Auth_Abstract
    29. 

  29. {
    30. 

  30.   const METADATA_AUTH_URL =
    31. 

  31.       'http://metadata/computeMetadata/v1/instance/service-accounts/default/token';
    32. 

  32.   private $client;
    33. 

  33.   private $token;
    34. 

  34. 

  35.   public function __construct(Google_Client $client, $config = null)
    36. 

  36.   {
    37. 

  37.     $this->client = $client;
    38. 

  38.   }
    39. 

  39. 

  40.   /**
    41. 

  41.    * Perform an authenticated / signed apiHttpRequest.
    42. 

  42.    * This function takes the apiHttpRequest, calls apiAuth->sign on it
    43. 

  43.    * (which can modify the request in what ever way fits the auth mechanism)
    44. 

  44.    * and then calls apiCurlIO::makeRequest on the signed request
    45. 

  45.    *
    46. 

  46.    * @param Google_Http_Request $request
    47. 

  47.    * @return Google_Http_Request The resulting HTTP response including the
    48. 

  48.    * responseHttpCode, responseHeaders and responseBody.
    49. 

  49.    */
    50. 

  50.   public function authenticatedRequest(Google_Http_Request $request)
    51. 

  51.   {
    52. 

  52.     $request = $this->sign($request);
    53. 

  53.     return $this->client->getIo()->makeRequest($request);
    54. 

  54.   }
    55. 

  55. 

  56.   /**
    57. 

  57.    * @param string $token
    58. 

  58.    * @throws Google_Auth_Exception
    59. 

  59.    */
    60. 

  60.   public function setAccessToken($token)
    61. 

  61.   {
    62. 

  62.     $token = json_decode($token, true);
    63. 

  63.     if ($token == null) {
    64. 

  64.       throw new Google_Auth_Exception('Could not json decode the token');
    65. 

  65.     }
    66. 

  66.     if (! isset($token['access_token'])) {
    67. 

  67.       throw new Google_Auth_Exception("Invalid token format");
    68. 

  68.     }
    69. 

  69.     $token['created'] = time();
    70. 

  70.     $this->token = $token;
    71. 

  71.   }
    72. 

  72. 

  73.   public function getAccessToken()
    74. 

  74.   {
    75. 

  75.     return json_encode($this->token);
    76. 

  76.   }
    77. 

  77. 

  78.   /**
    79. 

  79.    * Acquires a new access token from the compute engine metadata server.
    80. 

  80.    * @throws Google_Auth_Exception
    81. 

  81.    */
    82. 

  82.   public function acquireAccessToken()
    83. 

  83.   {
    84. 

  84.     $request = new Google_Http_Request(
    85. 

  85.         self::METADATA_AUTH_URL,
    86. 

  86.         'GET',
    87. 

  87.         array(
    88. 

  88.           'Metadata-Flavor' => 'Google'
    89. 

  89.         )
    90. 

  90.     );
    91. 

  91.     $request->disableGzip();
    92. 

  92.     $response = $this->client->getIo()->makeRequest($request);
    93. 

  93. 

  94.     if ($response->getResponseHttpCode() == 200) {
    95. 

  95.       $this->setAccessToken($response->getResponseBody());
    96. 

  96.       $this->token['created'] = time();
    97. 

  97.       return $this->getAccessToken();
    98. 

  98.     } else {
    99. 

  99.       throw new Google_Auth_Exception(
    100. 

  100.           sprintf(
    101. 

  101.               "Error fetching service account access token, message: '%s'",
    102. 

  102.               $response->getResponseBody()
    103. 

  103.           ),
    104. 

  104.           $response->getResponseHttpCode()
    105. 

  105.       );
    106. 

  106.     }
    107. 

  107.   }
    108. 

  108. 

  109.   /**
    110. 

  110.    * Include an accessToken in a given apiHttpRequest.
    111. 

  111.    * @param Google_Http_Request $request
    112. 

  112.    * @return Google_Http_Request
    113. 

  113.    * @throws Google_Auth_Exception
    114. 

  114.    */
    115. 

  115.   public function sign(Google_Http_Request $request)
    116. 

  116.   {
    117. 

  117.     if ($this->isAccessTokenExpired()) {
    118. 

  118.       $this->acquireAccessToken();
    119. 

  119.     }
    120. 

  120. 

  121.     $this->client->getLogger()->debug('Compute engine service account authentication');
    122. 

  122. 

  123.     $request->setRequestHeaders(
    124. 

  124.         array('Authorization' => 'Bearer ' . $this->token['access_token'])
    125. 

  125.     );
    126. 

  126. 

  127.     return $request;
    128. 

  128.   }
    129. 

  129. 

  130.   /**
    131. 

  131.    * Returns if the access_token is expired.
    132. 

  132.    * @return bool Returns True if the access_token is expired.
    133. 

  133.    */
    134. 

  134.   public function isAccessTokenExpired()
    135. 

  135.   {
    136. 

  136.     if (!$this->token || !isset($this->token['created'])) {
    137. 

  137.       return true;
    138. 

  138.     }
    139. 

  139. 

  140.     // If the token is set to expire in the next 30 seconds.
    141. 

  141.     $expired = ($this->token['created']
    142. 

  142.         + ($this->token['expires_in'] - 30)) < time();
    143. 

  143. 

  144.     return $expired;
    145. 

  145.   }
    146. 

  146. }
    147. 

  147.