Google_Signer_P12

Signs data.

Defined (1)

The class is defined in the following location(s).

/includes/api-libs/Google/Signer/P12.php  
  1. class Google_Signer_P12 extends Google_Signer_Abstract 
  2. // OpenSSL private key resource 
  3. private $privateKey; 
  4.  
  5. // Creates a new signer from a .p12 file. 
  6. public function __construct($p12, $password) 
  7. if (!function_exists('openssl_x509_read')) { 
  8. throw new Google_Exception( 
  9. 'The Google PHP API library needs the openssl PHP extension' 
  10. ); 
  11.  
  12. // If the private key is provided directly, then this isn't in the p12 
  13. // format. Different versions of openssl support different p12 formats 
  14. // and the key from google wasn't being accepted by the version available 
  15. // at the time. 
  16. if (!$password && strpos($p12, "-----BEGIN RSA PRIVATE KEY-----") !== false) { 
  17. $this->privateKey = openssl_pkey_get_private($p12); 
  18. } else { 
  19. // This throws on error 
  20. $certs = array(); 
  21. if (!openssl_pkcs12_read($p12, $certs, $password)) { 
  22. throw new Google_Auth_Exception( 
  23. "Unable to parse the p12 file. " . 
  24. "Is this a .p12 file? Is the password correct? OpenSSL error: " . 
  25. openssl_error_string() 
  26. ); 
  27. // TODO(beaton): is this part of the contract for the openssl_pkcs12_read 
  28. // method? What happens if there are multiple private keys? Do we care? 
  29. if (!array_key_exists("pkey", $certs) || !$certs["pkey"]) { 
  30. throw new Google_Auth_Exception("No private key found in p12 file."); 
  31. $this->privateKey = openssl_pkey_get_private($certs['pkey']); 
  32.  
  33. if (!$this->privateKey) { 
  34. throw new Google_Auth_Exception("Unable to load private key"); 
  35.  
  36. public function __destruct() 
  37. if ($this->privateKey) { 
  38. openssl_pkey_free($this->privateKey); 
  39.  
  40. public function sign($data) 
  41. if (version_compare(PHP_VERSION, '5.3.0') < 0) { 
  42. throw new Google_Auth_Exception( 
  43. "PHP 5.3.0 or higher is required to use service accounts." 
  44. ); 
  45. $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256"; 
  46. if (!openssl_sign($data, $signature, $this->privateKey, $hash)) { 
  47. throw new Google_Auth_Exception("Unable to sign data"); 
  48. return $signature;