Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/google-site-kit/third-party/google/auth/src/Iam.php

Keine Baseline-Datei – Diff nur gegen leer.
Baseline Vorherige Version
Zur Liste
1 -
1 + <?php
2 +
3 + /*
4 + * Copyright 2019 Google LLC
5 + *
6 + * Licensed under the Apache License, Version 2.0 (the "License");
7 + * you may not use this file except in compliance with the License.
8 + * You may obtain a copy of the License at
9 + *
10 + * http://www.apache.org/licenses/LICENSE-2.0
11 + *
12 + * Unless required by applicable law or agreed to in writing, software
13 + * distributed under the License is distributed on an "AS IS" BASIS,
14 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 + * See the License for the specific language governing permissions and
16 + * limitations under the License.
17 + */
18 + namespace Google\Site_Kit_Dependencies\Google\Auth;
19 +
20 + use Google\Site_Kit_Dependencies\Google\Auth\HttpHandler\HttpClientCache;
21 + use Google\Site_Kit_Dependencies\Google\Auth\HttpHandler\HttpHandlerFactory;
22 + use Google\Site_Kit_Dependencies\GuzzleHttp\Psr7;
23 + use Google\Site_Kit_Dependencies\GuzzleHttp\Psr7\Utils;
24 + /**
25 + * Tools for using the IAM API.
26 + *
27 + * @see https://cloud.google.com/iam/docs IAM Documentation
28 + */
29 + class Iam
30 + {
31 + /**
32 + * @deprecated
33 + */
34 + const IAM_API_ROOT = 'https://iamcredentials.googleapis.com/v1';
35 + const SIGN_BLOB_PATH = '%s:signBlob?alt=json';
36 + const SERVICE_ACCOUNT_NAME = 'projects/-/serviceAccounts/%s';
37 + private const IAM_API_ROOT_TEMPLATE = 'https://iamcredentials.UNIVERSE_DOMAIN/v1';
38 + /**
39 + * @var callable
40 + */
41 + private $httpHandler;
42 + private string $universeDomain;
43 + /**
44 + * @param callable $httpHandler [optional] The HTTP Handler to send requests.
45 + */
46 + public function __construct(?callable $httpHandler = null, string $universeDomain = \Google\Site_Kit_Dependencies\Google\Auth\GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN)
47 + {
48 + $this->httpHandler = $httpHandler ?: \Google\Site_Kit_Dependencies\Google\Auth\HttpHandler\HttpHandlerFactory::build(\Google\Site_Kit_Dependencies\Google\Auth\HttpHandler\HttpClientCache::getHttpClient());
49 + $this->universeDomain = $universeDomain;
50 + }
51 + /**
52 + * Sign a string using the IAM signBlob API.
53 + *
54 + * Note that signing using IAM requires your service account to have the
55 + * `iam.serviceAccounts.signBlob` permission, part of the "Service Account
56 + * Token Creator" IAM role.
57 + *
58 + * @param string $email The service account email.
59 + * @param string $accessToken An access token from the service account.
60 + * @param string $stringToSign The string to be signed.
61 + * @param array<string> $delegates [optional] A list of service account emails to
62 + * add to the delegate chain. If omitted, the value of `$email` will
63 + * be used.
64 + * @return string The signed string, base64-encoded.
65 + */
66 + public function signBlob($email, $accessToken, $stringToSign, array $delegates = [])
67 + {
68 + $httpHandler = $this->httpHandler;
69 + $name = \sprintf(self::SERVICE_ACCOUNT_NAME, $email);
70 + $apiRoot = \str_replace('UNIVERSE_DOMAIN', $this->universeDomain, self::IAM_API_ROOT_TEMPLATE);
71 + $uri = $apiRoot . '/' . \sprintf(self::SIGN_BLOB_PATH, $name);
72 + if ($delegates) {
73 + foreach ($delegates as &$delegate) {
74 + $delegate = \sprintf(self::SERVICE_ACCOUNT_NAME, $delegate);
75 + }
76 + } else {
77 + $delegates = [$name];
78 + }
79 + $body = ['delegates' => $delegates, 'payload' => \base64_encode($stringToSign)];
80 + $headers = ['Authorization' => 'Bearer ' . $accessToken];
81 + $request = new \Google\Site_Kit_Dependencies\GuzzleHttp\Psr7\Request('POST', $uri, $headers, \Google\Site_Kit_Dependencies\GuzzleHttp\Psr7\Utils::streamFor(\json_encode($body)));
82 + $res = $httpHandler($request);
83 + $body = \json_decode((string) $res->getBody(), \true);
84 + return $body['signedBlob'];
85 + }
86 + }
87 +