private ServiceAccountCredential getServiceAccountCredential(String pathToJsonFile,
String emailToImpersonate)
{
// Load and deserialize credential parameters from the specified JSON file.
JsonCredentialParameters parameters;
using (Stream json = new FileStream(pathToJsonFile, FileMode.Open, FileAccess.Read)) {
parameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(json);
}
// Create a credential initializer with the correct scopes.
ServiceAccountCredential.Initializer initializer =
new ServiceAccountCredential.Initializer(parameters.ClientEmail)
{
Scopes = OAuthScopes
};
// Configure impersonation (if applicable).
if (!String.IsNullOrEmpty(emailToImpersonate))
{
initializer.User = emailToImpersonate;
}
// Create a service account credential object using the deserialized private key.
ServiceAccountCredential credential =
new ServiceAccountCredential(initializer.FromPrivateKey(parameters.PrivateKey));
return(credential);
}
private async Task <AnalyticsReportingService> _analyticsReportingService()
{
try
{
var scopes = new[] { AnalyticsReportingService.Scope.Analytics };
var temp = new ServiceAccountCredential.Initializer(_googleAnalyticsSettings.gaserviceAccountEmail)
{
Scopes = scopes
};
string privateKey = _googleAnalyticsSettings.gaprivateKey.Replace("\\n", "\n");
var credential = new ServiceAccountCredential(temp.FromPrivateKey(privateKey));
return(new AnalyticsReportingService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "GrandNode",
}));
}
catch (Exception ex)
{
await _logger.InsertLog(Domain.Logging.LogLevel.Error, "GoogleAnalytics", ex.Message);
return(await Task.FromResult <AnalyticsReportingService>(null));
}
}
public async Task RefreshesOidcToken()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcTokenResponseSuccessMessageHandler();
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey));
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience"));
var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
// Move the clock so that the token expires.
clock.UtcNow = clock.UtcNow.AddHours(2);
signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://subsequent_calls.test", signedToken.Payload.Audience);
// Two calls, because the second time we tried to get the token, the first one had expired.
Assert.Equal(2, messageHandler.Calls);
}
public async Task FetchesOidcToken()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcTokenResponseSuccessMessageHandler();
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey));
// The fake Oidc server returns valid tokens (expired in the real world for safety)
// but with a set audience that lets us know if the token was refreshed or not.
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored"));
var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
// Move the clock some but not enough that the token expires.
clock.UtcNow = clock.UtcNow.AddMinutes(20);
signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
// Only the first call should have resulted in a request. The second time the token hadn't expired.
Assert.Equal(1, messageHandler.Calls);
}
public void Pkcs8Decoding_FromPrivateKey()
{
// This is a service credential, as downloaded from the Cloud Console on 2016-12-08
string dummyServiceAccountCredentialFileContents = @"
{
""type"": ""service_account"",
""private_key_id"": ""71bb487f3414f923196c5c433cf20a8c0f689562"",
""private_key"": ""-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQvitimRPWE2YM
tOADu3jb89UQmqZz8ao6NFoAjYiYDdg/6UBUTscQwGb6rIvllMtcT6BdS4rMKUwv
kSQFbO14gi7FiZBj4eJKveObVnt9RPxqT1txBieEPFtgJalh0GpyCo5GUmadgqe+
89ZF+VQBFE2hMoZhBny/FDba2/qDIk1GmksdXjC67ZI0EYRCGI71eXjOpQX/wOJs
tosMQRSTHjPKhZKvZTtjksMRWm8SlQoyORZKXsV6OGKztOieIvncKoX3lrkSupax
J+v0yYQJIF2uTFDbbCDL86bgUJ7TyZJ9X1AvrnHGNWp+QzQBDbTCMpZCuY81ARdu
BHeacqR3AgMBAAECggEAK7Cx+fgaO8Nhp6UwAff6KudVIB2OW1QokfglIlp9TX4Q
VggnC75VUf9DTpJQ0aOcEN0lroFCMssuBAK37F7JMWDmEzhgvVco+wXVnsyyGh0X
S9UCSZzFJptPcMdRNYTe0rG856EVk0AmhgQZRBoUaAls2iFuGN63u3KqrJJAU7O4
MPofQizwNcMmiDqRV0rnU6HgmIRQ64hMMh1bnnw4I35esOXjO1O2PiwyyK0jHuVz
eBNeD0wEXNLIP4CqDsQ0DKyBPKXZW4bmFnluq4s+VvgPMczUli7Ph0bM7G1oR0LF
nZk8tSO9cZ4lLcZpY5mHg7lHzSE6oPAxrkPYoa+6IQKBgQD6I7KaUcmkQj+vOQ18
sZCA28tXqjW2cGB4ThqG2uYeHK8khhjh/Pj07TFr8Xjpz1gNr1NNBJhR9Qs/dO9N
WCXS6s0fsVz/gm8N36w7kcBe+Uo43UIt3U6xvZVG4eJYWe2B5+0sZeXzMfzGhwug
VkinOJ0CoVpGFTByPrn17O9T8QKBgQDVoi5AO7jvL3nxLQyfXy6XhkHvmnrRU5hV
eHrgO2+0TsjAHNRhGGrKTMDqCrMvJqxXbXAwNIKxPdzGCXjam4QzaXgp8+bJWHNe
UNRfbWUxVo/Mzfp4owN6oCOVN2cTrnz/doFhuT1LjDj2KK5+hY6qtleH+h00XjCi
0xrTGCpG5wKBgDy0pya+jKI5lb0Pqo9FhJ1ROkM3QrvZAACSa+uoekp6iaLijG1j
+INwgRsCSmbr9CG2GBBL+i+Buc4Xse/iYaOTal6zq68y14LVcrYuRDKIa5PrVqFM
4UlPikfekBEDGhn50FyDClCAJCmGIrMx3YX/vlMiF4eEovJG+NiPPPHxAoGBANQq
qKJ0bbtmPEYQxot1HTGxTcSneDhyPEUOTYJqpQq+f9OEDkyL0msthR4rGD/Iubpu
XtARJobeeGdZuuPpNYdVxNhteZQXuyQ9RF2tqKUyYcg1/P5YbzkW15/3EPDUByIz
UFV8geqIzX1zc7EF9WWHiDDsbpq2vLjIzcg+JKabAoGAI7kuoGBdvIHne3Y3tucQ
JzcnYI3bppbhyn1dmm8jsaaWrtBvFqCb1y1MjaoL4lNi+brdd6bpV5u447GBQfG8
o3L1luXTksRPmwh5NbhXWl/ieiWc6WQL6sr8Q+vSYDKAo95zdhWJvWs+/v7NfWoF
lK1DcBvq+IFLucBdi0/9hXE=
-----END PRIVATE KEY-----"",
""client_email"": ""CLIENT_EMAIL"",
""client_id"": ""112326926692598796719""
}";
var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(dummyServiceAccountCredentialFileContents);
var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail)
{
Clock = new MockClock {
UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc)
}
};
initializer.FromPrivateKey(credentialParameters.PrivateKey);
var ps = initializer.Key.ExportParameters(true);
Assert.Equal("D0BE2B629913D613660CB4E003BB78DBF3D5109AA673F1AA3A345A008D88980DD83FE940544EC710C066FAAC8BE594CB5C4FA05D4B8ACC294C2F9124056CED78822EC5899063E1E24ABDE39B567B7D44FC6A4F5B710627843C5B6025A961D06A720A8E4652669D82A7BEF3D645F95401144DA1328661067CBF1436DADBFA83224D469A4B1D5E30BAED9234118442188EF57978CEA505FFC0E26CB68B0C4114931E33CA8592AF653B6392C3115A6F12950A3239164A5EC57A3862B3B4E89E22F9DC2A85F796B912BA96B127EBF4C98409205DAE4C50DB6C20CBF3A6E0509ED3C9927D5F502FAE71C6356A7E4334010DB4C2329642B98F3501176E04779A72A477", ToHex(ps.Modulus));
Assert.Equal("010001", ToHex(ps.Exponent));
Assert.Equal("2BB0B1F9F81A3BC361A7A53001F7FA2AE755201D8E5B542891F825225A7D4D7E105608270BBE5551FF434E9250D1A39C10DD25AE814232CB2E0402B7EC5EC93160E6133860BD5728FB05D59ECCB21A1D174BD502499CC5269B4F70C7513584DED2B1BCE7A115934026860419441A1468096CDA216E18DEB7BB72AAAC924053B3B830FA1F422CF035C326883A91574AE753A1E0988450EB884C321D5B9E7C38237E5EB0E5E33B53B63E2C32C8AD231EE57378135E0F4C045CD2C83F80AA0EC4340CAC813CA5D95B86E616796EAB8B3E56F80F31CCD4962ECF8746CCEC6D684742C59D993CB523BD719E252DC66963998783B947CD213AA0F031AE43D8A1AFBA21", ToHex(ps.D));
Assert.Equal("FA23B29A51C9A4423FAF390D7CB19080DBCB57AA35B67060784E1A86DAE61E1CAF248618E1FCF8F4ED316BF178E9CF580DAF534D049851F50B3F74EF4D5825D2EACD1FB15CFF826F0DDFAC3B91C05EF94A38DD422DDD4EB1BD9546E1E25859ED81E7ED2C65E5F331FCC6870BA05648A7389D02A15A461530723EB9F5ECEF53F1", ToHex(ps.P));
Assert.Equal("D5A22E403BB8EF2F79F12D0C9F5F2E978641EF9A7AD1539855787AE03B6FB44EC8C01CD461186ACA4CC0EA0AB32F26AC576D70303482B13DDCC60978DA9B8433697829F3E6C958735E50D45F6D6531568FCCCDFA78A3037AA02395376713AE7CFF768161B93D4B8C38F628AE7E858EAAB65787FA1D345E30A2D31AD3182A46E7", ToHex(ps.Q));
Assert.Equal("3CB4A726BE8CA23995BD0FAA8F45849D513A433742BBD90000926BEBA87A4A7A89A2E28C6D63F88370811B024A66EBF421B618104BFA2F81B9CE17B1EFE261A3936A5EB3ABAF32D782D572B62E4432886B93EB56A14CE1494F8A47DE9011031A19F9D05C830A508024298622B331DD85FFBE5322178784A2F246F8D88F3CF1F1", ToHex(ps.DP));
Assert.Equal("D42AA8A2746DBB663C4610C68B751D31B14DC4A77838723C450E4D826AA50ABE7FD3840E4C8BD26B2D851E2B183FC8B9BA6E5ED0112686DE786759BAE3E9358755C4D86D799417BB243D445DADA8A53261C835FCFE586F3916D79FF710F0D407223350557C81EA88CD7D7373B105F565878830EC6E9AB6BCB8C8CDC83E24A69B", ToHex(ps.DQ));
Assert.Equal("23B92EA0605DBC81E77B7637B6E710273727608DDBA696E1CA7D5D9A6F23B1A696AED06F16A09BD72D4C8DAA0BE25362F9BADD77A6E9579BB8E3B18141F1BCA372F596E5D392C44F9B087935B8575A5FE27A259CE9640BEACAFC43EBD2603280A3DE73761589BD6B3EFEFECD7D6A0594AD43701BEAF8814BB9C05D8B4FFD8571", ToHex(ps.InverseQ));
}
private IConfigurableHttpClientInitializer ServiceAccountInitializer()
{
var svcInit = new ServiceAccountCredential.Initializer(_config.CredentialParameters.ClientEmail)
{
Scopes = new[] { DriveService.Scope.Drive }
};
return(new ServiceAccountCredential(svcInit.FromPrivateKey(_config.CredentialParameters.PrivateKey)));
}
private ServiceAccountCredential GetServiceAccount()
{
var initializer = new ServiceAccountCredential.Initializer(_options.ClientEmail)
{
ProjectId = _options.ProjectId
};
return(new ServiceAccountCredential(initializer.FromPrivateKey(_options.PrivateKey)));
}
private ServiceAccountCredential GetCredentials()
{
var initializer = new ServiceAccountCredential.Initializer(configuration.GoogleClientEmail);
initializer.Scopes = Scopes;
var result = new ServiceAccountCredential(initializer.FromPrivateKey(configuration.GoogleClientPrivateKey));
return(result);
}
public string GetCoverUrl(string userId, int bookId, string coverName)
{
var coverPath = $"{_baseBookPath}{userId}/{bookId}/{coverName}";
var initializer = new ServiceAccountCredential.Initializer(_googleCloudStorageSettings.Id);
UrlSigner urlSgSigner = UrlSigner.FromServiceAccountCredential(
new ServiceAccountCredential(initializer.FromPrivateKey(_googleCloudStorageSettings.PrivateKey)));
string url = urlSgSigner.Sign(_googleCloudStorageSettings.BucketName, coverPath, TimeSpan.FromDays(5));
return(url);
}
public string GetDownloadUrl(string userId, int bookId, string bookFileName)
{
var bookPath = $"{_baseBookPath}{userId}/{bookId}/{bookFileName}";
var initializer = new ServiceAccountCredential.Initializer(_googleCloudStorageSettings.Id);
UrlSigner urlSgSigner = UrlSigner.FromServiceAccountCredential(
new ServiceAccountCredential(initializer.FromPrivateKey(_googleCloudStorageSettings.PrivateKey)));
string url = urlSgSigner.Sign(_googleCloudStorageSettings.BucketName, bookPath, TimeSpan.FromMinutes(10),
HttpMethod.Get);
return(url);
}
public GoogleDriveManager()
{
var initializer = new ServiceAccountCredential.Initializer(ConfigurationManager.AppSettings["GoogleDriveServiceAccountEmail"].ToString())
{
Scopes = new string[] { DriveService.Scope.Drive }
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(ConfigurationManager.AppSettings["GoogleDrivePrivateKey"].ToString()));
service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ConfigurationManager.AppSettings["GoogleDriveApplicationName"].ToString(),
});
service.HttpClient.Timeout = TimeSpan.FromMinutes(100);
}
public async Task ValidLocallySignedAccessToken_FromPrivateKey()
{
const string dummyServiceAccountCredentialFileContents = @"{
""private_key_id"": ""PRIVATE_KEY_ID"",
""private_key"": ""-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJJM6HT4s6btOsfe
2x4zrzrwSUtmtR37XTTi0sPARTDF8uzmXy8UnE5RcVJzEH5T2Ssz/ylX4Sl/CI4L
no1l8j9GiHJb49LSRjWe4Yx936q0Xj9H0R1HTxvjUPqwAsTwy2fKBTog+q1frqc9
o8s2r6LYivUGDVbhuUzCaMJsf+x3AgMBAAECgYEAi0FTXsu/zRswAUGaViQiHjrL
uU65BSHXNVjV/2fLNEKnGWGqpli68z1IXY+S2nwbUak7rnGsq9/0F6jtsW+hZbLk
KXUOuuExpeC5Kd6ngWX/f2jqmhlUabiQijU9cVk7pMq8EHkRtvlosnMTUAEzempu
QUPwn1PZHhmJkBvZ4lECQQDCErrxl+e3BwUDcS0yVEEmCNSG6xdXs2878b8rzbe7
3Mmi6SuuOLi3PU92J+j+f/MOdtYrk13mEDdYmd5dhrt5AkEAwPvDEsDT/W4y4h5n
gv1awGBA5aLFE1JNWM/Gwn4D1cGpEDHKFREaBtxMDCASpHJuw8r7zUywpKhmBZcf
GS37bwJANdSAKfbafLfjuhqwUJ9yGpykZm/a36aTmerp/bpn1iHdg+RtCzwMcDb/
TWSwibbvsflgWmHbz657y4WSWhq+8QJAWrpCNN/ZCk2zuGDo80lfUBAwkoVat8G6
wWU1oZyS+vzIGef+hLb8kHsjeZPej9eIwZ39kcBbT54oELrCkRjwGwJAQ8V2A7lT
ZUp8AsbVqF6rbLiiUfJMo2btGclQu4DEVyS+ymFA65tXDLUuR9EDqJYdqHNZJ5B8
4Z5p2prkjWTLcA==
-----END PRIVATE KEY-----"",
""client_email"": ""CLIENT_EMAIL"",
""client_id"": ""CLIENT_ID"",
""type"": ""service_account""}";
var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(dummyServiceAccountCredentialFileContents);
var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail)
{
Clock = new MockClock {
UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc)
}
};
var cred = new ServiceAccountCredential(initializer.FromPrivateKey(credentialParameters.PrivateKey));
Assert.False(cred.Scopes?.Any()); // HasScopes must be false for the type of access token we want to test.
string accessToken = await cred.GetAccessTokenForRequestAsync("http://authurl/");
string expectedToken =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDTElFTlRfRU1BSUwiLCJz" +
"dWIiOiJDTElFTlRfRU1BSUwiLCJhdWQiOiJodHRwOi8vYXV0aHVybC8iLCJleHAiOjE0N" +
"TE2MTAwMDAsImlhdCI6MTQ1MTYwNjQwMH0.WLljSaAqxMVZnAxFA2SvpA3n2WRlQW71Nb" +
"CUkbN-ZI-EWoL-HhgiV_3ISrXMvbDHYhBR0vvtXE0PcRcsMEf51Y0jV4DXZ8hf-QJFq7O" +
"Hrepwe93dnDE6uNVnbj41_0phuy1WKwae29Qp2aPI2Y8E8Z2tXQlF87E_MdgjXVeTF8k";
Assert.Equal(expectedToken, accessToken);
}
public async Task FromServiceAccountCredential_FetchesOicdToken()
{
var clock = new MockClock {
UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)
};
var messageHandler = new OidcTokenSuccessMessageHandler(clock);
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var serviceAccountCredential = new ServiceAccountCredential(initializer.FromPrivateKey(ServiceAccountCredentialTests.PrivateKey));
var googleCredential = GoogleCredential.FromServiceAccountCredential(serviceAccountCredential);
var oidcToken = await googleCredential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience"));
Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync());
}
public static IServiceCollection AddWebAnalytics(this IServiceCollection services)
{
services.AddSingleton <AnalyticsReportingService>(sp =>
{
var appConfig = sp.GetRequiredService <IConfiguration>();
var gaServiceAccount = appConfig["GoogleAnalytics:ServiceAccount"];
var gaServiceKey = appConfig["GoogleAnalytics:Key"];
// create the GA auth client
var scopes = new[] { AnalyticsReportingService.Scope.Analytics };
var init = new ServiceAccountCredential.Initializer(gaServiceAccount)
{
Scopes = scopes
};
var credentials = new ServiceAccountCredential(init.FromPrivateKey(gaServiceKey));
var ars = new AnalyticsReportingService(new BaseClientService.Initializer()
{
HttpClientInitializer = credentials,
ApplicationName = "KPI.Collector"
});
return(ars);
});
services.AddSingleton <GoogleAnalyticsStatsConfig>(sp =>
{
var appConfig = sp.GetRequiredService <IConfiguration>();
var tuples = appConfig.GetSection("GoogleAnalytics:Sites").GetChildren()
.Select(x => (x["ViewId"], x["Domain"])).ToArray();
return(new GoogleAnalyticsStatsConfig(tuples));
});
services.AddSingleton <IWebStatsService, GoogleAnalyticsWebStatsService>();
return(services);
}
public async Task FromServiceAccountCredential_FetchesOidcToken()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcTokenResponseSuccessMessageHandler();
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var serviceAccountCredential = new ServiceAccountCredential(initializer.FromPrivateKey(ServiceAccountCredentialTests.PrivateKey));
var googleCredential = GoogleCredential.FromServiceAccountCredential(serviceAccountCredential);
// The fake Oidc server returns valid tokens (expired in the real world for safty)
// but with a set audience that lets us know if the token was refreshed or not.
var oidcToken = await googleCredential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored"));
var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
}
static ServiceAccountCredential ServiceAccountCredential(
JsonCredentialParameters credentialParameters,
IEnumerable <string> scopes,
string?emailToImpersonate)
{
// Create a credential initializer with the correct scopes.
var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail)
{
Scopes = scopes
};
// Configure impersonation (if applicable).
if (!string.IsNullOrEmpty(emailToImpersonate))
{
initializer.User = emailToImpersonate;
}
// Create a service account credential object using the deserialized private key.
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(credentialParameters.PrivateKey));
return(credential);
}
public async Task FetchesOidcToken_CorrectPayloadSent()
{
var clock = new MockClock {
UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)
};
var messageHandler = new OidcTokenSuccessMessageHandler(clock);
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey));
var expectedPayload = new JsonWebSignature.Payload
{
Issuer = "MyId",
Subject = "MyId",
Audience = GoogleAuthConsts.OidcAuthorizationUrl,
IssuedAtTimeSeconds = (long)(clock.UtcNow - UnixEpoch).TotalSeconds,
ExpirationTimeSeconds = (long)(clock.UtcNow.Add(JwtLifetime) - UnixEpoch).TotalSeconds,
TargetAudience = "any_audience"
};
var serializedExpectedPayload = NewtonsoftJsonSerializer.Instance.Serialize(expectedPayload);
var urlSafeEncodedExpectedPayload = UrlSafeBase64Encode(serializedExpectedPayload);
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("any_audience"));
await oidcToken.GetAccessTokenAsync();
var requestFormDict = messageHandler.LatestRequestContent.Split('&')
.ToDictionary(entry => entry.Split('=')[0], entry => entry.Split('=')[1]);
var assertion = requestFormDict["assertion"];
// Assertion format shoould be headers.payload.signature
var encodedPayload = assertion.Split('.')[1];
Assert.Contains(urlSafeEncodedExpectedPayload, encodedPayload);
}
private ServiceAccountCredential CreateServiceAccountCredential(JsonCredentialParameters credParams)
{
var scopes = new List <string>
{
DirectoryService.Scope.AdminDirectoryUserReadonly,
DirectoryService.Scope.AdminDirectoryGroupReadonly,
DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
};
if (credParams.Type != JsonCredentialParameters.ServiceAccountCredentialType ||
string.IsNullOrEmpty(credParams.ClientEmail) ||
string.IsNullOrEmpty(credParams.PrivateKey))
{
throw new InvalidOperationException("JSON data does not represent a valid service account credential.");
}
var initializer = new ServiceAccountCredential.Initializer(credParams.ClientEmail);
initializer.User = SettingsService.Instance.Server.GSuite.AdminUser;
initializer.Scopes = scopes;
return(new ServiceAccountCredential(initializer.FromPrivateKey(credParams.PrivateKey)));
}
public async Task FetchesOidcToken()
{
var clock = new MockClock {
UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)
};
var messageHandler = new OidcTokenSuccessMessageHandler(clock);
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey));
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience"));
Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync());
// Move the clock some but not enough that the token expires.
clock.UtcNow = clock.UtcNow.AddMinutes(20);
Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync());
// Only the first call should have resulted in a request. The second time the token hadn't expired.
Assert.Equal(1, messageHandler.Calls);
}
public async Task RefreshesOidcToken()
{
var clock = new MockClock {
UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)
};
var messageHandler = new OidcTokenSuccessMessageHandler(clock);
var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored")
{
Clock = clock,
ProjectId = "a_project_id",
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey));
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience"));
Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync());
// Move the clock so that the token expires.
clock.UtcNow = clock.UtcNow.AddHours(2);
Assert.Equal("very_fake_access_token_2", await oidcToken.GetAccessTokenAsync());
// Two calls, because the second time we tried to get the token, the first one had expired.
Assert.Equal(2, messageHandler.Calls);
}
public SheetApiService(IOptions <GoogleServiceAccount> serviceAccount)
{
var _serviceAccount = serviceAccount.Value;
ServiceAccountCredential credential;
if (string.IsNullOrEmpty(_serviceAccount.ServiceEmail))
{
Console.WriteLine($"GOOGLE EMAIL NOT PROVIDED: {_serviceAccount.ServiceEmail}");
throw new ArgumentNullException(nameof(_serviceAccount.ServiceEmail));
}
if (string.IsNullOrEmpty(_serviceAccount.PrivateKey))
{
Console.WriteLine($"GOOGLE PRIVATE KEY NOT PROVIDED: {_serviceAccount.PrivateKey}");
throw new ArgumentNullException(nameof(_serviceAccount.PrivateKey));
}
var initializer = new ServiceAccountCredential.Initializer(_serviceAccount.ServiceEmail)
{
Scopes = Scopes
};
credential = new ServiceAccountCredential(initializer.FromPrivateKey(_serviceAccount.PrivateKey));
if (!credential.RequestAccessTokenAsync(System.Threading.CancellationToken.None).Result)
{
throw new InvalidOperationException("Access token failed.");
}
// create Google Sheets API service
_googleSheets = new SheetsService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Google Sheets API .NET Quickstart"
});
}
public static void Execute(IList <IList <object> > list)
{
try
{
// Set some basic variable to initialise Google Sheets API
string[] Scopes = { SheetsService.Scope.Spreadsheets };
string serviceAccountEmail = (String)Settings.export["googleSheetsServiceAccount"]["client_email"];
string key = (String)Settings.export["googleSheetsServiceAccount"]["private_key"];
// Initialise the Google API ServiceAccount
var initializer = new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
User = serviceAccountEmail,
Scopes = Scopes
};
// Set the ServiceAccount Key
ServiceAccountCredential credential = new ServiceAccountCredential(initializer.FromPrivateKey(key));
// Create Google Sheets API service.
var service = new SheetsService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
// Define request parameters.
String spreadsheetId = (string)Settings.export["googleSheets"]["id"];
String spreadsheetTab = (string)Settings.export["googleSheets"]["sheet"];
// Define the sheet range
var rng = string.Format("{0}!A1:A{1}", spreadsheetTab, list.Count);
var vRange = new ValueRange
{
Range = rng,
Values = list,
MajorDimension = "ROWS"
};
// Send the request to the Google Sheets API
var rqst = service.Spreadsheets.Values.Append(vRange, spreadsheetId, rng);
rqst.ValueInputOption = SpreadsheetsResource.ValuesResource.AppendRequest.ValueInputOptionEnum.USERENTERED;
rqst.Execute();
}
catch (System.Net.Http.HttpRequestException e)
{
Debug.WriteLine(string.Join("\n\n", new string[] {
"",
$"'{e}'",
"Connection to Google Sheets API failed.",
"Are you offline?",
e.Message,
"Continuing without exporting to Google Sheets.",
""
}));
}
catch (Google.GoogleApiException e)
{
if (e.Error.Code == 403)
{
Debug.WriteLine(string.Join("\n\n", new string[] {
"",
$"'{e}'",
"Google Sheets API request was forbidden.",
"Have you enabled the Google Sheets API?.",
e.Error.Message,
"Continuing without exporting to Google Sheets.",
""
}));
}
else if (e.Error.Code == 404)
{
Debug.WriteLine(string.Join("\n\n", new string[] {
"",
$"'{e}'",
"The Google Sheet could not be found.",
"Check export.googleSheets.id is set correctly in settings.json",
e.Error.Message,
"Continuing without exporting to Google Sheets.",
""
}));
}
else if (e.Error.Code == 400)
{
Debug.WriteLine(string.Join("\n\n", new string[] {
"",
$"'{e}'",
"The data range or sheet/tab name within the Google Sheet could not be found.",
"Check export.googleSheets.sheet is correctly set to the sheet/tab name in settings.json",
"The default is usually 'Sheet1'",
e.Error.Message,
"Continuing without exporting to Google Sheets.",
""
}));
}
else
{
throw;
}
}
catch (System.ArgumentException e)
{
if (e.ParamName == "pkcs8PrivateKey")
{
Debug.WriteLine(string.Join("\n\n", new string[] {
"",
$"'{e}'",
"Invalid Google Service Account API Key.",
"Check export.googleSheetsServiceAccount.private_key is set correctly in settings.json",
e.Message,
"Continuing without exporting to Google Sheets.",
""
}));
}
else
{
throw;
}
}
}