| 1 | <?php
|
|---|
| 2 | /*
|
|---|
| 3 | * Copyright 2023 Google Inc.
|
|---|
| 4 | *
|
|---|
| 5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
|---|
| 6 | * you may not use this file except in compliance with the License.
|
|---|
| 7 | * You may obtain a copy of the License at
|
|---|
| 8 | *
|
|---|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0
|
|---|
| 10 | *
|
|---|
| 11 | * Unless required by applicable law or agreed to in writing, software
|
|---|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
|---|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|---|
| 14 | * See the License for the specific language governing permissions and
|
|---|
| 15 | * limitations under the License.
|
|---|
| 16 | */
|
|---|
| 17 |
|
|---|
| 18 | namespace Google\Auth\CredentialSource;
|
|---|
| 19 |
|
|---|
| 20 | use Google\Auth\ExternalAccountCredentialSourceInterface;
|
|---|
| 21 | use InvalidArgumentException;
|
|---|
| 22 | use UnexpectedValueException;
|
|---|
| 23 |
|
|---|
| 24 | /**
|
|---|
| 25 | * Retrieve a token from a file.
|
|---|
| 26 | */
|
|---|
| 27 | class FileSource implements ExternalAccountCredentialSourceInterface
|
|---|
| 28 | {
|
|---|
| 29 | private string $file;
|
|---|
| 30 | private ?string $format;
|
|---|
| 31 | private ?string $subjectTokenFieldName;
|
|---|
| 32 |
|
|---|
| 33 | /**
|
|---|
| 34 | * @param string $file The file to read the subject token from.
|
|---|
| 35 | * @param string|null $format The format of the token in the file. Can be null or "json".
|
|---|
| 36 | * @param string|null $subjectTokenFieldName The name of the field containing the token in the file. This is required
|
|---|
| 37 | * when format is "json".
|
|---|
| 38 | */
|
|---|
| 39 | public function __construct(
|
|---|
| 40 | string $file,
|
|---|
| 41 | ?string $format = null,
|
|---|
| 42 | ?string $subjectTokenFieldName = null
|
|---|
| 43 | ) {
|
|---|
| 44 | $this->file = $file;
|
|---|
| 45 |
|
|---|
| 46 | if ($format === 'json' && is_null($subjectTokenFieldName)) {
|
|---|
| 47 | throw new InvalidArgumentException(
|
|---|
| 48 | 'subject_token_field_name must be set when format is JSON'
|
|---|
| 49 | );
|
|---|
| 50 | }
|
|---|
| 51 |
|
|---|
| 52 | $this->format = $format;
|
|---|
| 53 | $this->subjectTokenFieldName = $subjectTokenFieldName;
|
|---|
| 54 | }
|
|---|
| 55 |
|
|---|
| 56 | public function fetchSubjectToken(?callable $httpHandler = null): string
|
|---|
| 57 | {
|
|---|
| 58 | $contents = file_get_contents($this->file);
|
|---|
| 59 | if ($this->format === 'json') {
|
|---|
| 60 | if (!$json = json_decode((string) $contents, true)) {
|
|---|
| 61 | throw new UnexpectedValueException(
|
|---|
| 62 | 'Unable to decode JSON file'
|
|---|
| 63 | );
|
|---|
| 64 | }
|
|---|
| 65 | if (!isset($json[$this->subjectTokenFieldName])) {
|
|---|
| 66 | throw new UnexpectedValueException(
|
|---|
| 67 | 'subject_token_field_name not found in JSON file'
|
|---|
| 68 | );
|
|---|
| 69 | }
|
|---|
| 70 | $contents = $json[$this->subjectTokenFieldName];
|
|---|
| 71 | }
|
|---|
| 72 |
|
|---|
| 73 | return $contents;
|
|---|
| 74 | }
|
|---|
| 75 |
|
|---|
| 76 | /**
|
|---|
| 77 | * Gets the unique key for caching.
|
|---|
| 78 | * The format for the cache key one of the following:
|
|---|
| 79 | * Filename
|
|---|
| 80 | *
|
|---|
| 81 | * @return string
|
|---|
| 82 | */
|
|---|
| 83 | public function getCacheKey(): ?string
|
|---|
| 84 | {
|
|---|
| 85 | return $this->file;
|
|---|
| 86 | }
|
|---|
| 87 | }
|
|---|
