Google Groups

Re: Service Account in perl


hatobus Jul 11, 2012 1:52 PM
Posted in group: Developer Forum for Google API Access using OAuth2
I changed source code below.

1. $claim value's setting

And error code is changed from "invalid_grant" to "invalid_request".
If you know Please help me..

--------------------------------------perl source code -----------------------------
get '/auth/:dest' => sub{

my $self = shift;

my $dest = $self->param('dest');

my $header = qq<{"alg":"RS256","typ":"JWT"}>;

    my $iat = time();
    
    my $exp = $iat + 3600;

my $claim = qq<{
"exp":$exp,
"iat":$iat
}>;

my $assertion = join(".", urlsafe_b64encode($header), urlsafe_b64encode($claim));

my $key_text = read_file( "/home/private/test.pem" );

print "claim=$claim\n";

my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text) || die "$!";

$rsa_key->use_pkcs1_padding();

my $signature = $rsa_key->sign(sha256_base64($assertion));

my $signed_signature = urlsafe_b64encode($signature);

my $signed_assertion = join(".", $assertion, $signed_signature);

print $signed_assertion;

    my $ua     = LWP::UserAgent->new;

my %args =(
Content_Type => 'application/x-www-form-urlencoded',
Content => {
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
    'assertion'  => $signed_assertion,
}
);

    my $r = $ua->post( 'https://accounts.google.com/o/oauth2/token', %args);
    
    my $result = JSON->new->utf8(0)->decode($r->content);

print $r->content;

2012年7月12日木曜日 5時13分45秒 UTC+9 hatobus:
I converted my downloaded pkcs12 key with -nodes option (password remove).

openssl pkcs12 -in privatekey.p12 -nodes -out test.pem

And try again.
But "invalid_grant" error occured.
Please help me..

----------------------------------source code -----------------------------------
get '/auth/:dest' => sub{

my $self = shift;

my $dest = $self->param('dest');

my $header = qq<{"alg":"RS256","typ":"JWT"}>;

    my $iat = time();
    
    my $exp = $iat + 3600;

my $claim = '{
"exp":$exp,
"iat":$iat
}';

my $assertion = join(".", urlsafe_b64encode($header), urlsafe_b64encode($claim));

my $key_text = read_file( "/home/private/test.pem" );

print "assertion=$assertion";

my $rsa_key = Crypt::OpenSSL::RSA->new_private_key($key_text) || die "$!";

$rsa_key->use_pkcs1_padding();

my $signature = $rsa_key->sign(sha256_base64($assertion));

my $signed_signature = urlsafe_b64encode($signature);

my $signed_assertion = join(".", $assertion, $signed_signature);

print $signed_assertion;

    my $ua     = LWP::UserAgent->new;

my %args =(
Content_Type => 'application/x-www-form-urlencoded',
Content => {
'grant_type' => 'assertion',
    'assertion'  => $signed_assertion,
}
);

    my $r = $ua->post( 'https://accounts.google.com/o/oauth2/token', %args);
    
    my $result = JSON->new->utf8(0)->decode($r->content);

print $r->content;


2012年7月11日水曜日 0時58分36秒 UTC+9 hatobus:
I downloaded private key that format is pkcs12.
and I used openssl command below to change the format.

openssl pkcs12 -in privatekey.p12 -out test.pem

I viewd test.pem file, and that contains 
-----BEGIN ENCRYPTED PRIVATE KEY-----

That does not contain RSA key word.
 I think that format is PKCS7not PEM format??
I think "Crypt::OpenSSL::RSA" module does not process
test.pem file's format.

I have to learn how to convert key files from PKES12 to PEM format.
If you know please imform me!!

I'm now trying to building Web appliction by OAuth2. The application
is server to server.

https://developers.google.com/accounts/docs/OAuth2ServiceAccount

But supported client libraries is java, python and php.

And I found ruby sample code in the below
url.

https://gist.github.com/2713830

But I coun'nt find perl example source.

And now trying to change ruby code to perl.
But I coun'nt find private key loading method
in perl like ruby.

If you now Please help me.