Struct google_cloud_storage::http::service_account_client::ServiceAccountClient

source ·

pub struct ServiceAccountClient { /* private fields */ }

Implementations§

source §

impl ServiceAccountClient

source

pub async fn sign_blob(&self, name: &str, data: &[u8]) -> Result<Vec<u8>, Error>

Examples found in repository ?

src/client.rs (line 205)

    async fn _signed_url(&self, bucket: &str, object: &str, opts: SignedURLOptions) -> Result<String, SignedURLError> {
        let mut opts = opts;
        if !self.service_account_email.is_empty() && opts.google_access_id.is_empty() {
            opts.google_access_id = self.service_account_email.to_string();
        }
        if let SignBy::PrivateKey(pk) = &opts.sign_by {
            if pk.is_empty() {
                if let Some(pk) = &self.private_key {
                    opts.sign_by = SignBy::PrivateKey(pk.clone().into_bytes())
                } else if google_cloud_metadata::on_gce().await {
                    opts.sign_by = SignBy::SignBytes
                } else {
                    return Err(SignedURLError::InvalidOption("credentials is required to sign url"));
                }
            }
        }

        let (signed_buffer, mut builder) = create_signed_buffer(bucket, object, &opts)?;
        tracing::trace!("signed_buffer={:?}", String::from_utf8_lossy(&signed_buffer));

        // create signature
        let signature = match &opts.sign_by {
            SignBy::PrivateKey(private_key) => {
                let str = String::from_utf8_lossy(private_key);
                let pkcs = rsa::RsaPrivateKey::from_pkcs8_pem(str.as_ref())
                    .map_err(|e| SignedURLError::CertError(e.to_string()))?;
                let der = pkcs
                    .to_pkcs8_der()
                    .map_err(|e| SignedURLError::CertError(e.to_string()))?;
                let key_pair = ring::signature::RsaKeyPair::from_pkcs8(der.as_ref())
                    .map_err(|e| SignedURLError::CertError(e.to_string()))?;
                let mut signed = vec![0; key_pair.public_modulus_len()];
                key_pair
                    .sign(
                        &signature::RSA_PKCS1_SHA256,
                        &rand::SystemRandom::new(),
                        signed_buffer.as_slice(),
                        &mut signed,
                    )
                    .map_err(|e| SignedURLError::CertError(e.to_string()))?;
                signed
            }
            SignBy::SignBytes => {
                let path = format!("projects/-/serviceAccounts/{}", &opts.google_access_id);
                self.service_account_client
                    .sign_blob(&path, signed_buffer.as_slice())
                    .await
                    .map_err(SignedURLError::SignBlob)?
            }
        };
        builder
            .query_pairs_mut()
            .append_pair("X-Goog-Signature", &hex::encode(signature));
        Ok(builder.to_string())
    }