OAUTH2 signing error in Google Analytics API using Google_Client

Question

I'm getting the following errors when trying to use OATH2 to authenticate against the Google Analytics API (v3):

Warning: openssl_sign() expects parameter 4 to be long, string given in google-api-php-client/src/auth/Google_P12Signer.php on line 60

Google_AuthException: Unable to sign data in google-api-php-client/src/auth/Google_P12Signer.php on line 61

Here's my PHP code:

// api dependencies
require_once(dirname(__FILE__) . '/../../vendor/google-api-php-client/src/Google_Client.php');
require_once(dirname(__FILE__) . '/../../vendor/google-api-php-client/src/contrib/Google_AnalyticsService.php');

session_start();

// create client object and set app name
$client = new Google_Client();
$client->setApplicationName(APP_NAME);

// set assertion credentials
$client->setAssertionCredentials(
  new Google_AssertionCredentials(
    'xxxxxxx@developer.gserviceaccount.com',
    array('https://www.googleapis.com/auth/analytics.readonly'),
          file_get_contents('xxxxxxxxxx-privatekey.p12')  // keyfile
));

// other settings
$client->setClientId('xxxxxxx.apps.googleusercontent.com');
$client->setAccessType('offline_access');

// create service
$service = new Google_AnalyticsService($client);

$properties = $service->management_webproperties->listManagementWebproperties("~all");
print_r($properties);

if I print_r($service) I get a valid object with no errors. It is the listManagementWebproperties() call that generates the errors.

Does anyone please have a solution? It looks like the Google_Client might be in flux, since it was edited just a couple of days ago. I obtained it from trunk via SVN, NOT via the download page which I believe has an older version that does not support service accounts. Thanks.

Answer 1

According to the openssl_sign() PHP documentation, the 4th parameter should be an int.

http://php.net/manual/en/function.openssl-sign.php

bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, int $signature_alg = OPENSSL_ALGO_SHA1 ] )

In the code for Google_P12Signer they are using it like this:

if (!openssl_sign($data, $signature, $this->privateKey, "sha256")) {
  throw new Google_AuthException("Unable to sign data");
}

Passing "sha256" which is obviously not an INT. There isn't an OPENSSL_ALGO_* defined for sha256 according to this: http://www.php.net/manual/en/openssl.signature-algos.php which means it won't work.

What you will have to do is define your own OPENSSL_ALGO_SHA256, sort of like you see in this code: http://pastebin.com/qdCyC0Pe

Someone wrote a patch to help also: http://php.it2y.info/missing-sha256-sha512-families-of-signature-algorithms.html