EBS can return the response parameters as single GET parameter when the return url is specified as 'http://www.yourdomainname.com/response.extension?DR={DR}' as described in knowledgeable.
However I can not find the specification how to decrypt and validate the response. Also the Integration guide (v.3) does not contain any information on the subject.
I have found few examples which uses this options and decrypts their response via custom RC43 decoder.
With the DR variable specified the response contains single encoded/encrypted string.
However the I am unable to recognise what sort of algorithm is actually used (I suspect RC4 stream cyphers) and most examples ends with the decryption (without actual validation).
I am looking for any information on the subject.
The integration kits actually provide a way How to use and decode the response. However not all kits use this or verify the response at all.
To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'
$DR = preg_replace("/\s/","+",$_GET['DR']);
$rc4 = new Crypt_RC4($secret_key);
$QueryString = base64_decode($DR);
$rc4->decrypt($QueryString);
$QueryString = explode('&',$QueryString);
$response = array();
foreach($QueryString as $param){
$param = explode('=',$param);
$response[$param[0]] = urldecode($param[1]);
}
return $response
The Crypt_RC43 class which actually takes care of the decryption is then provided by EBS inside of Rc43 file which is part of the integration kits.
Note: As I have stated the Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as a private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.
Related
I'm creating simple PHP script for transfering ownerships of drive files between users in the same domain. I want to use Admin SDK Transfers and Insert method.
Google has documentation about transfers here
I tried to transfer data through their webpage GUI and it went fine. What I can't do is how to make it work with PHP Client library.
Let's say I have prepared object for creating requests to Transfers resource
$transfers = new \Google_Service_DataTransfer($googleConnection);
googleConnection handles service account authorization so i can make requests like this:
$data = $this->transfers->transfers->listTransfers();
This returns data of all existing transfers in domain. Based on documentation and PHP Client library insert operation should work also.
$transferParams = new \Google_Service_DataTransfer_ApplicationTransferParam();
$transferParams->setKey("PRIVACY_LEVEL"); //what kind of docs I want to transfer
$transferParams->setValue(['SHARED', 'PRIVATE']);
$appDataTransfer = new \Google_Service_DataTransfer_ApplicationDataTransfer();
$appDataTransfer->setApplicationTransferParams($transferParams);
$appDataTransfer->applicationId = "iDString"; //set application ID
$newTransfer = New \Google_Service_DataTransfer_DataTransfer();
$newTransfer->setOldOwnerUserId('accountID'); //origin account IDs are placeholders
$newTransfer->setNewOwnerUserId('account2ID'); //destination account
$newTransfer->setApplicationDataTransfers($appDataTransfer);
$result = $this->transfers->transfers->insert($newTransfer); //execute insert
After executing insert I am getting code 400 with message Missing required field: [resource.applicationDataTransfer].
If I test real parameters via web they work.
I must be missing something, because that exception doesn't make sense at all.
I'm also open to alternative solutions.
setApplicationDataTransfers method expects an array of Google_Service_DataTransfer_DataTransfer so you just need to update the following line (note the [] in the params)
$newTransfer->setApplicationDataTransfers([$appDataTransfer]);
Ensembl is a collection of genome database and annotation source for many eukaryotic genome. They have created REST API interface for user to access their data. http://rest.ensembl.org/. Also, provide detailed steps to write our own client ( perl, python etc.). I am learning PHP and hence would like to write PHP client, any suggestion will be helpful. Are there any libraries or class that I can use to effectively implement the client and access specific data and display back on html? Below is what I tired so far and work in progress.
$server = "http://grch37.rest.ensembl.org";
$ext = "/vep/human/hgvs/";
$hgvs_notation = "AGT:c.803T>C?content-type=application/json";
# added the application header
$url = $server.$ext.$hgvs_notation;# updated based on comment
$response = file_get_contents($url);
$data = json_decode($response, true);
print_r($data);
I'm a php programmer but I'm new to APIs.
I would like to run a mysql query to get info from an XML document from madmimi.com.
documentation from madmimi.com says
GET http://madmimi.com/audience_lists/lists.xml will return the data I need. I've created a php file and connected to their API using
require(dirname(FILE) . '/MadMimi.class.php');
$mailer = new MadMimi('username', 'password');
but I don't understand how to use GET to connect to the URL and display the XML info?
What do I need to do?
All http api interaction is hidden to you behind their library. You can use it's methods to grab objects, like this to lists:
$mailer->Lists();
There is no complete documentation, but you can read raw code to search urls, described in API for finding appreciated methods.
You can use curl to get the response from the 3rd party api. Have a look at this answer:
https://stackoverflow.com/a/5159513/1369567
Based upon the code in answer given at that link, you may need to the code to match your request. E.g:
/* Script URL */
$url = 'http://madmimi.com/audience_lists/lists.xml';
/* $_GET Parameters to Send */
$params = array('username' => '*your api username*', 'password' => '*your api password*');
For a project I'm working on, I'm using the Amazon AWS SDK for PHP, and I needed to retrieve a password for a server environment in plain text format. However, the documentation for the ec2 method confirmed what we found: the method would only return an encrypted string. On the surface, this was good, because the AWS SDK for PHP uses an unencrypted HTTP POST request to send and receive data via cURL, invisibly to the user. So we don't our password data just flying around the web.
The problem was that there was nothing explaining how to decrypt the string. I had my private key as a PEM file, but there was no method or documentation for what to do with that string to make it usable. Several attempts yielded nothing, and I was beginning to think that I needed to rethink my strategy for the project I'm on, but then I found the code from the last version of the AWS SDK for PHP, and it revealed how to go about decrypting the string to produce a plain text form of the password.
The answer I found was that the getPasswordData method returns a string that is BOTH base64 encoded AND encrypted. You need to decode it with base64_decode() before you can successfully decrypt it with PHP's OpenSSL library. The following function takes care of both:
/**
* #param obj $ec2_client The EC2 PHP client, from the AWS SDK for PHP
* #param string $client_id The ID of the client whose password we're trying to get.
* #return mixed The unencrypted password for the client, or false on failure.
*/
function aws_get_ec2_password($ec2_client, $client_id){
// First, run getPasswordData to get the Password Data Object.
$pw_obj = $ec2_client->getPasswordData($client_id);
// Next, use the local get() method to isolate the password
$pw_b64 = $pw_obj->get("PasswordData");
// Decode the password string.
$pw_encrypted = base64_decode($pw_b64);
// Now, get your PEM key.
//
// You can also use a raw string of the PEM key instead of get_file_contents(),
// or adjust the function so that you can pass it as an argument.
//
// Technically, this step might not be necessary, as the documentation for
// openssl_private_decrypt() suggests that $key can just be the path, and it will
// create the key object internally.
$key = openssl_get_privatekey(file_get_contents("path/to/key.pem"));
// Create an empty string to hold the password.
$pw = "";
// Finally, decrypt the string and return (will return false if decryption fails).
if(openssl_private_decrypt($pw_encrypted, $pw, $key)){
return $pw;
}else{
return false;
}
}
I hope this helps someone else avoid the headaches it gave me!
I'm making Android Application with In-App Purchases. On Android Developer Center page I see that I must verify purchase data (json) with signature. I trying to use PHP tool from Google Code for this, but validation failed. First fail be that this library want from me not json (as I understand), but some plain text with fields, joined with : and |. It split this plain string to get packageName and validate it too. I commented this part of code, because next part more interesting:
$result = openssl_verify($responseData, base64_decode($signature),
$this->_publicKey, self::SIGNATURE_ALGORITHM);
//openssl_verify returns 1 for a valid signature
if (0 === $result) {
return false;
} else if (1 !== $result) {
require_once 'RuntimeException.php';
throw new AndroidMarket_Licensing_RuntimeException('Unknown error verifying the signature in openssl_verify');
}
where $responseData is my purchase json, self::SIGNATURE_ALGORITHM is OPENSSL_ALGO_SHA1, $this->_publicKey is:
$key = self::KEY_PREFIX . chunk_split($publicKey, 64, "\n") . self::KEY_SUFFIX;
$key = openssl_get_publickey($key);
if (false === $key) {
require_once 'InvalidArgumentException.php';
throw new AndroidMarket_Licensing_InvalidArgumentException('Please pass a Base64-encoded public key from the Market portal');
}
$this->_publicKey = $key;
where public key is base64 public key, like described:
Note:To find the public key portion of this key pair, open your application's
details in the Developer Console, then click on Services & APIs, and look at the
field titled Your License Key for This Application.
But such verification is fail. I read that API 3 is new (Dec 2012), and many other articles and tutorials isn't correspond to it. What I need to change to correct this verification?
This code using SHA1, but on Android Developer Center page (first link) described that public key is RSA with X.509... Any ideas?
UPD: While trying to make server always say 'purchase is ok' and add all purchases to database, find that this error is my fail. I take json to server in base64, since on server i base64_decode it in two different places, so I breaking it. This library works in part of code that use openssl to validate json. Previos version, as I understand, just validate package name; this may be easy rewrited to read productId from json.