0

I am trying to implement signed URL in my code. I was trying to understand and debug the below code provided by google.

https://cloud.google.com/storage/docs/access-control#signing-code-python

Below is what my client id from Developers console looks like

zzzzzzzzzzzz-zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.apps.googleusercontent.com

Is this the client ID which the code expects? when I give this as the keytext in the code it throws "RSA key format is not supported". Any inputs greatly appreciated, I am new to this.

Karthikkumar
  • 269
  • 3
  • 15
  • Take a look at this [example](https://github.com/kctang/gcs-helper) that uses GCS via signed URL. It is in Java but you might be able to derive what you need from here. Good luck! :-) – kctang Jan 12 '16 at 02:27

2 Answers2

1

The complete example shows what to do basically: https://github.com/GoogleCloudPlatform/storage-signedurls-python

In cloud console, API > credentials > new credentials > service account key > key type > p12. This downloads a .p12 key

Convert key to PEM:

openssl pkcs12 -in /path/to/key.p12 -nodes -nocerts > /path/to/key.pem

Will be prompted for password: notasecret

The name of the downloaded private key is the key's thumbprint. When inspecting the key on your computer, or using the key in your application, you need to provide the password notasecret. Note that while the password for all Google-issued private keys is the same (notasecret), each key is cryptographically unique.

Write RSA key:

openssl rsa -in /path/to/key.pem -inform PEM -out /path/to/key.der -outform DER

It's your key.der you'll want to supply as your key

with open('key.der', 'rb') as k:
    key = k.read()

then

import Crypto.PublicKey.RSA as RSA
...
...
private_key = RSA.importKey(key)
Jeffrey Godwyll
  • 3,787
  • 3
  • 26
  • 37
  • Hi Jeffery, The code works separately but once I integrated to Appengine code I get the below error in development environment File ImportError: cannot import name RAND_egd and on production environment I get File "/base/data/home/apps/s~coolsigngcs/1.389989971734770545/requests/adapters.py", line 415, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', error(13, 'Permission denied')). Any inputs are greatly appreciated. – Karthikkumar Jan 15 '16 at 02:57
  • I think this answer addresses your main question. About the `ConnectionError`, I think it belongs in a separate question with its own answer to help future users in case they run in to similar issues. Although some might argue it's similar to the very recent http://stackoverflow.com/a/34714347/2295256 . Also note too that the linked example wasn't meant as a standalone GAE app. Glad you found a fix though. Thanks. – Jeffrey Godwyll Jan 17 '16 at 04:14
0

You may want to consider using gcloud-python for Google Cloud Storage, which among other things provides an easy way for signing a URL.

ozarov
  • 1,051
  • 6
  • 7
  • I tried Jefffery's answer, the sample code in-https://github.com/GoogleCloudPlatform/storage-signedurls-python works as standalone code but changed into a appengine code, it throws errors. – Karthikkumar Jan 15 '16 at 19:33
  • That's because Appengine doesn't support requests library, after spending some time I found using urllib library instead of requests solves this issue. Here is the code- Use this -return '%s?%s'%(base_url, urllib.urlencode(query_params)) instead of return self.session.get(base_url, params = query_params). Its frustrating to see google using what it doesn't support in its sample example. – Karthikkumar Jan 15 '16 at 19:39