Skip to content

Instantly share code, notes, and snippets.

@dhermes

dhermes/.gitignore

Last active August 29, 2015 14:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dhermes/5907b8e19b2321fce35b to your computer and use it in GitHub Desktop.
Save dhermes/5907b8e19b2321fce35b to your computer and use it in GitHub Desktop.
Download ZIP
Google (Python) Service Accounts Unification
Raw
.gitignore
*.pyc
settings.py
*.json
*.p12
Raw
projname-9876543210ab.json.example
{
"private_key_id": "9876543210abcdefghi9876543210abcdefghi98",
"private_key": "-----BEGIN PRIVATE KEY-----\n...SOME STUFF...\n-----END PRIVATE KEY-----\n",
"client_email": "PROJNUM123-9876randomstring1234@developer.gserviceaccount.com",
"client_id": "PROJNUM123-9876randomstring1234.apps.googleusercontent.com",
"type": "service_account"
}
Raw
service_accounts_unification.py
from OpenSSL import crypto
import httplib2
import json
import os
from oauth2client.client import SignedJwtAssertionCredentials
from oauth2client.client import _get_application_default_credential_from_file
from oauth2client.client import _urlsafe_b64decode
from settings import P12_PATH
from settings import JSON_PATH
from settings import CLIENT_EMAIL
from settings import PRIVATE_KEY_ID_P12
SEP = '=' * 50
HEADER = '-' * 50
PASSPHRASE = 'notasecret'
SCOPE = ('https://www.googleapis.com/auth/userinfo.email',)
CLIENT_ID = CLIENT_EMAIL.replace(
'@developer.gserviceaccount.com',
'.apps.googleusercontent.com')
P12_AS_JSON = P12_PATH.replace('.p12', '.json')
JSON_AS_P12 = JSON_PATH.replace('.json', '.p12')
HTTP = httplib2.Http()
def do_p12():
print 'P12 as P12:'
print HEADER
credentials = SignedJwtAssertionCredentials(
service_account_name=CLIENT_EMAIL,
private_key=open(P12_PATH, 'rb').read(),
scope=SCOPE)
p12_assertion = credentials._generate_assertion()
seg1, seg2, seg3 = p12_assertion.split('.')
print json.dumps(json.loads(_urlsafe_b64decode(seg1)),
indent=2, sort_keys=True)
print json.dumps(json.loads(_urlsafe_b64decode(seg2)),
indent=2, sort_keys=True)
credentials._refresh(HTTP.request)
print 'Access token:'
print credentials.access_token
return seg1, seg2, seg3, credentials
def do_p12_as_json():
print 'P12 as JSON:'
print HEADER
# Create if doesn't exist.
if not os.path.exists(P12_AS_JSON):
with open(P12_PATH, 'rb') as fh:
p12 = crypto.load_pkcs12(fh.read(),
passphrase=PASSPHRASE)
private_key = crypto.dump_privatekey(
crypto.FILETYPE_PEM, p12.get_privatekey())
json_payload = {
u'type': 'service_account',
u'private_key': private_key,
u'private_key_id': PRIVATE_KEY_ID_P12,
u'client_email': CLIENT_EMAIL,
u'client_id': CLIENT_ID,
}
print 'Writing', P12_AS_JSON
with open(P12_AS_JSON, 'wb') as fh:
json.dump(json_payload, fh, ensure_ascii=True)
credentials = _get_application_default_credential_from_file(
P12_AS_JSON)
credentials = credentials.create_scoped(SCOPE)
json_assertion = credentials._generate_assertion()
seg1, seg2, seg3 = json_assertion.split('.')
print json.dumps(json.loads(_urlsafe_b64decode(seg1)),
indent=2, sort_keys=True)
print json.dumps(json.loads(_urlsafe_b64decode(seg2)),
indent=2, sort_keys=True)
credentials._refresh(HTTP.request)
print 'Access token:'
print credentials.access_token
return seg1, seg2, seg3, credentials
def do_json():
# New Public/Private key pair generated
# The private key has been downloaded to your machine and
# serves as the only copy of this key.
# You are responsible for storing it securely.
print 'JSON as JSON:'
print HEADER
credentials = _get_application_default_credential_from_file(
JSON_PATH)
credentials = credentials.create_scoped(SCOPE)
json_assertion = credentials._generate_assertion()
seg1, seg2, seg3 = json_assertion.split('.')
print json.dumps(json.loads(_urlsafe_b64decode(seg1)),
indent=2, sort_keys=True)
print json.dumps(json.loads(_urlsafe_b64decode(seg2)),
indent=2, sort_keys=True)
credentials._refresh(HTTP.request)
print 'Access token:'
print credentials.access_token
return seg1, seg2, seg3, credentials
def do_json_as_p12():
print 'JSON as P12:'
print HEADER
# Create if doesn't exist.
if not os.path.exists(JSON_AS_P12):
with open(JSON_PATH, 'rb') as fh:
json_payload = json.load(fh)
private_key = json_payload['private_key']
p12_obj = crypto.PKCS12()
p12_obj.set_privatekey(crypto.load_privatekey(
crypto.FILETYPE_PEM, private_key))
with open(JSON_AS_P12, 'wb') as fh:
fh.write(p12_obj.export(passphrase=PASSPHRASE))
credentials = SignedJwtAssertionCredentials(
service_account_name=CLIENT_EMAIL,
private_key=open(JSON_AS_P12, 'rb').read(),
scope=SCOPE)
p12_assertion = credentials._generate_assertion()
seg1, seg2, seg3 = p12_assertion.split('.')
print json.dumps(json.loads(_urlsafe_b64decode(seg1)),
indent=2, sort_keys=True)
print json.dumps(json.loads(_urlsafe_b64decode(seg2)),
indent=2, sort_keys=True)
credentials._refresh(HTTP.request)
print 'Access token:'
print credentials.access_token
return seg1, seg2, seg3, credentials
if __name__ == '__main__':
do_p12()
print SEP
do_p12_as_json()
print SEP
do_json()
print SEP
do_json_as_p12()
Raw
settings.py.example
PRIVATE_KEY_ID_P12 = 'abcdefghi0123456789abcdefghi0123456789ab'
P12_PATH = 'projname-abcdefghi012.p12.example' # First 12 of priv. key ID
JSON_PATH = 'projname-9876543210ab.json.example'
CLIENT_EMAIL = ('PROJNUM123-9876randomstring1234@'
'developer.gserviceaccount.com')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment