Hmm, ended up solving it with help from another similar post where someone was trying to do more or less the same thing in Perl. Here's my updated code, for the sake of anyone else stumbling upon this:
$headerdata = "POST http://gdata.youtube.com/action/GetUploadToken " . time() . " " . $rand; if (empty($options['youtube_privatekey_passphrase'])) { $key = openssl_pkey_get_private($options['youtube_privatekey']); } else { $key = openssl_pkey_get_private($options['youtube_privatekey'], $options['youtube_privatekey_passphrase']); } if (!$key) { standard_error('Key problem: ' . openssl_error_string()); } if (!openssl_sign($headerdata, $signature, $key)) { standard_error('Key problem: ' . openssl_error_string()); } $headers .= "Authorization: AuthSub token=\"" . urlencode($_POST['token']) . "\" "; $headers .= "data=\"" . $headerdata . "\" sig=\"" . base64_encode($signature) . "\" "; $headers .= "sigalg=\"rsa-sha1\"" . "\r\n"; On Jul 2, 12:41 am, Jesse <[EMAIL PROTECTED]> wrote: > I'm getting a 401 error on the last bit, but I'm pretty sure it's > because I'm not signing it correctly. That is, I really have no idea > what I'm doing--most things in the Google API Documentation have been > pretty straightforward and laid out well, but there's most certainly > nothing regarding *how* to go about creating signatures. Maybe this is > supposed to be self-evident? Either way, I have not worked much with > keys/signatures/etc, ever, and tend to have issues when they come up. > > So! Here's my code thus far (the important bits, anyways): > > First, the user starts out by just getting a token: > > <form method="post" action="https://www.google.com/accounts/ > AuthSubRequest" name="youtubeupload"> > <input type="hidden" name="next" value="http://www.gunschbunsch.com/ > v370/vBTube.php?do=upload&action=videodetails" /> > <input type="hidden" name="scope" value="http://gdata.youtube.com"; /> > <input type="hidden" name="session" value="0" /> > <input type="hidden" name="secure" value="0" /> > <a href="javascript:document.youtubeupload.submit();">Upload a Video</ > a> > </form> > > This all works fine. It redirects back to my page, which sends the > token along to another page of mine, then submits this data: > > function do_post_request($url, $data, $optional_headers = null) { > $start = strpos($url,'//')+2; > $end = strpos($url,'/',$start); > $host = substr($url, $start, $end-$start); > $domain = substr($url,$end); > $fp = pfsockopen($host, 80); > if(!$fp) return null; > fputs ($fp,"POST $domain HTTP/1.1\n"); > fputs ($fp,"Host: $host\n"); > if ($optional_headers) { > fputs($fp, $optional_headers); > } > fputs ($fp,"Content-type: application/atom+xml; charset=UTF-8\n"); > fputs ($fp,"Content-length: ".strlen($data)."\n\n"); > fputs ($fp,"$data\n\n"); > $response = ""; > while(!feof($fp)) { > $response .= fgets($fp, 1024); > } > fclose ($fp); > return $response; > > } > > $data = "... this bit isn't important, but it is XML for > youtube ..."; > $headers = ""; > $headers .= "Authorization: AuthSub token=\"" . > urlencode($_POST['token']) . "\" "; > $headers .= "data=\"POSThttp://gdata.youtube.com/action/GetUploadToken > " . time() . " "; > $headers .= $rand . "\" sig=\"" . ... okay, really, what goes here? . > "\" "; > $headers .= "sigalg=\"rsa-sha1\"" . "\r\n"; > $headers .= "X-GData-Client: " . $options['youtube_clientid'] . "\r > \n"; > $headers .= "X-GData-Key: key=" . $options['youtube_developer_key'] . > "\r\n"; > $upload_token = do_post_request('http://gdata.youtube.com/action/ > GetUploadToken', $data, $headers); > > Before I went for the secure token at the beginning, everything was > fine, so I know I've got most everything working. The one issue I'm > left with is figuring out what to do from here. I generated a PEM > certificate with the Java keytool, uploaded that to Google, and now > I'm stuck with only a PEM certificate and a passphrase to go with it, > wondering how to make the signature asked for in the "sig" bit of the > "Authorization" header. I did see that PHP has openssl_* functions, > but I wasn't able to get anything to work with those--would a PEM > certificate from keytool simply not work with those? I assumed they'd > be compatible, but then again, I obviously don't know a whole lot. > > So, in short, really all I'm looking for is what's needed to generate > the signature there. Any advice would be greatly appreciated. > > - Jesse --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Data Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
