lib/google/cloud/storage/file/signer_v2.rb in google-cloud-storage-1.26.2 vs lib/google/cloud/storage/file/signer_v2.rb in google-cloud-storage-1.27.0

@@ -75,19 +75,27 @@
              options[:content_type], options[:expires],
              format_extension_headers(options[:headers]) + ext_path].join "\n"
           end
 
           def determine_signing_key options = {}
-            options[:signing_key] || options[:private_key] ||
-              @service.credentials.signing_key
+            signing_key = options[:signing_key] || options[:private_key] ||
+                          options[:signer] || @service.credentials.signing_key
+            raise SignedUrlUnavailable, error_msg("signing_key (private_key, signer)") unless signing_key
+            signing_key
           end
 
           def determine_issuer options = {}
-            options[:issuer] || options[:client_email] ||
-              @service.credentials.issuer
+            issuer = options[:issuer] || options[:client_email] || @service.credentials.issuer
+            raise SignedUrlUnavailable, error_msg("issuer (client_email)") unless issuer
+            issuer
           end
 
+          def error_msg attr_name
+            "Service account credentials '#{attr_name}' is missing. To generate service account credentials " \
+            "see https://cloud.google.com/iam/docs/service-accounts"
+          end
+
           def post_object options
             options = apply_option_defaults options
 
             fields = {
               key: ext_path.sub("/", "")
@@ -97,12 +105,10 @@
             raise "Policy must be given in a Hash" unless p.is_a? Hash
 
             i = determine_issuer options
             s = determine_signing_key options
 
-            raise SignedUrlUnavailable unless i && s
-
             policy_str = p.to_json
             policy = Base64.strict_encode64(policy_str).delete "\n"
 
             signature = generate_signature s, policy
 
@@ -117,21 +123,24 @@
             options = apply_option_defaults options
 
             i = determine_issuer options
             s = determine_signing_key options
 
-            raise SignedUrlUnavailable unless i && s
-
             sig = generate_signature s, signature_str(options)
             generate_signed_url i, sig, options[:expires], options[:query]
           end
 
           def generate_signature signing_key, secret
-            unless signing_key.respond_to? :sign
-              signing_key = OpenSSL::PKey::RSA.new signing_key
+            unencoded_signature = ""
+            if signing_key.is_a? Proc
+              unencoded_signature = signing_key.call secret
+            else
+              unless signing_key.respond_to? :sign
+                signing_key = OpenSSL::PKey::RSA.new signing_key
+              end
+              unencoded_signature = signing_key.sign OpenSSL::Digest::SHA256.new, secret
             end
-            signature = signing_key.sign OpenSSL::Digest::SHA256.new, secret
-            Base64.strict_encode64(signature).delete "\n"
+            Base64.strict_encode64(unencoded_signature).delete "\n"
           end
 
           def generate_signed_url issuer, signed_string, expires, query
             url = "#{ext_url}?GoogleAccessId=#{url_escape issuer}" \
               "&Expires=#{expires}" \