TransDEM Forum

TransDEM News, Support, Hints and Resources
It is currently 28 Mar 2024 17:08

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: 25 Sep 2017 00:35 
Offline

Joined: 14 Sep 2017 00:43
Posts: 16
I wanted to use more than the low 2,500 per day limit, but to do that I need to do this:
https://developers.google.com/maps/docu ... -signature

So I can't pay google for their service, with your software, unless you have a way to generate the digital signature for EACH url request?

"If you have enabled pay-as-you-go billing, the digital signature is required."

Do you have any plans to let users include their URL signing secret?

I see this requires cryptographic code to be added to the tile map requester... :(


Top
 Profile  
 
PostPosted: 25 Sep 2017 20:24 
Offline

Joined: 05 Jan 2011 16:45
Posts: 1463
If the final format of the digital signature is a static string then it would be just another parameter in the URL composition, with no software modification required. Have a look at the settings dialog and check the URL composition for the Google API. The manual may also help to better understand how the URL is built.


Top
 Profile  
 
PostPosted: 25 Sep 2017 21:49 
Offline

Joined: 14 Sep 2017 00:43
Posts: 16
The map tile url generation for the signature service uses the following code to generate the proper url with signature.


The url is generated FROM the url that you currently generate for the non signature API service.

Its not just another static parameter to tack on the end of the url like the api key is.


The crypotgraphic code url is generated by taking the url that contains the coordinate and api information, its hashed with the "signing secret". Then that hash is tacked on the end of the original url...

Example:

With url sample #1

1. The map url with no signature:
Code:
 https://maps.googleapis.com/maps/api/staticmap?center=-45.0000000,135.0000000&zoom=3&size=512x600&maptype=satellite&key=(put your api key here)


This url works with googles api service, but not its signature service.
This url was generated by transdem tile map requester sample #1

2.You must generate a URL signing secret in googles api console, its in the same area that you use to generate the api key.
You can generate one by visiting this url if you have already logged into your api console.
https://console.developers.google.com/p ... /staticmap

3. Take the url in step 1. and the signing secret in step 2. and "hash" them using the algorithm in the example code, at the bottom of this post "To sign a URL"

4. Take the hashed result and attach it to the end of the url in step 1.

Code:
 https://maps.googleapis.com/maps/api/staticmap?center=-45.0000000,135.0000000&zoom=3&size=512x600&maptype=satellite&key=(put your api key here)&signature=(put the hash that you generated from step 3 here.)


Each tile requested needs its url hashed like this to be accepted for use in googles signature map api service.


Code:

The example below uses standard Python libraries to sign a URL. (Download the code.)

#!/usr/bin/python
# -*- coding: utf-8 -*-
""" Signs a URL using a URL signing secret """

import hashlib
import hmac
import base64
import urlparse

def sign_url(input_url=None, secret=None):
  """ Sign a request URL with a URL signing secret.

      Usage:
      from urlsigner import sign_url

      signed_url = sign_url(input_url=my_url, secret=SECRET)

      Args:
      input_url - The URL to sign
      secret    - Your URL signing secret

      Returns:
      The signed request URL
  """

  if not input_url or not secret:
    raise Exception("Both input_url and secret are required")

  url = urlparse.urlparse(input_url)

  # We only need to sign the path+query part of the string
  url_to_sign = url.path + "?" + url.query

  # Decode the private key into its binary format
  # We need to decode the URL-encoded private key
  decoded_key = base64.urlsafe_b64decode(secret)

  # Create a signature using the private key and the URL-encoded
  # string using HMAC SHA1. This signature will be binary.
  signature = hmac.new(decoded_key, url_to_sign, hashlib.sha1)

  # Encode the binary signature into base64 for use within a URL
  encoded_signature = base64.urlsafe_b64encode(signature.digest())

  original_url = url.scheme + "://" + url.netloc + url.path + "?" + url.query

  # Return signed URL
  return original_url + "&signature=" + encoded_signature

if __name__ == "__main__":
  input_url = raw_input("URL to Sign: ")
  secret = raw_input("URL signing secret: ")
  print "Signed URL: " + sign_url(input_url, secret)



Code:

The example below uses the java.util.Base64 class available since JDK 1.8 - older versions may need to use Apache Commons or similar. (Download the code.)

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;  // JDK 1.8 only - older versions may need to use Apache Commons or similar.
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.net.URL;
import java.io.BufferedReader;
import java.io.InputStreamReader;

public class UrlSigner {

  // Note: Generally, you should store your private key someplace safe
  // and read them into your code

  private static String keyString = "YOUR_PRIVATE_KEY";
 
  // The URL shown in these examples is a static URL which should already
  // be URL-encoded. In practice, you will likely have code
  // which assembles your URL from user or web service input
  // and plugs those values into its parameters.
  private static String urlString = "YOUR_URL_TO_SIGN";

  // This variable stores the binary key, which is computed from the string (Base64) key
  private static byte[] key;
 
  public static void main(String[] args) throws IOException,
    InvalidKeyException, NoSuchAlgorithmException, URISyntaxException {
   
    BufferedReader input = new BufferedReader(new InputStreamReader(System.in));
   
    String inputUrl, inputKey = null;

    // For testing purposes, allow user input for the URL.
    // If no input is entered, use the static URL defined above.   
    System.out.println("Enter the URL (must be URL-encoded) to sign: ");
    inputUrl = input.readLine();
    if (inputUrl.equals("")) {
      inputUrl = urlString;
    }
   
    // Convert the string to a URL so we can parse it
    URL url = new URL(inputUrl);
 
    // For testing purposes, allow user input for the private key.
    // If no input is entered, use the static key defined above.   
    System.out.println("Enter the Private key to sign the URL: ");
    inputKey = input.readLine();
    if (inputKey.equals("")) {
      inputKey = keyString;
    }
   
    UrlSigner signer = new UrlSigner(inputKey);
    String request = signer.signRequest(url.getPath(),url.getQuery());
   
    System.out.println("Signed URL :" + url.getProtocol() + "://" + url.getHost() + request);
  }
 
  public UrlSigner(String keyString) throws IOException {
    // Convert the key from 'web safe' base 64 to binary
    keyString = keyString.replace('-', '+');
    keyString = keyString.replace('_', '/');
    System.out.println("Key: " + keyString);
    // Base64 is JDK 1.8 only - older versions may need to use Apache Commons or similar.
    this.key = Base64.getDecoder().decode(keyString);
  }

  public String signRequest(String path, String query) throws NoSuchAlgorithmException,
    InvalidKeyException, UnsupportedEncodingException, URISyntaxException {
   
    // Retrieve the proper URL components to sign
    String resource = path + '?' + query;
   
    // Get an HMAC-SHA1 signing key from the raw key bytes
    SecretKeySpec sha1Key = new SecretKeySpec(key, "HmacSHA1");

    // Get an HMAC-SHA1 Mac instance and initialize it with the HMAC-SHA1 key
    Mac mac = Mac.getInstance("HmacSHA1");
    mac.init(sha1Key);

    // compute the binary signature for the request
    byte[] sigBytes = mac.doFinal(resource.getBytes());

    // base 64 encode the binary signature
    // Base64 is JDK 1.8 only - older versions may need to use Apache Commons or similar.
    String signature = Base64.getEncoder().encodeToString(sigBytes);
   
    // convert the signature to 'web safe' base 64
    signature = signature.replace('+', '-');
    signature = signature.replace('/', '_');
   
    return resource + "&signature=" + signature;
  }
}



Code:

The example below uses the default System.Security.Cryptography library to sign a URL request. Note that we need to convert the default Base64 encoding to implement a URL-safe version. (Download the code.)

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;

namespace SignUrl {

  public struct GoogleSignedUrl {

    public static string Sign(string url, string keyString) {
      ASCIIEncoding encoding = new ASCIIEncoding();

      // converting key to bytes will throw an exception, need to replace '-' and '_' characters first.
      string usablePrivateKey = keyString.Replace("-", "+").Replace("_", "/");
      byte[] privateKeyBytes = Convert.FromBase64String(usablePrivateKey);

      Uri uri = new Uri(url);
      byte[] encodedPathAndQueryBytes = encoding.GetBytes(uri.LocalPath + uri.Query);

      // compute the hash
      HMACSHA1 algorithm = new HMACSHA1(privateKeyBytes);
      byte[] hash = algorithm.ComputeHash(encodedPathAndQueryBytes);

      // convert the bytes to string and make url-safe by replacing '+' and '/' characters
      string signature = Convert.ToBase64String(hash).Replace("+", "-").Replace("/", "_");
           
      // Add the signature to the existing URI.
      return uri.Scheme+"://"+uri.Host+uri.LocalPath + uri.Query +"&signature=" + signature;
    }
  }

  class Program {

    static void Main() {
   
      // Note: Generally, you should store your private key someplace safe
      // and read them into your code

      const string keyString = "YOUR_PRIVATE_KEY";
 
      // The URL shown in these examples is a static URL which should already
      // be URL-encoded. In practice, you will likely have code
      // which assembles your URL from user or web service input
      // and plugs those values into its parameters.
      const  string urlString = "YOUR_URL_TO_SIGN";
     
      string inputUrl = null;
      string inputKey = null;
   
      Console.WriteLine("Enter the URL (must be URL-encoded) to sign: ");
      inputUrl = Console.ReadLine();
      if (inputUrl.Length == 0) {
        inputUrl = urlString;
      }     
   
      Console.WriteLine("Enter the Private key to sign the URL: ");
      inputKey = Console.ReadLine();
      if (inputKey.Length == 0) {
        inputKey = keyString;
      }
     
      Console.WriteLine(GoogleSignedUrl.Sign(inputUrl,inputKey));
    }
  }
}



Top
 Profile  
 
PostPosted: 26 Sep 2017 20:38 
Offline

Joined: 05 Jan 2011 16:45
Posts: 1463
I had a closer look today. It appears to be a standard hashing technique and, according to the Google website, they provide a little online service for testing/verification which is essential for the developer. I have put this on the TransDEM todo list but I can't make promises when it will be implemented.


Top
 Profile  
 
PostPosted: 26 Sep 2017 23:31 
Offline

Joined: 14 Sep 2017 00:43
Posts: 16
Theres always something to improve eh?

For now I found an alternative to making geo maps.


SAS.Planet


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Ahrefs [Bot], SemrushBot [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron

Imprint & Privacy

Powered by phpBB® Forum Software © phpBB Group