# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module DigitalassetlinksV1 # Digital Asset Links API # # Discovers relationships between online assets such as websites or mobile apps. # # @example # require 'google/apis/digitalassetlinks_v1' # # Digitalassetlinks = Google::Apis::DigitalassetlinksV1 # Alias the module # service = Digitalassetlinks::DigitalassetlinksService.new # # @see https://developers.google.com/digital-asset-links/ class DigitalassetlinksService < Google::Apis::Core::BaseService # @return [String] # API key. Your API key identifies your project and provides you with API access, # quota, and reports. Required unless you provide an OAuth 2.0 token. attr_accessor :key # @return [String] # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. attr_accessor :quota_user def initialize super('https://digitalassetlinks.googleapis.com/', '') @batch_path = 'batch' end # Determines whether the specified (directional) relationship exists between the # specified source and target assets. The relation describes the intent of the # link between the two assets as claimed by the source asset. An example for # such relationships is the delegation of privileges or permissions. This # command is most often used by infrastructure systems to check preconditions # for an action. For example, a client may want to know if it is OK to send a # web URL to a particular mobile app instead. The client can check for the # relevant asset link from the website to the mobile app to decide if the # operation should be allowed. A note about security: if you specify a secure # asset as the source, such as an HTTPS website or an Android app, the API will # ensure that any statements used to generate the response have been made in a # secure way by the owner of that asset. Conversely, if the source asset is an # insecure HTTP website (that is, the URL starts with `http://` instead of ` # https://`), the API cannot verify its statements securely, and it is not # possible to ensure that the website's statements have not been altered by a # third party. For more information, see the [Digital Asset Links technical # design specification](https://github.com/google/digitalassetlinks/blob/master/ # well-known/details.md). # @param [String] relation # Query string for the relation. We identify relations with strings of the # format `/`, where `` must be one of a set of pre-defined purpose categories, # and `` is a free-form lowercase alphanumeric string that describes the # specific use case of the statement. Refer to [our API documentation](/digital- # asset-links/v1/relation-strings) for the current list of supported relations. # For a query to match an asset link, both the query's and the asset link's # relation strings must match exactly. Example: A query with relation ` # delegate_permission/common.handle_all_urls` matches an asset link with # relation `delegate_permission/common.handle_all_urls`. # @param [String] source_android_app_certificate_sha256_fingerprint # The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, # it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep # SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42: # E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE # -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE: # B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this # example, the contents of this field would be `14:6D:E9:83:C5:73: 06:50:D8:EE: # B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5`. If these # tools are not available to you, you can convert the PEM certificate into the # DER format, compute the SHA-256 hash of that string and represent the result # as a hexstring (that is, uppercase hexadecimal representations of each octet, # separated by colons). # @param [String] source_android_app_package_name # Android App assets are naturally identified by their Java package name. For # example, the Google Maps app uses the package name `com.google.android.apps. # maps`. REQUIRED # @param [String] source_web_site # Web assets are identified by a URL that contains only the scheme, hostname and # port parts. The format is http[s]://[:] Hostnames must be fully qualified: # they must end in a single period ("`.`"). Only the schemes "http" and "https" # are currently allowed. Port numbers are given as a decimal number, and they # must be omitted if the standard port numbers are used: 80 for http and 443 for # https. We call this limited URL the "site". All URLs that share the same # scheme, hostname and port are considered to be a part of the site and thus # belong to the web asset. Example: the asset with the site `https://www.google. # com` contains all these URLs: * `https://www.google.com/` * `https://www. # google.com:443/` * `https://www.google.com/foo` * `https://www.google.com/foo? # bar` * `https://www.google.com/foo#bar` * `https://user@password:www.google. # com/` But it does not contain these URLs: * `http://www.google.com/` (wrong # scheme) * `https://google.com/` (hostname does not match) * `https://www. # google.com:444/` (port does not match) REQUIRED # @param [String] target_android_app_certificate_sha256_fingerprint # The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, # it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep # SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42: # E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE # -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE: # B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this # example, the contents of this field would be `14:6D:E9:83:C5:73: 06:50:D8:EE: # B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5`. If these # tools are not available to you, you can convert the PEM certificate into the # DER format, compute the SHA-256 hash of that string and represent the result # as a hexstring (that is, uppercase hexadecimal representations of each octet, # separated by colons). # @param [String] target_android_app_package_name # Android App assets are naturally identified by their Java package name. For # example, the Google Maps app uses the package name `com.google.android.apps. # maps`. REQUIRED # @param [String] target_web_site # Web assets are identified by a URL that contains only the scheme, hostname and # port parts. The format is http[s]://[:] Hostnames must be fully qualified: # they must end in a single period ("`.`"). Only the schemes "http" and "https" # are currently allowed. Port numbers are given as a decimal number, and they # must be omitted if the standard port numbers are used: 80 for http and 443 for # https. We call this limited URL the "site". All URLs that share the same # scheme, hostname and port are considered to be a part of the site and thus # belong to the web asset. Example: the asset with the site `https://www.google. # com` contains all these URLs: * `https://www.google.com/` * `https://www. # google.com:443/` * `https://www.google.com/foo` * `https://www.google.com/foo? # bar` * `https://www.google.com/foo#bar` * `https://user@password:www.google. # com/` But it does not contain these URLs: * `http://www.google.com/` (wrong # scheme) * `https://google.com/` (hostname does not match) * `https://www. # google.com:444/` (port does not match) REQUIRED # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::DigitalassetlinksV1::CheckResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::DigitalassetlinksV1::CheckResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def check_assetlink(relation: nil, source_android_app_certificate_sha256_fingerprint: nil, source_android_app_package_name: nil, source_web_site: nil, target_android_app_certificate_sha256_fingerprint: nil, target_android_app_package_name: nil, target_web_site: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/assetlinks:check', options) command.response_representation = Google::Apis::DigitalassetlinksV1::CheckResponse::Representation command.response_class = Google::Apis::DigitalassetlinksV1::CheckResponse command.query['relation'] = relation unless relation.nil? command.query['source.androidApp.certificate.sha256Fingerprint'] = source_android_app_certificate_sha256_fingerprint unless source_android_app_certificate_sha256_fingerprint.nil? command.query['source.androidApp.packageName'] = source_android_app_package_name unless source_android_app_package_name.nil? command.query['source.web.site'] = source_web_site unless source_web_site.nil? command.query['target.androidApp.certificate.sha256Fingerprint'] = target_android_app_certificate_sha256_fingerprint unless target_android_app_certificate_sha256_fingerprint.nil? command.query['target.androidApp.packageName'] = target_android_app_package_name unless target_android_app_package_name.nil? command.query['target.web.site'] = target_web_site unless target_web_site.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Retrieves a list of all statements from a given source that match the # specified target and statement string. The API guarantees that all statements # with secure source assets, such as HTTPS websites or Android apps, have been # made in a secure way by the owner of those assets, as described in the [ # Digital Asset Links technical design specification](https://github.com/google/ # digitalassetlinks/blob/master/well-known/details.md). Specifically, you should # consider that for insecure websites (that is, where the URL starts with `http:/ # /` instead of `https://`), this guarantee cannot be made. The `List` command # is most useful in cases where the API client wants to know all the ways in # which two assets are related, or enumerate all the relationships from a # particular source asset. Example: a feature that helps users navigate to # related items. When a mobile app is running on a device, the feature would # make it easy to navigate to the corresponding web site or Google+ profile. # @param [String] relation # Use only associations that match the specified relation. See the [`Statement`]( # #Statement) message for a detailed definition of relation strings. For a query # to match a statement, one of the following must be true: * both the query's # and the statement's relation strings match exactly, or * the query's relation # string is empty or missing. Example: A query with relation ` # delegate_permission/common.handle_all_urls` matches an asset link with # relation `delegate_permission/common.handle_all_urls`. # @param [String] source_android_app_certificate_sha256_fingerprint # The uppercase SHA-265 fingerprint of the certificate. From the PEM certificate, # it can be acquired like this: $ keytool -printcert -file $CERTFILE | grep # SHA256: SHA256: 14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83: \ 42: # E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 or like this: $ openssl x509 -in $CERTFILE # -noout -fingerprint -sha256 SHA256 Fingerprint=14:6D:E9:83:C5:73:06:50:D8:EE: # B9:95:2F:34:FC:64: \ 16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5 In this # example, the contents of this field would be `14:6D:E9:83:C5:73: 06:50:D8:EE: # B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF: 44:E5`. If these # tools are not available to you, you can convert the PEM certificate into the # DER format, compute the SHA-256 hash of that string and represent the result # as a hexstring (that is, uppercase hexadecimal representations of each octet, # separated by colons). # @param [String] source_android_app_package_name # Android App assets are naturally identified by their Java package name. For # example, the Google Maps app uses the package name `com.google.android.apps. # maps`. REQUIRED # @param [String] source_web_site # Web assets are identified by a URL that contains only the scheme, hostname and # port parts. The format is http[s]://[:] Hostnames must be fully qualified: # they must end in a single period ("`.`"). Only the schemes "http" and "https" # are currently allowed. Port numbers are given as a decimal number, and they # must be omitted if the standard port numbers are used: 80 for http and 443 for # https. We call this limited URL the "site". All URLs that share the same # scheme, hostname and port are considered to be a part of the site and thus # belong to the web asset. Example: the asset with the site `https://www.google. # com` contains all these URLs: * `https://www.google.com/` * `https://www. # google.com:443/` * `https://www.google.com/foo` * `https://www.google.com/foo? # bar` * `https://www.google.com/foo#bar` * `https://user@password:www.google. # com/` But it does not contain these URLs: * `http://www.google.com/` (wrong # scheme) * `https://google.com/` (hostname does not match) * `https://www. # google.com:444/` (port does not match) REQUIRED # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::DigitalassetlinksV1::ListResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::DigitalassetlinksV1::ListResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_statements(relation: nil, source_android_app_certificate_sha256_fingerprint: nil, source_android_app_package_name: nil, source_web_site: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/statements:list', options) command.response_representation = Google::Apis::DigitalassetlinksV1::ListResponse::Representation command.response_class = Google::Apis::DigitalassetlinksV1::ListResponse command.query['relation'] = relation unless relation.nil? command.query['source.androidApp.certificate.sha256Fingerprint'] = source_android_app_certificate_sha256_fingerprint unless source_android_app_certificate_sha256_fingerprint.nil? command.query['source.androidApp.packageName'] = source_android_app_package_name unless source_android_app_package_name.nil? command.query['source.web.site'] = source_web_site unless source_web_site.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end protected def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end end end end end