getGoogleEAB.py

import os
from dotenv import load_dotenv
from google.oauth2 import service_account
from google.cloud.security.publicca import PublicCertificateAuthorityServiceClient

def gen_google_eab_data():
    load_dotenv()
    data = {
        "type": "service_account",
        "project_id": os.getenv("PROJECT_ID"),
        "private_key_id": os.getenv("PRIVATE_KEY_ID"),
        "private_key": os.getenv("PRIVATE_KEY"),
        "client_email": os.getenv("CLIENT_EMAIL"),
        "client_id": os.getenv("CLIENT_ID"),
        "auth_uri": os.getenv("AUTH_URI"),
        "token_uri": os.getenv("TOKEN_URI"),
        "auth_provider_x509_cert_url": os.getenv("AUTH_PROVIDER_X509_CERT_URL"),
        "client_x509_cert_url": os.getenv("CLIENT_X509_CERT_URL"),
        "universe_domain": os.getenv("UNIVERSE_DOMAIN")
    }
    return data

def gen_google_eab():
    service_account_info = gen_google_eab_data()
    credentials = service_account.Credentials.from_service_account_info(service_account_info)
    client = PublicCertificateAuthorityServiceClient(credentials=credentials)
    project_id = service_account_info['project_id']
    parent = f"projects/{project_id}"
    response = client.create_external_account_key(parent=parent)
    kid = response.key_id
    hmac = response.b64_mac_key
    return kid, hmac