PageRenderTime 25ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/api/vendor/aws/aws-sdk-php/src/Aws/S3/S3Signature.php

https://gitlab.com/x33n/respond
PHP | 268 lines | 169 code | 33 blank | 66 comment | 16 complexity | 7e3a6c582b4d5171040b348f575ed302 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License").
    6. 

  6.  * You may not use this file except in compliance with the License.
    7. 

  7.  * A copy of the License is located at
    8. 

  8.  *
    9. 

  9.  * http://aws.amazon.com/apache2.0
    10. 

  10.  *
    11. 

  11.  * or in the "license" file accompanying this file. This file is distributed
    12. 

  12.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    13. 

  13.  * express or implied. See the License for the specific language governing
    14. 

  14.  * permissions and limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. namespace Aws\S3;
    18. 

  18. 

  19. use Aws\Common\Credentials\CredentialsInterface;
    20. 

  20. use Guzzle\Http\Message\RequestInterface;
    21. 

  21. use Guzzle\Http\QueryString;
    22. 

  22. use Guzzle\Http\Url;
    23. 

  23. 

  24. /**
    25. 

  25.  * Default Amazon S3 signature implementation
    26. 

  26.  * @link http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    27. 

  27.  */
    28. 

  28. class S3Signature implements S3SignatureInterface
    29. 

  29. {
    30. 

  30.     /**
    31. 

  31.      * @var array Query string values that must be signed
    32. 

  32.      */
    33. 

  33.     protected $signableQueryString = array (
    34. 

  34.         'acl',
    35. 

  35.         'cors',
    36. 

  36.         'delete',
    37. 

  37.         'lifecycle',
    38. 

  38.         'location',
    39. 

  39.         'logging',
    40. 

  40.         'notification',
    41. 

  41.         'partNumber',
    42. 

  42.         'policy',
    43. 

  43.         'requestPayment',
    44. 

  44.         'response-cache-control',
    45. 

  45.         'response-content-disposition',
    46. 

  46.         'response-content-encoding',
    47. 

  47.         'response-content-language',
    48. 

  48.         'response-content-type',
    49. 

  49.         'response-expires',
    50. 

  50.         'restore',
    51. 

  51.         'tagging',
    52. 

  52.         'torrent',
    53. 

  53.         'uploadId',
    54. 

  54.         'uploads',
    55. 

  55.         'versionId',
    56. 

  56.         'versioning',
    57. 

  57.         'versions',
    58. 

  58.         'website',
    59. 

  59.     );
    60. 

  60. 

  61.     /** @var array Sorted headers that must be signed */
    62. 

  62.     private $signableHeaders = array('Content-MD5', 'Content-Type');
    63. 

  63. 

  64.     public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
    65. 

  65.     {
    66. 

  66.         // Ensure that the signable query string parameters are sorted
    67. 

  67.         sort($this->signableQueryString);
    68. 

  68. 

  69.         // Add the security token header if one is being used by the credentials
    70. 

  70.         if ($token = $credentials->getSecurityToken()) {
    71. 

  71.             $request->setHeader('x-amz-security-token', $token);
    72. 

  72.         }
    73. 

  73. 

  74.         // Add a date header if one is not set
    75. 

  75.         if (!$request->hasHeader('date') && !$request->hasHeader('x-amz-date')) {
    76. 

  76.             $request->setHeader('Date', gmdate(\DateTime::RFC2822));
    77. 

  77.         }
    78. 

  78. 

  79.         $stringToSign = $this->createCanonicalizedString($request);
    80. 

  80.         $request->getParams()->set('aws.string_to_sign', $stringToSign);
    81. 

  81. 

  82.         $request->setHeader(
    83. 

  83.             'Authorization',
    84. 

  84.             'AWS ' . $credentials->getAccessKeyId() . ':' . $this->signString($stringToSign, $credentials)
    85. 

  85.         );
    86. 

  86.     }
    87. 

  87. 

  88.     public function createPresignedUrl(
    89. 

  89.         RequestInterface $request,
    90. 

  90.         CredentialsInterface $credentials,
    91. 

  91.         $expires
    92. 

  92.     ) {
    93. 

  93.         if ($expires instanceof \DateTime) {
    94. 

  94.             $expires = $expires->getTimestamp();
    95. 

  95.         } elseif (!is_numeric($expires)) {
    96. 

  96.             $expires = strtotime($expires);
    97. 

  97.         }
    98. 

  98. 

  99.         // Operate on a clone of the request, so the original is not altered
    100. 

  100.         $request = clone $request;
    101. 

  101. 

  102.         // URL encoding already occurs in the URI template expansion. Undo that and encode using the same encoding as
    103. 

  103.         // GET object, PUT object, etc.
    104. 

  104.         $path = S3Client::encodeKey(rawurldecode($request->getPath()));
    105. 

  105.         $request->setPath($path);
    106. 

  106. 

  107.         // Make sure to handle temporary credentials
    108. 

  108.         if ($token = $credentials->getSecurityToken()) {
    109. 

  109.             $request->setHeader('x-amz-security-token', $token);
    110. 

  110.             $request->getQuery()->set('x-amz-security-token', $token);
    111. 

  111.         }
    112. 

  112. 

  113.         // Set query params required for pre-signed URLs
    114. 

  114.         $request->getQuery()
    115. 

  115.             ->set('AWSAccessKeyId', $credentials->getAccessKeyId())
    116. 

  116.             ->set('Expires', $expires)
    117. 

  117.             ->set('Signature', $this->signString(
    118. 

  118.                 $this->createCanonicalizedString($request, $expires),
    119. 

  119.                 $credentials
    120. 

  120.             ));
    121. 

  121. 

  122.         // Move X-Amz-* headers to the query string
    123. 

  123.         foreach ($request->getHeaders() as $name => $header) {
    124. 

  124.             $name = strtolower($name);
    125. 

  125.             if (strpos($name, 'x-amz-') === 0) {
    126. 

  126.                 $request->getQuery()->set($name, (string) $header);
    127. 

  127.                 $request->removeHeader($name);
    128. 

  128.             }
    129. 

  129.         }
    130. 

  130. 

  131.         return $request->getUrl();
    132. 

  132.     }
    133. 

  133. 

  134.     public function signString($string, CredentialsInterface $credentials)
    135. 

  135.     {
    136. 

  136.         return base64_encode(hash_hmac('sha1', $string, $credentials->getSecretKey(), true));
    137. 

  137.     }
    138. 

  138. 

  139.     public function createCanonicalizedString(RequestInterface $request, $expires = null)
    140. 

  140.     {
    141. 

  141.         $buffer = $request->getMethod() . "\n";
    142. 

  142. 

  143.         // Add the interesting headers
    144. 

  144.         foreach ($this->signableHeaders as $header) {
    145. 

  145.             $buffer .= (string) $request->getHeader($header) . "\n";
    146. 

  146.         }
    147. 

  147. 

  148.         // Choose dates from left to right based on what's set
    149. 

  149.         $date = $expires ?: (string) $request->getHeader('date');
    150. 

  150. 

  151.         $buffer .= "{$date}\n"
    152. 

  152.             . $this->createCanonicalizedAmzHeaders($request)
    153. 

  153.             . $this->createCanonicalizedResource($request);
    154. 

  154. 

  155.         return $buffer;
    156. 

  156.     }
    157. 

  157. 

  158.     /**
    159. 

  159.      * Create a canonicalized AmzHeaders string for a signature.
    160. 

  160.      *
    161. 

  161.      * @param RequestInterface $request Request from which to gather headers
    162. 

  162.      *
    163. 

  163.      * @return string Returns canonicalized AMZ headers.
    164. 

  164.      */
    165. 

  165.     private function createCanonicalizedAmzHeaders(RequestInterface $request)
    166. 

  166.     {
    167. 

  167.         $headers = array();
    168. 

  168.         foreach ($request->getHeaders() as $name => $header) {
    169. 

  169.             $name = strtolower($name);
    170. 

  170.             if (strpos($name, 'x-amz-') === 0) {
    171. 

  171.                 $value = trim((string) $header);
    172. 

  172.                 if ($value || $value === '0') {
    173. 

  173.                     $headers[$name] = $name . ':' . $value;
    174. 

  174.                 }
    175. 

  175.             }
    176. 

  176.         }
    177. 

  177. 

  178.         if (!$headers) {
    179. 

  179.             return '';
    180. 

  180.         }
    181. 

  181. 

  182.         ksort($headers);
    183. 

  183. 

  184.         return implode("\n", $headers) . "\n";
    185. 

  185.     }
    186. 

  186. 

  187.     /**
    188. 

  188.      * Create a canonicalized resource for a request
    189. 

  189.      *
    190. 

  190.      * @param RequestInterface $request Request for the resource
    191. 

  191.      *
    192. 

  192.      * @return string
    193. 

  193.      */
    194. 

  194.     private function createCanonicalizedResource(RequestInterface $request)
    195. 

  195.     {
    196. 

  196.         $buffer = $request->getParams()->get('s3.resource');
    197. 

  197.         // When sending a raw HTTP request (e.g. $client->get())
    198. 

  198.         if (null === $buffer) {
    199. 

  199.             $bucket = $request->getParams()->get('bucket') ?: $this->parseBucketName($request);
    200. 

  200.             // Use any specified bucket name, the parsed bucket name, or no bucket name when interacting with GetService
    201. 

  201.             $buffer = $bucket ? "/{$bucket}" : '';
    202. 

  202.             // Remove encoding from the path and use the S3 specific encoding
    203. 

  203.             $path = S3Client::encodeKey(rawurldecode($request->getPath()));
    204. 

  204.             // if the bucket was path style, then ensure that the bucket wasn't duplicated in the resource
    205. 

  205.             $buffer .= preg_replace("#^/{$bucket}/{$bucket}#", "/{$bucket}", $path);
    206. 

  206.         }
    207. 

  207. 

  208.         // Remove double slashes
    209. 

  209.         $buffer = str_replace('//', '/', $buffer);
    210. 

  210. 

  211.         // Add sub resource parameters
    212. 

  212.         $query = $request->getQuery();
    213. 

  213.         $first = true;
    214. 

  214.         foreach ($this->signableQueryString as $key) {
    215. 

  215.             if ($query->hasKey($key)) {
    216. 

  216.                 $value = $query[$key];
    217. 

  217.                 $buffer .= $first ? '?' : '&';
    218. 

  218.                 $first = false;
    219. 

  219.                 $buffer .= $key;
    220. 

  220.                 // Don't add values for empty sub-resources
    221. 

  221.                 if ($value !== '' &&
    222. 

  222.                     $value !== false &&
    223. 

  223.                     $value !== null &&
    224. 

  224.                     $value !== QueryString::BLANK
    225. 

  225.                 ) {
    226. 

  226.                     $buffer .= "={$value}";
    227. 

  227.                 }
    228. 

  228.             }
    229. 

  229.         }
    230. 

  230. 

  231.         return $buffer;
    232. 

  232.     }
    233. 

  233. 

  234.     /**
    235. 

  235.      * Parse the bucket name from a request object
    236. 

  236.      *
    237. 

  237.      * @param RequestInterface $request Request to parse
    238. 

  238.      *
    239. 

  239.      * @return string
    240. 

  240.      */
    241. 

  241.     private function parseBucketName(RequestInterface $request)
    242. 

  242.     {
    243. 

  243.         $baseUrl = Url::factory($request->getClient()->getBaseUrl());
    244. 

  244.         $baseHost = $baseUrl->getHost();
    245. 

  245.         $host = $request->getHost();
    246. 

  246. 

  247.         if (strpos($host, $baseHost) === false) {
    248. 

  248.             // Does not contain the base URL, so it's either a redirect, CNAME, or using a different region
    249. 

  249.             $baseHost = '';
    250. 

  250.             // For every known S3 host, check if that host is present on the request
    251. 

  251.             $regions = $request->getClient()->getDescription()->getData('regions');
    252. 

  252.             foreach ($regions as $region) {
    253. 

  253.                 if (strpos($host, $region['hostname']) !== false) {
    254. 

  254.                     // This host matches the request host. Tells use the region and endpoint-- we can derive the bucket
    255. 

  255.                     $baseHost = $region['hostname'];
    256. 

  256.                     break;
    257. 

  257.                 }
    258. 

  258.             }
    259. 

  259.             // If no matching base URL was found, then assume that this is a CNAME, and the CNAME is the bucket
    260. 

  260.             if (!$baseHost) {
    261. 

  261.                 return $host;
    262. 

  262.             }
    263. 

  263.         }
    264. 

  264. 

  265.         // Remove the baseURL from the host of the request to attempt to determine the bucket name
    266. 

  266.         return trim(str_replace($baseHost, '', $request->getHost()), ' .');
    267. 

  267.     }
    268. 

  268. }
    269. 

  269.