PageRenderTime 26ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-content/plugins/amazon-web-services/vendor/aws/Aws/S3/S3Signature.php

https://github.com/mhoofman/wordpress-heroku
PHP | 266 lines | 168 code | 33 blank | 65 comment | 14 complexity | 20820eeb37e5dd045ba91455fc64a088 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License").
    6. 

  6.  * You may not use this file except in compliance with the License.
    7. 

  7.  * A copy of the License is located at
    8. 

  8.  *
    9. 

  9.  * http://aws.amazon.com/apache2.0
    10. 

  10.  *
    11. 

  11.  * or in the "license" file accompanying this file. This file is distributed
    12. 

  12.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    13. 

  13.  * express or implied. See the License for the specific language governing
    14. 

  14.  * permissions and limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. namespace Aws\S3;
    18. 

  18. 

  19. use Aws\Common\Credentials\CredentialsInterface;
    20. 

  20. use Guzzle\Http\Message\RequestInterface;
    21. 

  21. use Guzzle\Http\QueryString;
    22. 

  22. use Guzzle\Http\Url;
    23. 

  23. 

  24. /**
    25. 

  25.  * Default Amazon S3 signature implementation
    26. 

  26.  * @link http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    27. 

  27.  */
    28. 

  28. class S3Signature implements S3SignatureInterface
    29. 

  29. {
    30. 

  30.     /**
    31. 

  31.      * @var array Query string values that must be signed
    32. 

  32.      */
    33. 

  33.     protected $signableQueryString = array (
    34. 

  34.         'acl',
    35. 

  35.         'cors',
    36. 

  36.         'delete',
    37. 

  37.         'lifecycle',
    38. 

  38.         'location',
    39. 

  39.         'logging',
    40. 

  40.         'notification',
    41. 

  41.         'partNumber',
    42. 

  42.         'policy',
    43. 

  43.         'requestPayment',
    44. 

  44.         'response-cache-control',
    45. 

  45.         'response-content-disposition',
    46. 

  46.         'response-content-encoding',
    47. 

  47.         'response-content-language',
    48. 

  48.         'response-content-type',
    49. 

  49.         'response-expires',
    50. 

  50.         'restore',
    51. 

  51.         'tagging',
    52. 

  52.         'torrent',
    53. 

  53.         'uploadId',
    54. 

  54.         'uploads',
    55. 

  55.         'versionId',
    56. 

  56.         'versioning',
    57. 

  57.         'versions',
    58. 

  58.         'website',
    59. 

  59.     );
    60. 

  60. 

  61.     /** @var array Sorted headers that must be signed */
    62. 

  62.     private $signableHeaders = array('Content-MD5', 'Content-Type');
    63. 

  63. 

  64.     public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
    65. 

  65.     {
    66. 

  66.         // Ensure that the signable query string parameters are sorted
    67. 

  67.         sort($this->signableQueryString);
    68. 

  68. 

  69.         // Add the security token header if one is being used by the credentials
    70. 

  70.         if ($token = $credentials->getSecurityToken()) {
    71. 

  71.             $request->setHeader('x-amz-security-token', $token);
    72. 

  72.         }
    73. 

  73. 

  74.         $request->removeHeader('x-amz-date');
    75. 

  75.         $request->setHeader('Date', gmdate(\DateTime::RFC2822));
    76. 

  76. 

  77.         $stringToSign = $this->createCanonicalizedString($request);
    78. 

  78.         $request->getParams()->set('aws.string_to_sign', $stringToSign);
    79. 

  79. 

  80.         $request->setHeader(
    81. 

  81.             'Authorization',
    82. 

  82.             'AWS ' . $credentials->getAccessKeyId() . ':' . $this->signString($stringToSign, $credentials)
    83. 

  83.         );
    84. 

  84.     }
    85. 

  85. 

  86.     public function createPresignedUrl(
    87. 

  87.         RequestInterface $request,
    88. 

  88.         CredentialsInterface $credentials,
    89. 

  89.         $expires
    90. 

  90.     ) {
    91. 

  91.         if ($expires instanceof \DateTime) {
    92. 

  92.             $expires = $expires->getTimestamp();
    93. 

  93.         } elseif (!is_numeric($expires)) {
    94. 

  94.             $expires = strtotime($expires);
    95. 

  95.         }
    96. 

  96. 

  97.         // Operate on a clone of the request, so the original is not altered
    98. 

  98.         $request = clone $request;
    99. 

  99. 

  100.         // URL encoding already occurs in the URI template expansion. Undo that and encode using the same encoding as
    101. 

  101.         // GET object, PUT object, etc.
    102. 

  102.         $path = S3Client::encodeKey(rawurldecode($request->getPath()));
    103. 

  103.         $request->setPath($path);
    104. 

  104. 

  105.         // Make sure to handle temporary credentials
    106. 

  106.         if ($token = $credentials->getSecurityToken()) {
    107. 

  107.             $request->setHeader('x-amz-security-token', $token);
    108. 

  108.             $request->getQuery()->set('x-amz-security-token', $token);
    109. 

  109.         }
    110. 

  110. 

  111.         // Set query params required for pre-signed URLs
    112. 

  112.         $request->getQuery()
    113. 

  113.             ->set('AWSAccessKeyId', $credentials->getAccessKeyId())
    114. 

  114.             ->set('Expires', $expires)
    115. 

  115.             ->set('Signature', $this->signString(
    116. 

  116.                 $this->createCanonicalizedString($request, $expires),
    117. 

  117.                 $credentials
    118. 

  118.             ));
    119. 

  119. 

  120.         // Move X-Amz-* headers to the query string
    121. 

  121.         foreach ($request->getHeaders() as $name => $header) {
    122. 

  122.             $name = strtolower($name);
    123. 

  123.             if (strpos($name, 'x-amz-') === 0) {
    124. 

  124.                 $request->getQuery()->set($name, (string) $header);
    125. 

  125.                 $request->removeHeader($name);
    126. 

  126.             }
    127. 

  127.         }
    128. 

  128. 

  129.         return $request->getUrl();
    130. 

  130.     }
    131. 

  131. 

  132.     public function signString($string, CredentialsInterface $credentials)
    133. 

  133.     {
    134. 

  134.         return base64_encode(hash_hmac('sha1', $string, $credentials->getSecretKey(), true));
    135. 

  135.     }
    136. 

  136. 

  137.     public function createCanonicalizedString(RequestInterface $request, $expires = null)
    138. 

  138.     {
    139. 

  139.         $buffer = $request->getMethod() . "\n";
    140. 

  140. 

  141.         // Add the interesting headers
    142. 

  142.         foreach ($this->signableHeaders as $header) {
    143. 

  143.             $buffer .= (string) $request->getHeader($header) . "\n";
    144. 

  144.         }
    145. 

  145. 

  146.         // Choose dates from left to right based on what's set
    147. 

  147.         $date = $expires ?: (string) $request->getHeader('date');
    148. 

  148. 

  149.         $buffer .= "{$date}\n"
    150. 

  150.             . $this->createCanonicalizedAmzHeaders($request)
    151. 

  151.             . $this->createCanonicalizedResource($request);
    152. 

  152. 

  153.         return $buffer;
    154. 

  154.     }
    155. 

  155. 

  156.     /**
    157. 

  157.      * Create a canonicalized AmzHeaders string for a signature.
    158. 

  158.      *
    159. 

  159.      * @param RequestInterface $request Request from which to gather headers
    160. 

  160.      *
    161. 

  161.      * @return string Returns canonicalized AMZ headers.
    162. 

  162.      */
    163. 

  163.     private function createCanonicalizedAmzHeaders(RequestInterface $request)
    164. 

  164.     {
    165. 

  165.         $headers = array();
    166. 

  166.         foreach ($request->getHeaders() as $name => $header) {
    167. 

  167.             $name = strtolower($name);
    168. 

  168.             if (strpos($name, 'x-amz-') === 0) {
    169. 

  169.                 $value = trim((string) $header);
    170. 

  170.                 if ($value || $value === '0') {
    171. 

  171.                     $headers[$name] = $name . ':' . $value;
    172. 

  172.                 }
    173. 

  173.             }
    174. 

  174.         }
    175. 

  175. 

  176.         if (!$headers) {
    177. 

  177.             return '';
    178. 

  178.         }
    179. 

  179. 

  180.         ksort($headers);
    181. 

  181. 

  182.         return implode("\n", $headers) . "\n";
    183. 

  183.     }
    184. 

  184. 

  185.     /**
    186. 

  186.      * Create a canonicalized resource for a request
    187. 

  187.      *
    188. 

  188.      * @param RequestInterface $request Request for the resource
    189. 

  189.      *
    190. 

  190.      * @return string
    191. 

  191.      */
    192. 

  192.     private function createCanonicalizedResource(RequestInterface $request)
    193. 

  193.     {
    194. 

  194.         $buffer = $request->getParams()->get('s3.resource');
    195. 

  195.         // When sending a raw HTTP request (e.g. $client->get())
    196. 

  196.         if (null === $buffer) {
    197. 

  197.             $bucket = $request->getParams()->get('bucket') ?: $this->parseBucketName($request);
    198. 

  198.             // Use any specified bucket name, the parsed bucket name, or no bucket name when interacting with GetService
    199. 

  199.             $buffer = $bucket ? "/{$bucket}" : '';
    200. 

  200.             // Remove encoding from the path and use the S3 specific encoding
    201. 

  201.             $path = S3Client::encodeKey(rawurldecode($request->getPath()));
    202. 

  202.             // if the bucket was path style, then ensure that the bucket wasn't duplicated in the resource
    203. 

  203.             $buffer .= preg_replace("#^/{$bucket}/{$bucket}#", "/{$bucket}", $path);
    204. 

  204.         }
    205. 

  205. 

  206.         // Remove double slashes
    207. 

  207.         $buffer = str_replace('//', '/', $buffer);
    208. 

  208. 

  209.         // Add sub resource parameters
    210. 

  210.         $query = $request->getQuery();
    211. 

  211.         $first = true;
    212. 

  212.         foreach ($this->signableQueryString as $key) {
    213. 

  213.             if ($query->hasKey($key)) {
    214. 

  214.                 $value = $query[$key];
    215. 

  215.                 $buffer .= $first ? '?' : '&';
    216. 

  216.                 $first = false;
    217. 

  217.                 $buffer .= $key;
    218. 

  218.                 // Don't add values for empty sub-resources
    219. 

  219.                 if ($value !== '' &&
    220. 

  220.                     $value !== false &&
    221. 

  221.                     $value !== null &&
    222. 

  222.                     $value !== QueryString::BLANK
    223. 

  223.                 ) {
    224. 

  224.                     $buffer .= "={$value}";
    225. 

  225.                 }
    226. 

  226.             }
    227. 

  227.         }
    228. 

  228. 

  229.         return $buffer;
    230. 

  230.     }
    231. 

  231. 

  232.     /**
    233. 

  233.      * Parse the bucket name from a request object
    234. 

  234.      *
    235. 

  235.      * @param RequestInterface $request Request to parse
    236. 

  236.      *
    237. 

  237.      * @return string
    238. 

  238.      */
    239. 

  239.     private function parseBucketName(RequestInterface $request)
    240. 

  240.     {
    241. 

  241.         $baseUrl = Url::factory($request->getClient()->getBaseUrl());
    242. 

  242.         $baseHost = $baseUrl->getHost();
    243. 

  243.         $host = $request->getHost();
    244. 

  244. 

  245.         if (strpos($host, $baseHost) === false) {
    246. 

  246.             // Does not contain the base URL, so it's either a redirect, CNAME, or using a different region
    247. 

  247.             $baseHost = '';
    248. 

  248.             // For every known S3 host, check if that host is present on the request
    249. 

  249.             $regions = $request->getClient()->getDescription()->getData('regions');
    250. 

  250.             foreach ($regions as $region) {
    251. 

  251.                 if (strpos($host, $region['hostname']) !== false) {
    252. 

  252.                     // This host matches the request host. Tells use the region and endpoint-- we can derive the bucket
    253. 

  253.                     $baseHost = $region['hostname'];
    254. 

  254.                     break;
    255. 

  255.                 }
    256. 

  256.             }
    257. 

  257.             // If no matching base URL was found, then assume that this is a CNAME, and the CNAME is the bucket
    258. 

  258.             if (!$baseHost) {
    259. 

  259.                 return $host;
    260. 

  260.             }
    261. 

  261.         }
    262. 

  262. 

  263.         // Remove the baseURL from the host of the request to attempt to determine the bucket name
    264. 

  264.         return trim(str_replace($baseHost, '', $request->getHost()), ' .');
    265. 

  265.     }
    266. 

  266. }
    267. 

  267.