| 1 |
lars |
1 |
<?php
|
|
|
2 |
/*
|
|
|
3 |
* Copyright 2010-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
|
4 |
*
|
|
|
5 |
* Licensed under the Apache License, Version 2.0 (the "License").
|
|
|
6 |
* You may not use this file except in compliance with the License.
|
|
|
7 |
* A copy of the License is located at
|
|
|
8 |
*
|
|
|
9 |
* http://aws.amazon.com/apache2.0
|
|
|
10 |
*
|
|
|
11 |
* or in the "license" file accompanying this file. This file is distributed
|
|
|
12 |
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
|
|
|
13 |
* express or implied. See the License for the specific language governing
|
|
|
14 |
* permissions and limitations under the License.
|
|
|
15 |
*/
|
|
|
16 |
|
|
|
17 |
|
|
|
18 |
/*%******************************************************************************************%*/
|
|
|
19 |
// CLASS
|
|
|
20 |
|
|
|
21 |
/**
|
|
|
22 |
* Implements support for Signature v3 (JSON).
|
|
|
23 |
*
|
|
|
24 |
* @version 2011.12.08
|
|
|
25 |
* @license See the included NOTICE.md file for more information.
|
|
|
26 |
* @copyright See the included NOTICE.md file for more information.
|
|
|
27 |
* @link http://aws.amazon.com/php/ PHP Developer Center
|
|
|
28 |
*/
|
|
|
29 |
class AuthV3JSON extends Signer implements Signable
|
|
|
30 |
{
|
|
|
31 |
/**
|
|
|
32 |
* Constructs a new instance of the <AuthV3JSON> class.
|
|
|
33 |
*
|
|
|
34 |
* @param string $endpoint (Required) The endpoint to direct the request to.
|
|
|
35 |
* @param string $operation (Required) The operation to execute as a result of this request.
|
|
|
36 |
* @param array $payload (Required) The options to use as part of the payload in the request.
|
|
|
37 |
* @param CFCredential $credentials (Required) The credentials to use for signing and making requests.
|
|
|
38 |
* @return void
|
|
|
39 |
*/
|
|
|
40 |
public function __construct($endpoint, $operation, $payload, CFCredential $credentials)
|
|
|
41 |
{
|
|
|
42 |
parent::__construct($endpoint, $operation, $payload, $credentials);
|
|
|
43 |
}
|
|
|
44 |
|
|
|
45 |
/**
|
|
|
46 |
* Generates a cURL handle with all of the required authentication bits set.
|
|
|
47 |
*
|
|
|
48 |
* @return resource A cURL handle ready for executing.
|
|
|
49 |
*/
|
|
|
50 |
public function authenticate()
|
|
|
51 |
{
|
|
|
52 |
// Determine signing values
|
|
|
53 |
$current_time = time();
|
|
|
54 |
$date = gmdate(CFUtilities::DATE_FORMAT_RFC2616, $current_time);
|
|
|
55 |
$timestamp = gmdate(CFUtilities::DATE_FORMAT_ISO8601, $current_time);
|
|
|
56 |
$nonce = $this->util->generate_guid();
|
|
|
57 |
$curlopts = array();
|
|
|
58 |
$signed_headers = array();
|
|
|
59 |
$return_curl_handle = false;
|
|
|
60 |
$x_amz_target = null;
|
|
|
61 |
$query = array('body' => $this->payload);
|
|
|
62 |
|
|
|
63 |
// Do we have an authentication token?
|
|
|
64 |
if ($this->auth_token)
|
|
|
65 |
{
|
|
|
66 |
$headers['X-Amz-Security-Token'] = $this->auth_token;
|
|
|
67 |
$query['SecurityToken'] = $this->auth_token;
|
|
|
68 |
}
|
|
|
69 |
|
|
|
70 |
// Manage the key-value pairs that are used in the query.
|
|
|
71 |
if (stripos($this->operation, 'x-amz-target') !== false)
|
|
|
72 |
{
|
|
|
73 |
$x_amz_target = trim(str_ireplace('x-amz-target:', '', $this->operation));
|
|
|
74 |
}
|
|
|
75 |
else
|
|
|
76 |
{
|
|
|
77 |
$query['Action'] = $this->operation;
|
|
|
78 |
}
|
|
|
79 |
|
|
|
80 |
// Only add it if it exists.
|
|
|
81 |
if ($this->api_version)
|
|
|
82 |
{
|
|
|
83 |
$query['Version'] = $this->api_version;
|
|
|
84 |
}
|
|
|
85 |
|
|
|
86 |
$curlopts = array();
|
|
|
87 |
|
|
|
88 |
// Set custom CURLOPT settings
|
|
|
89 |
if (is_array($this->payload) && isset($this->payload['curlopts']))
|
|
|
90 |
{
|
|
|
91 |
$curlopts = $this->payload['curlopts'];
|
|
|
92 |
unset($this->payload['curlopts']);
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
// Merge in any options that were passed in
|
|
|
96 |
if (is_array($this->payload))
|
|
|
97 |
{
|
|
|
98 |
$query = array_merge($query, $this->payload);
|
|
|
99 |
}
|
|
|
100 |
|
|
|
101 |
$return_curl_handle = isset($query['returnCurlHandle']) ? $query['returnCurlHandle'] : false;
|
|
|
102 |
unset($query['returnCurlHandle']);
|
|
|
103 |
|
|
|
104 |
// Do a case-sensitive, natural order sort on the array keys.
|
|
|
105 |
uksort($query, 'strcmp');
|
|
|
106 |
|
|
|
107 |
// Normalize JSON input
|
|
|
108 |
if (isset($query['body']) && $query['body'] === '[]')
|
|
|
109 |
{
|
|
|
110 |
$query['body'] = '{}';
|
|
|
111 |
}
|
|
|
112 |
|
|
|
113 |
// Create the string that needs to be hashed.
|
|
|
114 |
$canonical_query_string = $this->util->encode_signature2($query['body']);
|
|
|
115 |
|
|
|
116 |
// Remove the default scheme from the domain.
|
|
|
117 |
$domain = str_replace(array('http://', 'https://'), '', $this->endpoint);
|
|
|
118 |
|
|
|
119 |
// Parse our request.
|
|
|
120 |
$parsed_url = parse_url('http://' . $domain);
|
|
|
121 |
|
|
|
122 |
// Set the proper host header.
|
|
|
123 |
if (isset($parsed_url['port']) && (integer) $parsed_url['port'] !== 80 && (integer) $parsed_url['port'] !== 443)
|
|
|
124 |
{
|
|
|
125 |
$host_header = strtolower($parsed_url['host']) . ':' . $parsed_url['port'];
|
|
|
126 |
}
|
|
|
127 |
else
|
|
|
128 |
{
|
|
|
129 |
$host_header = strtolower($parsed_url['host']);
|
|
|
130 |
}
|
|
|
131 |
|
|
|
132 |
// Set the proper request URI.
|
|
|
133 |
$request_uri = isset($parsed_url['path']) ? $parsed_url['path'] : '/';
|
|
|
134 |
|
|
|
135 |
// Generate the querystring from $query
|
|
|
136 |
$this->querystring = $this->util->to_query_string($query);
|
|
|
137 |
|
|
|
138 |
// Gather information to pass along to other classes.
|
|
|
139 |
$helpers = array(
|
|
|
140 |
'utilities' => $this->utilities_class,
|
|
|
141 |
'request' => $this->request_class,
|
|
|
142 |
'response' => $this->response_class,
|
|
|
143 |
);
|
|
|
144 |
|
|
|
145 |
// Compose the request.
|
|
|
146 |
$request_url = ($this->use_ssl ? 'https://' : 'http://') . $domain;
|
|
|
147 |
$request_url .= !isset($parsed_url['path']) ? '/' : '';
|
|
|
148 |
|
|
|
149 |
// Instantiate the request class
|
|
|
150 |
$request = new $this->request_class($request_url, $this->proxy, $helpers, $this->credentials);
|
|
|
151 |
$request->set_method('POST');
|
|
|
152 |
$request->set_body($this->querystring);
|
|
|
153 |
$headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=utf-8';
|
|
|
154 |
|
|
|
155 |
// Signing using X-Amz-Target is handled differently.
|
|
|
156 |
$headers['X-Amz-Target'] = $x_amz_target;
|
|
|
157 |
$headers['Content-Type'] = 'application/x-amz-json-1.0';
|
|
|
158 |
$request->set_body($query['body']);
|
|
|
159 |
$this->querystring = $query['body'];
|
|
|
160 |
|
|
|
161 |
// Pass along registered stream callbacks
|
|
|
162 |
if ($this->registered_streaming_read_callback)
|
|
|
163 |
{
|
|
|
164 |
$request->register_streaming_read_callback($this->registered_streaming_read_callback);
|
|
|
165 |
}
|
|
|
166 |
|
|
|
167 |
if ($this->registered_streaming_write_callback)
|
|
|
168 |
{
|
|
|
169 |
$request->register_streaming_write_callback($this->registered_streaming_write_callback);
|
|
|
170 |
}
|
|
|
171 |
|
|
|
172 |
// Add authentication headers
|
|
|
173 |
// $headers['X-Amz-Nonce'] = $nonce;
|
|
|
174 |
$headers['Date'] = $date;
|
|
|
175 |
$headers['Content-Length'] = strlen($this->querystring);
|
|
|
176 |
$headers['Content-MD5'] = $this->util->hex_to_base64(md5($this->querystring));
|
|
|
177 |
$headers['Host'] = $host_header;
|
|
|
178 |
|
|
|
179 |
// Sort headers
|
|
|
180 |
uksort($headers, 'strnatcasecmp');
|
|
|
181 |
|
|
|
182 |
// Prepare the string to sign (HTTP)
|
|
|
183 |
$this->string_to_sign = "POST\n$request_uri\n\n";
|
|
|
184 |
|
|
|
185 |
// Add headers to request and compute the string to sign
|
|
|
186 |
foreach ($headers as $header_key => $header_value)
|
|
|
187 |
{
|
|
|
188 |
// Strip linebreaks from header values as they're illegal and can allow for security issues
|
|
|
189 |
$header_value = str_replace(array("\r", "\n"), '', $header_value);
|
|
|
190 |
|
|
|
191 |
// Add the header if it has a value
|
|
|
192 |
if ($header_value !== '')
|
|
|
193 |
{
|
|
|
194 |
$request->add_header($header_key, $header_value);
|
|
|
195 |
}
|
|
|
196 |
|
|
|
197 |
// Generate the string to sign
|
|
|
198 |
if (
|
|
|
199 |
substr(strtolower($header_key), 0, 8) === 'content-' ||
|
|
|
200 |
strtolower($header_key) === 'date' ||
|
|
|
201 |
strtolower($header_key) === 'expires' ||
|
|
|
202 |
strtolower($header_key) === 'host' ||
|
|
|
203 |
substr(strtolower($header_key), 0, 6) === 'x-amz-'
|
|
|
204 |
)
|
|
|
205 |
{
|
|
|
206 |
$this->string_to_sign .= strtolower($header_key) . ':' . $header_value . "\n";
|
|
|
207 |
$signed_headers[] = $header_key;
|
|
|
208 |
}
|
|
|
209 |
}
|
|
|
210 |
|
|
|
211 |
$this->string_to_sign .= "\n";
|
|
|
212 |
|
|
|
213 |
if (isset($query['body']) && $query['body'] !== '')
|
|
|
214 |
{
|
|
|
215 |
$this->string_to_sign .= $query['body'];
|
|
|
216 |
}
|
|
|
217 |
|
|
|
218 |
// Convert from string-to-sign to bytes-to-sign
|
|
|
219 |
$bytes_to_sign = hash('sha256', $this->string_to_sign, true);
|
|
|
220 |
|
|
|
221 |
// Hash the AWS secret key and generate a signature for the request.
|
|
|
222 |
$signature = base64_encode(hash_hmac('sha256', $bytes_to_sign, $this->secret_key, true));
|
|
|
223 |
|
|
|
224 |
$headers['X-Amzn-Authorization'] = 'AWS3'
|
|
|
225 |
. ' AWSAccessKeyId=' . $this->key
|
|
|
226 |
. ',Algorithm=HmacSHA256'
|
|
|
227 |
. ',SignedHeaders=' . implode(';', $signed_headers)
|
|
|
228 |
. ',Signature=' . $signature;
|
|
|
229 |
|
|
|
230 |
$request->add_header('X-Amzn-Authorization', $headers['X-Amzn-Authorization']);
|
|
|
231 |
$request->request_headers = $headers;
|
|
|
232 |
|
|
|
233 |
return $request;
|
|
|
234 |
}
|
|
|
235 |
}
|