| 1 |
lars |
1 |
<?php
|
|
|
2 |
/*
|
|
|
3 |
* Copyright 2010-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
|
4 |
*
|
|
|
5 |
* Licensed under the Apache License, Version 2.0 (the "License").
|
|
|
6 |
* You may not use this file except in compliance with the License.
|
|
|
7 |
* A copy of the License is located at
|
|
|
8 |
*
|
|
|
9 |
* http://aws.amazon.com/apache2.0
|
|
|
10 |
*
|
|
|
11 |
* or in the "license" file accompanying this file. This file is distributed
|
|
|
12 |
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
|
|
|
13 |
* express or implied. See the License for the specific language governing
|
|
|
14 |
* permissions and limitations under the License.
|
|
|
15 |
*/
|
|
|
16 |
|
|
|
17 |
|
|
|
18 |
/*%******************************************************************************************%*/
|
|
|
19 |
// CLASS
|
|
|
20 |
|
|
|
21 |
/**
|
|
|
22 |
* Simplifies the process of signing JSON policy documents.
|
|
|
23 |
*
|
|
|
24 |
* @version 2011.04.25
|
|
|
25 |
* @license See the included NOTICE.md file for more information.
|
|
|
26 |
* @copyright See the included NOTICE.md file for more information.
|
|
|
27 |
* @link http://aws.amazon.com/php/ PHP Developer Center
|
|
|
28 |
*/
|
|
|
29 |
class CFPolicy
|
|
|
30 |
{
|
|
|
31 |
/**
|
|
|
32 |
* Stores the object that contains the authentication credentials.
|
|
|
33 |
*/
|
|
|
34 |
public $auth;
|
|
|
35 |
|
|
|
36 |
/**
|
|
|
37 |
* Stores the policy object that we're working with.
|
|
|
38 |
*/
|
|
|
39 |
public $json_policy;
|
|
|
40 |
|
|
|
41 |
/**
|
|
|
42 |
* Constructs a new instance of this class.
|
|
|
43 |
*
|
|
|
44 |
* @param CFRuntime $auth (Required) An instance of any authenticated AWS object that is an instance of <CFRuntime> (e.g. <AmazonEC2>, <AmazonS3>).
|
|
|
45 |
* @param string|array $policy (Required) The associative array representing the S3 policy to use, or a string of JSON content.
|
|
|
46 |
* @return $this A reference to the current instance.
|
|
|
47 |
* @link http://docs.amazonwebservices.com/AmazonS3/2006-03-01/dev/index.html?HTTPPOSTForms.html S3 Policies
|
|
|
48 |
* @link http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage.html Access Policy Language
|
|
|
49 |
*/
|
|
|
50 |
public function __construct($auth, $policy)
|
|
|
51 |
{
|
|
|
52 |
$this->auth = $auth;
|
|
|
53 |
|
|
|
54 |
if (is_array($policy)) // We received an associative array...
|
|
|
55 |
{
|
|
|
56 |
$this->json_policy = json_encode($policy);
|
|
|
57 |
}
|
|
|
58 |
else // We received a valid, parseable JSON string...
|
|
|
59 |
{
|
|
|
60 |
$this->json_policy = json_encode(json_decode($policy, true));
|
|
|
61 |
}
|
|
|
62 |
|
|
|
63 |
return $this;
|
|
|
64 |
}
|
|
|
65 |
|
|
|
66 |
/**
|
|
|
67 |
* Alternate approach to constructing a new instance. Supports chaining.
|
|
|
68 |
*
|
|
|
69 |
* @param CFRuntime $auth (Required) An instance of any authenticated AWS object that is an instance of <CFRuntime> (e.g. <AmazonEC2>, <AmazonS3>).
|
|
|
70 |
* @param string|array $policy (Required) The associative array representing the S3 policy to use, or a string of JSON content.
|
|
|
71 |
* @return $this A reference to the current instance.
|
|
|
72 |
*/
|
|
|
73 |
public static function init($auth, $policy)
|
|
|
74 |
{
|
|
|
75 |
if (version_compare(PHP_VERSION, '5.3.0', '<'))
|
|
|
76 |
{
|
|
|
77 |
throw new Exception('PHP 5.3 or newer is required to instantiate a new class with CLASS::init().');
|
|
|
78 |
}
|
|
|
79 |
|
|
|
80 |
$self = get_called_class();
|
|
|
81 |
return new $self($auth, $policy);
|
|
|
82 |
}
|
|
|
83 |
|
|
|
84 |
/**
|
|
|
85 |
* Get the key from the authenticated instance.
|
|
|
86 |
*
|
|
|
87 |
* @return string The key from the authenticated instance.
|
|
|
88 |
*/
|
|
|
89 |
public function get_key()
|
|
|
90 |
{
|
|
|
91 |
return $this->auth->key;
|
|
|
92 |
}
|
|
|
93 |
|
|
|
94 |
/**
|
|
|
95 |
* Base64-encodes the JSON string.
|
|
|
96 |
*
|
|
|
97 |
* @return string The Base64-encoded version of the JSON string.
|
|
|
98 |
*/
|
|
|
99 |
public function get_policy()
|
|
|
100 |
{
|
|
|
101 |
return base64_encode($this->json_policy);
|
|
|
102 |
}
|
|
|
103 |
|
|
|
104 |
/**
|
|
|
105 |
* Gets the JSON string with the whitespace removed.
|
|
|
106 |
*
|
|
|
107 |
* @return string The JSON string without extraneous whitespace.
|
|
|
108 |
*/
|
|
|
109 |
public function get_json()
|
|
|
110 |
{
|
|
|
111 |
return $this->json_policy;
|
|
|
112 |
}
|
|
|
113 |
|
|
|
114 |
/**
|
|
|
115 |
* Gets the JSON string with the whitespace removed.
|
|
|
116 |
*
|
|
|
117 |
* @return string The Base64-encoded, signed JSON string.
|
|
|
118 |
*/
|
|
|
119 |
public function get_policy_signature()
|
|
|
120 |
{
|
|
|
121 |
return base64_encode(hash_hmac('sha1', $this->get_policy(), $this->auth->secret_key));
|
|
|
122 |
}
|
|
|
123 |
|
|
|
124 |
/**
|
|
|
125 |
* Decode a policy that was returned from the service.
|
|
|
126 |
*
|
|
|
127 |
* @param string $response (Required) The policy returned by AWS that you want to decode into an object.
|
|
|
128 |
* @return string The Base64-encoded, signed JSON string.
|
|
|
129 |
*/
|
|
|
130 |
public static function decode_policy($response)
|
|
|
131 |
{
|
|
|
132 |
return json_decode(urldecode($response), true);
|
|
|
133 |
}
|
|
|
134 |
}
|