diff options
author | Andrew Dolgov <[email protected]> | 2022-11-23 21:14:33 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2022-11-23 21:14:33 +0300 |
commit | 0c8af4992cb0f7589dcafaad65ada12753c64594 (patch) | |
tree | 18e83d068c3e7dd2499331de977782b382279396 /vendor/aws/aws-sdk-php/src/CloudFront/Signer.php |
initial
Diffstat (limited to 'vendor/aws/aws-sdk-php/src/CloudFront/Signer.php')
-rw-r--r-- | vendor/aws/aws-sdk-php/src/CloudFront/Signer.php | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/vendor/aws/aws-sdk-php/src/CloudFront/Signer.php b/vendor/aws/aws-sdk-php/src/CloudFront/Signer.php new file mode 100644 index 0000000..22e55c2 --- /dev/null +++ b/vendor/aws/aws-sdk-php/src/CloudFront/Signer.php @@ -0,0 +1,125 @@ +<?php +namespace Aws\CloudFront; + +/** + * @internal + */ +class Signer +{ + private $keyPairId; + private $pkHandle; + + /** + * A signer for creating the signature values used in CloudFront signed URLs + * and signed cookies. + * + * @param $keyPairId string ID of the key pair + * @param $privateKey string Path to the private key used for signing + * @param $passphrase string Passphrase to private key file, if one exists + * + * @throws \RuntimeException if the openssl extension is missing + * @throws \InvalidArgumentException if the private key cannot be found. + */ + public function __construct($keyPairId, $privateKey, $passphrase = "") + { + if (!extension_loaded('openssl')) { + //@codeCoverageIgnoreStart + throw new \RuntimeException('The openssl extension is required to ' + . 'sign CloudFront urls.'); + //@codeCoverageIgnoreEnd + } + + $this->keyPairId = $keyPairId; + + if (!$this->pkHandle = openssl_pkey_get_private($privateKey, $passphrase)) { + if (!file_exists($privateKey)) { + throw new \InvalidArgumentException("PK file not found: $privateKey"); + } + + $this->pkHandle = openssl_pkey_get_private("file://$privateKey", $passphrase); + if (!$this->pkHandle) { + $errorMessages = []; + while(($newMessage = openssl_error_string()) !== false){ + $errorMessages[] = $newMessage; + } + throw new \InvalidArgumentException(implode("\n",$errorMessages)); + } + } + } + + public function __destruct() + { + if (PHP_MAJOR_VERSION < 8) { + $this->pkHandle && openssl_pkey_free($this->pkHandle); + } + } + + /** + * Create the values used to construct signed URLs and cookies. + * + * @param string $resource The CloudFront resource to which + * this signature will grant access. + * Not used when a custom policy is + * provided. + * @param string|integer|null $expires UTC Unix timestamp used when + * signing with a canned policy. + * Not required when passing a + * custom $policy. + * @param string $policy JSON policy. Use this option when + * creating a signature for a custom + * policy. + * + * @return array The values needed to construct a signed URL or cookie + * @throws \InvalidArgumentException when not provided either a policy or a + * resource and a expires + * + * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html + */ + public function getSignature($resource = null, $expires = null, $policy = null) + { + $signatureHash = []; + if ($policy) { + $policy = preg_replace('/\s/s', '', $policy); + $signatureHash['Policy'] = $this->encode($policy); + } elseif ($resource && $expires) { + $expires = (int) $expires; // Handle epoch passed as string + $policy = $this->createCannedPolicy($resource, $expires); + $signatureHash['Expires'] = $expires; + } else { + throw new \InvalidArgumentException('Either a policy or a resource' + . ' and an expiration time must be provided.'); + } + + $signatureHash['Signature'] = $this->encode($this->sign($policy)); + $signatureHash['Key-Pair-Id'] = $this->keyPairId; + + return $signatureHash; + } + + private function createCannedPolicy($resource, $expiration) + { + return json_encode([ + 'Statement' => [ + [ + 'Resource' => $resource, + 'Condition' => [ + 'DateLessThan' => ['AWS:EpochTime' => $expiration], + ], + ], + ], + ], JSON_UNESCAPED_SLASHES); + } + + private function sign($policy) + { + $signature = ''; + openssl_sign($policy, $signature, $this->pkHandle); + + return $signature; + } + + private function encode($policy) + { + return strtr(base64_encode($policy), '+=/', '-_~'); + } +} |