diff options
author | Andrew Dolgov <[email protected]> | 2023-10-20 16:44:35 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2023-10-20 16:44:35 +0300 |
commit | 8bec661288b276c98bdb0e773e5f4d5275dc4c87 (patch) | |
tree | 8617ebe581c62fc46a7881aa61801ebce9d3c603 /vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php | |
parent | 540438c2eb5452bacad30c247906bfa287f2da1d (diff) |
Diffstat (limited to 'vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php')
-rw-r--r-- | vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php | 138 |
1 files changed, 106 insertions, 32 deletions
diff --git a/vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php b/vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php index 4f93713..d7c64af 100644 --- a/vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php +++ b/vendor/aws/aws-sdk-php/src/Signature/SignatureV4.php @@ -166,14 +166,21 @@ class SignatureV4 implements SignatureInterface $expires, array $options = [] ) { - $startTimestamp = isset($options['start_time']) - ? $this->convertToTimestamp($options['start_time'], null) - : time(); - + ? $this->convertToTimestamp($options['start_time'], null) + : time(); $expiresTimestamp = $this->convertToTimestamp($expires, $startTimestamp); + if ($this->useV4a) { + return $this->presignWithV4a( + $request, + $credentials, + $this->convertExpires($expiresTimestamp, $startTimestamp) + ); + } + $parsed = $this->createPresignedRequest($request, $credentials); + $payload = $this->getPresignedPayload($request); $httpDate = gmdate(self::ISO8601_BASIC, $startTimestamp); $shortDate = substr($httpDate, 0, 8); @@ -359,7 +366,7 @@ class SignatureV4 implements SignatureInterface $timestamp = $dateValue->getTimestamp(); } elseif (!is_numeric($dateValue)) { $timestamp = strtotime($dateValue, - $relativeTimeBase === null ? time() : $relativeTimeBase + $relativeTimeBase === null ? time() : $relativeTimeBase ); } else { $timestamp = $dateValue; @@ -439,13 +446,7 @@ class SignatureV4 implements SignatureInterface ); } - /** - * @param CredentialsInterface $credentials - * @param RequestInterface $request - * @param $signingService - * @return RequestInterface - */ - protected function signWithV4a(CredentialsInterface $credentials, RequestInterface $request, $signingService) + private function verifyCRTLoaded() { if (!extension_loaded('awscrt')) { throw new CommonRuntimeException( @@ -454,49 +455,122 @@ class SignatureV4 implements SignatureInterface . " https://github.com/aws/aws-sdk-php/blob/master/CRT_INSTRUCTIONS.md" ); } - $credentials_provider = new StaticCredentialsProvider([ + } + + private function createCRTStaticCredentialsProvider($credentials) + { + return new StaticCredentialsProvider([ 'access_key_id' => $credentials->getAccessKeyId(), 'secret_access_key' => $credentials->getSecretKey(), 'session_token' => $credentials->getSecurityToken(), ]); - $sha = $this->getPayload($request); + } + + private function removeIllegalV4aHeaders(&$request) + { + $illegalV4aHeaders = [ + self::AMZ_CONTENT_SHA256_HEADER, + "aws-sdk-invocation-id", + "aws-sdk-retry", + 'x-amz-region-set' + ]; + $storedHeaders = []; + + foreach ($illegalV4aHeaders as $header) { + if ($request->hasHeader($header)){ + $storedHeaders[$header] = $request->getHeader($header); + $request = $request->withoutHeader($header); + } + } + + return $storedHeaders; + } + + private function CRTRequestFromGuzzleRequest($request) + { + return new Request( + $request->getMethod(), + (string) $request->getUri(), + [], //leave empty as the query is parsed from the uri object + array_map(function ($header) {return $header[0];}, $request->getHeaders()) + ); + } + + /** + * @param CredentialsInterface $credentials + * @param RequestInterface $request + * @param $signingService + * @return RequestInterface + */ + protected function signWithV4a(CredentialsInterface $credentials, RequestInterface $request, $signingService) + { + $this->verifyCRTLoaded(); + $credentials_provider = $this->createCRTStaticCredentialsProvider($credentials); $signingConfig = new SigningConfigAWS([ 'algorithm' => SigningAlgorithm::SIGv4_ASYMMETRIC, 'signature_type' => SignatureType::HTTP_REQUEST_HEADERS, 'credentials_provider' => $credentials_provider, - 'signed_body_value' => $sha, + 'signed_body_value' => $this->getPayload($request), 'region' => "*", 'service' => $signingService, 'date' => time(), ]); - $sha = $this->getPayload($request); - $invocationId = $request->getHeader("aws-sdk-invocation-id"); - $retry = $request->getHeader("aws-sdk-retry"); - $request = $request->withoutHeader("aws-sdk-invocation-id"); - $request = $request->withoutHeader("aws-sdk-retry"); - $http_request = new Request( - $request->getMethod(), - (string) $request->getUri(), - [], - array_map(function ($header) { - return $header[0]; - }, $request->getHeaders()) - ); + + $removedIllegalHeaders = $this->removeIllegalV4aHeaders($request); + $http_request = $this->CRTRequestFromGuzzleRequest($request); Signing::signRequestAws( Signable::fromHttpRequest($http_request), $signingConfig, function ($signing_result, $error_code) use (&$http_request) { $signing_result->applyToHttpRequest($http_request); }); + foreach ($removedIllegalHeaders as $header => $value) { + $request = $request->withHeader($header, $value); + } + $sigV4AHeaders = $http_request->headers(); foreach ($sigV4AHeaders->toArray() as $h => $v) { $request = $request->withHeader($h, $v); } - $request = $request->withHeader("aws-sdk-invocation-id", $invocationId); - $request = $request->withHeader("x-amz-content-sha256", $sha); - $request = $request->withHeader("aws-sdk-retry", $retry); - $request = $request->withHeader("x-amz-region-set", "*"); return $request; } + + protected function presignWithV4a( + RequestInterface $request, + CredentialsInterface $credentials, + $expires + ) + { + $this->verifyCRTLoaded(); + $credentials_provider = $this->createCRTStaticCredentialsProvider($credentials); + $signingConfig = new SigningConfigAWS([ + 'algorithm' => SigningAlgorithm::SIGv4_ASYMMETRIC, + 'signature_type' => SignatureType::HTTP_REQUEST_QUERY_PARAMS, + 'credentials_provider' => $credentials_provider, + 'signed_body_value' => $this->getPresignedPayload($request), + 'region' => "*", + 'service' => $this->service, + 'date' => time(), + 'expiration_in_seconds' => $expires + ]); + + $this->removeIllegalV4aHeaders($request); + foreach ($this->getHeaderBlacklist() as $headerName => $headerValue) { + if ($request->hasHeader($headerName)) { + $request = $request->withoutHeader($headerName); + } + } + + $http_request = $this->CRTRequestFromGuzzleRequest($request); + Signing::signRequestAws( + Signable::fromHttpRequest($http_request), + $signingConfig, function ($signing_result, $error_code) use (&$http_request) { + $signing_result->applyToHttpRequest($http_request); + }); + + return $request->withUri( + new Psr7\Uri($http_request->pathAndQuery()) + ); + } } |