123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 |
- <?php
- class AWSOAuth {
- private static $SECRET_KEY = "+vB6pF3kIVHOljYeUnjIpziVHcJxy7F9j+fW3eWH";
- private static $ACCESS_KEY = "AKIAJHK7XI7GFCS24S2Q";
- private static $WRITE_SECRET_KEY = "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";
- private static $WRITE_ACCESS_KEY = "AKIAJXBZQQGTOWROMJPA";
- private STATIC $MINUTES_EXPIRES = 240;
- private function lazySignature($key, $data) {
- if (strlen($key) > 64) {
- $key = pack('H*', sha1($key));
- }
- $key = str_pad($key, 64, chr(0x00));
- $ipad = str_repeat(chr(0x36), 64);
- $opad = str_repeat(chr(0x5c), 64);
- $hmac = pack( 'H*', sha1(
- ($key ^ $opad) . pack( 'H*', sha1(
- ($key ^ $ipad) . $data
- ))
- ));
- return base64_encode($hmac);
- }
- public function getFileSecureParams($bucket, $fileName) {
- $expires = time() + intval(floatval(AWSOAuth::$MINUTES_EXPIRES) * 60);
- $fileName = str_replace('%2F', '/', rawurlencode($fileName = ltrim($fileName, '/')));
- $signpath = '/'. $bucket .'/'. $fileName;
- $signsz = implode("\n", $pieces = array('GET', null, null, $expires, $signpath));
- $signature = $this->lazySignature(AWSOAuth::$SECRET_KEY, $signsz);
- $qs = http_build_query($pieces = array(
- 'AWSAccessKeyId' => AWSOAuth::$ACCESS_KEY,
- 'Expires' => $expires,
- 'Signature' => $signature,
- ));
- return $qs;
- }
- public function putFileSecureParams($bucket, $region, $filePath, $params = "") {
- $returnParams = array();
- $cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath));
- $returnParams['clean_file'] = $cleanFilePath;
- $url = "https://".$bucket.".s3.amazonaws.com". $cleanFilePath . $params;
- $returnParams["url"] = $url;
- $now = time();
- $longDate = gmdate("Ymd\THis\Z", $now);
- $shortDate = gmdate("Ymd", $now);
- $method = "PUT";
- $service = "s3";
- $algorithm = "AWS4-HMAC-SHA256";
- $timeToLive = 3600;
- $contentHash = "UNSIGNED-PAYLOAD";
- $scope = $shortDate. "/" . $region . "/".$service."/aws4_request";
- $credentialString = AWSOAuth::$WRITE_ACCESS_KEY . "/" . $scope;
- $headers = array();
- $headers["host"] = parse_url($url, PHP_URL_HOST);
- $headers["x-amz-content-sha256"] = $contentHash;
- $headers["x-amz-date"] = $longDate;
- ksort($headers);
- $signedHeaders = implode(";", array_keys($headers));
- $query = parse_url($url, PHP_URL_QUERY);
- parse_str($query, $params);
- ksort($params);
- $query = http_build_query($params);
-
- $canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash);
- $returnParams["canonical_request"] = $canonicalRequest;
- $stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope);
- $returnParams["string_to_sign"] = $stringToSign;
- $signature = $this->generateSignature(AWSOAuth::$WRITE_SECRET_KEY, $shortDate, $region, $service, $stringToSign);
- $returnParams["signature"] = $signature;
-
- $authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm);
- $headers["Authorization"] = $authorizationString;
- unset($headers['host']);
- $returnParams["headers"] = $headers;
- return $returnParams;
- }
- public function getFileSecureParams2($bucket, $region, $filePath, $params = "") {
- $returnParams = array();
- $cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath));
- $returnParams['clean_file'] = $cleanFilePath;
- $url = "https://".$bucket.".s3.amazonaws.com" . $cleanFilePath . $params;
- $returnParams["url"] = $url;
- $now = time();
- $longDate = gmdate("Ymd\THis\Z", $now);
- $shortDate = gmdate("Ymd", $now);
- $method = "GET";
- $service = "s3";
- $algorithm = "AWS4-HMAC-SHA256";
- $timeToLive = 3600;
- $contentHash = hash('sha256', '');
- $scope = $shortDate. "/" . $region . "/".$service."/aws4_request";
- $credentialString = AWSOAuth::$ACCESS_KEY . "/" . $scope;
- $headers = array();
- $headers["host"] = parse_url($url, PHP_URL_HOST);
- $headers["x-amz-content-sha256"] = $contentHash;
- $headers["x-amz-date"] = $longDate;
- ksort($headers);
- $signedHeaders = implode(";", array_keys($headers));
- $query = parse_url($url, PHP_URL_QUERY);
- parse_str($query, $params);
- ksort($params);
- $query = http_build_query($params);
- $canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash);
- $returnParams["canonical_request"] = $canonicalRequest;
- $stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope);
- $returnParams["string_to_sign"] = $stringToSign;
- $signature = $this->generateSignature(AWSOAuth::$SECRET_KEY, $shortDate, $region, $service, $stringToSign);
- $returnParams["signature"] = $signature;
-
- $authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm);
- $headers["Authorization"] = $authorizationString;
- $returnParams["authorization"] = $authorizationString;
- unset($headers['host']);
- $returnParams["headers"] = $headers;
- return $returnParams;
- }
- public function generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm) {
- $params = array();
- $params[] = "Credential=".$credentialString;
- $params[] = "SignedHeaders=" . $signedHeaders;
- $params[] = "Signature=" . $signature;
- return $algorithm . " " . implode(",", $params);
- }
- public function generateSignature($secretKey, $shortDate, $region, $service, $stringToSign) {
- $dateKey = hash_hmac("sha256", $shortDate, "AWS4" . $secretKey, true);
- $regionKey = hash_hmac("sha256", $region, $dateKey, true);
- $serviceKey = hash_hmac("sha256", $service, $regionKey, true);
- $signingKey = hash_hmac("sha256", "aws4_request", $serviceKey, true);
- return hash_hmac("sha256", $stringToSign, $signingKey);
- }
- public function generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope) {
- $reqHash = hash("sha256", $canonicalRequest);
-
- $stringToSignData = array();
- $stringToSignData[] = $algorithm;
- $stringToSignData[] = $longDate;
- $stringToSignData[] = $scope;
- $stringToSignData[] = $reqHash;
- return implode("\n", $stringToSignData);
- }
- public function generateCanonicalRequest($headers, $method, $filePath, $query, $signedHeaders, $contentHash) {
- $canonicalHeaderData = array();
- foreach ($headers as $key => $value) {
- $canonicalHeaderData[] = $key . ":" . $value;
- }
- $canonicalHeaderString = implode("\n", $canonicalHeaderData);
- $canonicalRequestData = array();
- $canonicalRequestData[] = $method;
- $canonicalRequestData[] = $filePath;
- $canonicalRequestData[] = $query;
- $canonicalRequestData[] = $canonicalHeaderString;
- $canonicalRequestData[] = null;
- $canonicalRequestData[] = $signedHeaders;
- $canonicalRequestData[] = $contentHash;
- return implode("\n", $canonicalRequestData);
- }
- }
|