Home Explore Help
Register Sign In
CopperWire
/
daktylos
4
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
daktylos
/
libs
/
AWSOAuth.class.php

AWSOAuth.class.php 6.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 
  1. <?php
    2. 

  2. class AWSOAuth {
    3. 

  3. 	private static $SECRET_KEY = "+vB6pF3kIVHOljYeUnjIpziVHcJxy7F9j+fW3eWH";
    4. 

  4. 	private static $ACCESS_KEY = "AKIAJHK7XI7GFCS24S2Q";
    5. 

  5. 

  6. 	private static $WRITE_SECRET_KEY = "XuCD9a3erN8sY5Bnv6i3T2FgOlM5w/226fbk0+/m";
    7. 

  7. 	private static $WRITE_ACCESS_KEY = "AKIAJXBZQQGTOWROMJPA";
    8. 

  8. 

  9. 	private STATIC $MINUTES_EXPIRES = 240;
    10. 

  10. 

  11. 	private function lazySignature($key, $data) {
    12. 

  12. 		if (strlen($key) > 64) {
    13. 

  13. 			$key = pack('H*', sha1($key));	
    14. 

  14. 		}
    15. 

  15. 		$key = str_pad($key, 64, chr(0x00));
    16. 

  16. 		$ipad = str_repeat(chr(0x36), 64);
    17. 

  17. 		$opad = str_repeat(chr(0x5c), 64);
    18. 

  18. 		$hmac = pack( 'H*', sha1(
    19. 

  19. 			($key ^ $opad) . pack( 'H*', sha1(
    20. 

  20. 				($key ^ $ipad) . $data
    21. 

  21. 				))
    22. 

  22. 			));
    23. 

  23. 		return base64_encode($hmac);
    24. 

  24. 	}
    25. 

  25. 

  26. 	public function getFileSecureParams($bucket, $fileName) {
    27. 

  27. 		$expires = time() + intval(floatval(AWSOAuth::$MINUTES_EXPIRES) * 60);
    28. 

  28. 		$fileName = str_replace('%2F', '/', rawurlencode($fileName = ltrim($fileName, '/')));
    29. 

  29. 		$signpath = '/'. $bucket .'/'. $fileName;
    30. 

  30. 		$signsz = implode("\n", $pieces = array('GET', null, null, $expires, $signpath));
    31. 

  31. 		$signature = $this->lazySignature(AWSOAuth::$SECRET_KEY, $signsz);
    32. 

  32. 

  33. 		$qs = http_build_query($pieces = array(
    34. 

  34. 			'AWSAccessKeyId' => AWSOAuth::$ACCESS_KEY,
    35. 

  35. 			'Expires' => $expires,
    36. 

  36. 			'Signature' => $signature,
    37. 

  37. 			));
    38. 

  38. 		return $qs;
    39. 

  39. 	}
    40. 

  40. 

  41. 	public function putFileSecureParams($bucket, $region, $filePath, $params = "") {
    42. 

  42. 		$returnParams = array();
    43. 

  43. 

  44. 		$cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath));
    45. 

  45. 		$returnParams['clean_file'] = $cleanFilePath;
    46. 

  46. 		$url = "https://".$bucket.".s3.amazonaws.com". $cleanFilePath . $params;
    47. 

  47. 		$returnParams["url"] = $url;
    48. 

  48. 

  49. 		$now = time();
    50. 

  50. 		$longDate = gmdate("Ymd\THis\Z", $now);
    51. 

  51. 		$shortDate = gmdate("Ymd", $now);
    52. 

  52. 		$method = "PUT";
    53. 

  53. 		$service = "s3";
    54. 

  54. 		$algorithm = "AWS4-HMAC-SHA256";
    55. 

  55. 		$timeToLive = 3600;
    56. 

  56. 		$contentHash = "UNSIGNED-PAYLOAD";
    57. 

  57. 

  58. 		$scope = $shortDate. "/" . $region . "/".$service."/aws4_request";
    59. 

  59. 		$credentialString = AWSOAuth::$WRITE_ACCESS_KEY . "/" . $scope;
    60. 

  60. 

  61. 		$headers = array();
    62. 

  62. 		$headers["host"] = parse_url($url, PHP_URL_HOST);
    63. 

  63. 		$headers["x-amz-content-sha256"] = $contentHash;
    64. 

  64. 		$headers["x-amz-date"] = $longDate;
    65. 

  65. 		ksort($headers);
    66. 

  66. 

  67. 		$signedHeaders = implode(";", array_keys($headers));
    68. 

  68. 

  69. 		$query = parse_url($url, PHP_URL_QUERY);
    70. 

  70. 		parse_str($query, $params);
    71. 

  71. 		ksort($params);
    72. 

  72. 		$query = http_build_query($params);
    73. 

  73. 	    
    74. 

  74. 	    $canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash);
    75. 

  75. 		$returnParams["canonical_request"] = $canonicalRequest;
    76. 

  76. 

  77. 		$stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope);
    78. 

  78. 		$returnParams["string_to_sign"] = $stringToSign;
    79. 

  79. 

  80. 		$signature = $this->generateSignature(AWSOAuth::$WRITE_SECRET_KEY, $shortDate, $region, $service, $stringToSign);
    81. 

  81. 		$returnParams["signature"] = $signature;
    82. 

  82. 		
    83. 

  83. 		$authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm);
    84. 

  84. 

  85. 		$headers["Authorization"] = $authorizationString;
    86. 

  86. 		unset($headers['host']);
    87. 

  87. 		$returnParams["headers"] = $headers;
    88. 

  88. 

  89. 		return $returnParams;
    90. 

  90. 	}
    91. 

  91. 

  92. 	public function getFileSecureParams2($bucket, $region, $filePath, $params = "") {
    93. 

  93. 		$returnParams = array();
    94. 

  94. 		$cleanFilePath = str_replace("%2F", "/", rawurlencode($filePath));
    95. 

  95. 		$returnParams['clean_file'] = $cleanFilePath;
    96. 

  96. 		$url = "https://".$bucket.".s3.amazonaws.com" . $cleanFilePath . $params;
    97. 

  97. 		$returnParams["url"] = $url;
    98. 

  98. 

  99. 		$now = time();
    100. 

  100. 		$longDate = gmdate("Ymd\THis\Z", $now);
    101. 

  101. 		$shortDate = gmdate("Ymd", $now);
    102. 

  102. 		$method = "GET";
    103. 

  103. 		$service = "s3";
    104. 

  104. 		$algorithm = "AWS4-HMAC-SHA256";
    105. 

  105. 		$timeToLive = 3600;
    106. 

  106. 		$contentHash = hash('sha256', '');
    107. 

  107. 

  108. 		$scope = $shortDate. "/" . $region . "/".$service."/aws4_request";
    109. 

  109. 		$credentialString = AWSOAuth::$ACCESS_KEY . "/" . $scope;
    110. 

  110. 

  111. 		$headers = array();
    112. 

  112. 		$headers["host"] = parse_url($url, PHP_URL_HOST);
    113. 

  113. 		$headers["x-amz-content-sha256"] = $contentHash;
    114. 

  114. 		$headers["x-amz-date"] = $longDate;
    115. 

  115. 		ksort($headers);
    116. 

  116. 

  117. 		$signedHeaders = implode(";", array_keys($headers));
    118. 

  118. 

  119. 		$query = parse_url($url, PHP_URL_QUERY);
    120. 

  120. 		parse_str($query, $params);
    121. 

  121. 		ksort($params);
    122. 

  122. 		$query = http_build_query($params);
    123. 

  123. 

  124. 		$canonicalRequest = $this->generateCanonicalRequest($headers, $method, $cleanFilePath, $query, $signedHeaders, $contentHash);
    125. 

  125. 		$returnParams["canonical_request"] = $canonicalRequest;
    126. 

  126. 

  127. 		$stringToSign = $this->generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope);
    128. 

  128. 		$returnParams["string_to_sign"] = $stringToSign;
    129. 

  129. 

  130. 		$signature = $this->generateSignature(AWSOAuth::$SECRET_KEY, $shortDate, $region, $service, $stringToSign);
    131. 

  131. 		$returnParams["signature"] = $signature;
    132. 

  132. 		
    133. 

  133. 		$authorizationString = $this->generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm);
    134. 

  134. 

  135. 		$headers["Authorization"] = $authorizationString;		
    136. 

  136. 		$returnParams["authorization"] = $authorizationString;
    137. 

  137. 		unset($headers['host']);
    138. 

  138. 		$returnParams["headers"] = $headers;
    139. 

  139. 

  140. 		return $returnParams;
    141. 

  141. 	}
    142. 

  142. 

  143. 	public function generateAuthorization($credentialString, $signedHeaders, $signature, $algorithm) {
    144. 

  144. 		$params = array();
    145. 

  145. 		$params[] = "Credential=".$credentialString;
    146. 

  146. 		$params[] = "SignedHeaders=" . $signedHeaders;
    147. 

  147. 		$params[] = "Signature=" . $signature;
    148. 

  148. 		return $algorithm . " " . implode(",", $params);
    149. 

  149. 	}
    150. 

  150. 

  151. 	public function generateSignature($secretKey, $shortDate, $region, $service, $stringToSign) {
    152. 

  152. 		$dateKey = hash_hmac("sha256", $shortDate, "AWS4" . $secretKey, true);
    153. 

  153. 		$regionKey = hash_hmac("sha256", $region, $dateKey, true);
    154. 

  154. 		$serviceKey = hash_hmac("sha256", $service, $regionKey, true);
    155. 

  155. 		$signingKey = hash_hmac("sha256", "aws4_request", $serviceKey, true);
    156. 

  156. 		return hash_hmac("sha256", $stringToSign, $signingKey);
    157. 

  157. 	}
    158. 

  158. 

  159. 	public function generateStringToSign($canonicalRequest, $algorithm, $longDate, $scope) {
    160. 

  160. 		$reqHash = hash("sha256", $canonicalRequest);
    161. 

  161. 		
    162. 

  162. 		$stringToSignData = array();
    163. 

  163. 		$stringToSignData[] = $algorithm;
    164. 

  164. 		$stringToSignData[] = $longDate;
    165. 

  165. 		$stringToSignData[] = $scope;
    166. 

  166. 		$stringToSignData[] = $reqHash;
    167. 

  167. 		return implode("\n", $stringToSignData);
    168. 

  168. 	}
    169. 

  169. 

  170. 	public function generateCanonicalRequest($headers, $method, $filePath, $query, $signedHeaders, $contentHash) {
    171. 

  171. 		$canonicalHeaderData = array();
    172. 

  172. 		foreach ($headers as $key => $value) {
    173. 

  173. 			$canonicalHeaderData[] = $key . ":" . $value;
    174. 

  174. 		}
    175. 

  175. 		$canonicalHeaderString = implode("\n", $canonicalHeaderData);
    176. 

  176. 

  177. 		$canonicalRequestData = array();
    178. 

  178. 		$canonicalRequestData[] = $method;
    179. 

  179. 		$canonicalRequestData[] = $filePath;
    180. 

  180. 		$canonicalRequestData[] = $query;
    181. 

  181. 		$canonicalRequestData[] = $canonicalHeaderString;
    182. 

  182. 		$canonicalRequestData[] = null;
    183. 

  183. 		$canonicalRequestData[] = $signedHeaders;
    184. 

  184. 		$canonicalRequestData[] = $contentHash;
    185. 

  185. 

  186. 		return implode("\n", $canonicalRequestData);
    187. 

  187. 	}
    188. 

  188. }
    189.