Accueil Explorer Aide
S'inscrire Connexion
Kirin
/
shenying
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 5d7847ee69
Branches Tags
shenying
/
crmeb
/
services
/
upload
/
extend
/
jdoss
/
Signer.php

Signer.php 6.6 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 
  1. <?php
    2. 

  2. 

  3. namespace AsyncAws\S3\Signer;
    4. 

  4. 

  5. use AsyncAws\Core\Configuration;
    6. 

  6. use AsyncAws\Core\Credentials\Credentials;
    7. 

  7. use AsyncAws\Core\Exception\InvalidArgument;
    8. 

  8. use AsyncAws\Core\Request;
    9. 

  9. use AsyncAws\Core\RequestContext;
    10. 

  10. use AsyncAws\Core\Signer\SignerV4;
    11. 

  11. use AsyncAws\Core\Signer\SigningContext;
    12. 

  12. use AsyncAws\Core\Stream\FixedSizeStream;
    13. 

  13. use AsyncAws\Core\Stream\IterableStream;
    14. 

  14. use AsyncAws\Core\Stream\ReadOnceResultStream;
    15. 

  15. use AsyncAws\Core\Stream\RequestStream;
    16. 

  16. use AsyncAws\Core\Stream\RewindableStream;
    17. 

  17. 

  18. /**
    19. 

  19.  * Version4 of signer dedicated for service S3.
    20. 

  20.  *
    21. 

  21.  * @author Jérémy Derussé <jeremy@derusse.com>
    22. 

  22.  */
    23. 

  23. class Signer extends SignerV4
    24. 

  24. {
    25. 

  25.     private const ALGORITHM_CHUNK = 'AWS4-HMAC-SHA256-PAYLOAD';
    26. 

  26.     private const CHUNK_SIZE = 64 * 1024;
    27. 

  27. 

  28.     private const MD5_OPERATIONS = [
    29. 

  29.         'DeleteObjects' => true,
    30. 

  30.         'PutBucketCors' => true,
    31. 

  31.         'PutBucketLifecycle' => true,
    32. 

  32.         'PutBucketLifecycleConfiguration' => true,
    33. 

  33.         'PutBucketPolicy' => true,
    34. 

  34.         'PutBucketTagging' => true,
    35. 

  35.         'PutBucketReplication' => true,
    36. 

  36.         'PutObjectLegalHold' => true,
    37. 

  37.         'PutObjectRetention' => true,
    38. 

  38.         'PutObjectLockConfiguration' => true,
    39. 

  39.     ];
    40. 

  40. 

  41.     private $sendChunkedBody;
    42. 

  42. 

  43.     /**
    44. 

  44.      * @param array{
    45. 

  45.      *   sendChunkedBody?: bool,
    46. 

  46.      * } $s3SignerOptions
    47. 

  47.      */
    48. 

  48.     public function __construct(string $scopeName, string $region, array $s3SignerOptions = [])
    49. 

  49.     {
    50. 

  50.         parent::__construct($scopeName, $region);
    51. 

  51. 

  52.         $this->sendChunkedBody = $s3SignerOptions[Configuration::OPTION_SEND_CHUNKED_BODY] ?? false;
    53. 

  53.         unset($s3SignerOptions[Configuration::OPTION_SEND_CHUNKED_BODY]);
    54. 

  54. 

  55.         if (!empty($s3SignerOptions)) {
    56. 

  56.             throw new InvalidArgument(sprintf('Invalid option(s) "%s" passed to "%s::%s". ', implode('", "', array_keys($s3SignerOptions)), __CLASS__, __METHOD__));
    57. 

  57.         }
    58. 

  58.     }
    59. 

  59. 

  60.     public function sign(Request $request, Credentials $credentials, RequestContext $context): void
    61. 

  61.     {
    62. 

  62.         if ((null === ($operation = $context->getOperation()) || isset(self::MD5_OPERATIONS[$operation])) && !$request->hasHeader('content-md5')) {
    63. 

  63.             $request->setHeader('content-md5', base64_encode($request->getBody()->hash('md5', true)));
    64. 

  64.         }
    65. 

  65. 

  66.         if (!$request->hasHeader('x-amz-content-sha256')) {
    67. 

  67.             $request->setHeader('x-amz-content-sha256', $request->getBody()->hash());
    68. 

  68.         }
    69. 

  69. 

  70.         parent::sign($request, $credentials, $context);
    71. 

  71.     }
    72. 

  72. 

  73.     protected function buildBodyDigest(Request $request, bool $isPresign): string
    74. 

  74.     {
    75. 

  75.         if ($isPresign) {
    76. 

  76.             $request->setHeader('x-amz-content-sha256', 'UNSIGNED-PAYLOAD');
    77. 

  77. 

  78.             return 'UNSIGNED-PAYLOAD';
    79. 

  79.         }
    80. 

  80. 

  81.         return parent::buildBodyDigest($request, $isPresign);
    82. 

  82.     }
    83. 

  83. 

  84.     /**
    85. 

  85.      * Amazon S3 does not double-encode the path component in the canonical request.
    86. 

  86.      */
    87. 

  87.     protected function buildCanonicalPath(Request $request): string
    88. 

  88.     {
    89. 

  89.         return '/' . ltrim($request->getUri(), '/');
    90. 

  90.     }
    91. 

  91. 

  92.     protected function convertBodyToStream(SigningContext $context): void
    93. 

  93.     {
    94. 

  94.         $request = $context->getRequest();
    95. 

  95.         $body = $request->getBody();
    96. 

  96.         if ($request->hasHeader('content-length')) {
    97. 

  97.             $contentLength = (int) $request->getHeader('content-length');
    98. 

  98.         } else {
    99. 

  99.             $contentLength = $body->length();
    100. 

  100.         }
    101. 

  101. 

  102.         // If content length is unknown, use the rewindable stream to read it once locally in order to get the length
    103. 

  103.         if (null === $contentLength) {
    104. 

  104.             $request->setBody($body = RewindableStream::create($body));
    105. 

  105.             $body->read();
    106. 

  106.             $contentLength = $body->length();
    107. 

  107.         }
    108. 

  108. 

  109.         // no need to stream small body. It's simple to convert it to string directly
    110. 

  110.         if ($contentLength < self::CHUNK_SIZE || !$this->sendChunkedBody) {
    111. 

  111.             if ($body instanceof ReadOnceResultStream) {
    112. 

  112.                 $request->setBody(RewindableStream::create($body));
    113. 

  113.             }
    114. 

  114. 

  115.             return;
    116. 

  116.         }
    117. 

  117. 

  118.         // Add content-encoding for chunked stream if available
    119. 

  119.         $customEncoding = $request->getHeader('content-encoding');
    120. 

  120. 

  121.         // Convert the body into a chunked stream
    122. 

  122.         $request->setHeader('content-encoding', $customEncoding ? "aws-chunked, $customEncoding" : 'aws-chunked');
    123. 

  123.         $request->setHeader('x-amz-decoded-content-length', (string) $contentLength);
    124. 

  124.         $request->setHeader('x-amz-content-sha256', 'STREAMING-' . self::ALGORITHM_CHUNK);
    125. 

  125. 

  126.         // Compute size of content + metadata used sign each Chunk
    127. 

  127.         $chunkCount = (int) ceil($contentLength / self::CHUNK_SIZE);
    128. 

  128.         $fullChunkCount = $chunkCount * self::CHUNK_SIZE === $contentLength ? $chunkCount : ($chunkCount - 1);
    129. 

  129.         $metaLength = \strlen(";chunk-signature=\r\n\r\n") + 64;
    130. 

  130.         $request->setHeader('content-length', (string) ($contentLength + $fullChunkCount * ($metaLength + \strlen(dechex(self::CHUNK_SIZE))) + ($chunkCount - $fullChunkCount) * ($metaLength + \strlen(dechex($contentLength % self::CHUNK_SIZE))) + $metaLength + 1));
    131. 

  131.         $body = RewindableStream::create(IterableStream::create((function (RequestStream $body) use ($context): iterable {
    132. 

  132.             $now = $context->getNow();
    133. 

  133.             $credentialString = $context->getCredentialString();
    134. 

  134.             $signingKey = $context->getSigningKey();
    135. 

  135.             $signature = $context->getSignature();
    136. 

  136.             foreach (FixedSizeStream::create($body, self::CHUNK_SIZE) as $chunk) {
    137. 

  137.                 $stringToSign = $this->buildChunkStringToSign($now, $credentialString, $signature, $chunk);
    138. 

  138.                 $context->setSignature($signature = $this->buildSignature($stringToSign, $signingKey));
    139. 

  139.                 yield sprintf("%s;chunk-signature=%s\r\n", dechex(\strlen($chunk)), $signature) . "$chunk\r\n";
    140. 

  140.             }
    141. 

  141. 

  142.             $stringToSign = $this->buildChunkStringToSign($now, $credentialString, $signature, '');
    143. 

  143.             $context->setSignature($signature = $this->buildSignature($stringToSign, $signingKey));
    144. 

  144. 

  145.             yield sprintf("%s;chunk-signature=%s\r\n\r\n", dechex(0), $signature);
    146. 

  146.         })($body)));
    147. 

  147. 

  148.         $request->setBody($body);
    149. 

  149.     }
    150. 

  150. 

  151.     private function buildChunkStringToSign(\DateTimeImmutable $now, string $credentialString, string $signature, string $chunk): string
    152. 

  152.     {
    153. 

  153.         static $emptyHash;
    154. 

  154.         $emptyHash = $emptyHash ?? hash('sha256', '');
    155. 

  155. 

  156.         return implode("\n", [
    157. 

  157.             self::ALGORITHM_CHUNK,
    158. 

  158.             $now->format('Ymd\THis\Z'),
    159. 

  159.             $credentialString,
    160. 

  160.             $signature,
    161. 

  161.             $emptyHash,
    162. 

  162.             hash('sha256', $chunk),
    163. 

  163.         ]);
    164. 

  164.     }
    165. 

  165. 

  166.     private function buildSignature(string $stringToSign, string $signingKey): string
    167. 

  167.     {
    168. 

  168.         return hash_hmac('sha256', $stringToSign, $signingKey);
    169. 

  169.     }
    170. 

  170. }
    171.