View source
<?php
use Aws\Common\Client\AbstractClient as S3ClientInterface;
use Aws\Common\Credentials\CredentialsInterface;
use Guzzle\Http\Url;
class S3fsCorsPostObjectV4 {
use S3fsCorsSignatureTrait;
private $client;
private $bucket;
private $formAttributes;
private $formInputs;
public function __construct(S3ClientInterface $client, $bucket, array $formInputs, array $options = [], $expiration = '+1 hours') {
$this->client = $client;
$this->bucket = $bucket;
$this->formAttributes = [
'action' => $this
->generateUri(),
'method' => 'POST',
'enctype' => 'multipart/form-data',
];
$credentials = $this->client
->getCredentials();
if ($securityToken = $credentials
->getSecurityToken()) {
$options[] = [
'x-amz-security-token' => $securityToken,
];
$formInputs['X-Amz-Security-Token'] = $securityToken;
}
$policy = [
'expiration' => gmdate('Y-m-d\\TH:i:s\\Z', strtotime($expiration)),
'conditions' => $options,
];
$this->formInputs = $formInputs + [
'key' => '${filename}',
];
$this->formInputs += $this
->getPolicyAndSignature($credentials, $policy);
}
public function getClient() {
return $this->client;
}
public function getBucket() {
return $this->bucket;
}
public function getFormAttributes() {
return $this->formAttributes;
}
public function setFormAttribute($attribute, $value) {
$this->formAttributes[$attribute] = $value;
}
public function getFormInputs() {
return $this->formInputs;
}
public function setFormInput($field, $value) {
$this->formInputs[$field] = $value;
}
private function generateUri() {
$url = Url::factory($this->client
->getBaseUrl());
if ($url
->getScheme() === 'https' && strpos($this->bucket, '.') !== false) {
$url
->setPath($this->bucket);
}
else {
$url
->setHost($this->bucket . '.' . $url
->getHost());
}
return (string) $url;
}
protected function getPolicyAndSignature(CredentialsInterface $credentials, array $policy) {
$ldt = gmdate('Ymd\\THis\\Z');
$sdt = substr($ldt, 0, 8);
$policy['conditions'][] = [
'X-Amz-Date' => $ldt,
];
$region = $this->client
->getRegion();
$scope = $this
->createScope($sdt, $region, 's3');
$creds = "{$credentials->getAccessKeyId()}/{$scope}";
$policy['conditions'][] = [
'X-Amz-Credential' => $creds,
];
$policy['conditions'][] = [
'X-Amz-Algorithm' => "AWS4-HMAC-SHA256",
];
$jsonPolicy64 = base64_encode(json_encode($policy));
$key = $this
->getSigningKey($sdt, $region, 's3', $credentials
->getSecretKey());
return [
'X-Amz-Credential' => $creds,
'X-Amz-Algorithm' => "AWS4-HMAC-SHA256",
'X-Amz-Date' => $ldt,
'Policy' => $jsonPolicy64,
'X-Amz-Signature' => bin2hex(hash_hmac('sha256', $jsonPolicy64, $key, true)),
];
}
}
trait S3fsCorsSignatureTrait {
private $cache = [];
private $cacheSize = 0;
private function createScope($shortDate, $region, $service) {
return "{$shortDate}/{$region}/{$service}/aws4_request";
}
private function getSigningKey($shortDate, $region, $service, $secretKey) {
$k = $shortDate . '_' . $region . '_' . $service . '_' . $secretKey;
if (!isset($this->cache[$k])) {
if (++$this->cacheSize > 50) {
$this->cache = [];
$this->cacheSize = 0;
}
$dateKey = hash_hmac('sha256', $shortDate, "AWS4{$secretKey}", true);
$regionKey = hash_hmac('sha256', $region, $dateKey, true);
$serviceKey = hash_hmac('sha256', $service, $regionKey, true);
$this->cache[$k] = hash_hmac('sha256', 'aws4_request', $serviceKey, true);
}
return $this->cache[$k];
}
}