/**
* @param string $key AWS IAM User Key
* @param string $secret AWS IAM User Secret
* @param string $region AWS Region
* @param array $multiParams Parameters to pass to CURL
* @param array $singleParams Parmaters to pass to CURL
*
* @return ClientBuilder
*/
public function setAwsHandler($key, $secret, $region = 'us-east-1', $multiParams = [], $singleParams = [])
{
$future = null;
if (extension_loaded('curl')) {
$config = array_merge(['mh' => curl_multi_init()], $multiParams);
if (function_exists('curl_reset')) {
$default = new CurlHandler($singleParams);
$future = new CurlMultiHandler($config);
} else {
$default = new CurlMultiHandler($config);
}
} else {
throw new \RuntimeException('Elasticsearch-PHP requires cURL, or a custom HTTP handler.');
}
$curlHandler = $future ? Middleware::wrapFuture($default, $future) : $default;
$awsSignedHandler = function (array $request) use($curlHandler, $region, $key, $secret) {
$signer = new SignatureV4('es', $region);
$credentials = new Credentials($key, $secret);
$psr7Request = new Request($request['http_method'], $request['uri'], $request['headers'], $request['body']);
$signedRequest = $signer->signRequest($psr7Request, $credentials);
$request['headers'] = $signedRequest->getHeaders();
return $curlHandler($request);
};
$this->setHandler($awsSignedHandler);
return $this;
}
private function getSigningMiddleware()
{
$region = $this->getConnection()->hasParam('aws_region') ? $this->getConnection()->getParam('aws_region') : getenv('AWS_REGION');
$signer = new SignatureV4('es', $region);
$credProvider = $this->getCredentialProvider();
return Middleware::mapRequest(function (RequestInterface $req) use($signer, $credProvider) {
return $signer->signRequest($req, $credProvider()->wait());
});
}
private function createPresignedUrl(AwsClientInterface $client, CommandInterface $cmd)
{
$newCmd = $client->getCommand('CopySnapshot', $cmd->toArray());
$newCmd->getEmitter()->detach($this);
// Serialize a request for the CopySnapshot operation.
$request = $client->initTransaction($newCmd)->request;
// Create the new endpoint for the target endpoint.
$endpoint = EndpointProvider::resolve($this->endpointProvider, ['region' => $cmd['SourceRegion'], 'service' => 'ec2'])['endpoint'];
// Set the request to hit the target endpoint.
$request->setHost(Url::fromString($endpoint)->getHost());
// Create a presigned URL for our generated request.
$signer = new SignatureV4('ec2', $cmd['SourceRegion']);
return $signer->createPresignedUrl(SignatureV4::convertPostToGet($request), $client->getCredentials(), '+1 hour');
}
/**
* Create a pre-signed URL for Polly operation `SynthesizeSpeech`
*
* @param array $args parameters array for `SynthesizeSpeech`
* More information @see Aws\Polly\PollyClient::SynthesizeSpeech
*
* @return string
*/
public function createSynthesizeSpeechPreSignedUrl(array $args)
{
$uri = new Uri($this->getEndpoint());
$uri = $uri->withPath('/v1/speech');
// Formatting parameters follows rest-json protocol
$this->formatter = $this->formatter ?: new JsonBody($this->getApi());
$queryArray = json_decode($this->formatter->build($this->getApi()->getOperation('SynthesizeSpeech')->getInput(), $args), true);
// Mocking a 'GET' request in pre-signing the Url
$query = Psr7\build_query($queryArray);
$uri = $uri->withQuery($query);
$request = new Request('GET', $uri);
$request = $request->withBody(Psr7\stream_for(''));
$signer = new SignatureV4('polly', $this->getRegion());
return (string) $signer->presign($request, $this->getCredentials()->wait(), '+15 minutes')->getUri();
}
/**
* Always add a x-amz-content-sha-256 for data integrity.
*/
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
if (!$request->hasHeader('x-amz-content-sha256')) {
$request->setHeader('X-Amz-Content-Sha256', $this->getPayload($request));
}
parent::signRequest($request, $credentials);
}
/**
* Always add a x-amz-content-sha-256 for data integrity.
*/
public function presign(RequestInterface $request, CredentialsInterface $credentials, $expires)
{
if (!$request->hasHeader('x-amz-content-sha256')) {
$request = $request->withHeader('X-Amz-Content-Sha256', $this->getPresignedPayload($request));
}
return parent::presign($request, $credentials, $expires);
}
private function createPresignedUrl(AwsClientInterface $client, CommandInterface $cmd)
{
$newCmd = $client->getCommand('CopySnapshot', $cmd->toArray());
// Avoid infinite recursion by flagging the new command.
$newCmd->__skipCopySnapshot = true;
// Serialize a request for the CopySnapshot operation.
$request = \Aws\serialize($newCmd);
// Create the new endpoint for the target endpoint.
$endpoint = EndpointProvider::resolve($this->endpointProvider, ['region' => $cmd['SourceRegion'], 'service' => 'ec2'])['endpoint'];
// Set the request to hit the target endpoint.
$uri = $request->getUri()->withHost((new Uri($endpoint))->getHost());
$request = $request->withUri($uri);
// Create a presigned URL for our generated request.
$signer = new SignatureV4('ec2', $cmd['SourceRegion']);
return (string) $signer->presign(SignatureV4::convertPostToGet($request), $client->getCredentials()->wait(), '+1 hour')->getUri();
}
/**
* Always add a x-amz-content-sha-256 for data integrity.
*/
public function presign(RequestInterface $request, CredentialsInterface $credentials, $expires)
{
/*
* Don't send this imcompatible header
*/
//if (!$request->hasHeader('x-amz-content-sha256')) {
// $request = $request->withHeader(
// 'X-Amz-Content-Sha256',
// $this->getPresignedPayload($request)
// );
//}
return parent::presign($request, $credentials, $expires);
}
private function invokeSignedRequest($httpMethod, $endpointURL, $reqPath, $headers = array(), $params = array(), $jsonEntity = null)
{
if (empty($this->accessKey)) {
trigger_error("Blank access key: " . $httpMethod . " " . $reqPath, E_USER_WARNING);
return null;
}
$doSign = $this->tokenKey == null;
if (empty($this->secretKey) && empty($this->tokenKey)) {
if ($headers == null) {
$headers = array();
}
$headers["Authorization"] = "Anonymous " . $this->accessKey;
$doSign = false;
}
$headers = $headers == null ? array() : $headers;
$query = array();
if ($params != null) {
foreach ($params as $key => $value) {
if (is_array($value) && !empty($value)) {
// no spec on this case, so choose first param in array
$query[$key] = $value[0];
} else {
$query[$key] = $value;
}
}
}
if ($this->tokenKey != null) {
// make sure you don't create an infinite loop!
if (!($httpMethod == "GET" && $reqPath == self::JWT_PATH)) {
$this->refreshToken();
}
$headers["Authorization"] = "Bearer " . $this->tokenKey;
}
// only sign some of the query parameters
$queryString = empty($query) ? "" : "?" . \GuzzleHttp\Psr7\build_query($query);
$req = new Request($httpMethod, $endpointURL . $reqPath . $queryString, $headers, $jsonEntity);
if ($doSign) {
$sig = new SignatureV4("para", "us-east-1");
$req = $sig->signRequest($req, new Credentials($this->accessKey, $this->secretKey));
}
// send all query parameters to the server
$queryString = $params == null ? "" : \GuzzleHttp\Psr7\build_query($params);
try {
return $this->apiClient->send($req, array(RequestOptions::QUERY => $queryString));
} catch (\Exception $ex) {
error_log($ex->getMessage(), 0);
}
return null;
}
/**
* Get events by event name
*
* @param null $event_name
* @return array
* @throws Exception
*/
public function getEvents($event_name = null)
{
if (empty($event_name)) {
throw new BusAPIException('Event name not specified.');
}
$signer = new SignatureV4('execute-api', 'us-west-2');
$client = new GuzzleClient(['base_uri' => "https://{$this->host}", 'timeout' => 30, 'curl' => [CURLOPT_SSL_VERIFYPEER => false]]);
$request = new Request('GET', $this->endpoint, ['Host' => $this->host]);
if ($this->private_key && $this->public_key) {
$credentials = new Credentials($this->public_key, $this->private_key);
} else {
$credentials = call_user_func(CredentialProvider::defaultProvider())->wait();
}
$request = $signer->signRequest($request, $credentials);
$response = $client->send($request);
return ['response' => $response, 'results' => json_decode($response->getBody())];
}
<?php
// collect_eggs.php
include __DIR__ . '/vendor/autoload.php';
use GuzzleHttp\Client;
use GuzzleHttp\Psr7\Request;
use Aws\Credentials\Credentials;
use Aws\Signature\SignatureV4;
$apikey = '';
$accesskeyid = '';
$secretaccesskey = '';
$baseuri = '';
$client = new Client(['base_uri' => $baseuri]);
$headers = ['X-Api-Key' => $apikey];
$request = new Request('GET', '/', $headers);
$awscredentials = new Credentials($accesskeyid, $secretaccesskey);
$awssignature = new SignatureV4('apigateway', 'us-east-1');
$request = $awssignature->signRequest($request, $awscredentials);
$response = $client->send($request, ['debug' => true]);
echo $response->getBody();
echo "\n\n";
/**
* Sign request using AWS Signature Version 4
*
* @param Request $request
* @return Request
*/
private function signRequest(Request $request)
{
return $this->signature->signRequest($request, $this->credentials);
}
