function generate_fedid($client, $username)
{
$options = read_client_config($client);
$sts = new AmazonSTS($options);
$federation_options = array('Policy' => '{
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}');
$sts_result = $sts->get_federation_token($username, $federation_options);
if (!$sts_result->isOK()) {
echo "Failed to get federation token from Amazon: " . $sts_result->body->Error->Message[0] . "</br>";
exit(2);
}
return array('sessionId' => $sts_result->body->GetFederationTokenResult->Credentials->AccessKeyId, 'sessionKey' => $sts_result->body->GetFederationTokenResult->Credentials->SecretAccessKey, 'sessionToken' => $sts_result->body->GetFederationTokenResult->Credentials->SessionToken);
}
/**
* Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be
* manually invoked.
*
* @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching.
* @param array $options (Required) The options that were passed into the constructor.
* @return mixed The data to be cached, or NULL.
*/
public function cache_sts_credentials($cache, $options)
{
$token = new AmazonSTS($options);
$response = $token->get_session_token();
if ($response->isOK()) {
// Update the expiration
$expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration);
$expiration_duration = round(($expiration_time - time()) * 0.85);
$cache->expire_in($expiration_duration);
// Return the important data
$credentials = $response->body->GetSessionTokenResult->Credentials;
return array('key' => (string) $credentials->AccessKeyId, 'secret' => (string) $credentials->SecretAccessKey, 'token' => (string) $credentials->SessionToken, 'expires' => (string) $credentials->Expiration);
}
// @codeCoverageIgnoreStart
throw new STS_Exception('Temporary credentials from the AWS Security ' . 'Token Service could not be retrieved using the provided long ' . 'term credentials. It\'s possible that the provided long term ' . 'credentials were invalid.');
// @codeCoverageIgnoreEnd
}
/**
* The callback function that is executed while caching the session credentials.
*
* @param string $key (Optional) Your AWS key, or a session key. If blank, it will look for the <code>AWS_KEY</code> constant.
* @param string $secret_key (Optional) Your AWS secret key, or a session secret key. If blank, it will look for the <code>AWS_SECRET_KEY</code> constant.
* @return mixed The data to be cached or null.
*/
public function cache_token($key, $secret_key)
{
$token = new AmazonSTS($key, $secret_key);
$response = $token->get_session_token();
if ($response->isOK()) {
/*
Array
(
[AccessKeyId] => ******
[Expiration] => ******
[SecretAccessKey] => ******
[SessionToken] => ******
)
*/
return $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy();
}
return null;
}
/**
* Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be
* manually invoked.
*
* @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching.
* @param array $options (Required) The options that were passed into the constructor.
* @return mixed The data to be cached, or NULL.
*/
public function cache_sts_credentials($cache, $options)
{
$token = new AmazonSTS($options);
$response = $token->get_session_token();
if ($response->isOK()) {
// Update the expiration
$expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration);
$expiration_duration = round(($expiration_time - time()) * 0.85);
$cache->expire_in($expiration_duration);
// Return the important data
return array('key' => (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId, 'secret' => (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey, 'token' => (string) $response->body->GetSessionTokenResult->Credentials->SessionToken, 'expires' => (string) $response->body->GetSessionTokenResult->Credentials->Expiration);
}
return null;
}
/**
* Constructs a new instance of <AmazonDynamoDB>.
*
* @param array $options (Optional) An associative array of parameters that can have the following keys: <ul>
* <li><code>certificate_authority</code> - <code>boolean</code> - Optional - Determines which Cerificate Authority file to use. A value of boolean <code>false</code> will use the Certificate Authority file available on the system. A value of boolean <code>true</code> will use the Certificate Authority provided by the SDK. Passing a file system path to a Certificate Authority file (chmodded to <code>0755</code>) will use that. Leave this set to <code>false</code> if you're not sure.</li>
* <li><code>credentials</code> - <code>string</code> - Optional - The name of the credential set to use for authentication.</li>
* <li><code>default_cache_config</code> - <code>string</code> - Optional - This option allows a preferred storage type to be configured for long-term caching. This can be changed later using the <set_cache_config()> method. Valid values are: <code>apc</code>, <code>xcache</code>, or a file system path such as <code>./cache</code> or <code>/tmp/cache/</code>.</li>
* <li><code>key</code> - <code>string</code> - Optional - Your AWS key, or a session key. If blank, the default credential set will be used.</li>
* <li><code>secret</code> - <code>string</code> - Optional - Your AWS secret key, or a session secret key. If blank, the default credential set will be used.</li>
* <li><code>token</code> - <code>string</code> - Optional - An AWS session token.</li></ul>
* @return void
*/
public function __construct(array $options = array())
{
$this->api_version = '2011-12-05';
$this->hostname = self::DEFAULT_URL;
$this->auth_class = 'AuthV3JSON';
$this->operation_prefix = 'x-amz-target:DynamoDB_20111205.';
parent::__construct($options);
// Default caching mechanism is required
if (!$this->credentials->default_cache_config) {
// @codeCoverageIgnoreStart
throw new DynamoDB_Exception('The DynamoDB class requires the "default_cache_config" configuration to be set in the config.inc.php file.');
// @codeCoverageIgnoreEnd
}
$token = new AmazonSTS($options);
$token->set_cache_config($this->credentials->default_cache_config);
$response = $token->cache(3600)->get_session_token();
$this->key = (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId;
$this->secret_key = (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey;
$this->auth_token = (string) $response->body->GetSessionTokenResult->Credentials->SessionToken;
}
