protected function addSignatureAws4($method, $path, array $params, array &$headers) { // http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html // task 1: create a canonical request $canonicalQueryArray = array(); if (!empty($params)) { ksort($params); foreach ($params as $paramKey => $paramValue) { $canonicalQueryArray[] = sprintf('%s=%s', urlencode($paramKey), urlencode($paramValue)); } } $canonicalQueryString = implode('&', $canonicalQueryArray); $canonicalHeaders = ''; $signedHeadersArray = array(); $hashedPayload = ''; $timestamp = ''; $headerKeys = array_combine(array_map('strtolower', array_keys($headers)), array_keys($headers)); ksort($headerKeys); foreach ($headerKeys as $headerKeyLower => $headerKey) { $canonicalHeaders .= sprintf("%s:%s\n", $headerKeyLower, $headers[$headerKey]); $signedHeadersArray[] = $headerKeyLower; switch ($headerKey) { case 'x-amz-content-sha256': $hashedPayload = $headers[$headerKey]; break; case 'x-amz-date': $timestamp = $headers[$headerKey]; break; } } $signedHeadersString = implode(';', $signedHeadersArray); $canonicalRequest = sprintf("%s\n%s\n%s\n%s\n%s\n%s", $method, $path, $canonicalQueryString, $canonicalHeaders, $signedHeadersString, $hashedPayload); // task 2: create a string to sign $date = substr($timestamp, 0, strpos($timestamp, 'T')); $scope = sprintf('%s/%s/s3/aws4_request', $date, $this->_region); $stringToSign = sprintf("AWS4-HMAC-SHA256\n%s\n%s\n%s", $timestamp, $scope, Zend_Crypt::hash('sha256', $canonicalRequest)); // task 3: calculate signature $dateKey = Zend_Crypt_Hmac::compute('AWS4' . $this->_getSecretKey(), 'sha256', $date, Zend_Crypt_Hmac::BINARY); $dateRegionKey = Zend_Crypt_Hmac::compute($dateKey, 'sha256', $this->_region, Zend_Crypt_Hmac::BINARY); $dateRegionServiceKey = Zend_Crypt_Hmac::compute($dateRegionKey, 'sha256', 's3', Zend_Crypt_Hmac::BINARY); $signingKey = Zend_Crypt_Hmac::compute($dateRegionServiceKey, 'sha256', 'aws4_request', Zend_Crypt_Hmac::BINARY); $signature = Zend_Crypt_Hmac::compute($signingKey, 'sha256', $stringToSign); $headers['Authorization'] = sprintf('AWS4-HMAC-SHA256 Credential=%s/%s,SignedHeaders=%s,Signature=%s', $this->_getAccessKey(), $scope, $signedHeadersString, $signature); return $signature; }
/** * 取得当前对象所有参数组合的哈希值 * * @return string */ public function hashObject() { $vars = array(get_class($this)); foreach (get_class_methods($this) as $method) { if ('get' == substr($method, 0, 3)) { $vars[substr($method, 3)] = $this->{$method}(); } } return Zend_Crypt::hash('md5', serialize($vars)); }
/** * @return Zend_Form_Element_Hash */ protected function _csrfToken() { $uniqueSalt = Zend_Crypt::hash('MD5', 'csrf' . microtime()); $element = new Zend_Form_Element_Hash('csrf_token'); $element->setAttrib('id', 'csrf_token_' . strtolower(get_class($this))); $element->setSalt($uniqueSalt); $element->setDecorators($this->_inputDecorators); return $element; }
/** * 哈希输入的字符串 * * @param string $value * @return string */ public static function hash($value) { if (null !== $value) { $value = Zend_Crypt::hash('md5', $value); } return $value; }