public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
$params = Psr7\parse_query($request->getBody());
$params['Timestamp'] = gmdate('c');
$params['SignatureVersion'] = '2';
$params['SignatureMethod'] = 'HmacSHA256';
$params['AWSAccessKeyId'] = $credentials->getAccessKeyId();
if ($token = $credentials->getSecurityToken()) {
$params['SecurityToken'] = $token;
}
// build string to sign
$sign = $request->getMethod() . "\n" . $request->getHeaderLine('Host') . "\n" . '/' . "\n" . $this->getCanonicalizedParameterString($params);
$params['Signature'] = base64_encode(hash_hmac('sha256', $sign, $credentials->getSecretKey(), true));
return $request->withBody(Psr7\stream_for(http_build_query($params)));
}
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
$params = Psr7\parse_query($request->getBody()->__toString());
$params['SignatureVersion'] = '2';
$params['SignatureMethod'] = 'HmacSHA256';
$params['AWSAccessKeyId'] = $credentials->getAccessKeyId();
if ($credentials->getSecurityToken()) {
$params['MWSAuthToken'] = $credentials->getSecurityToken();
}
$params['Timestamp'] = gmdate(self::ISO8601_BASIC);
ksort($params);
$canonicalizedQueryString = $this->getCanonicalizedQuery($params);
$stringToSign = implode("\n", [$request->getMethod(), $request->getUri()->getHost(), $request->getUri()->getPath(), $canonicalizedQueryString]);
// calculate HMAC with SHA256 and base64-encoding
$signature = base64_encode(hash_hmac('sha256', $stringToSign, $credentials->getSecretKey(), TRUE));
// encode the signature for the request
$signature = str_replace('%7E', '~', rawurlencode($signature));
$signature = str_replace('+', '%20', $signature);
$signature = str_replace('*', '%2A', $signature);
$queryString = $canonicalizedQueryString . "&Signature=" . $signature;
if ($request->getMethod() === 'POST') {
return new Request('POST', $request->getUri(), ['Content-Length' => strlen($queryString), 'Content-Type' => 'application/x-www-form-urlencoded'], $queryString);
} else {
return new Request('GET', $request->getUri()->withQuery($queryString));
}
}
public function createPresignedUrl(RequestInterface $request, CredentialsInterface $credentials, $expires)
{
// Operate on a clone of the request, so the original is not altered.
$request = clone $request;
// URL encoding already occurs in the URI template expansion. Undo that
// and encode using the same encoding as GET object, PUT object, etc.
$path = S3Client::encodeKey(rawurldecode($request->getPath()));
$request->setPath($path);
// Make sure to handle temporary credentials
if ($token = $credentials->getSecurityToken()) {
$request->setHeader('X-Amz-Security-Token', $token);
$request->getQuery()->set('X-Amz-Security-Token', $token);
}
if ($expires instanceof \DateTime) {
$expires = $expires->getTimestamp();
} elseif (!is_numeric($expires)) {
$expires = strtotime($expires);
}
// Set query params required for pre-signed URLs
$query = $request->getQuery();
$query['AWSAccessKeyId'] = $credentials->getAccessKeyId();
$query['Expires'] = $expires;
$query['Signature'] = $this->signString($this->createCanonicalizedString($request, $expires), $credentials);
// Move X-Amz-* headers to the query string
foreach ($request->getHeaders() as $name => $header) {
$name = strtolower($name);
if (strpos($name, 'x-amz-') === 0) {
$request->getQuery()->set($name, implode(',', $header));
$request->removeHeader($name);
}
}
return $request->getUrl();
}
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
/** @var PostBodyInterface $body */
$body = $request->getBody();
$body->setField('Timestamp', gmdate('c'));
$body->setField('SignatureVersion', '2');
$body->setField('SignatureMethod', 'HmacSHA256');
$body->setField('AWSAccessKeyId', $credentials->getAccessKeyId());
if ($token = $credentials->getSecurityToken()) {
$body->setField('SecurityToken', $token);
}
// build string to sign
$sign = $request->getMethod() . "\n" . $request->getHost() . "\n" . '/' . "\n" . $this->getCanonicalizedParameterString($body);
$request->getConfig()->set('aws.signature', $sign);
$body->setField('Signature', base64_encode(hash_hmac('sha256', $sign, $credentials->getSecretKey(), true)));
}
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
$ldt = gmdate(self::ISO8601_BASIC);
$sdt = substr($ldt, 0, 8);
$parsed = $this->parseRequest($request);
$parsed['headers']['X-Amz-Date'] = [$ldt];
if ($token = $credentials->getSecurityToken()) {
$parsed['headers']['X-Amz-Security-Token'] = [$token];
}
$cs = $this->createScope($sdt, $this->region, $this->service);
$payload = $this->getPayload($request);
$context = $this->createContext($parsed, $payload);
$toSign = $this->createStringToSign($ldt, $cs, $context['creq']);
$signingKey = $this->getSigningKey($sdt, $this->region, $this->service, $credentials->getSecretKey());
$signature = hash_hmac('sha256', $toSign, $signingKey);
$parsed['headers']['Authorization'] = ["AWS4-HMAC-SHA256 " . "Credential={$credentials->getAccessKeyId()}/{$cs}, " . "SignedHeaders={$context['headers']}, Signature={$signature}"];
return $this->buildRequest($parsed);
}
protected function getPolicyAndSignature(CredentialsInterface $creds)
{
$jsonPolicy64 = base64_encode($this->jsonPolicy);
return ['AWSAccessKeyId' => $creds->getAccessKeyId(), 'policy' => $jsonPolicy64, 'signature' => base64_encode(hash_hmac('sha1', $jsonPolicy64, $creds->getSecretKey(), true))];
}
protected function getPolicyAndSignature(CredentialsInterface $credentials, array $policy)
{
$ldt = gmdate(SignatureV4::ISO8601_BASIC);
$sdt = substr($ldt, 0, 8);
$policy['conditions'][] = ['X-Amz-Date' => $ldt];
$region = $this->client->getRegion();
$scope = $this->createScope($sdt, $region, 's3');
$creds = "{$credentials->getAccessKeyId()}/{$scope}";
$policy['conditions'][] = ['X-Amz-Credential' => $creds];
$policy['conditions'][] = ['X-Amz-Algorithm' => "AWS4-HMAC-SHA256"];
$jsonPolicy64 = base64_encode(json_encode($policy));
$key = $this->getSigningKey($sdt, $region, 's3', $credentials->getSecretKey());
return ['X-Amz-Credential' => $creds, 'X-Amz-Algorithm' => "AWS4-HMAC-SHA256", 'X-Amz-Date' => $ldt, 'Policy' => $jsonPolicy64, 'X-Amz-Signature' => bin2hex(hash_hmac('sha256', $jsonPolicy64, $key, true))];
}
private function addQueryValues($scope, RequestInterface $request, CredentialsInterface $credentials, $expires)
{
$credential = $credentials->getAccessKeyId() . '/' . $scope;
// Set query params required for pre-signed URLs
$query = $request->getQuery();
$query['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256';
$query['X-Amz-Credential'] = $credential;
$query['X-Amz-Date'] = gmdate('Ymd\\THis\\Z', time());
$query['X-Amz-SignedHeaders'] = 'Host';
$query['X-Amz-Expires'] = $this->convertExpires($expires);
}