public function signRequest(RequestInterface $request, CredentialsInterface $credentials) { $params = Psr7\parse_query($request->getBody()); $params['Timestamp'] = gmdate('c'); $params['SignatureVersion'] = '2'; $params['SignatureMethod'] = 'HmacSHA256'; $params['AWSAccessKeyId'] = $credentials->getAccessKeyId(); if ($token = $credentials->getSecurityToken()) { $params['SecurityToken'] = $token; } // build string to sign $sign = $request->getMethod() . "\n" . $request->getHeaderLine('Host') . "\n" . '/' . "\n" . $this->getCanonicalizedParameterString($params); $params['Signature'] = base64_encode(hash_hmac('sha256', $sign, $credentials->getSecretKey(), true)); return $request->withBody(Psr7\stream_for(http_build_query($params))); }
public function signRequest(RequestInterface $request, CredentialsInterface $credentials) { $params = Psr7\parse_query($request->getBody()->__toString()); $params['SignatureVersion'] = '2'; $params['SignatureMethod'] = 'HmacSHA256'; $params['AWSAccessKeyId'] = $credentials->getAccessKeyId(); if ($credentials->getSecurityToken()) { $params['MWSAuthToken'] = $credentials->getSecurityToken(); } $params['Timestamp'] = gmdate(self::ISO8601_BASIC); ksort($params); $canonicalizedQueryString = $this->getCanonicalizedQuery($params); $stringToSign = implode("\n", [$request->getMethod(), $request->getUri()->getHost(), $request->getUri()->getPath(), $canonicalizedQueryString]); // calculate HMAC with SHA256 and base64-encoding $signature = base64_encode(hash_hmac('sha256', $stringToSign, $credentials->getSecretKey(), TRUE)); // encode the signature for the request $signature = str_replace('%7E', '~', rawurlencode($signature)); $signature = str_replace('+', '%20', $signature); $signature = str_replace('*', '%2A', $signature); $queryString = $canonicalizedQueryString . "&Signature=" . $signature; if ($request->getMethod() === 'POST') { return new Request('POST', $request->getUri(), ['Content-Length' => strlen($queryString), 'Content-Type' => 'application/x-www-form-urlencoded'], $queryString); } else { return new Request('GET', $request->getUri()->withQuery($queryString)); } }
public function createPresignedUrl(RequestInterface $request, CredentialsInterface $credentials, $expires) { // Operate on a clone of the request, so the original is not altered. $request = clone $request; // URL encoding already occurs in the URI template expansion. Undo that // and encode using the same encoding as GET object, PUT object, etc. $path = S3Client::encodeKey(rawurldecode($request->getPath())); $request->setPath($path); // Make sure to handle temporary credentials if ($token = $credentials->getSecurityToken()) { $request->setHeader('X-Amz-Security-Token', $token); $request->getQuery()->set('X-Amz-Security-Token', $token); } if ($expires instanceof \DateTime) { $expires = $expires->getTimestamp(); } elseif (!is_numeric($expires)) { $expires = strtotime($expires); } // Set query params required for pre-signed URLs $query = $request->getQuery(); $query['AWSAccessKeyId'] = $credentials->getAccessKeyId(); $query['Expires'] = $expires; $query['Signature'] = $this->signString($this->createCanonicalizedString($request, $expires), $credentials); // Move X-Amz-* headers to the query string foreach ($request->getHeaders() as $name => $header) { $name = strtolower($name); if (strpos($name, 'x-amz-') === 0) { $request->getQuery()->set($name, implode(',', $header)); $request->removeHeader($name); } } return $request->getUrl(); }
public function signRequest(RequestInterface $request, CredentialsInterface $credentials) { /** @var PostBodyInterface $body */ $body = $request->getBody(); $body->setField('Timestamp', gmdate('c')); $body->setField('SignatureVersion', '2'); $body->setField('SignatureMethod', 'HmacSHA256'); $body->setField('AWSAccessKeyId', $credentials->getAccessKeyId()); if ($token = $credentials->getSecurityToken()) { $body->setField('SecurityToken', $token); } // build string to sign $sign = $request->getMethod() . "\n" . $request->getHost() . "\n" . '/' . "\n" . $this->getCanonicalizedParameterString($body); $request->getConfig()->set('aws.signature', $sign); $body->setField('Signature', base64_encode(hash_hmac('sha256', $sign, $credentials->getSecretKey(), true))); }
public function signRequest(RequestInterface $request, CredentialsInterface $credentials) { $ldt = gmdate(self::ISO8601_BASIC); $sdt = substr($ldt, 0, 8); $parsed = $this->parseRequest($request); $parsed['headers']['X-Amz-Date'] = [$ldt]; if ($token = $credentials->getSecurityToken()) { $parsed['headers']['X-Amz-Security-Token'] = [$token]; } $cs = $this->createScope($sdt, $this->region, $this->service); $payload = $this->getPayload($request); $context = $this->createContext($parsed, $payload); $toSign = $this->createStringToSign($ldt, $cs, $context['creq']); $signingKey = $this->getSigningKey($sdt, $this->region, $this->service, $credentials->getSecretKey()); $signature = hash_hmac('sha256', $toSign, $signingKey); $parsed['headers']['Authorization'] = ["AWS4-HMAC-SHA256 " . "Credential={$credentials->getAccessKeyId()}/{$cs}, " . "SignedHeaders={$context['headers']}, Signature={$signature}"]; return $this->buildRequest($parsed); }
protected function getPolicyAndSignature(CredentialsInterface $creds) { $jsonPolicy64 = base64_encode($this->jsonPolicy); return ['AWSAccessKeyId' => $creds->getAccessKeyId(), 'policy' => $jsonPolicy64, 'signature' => base64_encode(hash_hmac('sha1', $jsonPolicy64, $creds->getSecretKey(), true))]; }
protected function getPolicyAndSignature(CredentialsInterface $credentials, array $policy) { $ldt = gmdate(SignatureV4::ISO8601_BASIC); $sdt = substr($ldt, 0, 8); $policy['conditions'][] = ['X-Amz-Date' => $ldt]; $region = $this->client->getRegion(); $scope = $this->createScope($sdt, $region, 's3'); $creds = "{$credentials->getAccessKeyId()}/{$scope}"; $policy['conditions'][] = ['X-Amz-Credential' => $creds]; $policy['conditions'][] = ['X-Amz-Algorithm' => "AWS4-HMAC-SHA256"]; $jsonPolicy64 = base64_encode(json_encode($policy)); $key = $this->getSigningKey($sdt, $region, 's3', $credentials->getSecretKey()); return ['X-Amz-Credential' => $creds, 'X-Amz-Algorithm' => "AWS4-HMAC-SHA256", 'X-Amz-Date' => $ldt, 'Policy' => $jsonPolicy64, 'X-Amz-Signature' => bin2hex(hash_hmac('sha256', $jsonPolicy64, $key, true))]; }
private function addQueryValues($scope, RequestInterface $request, CredentialsInterface $credentials, $expires) { $credential = $credentials->getAccessKeyId() . '/' . $scope; // Set query params required for pre-signed URLs $query = $request->getQuery(); $query['X-Amz-Algorithm'] = 'AWS4-HMAC-SHA256'; $query['X-Amz-Credential'] = $credential; $query['X-Amz-Date'] = gmdate('Ymd\\THis\\Z', time()); $query['X-Amz-SignedHeaders'] = 'Host'; $query['X-Amz-Expires'] = $this->convertExpires($expires); }