function generate_fedid($client, $username) { $options = read_client_config($client); $sts = new AmazonSTS($options); $federation_options = array('Policy' => '{ "Statement": [{ "Effect": "Allow", "Action": "*", "Resource": "*" }] }'); $sts_result = $sts->get_federation_token($username, $federation_options); if (!$sts_result->isOK()) { echo "Failed to get federation token from Amazon: " . $sts_result->body->Error->Message[0] . "</br>"; exit(2); } return array('sessionId' => $sts_result->body->GetFederationTokenResult->Credentials->AccessKeyId, 'sessionKey' => $sts_result->body->GetFederationTokenResult->Credentials->SecretAccessKey, 'sessionToken' => $sts_result->body->GetFederationTokenResult->Credentials->SessionToken); }
/** * Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be * manually invoked. * * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching. * @param array $options (Required) The options that were passed into the constructor. * @return mixed The data to be cached, or NULL. */ public function cache_sts_credentials($cache, $options) { $token = new AmazonSTS($options); $response = $token->get_session_token(); if ($response->isOK()) { // Update the expiration $expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration); $expiration_duration = round(($expiration_time - time()) * 0.85); $cache->expire_in($expiration_duration); // Return the important data $credentials = $response->body->GetSessionTokenResult->Credentials; return array('key' => (string) $credentials->AccessKeyId, 'secret' => (string) $credentials->SecretAccessKey, 'token' => (string) $credentials->SessionToken, 'expires' => (string) $credentials->Expiration); } // @codeCoverageIgnoreStart throw new STS_Exception('Temporary credentials from the AWS Security ' . 'Token Service could not be retrieved using the provided long ' . 'term credentials. It\'s possible that the provided long term ' . 'credentials were invalid.'); // @codeCoverageIgnoreEnd }
/** * The callback function that is executed while caching the session credentials. * * @param string $key (Optional) Your AWS key, or a session key. If blank, it will look for the <code>AWS_KEY</code> constant. * @param string $secret_key (Optional) Your AWS secret key, or a session secret key. If blank, it will look for the <code>AWS_SECRET_KEY</code> constant. * @return mixed The data to be cached or null. */ public function cache_token($key, $secret_key) { $token = new AmazonSTS($key, $secret_key); $response = $token->get_session_token(); if ($response->isOK()) { /* Array ( [AccessKeyId] => ****** [Expiration] => ****** [SecretAccessKey] => ****** [SessionToken] => ****** ) */ return $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy(); } return null; }
/** * Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be * manually invoked. * * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching. * @param array $options (Required) The options that were passed into the constructor. * @return mixed The data to be cached, or NULL. */ public function cache_sts_credentials($cache, $options) { $token = new AmazonSTS($options); $response = $token->get_session_token(); if ($response->isOK()) { // Update the expiration $expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration); $expiration_duration = round(($expiration_time - time()) * 0.85); $cache->expire_in($expiration_duration); // Return the important data return array('key' => (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId, 'secret' => (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey, 'token' => (string) $response->body->GetSessionTokenResult->Credentials->SessionToken, 'expires' => (string) $response->body->GetSessionTokenResult->Credentials->Expiration); } return null; }
/** * Constructs a new instance of <AmazonDynamoDB>. * * @param array $options (Optional) An associative array of parameters that can have the following keys: <ul> * <li><code>certificate_authority</code> - <code>boolean</code> - Optional - Determines which Cerificate Authority file to use. A value of boolean <code>false</code> will use the Certificate Authority file available on the system. A value of boolean <code>true</code> will use the Certificate Authority provided by the SDK. Passing a file system path to a Certificate Authority file (chmodded to <code>0755</code>) will use that. Leave this set to <code>false</code> if you're not sure.</li> * <li><code>credentials</code> - <code>string</code> - Optional - The name of the credential set to use for authentication.</li> * <li><code>default_cache_config</code> - <code>string</code> - Optional - This option allows a preferred storage type to be configured for long-term caching. This can be changed later using the <set_cache_config()> method. Valid values are: <code>apc</code>, <code>xcache</code>, or a file system path such as <code>./cache</code> or <code>/tmp/cache/</code>.</li> * <li><code>key</code> - <code>string</code> - Optional - Your AWS key, or a session key. If blank, the default credential set will be used.</li> * <li><code>secret</code> - <code>string</code> - Optional - Your AWS secret key, or a session secret key. If blank, the default credential set will be used.</li> * <li><code>token</code> - <code>string</code> - Optional - An AWS session token.</li></ul> * @return void */ public function __construct(array $options = array()) { $this->api_version = '2011-12-05'; $this->hostname = self::DEFAULT_URL; $this->auth_class = 'AuthV3JSON'; $this->operation_prefix = 'x-amz-target:DynamoDB_20111205.'; parent::__construct($options); // Default caching mechanism is required if (!$this->credentials->default_cache_config) { // @codeCoverageIgnoreStart throw new DynamoDB_Exception('The DynamoDB class requires the "default_cache_config" configuration to be set in the config.inc.php file.'); // @codeCoverageIgnoreEnd } $token = new AmazonSTS($options); $token->set_cache_config($this->credentials->default_cache_config); $response = $token->cache(3600)->get_session_token(); $this->key = (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId; $this->secret_key = (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey; $this->auth_token = (string) $response->body->GetSessionTokenResult->Credentials->SessionToken; }