/**
* Always add a x-amz-content-sha-256 for data integrity.
*/
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
if (!$request->hasHeader('x-amz-content-sha256')) {
$request->setHeader('x-amz-content-sha256', $this->getPayload($request));
}
parent::signRequest($request, $credentials);
}
public function signRequest(RequestInterface $request, CredentialsInterface $credentials)
{
if ($request instanceof EntityEnclosingRequestInterface && $request->getBody()) {
$request->setHeader('X-Amz-Content-Sha256', EntityBody::getHash($request->getBody(), 'sha256'));
} else {
$request->setHeader('X-Amz-Content-Sha256', hash('sha256', ''));
}
parent::signRequest($request, $credentials);
}
/**
* Override used to allow pre-signed URLs to be created for an
* in-determinate request payload.
*/
protected function getPresignedPayload(RequestInterface $request)
{
$result = parent::getPresignedPayload($request);
// If the body is empty, then sign with 'UNSIGNED-PAYLOAD'
if ($result === self::DEFAULT_PAYLOAD) {
$result = 'UNSIGNED-PAYLOAD';
}
return $result;
}
private function createPresignedUrl(AwsClientInterface $client, CommandInterface $command)
{
// Create a temporary client used to generate the presigned URL
$newClient = Ec2Client::factory(array('region' => $command['SourceRegion'], 'signature' => 'v4', 'credentials' => $client->getCredentials()));
$preCommand = $newClient->getCommand('CopySnapshot', $command->toArray());
$preCommand['__internal'] = true;
/** @var \Guzzle\Http\Message\EntityEnclosingRequest $preRequest */
$preRequest = $preCommand->prepare();
return $newClient->getSignature()->createPresignedUrl(SignatureV4::convertPostToGet($preRequest), $newClient->getCredentials(), '+1 hour');
}
/**
* Return an appropriate signature object for a a client based on a description
*
* @param ServiceDescription $description Description that holds a signature option
* @param Collection $config Configuration options
*
* @return SignatureInterface
* @throws InvalidArgumentException
*/
protected function getSignature(ServiceDescription $description, Collection $config)
{
if (!($signature = $config->get(Options::SIGNATURE))) {
switch ($description->getData('signatureVersion')) {
case 'v2':
$signature = new SignatureV2();
break;
case 'v3':
$signature = new SignatureV3();
break;
case 'v3https':
$signature = new SignatureV3Https();
break;
case 'v4':
$signature = new SignatureV4();
break;
default:
throw new InvalidArgumentException('Service description does not specify a valid signatureVersion');
}
}
// Allow a custom service name or region value to be provided
if ($signature instanceof EndpointSignatureInterface) {
// Determine the service name to use when signing
if (!($service = $config->get(Options::SIGNATURE_SERVICE))) {
if (!($service = $description->getData('signingName'))) {
$service = $description->getData('endpointPrefix');
}
}
$signature->setServiceName($service);
// Determine the region to use when signing requests
if (!($region = $config->get(Options::SIGNATURE_REGION))) {
$region = $config->get(Options::REGION);
}
$signature->setRegionName($region);
}
return $signature;
}
/**
* @expectedException \InvalidArgumentException
*/
public function testEnsuresMethodIsPost()
{
$request = new EntityEnclosingRequest('PUT', 'http://foo.com');
SignatureV4::convertPostToGet($request);
}
/**
* Return an appropriate signature object for a a client based on a description
*
* @param ServiceDescription $description Description that holds a signature option
* @param Collection $config Configuration options
*
* @throws InvalidArgumentException
*/
protected function addSignature(ServiceDescription $description, Collection $config)
{
if (!($signature = $config->get(Options::SIGNATURE))) {
if (!$description->getData('signatureVersion')) {
throw new InvalidArgumentException('The service description does not specify a signatureVersion');
}
switch ($description->getData('signatureVersion')) {
case 'v2':
$signature = new SignatureV2();
break;
case 'v3':
$signature = new SignatureV3();
break;
case 'v3https':
$signature = new SignatureV3Https();
break;
case 'v4':
$signature = new SignatureV4();
break;
}
}
// Allow a custom service name or region value to be provided
if ($signature instanceof EndpointSignatureInterface) {
$signature->setServiceName($config->get(Options::SIGNATURE_SERVICE) ?: $description->getData('signingName'));
$signature->setRegionName($config->get(Options::SIGNATURE_REGION));
}
$config->set(Options::SIGNATURE, $signature);
}
public function testSetRegionUpdatesBaseUrlAndSignature()
{
// Setup client
$endpointProvider = new XmlEndpointProvider();
$signature = new SignatureV4();
$signature->setRegionName(Region::US_EAST_1);
$credentials = new Credentials('test', '123');
$config = new Collection(array(Options::SERVICE => 's3', Options::SCHEME => 'https', Options::BASE_URL => $endpointProvider->getEndpoint('s3', Region::US_EAST_1)->getBaseUrl('https'), Options::ENDPOINT_PROVIDER => $endpointProvider));
/** @var $client AbstractClient */
$client = $this->getMockBuilder('Aws\\Common\\Client\\AbstractClient')->setConstructorArgs(array($credentials, $signature, $config))->getMockForAbstractClass();
// Get the original values
$baseUrl1 = $client->getBaseUrl();
$regionName1 = $this->readAttribute($signature, 'regionName');
$this->assertNotEmpty($baseUrl1);
$this->assertNotEmpty($regionName1);
// Change the region, get the new values, and compare with old
$client->setRegion(Region::US_WEST_1);
$baseUrl2 = $client->getBaseUrl();
$regionName2 = $this->readAttribute($signature, 'regionName');
$this->assertNotEmpty($baseUrl2);
$this->assertNotEmpty($regionName2);
$this->assertNotEquals($baseUrl1, $baseUrl2);
$this->assertNotEquals($regionName1, $regionName2);
}
public function testSignSpecificHeaders()
{
$sig = new SignatureV4('foo', 'bar');
$creds = new Credentials('a', 'b');
$req = new Request('PUT', 'http://foo.com', array('date' => 'today', 'host' => 'foo.com', 'x-amz-foo' => '123', 'content-md5' => 'bogus'));
$sig->signRequest($req, $creds);
$creq = $req->getParams()->getPath('aws.signature/canonical_request');
$this->assertContains('content-md5;date;host;x-amz-foo', $creq);
}
