hasHeader('x-amz-content-sha256')) { $request = $request->withHeader( 'x-amz-content-sha256', $this->getPayload($request) ); } $useCrt = strpos($request->getUri()->getHost(), "accesspoint.s3-global") !== false; if (!$useCrt) { if (strpos($request->getUri()->getHost(), "s3-object-lambda")) { return parent::signRequest($request, $credentials, "s3-object-lambda"); } return parent::signRequest($request, $credentials); } $signingService = $signingService ?: 's3'; return $this->signWithV4a($credentials, $request, $signingService); } /** * @param CredentialsInterface $credentials * @param RequestInterface $request * @param $signingService * @param SigningConfigAWS|null $signingConfig * @return RequestInterface * * Instantiates a separate sigv4a signing config. All services except S3 * use double encoding. All services except S3 require path normalization. */ protected function signWithV4a( CredentialsInterface $credentials, RequestInterface $request, $signingService, SigningConfigAWS $signingConfig = null ){ $this->verifyCRTLoaded(); $credentials_provider = $this->createCRTStaticCredentialsProvider($credentials); $signingConfig = new SigningConfigAWS([ 'algorithm' => SigningAlgorithm::SIGv4_ASYMMETRIC, 'signature_type' => SignatureType::HTTP_REQUEST_HEADERS, 'credentials_provider' => $credentials_provider, 'signed_body_value' => $this->getPayload($request), 'region' => "*", 'should_normalize_uri_path' => false, 'use_double_uri_encode' => false, 'service' => $signingService, 'date' => time(), ]); return parent::signWithV4a($credentials, $request, $signingService, $signingConfig); } /** * Always add a x-amz-content-sha-256 for data integrity. * * {@inheritdoc} */ public function presign( RequestInterface $request, CredentialsInterface $credentials, $expires, array $options = [] ) { if (!$request->hasHeader('x-amz-content-sha256')) { $request = $request->withHeader( 'X-Amz-Content-Sha256', $this->getPresignedPayload($request) ); } if (strpos($request->getUri()->getHost(), "accesspoint.s3-global")) { $request = $request->withHeader("x-amz-region-set", "*"); } return parent::presign($request, $credentials, $expires, $options); } /** * Override used to allow pre-signed URLs to be created for an * in-determinate request payload. */ protected function getPresignedPayload(RequestInterface $request) { return SignatureV4::UNSIGNED_PAYLOAD; } /** * Amazon S3 does not double-encode the path component in the canonical request */ protected function createCanonicalizedPath($path) { // Only remove one slash in case of keys that have a preceding slash if (substr($path, 0, 1) === '/') { $path = substr($path, 1); } return '/' . $path; } }