Página Principal Explorar Ajuda
Iniciar Sessão
urbanu619
/
yunbaodsp
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 68fa541fca
Ramos Etiquetas
yunbaodsp
/
web
/
sdk
/
aws
/
Aws
/
CloudFront
/
Signer.php

Signer.php 5.0 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. <?php
    2. 

  2. namespace Aws\CloudFront;
    3. 

  3. 

  4. /**
    5. 

  5.  * @internal
    6. 

  6.  */
    7. 

  7. class Signer
    8. 

  8. {
    9. 

  9.     private $keyPairId;
    10. 

  10.     private $pkHandle;
    11. 

  11. 

  12.     /**
    13. 

  13.      * A signer for creating the signature values used in CloudFront signed URLs
    14. 

  14.      * and signed cookies.
    15. 

  15.      *
    16. 

  16.      * @param $keyPairId  string ID of the key pair
    17. 

  17.      * @param $privateKey string Path to the private key used for signing
    18. 

  18.      * @param $passphrase string Passphrase to private key file, if one exists
    19. 

  19.      *
    20. 

  20.      * @throws \RuntimeException if the openssl extension is missing
    21. 

  21.      * @throws \InvalidArgumentException if the private key cannot be found.
    22. 

  22.      */
    23. 

  23.     public function __construct($keyPairId, $privateKey, $passphrase = "")
    24. 

  24.     {
    25. 

  25.         if (!extension_loaded('openssl')) {
    26. 

  26.             //@codeCoverageIgnoreStart
    27. 

  27.             throw new \RuntimeException('The openssl extension is required to '
    28. 

  28.                 . 'sign CloudFront urls.');
    29. 

  29.             //@codeCoverageIgnoreEnd
    30. 

  30.         }
    31. 

  31. 

  32.         $this->keyPairId = $keyPairId;
    33. 

  33. 

  34.         if (!$this->pkHandle = openssl_pkey_get_private($privateKey, $passphrase)) {
    35. 

  35.             if (!file_exists($privateKey)) {
    36. 

  36.                 throw new \InvalidArgumentException("PK file not found: $privateKey");
    37. 

  37.             }
    38. 

  38. 

  39.             $this->pkHandle = openssl_pkey_get_private("file://$privateKey", $passphrase);
    40. 

  40.             if (!$this->pkHandle) {
    41. 

  41.                 $errorMessages = [];
    42. 

  42.                 while(($newMessage = openssl_error_string()) !== false){
    43. 

  43.                     $errorMessages[] = $newMessage;
    44. 

  44.                 }
    45. 

  45.                 throw new \InvalidArgumentException(implode("\n",$errorMessages));
    46. 

  46.             }
    47. 

  47.         }
    48. 

  48.     }
    49. 

  49. 

  50.     public function __destruct()
    51. 

  51.     {
    52. 

  52.         if (PHP_MAJOR_VERSION < 8) {
    53. 

  53.             $this->pkHandle && openssl_pkey_free($this->pkHandle);
    54. 

  54.         }
    55. 

  55.     }
    56. 

  56. 

  57.     /**
    58. 

  58.      * Create the values used to construct signed URLs and cookies.
    59. 

  59.      *
    60. 

  60.      * @param string              $resource     The CloudFront resource to which
    61. 

  61.      *                                          this signature will grant access.
    62. 

  62.      *                                          Not used when a custom policy is
    63. 

  63.      *                                          provided.
    64. 

  64.      * @param string|integer|null $expires      UTC Unix timestamp used when
    65. 

  65.      *                                          signing with a canned policy.
    66. 

  66.      *                                          Not required when passing a
    67. 

  67.      *                                          custom $policy.
    68. 

  68.      * @param string              $policy       JSON policy. Use this option when
    69. 

  69.      *                                          creating a signature for a custom
    70. 

  70.      *                                          policy.
    71. 

  71.      *
    72. 

  72.      * @return array The values needed to construct a signed URL or cookie
    73. 

  73.      * @throws \InvalidArgumentException  when not provided either a policy or a
    74. 

  74.      *                                    resource and a expires
    75. 

  75.      * @throws \RuntimeException when generated signature is empty
    76. 

  76.      *
    77. 

  77.      * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html
    78. 

  78.      */
    79. 

  79.     public function getSignature($resource = null, $expires = null, $policy = null)
    80. 

  80.     {
    81. 

  81.         $signatureHash = [];
    82. 

  82.         if ($policy) {
    83. 

  83.             $policy = preg_replace('/\s/s', '', $policy);
    84. 

  84.             $signatureHash['Policy'] = $this->encode($policy);
    85. 

  85.         } elseif ($resource && $expires) {
    86. 

  86.             $expires = (int) $expires; // Handle epoch passed as string
    87. 

  87.             $policy = $this->createCannedPolicy($resource, $expires);
    88. 

  88.             $signatureHash['Expires'] = $expires;
    89. 

  89.         } else {
    90. 

  90.             throw new \InvalidArgumentException('Either a policy or a resource'
    91. 

  91.                 . ' and an expiration time must be provided.');
    92. 

  92.         }
    93. 

  93. 

  94.         $signatureHash['Signature'] = $this->encode($this->sign($policy));
    95. 

  95.         $signatureHash['Key-Pair-Id'] = $this->keyPairId;
    96. 

  96. 

  97.         return $signatureHash;
    98. 

  98.     }
    99. 

  99. 

  100.     private function createCannedPolicy($resource, $expiration)
    101. 

  101.     {
    102. 

  102.         return json_encode([
    103. 

  103.             'Statement' => [
    104. 

  104.                 [
    105. 

  105.                     'Resource' => $resource,
    106. 

  106.                     'Condition' => [
    107. 

  107.                         'DateLessThan' => ['AWS:EpochTime' => $expiration],
    108. 

  108.                     ],
    109. 

  109.                 ],
    110. 

  110.             ],
    111. 

  111.         ], JSON_UNESCAPED_SLASHES);
    112. 

  112.     }
    113. 

  113. 

  114.     private function sign($policy)
    115. 

  115.     {
    116. 

  116.         $signature = '';
    117. 

  117.         
    118. 

  118.         if(!openssl_sign($policy, $signature, $this->pkHandle)) {
    119. 

  119.             $errorMessages = [];
    120. 

  120.             while(($newMessage = openssl_error_string()) !== false) {
    121. 

  121.                 $errorMessages[] = $newMessage;
    122. 

  122.             }
    123. 

  123.             
    124. 

  124.             $exceptionMessage = "An error has occurred when signing the policy";
    125. 

  125.             if (count($errorMessages) > 0) {
    126. 

  126.                 $exceptionMessage = implode("\n", $errorMessages);
    127. 

  127.             }
    128. 

  128. 

  129.             throw new \RuntimeException($exceptionMessage);
    130. 

  130.         }
    131. 

  131. 

  132.         return $signature;
    133. 

  133.     }
    134. 

  134. 

  135.     private function encode($policy)
    136. 

  136.     {
    137. 

  137.         return strtr(base64_encode($policy), '+=/', '-_~');
    138. 

  138.     }
    139. 

  139. }
    140.