AnonymousSignature.php
11 months ago
S3ExpressSignature.php
11 months ago
S3SignatureV4.php
11 months ago
SignatureInterface.php
11 months ago
SignatureProvider.php
11 months ago
SignatureTrait.php
11 months ago
SignatureV4.php
11 months ago
S3SignatureV4.php
89 lines
| 1 | <?php |
| 2 | namespace Aws\Signature; |
| 3 | |
| 4 | use Aws\Credentials\CredentialsInterface; |
| 5 | use Psr\Http\Message\RequestInterface; |
| 6 | |
| 7 | /** |
| 8 | * Amazon S3 signature version 4 support. |
| 9 | */ |
| 10 | class S3SignatureV4 extends SignatureV4 |
| 11 | { |
| 12 | /** |
| 13 | * S3-specific signing logic |
| 14 | * |
| 15 | * {@inheritdoc} |
| 16 | */ |
| 17 | use SignatureTrait; |
| 18 | |
| 19 | public function signRequest( |
| 20 | RequestInterface $request, |
| 21 | CredentialsInterface $credentials, |
| 22 | $signingService = null |
| 23 | ) { |
| 24 | // Always add a x-amz-content-sha-256 for data integrity |
| 25 | if (!$request->hasHeader('x-amz-content-sha256')) { |
| 26 | $request = $request->withHeader( |
| 27 | 'x-amz-content-sha256', |
| 28 | $this->getPayload($request) |
| 29 | ); |
| 30 | } |
| 31 | $useCrt = |
| 32 | strpos($request->getUri()->getHost(), "accesspoint.s3-global") |
| 33 | !== false; |
| 34 | if (!$useCrt) { |
| 35 | if (strpos($request->getUri()->getHost(), "s3-object-lambda")) { |
| 36 | return parent::signRequest($request, $credentials, "s3-object-lambda"); |
| 37 | } |
| 38 | return parent::signRequest($request, $credentials); |
| 39 | } |
| 40 | $signingService = $signingService ?: 's3'; |
| 41 | return $this->signWithV4a($credentials, $request, $signingService); |
| 42 | } |
| 43 | |
| 44 | /** |
| 45 | * Always add a x-amz-content-sha-256 for data integrity. |
| 46 | * |
| 47 | * {@inheritdoc} |
| 48 | */ |
| 49 | public function presign( |
| 50 | RequestInterface $request, |
| 51 | CredentialsInterface $credentials, |
| 52 | $expires, |
| 53 | array $options = [] |
| 54 | ) { |
| 55 | if (!$request->hasHeader('x-amz-content-sha256')) { |
| 56 | $request = $request->withHeader( |
| 57 | 'X-Amz-Content-Sha256', |
| 58 | $this->getPresignedPayload($request) |
| 59 | ); |
| 60 | } |
| 61 | if (strpos($request->getUri()->getHost(), "accesspoint.s3-global")) { |
| 62 | $request = $request->withHeader("x-amz-region-set", "*"); |
| 63 | } |
| 64 | |
| 65 | return parent::presign($request, $credentials, $expires, $options); |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * Override used to allow pre-signed URLs to be created for an |
| 70 | * in-determinate request payload. |
| 71 | */ |
| 72 | protected function getPresignedPayload(RequestInterface $request) |
| 73 | { |
| 74 | return SignatureV4::UNSIGNED_PAYLOAD; |
| 75 | } |
| 76 | |
| 77 | /** |
| 78 | * Amazon S3 does not double-encode the path component in the canonical request |
| 79 | */ |
| 80 | protected function createCanonicalizedPath($path) |
| 81 | { |
| 82 | // Only remove one slash in case of keys that have a preceding slash |
| 83 | if (substr($path, 0, 1) === '/') { |
| 84 | $path = substr($path, 1); |
| 85 | } |
| 86 | return '/' . $path; |
| 87 | } |
| 88 | } |
| 89 |