ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
AWS.php
Go to the documentation of this file.
1<?php
2
3namespace Sabre\HTTP\Auth;
4
5use Sabre\HTTP\Util;
6
16class AWS extends AbstractAuth {
17
23 private $signature = null;
24
30 private $accessKey = null;
31
39 public $errorCode = 0;
40
41 const ERR_NOAWSHEADER = 1;
42 const ERR_MD5CHECKSUMWRONG = 2;
43 const ERR_INVALIDDATEFORMAT = 3;
44 const ERR_REQUESTTIMESKEWED = 4;
45 const ERR_INVALIDSIGNATURE = 5;
46
54 function init() {
55
56 $authHeader = $this->request->getHeader('Authorization');
57 $authHeader = explode(' ', $authHeader);
58
59 if ($authHeader[0] != 'AWS' || !isset($authHeader[1])) {
60 $this->errorCode = self::ERR_NOAWSHEADER;
61 return false;
62 }
63
64 list($this->accessKey, $this->signature) = explode(':', $authHeader[1]);
65
66 return true;
67
68 }
69
75 function getAccessKey() {
76
77 return $this->accessKey;
78
79 }
80
87 function validate($secretKey) {
88
89 $contentMD5 = $this->request->getHeader('Content-MD5');
90
91 if ($contentMD5) {
92 // We need to validate the integrity of the request
93 $body = $this->request->getBody();
94 $this->request->setBody($body);
95
96 if ($contentMD5 != base64_encode(md5($body, true))) {
97 // content-md5 header did not match md5 signature of body
98 $this->errorCode = self::ERR_MD5CHECKSUMWRONG;
99 return false;
100 }
101
102 }
103
104 if (!$requestDate = $this->request->getHeader('x-amz-date'))
105 $requestDate = $this->request->getHeader('Date');
106
107 if (!$this->validateRFC2616Date($requestDate))
108 return false;
109
110 $amzHeaders = $this->getAmzHeaders();
111
112 $signature = base64_encode(
113 $this->hmacsha1($secretKey,
114 $this->request->getMethod() . "\n" .
115 $contentMD5 . "\n" .
116 $this->request->getHeader('Content-type') . "\n" .
117 $requestDate . "\n" .
118 $amzHeaders .
119 $this->request->getUrl()
120 )
121 );
122
123 if ($this->signature != $signature) {
124
125 $this->errorCode = self::ERR_INVALIDSIGNATURE;
126 return false;
127
128 }
129
130 return true;
131
132 }
133
134
142 function requireLogin() {
143
144 $this->response->addHeader('WWW-Authenticate', 'AWS');
145 $this->response->setStatus(401);
146
147 }
148
161 protected function validateRFC2616Date($dateHeader) {
162
163 $date = Util::parseHTTPDate($dateHeader);
164
165 // Unknown format
166 if (!$date) {
167 $this->errorCode = self::ERR_INVALIDDATEFORMAT;
168 return false;
169 }
170
171 $min = new \DateTime('-15 minutes');
172 $max = new \DateTime('+15 minutes');
173
174 // We allow 15 minutes around the current date/time
175 if ($date > $max || $date < $min) {
176 $this->errorCode = self::ERR_REQUESTTIMESKEWED;
177 return false;
178 }
179
180 return $date;
181
182 }
183
189 protected function getAmzHeaders() {
190
191 $amzHeaders = [];
192 $headers = $this->request->getHeaders();
193 foreach ($headers as $headerName => $headerValue) {
194 if (strpos(strtolower($headerName), 'x-amz-') === 0) {
195 $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0]) . "\n";
196 }
197 }
198 ksort($amzHeaders);
199
200 $headerStr = '';
201 foreach ($amzHeaders as $h => $v) {
202 $headerStr .= $h . ':' . $v;
203 }
204
205 return $headerStr;
206
207 }
208
216 private function hmacsha1($key, $message) {
217
218 if (function_exists('hash_hmac')) {
219 return hash_hmac('sha1', $message, $key, true);
220 }
221
222 $blocksize = 64;
223 if (strlen($key) > $blocksize) {
224 $key = pack('H*', sha1($key));
225 }
226 $key = str_pad($key, $blocksize, chr(0x00));
227 $ipad = str_repeat(chr(0x36), $blocksize);
228 $opad = str_repeat(chr(0x5c), $blocksize);
229 $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message))));
230 return $hmac;
231
232 }
233
234}
php
An exception for terminatinating execution or to throw for unit testing.
Sabre\HTTP\Auth\AWS
HTTP AWS Authentication handler.
Definition: AWS.php:16
Sabre\HTTP\Auth\AWS\getAmzHeaders
getAmzHeaders()
Returns a list of AMZ headers.
Definition: AWS.php:189
Sabre\HTTP\Auth\AWS\validate
validate($secretKey)
Validates the signature based on the secretKey.
Definition: AWS.php:87
Sabre\HTTP\Auth\AWS\ERR_REQUESTTIMESKEWED
const ERR_REQUESTTIMESKEWED
Definition: AWS.php:44
Sabre\HTTP\Auth\AWS\getAccessKey
getAccessKey()
Returns the username for the request.
Definition: AWS.php:75
Sabre\HTTP\Auth\AWS\ERR_NOAWSHEADER
const ERR_NOAWSHEADER
Definition: AWS.php:41
Sabre\HTTP\Auth\AWS\hmacsha1
hmacsha1($key, $message)
Generates an HMAC-SHA1 signature.
Definition: AWS.php:216
Sabre\HTTP\Auth\AWS\init
init()
Gathers all information from the headers.
Definition: AWS.php:54
Sabre\HTTP\Auth\AWS\requireLogin
requireLogin()
Returns an HTTP 401 header, forcing login.
Definition: AWS.php:142
Sabre\HTTP\Auth\AWS\ERR_INVALIDSIGNATURE
const ERR_INVALIDSIGNATURE
Definition: AWS.php:45
Sabre\HTTP\Auth\AWS\ERR_MD5CHECKSUMWRONG
const ERR_MD5CHECKSUMWRONG
Definition: AWS.php:42
Sabre\HTTP\Auth\AWS\ERR_INVALIDDATEFORMAT
const ERR_INVALIDDATEFORMAT
Definition: AWS.php:43
Sabre\HTTP\Auth\AWS\validateRFC2616Date
validateRFC2616Date($dateHeader)
Makes sure the supplied value is a valid RFC2616 date.
Definition: AWS.php:161
Sabre\HTTP\Auth\AbstractAuth
HTTP Authentication base class.
Definition: AbstractAuth.php:17
Sabre\HTTP\Util
HTTP utility methods.
Definition: Util.php:14
Sabre\HTTP\Util\parseHTTPDate
static parseHTTPDate($dateHeader)
Parses a RFC2616-compatible date string.
Definition: Util.php:53
$key
$key
Definition: croninfo.php:18
$h
$h
Definition: example_009.php:101
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34