ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
AWS.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Sabre\HTTP\Auth;
4 
5 use Sabre\HTTP\Util;
6 
16 class AWS extends AbstractAuth {
17 
23  private $signature = null;
24 
30  private $accessKey = null;
31 
39  public $errorCode = 0;
40 
41  const ERR_NOAWSHEADER = 1;
42  const ERR_MD5CHECKSUMWRONG = 2;
43  const ERR_INVALIDDATEFORMAT = 3;
44  const ERR_REQUESTTIMESKEWED = 4;
45  const ERR_INVALIDSIGNATURE = 5;
46 
54  function init() {
55 
56  $authHeader = $this->request->getHeader('Authorization');
57  $authHeader = explode(' ', $authHeader);
58 
59  if ($authHeader[0] != 'AWS' || !isset($authHeader[1])) {
60  $this->errorCode = self::ERR_NOAWSHEADER;
61  return false;
62  }
63 
64  list($this->accessKey, $this->signature) = explode(':', $authHeader[1]);
65 
66  return true;
67 
68  }
69 
75  function getAccessKey() {
76 
77  return $this->accessKey;
78 
79  }
80 
87  function validate($secretKey) {
88 
89  $contentMD5 = $this->request->getHeader('Content-MD5');
90 
91  if ($contentMD5) {
92  // We need to validate the integrity of the request
93  $body = $this->request->getBody();
94  $this->request->setBody($body);
95 
96  if ($contentMD5 != base64_encode(md5($body, true))) {
97  // content-md5 header did not match md5 signature of body
98  $this->errorCode = self::ERR_MD5CHECKSUMWRONG;
99  return false;
100  }
101 
102  }
103 
104  if (!$requestDate = $this->request->getHeader('x-amz-date'))
105  $requestDate = $this->request->getHeader('Date');
106 
107  if (!$this->validateRFC2616Date($requestDate))
108  return false;
109 
110  $amzHeaders = $this->getAmzHeaders();
111 
112  $signature = base64_encode(
113  $this->hmacsha1($secretKey,
114  $this->request->getMethod() . "\n" .
115  $contentMD5 . "\n" .
116  $this->request->getHeader('Content-type') . "\n" .
117  $requestDate . "\n" .
118  $amzHeaders .
119  $this->request->getUrl()
120  )
121  );
122 
123  if ($this->signature != $signature) {
124 
125  $this->errorCode = self::ERR_INVALIDSIGNATURE;
126  return false;
127 
128  }
129 
130  return true;
131 
132  }
133 
134 
142  function requireLogin() {
143 
144  $this->response->addHeader('WWW-Authenticate', 'AWS');
145  $this->response->setStatus(401);
146 
147  }
148 
161  protected function validateRFC2616Date($dateHeader) {
162 
163  $date = Util::parseHTTPDate($dateHeader);
164 
165  // Unknown format
166  if (!$date) {
167  $this->errorCode = self::ERR_INVALIDDATEFORMAT;
168  return false;
169  }
170 
171  $min = new \DateTime('-15 minutes');
172  $max = new \DateTime('+15 minutes');
173 
174  // We allow 15 minutes around the current date/time
175  if ($date > $max || $date < $min) {
176  $this->errorCode = self::ERR_REQUESTTIMESKEWED;
177  return false;
178  }
179 
180  return $date;
181 
182  }
183 
189  protected function getAmzHeaders() {
190 
191  $amzHeaders = [];
192  $headers = $this->request->getHeaders();
193  foreach ($headers as $headerName => $headerValue) {
194  if (strpos(strtolower($headerName), 'x-amz-') === 0) {
195  $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0]) . "\n";
196  }
197  }
198  ksort($amzHeaders);
199 
200  $headerStr = '';
201  foreach ($amzHeaders as $h => $v) {
202  $headerStr .= $h . ':' . $v;
203  }
204 
205  return $headerStr;
206 
207  }
208 
216  private function hmacsha1($key, $message) {
217 
218  if (function_exists('hash_hmac')) {
219  return hash_hmac('sha1', $message, $key, true);
220  }
221 
222  $blocksize = 64;
223  if (strlen($key) > $blocksize) {
224  $key = pack('H*', sha1($key));
225  }
226  $key = str_pad($key, $blocksize, chr(0x00));
227  $ipad = str_repeat(chr(0x36), $blocksize);
228  $opad = str_repeat(chr(0x5c), $blocksize);
229  $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message))));
230  return $hmac;
231 
232  }
233 
234 }
Sabre\HTTP\Auth\AWS
HTTP AWS Authentication handler.
Definition: AWS.php:16
Sabre\HTTP\Auth\AWS\ERR_INVALIDSIGNATURE
const ERR_INVALIDSIGNATURE
Definition: AWS.php:45
$h
$h
Definition: example_009.php:101
Sabre\HTTP\Auth\AWS\validateRFC2616Date
validateRFC2616Date($dateHeader)
Makes sure the supplied value is a valid RFC2616 date.
Definition: AWS.php:161
Sabre\HTTP\Auth\AWS\requireLogin
requireLogin()
Returns an HTTP 401 header, forcing login.
Definition: AWS.php:142
Sabre\HTTP\Auth\AWS\getAccessKey
getAccessKey()
Returns the username for the request.
Definition: AWS.php:75
Sabre\HTTP\Util\parseHTTPDate
static parseHTTPDate($dateHeader)
Parses a RFC2616-compatible date string.
Definition: Util.php:53
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
Sabre\HTTP\Auth\AWS\validate
validate($secretKey)
Validates the signature based on the secretKey.
Definition: AWS.php:87
Sabre\HTTP\Auth\AWS\init
init()
Gathers all information from the headers.
Definition: AWS.php:54
Sabre\HTTP\Auth\AWS\ERR_INVALIDDATEFORMAT
const ERR_INVALIDDATEFORMAT
Definition: AWS.php:43
Sabre\HTTP\Auth\AWS\getAmzHeaders
getAmzHeaders()
Returns a list of AMZ headers.
Definition: AWS.php:189
Sabre\HTTP\Auth\AbstractAuth
HTTP Authentication base class.
Definition: AbstractAuth.php:17
Sabre\HTTP\Auth\AWS\ERR_NOAWSHEADER
const ERR_NOAWSHEADER
Definition: AWS.php:41
Sabre\HTTP\Auth\AWS\ERR_REQUESTTIMESKEWED
const ERR_REQUESTTIMESKEWED
Definition: AWS.php:44
Sabre\HTTP\Auth\AWS\ERR_MD5CHECKSUMWRONG
const ERR_MD5CHECKSUMWRONG
Definition: AWS.php:42
$key
$key
Definition: croninfo.php:18
Sabre\HTTP\Auth\AWS\hmacsha1
hmacsha1($key, $message)
Generates an HMAC-SHA1 signature.
Definition: AWS.php:216