Proyectos de Subversion Moodle

<?php

namespace Aws\DSQL;

use Aws\Credentials\CredentialsInterface;

use Aws\Credentials\Credentials;

use Aws\Signature\SignatureV4;

use GuzzleHttp\Psr7\Request;

use GuzzleHttp\Psr7\Uri;

use GuzzleHttp\Promise;

use Aws;

/**

 * Generates auth tokens to connect to DSQL database clusters.

 */

class AuthTokenGenerator

{

    private const DB_CONNECT = 'DbConnect';

    private const DB_CONNECT_ADMIN = 'DbConnectAdmin';

    private const SIGNING_NAME = 'dsql';

    private const DEFAULT_EXPIRATION_TIME_SECONDS = 900;

    /**

     * @var Credentials|callable

     */

    private $credentialProvider;

    /**

     * The constructor takes an instance of Credentials or a CredentialProvider

     *

     * @param Credentials|callable $creds

     */

    public function __construct(Credentials | callable $creds)

    {

        if ($creds instanceof CredentialsInterface) {

            $promise = new Promise\FulfilledPromise($creds);

            $this->credentialProvider = Aws\constantly($promise);

        } else {

            $this->credentialProvider = $creds;

        }

    }

    /**

     * @param string $endpoint

     * @param string $region

     * @param int $expiration

     *

     * @return string

     */

    public function generateDbConnectAuthToken(

        string $endpoint,

        string $region,

        int $expiration = self::DEFAULT_EXPIRATION_TIME_SECONDS

    ): string

    {

        return $this->createToken($endpoint, $region, self::DB_CONNECT, $expiration);

    }

    /**

     * @param string $endpoint

     * @param string $region

     * @param int $expiration

     *

     * @return string

     */

    public function generateDbConnectAdminAuthToken(

        string $endpoint,

        string $region,

        int $expiration = self::DEFAULT_EXPIRATION_TIME_SECONDS

    ): string

    {

        return $this->createToken($endpoint, $region, self::DB_CONNECT_ADMIN, $expiration);

    }

    /**

     * Creates token for database connection

     *

     * @param string $endpoint The database hostname

     * @param string $region The region where the database is located

     * @param string $action Db action to perform

     * @param int $expiration The expiration of the token in seconds

     *

     * @return string Generated token

     */

    private function createToken(

        string $endpoint,

        string $region,

        string $action,

        int $expiration

    ): string

    {

        if ($expiration <= 0) {

            throw new \InvalidArgumentException(

                "Lifetime must be a positive number, was {$expiration}"

            );

        }

        if (empty($region)) {

            throw new \InvalidArgumentException('Region must be a non-empty string.');

        }

        if (empty($endpoint)) {

            throw new \InvalidArgumentException('Endpoint must be a non-empty string.');

        }

        $uri = new Uri($endpoint);

        if (empty($uri->getHost())) {

            $uri = $uri->withHost($endpoint);

        }

        $uri = $uri->withPath('/')->withQuery('Action=' . $action);

        $request = new Request('GET', $uri);

        $signer = new SignatureV4(self::SIGNING_NAME, $region);

        $provider = $this->credentialProvider;

        $url = (string) $signer->presign(

            $request,

            $provider()->wait(),

            '+' . $expiration . ' seconds'

        )->getUri();

        // Remove 2 extra slash from the presigned url result

        return substr($url, 2);

    }

}