| 1 |
efrain |
1 |
<?php
|
|
|
2 |
namespace Aws\Signature;
|
|
|
3 |
|
|
|
4 |
use Aws\Exception\UnresolvedSignatureException;
|
|
|
5 |
use Aws\Token\BearerTokenAuthorization;
|
|
|
6 |
|
|
|
7 |
/**
|
|
|
8 |
* Signature providers.
|
|
|
9 |
*
|
|
|
10 |
* A signature provider is a function that accepts a version, service, and
|
|
|
11 |
* region and returns a {@see SignatureInterface} object on success or NULL if
|
|
|
12 |
* no signature can be created from the provided arguments.
|
|
|
13 |
*
|
|
|
14 |
* You can wrap your calls to a signature provider with the
|
|
|
15 |
* {@see SignatureProvider::resolve} function to ensure that a signature object
|
|
|
16 |
* is created. If a signature object is not created, then the resolve()
|
|
|
17 |
* function will throw a {@see Aws\Exception\UnresolvedSignatureException}.
|
|
|
18 |
*
|
|
|
19 |
* use Aws\Signature\SignatureProvider;
|
|
|
20 |
* $provider = SignatureProvider::defaultProvider();
|
|
|
21 |
* // Returns a SignatureInterface or NULL.
|
|
|
22 |
* $signer = $provider('v4', 's3', 'us-west-2');
|
|
|
23 |
* // Returns a SignatureInterface or throws.
|
|
|
24 |
* $signer = SignatureProvider::resolve($provider, 'no', 's3', 'foo');
|
|
|
25 |
*
|
|
|
26 |
* You can compose multiple providers into a single provider using
|
|
|
27 |
* {@see Aws\or_chain}. This function accepts providers as arguments and
|
|
|
28 |
* returns a new function that will invoke each provider until a non-null value
|
|
|
29 |
* is returned.
|
|
|
30 |
*
|
|
|
31 |
* $a = SignatureProvider::defaultProvider();
|
|
|
32 |
* $b = function ($version, $service, $region) {
|
|
|
33 |
* if ($version === 'foo') {
|
|
|
34 |
* return new MyFooSignature();
|
|
|
35 |
* }
|
|
|
36 |
* };
|
|
|
37 |
* $c = \Aws\or_chain($a, $b);
|
|
|
38 |
* $signer = $c('v4', 'abc', '123'); // $a handles this.
|
|
|
39 |
* $signer = $c('foo', 'abc', '123'); // $b handles this.
|
|
|
40 |
* $nullValue = $c('???', 'abc', '123'); // Neither can handle this.
|
|
|
41 |
*/
|
|
|
42 |
class SignatureProvider
|
|
|
43 |
{
|
|
|
44 |
private static $s3v4SignedServices = [
|
|
|
45 |
's3' => true,
|
|
|
46 |
's3control' => true,
|
|
|
47 |
's3-object-lambda' => true,
|
|
|
48 |
];
|
|
|
49 |
|
|
|
50 |
/**
|
|
|
51 |
* Resolves and signature provider and ensures a non-null return value.
|
|
|
52 |
*
|
|
|
53 |
* @param callable $provider Provider function to invoke.
|
|
|
54 |
* @param string $version Signature version.
|
|
|
55 |
* @param string $service Service name.
|
|
|
56 |
* @param string $region Region name.
|
|
|
57 |
*
|
|
|
58 |
* @return SignatureInterface
|
|
|
59 |
* @throws UnresolvedSignatureException
|
|
|
60 |
*/
|
|
|
61 |
public static function resolve(callable $provider, $version, $service, $region)
|
|
|
62 |
{
|
|
|
63 |
$result = $provider($version, $service, $region);
|
|
|
64 |
if ($result instanceof SignatureInterface
|
|
|
65 |
|| $result instanceof BearerTokenAuthorization
|
|
|
66 |
) {
|
|
|
67 |
return $result;
|
|
|
68 |
}
|
|
|
69 |
|
|
|
70 |
throw new UnresolvedSignatureException(
|
|
|
71 |
"Unable to resolve a signature for $version/$service/$region.\n"
|
|
|
72 |
. "Valid signature versions include v4 and anonymous."
|
|
|
73 |
);
|
|
|
74 |
}
|
|
|
75 |
|
|
|
76 |
/**
|
|
|
77 |
* Default SDK signature provider.
|
|
|
78 |
*
|
|
|
79 |
* @return callable
|
|
|
80 |
*/
|
|
|
81 |
public static function defaultProvider()
|
|
|
82 |
{
|
|
|
83 |
return self::memoize(self::version());
|
|
|
84 |
}
|
|
|
85 |
|
|
|
86 |
/**
|
|
|
87 |
* Creates a signature provider that caches previously created signature
|
|
|
88 |
* objects. The computed cache key is the concatenation of the version,
|
|
|
89 |
* service, and region.
|
|
|
90 |
*
|
|
|
91 |
* @param callable $provider Signature provider to wrap.
|
|
|
92 |
*
|
|
|
93 |
* @return callable
|
|
|
94 |
*/
|
|
|
95 |
public static function memoize(callable $provider)
|
|
|
96 |
{
|
|
|
97 |
$cache = [];
|
|
|
98 |
return function ($version, $service, $region) use (&$cache, $provider) {
|
|
|
99 |
$key = "($version)($service)($region)";
|
|
|
100 |
if (!isset($cache[$key])) {
|
|
|
101 |
$cache[$key] = $provider($version, $service, $region);
|
|
|
102 |
}
|
|
|
103 |
return $cache[$key];
|
|
|
104 |
};
|
|
|
105 |
}
|
|
|
106 |
|
|
|
107 |
/**
|
|
|
108 |
* Creates signature objects from known signature versions.
|
|
|
109 |
*
|
|
|
110 |
* This provider currently recognizes the following signature versions:
|
|
|
111 |
*
|
|
|
112 |
* - v4: Signature version 4.
|
|
|
113 |
* - anonymous: Does not sign requests.
|
|
|
114 |
*
|
|
|
115 |
* @return callable
|
|
|
116 |
*/
|
|
|
117 |
public static function version()
|
|
|
118 |
{
|
|
|
119 |
return function ($version, $service, $region) {
|
|
|
120 |
switch ($version) {
|
|
|
121 |
case 's3v4':
|
|
|
122 |
case 'v4':
|
|
|
123 |
return !empty(self::$s3v4SignedServices[$service])
|
|
|
124 |
? new S3SignatureV4($service, $region)
|
|
|
125 |
: new SignatureV4($service, $region);
|
|
|
126 |
case 'v4a':
|
|
|
127 |
return !empty(self::$s3v4SignedServices[$service])
|
|
|
128 |
? new S3SignatureV4($service, $region, ['use_v4a' => true])
|
|
|
129 |
: new SignatureV4($service, $region, ['use_v4a' => true]);
|
|
|
130 |
case 'v4-unsigned-body':
|
|
|
131 |
return !empty(self::$s3v4SignedServices[$service])
|
|
|
132 |
? new S3SignatureV4($service, $region, ['unsigned-body' => 'true'])
|
|
|
133 |
: new SignatureV4($service, $region, ['unsigned-body' => 'true']);
|
|
|
134 |
case 'bearer':
|
|
|
135 |
return new BearerTokenAuthorization();
|
|
|
136 |
case 'anonymous':
|
|
|
137 |
return new AnonymousSignature();
|
|
|
138 |
default:
|
|
|
139 |
return null;
|
|
|
140 |
}
|
|
|
141 |
};
|
|
|
142 |
}
|
|
|
143 |
}
|