AutorÃa | Ultima modificación | Ver Log |
<?phpnamespace Aws\S3\Crypto;use Aws\Crypto\AbstractCryptoClientV2;use Aws\Crypto\EncryptionTraitV2;use Aws\Crypto\MetadataEnvelope;use Aws\Crypto\Cipher\CipherBuilderTrait;use Aws\S3\MultipartUploader;use Aws\S3\S3ClientInterface;use GuzzleHttp\Promise;/*** Encapsulates the execution of a multipart upload of an encrypted object to S3.** Note that for PHP versions of < 7.1, this class uses an AES-GCM polyfill* for encryption since there is no native PHP support. The performance for large* inputs will be a lot slower than for PHP 7.1+, so upgrading older PHP version* environments may be necessary to use this effectively.*/class S3EncryptionMultipartUploaderV2 extends MultipartUploader{use CipherBuilderTrait;use CryptoParamsTraitV2;use EncryptionTraitV2;use UserAgentTrait;CONST CRYPTO_VERSION = '2.1';/*** Returns if the passed cipher name is supported for encryption by the SDK.** @param string $cipherName The name of a cipher to verify is registered.** @return bool If the cipher passed is in our supported list.*/public static function isSupportedCipher($cipherName){return in_array($cipherName, AbstractCryptoClientV2::$supportedCiphers);}private $provider;private $instructionFileSuffix;private $strategy;/*** Creates a multipart upload for an S3 object after encrypting it.** Note that for PHP versions of < 7.1, this class uses an AES-GCM polyfill* for encryption since there is no native PHP support. The performance for* large inputs will be a lot slower than for PHP 7.1+, so upgrading older* PHP version environments may be necessary to use this effectively.** The required configuration options are as follows:** - @MaterialsProvider: (MaterialsProviderV2) Provides Cek, Iv, and Cek* encrypting/decrypting for encryption metadata.* - @CipherOptions: (array) Cipher options for encrypting data. A Cipher* is required. Accepts the following options:* - Cipher: (string) gcm* See also: AbstractCryptoClientV2::$supportedCiphers* - KeySize: (int) 128|256* See also: MaterialsProvider::$supportedKeySizes* - Aad: (string) Additional authentication data. This option is* passed directly to OpenSSL when using gcm.* - @KmsEncryptionContext: (array) Only required if using* KmsMaterialsProviderV2. An associative array of key-value* pairs to be added to the encryption context for KMS key encryption. An* empty array may be passed if no additional context is desired.* - bucket: (string) Name of the bucket to which the object is* being uploaded.* - key: (string) Key to use for the object being uploaded.** The optional configuration arguments are as follows:** - @MetadataStrategy: (MetadataStrategy|string|null) Strategy for storing* MetadataEnvelope information. Defaults to using a* HeadersMetadataStrategy. Can either be a class implementing* MetadataStrategy, a class name of a predefined strategy, or empty/null* to default.* - @InstructionFileSuffix: (string|null) Suffix used when writing to an* instruction file if an using an InstructionFileMetadataHandler was* determined.* - acl: (string) ACL to set on the object being upload. Objects are* private by default.* - before_complete: (callable) Callback to invoke before the* `CompleteMultipartUpload` operation. The callback should have a* function signature like `function (Aws\Command $command) {...}`.* - before_initiate: (callable) Callback to invoke before the* `CreateMultipartUpload` operation. The callback should have a function* signature like `function (Aws\Command $command) {...}`.* - before_upload: (callable) Callback to invoke before any `UploadPart`* operations. The callback should have a function signature like* `function (Aws\Command $command) {...}`.* - concurrency: (int, default=int(5)) Maximum number of concurrent* `UploadPart` operations allowed during the multipart upload.* - params: (array) An array of key/value parameters that will be applied* to each of the sub-commands run by the uploader as a base.* Auto-calculated options will override these parameters. If you need* more granularity over parameters to each sub-command, use the before_** options detailed above to update the commands directly.* - part_size: (int, default=int(5242880)) Part size, in bytes, to use when* doing a multipart upload. This must between 5 MB and 5 GB, inclusive.* - state: (Aws\Multipart\UploadState) An object that represents the state* of the multipart upload and that is used to resume a previous upload.* When this option is provided, the `bucket`, `key`, and `part_size`* options are ignored.** @param S3ClientInterface $client Client used for the upload.* @param mixed $source Source of the data to upload.* @param array $config Configuration used to perform the upload.*/public function __construct(S3ClientInterface $client,$source,array $config = []) {$this->appendUserAgent($client, 'feat/s3-encrypt/' . self::CRYPTO_VERSION);$this->client = $client;$config['params'] = [];if (!empty($config['bucket'])) {$config['params']['Bucket'] = $config['bucket'];}if (!empty($config['key'])) {$config['params']['Key'] = $config['key'];}$this->provider = $this->getMaterialsProvider($config);unset($config['@MaterialsProvider']);$this->instructionFileSuffix = $this->getInstructionFileSuffix($config);unset($config['@InstructionFileSuffix']);$this->strategy = $this->getMetadataStrategy($config,$this->instructionFileSuffix);if ($this->strategy === null) {$this->strategy = self::getDefaultStrategy();}unset($config['@MetadataStrategy']);$config['prepare_data_source'] = $this->getEncryptingDataPreparer();parent::__construct($client, $source, $config);}private static function getDefaultStrategy(){return new HeadersMetadataStrategy();}private function getEncryptingDataPreparer(){return function() {// Defer encryption work until promise is executed$envelope = new MetadataEnvelope();list($this->source, $params) = Promise\Create::promiseFor($this->encrypt($this->source,$this->config ?: [],$this->provider,$envelope))->then(function ($bodyStream) use ($envelope) {$params = $this->strategy->save($envelope,$this->config['params']);return [$bodyStream, $params];})->wait();$this->source->rewind();$this->config['params'] = $params;};}}