aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/sabre/http/lib/Auth/AWS.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2019-12-04 10:25:11 +0000
committerMario <mario@mariovavti.com>2019-12-04 10:25:11 +0000
commitbde429cff649237984903a252ba1a718e6d74f53 (patch)
treeb2b2570159cfb37689e6ce3b96c3b1b988d676cc /vendor/sabre/http/lib/Auth/AWS.php
parentcc9f41df5f83bcab435d6fb941b5a8f5b1457037 (diff)
parent4c8d33d1eb2a804aa70a7bc677d6c73d0d94816b (diff)
downloadvolse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.tar.gz
volse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.tar.bz2
volse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.zip
Merge branch '4.6RC'4.6
Diffstat (limited to 'vendor/sabre/http/lib/Auth/AWS.php')
-rw-r--r--vendor/sabre/http/lib/Auth/AWS.php134
1 files changed, 60 insertions, 74 deletions
diff --git a/vendor/sabre/http/lib/Auth/AWS.php b/vendor/sabre/http/lib/Auth/AWS.php
index 5e176646a..ffda3cf15 100644
--- a/vendor/sabre/http/lib/Auth/AWS.php
+++ b/vendor/sabre/http/lib/Auth/AWS.php
@@ -1,11 +1,13 @@
<?php
+declare(strict_types=1);
+
namespace Sabre\HTTP\Auth;
-use Sabre\HTTP\Util;
+use Sabre\HTTP;
/**
- * HTTP AWS Authentication handler
+ * HTTP AWS Authentication handler.
*
* Use this class to leverage amazon's AWS authentication header
*
@@ -13,24 +15,24 @@ use Sabre\HTTP\Util;
* @author Evert Pot (http://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
-class AWS extends AbstractAuth {
-
+class AWS extends AbstractAuth
+{
/**
- * The signature supplied by the HTTP client
+ * The signature supplied by the HTTP client.
*
* @var string
*/
private $signature = null;
/**
- * The accesskey supplied by the HTTP client
+ * The accesskey supplied by the HTTP client.
*
* @var string
*/
private $accessKey = null;
/**
- * An error code, if any
+ * An error code, if any.
*
* This value will be filled with one of the ERR_* constants
*
@@ -45,47 +47,45 @@ class AWS extends AbstractAuth {
const ERR_INVALIDSIGNATURE = 5;
/**
- * Gathers all information from the headers
+ * Gathers all information from the headers.
*
* This method needs to be called prior to anything else.
- *
- * @return bool
*/
- function init() {
-
+ public function init(): bool
+ {
$authHeader = $this->request->getHeader('Authorization');
+
+ if (null === $authHeader) {
+ $this->errorCode = self::ERR_NOAWSHEADER;
+
+ return false;
+ }
$authHeader = explode(' ', $authHeader);
- if ($authHeader[0] != 'AWS' || !isset($authHeader[1])) {
+ if ('AWS' !== $authHeader[0] || !isset($authHeader[1])) {
$this->errorCode = self::ERR_NOAWSHEADER;
- return false;
+
+ return false;
}
list($this->accessKey, $this->signature) = explode(':', $authHeader[1]);
return true;
-
}
/**
- * Returns the username for the request
- *
- * @return string
+ * Returns the username for the request.
*/
- function getAccessKey() {
-
+ public function getAccessKey(): string
+ {
return $this->accessKey;
-
}
/**
- * Validates the signature based on the secretKey
- *
- * @param string $secretKey
- * @return bool
+ * Validates the signature based on the secretKey.
*/
- function validate($secretKey) {
-
+ public function validate(string $secretKey): bool
+ {
$contentMD5 = $this->request->getHeader('Content-MD5');
if ($contentMD5) {
@@ -93,57 +93,53 @@ class AWS extends AbstractAuth {
$body = $this->request->getBody();
$this->request->setBody($body);
- if ($contentMD5 != base64_encode(md5($body, true))) {
+ if ($contentMD5 !== base64_encode(md5((string) $body, true))) {
// content-md5 header did not match md5 signature of body
$this->errorCode = self::ERR_MD5CHECKSUMWRONG;
+
return false;
}
-
}
- if (!$requestDate = $this->request->getHeader('x-amz-date'))
+ if (!$requestDate = $this->request->getHeader('x-amz-date')) {
$requestDate = $this->request->getHeader('Date');
+ }
- if (!$this->validateRFC2616Date($requestDate))
+ if (!$this->validateRFC2616Date((string) $requestDate)) {
return false;
+ }
$amzHeaders = $this->getAmzHeaders();
$signature = base64_encode(
$this->hmacsha1($secretKey,
- $this->request->getMethod() . "\n" .
- $contentMD5 . "\n" .
- $this->request->getHeader('Content-type') . "\n" .
- $requestDate . "\n" .
- $amzHeaders .
+ $this->request->getMethod()."\n".
+ $contentMD5."\n".
+ $this->request->getHeader('Content-type')."\n".
+ $requestDate."\n".
+ $amzHeaders.
$this->request->getUrl()
)
);
- if ($this->signature != $signature) {
-
+ if ($this->signature !== $signature) {
$this->errorCode = self::ERR_INVALIDSIGNATURE;
- return false;
+ return false;
}
return true;
-
}
-
/**
- * Returns an HTTP 401 header, forcing login
+ * Returns an HTTP 401 header, forcing login.
*
* This should be called when username and password are incorrect, or not supplied at all
- *
- * @return void
*/
- function requireLogin() {
-
+ public function requireLogin()
+ {
$this->response->addHeader('WWW-Authenticate', 'AWS');
$this->response->setStatus(401);
-
}
/**
@@ -154,17 +150,15 @@ class AWS extends AbstractAuth {
*
* This function also makes sure the Date header is within 15 minutes of the operating
* system date, to prevent replay attacks.
- *
- * @param string $dateHeader
- * @return bool
*/
- protected function validateRFC2616Date($dateHeader) {
-
- $date = Util::parseHTTPDate($dateHeader);
+ protected function validateRFC2616Date(string $dateHeader): bool
+ {
+ $date = HTTP\parseDate($dateHeader);
// Unknown format
if (!$date) {
$this->errorCode = self::ERR_INVALIDDATEFORMAT;
+
return false;
}
@@ -174,47 +168,40 @@ class AWS extends AbstractAuth {
// We allow 15 minutes around the current date/time
if ($date > $max || $date < $min) {
$this->errorCode = self::ERR_REQUESTTIMESKEWED;
+
return false;
}
- return $date;
-
+ return true;
}
/**
- * Returns a list of AMZ headers
- *
- * @return string
+ * Returns a list of AMZ headers.
*/
- protected function getAmzHeaders() {
-
+ protected function getAmzHeaders(): string
+ {
$amzHeaders = [];
$headers = $this->request->getHeaders();
foreach ($headers as $headerName => $headerValue) {
- if (strpos(strtolower($headerName), 'x-amz-') === 0) {
- $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0]) . "\n";
+ if (0 === strpos(strtolower($headerName), 'x-amz-')) {
+ $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0])."\n";
}
}
ksort($amzHeaders);
$headerStr = '';
foreach ($amzHeaders as $h => $v) {
- $headerStr .= $h . ':' . $v;
+ $headerStr .= $h.':'.$v;
}
return $headerStr;
-
}
/**
- * Generates an HMAC-SHA1 signature
- *
- * @param string $key
- * @param string $message
- * @return string
+ * Generates an HMAC-SHA1 signature.
*/
- private function hmacsha1($key, $message) {
-
+ private function hmacsha1(string $key, string $message): string
+ {
if (function_exists('hash_hmac')) {
return hash_hmac('sha1', $message, $key, true);
}
@@ -226,9 +213,8 @@ class AWS extends AbstractAuth {
$key = str_pad($key, $blocksize, chr(0x00));
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
- $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message))));
- return $hmac;
+ $hmac = pack('H*', sha1(($key ^ $opad).pack('H*', sha1(($key ^ $ipad).$message))));
+ return $hmac;
}
-
}