diff options
author | Mario <mario@mariovavti.com> | 2019-12-04 10:25:11 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2019-12-04 10:25:11 +0000 |
commit | bde429cff649237984903a252ba1a718e6d74f53 (patch) | |
tree | b2b2570159cfb37689e6ce3b96c3b1b988d676cc /vendor/sabre/http/lib/Auth/AWS.php | |
parent | cc9f41df5f83bcab435d6fb941b5a8f5b1457037 (diff) | |
parent | 4c8d33d1eb2a804aa70a7bc677d6c73d0d94816b (diff) | |
download | volse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.tar.gz volse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.tar.bz2 volse-hubzilla-bde429cff649237984903a252ba1a718e6d74f53.zip |
Merge branch '4.6RC'4.6
Diffstat (limited to 'vendor/sabre/http/lib/Auth/AWS.php')
-rw-r--r-- | vendor/sabre/http/lib/Auth/AWS.php | 134 |
1 files changed, 60 insertions, 74 deletions
diff --git a/vendor/sabre/http/lib/Auth/AWS.php b/vendor/sabre/http/lib/Auth/AWS.php index 5e176646a..ffda3cf15 100644 --- a/vendor/sabre/http/lib/Auth/AWS.php +++ b/vendor/sabre/http/lib/Auth/AWS.php @@ -1,11 +1,13 @@ <?php +declare(strict_types=1); + namespace Sabre\HTTP\Auth; -use Sabre\HTTP\Util; +use Sabre\HTTP; /** - * HTTP AWS Authentication handler + * HTTP AWS Authentication handler. * * Use this class to leverage amazon's AWS authentication header * @@ -13,24 +15,24 @@ use Sabre\HTTP\Util; * @author Evert Pot (http://evertpot.com/) * @license http://sabre.io/license/ Modified BSD License */ -class AWS extends AbstractAuth { - +class AWS extends AbstractAuth +{ /** - * The signature supplied by the HTTP client + * The signature supplied by the HTTP client. * * @var string */ private $signature = null; /** - * The accesskey supplied by the HTTP client + * The accesskey supplied by the HTTP client. * * @var string */ private $accessKey = null; /** - * An error code, if any + * An error code, if any. * * This value will be filled with one of the ERR_* constants * @@ -45,47 +47,45 @@ class AWS extends AbstractAuth { const ERR_INVALIDSIGNATURE = 5; /** - * Gathers all information from the headers + * Gathers all information from the headers. * * This method needs to be called prior to anything else. - * - * @return bool */ - function init() { - + public function init(): bool + { $authHeader = $this->request->getHeader('Authorization'); + + if (null === $authHeader) { + $this->errorCode = self::ERR_NOAWSHEADER; + + return false; + } $authHeader = explode(' ', $authHeader); - if ($authHeader[0] != 'AWS' || !isset($authHeader[1])) { + if ('AWS' !== $authHeader[0] || !isset($authHeader[1])) { $this->errorCode = self::ERR_NOAWSHEADER; - return false; + + return false; } list($this->accessKey, $this->signature) = explode(':', $authHeader[1]); return true; - } /** - * Returns the username for the request - * - * @return string + * Returns the username for the request. */ - function getAccessKey() { - + public function getAccessKey(): string + { return $this->accessKey; - } /** - * Validates the signature based on the secretKey - * - * @param string $secretKey - * @return bool + * Validates the signature based on the secretKey. */ - function validate($secretKey) { - + public function validate(string $secretKey): bool + { $contentMD5 = $this->request->getHeader('Content-MD5'); if ($contentMD5) { @@ -93,57 +93,53 @@ class AWS extends AbstractAuth { $body = $this->request->getBody(); $this->request->setBody($body); - if ($contentMD5 != base64_encode(md5($body, true))) { + if ($contentMD5 !== base64_encode(md5((string) $body, true))) { // content-md5 header did not match md5 signature of body $this->errorCode = self::ERR_MD5CHECKSUMWRONG; + return false; } - } - if (!$requestDate = $this->request->getHeader('x-amz-date')) + if (!$requestDate = $this->request->getHeader('x-amz-date')) { $requestDate = $this->request->getHeader('Date'); + } - if (!$this->validateRFC2616Date($requestDate)) + if (!$this->validateRFC2616Date((string) $requestDate)) { return false; + } $amzHeaders = $this->getAmzHeaders(); $signature = base64_encode( $this->hmacsha1($secretKey, - $this->request->getMethod() . "\n" . - $contentMD5 . "\n" . - $this->request->getHeader('Content-type') . "\n" . - $requestDate . "\n" . - $amzHeaders . + $this->request->getMethod()."\n". + $contentMD5."\n". + $this->request->getHeader('Content-type')."\n". + $requestDate."\n". + $amzHeaders. $this->request->getUrl() ) ); - if ($this->signature != $signature) { - + if ($this->signature !== $signature) { $this->errorCode = self::ERR_INVALIDSIGNATURE; - return false; + return false; } return true; - } - /** - * Returns an HTTP 401 header, forcing login + * Returns an HTTP 401 header, forcing login. * * This should be called when username and password are incorrect, or not supplied at all - * - * @return void */ - function requireLogin() { - + public function requireLogin() + { $this->response->addHeader('WWW-Authenticate', 'AWS'); $this->response->setStatus(401); - } /** @@ -154,17 +150,15 @@ class AWS extends AbstractAuth { * * This function also makes sure the Date header is within 15 minutes of the operating * system date, to prevent replay attacks. - * - * @param string $dateHeader - * @return bool */ - protected function validateRFC2616Date($dateHeader) { - - $date = Util::parseHTTPDate($dateHeader); + protected function validateRFC2616Date(string $dateHeader): bool + { + $date = HTTP\parseDate($dateHeader); // Unknown format if (!$date) { $this->errorCode = self::ERR_INVALIDDATEFORMAT; + return false; } @@ -174,47 +168,40 @@ class AWS extends AbstractAuth { // We allow 15 minutes around the current date/time if ($date > $max || $date < $min) { $this->errorCode = self::ERR_REQUESTTIMESKEWED; + return false; } - return $date; - + return true; } /** - * Returns a list of AMZ headers - * - * @return string + * Returns a list of AMZ headers. */ - protected function getAmzHeaders() { - + protected function getAmzHeaders(): string + { $amzHeaders = []; $headers = $this->request->getHeaders(); foreach ($headers as $headerName => $headerValue) { - if (strpos(strtolower($headerName), 'x-amz-') === 0) { - $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0]) . "\n"; + if (0 === strpos(strtolower($headerName), 'x-amz-')) { + $amzHeaders[strtolower($headerName)] = str_replace(["\r\n"], [' '], $headerValue[0])."\n"; } } ksort($amzHeaders); $headerStr = ''; foreach ($amzHeaders as $h => $v) { - $headerStr .= $h . ':' . $v; + $headerStr .= $h.':'.$v; } return $headerStr; - } /** - * Generates an HMAC-SHA1 signature - * - * @param string $key - * @param string $message - * @return string + * Generates an HMAC-SHA1 signature. */ - private function hmacsha1($key, $message) { - + private function hmacsha1(string $key, string $message): string + { if (function_exists('hash_hmac')) { return hash_hmac('sha1', $message, $key, true); } @@ -226,9 +213,8 @@ class AWS extends AbstractAuth { $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); - $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message)))); - return $hmac; + $hmac = pack('H*', sha1(($key ^ $opad).pack('H*', sha1(($key ^ $ipad).$message)))); + return $hmac; } - } |