/usr/share/php/Aws/CloudFront/UrlSigner.php is in php-aws-sdk 3.15.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | <?php
namespace Aws\CloudFront;
use GuzzleHttp\Psr7;
use GuzzleHttp\Psr7\Uri;
use Psr\Http\Message\UriInterface;
/**
* Creates signed URLs for Amazon CloudFront resources.
*/
class UrlSigner
{
private $signer;
/**
* @param $keyPairId string ID of the key pair
* @param $privateKey string Path to the private key used for signing
*
* @throws \RuntimeException if the openssl extension is missing
* @throws \InvalidArgumentException if the private key cannot be found.
*/
public function __construct($keyPairId, $privateKey)
{
$this->signer = new Signer($keyPairId, $privateKey);
}
/**
* Create a signed Amazon CloudFront URL.
*
* Keep in mind that URLs meant for use in media/flash players may have
* different requirements for URL formats (e.g. some require that the
* extension be removed, some require the file name to be prefixed
* - mp4:<path>, some require you to add "/cfx/st" into your URL).
*
* @param string $url URL to sign (can include query
* string string and wildcards)
* @param string|integer|null $expires UTC Unix timestamp used when signing
* with a canned policy. Not required
* when passing a custom $policy.
* @param string $policy JSON policy. Use this option when
* creating a signed URL for a custom
* policy.
*
* @return string The file URL with authentication parameters
* @throws \InvalidArgumentException if the URL provided is invalid
* @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WorkingWithStreamingDistributions.html
*/
public function getSignedUrl($url, $expires = null, $policy = null)
{
// Determine the scheme of the url
$urlSections = explode('://', $url);
if (count($urlSections) < 2) {
throw new \InvalidArgumentException("Invalid URL: {$url}");
}
// Get the real scheme by removing wildcards from the scheme
$scheme = str_replace('*', '', $urlSections[0]);
$uri = new Uri($scheme . '://' . $urlSections[1]);
$query = Psr7\parse_query($uri->getQuery(), PHP_QUERY_RFC3986);
$signature = $this->signer->getSignature(
$this->createResource($scheme, (string) $uri),
$expires,
$policy
);
$uri = $uri->withQuery(
http_build_query($query + $signature, null, '&', PHP_QUERY_RFC3986)
);
return $scheme === 'rtmp'
? $this->createRtmpUrl($uri)
: (string) $uri;
}
private function createRtmpUrl(UriInterface $uri)
{
// Use a relative URL when creating Flash player URLs
$result = ltrim($uri->getPath(), '/');
if ($query = $uri->getQuery()) {
$result .= '?' . $query;
}
return $result;
}
/**
* @param $scheme
* @param $url
*
* @return string
*/
private function createResource($scheme, $url)
{
switch ($scheme) {
case 'http':
case 'http*':
case 'https':
return $url;
case 'rtmp':
$parts = parse_url($url);
$pathParts = pathinfo($parts['path']);
$resource = ltrim(
$pathParts['dirname'] . '/' . $pathParts['basename'],
'/'
);
// Add a query string if present.
if (isset($parts['query'])) {
$resource .= "?{$parts['query']}";
}
return $resource;
}
throw new \InvalidArgumentException("Invalid URI scheme: {$scheme}. "
. "Scheme must be one of: http, https, or rtmp");
}
}
|