Home Explore Help
Register Sign In
lizhen
/
shuijiao
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7c0375a6c2
Branches Tags
shuijiao
/
vendor
/
qcloud
/
src
/
Sts.php

Sts.php 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. <?php
    2. 

  2. 

  3. class Sts{
    4. 

  4.     // 临时密钥计算样例
    5. 

  5. 

  6.     function _hex2bin($data) {
    7. 

  7.         $len = strlen($data);
    8. 

  8.         return pack("H" . $len, $data);
    9. 

  9.     }
    10. 

  10.     // obj 转 query string
    11. 

  11.     function json2str($obj, $notEncode = false) {
    12. 

  12.         ksort($obj);
    13. 

  13.         $arr = array();
    14. 

  14.         if(!is_array($obj)){
    15. 

  15.             throw new \Exception('$obj must be an array, the actual value is:' . json_encode($obj));
    16. 

  16.         }
    17. 

  17.         foreach ($obj as $key => $val) {
    18. 

  18.             array_push($arr, $key . '=' . ($notEncode ? $val : rawurlencode($val)));
    19. 

  19.         }
    20. 

  20.         return join('&', $arr);
    21. 

  21.     }
    22. 

  22.     // 计算临时密钥用的签名
    23. 

  23.     function getSignature($opt, $key, $method, $config) {
    24. 

  24.         $formatString = $method . $config['domain'] . '/?' . $this->json2str($opt, 1);
    25. 

  25.         $sign = hash_hmac('sha1', $formatString, $key);
    26. 

  26.         $sign = base64_encode($this->_hex2bin($sign));
    27. 

  27.         return $sign;
    28. 

  28.     }
    29. 

  29.     // v2接口的key首字母小写,v3改成大写,此处做了向下兼容
    30. 

  30.     function backwardCompat($result) {
    31. 

  31.         if(!is_array($result)){
    32. 

  32.             throw new \Exception('$result must be an array, the actual value is:' . json_encode($result));
    33. 

  33.         }
    34. 

  34.         $compat = array();
    35. 

  35.         foreach ($result as $key => $value) {
    36. 

  36.             if(is_array($value)) {
    37. 

  37.                 $compat[lcfirst($key)] = $this->backwardCompat($value);
    38. 

  38.             } elseif ($key == 'Token') {
    39. 

  39.                 $compat['sessionToken'] = $value;
    40. 

  40.             } else {
    41. 

  41.                 $compat[lcfirst($key)] = $value;
    42. 

  42.             }
    43. 

  43.         }
    44. 

  44.         return $compat;
    45. 

  45.     }
    46. 

  46.     // 获取临时密钥
    47. 

  47.     function getTempKeys($config) {
    48. 

  48.         $result = null;
    49. 

  49.         try{
    50. 

  50.             if(array_key_exists('policy', $config)){
    51. 

  51.                 $policy = $config['policy'];
    52. 

  52.             }else{
    53. 

  53.                 if(array_key_exists('bucket', $config)){
    54. 

  54.                     $ShortBucketName = substr($config['bucket'],0, strripos($config['bucket'], '-'));
    55. 

  55.                     $AppId = substr($config['bucket'], 1 + strripos($config['bucket'], '-'));
    56. 

  56.                 }else{
    57. 

  57.                     throw new \Exception("bucket== null");
    58. 

  58.                 }
    59. 

  59.                 if(array_key_exists('allowPrefix', $config)){
    60. 

  60.                     if(!(strpos($config['allowPrefix'], '/') === 0)){
    61. 

  61.                         $config['allowPrefix'] = '/' . $config['allowPrefix'];
    62. 

  62.                     }
    63. 

  63.                 }else{
    64. 

  64.                     throw new \Exception("allowPrefix == null");
    65. 

  65.                 }
    66. 

  66.                 if(!array_key_exists('region', $config)) {
    67. 

  67.                     throw new \Exception("region == null");
    68. 

  68.                 }
    69. 

  69.                 $policy = array(
    70. 

  70.                     'version'=> '2.0',
    71. 

  71.                     'statement'=> array(
    72. 

  72.                         array(
    73. 

  73.                             'action'=> $config['allowActions'],
    74. 

  74.                             'effect'=> 'allow',
    75. 

  75.                             'principal'=> array('qcs'=> array('*')),
    76. 

  76.                             'resource'=> array(
    77. 

  77.                                 'qcs::cos:' . $config['region'] . ':uid/' . $AppId . ':' . $config['bucket'] . $config['allowPrefix']
    78. 

  78.                             )
    79. 

  79.                         )
    80. 

  80.                     )
    81. 

  81.                 );
    82. 

  82.             }
    83. 

  83.             $policyStr = str_replace('\\/', '/', json_encode($policy));
    84. 

  84.             $Action = 'GetFederationToken';
    85. 

  85.             $Nonce = rand(10000, 20000);
    86. 

  86.             $Timestamp = time();
    87. 

  87.             $Method = 'POST';
    88. 

  88.             if(array_key_exists('durationSeconds', $config)){
    89. 

  89.                 if(!(is_integer($config['durationSeconds']))){
    90. 

  90.                     throw new \Exception("durationSeconds must be a int type");
    91. 

  91.                 }
    92. 

  92.             }
    93. 

  93. 

  94.             $params = array(
    95. 

  95.                 'SecretId'=> $config['secretId'],
    96. 

  96.                 'Timestamp'=> $Timestamp,
    97. 

  97.                 'Nonce'=> $Nonce,
    98. 

  98.                 'Action'=> $Action,
    99. 

  99.                 'DurationSeconds'=> $config['durationSeconds'],
    100. 

  100.                 'Version'=>'2018-08-13',
    101. 

  101.                 'Name'=> 'cos',
    102. 

  102.                 'Region'=> $config['region'],
    103. 

  103.                 'Policy'=> urlencode($policyStr)
    104. 

  104.             );
    105. 

  105.             $params['Signature'] = $this->getSignature($params, $config['secretKey'], $Method, $config);
    106. 

  106.             $url = $config['url'];
    107. 

  107. 

  108.             $ch = curl_init($url);
    109. 

  109.             if(array_key_exists('proxy', $config)){
    110. 

  110.                 $config['proxy'] && curl_setopt($ch, CURLOPT_PROXY, $config['proxy']);
    111. 

  111.             }
    112. 

  112.             curl_setopt($ch, CURLOPT_HEADER, 0);
    113. 

  113.             curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
    114. 

  114.             curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
    115. 

  115.             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    116. 

  116.             curl_setopt($ch, CURLOPT_POST, 1);
    117. 

  117.             curl_setopt($ch, CURLOPT_POSTFIELDS, $this->json2str($params));
    118. 

  118.             $result = curl_exec($ch);
    119. 

  119.             if(curl_errno($ch)) $result = curl_error($ch);
    120. 

  120.             curl_close($ch);
    121. 

  121.             $result = json_decode($result, 1);
    122. 

  122.             if (isset($result['Response'])) {
    123. 

  123.                 $result = $result['Response'];
    124. 

  124.                 if(isset($result['Error'])){
    125. 

  125.                     throw new \Exception("get cam failed");
    126. 

  126.                 }
    127. 

  127.                 $result['startTime'] = $result['ExpiredTime'] - $config['durationSeconds'];
    128. 

  128.             }
    129. 

  129.             $result = $this->backwardCompat($result);
    130. 

  130.             return $result;
    131. 

  131.         }catch(\Exception $e){
    132. 

  132.             if($result == null){
    133. 

  133.                 $result = "error: " . $e->getMessage();
    134. 

  134.             }else{
    135. 

  135.                 $result = json_encode($result);
    136. 

  136.             }
    137. 

  137.             throw new \Exception($result);
    138. 

  138.         }
    139. 

  139.     }
    140. 

  140. 

  141.     // get policy
    142. 

  142.     function getPolicy($scopes){
    143. 

  143.         if (!is_array($scopes)){
    144. 

  144.             return null;
    145. 

  145.         }
    146. 

  146.         $statements = array();
    147. 

  147. 

  148.         for($i=0, $counts=count($scopes); $i < $counts; $i++){
    149. 

  149.             $actions=array();
    150. 

  150.             $resources = array();
    151. 

  151.             array_push($actions, $scopes[$i]->get_action());
    152. 

  152.             array_push($resources, $scopes[$i]->get_resource());
    153. 

  153. 

  154.             $statement = array(
    155. 

  155.                 'action' => $actions,
    156. 

  156.                 'effect' => $scopes[$i]->get_effect(),
    157. 

  157.                 'resource' => $resources
    158. 

  158.             );
    159. 

  159.             array_push($statements, $statement);
    160. 

  160.         }
    161. 

  161. 

  162.         $policy = array(
    163. 

  163.             'version' => '2.0',
    164. 

  164.             'statement' => $statements
    165. 

  165.         );
    166. 

  166.         return $policy;
    167. 

  167.     }
    168. 

  168. }
    169. 

  169. ?>
    170.