63 lines
2.4 KiB
PHP
63 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace UglyRobot\Infinite_Uploads\Aws\S3;
|
|
|
|
use UglyRobot\Infinite_Uploads\Aws\CommandInterface;
|
|
use UglyRobot\Infinite_Uploads\Psr\Http\Message\RequestInterface;
|
|
/**
|
|
* Simplifies the SSE-C process by encoding and hashing the key.
|
|
* @internal
|
|
*/
|
|
class SSECMiddleware
|
|
{
|
|
private $endpointScheme;
|
|
private $nextHandler;
|
|
/**
|
|
* Provide the URI scheme of the client sending requests.
|
|
*
|
|
* @param string $endpointScheme URI scheme (http/https).
|
|
*
|
|
* @return callable
|
|
*/
|
|
public static function wrap($endpointScheme)
|
|
{
|
|
return function (callable $handler) use($endpointScheme) {
|
|
return new self($endpointScheme, $handler);
|
|
};
|
|
}
|
|
public function __construct($endpointScheme, callable $nextHandler)
|
|
{
|
|
$this->nextHandler = $nextHandler;
|
|
$this->endpointScheme = $endpointScheme;
|
|
}
|
|
public function __invoke(\UglyRobot\Infinite_Uploads\Aws\CommandInterface $command, \UglyRobot\Infinite_Uploads\Psr\Http\Message\RequestInterface $request = null)
|
|
{
|
|
// Allows only HTTPS connections when using SSE-C
|
|
if (($command['SSECustomerKey'] || $command['CopySourceSSECustomerKey']) && $this->endpointScheme !== 'https') {
|
|
throw new \RuntimeException('You must configure your S3 client to ' . 'use HTTPS in order to use the SSE-C features.');
|
|
}
|
|
// Prepare the normal SSE-CPK headers
|
|
if ($command['SSECustomerKey']) {
|
|
$this->prepareSseParams($command);
|
|
}
|
|
// If it's a copy operation, prepare the SSE-CPK headers for the source.
|
|
if ($command['CopySourceSSECustomerKey']) {
|
|
$this->prepareSseParams($command, 'CopySource');
|
|
}
|
|
$f = $this->nextHandler;
|
|
return $f($command, $request);
|
|
}
|
|
private function prepareSseParams(\UglyRobot\Infinite_Uploads\Aws\CommandInterface $command, $prefix = '')
|
|
{
|
|
// Base64 encode the provided key
|
|
$key = $command[$prefix . 'SSECustomerKey'];
|
|
$command[$prefix . 'SSECustomerKey'] = base64_encode($key);
|
|
// Base64 the provided MD5 or, generate an MD5 if not provided
|
|
if ($md5 = $command[$prefix . 'SSECustomerKeyMD5']) {
|
|
$command[$prefix . 'SSECustomerKeyMD5'] = base64_encode($md5);
|
|
} else {
|
|
$command[$prefix . 'SSECustomerKeyMD5'] = base64_encode(md5($key, true));
|
|
}
|
|
}
|
|
}
|