1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
security_service_s3.php
См. документацию.
1<?php
2IncludeModuleLangFile(__FILE__);
3
7class CCloudSecurityService_AmazonS3
8{
9 protected $status = 0;
10 protected $headers = [];
11 protected $error = false;
12 protected $result = '';
13
14 public function GetLastRequestStatus()
15 {
16 return $this->status;
17 }
18
19 public static function GetObject()
20 {
21 return new CCloudSecurityService_AmazonS3();
22 }
23
24 public function GetID()
25 {
26 return 'amazon_sts';
27 }
28
29 public function GetName()
30 {
31 return 'AWS Security Token Service';
32 }
33
34 public function GetDefaultBucketControlPolicy($bucket, $prefix)
35 {
36 return [
37 'Statement' => [
38 [
39 'Effect' => 'Allow',
40 'Action' => [
41 's3:DeleteObject',
42 's3:GetObject',
43 's3:PutObject',
44 's3:PutObjectAcl'
45 ],
46 'Resource' => 'arn:aws:s3:::' . $bucket . '/' . $prefix . '/*',
47 ],
48 [
49 'Effect' => 'Allow',
50 'Action' => [
51 's3:ListBucket'
52 ],
53 'Resource' => 'arn:aws:s3:::' . $bucket,
54 'Condition' => [
55 'StringLike' => [
56 's3:prefix' => $prefix . '/*'
57 ],
58 ],
59 ],
60 ],
61 ];
62 }
63
64 public function GetFederationToken($arBucket, $Policy, $Name, $DurationSeconds = 129600/*36h*/)
65 {
66 $response = $this->SendRequest(
67 $arBucket['SETTINGS']['ACCESS_KEY'],
68 $arBucket['SETTINGS']['SECRET_KEY'],
69 'GET',
70 $arBucket['BUCKET'],
71 '/',
72 [
73 'Action' => 'GetFederationToken',
74 'DurationSeconds' => intval($DurationSeconds),
75 'Name' => $Name,
76 'Policy' => $this->PhpToJSObject($Policy),
77 ]
78 );
79
80 if (
81 is_array($response)
82 && isset($response['GetFederationTokenResponse'])
83 && is_array($response['GetFederationTokenResponse'])
84 && isset($response['GetFederationTokenResponse']['#'])
85 && is_array($response['GetFederationTokenResponse']['#'])
86 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'])
87 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'])
88 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0])
89 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0])
90 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#'])
91 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#'])
92 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'])
93 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'])
94 )
95 {
96 $Credentials = $response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'];
97
98 if (
99 isset($Credentials[0])
100 && is_array($Credentials[0])
101 && isset($Credentials[0]['#'])
102 && is_array($Credentials[0]['#'])
103 && isset($Credentials[0]['#']['SessionToken'])
104 && is_array($Credentials[0]['#']['SessionToken'])
105 && isset($Credentials[0]['#']['SessionToken'][0])
106 && is_array($Credentials[0]['#']['SessionToken'][0])
107 && isset($Credentials[0]['#']['SessionToken'][0]['#'])
108 )
109 {
110 $SessionToken = $Credentials[0]['#']['SessionToken'][0]['#'];
111 }
112 else
113 {
114 return 1;
115 }
116
117 if (
118 isset($Credentials[0])
119 && is_array($Credentials[0])
120 && isset($Credentials[0]['#'])
121 && is_array($Credentials[0]['#'])
122 && isset($Credentials[0]['#']['SecretAccessKey'])
123 && is_array($Credentials[0]['#']['SecretAccessKey'])
124 && isset($Credentials[0]['#']['SecretAccessKey'][0])
125 && is_array($Credentials[0]['#']['SecretAccessKey'][0])
126 && isset($Credentials[0]['#']['SecretAccessKey'][0]['#'])
127 )
128 {
129 $SecretAccessKey = $Credentials[0]['#']['SecretAccessKey'][0]['#'];
130 }
131 else
132 {
133 return 2;
134 }
135
136 if (
137 isset($Credentials[0])
138 && is_array($Credentials[0])
139 && isset($Credentials[0]['#'])
140 && is_array($Credentials[0]['#'])
141 && isset($Credentials[0]['#']['AccessKeyId'])
142 && is_array($Credentials[0]['#']['AccessKeyId'])
143 && isset($Credentials[0]['#']['AccessKeyId'][0])
144 && is_array($Credentials[0]['#']['AccessKeyId'][0])
145 && isset($Credentials[0]['#']['AccessKeyId'][0]['#'])
146 )
147 {
148 $AccessKeyId = $Credentials[0]['#']['AccessKeyId'][0]['#'];
149 }
150 else
151 {
152 return 3;
153 }
154
155 return [
156 'ACCESS_KEY' => $AccessKeyId,
157 'SECRET_KEY' => $SecretAccessKey,
158 'SESSION_TOKEN' => $SessionToken,
159 ];
160 }
161 else
162 {
163 return false;
164 }
165 }
166
167 public function SendRequest($access_key, $secret_key, $verb, $bucket, $file_name='/', $params='')
168 {
169 global $APPLICATION;
170 $this->status = 0;
171
172 $params['SignatureVersion'] = 2;
173 $params['SignatureMethod'] = 'HmacSHA1';
174 $params['AWSAccessKeyId'] = $access_key;
175 $params['Version'] = '2011-06-15';
176
177 $retry_count = COption::GetOptionInt('clouds', 'aws_security_service_retry_count');
178 $retry_timeout = COption::GetOptionInt('clouds', 'aws_security_service_retry_timeout');
179 do
180 {
181 $time = time();
182 $params['Timestamp'] = gmdate('Y-m-d', $time) . 'T' . gmdate('H:i:s', $time);
183
184 $RequestMethod = $verb;
185 $RequestHost = 'sts.amazonaws.com';
186 $RequestURI = '/';
187 $RequestParams = '';
188
189 ksort($params);
190 foreach ($params as $name => $value)
191 {
192 if ($RequestParams !== '')
193 {
194 $RequestParams .= '&';
195 }
196 $RequestParams .= urlencode($name) . '=' . urlencode($value);
197 }
198
199 $StringToSign = $RequestMethod . "\n"
200 . $RequestHost . "\n"
201 . $RequestURI . "\n"
202 . $RequestParams
203 ;
204 $Signature = urlencode(base64_encode($this->hmacsha1($StringToSign, $secret_key)));
205
206 $request = new Bitrix\Main\Web\HttpClient();
207 $is_ok = $request->query($RequestMethod, 'https://' . $RequestHost . $RequestURI . '?' . $RequestParams . '&Signature=' . $Signature);
208 if ($is_ok)
209 {
210 break;
211 }
212
213 $retry_count--;
214 sleep($retry_timeout);
215 }
216 while ((!$is_ok) && ($retry_count >= 0));
217
218 $this->result = $request->getResult();
219 $this->status = $request->getStatus();
220 $this->headers = $request->getHeaders();
221 $this->error = $request->getError();
222
223 if ($this->status == 200)
224 {
225 if ($this->result)
226 {
227 $obXML = new CDataXML;
228 $text = preg_replace('/<' . '\\?XML.*?\\?' . '>/i', '', $this->result);
229 if ($obXML->LoadString($text))
230 {
231 $arXML = $obXML->GetArray();
232 if (is_array($arXML))
233 {
234 return $arXML;
235 }
236 }
237 //XML parse error
238 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_S3_XML_PARSE_ERROR', ['#errno#' => 1]));
239 return false;
240 }
241 else
242 {
243 //Empty success result
244 return [];
245 }
246 }
247 elseif ($this->status > 0)
248 {
249 if ($this->result)
250 {
251 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_S3_XML_ERROR', ['#errmsg#' => $this->result]));
252 return false;
253 }
254 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_S3_XML_PARSE_ERROR', ['#errno#' => 2]));
255 return false;
256 }
257 else
258 {
259 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_S3_XML_PARSE_ERROR', ['#errno#' => 3]));
260 return false;
261 }
262 }
263
264 public function hmacsha1($data, $key)
265 {
266 if (mb_strlen($key) > 64)
267 {
268 $key = pack('H*', sha1($key));
269 }
270 $key = str_pad($key, 64, chr(0x00));
271 $ipad = str_repeat(chr(0x36), 64);
272 $opad = str_repeat(chr(0x5c), 64);
273 $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $data))));
274 return $hmac;
275 }
276
277 public function PhpToJSObject($arData, $bWS = false, $bSkipTilda = false)
278 {
279 static $aSearch = ["\r", "\n"];
280 if (is_array($arData))
281 {
282 if ($arData == array_values($arData))
283 {
284 foreach ($arData as $key => $value)
285 {
286 if (is_array($value))
287 {
288 $arData[$key] = $this->PhpToJSObject($value, $bWS, $bSkipTilda);
289 }
290 elseif (is_bool($value))
291 {
292 if ($value === true)
293 {
294 $arData[$key] = 'true';
295 }
296 else
297 {
298 $arData[$key] = 'false';
299 }
300 }
301 else
302 {
303 if (preg_match("#['\"\\n\\r<\\\\]#", $value))
304 {
305 $arData[$key] = '"' . CUtil::JSEscape($value) . '"';
306 }
307 else
308 {
309 $arData[$key] = '"' . $value . '"';
310 }
311 }
312 }
313 return '[' . implode(',', $arData) . ']';
314 }
315
316 $sWS = ',' . ($bWS ? "\n" : '');
317 $res = ($bWS ? "\n" : '') . '{';
318 $first = true;
319 foreach ($arData as $key => $value)
320 {
321 if ($bSkipTilda && mb_substr($key, 0, 1) === '~')
322 {
323 continue;
324 }
325
326 if ($first)
327 {
328 $first = false;
329 }
330 else
331 {
332 $res .= $sWS;
333 }
334
335 if (preg_match("#['\"\\n\\r<\\\\]#", $key))
336 {
337 $res .= '"' . str_replace($aSearch, '', CUtil::JSEscape($key)) . '":';
338 }
339 else
340 {
341 $res .= '"' . $key . '":';
342 }
343
344 if (is_array($value))
345 {
346 $res .= $this->PhpToJSObject($value, $bWS, $bSkipTilda);
347 }
348 elseif (is_bool($value))
349 {
350 if ($value === true)
351 {
352 $res .= 'true';
353 }
354 else
355 {
356 $res .= 'false';
357 }
358 }
359 else
360 {
361 if (preg_match("#['\"\\n\\r<\\\\]#", $value))
362 {
363 $res .= '"' . CUtil::JSEscape($value) . '"';
364 }
365 else
366 {
367 $res .= '"' . $value . '"';
368 }
369 }
370 }
371 $res .= ($bWS ? "\n" : '') . '}';
372
373 return $res;
374 }
375 elseif (is_bool($arData))
376 {
377 if ($arData === true)
378 {
379 return 'true';
380 }
381 else
382 {
383 return 'false';
384 }
385 }
386 else
387 {
388 if (preg_match("#['\"\\n\\r<\\\\]#", $arData))
389 {
390 return '"' . CUtil::JSEscape($arData) . '"';
391 }
392 else
393 {
394 return '"' . $arData . '"';
395 }
396 }
397 }
398}
$first
if(isset( $_REQUEST["mode"]) &&$_REQUEST["mode"]=="ajax") if(isset($_REQUEST["mode"]) && $_REQUEST["mode"]=="save_lru" &&check_bitrix_sessid()) $first
Определения access_dialog.php:54
$APPLICATION
global $APPLICATION
Определения include.php:80
$request
if(!Loader::includeModule('catalog')) if(!AccessController::getCurrent() ->check(ActionDictionary::ACTION_PRICE_EDIT)) if(!check_bitrix_sessid()) $request
Определения catalog_reindex.php:36
CCloudSecurityService_AmazonS3
Определения security_service_s3.php:8
CCloudSecurityService_AmazonS3\$result
$result
Определения security_service_s3.php:12
CCloudSecurityService_AmazonS3\hmacsha1
hmacsha1($data, $key)
Определения security_service_s3.php:264
CCloudSecurityService_AmazonS3\GetDefaultBucketControlPolicy
GetDefaultBucketControlPolicy($bucket, $prefix)
Определения security_service_s3.php:34
CCloudSecurityService_AmazonS3\$headers
$headers
Определения security_service_s3.php:10
CCloudSecurityService_AmazonS3\$status
$status
Определения security_service_s3.php:9
CCloudSecurityService_AmazonS3\GetName
GetName()
Определения security_service_s3.php:29
CCloudSecurityService_AmazonS3\GetObject
static GetObject()
Определения security_service_s3.php:19
CCloudSecurityService_AmazonS3\SendRequest
SendRequest($access_key, $secret_key, $verb, $bucket, $file_name='/', $params='')
Определения security_service_s3.php:167
CCloudSecurityService_AmazonS3\GetFederationToken
GetFederationToken($arBucket, $Policy, $Name, $DurationSeconds=129600)
Определения security_service_s3.php:64
CCloudSecurityService_AmazonS3\GetID
GetID()
Определения security_service_s3.php:24
CCloudSecurityService_AmazonS3\$error
$error
Определения security_service_s3.php:11
CCloudSecurityService_AmazonS3\PhpToJSObject
PhpToJSObject($arData, $bWS=false, $bSkipTilda=false)
Определения security_service_s3.php:277
CCloudSecurityService_AmazonS3\GetLastRequestStatus
GetLastRequestStatus()
Определения security_service_s3.php:14
CDataXML
Определения xml.php:396
$data
$data['IS_AVAILABLE']
Определения .description.php:13
$res
$res
Определения filter_act.php:7
IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778
GetMessage
GetMessage($name, $aReplace=null)
Определения tools.php:3397
$name
$name
Определения menu_edit.php:35
$time
$time
Определения payment.php:61
elseif
if( $daysToExpire >=0 &&$daysToExpire< 60 elseif)( $daysToExpire< 0)
Определения prolog_main_admin.php:393
$key
if(empty($signedUserToken)) $key
Определения quickway.php:257
$text
$text
Определения template_pdf.php:79
$params
if($inWords) echo htmlspecialcharsbx(Number2Word_Rus(roundEx($totalVatSum $params['CURRENCY']
Определения template.php:799
$access_key
$access_key
Определения result.php:8
$response
$response
Определения result.php:21