1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
security_service_sts.php
См. документацию.
1<?php
2IncludeModuleLangFile(__FILE__);
3
4class CCloudSecurityService_STS
5{
6 protected $service_host = '';
7 protected $streamTimeout = 5;
8 protected $set_headers = [];
9
10 //Sent request parameters
11 protected $host = '';
12 protected $verb = '';
13 protected $url = '';
14 protected $headers = [];
15 //Recieved response
16 protected $errno = 0;
17 protected $errstr = '';
18 protected $status = 0;
19 protected $result = '';
20
21 public function GetLastRequestStatus()
22 {
23 return $this->status;
24 }
25
26 public static function GetObject()
27 {
28 return new static();
29 }
30
31 public function GetID()
32 {
33 return 's3_sts';
34 }
35
36 public function GetName()
37 {
38 return 'Generic Amazon Security Token Service';
39 }
40
41 public function GetDefaultBucketControlPolicy($bucket, $prefix)
42 {
43 return [
44 'Statement' => [
45 ],
46 ];
47 }
48
49 public function GetFederationToken($arBucket, $Policy, $Name, $DurationSeconds = 129600/*36h*/)
50 {
51 $params = [
52 'Action' => 'GetFederationToken',
53 'Version' => '2011-06-15',
54 'DurationSeconds' => intval($DurationSeconds),
55 'Name' => $Name,
56 'Policy' => json_encode($Policy),
57 ];
58
59 $content = '';
60 ksort($params);
61 foreach ($params as $name => $value)
62 {
63 if ($content !== '')
64 {
65 $content .= '&';
66 }
67 $content .= urlencode($name) . '=' . urlencode($value);
68 }
69
70 $response = $this->SendRequest(
71 CCloudStorage::GetServiceByID($arBucket['SERVICE_ID']),
72 $arBucket['SETTINGS'],
73 'GET',
74 $arBucket['BUCKET'],
75 '/',
76 '?' . $content
77 );
78
79 if (
80 is_array($response)
81 && isset($response['GetFederationTokenResponse'])
82 && is_array($response['GetFederationTokenResponse'])
83 && isset($response['GetFederationTokenResponse']['#'])
84 && is_array($response['GetFederationTokenResponse']['#'])
85 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'])
86 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'])
87 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0])
88 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0])
89 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#'])
90 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#'])
91 && isset($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'])
92 && is_array($response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'])
93 )
94 {
95 $Credentials = $response['GetFederationTokenResponse']['#']['GetFederationTokenResult'][0]['#']['Credentials'];
96
97 if (
98 isset($Credentials[0])
99 && is_array($Credentials[0])
100 && isset($Credentials[0]['#'])
101 && is_array($Credentials[0]['#'])
102 && isset($Credentials[0]['#']['SessionToken'])
103 && is_array($Credentials[0]['#']['SessionToken'])
104 && isset($Credentials[0]['#']['SessionToken'][0])
105 && is_array($Credentials[0]['#']['SessionToken'][0])
106 && isset($Credentials[0]['#']['SessionToken'][0]['#'])
107 )
108 {
109 $SessionToken = $Credentials[0]['#']['SessionToken'][0]['#'];
110 }
111 else
112 {
113 return 1;
114 }
115
116 if (
117 isset($Credentials[0])
118 && is_array($Credentials[0])
119 && isset($Credentials[0]['#'])
120 && is_array($Credentials[0]['#'])
121 && isset($Credentials[0]['#']['SecretAccessKey'])
122 && is_array($Credentials[0]['#']['SecretAccessKey'])
123 && isset($Credentials[0]['#']['SecretAccessKey'][0])
124 && is_array($Credentials[0]['#']['SecretAccessKey'][0])
125 && isset($Credentials[0]['#']['SecretAccessKey'][0]['#'])
126 )
127 {
128 $SecretAccessKey = $Credentials[0]['#']['SecretAccessKey'][0]['#'];
129 }
130 else
131 {
132 return 2;
133 }
134
135 if (
136 isset($Credentials[0])
137 && is_array($Credentials[0])
138 && isset($Credentials[0]['#'])
139 && is_array($Credentials[0]['#'])
140 && isset($Credentials[0]['#']['AccessKeyId'])
141 && is_array($Credentials[0]['#']['AccessKeyId'])
142 && isset($Credentials[0]['#']['AccessKeyId'][0])
143 && is_array($Credentials[0]['#']['AccessKeyId'][0])
144 && isset($Credentials[0]['#']['AccessKeyId'][0]['#'])
145 )
146 {
147 $AccessKeyId = $Credentials[0]['#']['AccessKeyId'][0]['#'];
148 }
149 else
150 {
151 return 3;
152 }
153
154 return [
155 'ACCESS_KEY' => $AccessKeyId,
156 'SECRET_KEY' => $SecretAccessKey,
157 'SESSION_TOKEN' => $SessionToken,
158 'EXPIRATION' => $Credentials[0]['#']['Expiration'][0]['#'] ?? '',
159 ];
160 }
161 else
162 {
163 return false;
164 }
165 }
166
167 public function AssumeRole($arBucket, $Policy, $Name, $DurationSeconds = 43200/*12h*/)
168 {
169 $params = [
170 'Action' => 'AssumeRole',
171 'Version' => '2011-06-15',
172 'RoleArn' => $Name,
173 'RoleSessionName' => 'testexample',
174 'Policy' => json_encode($Policy),
175 'DurationSeconds' => intval($DurationSeconds),
176 ];
177
178 $content = '';
179 ksort($params);
180 foreach ($params as $name => $value)
181 {
182 if ($content !== '')
183 {
184 $content .= '&';
185 }
186 $content .= urlencode($name) . '=' . urlencode($value);
187 }
188
189 $response = $this->SendRequest(
190 CCloudStorage::GetServiceByID($arBucket['SERVICE_ID']),
191 $arBucket['SETTINGS'],
192 'POST',
193 $arBucket['BUCKET'],
194 '/',
195 '',
196 $content,
197 [
198 'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
199 ]
200 );
201
202 if (
203 is_array($response)
204 && isset($response['AssumeRoleResponse'])
205 && is_array($response['AssumeRoleResponse'])
206 && isset($response['AssumeRoleResponse']['#'])
207 && is_array($response['AssumeRoleResponse']['#'])
208 && isset($response['AssumeRoleResponse']['#']['AssumeRoleResult'])
209 && is_array($response['AssumeRoleResponse']['#']['AssumeRoleResult'])
210 && isset($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0])
211 && is_array($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0])
212 && isset($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0]['#'])
213 && is_array($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0]['#'])
214 && isset($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0]['#']['Credentials'])
215 && is_array($response['AssumeRoleResponse']['#']['AssumeRoleResult'][0]['#']['Credentials'])
216 )
217 {
218 $Credentials = $response['AssumeRoleResponse']['#']['AssumeRoleResult'][0]['#']['Credentials'];
219
220 if (
221 isset($Credentials[0])
222 && is_array($Credentials[0])
223 && isset($Credentials[0]['#'])
224 && is_array($Credentials[0]['#'])
225 && isset($Credentials[0]['#']['SessionToken'])
226 && is_array($Credentials[0]['#']['SessionToken'])
227 && isset($Credentials[0]['#']['SessionToken'][0])
228 && is_array($Credentials[0]['#']['SessionToken'][0])
229 && isset($Credentials[0]['#']['SessionToken'][0]['#'])
230 )
231 {
232 $SessionToken = $Credentials[0]['#']['SessionToken'][0]['#'];
233 }
234 else
235 {
236 return 1;
237 }
238
239 if (
240 isset($Credentials[0])
241 && is_array($Credentials[0])
242 && isset($Credentials[0]['#'])
243 && is_array($Credentials[0]['#'])
244 && isset($Credentials[0]['#']['SecretAccessKey'])
245 && is_array($Credentials[0]['#']['SecretAccessKey'])
246 && isset($Credentials[0]['#']['SecretAccessKey'][0])
247 && is_array($Credentials[0]['#']['SecretAccessKey'][0])
248 && isset($Credentials[0]['#']['SecretAccessKey'][0]['#'])
249 )
250 {
251 $SecretAccessKey = $Credentials[0]['#']['SecretAccessKey'][0]['#'];
252 }
253 else
254 {
255 return 2;
256 }
257
258 if (
259 isset($Credentials[0])
260 && is_array($Credentials[0])
261 && isset($Credentials[0]['#'])
262 && is_array($Credentials[0]['#'])
263 && isset($Credentials[0]['#']['AccessKeyId'])
264 && is_array($Credentials[0]['#']['AccessKeyId'])
265 && isset($Credentials[0]['#']['AccessKeyId'][0])
266 && is_array($Credentials[0]['#']['AccessKeyId'][0])
267 && isset($Credentials[0]['#']['AccessKeyId'][0]['#'])
268 )
269 {
270 $AccessKeyId = $Credentials[0]['#']['AccessKeyId'][0]['#'];
271 }
272 else
273 {
274 return 3;
275 }
276
277 return [
278 'ACCESS_KEY' => $AccessKeyId,
279 'SECRET_KEY' => $SecretAccessKey,
280 'SESSION_TOKEN' => $SessionToken,
281 'EXPIRATION' => $Credentials[0]['#']['Expiration'][0]['#'] ?? '',
282 ];
283 }
284 else
285 {
286 return false;
287 }
288 }
289
290 protected function SendRequest($service, $arSettings, $verb, $bucket, $file_name='/', $params='', $content='', $additional_headers=/*.(array[string]string).*/[])
291 {
292 global $APPLICATION;
293 $this->status = 0;
294
295 $request = new Bitrix\Main\Web\HttpClient([
296 'redirect' => false,
297 'streamTimeout' => $this->streamTimeout,
298 ]);
299 if (isset($additional_headers['option-file-result']))
300 {
301 $request->setOutputStream($additional_headers['option-file-result']);
302 }
303
304 if (isset($additional_headers['Content-Type']))
305 {
306 $ContentType = $additional_headers['Content-Type'];
307 }
308 else
309 {
310 $ContentType = $content !== '' ? 'text/plain' : '';
311 }
312 unset($additional_headers['Content-Type']);
313
314 foreach ($this->set_headers as $key => $value)
315 {
316 $additional_headers[$key] = $value;
317 }
318
319 if (array_key_exists('SESSION_TOKEN', $arSettings))
320 {
321 $additional_headers['x-amz-security-token'] = $arSettings['SESSION_TOKEN'];
322 }
323
324 $host = $additional_headers['Host'] = $this->service_host;
325
326 foreach ($service->SignRequest($arSettings, $verb, $bucket, $file_name, $ContentType, $additional_headers, $params, $content, 'sts') as $key => $value)
327 {
328 $request->setHeader($key, $value);
329 }
330
331 foreach ($additional_headers as $key => $value)
332 {
333 if (!preg_match('/^option-/', $key))
334 {
335 $request->setHeader($key, $value);
336 }
337 }
338
339 $this->status = 0;
340 $this->host = $host;
341 $this->verb = $verb;
342 $this->url = 'https://' . $host . $file_name . $params;
343 $this->headers = [];
344 $this->errno = 0;
345 $this->errstr = '';
346 $this->result = '';
347
348 $stime = 0;
349 $logRequest = false;
350 if (defined('BX_CLOUDS_TRACE') && $verb !== 'GET' && $verb !== 'HEAD')
351 {
352 $stime = microtime(1);
353 $logRequest = [
354 'request_id' => md5((string)mt_rand()),
355 'portal' => $_SERVER['HTTP_HOST'],
356 'verb' => $this->verb,
357 'url' => $this->url,
358 ];
359 if (function_exists('getmypid'))
360 {
361 $logRequest['pid'] = getmypid();
362 }
363 AddMessage2Log(json_encode($logRequest), 'clouds', 20);
364 }
365
366 $request->setHeader('Content-type', $ContentType);
367 $request->query($this->verb, $this->url, $content);
368
369 $this->status = $request->getStatus();
370 foreach ($request->getHeaders() as $key => $value)
371 {
372 $this->headers[$key] = is_array($value) ? $value[0] : $value;
373 }
374 $this->errstr = implode("\n", $request->getError());
375 $this->errno = $this->errstr ? 255 : 0;
376 $this->result = $request->getResult();
377
378 if ($logRequest)
379 {
380 $logRequest['status'] = $this->status;
381 $logRequest['time'] = round(microtime(true) - $stime, 6);
382 $logRequest['headers'] = $this->headers;
383 AddMessage2Log(json_encode($logRequest), 'clouds', 0);
384 }
385
386 if ($this->status == 200)
387 {
388 if (
389 isset($additional_headers['option-raw-result'])
390 || isset($additional_headers['option--result'])
391 )
392 {
393 return $this->result;
394 }
395 elseif ($this->result !== '')
396 {
397 $obXML = new CDataXML;
398 $text = preg_replace('/<' . '\\?XML.*?\\?' . '>/i', '', $this->result);
399 if ($obXML->LoadString($text))
400 {
401 $arXML = $obXML->GetArray();
402 if (is_array($arXML))
403 {
404 return $arXML;
405 }
406 }
407 //XML parse error
408 $e = new CApplicationException(GetMessage('CLO_SECSERV_STS_XML_PARSE_ERROR', ['#errno#' => '1']));
409 $APPLICATION->ThrowException($e);
410 return false;
411 }
412 else
413 {
414 //Empty success result
415 return [];
416 }
417 }
418 elseif ($this->status > 0)
419 {
420 if ($this->result)
421 {
422 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_STS_XML_ERROR', ['#errmsg#' => $this->result]));
423 return false;
424 }
425 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_STS_XML_PARSE_ERROR', ['#errno#' => 2]));
426 return false;
427 }
428 else
429 {
430 $APPLICATION->ThrowException(GetMessage('CLO_SECSERV_STS_XML_PARSE_ERROR', ['#errno#' => 3]));
431 return false;
432 }
433 }
434}
$APPLICATION
global $APPLICATION
Определения include.php:80
$request
if(!Loader::includeModule('catalog')) if(!AccessController::getCurrent() ->check(ActionDictionary::ACTION_PRICE_EDIT)) if(!check_bitrix_sessid()) $request
Определения catalog_reindex.php:36
CCloudSecurityService_STS
Определения security_service_sts.php:5
CCloudSecurityService_STS\$result
$result
Определения security_service_sts.php:19
CCloudSecurityService_STS\$set_headers
$set_headers
Определения security_service_sts.php:8
CCloudSecurityService_STS\$streamTimeout
$streamTimeout
Определения security_service_sts.php:7
CCloudSecurityService_STS\$errstr
$errstr
Определения security_service_sts.php:17
CCloudSecurityService_STS\GetDefaultBucketControlPolicy
GetDefaultBucketControlPolicy($bucket, $prefix)
Определения security_service_sts.php:41
CCloudSecurityService_STS\$errno
$errno
Определения security_service_sts.php:16
CCloudSecurityService_STS\AssumeRole
AssumeRole($arBucket, $Policy, $Name, $DurationSeconds=43200)
Определения security_service_sts.php:167
CCloudSecurityService_STS\$service_host
$service_host
Определения security_service_sts.php:6
CCloudSecurityService_STS\$headers
$headers
Определения security_service_sts.php:14
CCloudSecurityService_STS\$status
$status
Определения security_service_sts.php:18
CCloudSecurityService_STS\$verb
$verb
Определения security_service_sts.php:12
CCloudSecurityService_STS\GetName
GetName()
Определения security_service_sts.php:36
CCloudSecurityService_STS\$host
$host
Определения security_service_sts.php:11
CCloudSecurityService_STS\GetObject
static GetObject()
Определения security_service_sts.php:26
CCloudSecurityService_STS\$url
$url
Определения security_service_sts.php:13
CCloudSecurityService_STS\GetFederationToken
GetFederationToken($arBucket, $Policy, $Name, $DurationSeconds=129600)
Определения security_service_sts.php:49
CCloudSecurityService_STS\GetID
GetID()
Определения security_service_sts.php:31
CCloudSecurityService_STS\SendRequest
SendRequest($service, $arSettings, $verb, $bucket, $file_name='/', $params='', $content='', $additional_headers=[])
Определения security_service_sts.php:290
CCloudSecurityService_STS\GetLastRequestStatus
GetLastRequestStatus()
Определения security_service_sts.php:21
CCloudStorage\GetServiceByID
static GetServiceByID($ID)
Определения storage.php:44
CDataXML
Определения xml.php:396
$content
$content
Определения commerceml.php:144
$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9
AddMessage2Log
AddMessage2Log($text, $module='', $traceDepth=6, $showArgs=false)
Определения tools.php:3941
IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778
GetMessage
GetMessage($name, $aReplace=null)
Определения tools.php:3397
$name
$name
Определения menu_edit.php:35
$service
$service
Определения payment.php:18
elseif
if( $daysToExpire >=0 &&$daysToExpire< 60 elseif)( $daysToExpire< 0)
Определения prolog_main_admin.php:393
$key
if(empty($signedUserToken)) $key
Определения quickway.php:257
$text
$text
Определения template_pdf.php:79
$params
if($inWords) echo htmlspecialcharsbx(Number2Word_Rus(roundEx($totalVatSum $params['CURRENCY']
Определения template.php:799
$response
$response
Определения result.php:21