<?php
|
namespace DoubleBreak\Spapi;
|
use GuzzleHttp\Psr7\Request;
|
|
class Signer {
|
|
/**
|
* calculateSignature data
|
*
|
* @return array request with signed headers
|
*/
|
|
public static function sign($request, $signOptions)
|
{
|
//required
|
$service = $signOptions['service'] ?? null;
|
$accessKey = $signOptions['access_key'] ?? null;
|
$secretKey = $signOptions['secret_key'] ?? null;
|
|
$region = $signOptions['region'] ?? null;
|
$host = $signOptions['host'] ?? null;
|
$method = $signOptions['method'] ?? null;
|
|
//optionl
|
$accessToken = $signOptions['access_token'] ?? null;
|
$securityToken = $signOptions['security_token'] ?? null;
|
$userAgent = $signOptions['user_agent'] ?? 'spapi_client';
|
$queryString = $signOptions['query_string'] ?? '';
|
$data = $signOptions['payload'] ?? [];
|
$uri = $signOptions['uri'] ?? '';
|
|
if (is_null($service)) throw new SignerException("Service is required");
|
if (is_null($accessKey)) throw new SignerException("Access key is required");
|
if (is_null($secretKey)) throw new SignerException("Secret key is required");
|
if (is_null($region)) throw new SignerException("Region key is required");
|
if (is_null($host)) throw new SignerException("Host key is required");
|
if (is_null($method)) throw new SignerException("Method key is required");
|
|
$terminationString = 'aws4_request';
|
$algorithm = 'AWS4-HMAC-SHA256';
|
$amzdate = gmdate('Ymd\THis\Z');
|
$date = substr($amzdate, 0, 8);
|
|
//Prepare payload hash
|
if (is_array($data)) {
|
$param = json_encode($data);
|
if ($param == "[]") {
|
$requestPayload = "";
|
} else {
|
$requestPayload = $param;
|
}
|
} else {
|
$requestPayload = $data;
|
}
|
$hashedPayload = hash('sha256', $requestPayload);
|
|
|
//Compute Canonical Headers
|
$canonicalHeaders = [
|
'host' => $host,
|
'user-agent' => $userAgent,
|
];
|
if (!is_null($accessToken)) {
|
$canonicalHeaders['x-amz-access-token'] = $accessToken;
|
}
|
$canonicalHeaders['x-amz-date'] = $amzdate;
|
if (!is_null($securityToken)) {
|
$canonicalHeaders['x-amz-security-token'] = $securityToken;
|
}
|
|
$canonicalHeadersStr = '';
|
foreach($canonicalHeaders as $h => $v) {
|
$canonicalHeadersStr .= $h . ':' . $v . "\n";
|
}
|
$signedHeadersStr = join(';' , array_keys($canonicalHeaders));
|
|
//Prepare credentials scope
|
$credentialScope = $date . '/' . $region . '/' . $service . '/' . $terminationString;
|
|
//prepare canonical request
|
$canonicalRequest = $method . "\n" . $uri . "\n" . $queryString . "\n" . $canonicalHeadersStr . "\n" . $signedHeadersStr . "\n" . $hashedPayload;
|
|
//Prepare the signature payload
|
$stringToSign = $algorithm . "\n" . $amzdate . "\n" . $credentialScope . "\n" . hash('sha256', $canonicalRequest);
|
|
//Prepare lockers
|
$kSecret = "AWS4" . $secretKey;
|
$kDate = hash_hmac('sha256', $date, $kSecret, true);
|
$kRegion = hash_hmac('sha256', $region, $kDate, true);
|
$kService = hash_hmac('sha256', $service, $kRegion, true);
|
$kSigning = hash_hmac('sha256', $terminationString, $kService, true);
|
|
//Compute the signature
|
$signature = trim(hash_hmac('sha256', $stringToSign, $kSigning)); // Without fourth parameter passed as true, returns lowercase hexits as called for by docs
|
|
$authorizationHeader = $algorithm . " Credential={$accessKey}/{$credentialScope}, SignedHeaders={$signedHeadersStr}, Signature={$signature}";
|
|
|
$headers = array_merge($canonicalHeaders, [
|
"Authorization" => $authorizationHeader,
|
]);
|
|
$request['headers'] = array_merge($request['headers'], $headers);
|
|
return $request;
|
}
|
}
|
