summaryrefslogtreecommitdiffstats
path: root/src/etc/inc/r53.class
diff options
context:
space:
mode:
authorJason D. McCormick <jason@mfamily.org>2017-02-03 20:21:02 -0500
committerJason D. McCormick <jason@mfamily.org>2017-02-03 20:21:02 -0500
commitcb5961d1fa64a45cbec5ef5d677b57f8d62f50b5 (patch)
tree5c2bae3bd6099e5d55b9569bdd9204f01f5fa5d1 /src/etc/inc/r53.class
parent70ada8192a8aa850c0ab7accd57d9d22fd2e49f9 (diff)
downloadpfsense-cb5961d1fa64a45cbec5ef5d677b57f8d62f50b5.zip
pfsense-cb5961d1fa64a45cbec5ef5d677b57f8d62f50b5.tar.gz
commit initial fix; need to add hooks for region to zone id
Diffstat (limited to 'src/etc/inc/r53.class')
-rw-r--r--src/etc/inc/r53.class61
1 files changed, 48 insertions, 13 deletions
diff --git a/src/etc/inc/r53.class b/src/etc/inc/r53.class
index cc50d4a..21a4a61 100644
--- a/src/etc/inc/r53.class
+++ b/src/etc/inc/r53.class
@@ -102,7 +102,7 @@ class Route53
/**
* Return API URL
*
- * @param string $zoneid Amazone Zone ID
+ * @param string $zoneid Amazon Zone ID
* @return string URL
*/
public function getApiUrl($zoneid){
@@ -112,21 +112,56 @@ class Route53
/**
* Return HTTP post headers
*
- * @param int $bodylen length of the POST bost body
+ * @param string zoneId Amazon Zone
+ * @param string regionId Amazon Region Code (e.g. us-east-1)
+ * @param string requestBodySHA256 SHA256 hash of the request body
* @return Array headers
*/
- public function getHttpPostHeaders($bodylen){
- $reqdate = gmdate('D, d M Y H:i:s e');
+ public function getHttpPostHeaders($zoneId, $regionId, $requestBodySHA256){
+
+ $canonical_uri = sprintf("/2013-04-01/hostedzone/%s/rrset", $zoneId);
+ $amz_date = sprintf("%sT%sZ", gmdate('Ymd'), gmdate('His'));
+ $date_stamp = gmdate('Ymd');
+
+ $canonical_headers = sprintf("content-type:%s\nhost:%s\n:x-amx-date:%s\n",
+ "text/xml", "route53.amazonaws.com", $amz_date);
+
+ $signed_headers = "content-type;host;x-amz-date";
+
+ $canonical_request = sprintf("%s\n%s\n/\n/%s\n%s\n%s\n ",
+ "POST", $canonical_uri, $canonical_headers, $signed_headers, $requestBodySHA256);
+
+ $algorithm = "AWS4-HMAC-SHA256";
+ $credential_scope = sprintf("%s/%s/%s/%s", $date_stamp, $regionId, "route53domains", "aws4_request");
+ $string_to_sign = sprintf("%s\n%s\n%s\n%s ",
+ $algorithm, $amz_date, $credential_scope, hash("sha256", $canonical_request));
+ $signing_key = getAWS4SigningKey($this->__secretKey, $date_stamp, $regionId);
+
+ $signature = hash_hmac("sha256", $string_to_sign, $signing_key);
+
+ $authorization_header = sprintf("%s Credential=%s/%s, SignedHeader=%s Signature=%s",
+ $algorithm, $this->__accessKey, $credential_scope, $signed_headers, $signature);
+
$httphead[] = array();
- $httphead[] = sprintf("Date: %s", $reqdate);
- $httphead[] = "Content-Type: text/plain";
- $httphead[] = sprintf("Content-Length: %d", $bodylen);
- /* to avoid having user to know their AWS Region, for now use V3 */
- $httphead[] = sprintf(
- "X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HMACSHA256,SignedHeaders=date,Signature=%s",
- $this->__accessKey,
- base64_encode(hash_hmac("sha256", $reqdate, $this->__secretKey, true))
- );
+ $httphead[] = "Content-Type: text/xml";
+ $httphead[] = sprintf("X-Amz-Date: %s", $amz_date);
+ $httphead[] = sprintf("Authorization: %s", $authorization_header);
return $httphead;
}
+
+ /**
+ * Return Signing key
+ *
+ * @param string secretKey The AWS key
+ * @param string dateStamp The AWS signing date in the form YYYYMMDD
+ * @param string regionName The AWS region name - e.g. us-east-1
+ */
+ public function getAWS4SigningKey($secretKey, $dateStamp, $regionName){
+ $kSecret = sprintf("AWS4%s", $secretKey);
+ $kDate = hash_hmac("sha256", $dateStamp, $kSecret);
+ $kRegion = hash_hmac("sha256", $regionName, $kDate);
+ $kService = hash_hmac("sha256", "route53domains", $kRegion);
+ return hash_hmac("sha256", "aws4_request", $kService);
+ }
}
+
OpenPOWER on IntegriCloud