diff options
Diffstat (limited to 'src/etc/inc/r53.class')
-rw-r--r-- | src/etc/inc/r53.class | 61 |
1 files changed, 48 insertions, 13 deletions
diff --git a/src/etc/inc/r53.class b/src/etc/inc/r53.class index cc50d4a..21a4a61 100644 --- a/src/etc/inc/r53.class +++ b/src/etc/inc/r53.class @@ -102,7 +102,7 @@ class Route53 /** * Return API URL * - * @param string $zoneid Amazone Zone ID + * @param string $zoneid Amazon Zone ID * @return string URL */ public function getApiUrl($zoneid){ @@ -112,21 +112,56 @@ class Route53 /** * Return HTTP post headers * - * @param int $bodylen length of the POST bost body + * @param string zoneId Amazon Zone + * @param string regionId Amazon Region Code (e.g. us-east-1) + * @param string requestBodySHA256 SHA256 hash of the request body * @return Array headers */ - public function getHttpPostHeaders($bodylen){ - $reqdate = gmdate('D, d M Y H:i:s e'); + public function getHttpPostHeaders($zoneId, $regionId, $requestBodySHA256){ + + $canonical_uri = sprintf("/2013-04-01/hostedzone/%s/rrset", $zoneId); + $amz_date = sprintf("%sT%sZ", gmdate('Ymd'), gmdate('His')); + $date_stamp = gmdate('Ymd'); + + $canonical_headers = sprintf("content-type:%s\nhost:%s\n:x-amx-date:%s\n", + "text/xml", "route53.amazonaws.com", $amz_date); + + $signed_headers = "content-type;host;x-amz-date"; + + $canonical_request = sprintf("%s\n%s\n/\n/%s\n%s\n%s\n ", + "POST", $canonical_uri, $canonical_headers, $signed_headers, $requestBodySHA256); + + $algorithm = "AWS4-HMAC-SHA256"; + $credential_scope = sprintf("%s/%s/%s/%s", $date_stamp, $regionId, "route53domains", "aws4_request"); + $string_to_sign = sprintf("%s\n%s\n%s\n%s ", + $algorithm, $amz_date, $credential_scope, hash("sha256", $canonical_request)); + $signing_key = getAWS4SigningKey($this->__secretKey, $date_stamp, $regionId); + + $signature = hash_hmac("sha256", $string_to_sign, $signing_key); + + $authorization_header = sprintf("%s Credential=%s/%s, SignedHeader=%s Signature=%s", + $algorithm, $this->__accessKey, $credential_scope, $signed_headers, $signature); + $httphead[] = array(); - $httphead[] = sprintf("Date: %s", $reqdate); - $httphead[] = "Content-Type: text/plain"; - $httphead[] = sprintf("Content-Length: %d", $bodylen); - /* to avoid having user to know their AWS Region, for now use V3 */ - $httphead[] = sprintf( - "X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HMACSHA256,SignedHeaders=date,Signature=%s", - $this->__accessKey, - base64_encode(hash_hmac("sha256", $reqdate, $this->__secretKey, true)) - ); + $httphead[] = "Content-Type: text/xml"; + $httphead[] = sprintf("X-Amz-Date: %s", $amz_date); + $httphead[] = sprintf("Authorization: %s", $authorization_header); return $httphead; } + + /** + * Return Signing key + * + * @param string secretKey The AWS key + * @param string dateStamp The AWS signing date in the form YYYYMMDD + * @param string regionName The AWS region name - e.g. us-east-1 + */ + public function getAWS4SigningKey($secretKey, $dateStamp, $regionName){ + $kSecret = sprintf("AWS4%s", $secretKey); + $kDate = hash_hmac("sha256", $dateStamp, $kSecret); + $kRegion = hash_hmac("sha256", $regionName, $kDate); + $kService = hash_hmac("sha256", "route53domains", $kRegion); + return hash_hmac("sha256", "aws4_request", $kService); + } } + |