Главная Обзор Помощь
Регистрация Вход
benjamin.harris
/
crop-monitor
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: master
Ветки Метки
crop-monitor
/
core
/
model
/
aws
/
services
/
sts.class.php

sts.class.php 8.8 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. <?php
    2. 

  2. /*
    3. 

  3.  * Copyright 2010-2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License").
    6. 

  6.  * You may not use this file except in compliance with the License.
    7. 

  7.  * A copy of the License is located at
    8. 

  8.  *
    9. 

  9.  *  http://aws.amazon.com/apache2.0
    10. 

  10.  *
    11. 

  11.  * or in the "license" file accompanying this file. This file is distributed
    12. 

  12.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    13. 

  13.  * express or implied. See the License for the specific language governing
    14. 

  14.  * permissions and limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. /**
    18. 

  18.  *
    19. 

  19.  *
    20. 

  20.  * This is the AWS Security Token Service (STS) API Reference. STS is a web service that enables you to request temporary, limited-privilege
    21. 

  21.  * credentials for users that you authenticate (federated users), or IAM users. This guide provides descriptions of the STS API as well as
    22. 

  22.  * links to related content in <a href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/">Using AWS Identity and Access Management</a>.
    23. 

  23.  *
    24. 

  24.  * For more detailed information about using this service, go to <a
    25. 

  25.  * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/TokenBasedAuth.html">Granting Temporary Access to Your AWS Resources</a>, in
    26. 

  26.  * <i>Using AWS Identity and Access Management</i>.
    27. 

  27.  *
    28. 

  28.  * For specific information about setting up signatures and authorization through the API, go to <a
    29. 

  29.  * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making Query Requests</a> in <i>Using AWS Identity and
    30. 

  30.  * Access Management</i>.
    31. 

  31.  *
    32. 

  32.  * If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical
    33. 

  33.  * documentation at <a href="http://aws.amazon.com/documentation/">http://aws.amazon.com/documentation/</a>.
    34. 

  34.  *
    35. 

  35.  * We will refer to Amazon AWS Security Token Service using the abbreviated form STS, and to Amazon Identity and Access Management using the
    36. 

  36.  * abbreviated form IAM. All copyrights and legal protections still apply.
    37. 

  37.  *
    38. 

  38.  * @version Tue Aug 23 12:52:18 PDT 2011
    39. 

  39.  * @license See the included NOTICE.md file for complete information.
    40. 

  40.  * @copyright See the included NOTICE.md file for complete information.
    41. 

  41.  * @link http://aws.amazon.com/sts/AWS Secure Token Service
    42. 

  42.  * @link http://aws.amazon.com/documentation/sts/AWS Secure Token Service documentation
    43. 

  43.  */
    44. 

  44. class AmazonSTS extends CFRuntime
    45. 

  45. {
    46. 

  46. 

  47. 	/*%******************************************************************************************%*/
    48. 

  48. 	// CLASS CONSTANTS
    49. 

  49. 

  50. 	/**
    51. 

  51. 	 * Specify the default queue URL.
    52. 

  52. 	 */
    53. 

  53. 	const DEFAULT_URL = 'sts.amazonaws.com';
    54. 

  54. 

  55. 

  56. 

  57. 

  58. 	/*%******************************************************************************************%*/
    59. 

  59. 	// CONSTRUCTOR
    60. 

  60. 

  61. 	/**
    62. 

  62. 	 * Constructs a new instance of <AmazonSTS>.
    63. 

  63. 	 *
    64. 

  64. 	 * @param string $key (Optional) Your Amazon API Key. If blank, it will look for the <code>AWS_KEY</code> constant.
    65. 

  65. 	 * @param string $secret_key (Optional) Your Amazon API Secret Key. If blank, it will look for the <code>AWS_SECRET_KEY</code> constant.
    66. 

  66. 	 * @return boolean false if no valid values are set, otherwise true.
    67. 

  67. 	 */
    68. 

  68. 	public function __construct($key = null, $secret_key = null)
    69. 

  69. 	{
    70. 

  70. 		$this->api_version = '2011-06-15';
    71. 

  71. 		$this->hostname = self::DEFAULT_URL;
    72. 

  72. 

  73. 		if (!$key && !defined('AWS_KEY'))
    74. 

  74. 		{
    75. 

  75. 			// @codeCoverageIgnoreStart
    76. 

  76. 			throw new STS_Exception('No account key was passed into the constructor, nor was it set in the AWS_KEY constant.');
    77. 

  77. 			// @codeCoverageIgnoreEnd
    78. 

  78. 		}
    79. 

  79. 

  80. 		if (!$secret_key && !defined('AWS_SECRET_KEY'))
    81. 

  81. 		{
    82. 

  82. 			// @codeCoverageIgnoreStart
    83. 

  83. 			throw new STS_Exception('No account secret was passed into the constructor, nor was it set in the AWS_SECRET_KEY constant.');
    84. 

  84. 			// @codeCoverageIgnoreEnd
    85. 

  85. 		}
    86. 

  86. 

  87. 		return parent::__construct($key, $secret_key);
    88. 

  88. 	}
    89. 

  89. 

  90. 

  91. 	/*%******************************************************************************************%*/
    92. 

  92. 	// SERVICE METHODS
    93. 

  93. 

  94. 	/**
    95. 

  95. 	 *
    96. 

  96. 	 * The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM User. The credentials consist of an Access Key
    97. 

  97. 	 * ID, a Secret Access Key, and a security token. These credentials are valid for the specified duration only. The session duration for IAM
    98. 

  98. 	 * users can be between one and 36 hours, with a default of 12 hours. The session duration for AWS account owners is restricted to one hour.
    99. 

  99. 	 *
    100. 

  100. 	 * For more information about using GetSessionToken to create temporary credentials, go to <a
    101. 

  101. 	 * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/CreatingSessionTokens.html">Creating Temporary Credentials to Enable Access for
    102. 

  102. 	 * IAM Users</a> in <i>Using AWS Identity and Access Management</i>.
    103. 

  103. 	 *
    104. 

  104. 	 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
    105. 

  105. 	 * 	<li><code>DurationSeconds</code> - <code>integer</code> - Optional - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 3600s (one hour) to 129600s (36 hours), with 43200s (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600s (one hour). </li>
    106. 

  106. 	 * 	<li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
    107. 

  107. 	 * 	<li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
    108. 

  108. 	 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
    109. 

  109. 	 */
    110. 

  110. 	public function get_session_token($opt = null)
    111. 

  111. 	{
    112. 

  112. 		if (!$opt) $opt = array();
    113. 

  113. 

  114. 		return $this->authenticate('GetSessionToken', $opt, $this->hostname);
    115. 

  115. 	}
    116. 

  116. 

  117. 	/**
    118. 

  118. 	 *
    119. 

  119. 	 * The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in the
    120. 

  120. 	 * request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. The credentials are valid for the specified
    121. 

  121. 	 * duration, between one and 36 hours.
    122. 

  122. 	 *
    123. 

  123. 	 * The federated user who holds these credentials has any permissions allowed by the intersection of the specified policy and any resource or
    124. 

  124. 	 * user policies that apply to the caller of the GetFederationToken API, and any resource policies that apply to the federated user's ARN. For
    125. 

  125. 	 * more information about how token permissions work, see <a
    126. 

  126. 	 * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/TokenPermissions.html">Controlling Permissions in Temporary Credentials</a> in
    127. 

  127. 	 * <i>Using AWS Identity and Access Management</i>. For information about using GetFederationToken to create temporary credentials, see <a
    128. 

  128. 	 * href="http://docs.amazonwebservices.com/IAM/latest/UserGuide/CreatingFedTokens.html">Creating Temporary Credentials to Enable Access for
    129. 

  129. 	 * Federated Users</a> in <i>Using AWS Identity and Access Management</i>.
    130. 

  130. 	 *
    131. 

  131. 	 * @param string $name (Required) The name of the federated user associated with the credentials. For information about limitations on user names, go to Limitations on IAM Entities in <i>Using AWS Identity and Access Management</i>.
    132. 

  132. 	 * @param array $opt (Optional) An associative array of parameters that can have the following keys: <ul>
    133. 

  133. 	 * 	<li><code>Policy</code> - <code>string</code> - Optional - A policy specifying the permissions to associate with the credentials. The caller can delegate their own permissions by specifying a policy, and both policies will be checked when a service call is made. For more information about how permissions work in the context of temporary credentials, see Controlling Permissions in Temporary Credentials in <i>Using AWS Identity and Access Management</i>. </li>
    134. 

  134. 	 * 	<li><code>DurationSeconds</code> - <code>integer</code> - Optional - The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 3600s (one hour) to 129600s (36 hours), with 43200s (12 hours) as the default. </li>
    135. 

  135. 	 * 	<li><code>curlopts</code> - <code>array</code> - Optional - A set of values to pass directly into <code>curl_setopt()</code>, where the key is a pre-defined <code>CURLOPT_*</code> constant.</li>
    136. 

  136. 	 * 	<li><code>returnCurlHandle</code> - <code>boolean</code> - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.</li></ul>
    137. 

  137. 	 * @return CFResponse A <CFResponse> object containing a parsed HTTP response.
    138. 

  138. 	 */
    139. 

  139. 	public function get_federation_token($name, $opt = null)
    140. 

  140. 	{
    141. 

  141. 		if (!$opt) $opt = array();
    142. 

  142. 		$opt['Name'] = $name;
    143. 

  143. 

  144. 		return $this->authenticate('GetFederationToken', $opt, $this->hostname);
    145. 

  145. 	}
    146. 

  146. }
    147. 

  147. 

  148. 

  149. /*%******************************************************************************************%*/
    150. 

  150. // EXCEPTIONS
    151. 

  151. 

  152. /**
    153. 

  153.  * Default STS Exception.
    154. 

  154.  */
    155. 

  155. class STS_Exception extends Exception {}
    156.