documentation/moodle/_shared_access_signature_8php_source.html

00001 <?php
00025 require_once 'Zend/Service/WindowsAzure/Credentials/CredentialsAbstract.php';
00026
00030 require_once 'Zend/Service/WindowsAzure/Storage.php';
00031
00035 require_once 'Zend/Http/Client.php';
00036
00043 class Zend_Service_WindowsAzure_Credentials_SharedAccessSignature
00044     extends Zend_Service_WindowsAzure_Credentials_CredentialsAbstract
00045 {
00051     protected $_permissionSet = array();
00052
00061         public function __construct(
00062                 $accountName = Zend_Service_WindowsAzure_Credentials_CredentialsAbstract::DEVSTORE_ACCOUNT,
00063                 $accountKey  = Zend_Service_WindowsAzure_Credentials_CredentialsAbstract::DEVSTORE_KEY,
00064                 $usePathStyleUri = false, $permissionSet = array()
00065         ) {
00066             parent::__construct($accountName, $accountKey, $usePathStyleUri);
00067             $this->_permissionSet = $permissionSet;
00068         }
00069
00075     public function getPermissionSet()
00076         {
00077             return $this->_permissionSet;
00078         }
00079
00092     public function setPermissionSet($value = array())
00093         {
00094                 foreach ($value as $url) {
00095                         if (strpos($url, $this->_accountName) === false) {
00096                                 throw new Zend_Service_WindowsAzure_Exception('The permission set can only contain URLs for the account name specified in the Zend_Service_WindowsAzure_Credentials_SharedAccessSignature instance.');
00097                         }
00098                 }
00099             $this->_permissionSet = $value;
00100         }
00101
00113     public function createSignature(
00114         $path = '/',
00115         $resource = 'b',
00116         $permissions = 'r',
00117         $start = '',
00118         $expiry = '',
00119         $identifier = ''
00120     ) {
00121                 // Determine path
00122                 if ($this->_usePathStyleUri) {
00123                         $path = substr($path, strpos($path, '/'));
00124                 }
00125
00126                 // Add trailing slash to $path
00127                 if (substr($path, 0, 1) !== '/') {
00128                     $path = '/' . $path;
00129                 }
00130
00131                 // Build canonicalized resource string
00132                 $canonicalizedResource  = '/' . $this->_accountName;
00133                 /*if ($this->_usePathStyleUri) {
00134                         $canonicalizedResource .= '/' . $this->_accountName;
00135                 }*/
00136                 $canonicalizedResource .= $path;
00137
00138                 // Create string to sign
00139                 $stringToSign   = array();
00140                 $stringToSign[] = $permissions;
00141         $stringToSign[] = $start;
00142         $stringToSign[] = $expiry;
00143         $stringToSign[] = $canonicalizedResource;
00144         $stringToSign[] = $identifier;
00145
00146         $stringToSign = implode("\n", $stringToSign);
00147         $signature    = base64_encode(hash_hmac('sha256', $stringToSign, $this->_accountKey, true));
00148
00149         return $signature;
00150     }
00151
00164     public function createSignedQueryString(
00165         $path = '/',
00166         $queryString = '',
00167         $resource = 'b',
00168         $permissions = 'r',
00169         $start = '',
00170         $expiry = '',
00171         $identifier = ''
00172     ) {
00173         // Parts
00174         $parts = array();
00175         if ($start !== '') {
00176             $parts[] = 'st=' . urlencode($start);
00177         }
00178         $parts[] = 'se=' . urlencode($expiry);
00179         $parts[] = 'sr=' . $resource;
00180         $parts[] = 'sp=' . $permissions;
00181         if ($identifier !== '') {
00182             $parts[] = 'si=' . urlencode($identifier);
00183         }
00184         $parts[] = 'sig=' . urlencode($this->createSignature($path, $resource, $permissions, $start, $expiry, $identifier));
00185
00186         // Assemble parts and query string
00187         if ($queryString != '') {
00188             $queryString .= '&';
00189             }
00190         $queryString .= implode('&', $parts);
00191
00192         return $queryString;
00193     }
00194
00204     public function permissionMatchesRequest(
00205         $permissionUrl = '',
00206         $requestUrl = '',
00207         $resourceType = Zend_Service_WindowsAzure_Storage::RESOURCE_UNKNOWN,
00208         $requiredPermission = Zend_Service_WindowsAzure_Credentials_CredentialsAbstract::PERMISSION_READ
00209     ) {
00210         // Build requirements
00211         $requiredResourceType = $resourceType;
00212         if ($requiredResourceType == Zend_Service_WindowsAzure_Storage::RESOURCE_BLOB) {
00213             $requiredResourceType .= Zend_Service_WindowsAzure_Storage::RESOURCE_CONTAINER;
00214         }
00215
00216         // Parse permission url
00217             $parsedPermissionUrl = parse_url($permissionUrl);
00218
00219             // Parse permission properties
00220             $permissionParts = explode('&', $parsedPermissionUrl['query']);
00221
00222             // Parse request url
00223             $parsedRequestUrl = parse_url($requestUrl);
00224
00225             // Check if permission matches request
00226             $matches = true;
00227             foreach ($permissionParts as $part) {
00228                 list($property, $value) = explode('=', $part, 2);
00229
00230                 if ($property == 'sr') {
00231                     $matches = $matches && (strpbrk($value, $requiredResourceType) !== false);
00232                 }
00233
00234                 if ($property == 'sp') {
00235                     $matches = $matches && (strpbrk($value, $requiredPermission) !== false);
00236                 }
00237             }
00238
00239             // Ok, but... does the resource match?
00240             $matches = $matches && (strpos($parsedRequestUrl['path'], $parsedPermissionUrl['path']) !== false);
00241
00242         // Return
00243             return $matches;
00244     }
00245
00254         public function signRequestUrl(
00255                 $requestUrl = '',
00256                 $resourceType = Zend_Service_WindowsAzure_Storage::RESOURCE_UNKNOWN,
00257                 $requiredPermission = Zend_Service_WindowsAzure_Credentials_CredentialsAbstract::PERMISSION_READ
00258         ) {
00259             // Look for a matching permission
00260             foreach ($this->getPermissionSet() as $permittedUrl) {
00261                 if ($this->permissionMatchesRequest($permittedUrl, $requestUrl, $resourceType, $requiredPermission)) {
00262                     // This matches, append signature data
00263                     $parsedPermittedUrl = parse_url($permittedUrl);
00264
00265                     if (strpos($requestUrl, '?') === false) {
00266                         $requestUrl .= '?';
00267                     } else {
00268                         $requestUrl .= '&';
00269                     }
00270
00271                     $requestUrl .= $parsedPermittedUrl['query'];
00272
00273                     // Return url
00274                     return $requestUrl;
00275                 }
00276             }
00277
00278             // Return url, will be unsigned...
00279             return $requestUrl;
00280         }
00281
00294         public function signRequestHeaders(
00295                 $httpVerb = Zend_Http_Client::GET,
00296                 $path = '/',
00297                 $queryString = '',
00298                 $headers = null,
00299                 $forTableStorage = false,
00300                 $resourceType = Zend_Service_WindowsAzure_Storage::RESOURCE_UNKNOWN,
00301                 $requiredPermission = Zend_Service_WindowsAzure_Credentials_CredentialsAbstract::PERMISSION_READ
00302         ) {
00303             return $headers;
00304         }
00305 }