Submit
Path:
~
/
/
opt
/
psa
/
admin
/
plib
/
modules
/
letsencrypt
/
vendor
/
aws
/
aws-sdk-php
/
src
/
S3
/
File Content:
BucketEndpointArnMiddleware.php
<?php namespace PleskLetsEncrypt\Aws\S3; use PleskLetsEncrypt\Aws\Api\Service; use PleskLetsEncrypt\Aws\Arn\AccessPointArnInterface; use PleskLetsEncrypt\Aws\Arn\ArnParser; use PleskLetsEncrypt\Aws\Arn\ObjectLambdaAccessPointArn; use PleskLetsEncrypt\Aws\Arn\Exception\InvalidArnException; use PleskLetsEncrypt\Aws\Arn\AccessPointArn as BaseAccessPointArn; use PleskLetsEncrypt\Aws\Arn\S3\OutpostsAccessPointArn; use PleskLetsEncrypt\Aws\Arn\S3\MultiRegionAccessPointArn; use PleskLetsEncrypt\Aws\Arn\S3\OutpostsArnInterface; use PleskLetsEncrypt\Aws\CommandInterface; use PleskLetsEncrypt\Aws\Endpoint\PartitionEndpointProvider; use PleskLetsEncrypt\Aws\Exception\InvalidRegionException; use PleskLetsEncrypt\Aws\Exception\UnresolvedEndpointException; use PleskLetsEncrypt\Aws\S3\Exception\S3Exception; use InvalidArgumentException; use Psr\Http\Message\RequestInterface; /** * Checks for access point ARN in members targeting BucketName, modifying * endpoint as appropriate * * @internal */ class BucketEndpointArnMiddleware { use EndpointRegionHelperTrait; /** @var callable */ private $nextHandler; /** @var array */ private $nonArnableCommands = ['CreateBucket']; /** @var boolean */ private $isUseEndpointV2; /** * Create a middleware wrapper function. * * @param Service $service * @param $region * @param array $config * @return callable */ public static function wrap(Service $service, $region, array $config, $isUseEndpointV2) { return function (callable $handler) use($service, $region, $config, $isUseEndpointV2) { return new self($handler, $service, $region, $config, $isUseEndpointV2); }; } public function __construct(callable $nextHandler, Service $service, $region, array $config = [], $isUseEndpointV2 = \false) { $this->partitionProvider = PartitionEndpointProvider::defaultProvider(); $this->region = $region; $this->service = $service; $this->config = $config; $this->nextHandler = $nextHandler; $this->isUseEndpointV2 = $isUseEndpointV2; } public function __invoke(CommandInterface $cmd, RequestInterface $req) { $nextHandler = $this->nextHandler; $op = $this->service->getOperation($cmd->getName())->toArray(); if (!empty($op['input']['shape'])) { $service = $this->service->toArray(); if (!empty($input = $service['shapes'][$op['input']['shape']])) { foreach ($input['members'] as $key => $member) { if ($member['shape'] === 'BucketName') { $arnableKey = $key; break; } } if (!empty($arnableKey) && ArnParser::isArn($cmd[$arnableKey])) { try { // Throw for commands that do not support ARN inputs if (\in_array($cmd->getName(), $this->nonArnableCommands)) { throw new S3Exception('ARN values cannot be used in the bucket field for' . ' the ' . $cmd->getName() . ' operation.', $cmd); } if (!$this->isUseEndpointV2) { $arn = ArnParser::parse($cmd[$arnableKey]); $partition = $this->validateArn($arn); $host = $this->generateAccessPointHost($arn, $req); } // Remove encoded bucket string from path $path = $req->getUri()->getPath(); $encoded = \rawurlencode($cmd[$arnableKey]); $len = \strlen($encoded) + 1; if (\trim(\substr($path, 0, $len), '/') === "{$encoded}") { $path = \substr($path, $len); if (\substr($path, 0, 1) !== "/") { $path = '/' . $path; } } if (empty($path)) { $path = ''; } // Set modified request if ($this->isUseEndpointV2) { $req = $req->withUri($req->getUri()->withPath($path)); goto next; } $req = $req->withUri($req->getUri()->withPath($path)->withHost($host)); // Update signing region based on ARN data if configured to do so if ($this->config['use_arn_region']->isUseArnRegion() && !$this->config['use_fips_endpoint']->isUseFipsEndpoint()) { $region = $arn->getRegion(); } else { $region = $this->region; } $endpointData = $partition(['region' => $region, 'service' => $arn->getService()]); $cmd['@context']['signing_region'] = $endpointData['signingRegion']; // Update signing service for Outposts and Lambda ARNs if ($arn instanceof OutpostsArnInterface || $arn instanceof ObjectLambdaAccessPointArn) { $cmd['@context']['signing_service'] = $arn->getService(); } } catch (InvalidArnException $e) { // Add context to ARN exception throw new S3Exception('Bucket parameter parsed as ARN and failed with: ' . $e->getMessage(), $cmd, [], $e); } } } } next: return $nextHandler($cmd, $req); } private function generateAccessPointHost(BaseAccessPointArn $arn, RequestInterface $req) { if ($arn instanceof OutpostsAccessPointArn) { $accesspointName = $arn->getAccesspointName(); } else { $accesspointName = $arn->getResourceId(); } if ($arn instanceof MultiRegionAccessPointArn) { $partition = $this->partitionProvider->getPartitionByName($arn->getPartition(), 's3'); $dnsSuffix = $partition->getDnsSuffix(); return "{$accesspointName}.accesspoint.s3-global.{$dnsSuffix}"; } $host = "{$accesspointName}-" . $arn->getAccountId(); $useFips = $this->config['use_fips_endpoint']->isUseFipsEndpoint(); $fipsString = $useFips ? "-fips" : ""; if ($arn instanceof OutpostsAccessPointArn) { $host .= '.' . $arn->getOutpostId() . '.s3-outposts'; } else { if ($arn instanceof ObjectLambdaAccessPointArn) { if (!empty($this->config['endpoint'])) { return $host . '.' . $this->config['endpoint']; } else { $host .= ".s3-object-lambda{$fipsString}"; } } else { $host .= ".s3-accesspoint{$fipsString}"; if (!empty($this->config['dual_stack'])) { $host .= '.dualstack'; } } } if (!empty($this->config['use_arn_region']->isUseArnRegion())) { $region = $arn->getRegion(); } else { $region = $this->region; } $region = \PleskLetsEncrypt\Aws\strip_fips_pseudo_regions($region); $host .= '.' . $region . '.' . $this->getPartitionSuffix($arn, $this->partitionProvider); return $host; } /** * Validates an ARN, returning a partition object corresponding to the ARN * if successful * * @param $arn * @return \Aws\Endpoint\Partition */ private function validateArn($arn) { if ($arn instanceof AccessPointArnInterface) { // Dualstack is not supported with Outposts access points if ($arn instanceof OutpostsAccessPointArn && !empty($this->config['dual_stack'])) { throw new UnresolvedEndpointException('Dualstack is currently not supported with S3 Outposts access' . ' points. Please disable dualstack or do not supply an' . ' access point ARN.'); } if ($arn instanceof MultiRegionAccessPointArn) { if (!empty($this->config['disable_multiregion_access_points'])) { throw new UnresolvedEndpointException('Multi-Region Access Point ARNs are disabled, but one was provided. Please' . ' enable them or provide a different ARN.'); } if (!empty($this->config['dual_stack'])) { throw new UnresolvedEndpointException('Multi-Region Access Point ARNs do not currently support dual stack. Please' . ' disable dual stack or provide a different ARN.'); } } // Accelerate is not supported with access points if (!empty($this->config['accelerate'])) { throw new UnresolvedEndpointException('Accelerate is currently not supported with access points.' . ' Please disable accelerate or do not supply an access' . ' point ARN.'); } // Path-style is not supported with access points if (!empty($this->config['path_style'])) { throw new UnresolvedEndpointException('Path-style addressing is currently not supported with' . ' access points. Please disable path-style or do not' . ' supply an access point ARN.'); } // Custom endpoint is not supported with access points if (!\is_null($this->config['endpoint']) && !$arn instanceof ObjectLambdaAccessPointArn) { throw new UnresolvedEndpointException('A custom endpoint has been supplied along with an access' . ' point ARN, and these are not compatible with each other.' . ' Please only use one or the other.'); } // Dualstack is not supported with object lambda access points if ($arn instanceof ObjectLambdaAccessPointArn && !empty($this->config['dual_stack'])) { throw new UnresolvedEndpointException('Dualstack is currently not supported with Object Lambda access' . ' points. Please disable dualstack or do not supply an' . ' access point ARN.'); } // Global endpoints do not support cross-region requests if ($this->isGlobal($this->region) && $this->config['use_arn_region']->isUseArnRegion() == \false && $arn->getRegion() != $this->region && !$arn instanceof MultiRegionAccessPointArn) { throw new UnresolvedEndpointException('Global endpoints do not support cross region requests.' . ' Please enable use_arn_region or do not supply a global region' . ' with a different region in the ARN.'); } // Get partitions for ARN and client region $arnPart = $this->partitionProvider->getPartition($arn->getRegion(), 's3'); $clientPart = $this->partitionProvider->getPartition($this->region, 's3'); // If client partition not found, try removing pseudo-region qualifiers if (!$clientPart->isRegionMatch($this->region, 's3')) { $clientPart = $this->partitionProvider->getPartition(\PleskLetsEncrypt\Aws\strip_fips_pseudo_regions($this->region), 's3'); } if (!$arn instanceof MultiRegionAccessPointArn) { // Verify that the partition matches for supplied partition and region if ($arn->getPartition() !== $clientPart->getName()) { throw new InvalidRegionException('The supplied ARN partition' . " does not match the client's partition."); } if ($clientPart->getName() !== $arnPart->getName()) { throw new InvalidRegionException('The corresponding partition' . ' for the supplied ARN region does not match the' . " client's partition."); } // Ensure ARN region matches client region unless // configured for using ARN region over client region $this->validateMatchingRegion($arn); // Ensure it is not resolved to fips pseudo-region for S3 Outposts $this->validateFipsConfigurations($arn); } return $arnPart; } throw new InvalidArnException('Provided ARN was not a valid S3 access' . ' point ARN or S3 Outposts access point ARN.'); } /** * Checks if a region is global * * @param $region * @return bool */ private function isGlobal($region) { return $region == 's3-external-1' || $region == 'aws-global'; } }
Edit
Rename
Chmod
Delete
FILE
FOLDER
INFO
Name
Size
Permission
Action
Crypto
---
0755
Exception
---
0755
Parser
---
0755
RegionalEndpoint
---
0755
UseArnRegion
---
0755
AmbiguousSuccessParser.php
2068 bytes
0644
ApplyChecksumMiddleware.php
6488 bytes
0644
BatchDelete.php
7430 bytes
0644
BucketEndpointArnMiddleware.php
12719 bytes
0644
BucketEndpointMiddleware.php
3377 bytes
0644
CalculatesChecksumTrait.php
1959 bytes
0644
EndpointRegionHelperTrait.php
3008 bytes
0644
ExpiresParsingMiddleware.php
1356 bytes
0644
GetBucketLocationParser.php
1342 bytes
0644
MultipartCopy.php
8865 bytes
0644
MultipartUploader.php
6286 bytes
0644
MultipartUploadingTrait.php
4522 bytes
0644
ObjectCopier.php
5534 bytes
0644
ObjectUploader.php
5255 bytes
0644
PermanentRedirectMiddleware.php
1555 bytes
0644
PostObject.php
3710 bytes
0644
PostObjectV4.php
5121 bytes
0644
PutObjectUrlMiddleware.php
1509 bytes
0644
RetryableMalformedResponseParser.php
1392 bytes
0644
S3Client.php
54929 bytes
0644
S3ClientInterface.php
14103 bytes
0644
S3ClientTrait.php
9517 bytes
0644
S3EndpointMiddleware.php
10066 bytes
0644
S3MultiRegionClient.php
20183 bytes
0644
S3UriParser.php
4874 bytes
0644
SSECMiddleware.php
2265 bytes
0644
StreamWrapper.php
30777 bytes
0644
Transfer.php
15800 bytes
0644
ValidateResponseChecksumParser.php
4877 bytes
0644
N4ST4R_ID | Naxtarrr
