forked from clousale/amazon-sp-api-php
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAssumeRole.php
128 lines (113 loc) · 3.74 KB
/
AssumeRole.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
namespace Luigel\AmazonSellingPartnerAPI;
use GuzzleHttp\Client;
use GuzzleHttp\Psr7\Query;
class AssumeRole
{
/** @var string */
private $accessKeyId;
/** @var string */
private $secretAccessKey;
/** @var string */
private $sessionToken;
/**
* AssumeRole constructor.
*/
public function __construct(string $accessKeyId, string $secretAccessKey, string $sessionToken)
{
$this->accessKeyId = $accessKeyId;
$this->secretAccessKey = $secretAccessKey;
$this->sessionToken = $sessionToken;
}
public function getAccessKeyId(): string
{
return $this->accessKeyId;
}
public function getSecretAccessKey(): string
{
return $this->secretAccessKey;
}
public function getSessionToken(): string
{
return $this->sessionToken;
}
/**
* @throws \GuzzleHttp\Exception\GuzzleException
*
* @author crazyfactory https://github.com/crazyfactory
*
* Special thanks go to github user crazyfactory / z3niths who made a better implementation of the signature method
*
* Thanks to
*/
public static function assume(string $region, string $accessKey, string $secretKey, string $roleArn, int $durationSeconds = 3600): AssumeRole
{
$requestOptions = [
'headers' => [
'accept' => 'application/json',
],
'form_params' => [
'Action' => 'AssumeRole',
'DurationSeconds' => $durationSeconds,
'RoleArn' => $roleArn,
'RoleSessionName' => 'amazon-sp-api-php',
'Version' => '2011-06-15',
],
];
$host = 'sts.amazonaws.com';
$uri = '/';
$signedHeader = [];
// [
// 'service' => 'sts',
// 'accessKey' => $this->config->getApiKey('access_key'),
// 'secretKey' => $this->config->getApiKey('secret_key'),
// 'region' => 'us-east-1', // Global STS region
// 'host' => $host,
// 'uri' => $uri,
// 'payload' => \GuzzleHttp\Psr7\build_query($requestOptions['form_params']),
// 'method' => 'POST',
// ]
try {
$signedHeader = Signature::calculateSignatureForService(
$host,
'POST',
$uri,
'',
Query::build($requestOptions['form_params']),
'sts',
$accessKey,
$secretKey,
'us-east-1',
null,
null,
'cs-php-sp-api-client/2.1'
);
} catch (\Exception $e) {
echo "Error (Signing process) : {$e->getMessage()}";
throw $e;
}
$client = new Client([
'base_uri' => 'https://'.$host,
]);
$requestOptions['headers'] = array_merge($requestOptions['headers'], $signedHeader);
try {
$response = $client->post($uri, $requestOptions);
$json = json_decode($response->getBody(), true);
$credentials = $json['AssumeRoleResponse']['AssumeRoleResult']['Credentials'] ?? null;
// $tokens = [
// 'access_key' => $credentials['AccessKeyId'],
// 'secret_key' => $credentials['SecretAccessKey'],
// 'session_token' => $credentials['SessionToken']
// ];
return new AssumeRole(
$credentials['AccessKeyId'],
$credentials['SecretAccessKey'],
$credentials['SessionToken']
);
// return $tokens;
} catch (\Exception $e) {
echo "Error (Signing process) : {$e->getMessage()}";
throw $e;
}
}
}