这段代码展示了如何在不依赖外部库的情况下,使用PHP和cURL构建并签署一个针对Elasticsearch的HTTP请求。它涉及到了AWS签名过程,包括创建时间戳、规范化请求头、计算哈希值以及生成最终的签名。然后,这些签名信息被添加到cURL请求头中,用于发起安全的Elasticsearch查询。
我正在寻找一个如何使用php和curl签署弹性搜索请求的编码示例。
我找到了关于如何签名并将文件上传到S3存储桶并尝试调整它的示例,但我没有任何运气。
我不能使用一个库,我编写的一个庞大的类只依赖于使用原始curl,并且需要能够在Curl类中自己签署请求。
$aws_access_key_id = 'ACCESS_ID';
$aws_secret_access_key = 'ACCESS_KEY';
$host = 'HOST';
$aws_region = 'us-east-1';
$content = '{
"query" : {
"term" : { "col" : "val" }
}
}';
// Service name for S3
$aws_service_name = 'es';
// UTC timestamp and date
$timestamp = gmdate('Ymd\THis\Z');
$date = gmdate('Ymd');
// HTTP request headers as key & value
$request_headers = [];
$request_headers['Content-Type'] = 'application/json';
$request_headers['Content-Length'] = strlen($content);
$request_headers['Date'] = $timestamp;
$request_headers['Host'] = $host;
$request_headers['X-Amz-Date'] = $date;
$request_headers['x-amz-content-sha256'] = hash('sha256', $content);
// Sort it in ascending order
ksort($request_headers);
// Canonical headers
$canonical_headers = [];
foreach ($request_headers as $key => $value)
{
$canonical_headers[] = strtolower($key) . ":" . $value;
}
$canonical_headers = implode("\n", $canonical_headers);
// Signed headers
$signed_headers = [];
foreach ($request_headers as $key => $value)
{
$signed_headers[] = strtolower($key);
}
$signed_headers = implode(";", $signed_headers);
// Cannonical request
$canonical_request = [];
$canonical_request[] = 'GET';
$canonical_request[] = '';
$canonical_request[] = $canonical_headers;
$canonical_request[] = '';
$canonical_request[] = $signed_headers;
$canonical_request[] = hash('sha256', $content);
$canonical_request = implode("\n", $canonical_request);
$hashed_canonical_request = hash('sha256', $canonical_request);
// AWS Scope
$scope = [];
$scope[] = $date;
$scope[] = $aws_region;
$scope[] = $aws_service_name;
$scope[] = 'aws4_request';
// String to sign
$string_to_sign = [];
$string_to_sign[] = 'AWS4-HMAC-SHA256';
$string_to_sign[] = $timestamp;
$string_to_sign[] = implode('/', $scope);
$string_to_sign[] = $hashed_canonical_request;
$string_to_sign = implode("\n", $string_to_sign);
// Signing key
$kSecret = 'AWS4' . $aws_secret_access_key;
$kDate = hash_hmac('sha256', $date, $kSecret, true);
$kRegion = hash_hmac('sha256', $aws_region, $kDate, true);
$kService = hash_hmac('sha256', $aws_service_name, $kRegion, true);
$kSigning = hash_hmac('sha256', 'aws4_request', $kService, true);
// Signature
$signature = hash_hmac('sha256', $string_to_sign, $kSigning);
// Authorization
$authorization = [
'Credential=' . $aws_access_key_id . '/' . implode('/', $scope),
'SignedHeaders=' . $signed_headers,
'Signature=' . $signature
];
$authorization = 'AWS4-HMAC-SHA256' . ' ' . implode( ',', $authorization);
// Curl headers
$curl_headers = [ 'Authorization: ' . $authorization ];
foreach ($request_headers as $key => $value)
{
$curl_headers[] = $key . ": " . $value;
}
$url = 'https://' . $host . '/_search';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_POSTFIELDS, $content);
curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code != 200)
{
exit('Error : Failed to upload');
}
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
