-
-
Notifications
You must be signed in to change notification settings - Fork 0
AwsCredential
Class AwsCredential.
Represents the structured credential for AWS Signature Version 4
authentication. This credential is extracted from an Authorization
header beginning with the scheme AWS4-HMAC-SHA256.
AWS Signature Version 4 requires an HMAC-based signing process in which the
client computes a derived signing key using its AWS secret access key,
the request date, region, service name, and a fixed terminator string
(aws4_request). The client then signs a canonical representation of the
HTTP request. The server reconstructs this process and validates the
signature to authenticate the request.
Implementations using this class MUST treat all contained values as
immutable authentication parameters. These values MUST NOT be modified
internally, and callers SHOULD validate them strictly according to AWS
signing rules. The signature value MUST be treated as opaque binary
content encoded in hexadecimal; possession of a valid signature MAY allow
unauthorized access if mishandled.
Each property corresponds directly to fields parsed from the
Authorization header:
-
algorithm: The signing algorithm identifier. For SigV4 this MUST be
"AWS4-HMAC-SHA256". -
credentialScope: The hierarchical credential scope string in the form:
AccessKeyId/Date/Region/Service/aws4_request. - signedHeaders: A semicolon-delimited list of header names included during canonicalization. The server MUST reconstruct these headers in exactly the same order for signature verification.
- signature: A 64-character hexadecimal string representing the computed request signature.
- Full name:
\FastForward\Http\Message\Header\Authorization\AwsCredential - This class is marked as final and can't be subclassed
- This class implements:
\FastForward\Http\Message\Header\Authorization\AuthorizationCredential - This class is a Final class
public string $algorithmpublic string $credentialScopepublic string $signedHeaderspublic string $signatureCreates a representation of the SigV4 credential parameters extracted from an Authorization header.
public __construct(string $algorithm, string $credentialScope, string $signedHeaders, string $signature): mixedAll values passed to this constructor MUST come directly from the parsed header and MUST NOT be transformed semantically. Any additional normalization required for validation (e.g., canonical header reconstruction) MUST be performed by the caller or authentication subsystem.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$algorithm |
string | the SigV4 signing algorithm identifier |
$credentialScope |
string | the credential scope string |
(AccessKeyId/Date/Region/Service/aws4_request) |
||
$signedHeaders |
string | a semicolon-separated list of signed headers |
$signature |
string | a 64-character hex-encoded signature |