Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
3.0.2 ▾
|
<?php
namespace WPMailSMTP\Vendor\Aws\Crypto;
use WPMailSMTP\Vendor\Aws\Kms\KmsClient;
/**
* Uses KMS to supply materials for encrypting and decrypting data.
*
* Legacy implementation that supports legacy S3EncryptionClient and
* S3EncryptionMultipartUploader, which use an older encryption workflow. Use
* KmsMaterialsProviderV2 with S3EncryptionClientV2 or
* S3EncryptionMultipartUploaderV2 if possible.
*
* @deprecated
*/
class KmsMaterialsProvider extends \WPMailSMTP\Vendor\Aws\Crypto\MaterialsProvider implements \WPMailSMTP\Vendor\Aws\Crypto\MaterialsProviderInterface
{
const WRAP_ALGORITHM_NAME = 'kms';
private $kmsClient;
private $kmsKeyId;
/**
* @param KmsClient $kmsClient A KMS Client for use encrypting and
* decrypting keys.
* @param string $kmsKeyId The private KMS key id to be used for encrypting
* and decrypting keys.
*/
public function __construct(\WPMailSMTP\Vendor\Aws\Kms\KmsClient $kmsClient, $kmsKeyId = null)
{
$this->kmsClient = $kmsClient;
$this->kmsKeyId = $kmsKeyId;
}
public function fromDecryptionEnvelope(\WPMailSMTP\Vendor\Aws\Crypto\MetadataEnvelope $envelope)
{
if (empty($envelope[\WPMailSMTP\Vendor\Aws\Crypto\MetadataEnvelope::MATERIALS_DESCRIPTION_HEADER])) {
throw new \RuntimeException('Not able to detect the materials description.');
}
$materialsDescription = \json_decode($envelope[\WPMailSMTP\Vendor\Aws\Crypto\MetadataEnvelope::MATERIALS_DESCRIPTION_HEADER], \true);
if (empty($materialsDescription['kms_cmk_id']) && empty($materialsDescription['aws:x-amz-cek-alg'])) {
throw new \RuntimeException('Not able to detect kms_cmk_id (legacy' . ' implementation) or aws:x-amz-cek-alg (current implementation)' . ' from kms materials description.');
}
return new self($this->kmsClient, isset($materialsDescription['kms_cmk_id']) ? $materialsDescription['kms_cmk_id'] : null);
}
/**
* The KMS key id for use in matching this Provider to its keys,
* consistently with other SDKs as 'kms_cmk_id'.
*
* @return array
*/
public function getMaterialsDescription()
{
return ['kms_cmk_id' => $this->kmsKeyId];
}
public function getWrapAlgorithmName()
{
return self::WRAP_ALGORITHM_NAME;
}
/**
* Takes a content encryption key (CEK) and description to return an encrypted
* key by using KMS' Encrypt API.
*
* @param string $unencryptedCek Key for use in encrypting other data
* that itself needs to be encrypted by the
* Provider.
* @param string $materialDescription Material Description for use in
* encrypting the $cek.
*
* @return string
*/
public function encryptCek($unencryptedCek, $materialDescription)
{
$encryptedDataKey = $this->kmsClient->encrypt(['Plaintext' => $unencryptedCek, 'KeyId' => $this->kmsKeyId, 'EncryptionContext' => $materialDescription]);
return \base64_encode($encryptedDataKey['CiphertextBlob']);
}
/**
* Takes an encrypted content encryption key (CEK) and material description
* for use decrypting the key by using KMS' Decrypt API.
*
* @param string $encryptedCek Encrypted key to be decrypted by the Provider
* for use decrypting other data.
* @param string $materialDescription Material Description for use in
* encrypting the $cek.
*
* @return string
*/
public function decryptCek($encryptedCek, $materialDescription)
{
$result = $this->kmsClient->decrypt(['CiphertextBlob' => $encryptedCek, 'EncryptionContext' => $materialDescription]);
return $result['Plaintext'];
}
}