def sign_string_v4(method='GET', host='', canonical_uri='/', params={}, region='us-east-1', cur_headers={}, body=''):
service = 's3'
cfg = Config.Config()
access_key = cfg.access_key
secret_key = cfg.secret_key
t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d')
canonical_querystring = '&'.join(['%s=%s' % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())])
splits = canonical_uri.split('?')
canonical_uri = quote_param(splits[0], quote_backslashes=False)
canonical_querystring += '&'.join([('%s' if '=' in qs else '%s=') % qs for qs in splits[1:]])
if type(body) == type(sha256('')):
payload_hash = body.hexdigest()
else:
payload_hash = sha256(body).hexdigest()
canonical_headers = {'host' : host,
'x-amz-content-sha256': payload_hash,
'x-amz-date' : amzdate
}
signed_headers = 'host;x-amz-content-sha256;x-amz-date'
for header in cur_headers.keys():
# avoid duplicate headers and previous Authorization
if header == 'Authorization' or header in signed_headers.split(';'):
continue
canonical_headers[header.strip()] = str(cur_headers[header]).strip()
signed_headers += ';' + header.strip()
# sort headers into a string
canonical_headers_str = ''
for k, v in sorted(canonical_headers.items()):
canonical_headers_str += k + ":" + v + "\n"
canonical_headers = canonical_headers_str
debug(u"canonical_headers = %s" % canonical_headers)
signed_headers = ';'.join(sorted(signed_headers.split(';')))
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
debug('Canonical Request:\n%s\n----------------------' % canonical_request)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + sha256(canonical_request).hexdigest()
signing_key = getSignatureKey(secret_key, datestamp, region, service)
signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), sha256).hexdigest()
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ',' + 'SignedHeaders=' + signed_headers + ',' + 'Signature=' + signature
headers = dict(cur_headers.items() + {'x-amz-date':amzdate, 'Authorization':authorization_header, 'x-amz-content-sha256': payload_hash}.items())
debug("signature-v4 headers: %s" % headers)
return headers
def sign_string_v4(method='GET', host='', canonical_uri='/', params={}, region='us-east-1', cur_headers={}, body=''):
service = 's3'
cfg = Config.Config()
access_key = cfg.access_key
secret_key = cfg.secret_key
t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d')
canonical_querystring = '&'.join(['%s=%s' % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())])
splits = canonical_uri.split('?')
canonical_uri = quote_param(splits[0], quote_backslashes=False)
canonical_querystring += '&'.join([('%s' if '=' in qs else '%s=') % qs for qs in splits[1:]])
if type(body) == type(sha256('')):
payload_hash = body.hexdigest()
else:
payload_hash = sha256(body).hexdigest()
canonical_headers = {'host' : host,
'x-amz-content-sha256': payload_hash,
'x-amz-date' : amzdate
}
signed_headers = 'host;x-amz-content-sha256;x-amz-date'
for header in cur_headers.keys():
# avoid duplicate headers and previous Authorization
if header == 'Authorization' or header in signed_headers.split(';'):
continue
canonical_headers[header.strip()] = str(cur_headers[header]).strip()
signed_headers += ';' + header.strip()
# sort headers into a string
canonical_headers_str = ''
for k, v in sorted(canonical_headers.items()):
canonical_headers_str += k + ":" + v + "\n"
canonical_headers = canonical_headers_str
debug(u"canonical_headers = %s" % canonical_headers)
signed_headers = ';'.join(sorted(signed_headers.split(';')))
canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash
debug('Canonical Request:\n%s\n----------------------' % canonical_request)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + sha256(canonical_request).hexdigest()
signing_key = getSignatureKey(secret_key, datestamp, region, service)
signature = hmac.new(signing_key, encode_to_s3(string_to_sign), sha256).hexdigest()
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ',' + 'SignedHeaders=' + signed_headers + ',' + 'Signature=' + signature
headers = dict(cur_headers.items() + {'x-amz-date':amzdate, 'Authorization':authorization_header, 'x-amz-content-sha256': payload_hash}.items())
debug("signature-v4 headers: %s" % headers)
return headers
def checksum_sha256_buffer(buffer, offset=0, size=None):
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
if size is None:
hash.update(buffer)
else:
hash.update(buffer[offset:offset+size])
return hash
def checksum_sha256_buffer(buffer, offset=0, size=None):
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
if size is None:
hash.update(buffer)
else:
hash.update(buffer[offset : offset + size])
return hash
def checksum_sha256_file(filename, offset=0, size=None):
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
with open(deunicodise(filename),'rb') as f:
if size is None:
for chunk in iter(lambda: f.read(8192), b''):
hash.update(chunk)
else:
f.seek(offset)
chunk = f.read(size)
hash.update(chunk)
return hash
def checksum_sha256_file(filename, offset=0, size=None):
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
with open(deunicodise(filename), "rb") as f:
if size is None:
for chunk in iter(lambda: f.read(8192), b""):
hash.update(chunk)
else:
f.seek(offset)
chunk = f.read(size)
hash.update(chunk)
return hash
def checksum_sha256(filename, offset=0, size=None):
canonical_uri = urllib.quote_plus(filename).replace('%2F', '/')
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
with open(filename,'rb') as f:
if size is None:
for chunk in iter(lambda: f.read(8192), b''):
hash.update(chunk)
else:
f.seek(offset)
chunk = f.read(size)
hash.update(chunk)
return hash
def checksum_sha256_file(filename, offset=0, size=None):
try:
hash = sha256()
except:
# fallback to Crypto SHA256 module
hash = sha256.new()
with open(deunicodise(filename),'rb') as f:
if size is None:
for chunk in iter(lambda: f.read(8192), b''):
hash.update(chunk)
else:
f.seek(offset)
size_left = size
while size_left > 0:
chunk = f.read(min(8192, size_left))
size_left -= len(chunk)
hash.update(chunk)
return hash
def sign_string_v4(method="GET", host="", canonical_uri="/", params={}, region="us-east-1", cur_headers={}, body=""):
service = "s3"
cfg = Config.Config()
access_key = cfg.access_key
secret_key = cfg.secret_key
t = datetime.datetime.utcnow()
amzdate = t.strftime("%Y%m%dT%H%M%SZ")
datestamp = t.strftime("%Y%m%d")
canonical_querystring = "&".join(
["%s=%s" % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())]
)
splits = canonical_uri.split("?")
canonical_uri = quote_param(splits[0], quote_backslashes=False)
canonical_querystring += "&".join([("%s" if "=" in qs else "%s=") % qs for qs in splits[1:]])
if type(body) == type(sha256("")):
payload_hash = body.hexdigest()
else:
payload_hash = sha256(body).hexdigest()
canonical_headers = {"host": host, "x-amz-content-sha256": payload_hash, "x-amz-date": amzdate}
signed_headers = "host;x-amz-content-sha256;x-amz-date"
for header in cur_headers.keys():
# avoid duplicate headers and previous Authorization
if header == "Authorization" or header in signed_headers.split(";"):
continue
canonical_headers[header.strip()] = str(cur_headers[header]).strip()
signed_headers += ";" + header.strip()
# sort headers into a string
canonical_headers_str = ""
for k, v in sorted(canonical_headers.items()):
canonical_headers_str += k + ":" + v + "\n"
canonical_headers = canonical_headers_str
debug(u"canonical_headers = %s" % canonical_headers)
signed_headers = ";".join(sorted(signed_headers.split(";")))
canonical_request = (
method
+ "\n"
+ canonical_uri
+ "\n"
+ canonical_querystring
+ "\n"
+ canonical_headers
+ "\n"
+ signed_headers
+ "\n"
+ payload_hash
)
debug("Canonical Request:\n%s\n----------------------" % canonical_request)
algorithm = "AWS4-HMAC-SHA256"
credential_scope = datestamp + "/" + region + "/" + service + "/" + "aws4_request"
string_to_sign = algorithm + "\n" + amzdate + "\n" + credential_scope + "\n" + sha256(canonical_request).hexdigest()
signing_key = getSignatureKey(secret_key, datestamp, region, service)
signature = hmac.new(signing_key, encode_to_s3(string_to_sign), sha256).hexdigest()
authorization_header = (
algorithm
+ " "
+ "Credential="
+ access_key
+ "/"
+ credential_scope
+ ","
+ "SignedHeaders="
+ signed_headers
+ ","
+ "Signature="
+ signature
)
headers = dict(
cur_headers.items()
+ {"x-amz-date": amzdate, "Authorization": authorization_header, "x-amz-content-sha256": payload_hash}.items()
)
debug("signature-v4 headers: %s" % headers)
return headers
