def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):
# Calculating Signature
aws_request = create_request_object(request_dict)
ReadOnlyCredentials = namedtuple('ReadOnlyCredentials',
['access_key', 'secret_key', 'token'])
credentials = ReadOnlyCredentials(TEST_AWS_ACCESS_KEY_ID, TEST_AWS_SECRET_ACCESS_KEY, None)
region = query_params['X-Amz-Credential'][0].split('/')[2]
signer = S3SigV4QueryAuth(credentials, 's3', region, expires=int(query_params['X-Amz-Expires'][0]))
signature = signer.add_auth(aws_request, query_params['X-Amz-Date'][0])
expiration_time = datetime.datetime.strptime(query_params['X-Amz-Date'][0], '%Y%m%dT%H%M%SZ') + \
datetime.timedelta(seconds=int(query_params['X-Amz-Expires'][0]))
# Comparing the signature in url with signature we calculated
query_sig = urlparse.unquote(query_params['X-Amz-Signature'][0])
if query_sig != signature:
return requests_error_response_xml_signature_calculation(
code=403,
code_string='SignatureDoesNotMatch',
aws_access_token=TEST_AWS_ACCESS_KEY_ID,
signature=signature,
message='The request signature we calculated does not match the signature you provided. \
Check your key and signing method.')
# Checking whether the url is expired or not
if expiration_time < datetime.datetime.utcnow():
return requests_error_response_xml_signature_calculation(
code=403,
code_string='AccessDenied',
message='Request has expired',
expires=query_params['X-Amz-Expires'][0]
)
def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):
is_presign_valid = False
for port in PORT_REPLACEMENT:
match = re.match(HOST_COMBINATION_REGEX, urlparse.urlparse(request_dict['url']).netloc)
if match and match.group(2):
request_dict['url'] = request_dict['url'].replace('%s' % match.group(2), '%s' % port)
else:
request_dict['url'] = '%s:%s' % (request_dict['url'], port)
# Calculating Signature
aws_request = create_request_object(request_dict)
ReadOnlyCredentials = namedtuple('ReadOnlyCredentials',
['access_key', 'secret_key', 'token'])
credentials = ReadOnlyCredentials(TEST_AWS_ACCESS_KEY_ID, TEST_AWS_SECRET_ACCESS_KEY,
query_params.get('X-Amz-Security-Token', None))
region = query_params['X-Amz-Credential'][0].split('/')[2]
signer = S3SigV4QueryAuth(credentials, 's3', region, expires=int(query_params['X-Amz-Expires'][0]))
signature = signer.add_auth(aws_request, query_params['X-Amz-Date'][0])
expiration_time = datetime.datetime.strptime(query_params['X-Amz-Date'][0], '%Y%m%dT%H%M%SZ') + \
datetime.timedelta(seconds=int(query_params['X-Amz-Expires'][0]))
# Comparing the signature in url with signature we calculated
query_sig = urlparse.unquote(query_params['X-Amz-Signature'][0])
if query_sig == signature:
is_presign_valid = True
break
# Comparing the signature in url with signature we calculated
if config.S3_SKIP_SIGNATURE_VALIDATION:
if not is_presign_valid:
LOGGER.warning('Signatures do not match, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1')
signature = query_sig
is_presign_valid = True
if not is_presign_valid:
return requests_error_response_xml_signature_calculation(
code=403,
code_string='SignatureDoesNotMatch',
aws_access_token=TEST_AWS_ACCESS_KEY_ID,
signature=signature,
message='The request signature we calculated does not match the signature you provided. \
Check your key and signing method.')
# Checking whether the url is expired or not
if expiration_time < datetime.datetime.utcnow():
return requests_error_response_xml_signature_calculation(
code=403,
code_string='AccessDenied',
message='Request has expired',
expires=query_params['X-Amz-Expires'][0]
)
def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):
is_presign_valid = False
for port in PORT_REPLACEMENT:
match = re.match(HOST_COMBINATION_REGEX, urlparse.urlparse(request_dict["url"]).netloc)
if match and match.group(2):
request_dict["url"] = request_dict["url"].replace("%s" % match.group(2), "%s" % port)
else:
request_dict["url"] = "%s:%s" % (request_dict["url"], port)
# Calculating Signature
aws_request = create_request_object(request_dict)
ReadOnlyCredentials = namedtuple(
"ReadOnlyCredentials", ["access_key", "secret_key", "token"]
)
credentials = ReadOnlyCredentials(
TEST_AWS_ACCESS_KEY_ID,
TEST_AWS_SECRET_ACCESS_KEY,
query_params.get("X-Amz-Security-Token", None),
)
region = query_params["X-Amz-Credential"][0].split("/")[2]
signer = S3SigV4QueryAuth(
credentials, "s3", region, expires=int(query_params["X-Amz-Expires"][0])
)
signature = signer.add_auth(aws_request, query_params["X-Amz-Date"][0])
expiration_time = datetime.datetime.strptime(
query_params["X-Amz-Date"][0], "%Y%m%dT%H%M%SZ"
) + datetime.timedelta(seconds=int(query_params["X-Amz-Expires"][0]))
expiration_time = expiration_time.replace(tzinfo=datetime.timezone.utc)
# Comparing the signature in url with signature we calculated
query_sig = urlparse.unquote(query_params["X-Amz-Signature"][0])
if query_sig == signature:
is_presign_valid = True
break
# Comparing the signature in url with signature we calculated
if config.S3_SKIP_SIGNATURE_VALIDATION:
if not is_presign_valid:
LOGGER.warning(
"Signatures do not match, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1"
)
signature = query_sig
is_presign_valid = True
if not is_presign_valid:
return requests_error_response_xml_signature_calculation(
code=403,
code_string="SignatureDoesNotMatch",
aws_access_token=TEST_AWS_ACCESS_KEY_ID,
signature=signature,
message="The request signature we calculated does not match the signature you provided. \
Check your key and signing method.",
)
# Checking whether the url is expired or not
if is_expired(expiration_time):
if config.S3_SKIP_SIGNATURE_VALIDATION:
LOGGER.warning(
"Signature is expired, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1"
)
else:
return requests_error_response_xml_signature_calculation(
code=403,
code_string="AccessDenied",
message="Request has expired",
expires=query_params["X-Amz-Expires"][0],
)
