Beispiel #1
0
    def build_header(self, headers=None, multipart_context=None):
        if not isinstance(headers, CaseInsensitiveDict):
            headers = CaseInsensitiveDict(headers)

        if 'content-md5' in headers:
            headers[
                OSS_CLIENT_SIDE_ENCRYPTION_UNENCRYPTED_CONTENT_MD5] = headers[
                    'content-md5']
            del headers['content-md5']

        if 'content-length' in headers:
            headers[
                OSS_CLIENT_SIDE_ENCRYPTION_UNENCRYPTED_CONTENT_LENGTH] = headers[
                    'content-length']
            del headers['content-length']

        headers[OSS_CLIENT_SIDE_ENCRYPTION_KEY] = b64encode_as_string(
            self.public_key.encrypt(self.plain_key))
        headers[OSS_CLIENT_SIDE_ENCRYPTION_START] = b64encode_as_string(
            self.public_key.encrypt(to_bytes(str(self.plain_iv))))
        headers[OSS_CLIENT_SIDE_ENCRYPTION_CEK_ALG] = self.cipher.ALGORITHM
        headers[OSS_CLIENT_SIDE_ENCRYPTION_WRAP_ALG] = 'custom'

        # multipart file build header
        if multipart_context:
            headers[OSS_CLIENT_SIDE_ENCRYPTION_DATA_SIZE] = str(
                multipart_context.data_size)
            headers[OSS_CLIENT_SIDE_ENCRYPTION_PART_SIZE] = str(
                multipart_context.part_size)

        self.plain_key = None
        self.plain_iv = None

        return headers
    def build_header(self, headers=None):
        if not isinstance(headers, CaseInsensitiveDict):
            headers = CaseInsensitiveDict(headers)

        if 'content-md5' in headers:
            headers['x-oss-meta-unencrypted-content-md5'] = headers[
                'content-md5']
            del headers['content-md5']

        if 'content-length' in headers:
            headers['x-oss-meta-unencrypted-content-length'] = headers[
                'content-length']
            del headers['content-length']

        headers['x-oss-meta-oss-crypto-key'] = b64encode_as_string(
            self.public_key.encrypt(self.plain_key))
        headers['x-oss-meta-oss-crypto-start'] = b64encode_as_string(
            self.public_key.encrypt(to_bytes(str(self.plain_start))))
        headers['x-oss-meta-oss-cek-alg'] = self.cipher.ALGORITHM
        headers['x-oss-meta-oss-wrap-alg'] = 'custom'

        self.plain_key = None
        self.plain_start = None

        return headers
def make_get_encrypted_object(key,
                              content,
                              content_crypto_material,
                              invalid_cek_alg='',
                              ranges=None):
    request_text = '''GET /{0} HTTP/1.1
Host: ming-oss-share.oss-cn-hangzhou.aliyuncs.com
Accept-Encoding: identity
Connection: keep-alive
date: Sat, 12 Dec 2015 00:35:53 GMT
User-Agent: aliyun-sdk-python/2.0.2(Windows/7/;3.3.3)
Accept: */*
authorization: OSS ZCDmm7TPZKHtx77j:PAedG7U86ZxQ2WTB+GdpSltoiTI='''.format(key)

    encrypted_key = utils.b64encode_as_string(
        content_crypto_material.encrypted_key)
    encrypted_iv = utils.b64encode_as_string(
        content_crypto_material.encrypted_iv)
    wrap_alg = content_crypto_material.wrap_alg
    cek_alg = content_crypto_material.cek_alg
    if invalid_cek_alg:
        cek_alg = invalid_cek_alg
    cipher = content_crypto_material.cipher

    encrypted_content = cipher.encrypt(content)

    response_text = '''HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sat, 12 Dec 2015 00:35:53 GMT
Content-Type: text/plain
Content-Length: {0}
Connection: keep-alive
x-oss-request-id: 566B6BE93A7B8CFD53D4BAA3
Accept-Ranges: bytes
ETag: "D80CF0E5BE2436514894D64B2BCFB2AE"
x-oss-meta-client-side-encryption-wrap-alg: {1}
x-oss-meta-client-side-encryption-cek-alg: {2}
x-oss-meta-client-side-encryption-key: {3}
x-oss-meta-client-side-encryption-start: {4}
x-oss-meta-unencrypted-content-length: {5}
Last-Modified: Sat, 12 Dec 2015 00:35:53 GMT
x-oss-object-type: Normal{6}

'''.format(len(encrypted_content), wrap_alg, cek_alg, encrypted_key,
           encrypted_iv, len(content),
           '\nContent-Range: {0}'.format(ranges) if ranges else '')

    io = BytesIO()
    io.write(oss2.to_bytes(response_text))
    io.write(encrypted_content)

    response_text = io.getvalue()

    return request_text, response_text
Beispiel #4
0
    def __make_signature(self, req, bucket_name, key):
        string_to_sign = self.__get_string_to_sign(req, bucket_name, key)

        logging.debug('string_to_sign={0}'.format(string_to_sign))

        h = hmac.new(to_bytes(self.oss_secret_key), to_bytes(string_to_sign),
                     hashlib.sha1)
        return utils.b64encode_as_string(h.digest())
def make_put_encrypted_object(key, content, content_crypto_material):
    cipher = content_crypto_material.cipher
    encrypted_key = utils.b64encode_as_string(
        content_crypto_material.encrypted_key)
    encrypted_iv = utils.b64encode_as_string(
        content_crypto_material.encrypted_iv)
    encrypted_content = cipher.encrypt(content)
    wrap_alg = content_crypto_material.wrap_alg
    cek_alg = content_crypto_material.cek_alg

    request_text = '''PUT /{0} HTTP/1.1
Host: ming-oss-share.oss-cn-hangzhou.aliyuncs.com
Accept-Encoding: identity
Connection: keep-alive
Content-Length: {1}
x-oss-meta-client-side-encryption-wrap-alg: {2}
x-oss-meta-client-side-encryption-cek-alg: {3}
x-oss-meta-client-side-encryption-key: {4}
x-oss-meta-client-side-encryption-start: {5}
x-oss-meta-unencrypted-content-length: {6}
date: Sat, 12 Dec 2015 00:35:53 GMT
User-Agent: aliyun-sdk-python/2.0.2(Windows/7/;3.3.3)
authorization: OSS ZCDmm7TPZKHtx77j:W6whAowN4aImQ0dfbMHyFfD0t1g=
Accept: */*

'''.format(key, len(content), wrap_alg, cek_alg, encrypted_key, encrypted_iv,
           len(encrypted_content))

    io = BytesIO()
    io.write(oss2.to_bytes(request_text))
    io.write(encrypted_content)

    request_text = io.getvalue()

    response_text = '''HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sat, 12 Dec 2015 00:35:53 GMT
Content-Length: {0}
Connection: keep-alive
x-oss-request-id: 566B6BE93A7B8CFD53D4BAA3
x-oss-hash-crc64ecma: {1}
ETag: "D80CF0E5BE2436514894D64B2BCFB2AE"'''.format(
        len(content), unittests.common.calc_crc(encrypted_content))

    return request_text, response_text
Beispiel #6
0
    def _rebuild_record(self, filename, store, bucket, key, upload_id, part_size=None, upload_context=None):
        abspath = os.path.abspath(filename)
        mtime = os.path.getmtime(filename)
        size = os.path.getsize(filename)

        record = {'op_type': 'ResumableUpload', 'upload_id': upload_id, 'file_path': abspath, 'size': size,
                  'mtime': mtime, 'bucket': bucket.bucket_name, 'key': key, 'part_size': part_size}

        if upload_context:
            material = upload_context.content_crypto_material
            material_record = {'wrap_alg': material.wrap_alg, 'cek_alg': material.cek_alg,
                               'encrypted_key': utils.b64encode_as_string(material.encrypted_key),
                               'encrypted_iv': utils.b64encode_as_string(material.encrypted_iv),
                               'mat_desc': material.mat_desc}
            record['content_crypto_material'] = material_record

        store_key = store.make_store_key(bucket.bucket_name, key, abspath)
        store.put(store_key, record)
    def test_crypto_get(self, do_request):
        content = unittests.common.random_bytes(1023)

        key = random_string(10)
        provider = oss2.RsaProvider(key_pair=key_pair)
        content_crypto_material = provider.create_content_material()

        request_text, response_text = make_get_encrypted_object(
            key, content, content_crypto_material)
        req_info = unittests.common.mock_response(do_request, response_text)

        result = unittests.common.bucket(provider).get_object(key)

        encrypted_key = utils.b64encode_as_string(
            content_crypto_material.encrypted_key)
        encrypted_iv = utils.b64encode_as_string(
            content_crypto_material.encrypted_iv)
        wrap_alg = content_crypto_material.wrap_alg
        cek_alg = content_crypto_material.cek_alg

        self.assertRequest(req_info, request_text)
        self.assertEqual(
            int(result.headers['x-oss-meta-unencrypted-content-length']),
            len(content))
        self.assertEqual(result.status, 200)
        self.assertEqual(result.request_id, '566B6BE93A7B8CFD53D4BAA3')
        self.assertEqual(result.object_type, 'Normal')
        self.assertEqual(result.content_type, 'text/plain')
        self.assertEqual(result.etag, 'D80CF0E5BE2436514894D64B2BCFB2AE')
        self.assertEqual(result.last_modified, 1449880553)
        self.assertEqual(
            result.headers['x-oss-meta-client-side-encryption-key'],
            encrypted_key)
        self.assertEqual(
            result.headers['x-oss-meta-client-side-encryption-start'],
            encrypted_iv)
        self.assertEqual(
            result.headers['x-oss-meta-client-side-encryption-cek-alg'],
            cek_alg)
        self.assertEqual(
            result.headers['x-oss-meta-client-side-encryption-wrap-alg'],
            wrap_alg)
        self.assertEqual(result.read(), content)
    def build_header(self, headers=None):
        if not isinstance(headers, CaseInsensitiveDict):
            headers = CaseInsensitiveDict(headers)

        if 'content-md5' in headers:
            headers['x-oss-meta-unencrypted-content-md5'] = headers['content-md5']
            del headers['content-md5']

        if 'content-length' in headers:
            headers['x-oss-meta-unencrypted-content-length'] = headers['content-length']
            del headers['content-length']

        headers['x-oss-meta-oss-crypto-key'] = b64encode_as_string(self.__encrypt_obj.encrypt(self.plain_key))
        headers['x-oss-meta-oss-crypto-start'] = b64encode_as_string(self.__encrypt_obj.encrypt(to_bytes(str(self.plain_start))))
        headers['x-oss-meta-oss-cek-alg'] = self.cipher.ALGORITHM
        headers['x-oss-meta-oss-wrap-alg'] = 'rsa'

        self.plain_key = None
        self.plain_start = None

        return headers