def _get_authorization(self, request, httpclient):
uri = httpclient.get_uri(request)
uri = url_quote(uri, '').lower()
expiry = str(self._get_expiry())
to_sign = uri + '\n' + expiry
signature = url_quote(_sign_string(self.key_value, to_sign, False), '')
auth_format = 'SharedAccessSignature sig={0}&se={1}&skn={2}&sr={3}'
auth = auth_format.format(signature, expiry, self.key_name, uri)
return auth
def _get_authorization(self, request, httpclient):
uri = httpclient.get_uri(request)
uri = url_quote(uri, '').lower()
expiry = str(self._get_expiry())
to_sign = uri + '\n' + expiry
signature = url_quote(_sign_string(self.key_value, to_sign, False), '')
auth_format = 'SharedAccessSignature sig={0}&se={1}&skn={2}&sr={3}'
auth = auth_format.format(signature, expiry, self.key_name, uri)
return auth
def _sign_storage_blob_request(request, account_name, account_key):
'''
Returns the signed string for blob request which is used to set
Authorization header. This is also used to sign queue request.
'''
uri_path = request.path.split('?')[0]
# method to sign
string_to_sign = request.method + '\n'
# get headers to sign
headers_to_sign = [
'content-encoding', 'content-language', 'content-length',
'content-md5', 'content-type', 'date', 'if-modified-since', 'if-match',
'if-none-match', 'if-unmodified-since', 'range'
]
request_header_dict = dict(
(name.lower(), value) for name, value in request.headers if value)
string_to_sign += '\n'.join(
request_header_dict.get(x, '') for x in headers_to_sign) + '\n'
# get x-ms header to sign
x_ms_headers = []
for name, value in request.headers:
if 'x-ms' in name:
x_ms_headers.append((name.lower(), value))
x_ms_headers.sort()
for name, value in x_ms_headers:
if value:
string_to_sign += ''.join([name, ':', value, '\n'])
# get account_name and uri path to sign
string_to_sign += '/' + account_name + uri_path
# get query string to sign if it is not table service
query_to_sign = request.query
query_to_sign.sort()
current_name = ''
for name, value in query_to_sign:
if value:
if current_name != name:
string_to_sign += '\n' + name + ':' + value
current_name = name
else:
string_to_sign += '\n' + ',' + value
# sign the request
auth_string = 'SharedKey ' + account_name + ':' + \
_sign_string(account_key, string_to_sign)
return auth_string
def _sign_storage_blob_request(request, account_name, account_key):
'''
Returns the signed string for blob request which is used to set
Authorization header. This is also used to sign queue request.
'''
uri_path = request.path.split('?')[0]
# method to sign
string_to_sign = request.method + '\n'
# get headers to sign
headers_to_sign = [
'content-encoding', 'content-language', 'content-length',
'content-md5', 'content-type', 'date', 'if-modified-since',
'if-match', 'if-none-match', 'if-unmodified-since', 'range']
request_header_dict = dict((name.lower(), value)
for name, value in request.headers if value)
string_to_sign += '\n'.join(request_header_dict.get(x, '')
for x in headers_to_sign) + '\n'
# get x-ms header to sign
x_ms_headers = []
for name, value in request.headers:
if 'x-ms' in name:
x_ms_headers.append((name.lower(), value))
x_ms_headers.sort()
for name, value in x_ms_headers:
if value:
string_to_sign += ''.join([name, ':', value, '\n'])
# get account_name and uri path to sign
string_to_sign += '/' + account_name + uri_path
# get query string to sign if it is not table service
query_to_sign = request.query
query_to_sign.sort()
current_name = ''
for name, value in query_to_sign:
if value:
if current_name != name:
string_to_sign += '\n' + name + ':' + value
current_name = name
else:
string_to_sign += '\n' + ',' + value
# sign the request
auth_string = 'SharedKey ' + account_name + ':' + \
_sign_string(account_key, string_to_sign)
return auth_string
def _generate_signature(self,
path,
resource_type,
shared_access_policy,
version=X_MS_VERSION,
cache_control=None,
content_disposition=None,
content_encoding=None,
content_language=None,
content_type=None,
table_name=None):
''' Generates signature for a given path and shared access policy. '''
def get_value_to_append(value):
return_value = value or ''
return return_value + '\n'
if path[0] != '/':
path = '/' + path
canonicalized_resource = '/' + self.account_name + path
# Form the string to sign from shared_access_policy and canonicalized
# resource. The order of values is important.
ap = shared_access_policy.access_policy
string_to_sign = \
(get_value_to_append(ap.permission if ap else '') +
get_value_to_append(ap.start if ap else '') +
get_value_to_append(ap.expiry if ap else '') +
get_value_to_append(canonicalized_resource) +
get_value_to_append(shared_access_policy.id) +
get_value_to_append(version))
if resource_type:
string_to_sign += \
(get_value_to_append(cache_control) +
get_value_to_append(content_disposition) +
get_value_to_append(content_encoding) +
get_value_to_append(content_language) +
get_value_to_append(content_type))
if table_name:
string_to_sign += \
(get_value_to_append(ap.start_pk if ap else '') +
get_value_to_append(ap.start_rk if ap else '') +
get_value_to_append(ap.end_pk if ap else '') +
get_value_to_append(ap.end_rk if ap else ''))
if string_to_sign[-1] == '\n':
string_to_sign = string_to_sign[:-1]
return _sign_string(self.account_key, string_to_sign)
def _generate_signature(self, path, resource_type, shared_access_policy,
version=X_MS_VERSION,
cache_control=None, content_disposition=None,
content_encoding=None, content_language=None,
content_type=None, table_name=None):
''' Generates signature for a given path and shared access policy. '''
def get_value_to_append(value):
return_value = value or ''
return return_value + '\n'
if path[0] != '/':
path = '/' + path
canonicalized_resource = '/' + self.account_name + path
# Form the string to sign from shared_access_policy and canonicalized
# resource. The order of values is important.
ap = shared_access_policy.access_policy
string_to_sign = \
(get_value_to_append(ap.permission if ap else '') +
get_value_to_append(ap.start if ap else '') +
get_value_to_append(ap.expiry if ap else '') +
get_value_to_append(canonicalized_resource) +
get_value_to_append(shared_access_policy.id) +
get_value_to_append(version))
if resource_type:
string_to_sign += \
(get_value_to_append(cache_control) +
get_value_to_append(content_disposition) +
get_value_to_append(content_encoding) +
get_value_to_append(content_language) +
get_value_to_append(content_type))
if table_name:
string_to_sign += \
(get_value_to_append(ap.start_pk if ap else '') +
get_value_to_append(ap.start_rk if ap else '') +
get_value_to_append(ap.end_pk if ap else '') +
get_value_to_append(ap.end_rk if ap else ''))
if string_to_sign[-1] == '\n':
string_to_sign = string_to_sign[:-1]
return _sign_string(self.account_key, string_to_sign)
def _sign_storage_table_request(request, account_name, account_key):
uri_path = request.path.split('?')[0]
string_to_sign = request.method + '\n'
headers_to_sign = ['content-md5', 'content-type', 'date']
request_header_dict = dict(
(name.lower(), value) for name, value in request.headers if value)
string_to_sign += '\n'.join(
request_header_dict.get(x, '') for x in headers_to_sign) + '\n'
# get account_name and uri path to sign
string_to_sign += ''.join(['/', account_name, uri_path])
for name, value in request.query:
if name == 'comp' and uri_path == '/':
string_to_sign += '?comp=' + value
break
# sign the request
auth_string = 'SharedKey ' + account_name + ':' + \
_sign_string(account_key, string_to_sign)
return auth_string
def _sign_storage_table_request(request, account_name, account_key):
uri_path = request.path.split('?')[0]
string_to_sign = request.method + '\n'
headers_to_sign = ['content-md5', 'content-type', 'date']
request_header_dict = dict((name.lower(), value)
for name, value in request.headers if value)
string_to_sign += '\n'.join(request_header_dict.get(x, '')
for x in headers_to_sign) + '\n'
# get account_name and uri path to sign
string_to_sign += ''.join(['/', account_name, uri_path])
for name, value in request.query:
if name == 'comp' and uri_path == '/':
string_to_sign += '?comp=' + value
break
# sign the request
auth_string = 'SharedKey ' + account_name + ':' + \
_sign_string(account_key, string_to_sign)
return auth_string
def _add_authorization_header(self, request, string_to_sign):
signature = _sign_string(self.account_key, string_to_sign)
auth_string = 'SharedKey ' + self.account_name + ':' + signature
request.headers.append(('Authorization', auth_string))
def _sign(self, string_to_sign):
''' use HMAC-SHA256 to sign the string and convert it as base64
encoded string. '''
return _sign_string(self.account_key, string_to_sign)
def _add_authorization_header(self, request, string_to_sign):
signature = _sign_string(self.account_key, string_to_sign)
auth_string = 'SharedKey ' + self.account_name + ':' + signature
request.headers.append(('Authorization', auth_string))
