Exemple #1
0
def sign_request_v4(access_key,
                    secret_key,
                    method,
                    host,
                    canonical_uri,
                    region,
                    service='ecs',
                    params=None,
                    body=b''):
    if not canonical_uri.endswith('/'):
        canonical_uri += '/'

    t = datetime.datetime.utcnow()
    sdkdate = t.strftime('%Y%m%dT%H%M%SZ')
    datestamp = t.strftime('%Y%m%d')

    signing_key = _getSignatureKey(secret_key, datestamp, region, service)

    canonical_uri = _uri_encode(canonical_uri,
                                quote_backslashes=False,
                                unicode_output=True)
    canonical_querystring = _format_param_str(
        params, always_have_equal=True).lstrip('?')

    payload_hash = convert_to_unicode(
        sha256(convert_to_string(body)).hexdigest())

    canonical_headers = {'host': host, 'x-sdk-date': sdkdate}
    signed_headers = 'host;x-sdk-date'

    canonical_headers_str = ''
    for k, v in sorted(canonical_headers.items()):
        canonical_headers_str += k + ":" + v + "\n"

    canonical_headers = canonical_headers_str
    signed_headers = ';'.join(sorted(signed_headers.split(';')))

    canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash

    algorithm = 'SDK-HMAC-SHA256'
    credential_scope = datestamp + '/' + region + '/' + service + '/' + 'sdk_request'
    string_to_sign = algorithm + '\n' + sdkdate + '\n' + credential_scope + '\n' + convert_to_unicode(
        sha256(convert_to_string(canonical_request)).hexdigest())

    signature = convert_to_unicode(
        hmac.new(signing_key, convert_to_string(string_to_sign),
                 sha256).hexdigest())
    authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
    new_headers = {
        'X-Sdk-Date': sdkdate,
        'Authorization': authorization_header,
        'Host': host
    }
    return new_headers
Exemple #2
0
def _uri_encode(param, quote_backslashes=True, unicode_output=False):
    if quote_backslashes:
        safe_chars = "~"
    else:
        safe_chars = "~/"
    param = convert_to_string(param)
    param = quote(param, safe=safe_chars)
    if unicode_output:
        param = convert_to_unicode(param)
    else:
        param = convert_to_string(param)
    return param
Exemple #3
0
def _getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = _sign(convert_to_string('SDK' + key), dateStamp)
    kRegion = _sign(kDate, regionName)
    kService = _sign(kRegion, serviceName)
    kSigning = _sign(kService, 'sdk_request')
    return kSigning
Exemple #4
0
def _sign(key, msg):
    return hmac.new(key, convert_to_string(msg), sha256).digest()