def sign_request_v4(access_key, secret_key, method, host, canonical_uri, region, service='ecs', params=None, body=b''): if not canonical_uri.endswith('/'): canonical_uri += '/' t = datetime.datetime.utcnow() sdkdate = t.strftime('%Y%m%dT%H%M%SZ') datestamp = t.strftime('%Y%m%d') signing_key = _getSignatureKey(secret_key, datestamp, region, service) canonical_uri = _uri_encode(canonical_uri, quote_backslashes=False, unicode_output=True) canonical_querystring = _format_param_str( params, always_have_equal=True).lstrip('?') payload_hash = convert_to_unicode( sha256(convert_to_string(body)).hexdigest()) canonical_headers = {'host': host, 'x-sdk-date': sdkdate} signed_headers = 'host;x-sdk-date' canonical_headers_str = '' for k, v in sorted(canonical_headers.items()): canonical_headers_str += k + ":" + v + "\n" canonical_headers = canonical_headers_str signed_headers = ';'.join(sorted(signed_headers.split(';'))) canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash algorithm = 'SDK-HMAC-SHA256' credential_scope = datestamp + '/' + region + '/' + service + '/' + 'sdk_request' string_to_sign = algorithm + '\n' + sdkdate + '\n' + credential_scope + '\n' + convert_to_unicode( sha256(convert_to_string(canonical_request)).hexdigest()) signature = convert_to_unicode( hmac.new(signing_key, convert_to_string(string_to_sign), sha256).hexdigest()) authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature new_headers = { 'X-Sdk-Date': sdkdate, 'Authorization': authorization_header, 'Host': host } return new_headers
def _uri_encode(param, quote_backslashes=True, unicode_output=False): if quote_backslashes: safe_chars = "~" else: safe_chars = "~/" param = convert_to_string(param) param = quote(param, safe=safe_chars) if unicode_output: param = convert_to_unicode(param) else: param = convert_to_string(param) return param
def _getSignatureKey(key, dateStamp, regionName, serviceName): kDate = _sign(convert_to_string('SDK' + key), dateStamp) kRegion = _sign(kDate, regionName) kService = _sign(kRegion, serviceName) kSigning = _sign(kService, 'sdk_request') return kSigning
def _sign(key, msg): return hmac.new(key, convert_to_string(msg), sha256).digest()