def test_unicode(self):
unicode_str = '测试'.decode('utf-8')
signer = awssign.Signer(unicode_str, unicode_str, region=unicode_str,
service=u's3')
request = {
'verb': u'GET',
'uri': '/' + unicode_str,
'args': {
unicode_str: unicode_str,
},
'headers': {
'Host': '127.0.0.1',
'x-amz-content-sha256': unicode_str,
unicode_str: unicode_str,
u'foo': u'bar',
},
'body': unicode_str,
}
ctx = signer.add_auth(request, headers_not_to_sign=[unicode_str],
request_date=u'20190101T120000Z',
signing_date=u'20180101',
sign_payload=True)
self.assertEqual(unicode_str.encode('utf-8'),
request['headers']['X-Amz-Content-SHA256'])
self.assertIsInstance(request['headers']['Authorization'], str)
self.assertIsInstance(request['headers']['X-Amz-Date'], str)
self.assertEqual('20190101T120000Z', ctx['request_date'])
self.assertEqual(
'foo;host;x-amz-content-sha256;x-amz-date', ctx['signed_headers'])
def test_basic(self):
signer = awssign.Signer('access_key', 'secret_key')
fields = {
'key': 'test_key',
'Policy': {
'expiration':
'2018-01-01T12:00:00.000Z',
'condition': [
['starts-with', '$key', ''],
{
'bucket': 'test-bucket',
},
],
},
}
signer.add_post_auth(fields, request_date='20180101T120101Z')
self.assertEqual('AWS4-HMAC-SHA256', fields['X-Amz-Algorithm'])
self.assertEqual('20180101T120101Z', fields['X-Amz-Date'])
self.assertEqual(
'19235d229144aa2a1d2b1c3a842c96dfb76bca9b75286c2a0aaae8e29f45c5a7',
fields['X-Amz-Signature'])
self.assertEqual('access_key/20180101/us-east-1/s3/aws4_request',
fields['X-Amz-Credential'])
self.assertEqual(
'eyJleHBpcmF0aW9uIjogIjIwMTgtMDEtMDFUMTI6MDA6MDAuMDAwWiIsICJjb25kaXRpb24iOiBbWyJzdGFydHMtd2l0aCIsICIka2V5IiwgIiJdLCB7ImJ1Y2tldCI6ICJ0ZXN0LWJ1Y2tldCJ9XX0=',
fields['Policy'])
def _sign_req(self, req):
sign_payload = True if 'body' in req else False
signer = awssign.Signer(self.access_key, self.secret_key)
sign_ctx = signer.add_auth(req,
query_auth=True,
sign_payload=sign_payload)
logger.info('signing details: {ctx}'.format(ctx=sign_ctx))
def __init__(self,
subject_name,
ips,
port,
timeout=5,
api_version='v1',
shard_header_prefix='x-acid-',
timeout_ratio=1.5,
retry_sleep=0.01,
access_key=None,
secret_key=None,
user_agent='unknown',
to_convert=None):
self.api_version = api_version
self.shard_header_prefix = shard_header_prefix
self.user_agent = user_agent
self.subject = subject_name
self.ips = ips
self.port = port
self.timeout = timeout
self.timeout_ratio = timeout_ratio
self.retry_sleep = retry_sleep
self.to_convert = to_convert
self.allow_write_ignored = False
self.retry_n = len(self.ips)
self.sess = {}
self.signer = None
if self.access_key is not None and self.secret_key is not None:
self.signer = awssign.Signer(access_key, secret_key)
def __init__(self, to_make_request, body=None):
super(Request, self).__init__(to_make_request)
if self['body'] != '':
raise InvalidRequestError('body should be empty in provided dict')
if self['verb'] == 'POST':
if len(self['fields']) == 0:
raise InvalidRequestError(
'fields can not be empty in post request')
else:
if len(self['fields']) > 0:
raise InvalidRequestError(
'fields should be empty in non post request')
if body is not None:
self['body'], self['headers'][
'Content-Length'] = _make_body_content_length(body)
else:
self['headers']['Content-Length'] = 0
do_add_auth = (len(self['sign_args']) != 0)
if do_add_auth:
signer = awssign.Signer(
self['sign_args']['access_key'],
self['sign_args']['secret_key'],
region=self['sign_args']['region'],
service=self['sign_args']['service'],
default_expires=self['sign_args']['expires'])
if self['verb'] == 'POST':
if do_add_auth:
signer.add_post_auth(
self['fields'],
request_date=self['sign_args']['request_date'],
signing_date=self['sign_args']['signing_date'])
self['body'], self['headers'] = _make_post_body_headers(
self['fields'], self['headers'], body)
else:
if do_add_auth:
signer.add_auth(self,
query_auth=self['sign_args']['query_auth'],
sign_payload=self['sign_args']['sign_payload'],
request_date=self['sign_args']['request_date'],
signing_date=self['sign_args']['signing_date'],
headers_not_to_sign=self['sign_args']
['headers_not_to_sign'])
def test_query_auth(self):
signer = awssign.Signer('access_key', 'secret_key')
request = {
'verb': 'GET',
'uri': '/',
'args': {
'foo': 'bar',
'acl': True,
},
'headers': {
'host': '127.0.0.1',
},
'body': 'foo',
}
signer.add_auth(request, sign_payload=True, query_auth=True,
request_date='20180101T120101Z')
self.assertEqual('/?acl&foo=bar&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=60&X-Amz-Credential=access_key%2F20180101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20180101T120101Z&X-Amz-Signature=7aaac5758f74924ef89431dccebebf65a01e9a932b1eb875422c05d7b46efd86',
request['uri'])
def test_basic(self):
signer = awssign.Signer('access_key', 'secret_key')
request = {
'verb': 'GET',
'uri': '/',
'args': {
'foo': 'bar',
'acl': True,
},
'headers': {
'host': '127.0.0.1',
},
'body': 'foo',
}
signer.add_auth(request, sign_payload=True,
request_date='20180101T120101Z')
self.assertEqual('/?acl&foo=bar', request['uri'])
self.assertEqual('AWS4-HMAC-SHA256 Credential=access_key/20180101/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=c0b1d89ddd41df96454d3a5e2c82afdc44aa19bc6593d4fa54bc277756dcc3ef',
request['headers']['Authorization'])
self.assertEqual('2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae',
request['headers']['X-Amz-Content-SHA256'])
self.assertEqual('20180101T120101Z', request['headers']['X-Amz-Date'])
if __name__ == '__main__':
bucket_name = 'your bucket name'
key_name = 'key name to upload'
endpoint = 's2 endpoint domain name'
# https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html
# Host must be in the format of destinationBucket.endpoint
# you should add it in /etc/hosts
host = bucket_name + '.' + endpoint
port = 80
access_key = 'access key'
secret_key = 'secret key'
signer = awssign.Signer(access_key, secret_key)
fields = {
'key': key_name, # key name
'Policy': {
'expiration': '2018-09-30T00:00:00.000Z',
'conditions': [
['starts-with', '$key', ''],
{
'bucket': bucket_name, # bucket name
},
],
},
}
headers = {
'Host': host,