def _validate_signature(self, request, principal, args, params):
"""Validate the signature."""
creds = AWSCredentials(principal.access_key, principal.secret_key)
endpoint = AWSServiceEndpoint()
endpoint.set_method(request.method)
endpoint.set_canonical_host(request.getHeader("Host"))
path = request.path
if self.path is not None:
path = "%s/%s" % (self.path.rstrip("/"), path.lstrip("/"))
endpoint.set_path(path)
signature = Signature(
creds,
endpoint,
params,
signature_method=args["signature_method"],
signature_version=args["signature_version"],
)
if signature.compute() != args["signature"]:
raise APIError(
403,
"SignatureDoesNotMatch",
"The request signature we calculated does not "
"match the signature you provided. Check your "
"key and signing method.",
)
class AWSServiceEndpointTestCase(TXAWSTestCase):
def setUp(self):
self.endpoint = AWSServiceEndpoint(uri="http://my.service/da_endpoint")
def test_simple_creation(self):
endpoint = AWSServiceEndpoint()
self.assertEquals(endpoint.scheme, "http")
self.assertEquals(endpoint.host, "")
self.assertEquals(endpoint.port, 80)
self.assertEquals(endpoint.path, "/")
self.assertEquals(endpoint.method, "GET")
def test_custom_method(self):
endpoint = AWSServiceEndpoint(
uri="http://service/endpoint", method="PUT")
self.assertEquals(endpoint.method, "PUT")
def test_parse_uri(self):
self.assertEquals(self.endpoint.scheme, "http")
self.assertEquals(self.endpoint.host, "my.service")
self.assertEquals(self.endpoint.port, 80)
self.assertEquals(self.endpoint.path, "/da_endpoint")
def test_parse_uri_https_and_custom_port(self):
endpoint = AWSServiceEndpoint(uri="https://my.service:8080/endpoint")
self.assertEquals(endpoint.scheme, "https")
self.assertEquals(endpoint.host, "my.service")
self.assertEquals(endpoint.port, 8080)
self.assertEquals(endpoint.path, "/endpoint")
def test_get_uri(self):
uri = self.endpoint.get_uri()
self.assertEquals(uri, "http://my.service/da_endpoint")
def test_get_uri_custom_port(self):
uri = "https://my.service:8080/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
new_uri = endpoint.get_uri()
self.assertEquals(new_uri, uri)
def test_set_host(self):
self.assertEquals(self.endpoint.host, "my.service")
self.endpoint.set_host("newhost.com")
self.assertEquals(self.endpoint.host, "newhost.com")
def test_get_host(self):
self.assertEquals(self.endpoint.host, self.endpoint.get_host())
def test_set_path(self):
self.endpoint.set_path("/newpath")
self.assertEquals(
self.endpoint.get_uri(),
"http://my.service/newpath")
def test_set_method(self):
self.assertEquals(self.endpoint.method, "GET")
self.endpoint.set_method("PUT")
self.assertEquals(self.endpoint.method, "PUT")
class AWSServiceEndpointTestCase(TXAWSTestCase):
def setUp(self):
self.endpoint = AWSServiceEndpoint(uri="http://my.service/da_endpoint")
def test_simple_creation(self):
endpoint = AWSServiceEndpoint()
self.assertEquals(endpoint.scheme, "http")
self.assertEquals(endpoint.host, "")
self.assertEquals(endpoint.port, 80)
self.assertEquals(endpoint.path, "/")
self.assertEquals(endpoint.method, "GET")
def test_custom_method(self):
endpoint = AWSServiceEndpoint(uri="http://service/endpoint",
method="PUT")
self.assertEquals(endpoint.method, "PUT")
def test_parse_uri(self):
self.assertEquals(self.endpoint.scheme, "http")
self.assertEquals(self.endpoint.host, "my.service")
self.assertEquals(self.endpoint.port, 80)
self.assertEquals(self.endpoint.path, "/da_endpoint")
def test_parse_uri_https_and_custom_port(self):
endpoint = AWSServiceEndpoint(uri="https://my.service:8080/endpoint")
self.assertEquals(endpoint.scheme, "https")
self.assertEquals(endpoint.host, "my.service")
self.assertEquals(endpoint.port, 8080)
self.assertEquals(endpoint.path, "/endpoint")
def test_get_uri(self):
uri = self.endpoint.get_uri()
self.assertEquals(uri, "http://my.service/da_endpoint")
def test_get_uri_custom_port(self):
uri = "https://my.service:8080/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
new_uri = endpoint.get_uri()
self.assertEquals(new_uri, uri)
def test_set_host(self):
self.assertEquals(self.endpoint.host, "my.service")
self.endpoint.set_host("newhost.com")
self.assertEquals(self.endpoint.host, "newhost.com")
def test_get_host(self):
self.assertEquals(self.endpoint.host, self.endpoint.get_host())
def test_set_path(self):
self.endpoint.set_path("/newpath")
self.assertEquals(self.endpoint.get_uri(), "http://my.service/newpath")
def test_set_method(self):
self.assertEquals(self.endpoint.method, "GET")
self.endpoint.set_method("PUT")
self.assertEquals(self.endpoint.method, "PUT")
def get_queue(self, owner_id, queue):
"""
@param owner_id: required, C{str}.
@param queue: required, C{str}:
If owner_id and queue name is known, there is no need to do
request for queue url. You should call this method to get queue
and make operations on it.
"""
endpoint = AWSServiceEndpoint(uri=self.endpoint.get_uri())
endpoint.set_path('/{}/{}/'.format(owner_id, queue))
query_factory = QuerysSignatureV4(self.creds, endpoint,
self.query_factory.agent)
return Queue(self.creds, endpoint, query_factory)
def get_queue(self, owner_id, queue):
"""
@param owner_id: required, C{str}.
@param queue: required, C{str}:
If owner_id and queue name is known, there is no need to do
request for queue url. You should call this method to get queue
and make operations on it.
"""
endpoint = AWSServiceEndpoint(uri=self.endpoint.get_uri())
endpoint.set_path('/{}/{}/'.format(owner_id, queue))
query_factory = QuerysSignatureV4(self.creds, endpoint,
self.query_factory.agent)
return Queue(self.creds, endpoint, query_factory)
def _validate_signature(self, request, principal, args, params):
"""Validate the signature."""
creds = AWSCredentials(principal.access_key, principal.secret_key)
endpoint = AWSServiceEndpoint()
endpoint.set_method(request.method)
endpoint.set_canonical_host(request.getHeader("Host"))
path = request.path
if self.path is not None:
path = "%s/%s" % (self.path.rstrip("/"), path.lstrip("/"))
endpoint.set_path(path)
params.pop("Signature")
signature = Signature(creds, endpoint, params)
if signature.compute() != args.Signature:
raise APIError(403, "SignatureDoesNotMatch",
"The request signature we calculated does not "
"match the signature you provided. Check your "
"key and signing method.")
class AWSServiceEndpointTestCase(TestCase):
def setUp(self):
self.endpoint = AWSServiceEndpoint(uri="http://my.service/da_endpoint")
def test_warning_when_verification_disabled(self):
"""
L{AWSServiceEndpoint} emits a warning when told not to perform
certificate verification.
"""
self.assertWarns(
UserWarning,
"Operating with certificate verification disabled!",
__file__,
lambda: AWSServiceEndpoint(ssl_hostname_verification=False),
)
def test_simple_creation(self):
endpoint = AWSServiceEndpoint()
self.assertEquals(endpoint.scheme, "http")
self.assertEquals(endpoint.host, "")
self.assertEquals(endpoint.port, None)
self.assertEquals(endpoint.path, "/")
self.assertEquals(endpoint.method, "GET")
def test_custom_method(self):
endpoint = AWSServiceEndpoint(
uri="http://service/endpoint", method="PUT")
self.assertEquals(endpoint.method, "PUT")
def test_parse_uri(self):
self.assertEquals(self.endpoint.scheme, "http")
self.assertEquals(self.endpoint.host, "my.service")
self.assertIdentical(self.endpoint.port, None)
self.assertEquals(self.endpoint.path, "/da_endpoint")
def test_parse_uri_https_and_custom_port(self):
endpoint = AWSServiceEndpoint(uri="https://my.service:8080/endpoint")
self.assertEquals(endpoint.scheme, "https")
self.assertEquals(endpoint.host, "my.service")
self.assertEquals(endpoint.port, 8080)
self.assertEquals(endpoint.path, "/endpoint")
def test_get_uri(self):
uri = self.endpoint.get_uri()
self.assertEquals(uri, "http://my.service/da_endpoint")
def test_get_uri_custom_port(self):
uri = "https://my.service:8080/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
new_uri = endpoint.get_uri()
self.assertEquals(new_uri, uri)
def test_set_host(self):
self.assertEquals(self.endpoint.host, "my.service")
self.endpoint.set_host("newhost.com")
self.assertEquals(self.endpoint.host, "newhost.com")
def test_get_host(self):
self.assertEquals(self.endpoint.host, self.endpoint.get_host())
def test_get_canonical_host(self):
"""
If the port is not specified the canonical host is the same as
the host.
"""
uri = "http://my.service/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
self.assertEquals("my.service", endpoint.get_canonical_host())
def test_get_canonical_host_with_non_default_port(self):
"""
If the port is not the default, the canonical host includes it.
"""
uri = "http://my.service:99/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
self.assertEquals("my.service:99", endpoint.get_canonical_host())
def test_get_canonical_host_is_lower_case(self):
"""
The canonical host is guaranteed to be lower case.
"""
uri = "http://MY.SerVice:99/endpoint"
endpoint = AWSServiceEndpoint(uri=uri)
self.assertEquals("my.service:99", endpoint.get_canonical_host())
def test_set_canonical_host(self):
"""
The canonical host is converted to lower case.
"""
endpoint = AWSServiceEndpoint()
endpoint.set_canonical_host("My.Service")
self.assertEquals("my.service", endpoint.host)
self.assertIdentical(None, endpoint.port)
def test_set_canonical_host_with_port(self):
"""
The canonical host can optionally have a port.
"""
endpoint = AWSServiceEndpoint()
endpoint.set_canonical_host("my.service:99")
self.assertEquals("my.service", endpoint.host)
self.assertEquals(99, endpoint.port)
def test_set_canonical_host_with_empty_port(self):
"""
The canonical host can also have no port.
"""
endpoint = AWSServiceEndpoint()
endpoint.set_canonical_host("my.service:")
self.assertEquals("my.service", endpoint.host)
self.assertIdentical(None, endpoint.port)
def test_set_path(self):
self.endpoint.set_path("/newpath")
self.assertEquals(
self.endpoint.get_uri(),
"http://my.service/newpath")
def test_set_method(self):
self.assertEquals(self.endpoint.method, "GET")
self.endpoint.set_method("PUT")
self.assertEquals(self.endpoint.method, "PUT")