def get_sign_string(source, access_secret):
key = load_der_private_key(
b64_decode_bytes(ensure_bytes(access_secret)),
password=None,
backend=default_backend()
)
signed_bytes = key.sign(
ensure_bytes(source),
padding.PKCS1v15(),
hashes.SHA256()
)
signed_base64 = b64_encode_bytes(signed_bytes)
signature = ensure_string(signed_base64).replace('\n', '')
return signature
def test_ecs_ram_role_signer(self, mock_urlopen):
credential = EcsRamRoleCredential("role")
signer = EcsRamRoleSigner(credential)
request = RpcRequest("product", "version", "action_name")
res = Mock()
res.read.return_value = ensure_bytes('{"Code": "Success","AccessKeyId":"access_key_id",\
"AccessKeySecret":"access_key_secret","Expiration":3600,\
"SecurityToken": "security_token"}')
mock_urlopen.return_value = res
headers, url = signer.sign('cn-hangzhou', request)
mock_urlopen.assert_called_once_with(
'http://100.100.100.200/latest/meta-data/ram/security-credentials/role')
self.assertEqual(request.get_query_params().get(
"SecurityToken"), 'security_token')
# self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1"
# "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D"
# "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product", "version",
"action_name", uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get(
"x-acs-security-token"), 'security_token')
def get_sign_string(source, access_secret):
if platform.system() != "Windows":
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
key = RSA.importKey(b64_decode_bytes(ensure_bytes(access_secret)))
h = SHA256.new(ensure_bytes(source))
signer = PKCS1_v1_5.new(key)
signed_bytes = signer.sign(h)
signed_base64 = b64_encode_bytes(signed_bytes)
signature = ensure_string(signed_base64).replace('\n', '')
return signature
else:
message = "auth type [publicKeyId] is disabled in Windows " \
"because 'pycrypto' is not supported, we will resolve " \
"this soon"
raise exceptions.ClientException(error_code.SDK_NOT_SUPPORT, message)
def test_resolver_with_location(self):
client = Mock()
client.do_action_with_exception.return_value = ensure_bytes(
'{"Code": "Success","Endpoints": {"Endpoint": []}}')
resolver = LocationServiceEndpointResolver(client)
request = ResolveEndpointRequest("region_id", "product", "servicecode",
"")
self.assertEqual(resolver.resolve(request), None)
def test_resolver_with_location2(self):
client = Mock()
client.do_action_with_exception.return_value = ensure_bytes(
'{"Code": "Success","Endpoints": {"Endpoint": [{"ServiceCode":"servicecode",'
+
'"Type":"innerAPI","Endpoint":"the inner endpoint"},{"ServiceCode":"servicecode",'
+ '"Type":"openAPI","Endpoint":"the endpoint"}]}}')
resolver = LocationServiceEndpointResolver(client)
request = ResolveEndpointRequest("region_id", "product", "servicecode",
"")
self.assertEqual(resolver.resolve(request), "the endpoint")
def test_ecs_ram_role_signer_unsuccess(self, mock_urlopen):
credential = EcsRamRoleCredential("role")
signer = EcsRamRoleSigner(credential)
request = RpcRequest("product", "version", "action_name")
res = Mock()
res.read.return_value = ensure_bytes('{"Code": "400"}')
mock_urlopen.return_value = res
with self.assertRaises(ServerException) as ex:
signer.sign('cn-hangzhou', request)
self.assertEqual(
"refresh Ecs sts token err, code is 400", ex.exception.message)
def test_rsa_key_pair_signer(self):
public_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa.pub")
public_key_id = open(public_key_path).read()
private_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa")
private_key_id = open(private_key_path).read()
# invalid session period
with self.assertRaises(ClientException) as ce:
credential = RsaKeyPairCredential(
public_key_id, private_key_id, session_period=12)
RsaKeyPairSigner(credential, "region_id")
self.assertEqual(
"Session expiration must between 900 and 3600 seconds", ce.exception.message)
# ok
credential = RsaKeyPairCredential(
public_key_id, private_key_id, session_period=3600)
signer = RsaKeyPairSigner(credential, "region_id")
# for rpc
request = RpcRequest("product", "version", "action_name")
self.assertIsNone(request.get_query_params().get("SecurityToken"))
signer._sts_client = Mock()
do_action = Mock()
do_action.return_value = ensure_bytes(
'{"SessionAccessKey":{"SessionAccessKeyId":"session_access_key_id",' +
'"SessionAccessKeySecret":"session_access_key_secret"}}')
signer._sts_client.do_action_with_exception = do_action
headers, url = signer.sign('cn-hangzhou', request)
# self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1"
# "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D"
# "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
# second
headers, url = signer.sign('cn-hangzhou', request)
# mock should update
signer._last_update_time = signer._last_update_time - signer._session_period - 10
headers, url = signer.sign('cn-hangzhou', request)
def get_md5_base64_str(content):
m = hashlib.md5()
content_bytes = ensure_bytes(content)
m.update(ensure_bytes(content_bytes))
return ensure_string(b64_encode_bytes(m.digest()).strip())
def get_sign_string(source, secret):
source = ensure_bytes(source)
secret = ensure_bytes(secret)
h = hmac.new(secret, source, hashlib.sha1)
signature = ensure_string(b64_encode_bytes(h.digest()).strip())
return signature
def do_action_200(self, request, signer):
return 200, {}, ensure_bytes(
'{"Credentials":{"AccessKeyId":"access_key_id",\
"AccessKeySecret":"access_key_secret","SecurityToken":"security_token"}}'
)
def md5_sum(content):
content_bytes = ensure_bytes(content)
md5_bytes = hashlib.md5(content_bytes).digest()
return ensure_string(base64.standard_b64encode(md5_bytes))
def _get_md5(content):
m = hashlib.md5()
content_bytes = ensure_bytes(content)
m.update(bytearray(content_bytes))
return m.digest()
