def _get_authorization(self, request, httpclient): uri = httpclient.get_uri(request) uri = url_quote(uri, '').lower() expiry = str(self._get_expiry()) to_sign = uri + '\n' + expiry signature = url_quote(_sign_string(self.key_value, to_sign, False), '') auth_format = 'SharedAccessSignature sig={0}&se={1}&skn={2}&sr={3}' auth = auth_format.format(signature, expiry, self.key_name, uri) return auth
def _sign_storage_blob_request(request, account_name, account_key): ''' Returns the signed string for blob request which is used to set Authorization header. This is also used to sign queue request. ''' uri_path = request.path.split('?')[0] # method to sign string_to_sign = request.method + '\n' # get headers to sign headers_to_sign = [ 'content-encoding', 'content-language', 'content-length', 'content-md5', 'content-type', 'date', 'if-modified-since', 'if-match', 'if-none-match', 'if-unmodified-since', 'range' ] request_header_dict = dict( (name.lower(), value) for name, value in request.headers if value) string_to_sign += '\n'.join( request_header_dict.get(x, '') for x in headers_to_sign) + '\n' # get x-ms header to sign x_ms_headers = [] for name, value in request.headers: if 'x-ms' in name: x_ms_headers.append((name.lower(), value)) x_ms_headers.sort() for name, value in x_ms_headers: if value: string_to_sign += ''.join([name, ':', value, '\n']) # get account_name and uri path to sign string_to_sign += '/' + account_name + uri_path # get query string to sign if it is not table service query_to_sign = request.query query_to_sign.sort() current_name = '' for name, value in query_to_sign: if value: if current_name != name: string_to_sign += '\n' + name + ':' + value current_name = name else: string_to_sign += '\n' + ',' + value # sign the request auth_string = 'SharedKey ' + account_name + ':' + \ _sign_string(account_key, string_to_sign) return auth_string
def _sign_storage_blob_request(request, account_name, account_key): ''' Returns the signed string for blob request which is used to set Authorization header. This is also used to sign queue request. ''' uri_path = request.path.split('?')[0] # method to sign string_to_sign = request.method + '\n' # get headers to sign headers_to_sign = [ 'content-encoding', 'content-language', 'content-length', 'content-md5', 'content-type', 'date', 'if-modified-since', 'if-match', 'if-none-match', 'if-unmodified-since', 'range'] request_header_dict = dict((name.lower(), value) for name, value in request.headers if value) string_to_sign += '\n'.join(request_header_dict.get(x, '') for x in headers_to_sign) + '\n' # get x-ms header to sign x_ms_headers = [] for name, value in request.headers: if 'x-ms' in name: x_ms_headers.append((name.lower(), value)) x_ms_headers.sort() for name, value in x_ms_headers: if value: string_to_sign += ''.join([name, ':', value, '\n']) # get account_name and uri path to sign string_to_sign += '/' + account_name + uri_path # get query string to sign if it is not table service query_to_sign = request.query query_to_sign.sort() current_name = '' for name, value in query_to_sign: if value: if current_name != name: string_to_sign += '\n' + name + ':' + value current_name = name else: string_to_sign += '\n' + ',' + value # sign the request auth_string = 'SharedKey ' + account_name + ':' + \ _sign_string(account_key, string_to_sign) return auth_string
def _generate_signature(self, path, resource_type, shared_access_policy, version=X_MS_VERSION, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, table_name=None): ''' Generates signature for a given path and shared access policy. ''' def get_value_to_append(value): return_value = value or '' return return_value + '\n' if path[0] != '/': path = '/' + path canonicalized_resource = '/' + self.account_name + path # Form the string to sign from shared_access_policy and canonicalized # resource. The order of values is important. ap = shared_access_policy.access_policy string_to_sign = \ (get_value_to_append(ap.permission if ap else '') + get_value_to_append(ap.start if ap else '') + get_value_to_append(ap.expiry if ap else '') + get_value_to_append(canonicalized_resource) + get_value_to_append(shared_access_policy.id) + get_value_to_append(version)) if resource_type: string_to_sign += \ (get_value_to_append(cache_control) + get_value_to_append(content_disposition) + get_value_to_append(content_encoding) + get_value_to_append(content_language) + get_value_to_append(content_type)) if table_name: string_to_sign += \ (get_value_to_append(ap.start_pk if ap else '') + get_value_to_append(ap.start_rk if ap else '') + get_value_to_append(ap.end_pk if ap else '') + get_value_to_append(ap.end_rk if ap else '')) if string_to_sign[-1] == '\n': string_to_sign = string_to_sign[:-1] return _sign_string(self.account_key, string_to_sign)
def _sign_storage_table_request(request, account_name, account_key): uri_path = request.path.split('?')[0] string_to_sign = request.method + '\n' headers_to_sign = ['content-md5', 'content-type', 'date'] request_header_dict = dict( (name.lower(), value) for name, value in request.headers if value) string_to_sign += '\n'.join( request_header_dict.get(x, '') for x in headers_to_sign) + '\n' # get account_name and uri path to sign string_to_sign += ''.join(['/', account_name, uri_path]) for name, value in request.query: if name == 'comp' and uri_path == '/': string_to_sign += '?comp=' + value break # sign the request auth_string = 'SharedKey ' + account_name + ':' + \ _sign_string(account_key, string_to_sign) return auth_string
def _sign_storage_table_request(request, account_name, account_key): uri_path = request.path.split('?')[0] string_to_sign = request.method + '\n' headers_to_sign = ['content-md5', 'content-type', 'date'] request_header_dict = dict((name.lower(), value) for name, value in request.headers if value) string_to_sign += '\n'.join(request_header_dict.get(x, '') for x in headers_to_sign) + '\n' # get account_name and uri path to sign string_to_sign += ''.join(['/', account_name, uri_path]) for name, value in request.query: if name == 'comp' and uri_path == '/': string_to_sign += '?comp=' + value break # sign the request auth_string = 'SharedKey ' + account_name + ':' + \ _sign_string(account_key, string_to_sign) return auth_string
def _add_authorization_header(self, request, string_to_sign): signature = _sign_string(self.account_key, string_to_sign) auth_string = 'SharedKey ' + self.account_name + ':' + signature request.headers.append(('Authorization', auth_string))
def _sign(self, string_to_sign): ''' use HMAC-SHA256 to sign the string and convert it as base64 encoded string. ''' return _sign_string(self.account_key, string_to_sign)