Python S3SigV4QueryAuth 예제들

예제 #1

def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):

    # Calculating Signature
    aws_request = create_request_object(request_dict)
    ReadOnlyCredentials = namedtuple('ReadOnlyCredentials',
                                 ['access_key', 'secret_key', 'token'])
    credentials = ReadOnlyCredentials(TEST_AWS_ACCESS_KEY_ID, TEST_AWS_SECRET_ACCESS_KEY, None)
    region = query_params['X-Amz-Credential'][0].split('/')[2]
    signer = S3SigV4QueryAuth(credentials, 's3', region, expires=int(query_params['X-Amz-Expires'][0]))
    signature = signer.add_auth(aws_request, query_params['X-Amz-Date'][0])

    expiration_time = datetime.datetime.strptime(query_params['X-Amz-Date'][0], '%Y%m%dT%H%M%SZ') + \
        datetime.timedelta(seconds=int(query_params['X-Amz-Expires'][0]))

    # Comparing the signature in url with signature we calculated
    query_sig = urlparse.unquote(query_params['X-Amz-Signature'][0])
    if query_sig != signature:

        return requests_error_response_xml_signature_calculation(
            code=403,
            code_string='SignatureDoesNotMatch',
            aws_access_token=TEST_AWS_ACCESS_KEY_ID,
            signature=signature,
            message='The request signature we calculated does not match the signature you provided. \
                    Check your key and signing method.')

    # Checking whether the url is expired or not
    if expiration_time < datetime.datetime.utcnow():
        return requests_error_response_xml_signature_calculation(
            code=403,
            code_string='AccessDenied',
            message='Request has expired',
            expires=query_params['X-Amz-Expires'][0]
        )

예제 #2

파일: s3_utils.py 프로젝트: akshaynarula/localstack

def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):

    is_presign_valid = False
    for port in PORT_REPLACEMENT:
        match = re.match(HOST_COMBINATION_REGEX, urlparse.urlparse(request_dict['url']).netloc)
        if match and match.group(2):
            request_dict['url'] = request_dict['url'].replace('%s' % match.group(2), '%s' % port)
        else:
            request_dict['url'] = '%s:%s' % (request_dict['url'], port)

        # Calculating Signature
        aws_request = create_request_object(request_dict)
        ReadOnlyCredentials = namedtuple('ReadOnlyCredentials',
                                ['access_key', 'secret_key', 'token'])
        credentials = ReadOnlyCredentials(TEST_AWS_ACCESS_KEY_ID, TEST_AWS_SECRET_ACCESS_KEY,
            query_params.get('X-Amz-Security-Token', None))
        region = query_params['X-Amz-Credential'][0].split('/')[2]
        signer = S3SigV4QueryAuth(credentials, 's3', region, expires=int(query_params['X-Amz-Expires'][0]))
        signature = signer.add_auth(aws_request, query_params['X-Amz-Date'][0])

        expiration_time = datetime.datetime.strptime(query_params['X-Amz-Date'][0], '%Y%m%dT%H%M%SZ') + \
            datetime.timedelta(seconds=int(query_params['X-Amz-Expires'][0]))

        # Comparing the signature in url with signature we calculated
        query_sig = urlparse.unquote(query_params['X-Amz-Signature'][0])
        if query_sig == signature:
            is_presign_valid = True
            break

    # Comparing the signature in url with signature we calculated
    if config.S3_SKIP_SIGNATURE_VALIDATION:
        if not is_presign_valid:
            LOGGER.warning('Signatures do not match, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1')
        signature = query_sig
        is_presign_valid = True

    if not is_presign_valid:

        return requests_error_response_xml_signature_calculation(
            code=403,
            code_string='SignatureDoesNotMatch',
            aws_access_token=TEST_AWS_ACCESS_KEY_ID,
            signature=signature,
            message='The request signature we calculated does not match the signature you provided. \
                    Check your key and signing method.')

    # Checking whether the url is expired or not
    if expiration_time < datetime.datetime.utcnow():
        return requests_error_response_xml_signature_calculation(
            code=403,
            code_string='AccessDenied',
            message='Request has expired',
            expires=query_params['X-Amz-Expires'][0]
        )

예제 #3

def authenticate_presign_url_signv4(method, path, headers, data, url, query_params, request_dict):
    is_presign_valid = False
    for port in PORT_REPLACEMENT:
        match = re.match(HOST_COMBINATION_REGEX, urlparse.urlparse(request_dict["url"]).netloc)
        if match and match.group(2):
            request_dict["url"] = request_dict["url"].replace("%s" % match.group(2), "%s" % port)
        else:
            request_dict["url"] = "%s:%s" % (request_dict["url"], port)

        # Calculating Signature
        aws_request = create_request_object(request_dict)
        ReadOnlyCredentials = namedtuple(
            "ReadOnlyCredentials", ["access_key", "secret_key", "token"]
        )
        credentials = ReadOnlyCredentials(
            TEST_AWS_ACCESS_KEY_ID,
            TEST_AWS_SECRET_ACCESS_KEY,
            query_params.get("X-Amz-Security-Token", None),
        )
        region = query_params["X-Amz-Credential"][0].split("/")[2]
        signer = S3SigV4QueryAuth(
            credentials, "s3", region, expires=int(query_params["X-Amz-Expires"][0])
        )
        signature = signer.add_auth(aws_request, query_params["X-Amz-Date"][0])

        expiration_time = datetime.datetime.strptime(
            query_params["X-Amz-Date"][0], "%Y%m%dT%H%M%SZ"
        ) + datetime.timedelta(seconds=int(query_params["X-Amz-Expires"][0]))
        expiration_time = expiration_time.replace(tzinfo=datetime.timezone.utc)

        # Comparing the signature in url with signature we calculated
        query_sig = urlparse.unquote(query_params["X-Amz-Signature"][0])
        if query_sig == signature:
            is_presign_valid = True
            break

    # Comparing the signature in url with signature we calculated
    if config.S3_SKIP_SIGNATURE_VALIDATION:
        if not is_presign_valid:
            LOGGER.warning(
                "Signatures do not match, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1"
            )
        signature = query_sig
        is_presign_valid = True

    if not is_presign_valid:
        return requests_error_response_xml_signature_calculation(
            code=403,
            code_string="SignatureDoesNotMatch",
            aws_access_token=TEST_AWS_ACCESS_KEY_ID,
            signature=signature,
            message="The request signature we calculated does not match the signature you provided. \
                    Check your key and signing method.",
        )

    # Checking whether the url is expired or not
    if is_expired(expiration_time):
        if config.S3_SKIP_SIGNATURE_VALIDATION:
            LOGGER.warning(
                "Signature is expired, but not raising an error, as S3_SKIP_SIGNATURE_VALIDATION=1"
            )
        else:
            return requests_error_response_xml_signature_calculation(
                code=403,
                code_string="AccessDenied",
                message="Request has expired",
                expires=query_params["X-Amz-Expires"][0],
            )