def test_validate_ec2_timestamp_advanced_time(self): # EC2 request with Timestamp in advanced time timestamp = timeutils.utcnow() + datetime.timedelta(seconds=250) params = {'Timestamp': timeutils.strtime(timestamp, "%Y-%m-%dT%H:%M:%SZ")} expired = ec2utils.is_ec2_timestamp_expired(params, expires=300) self.assertFalse(expired)
def __call__(self, req): # Not all arguments are mandatory with v4 signatures, as some data is # passed in the header, not query arguments. required_args = ['Action', 'Version'] non_args = [ 'Action', 'Signature', 'AWSAccessKeyId', 'SignatureMethod', 'SignatureVersion', 'Version', 'Timestamp' ] args = dict(req.params) try: expired = ec2utils.is_ec2_timestamp_expired( req.params, expires=CONF.ec2_timestamp_expiry) if expired: msg = _("Timestamp failed validation.") LOG.debug("Timestamp failed validation") raise webob.exc.HTTPForbidden(explanation=msg) # Raise KeyError if omitted action = req.params['Action'] # Fix bug lp:720157 for older (version 1) clients # If not present assume v4 version = req.params.get('SignatureVersion', 4) if int(version) == 1: non_args.remove('SignatureMethod') if 'SignatureMethod' in args: args.pop('SignatureMethod') for non_arg in non_args: if non_arg in required_args: # Remove, but raise KeyError if omitted args.pop(non_arg) else: args.pop(non_arg, None) except KeyError: raise webob.exc.HTTPBadRequest() except exception.InvalidRequest as err: raise webob.exc.HTTPBadRequest(explanation=six.text_type(err)) LOG.debug('action: %s', action) for key, value in args.items(): LOG.debug('arg: %(key)s\t\tval: %(value)s', { 'key': key, 'value': value }) # Success! api_request = apirequest.APIRequest(self.controller, action, req.params['Version'], args) req.environ['ec2.request'] = api_request return self.application
def __call__(self, req): # Not all arguments are mandatory with v4 signatures, as some data is # passed in the header, not query arguments. required_args = ['Action', 'Version'] non_args = ['Action', 'Signature', 'AWSAccessKeyId', 'SignatureMethod', 'SignatureVersion', 'Version', 'Timestamp'] args = dict(req.params) try: expired = ec2utils.is_ec2_timestamp_expired(req.params, expires=CONF.ec2_timestamp_expiry) if expired: msg = _("Timestamp failed validation.") LOG.debug("Timestamp failed validation") raise webob.exc.HTTPForbidden(explanation=msg) # Raise KeyError if omitted action = req.params['Action'] # Fix bug lp:720157 for older (version 1) clients # If not present assume v4 version = req.params.get('SignatureVersion', 4) if int(version) == 1: non_args.remove('SignatureMethod') if 'SignatureMethod' in args: args.pop('SignatureMethod') for non_arg in non_args: if non_arg in required_args: # Remove, but raise KeyError if omitted args.pop(non_arg) else: args.pop(non_arg, None) except KeyError: raise webob.exc.HTTPBadRequest() except exception.InvalidRequest as err: raise webob.exc.HTTPBadRequest(explanation=six.text_type(err)) LOG.debug('action: %s', action) for key, value in args.items(): LOG.debug('arg: %(key)s\t\tval: %(value)s', {'key': key, 'value': value}) # Success! api_request = apirequest.APIRequest(self.controller, action, req.params['Version'], args) req.environ['ec2.request'] = api_request return self.application
def test_validate_Expires_timestamp_invalid_format(self): # EC2 request with invalid Expires params = {'Expires': '2011-04-22T11:29:49'} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertTrue(expired)
def test_validate_ec2_req_not_expired(self): expire = timeutils.utcnow() + datetime.timedelta(seconds=350) params = {'Expires': timeutils.strtime(expire, "%Y-%m-%dT%H:%M:%SZ")} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertFalse(expired)
def test_validate_ec2_req_expired(self): params = {'Expires': timeutils.isotime()} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertTrue(expired)
def test_validate_ec2_req_timestamp_expired(self): params = {'Timestamp': '2011-04-22T12:00:00Z'} compare = ec2utils.is_ec2_timestamp_expired(params, expires=300) self.assertTrue(compare)
def test_validate_ec2_req_timestamp_not_expired(self): params = {'Timestamp': timeutils.isotime()} expired = ec2utils.is_ec2_timestamp_expired(params, expires=15) self.assertFalse(expired)
def test_validate_ec2_timestamp_advanced_time_expired(self): timestamp = timeutils.utcnow() + datetime.timedelta(seconds=350) params = {'Timestamp': timeutils.strtime(timestamp, "%Y-%m-%dT%H:%M:%SZ")} expired = ec2utils.is_ec2_timestamp_expired(params, expires=300) self.assertTrue(expired)
def test_validate_ec2_timestamp_invalid_format(self): params = {'Timestamp': '2011-04-22T11:29:49.000P'} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertTrue(expired)
def test_validate_ec2_timestamp_aws_sdk_format(self): params = {'Timestamp': '2011-04-22T11:29:49.123Z'} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertFalse(expired) expired = ec2utils.is_ec2_timestamp_expired(params, expires=300) self.assertTrue(expired)
def test_validate_ec2_timestamp_not_set(self): params = {} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertFalse(expired)
def test_validate_ec2_timestamp_valid(self): params = {'Timestamp': '2011-04-22T11:29:49Z'} expired = ec2utils.is_ec2_timestamp_expired(params) self.assertFalse(expired)