def sign_string_v4(method='GET', host='', canonical_uri='/', params={}, region='us-east-1', cur_headers={}, body=''): service = 's3' cfg = Config.Config() access_key = cfg.access_key secret_key = cfg.secret_key t = datetime.datetime.utcnow() amzdate = t.strftime('%Y%m%dT%H%M%SZ') datestamp = t.strftime('%Y%m%d') canonical_querystring = '&'.join(['%s=%s' % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())]) splits = canonical_uri.split('?') canonical_uri = quote_param(splits[0], quote_backslashes=False) canonical_querystring += '&'.join([('%s' if '=' in qs else '%s=') % qs for qs in splits[1:]]) if type(body) == type(sha256('')): payload_hash = body.hexdigest() else: payload_hash = sha256(body).hexdigest() canonical_headers = {'host' : host, 'x-amz-content-sha256': payload_hash, 'x-amz-date' : amzdate } signed_headers = 'host;x-amz-content-sha256;x-amz-date' for header in cur_headers.keys(): # avoid duplicate headers and previous Authorization if header == 'Authorization' or header in signed_headers.split(';'): continue canonical_headers[header.strip()] = str(cur_headers[header]).strip() signed_headers += ';' + header.strip() # sort headers into a string canonical_headers_str = '' for k, v in sorted(canonical_headers.items()): canonical_headers_str += k + ":" + v + "\n" canonical_headers = canonical_headers_str debug(u"canonical_headers = %s" % canonical_headers) signed_headers = ';'.join(sorted(signed_headers.split(';'))) canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash debug('Canonical Request:\n%s\n----------------------' % canonical_request) algorithm = 'AWS4-HMAC-SHA256' credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request' string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + sha256(canonical_request).hexdigest() signing_key = getSignatureKey(secret_key, datestamp, region, service) signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), sha256).hexdigest() authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ',' + 'SignedHeaders=' + signed_headers + ',' + 'Signature=' + signature headers = dict(cur_headers.items() + {'x-amz-date':amzdate, 'Authorization':authorization_header, 'x-amz-content-sha256': payload_hash}.items()) debug("signature-v4 headers: %s" % headers) return headers
def sign_string_v4(method='GET', host='', canonical_uri='/', params={}, region='us-east-1', cur_headers={}, body=''): service = 's3' cfg = Config.Config() access_key = cfg.access_key secret_key = cfg.secret_key t = datetime.datetime.utcnow() amzdate = t.strftime('%Y%m%dT%H%M%SZ') datestamp = t.strftime('%Y%m%d') canonical_querystring = '&'.join(['%s=%s' % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())]) splits = canonical_uri.split('?') canonical_uri = quote_param(splits[0], quote_backslashes=False) canonical_querystring += '&'.join([('%s' if '=' in qs else '%s=') % qs for qs in splits[1:]]) if type(body) == type(sha256('')): payload_hash = body.hexdigest() else: payload_hash = sha256(body).hexdigest() canonical_headers = {'host' : host, 'x-amz-content-sha256': payload_hash, 'x-amz-date' : amzdate } signed_headers = 'host;x-amz-content-sha256;x-amz-date' for header in cur_headers.keys(): # avoid duplicate headers and previous Authorization if header == 'Authorization' or header in signed_headers.split(';'): continue canonical_headers[header.strip()] = str(cur_headers[header]).strip() signed_headers += ';' + header.strip() # sort headers into a string canonical_headers_str = '' for k, v in sorted(canonical_headers.items()): canonical_headers_str += k + ":" + v + "\n" canonical_headers = canonical_headers_str debug(u"canonical_headers = %s" % canonical_headers) signed_headers = ';'.join(sorted(signed_headers.split(';'))) canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash debug('Canonical Request:\n%s\n----------------------' % canonical_request) algorithm = 'AWS4-HMAC-SHA256' credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request' string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + sha256(canonical_request).hexdigest() signing_key = getSignatureKey(secret_key, datestamp, region, service) signature = hmac.new(signing_key, encode_to_s3(string_to_sign), sha256).hexdigest() authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ',' + 'SignedHeaders=' + signed_headers + ',' + 'Signature=' + signature headers = dict(cur_headers.items() + {'x-amz-date':amzdate, 'Authorization':authorization_header, 'x-amz-content-sha256': payload_hash}.items()) debug("signature-v4 headers: %s" % headers) return headers
def checksum_sha256_buffer(buffer, offset=0, size=None): try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() if size is None: hash.update(buffer) else: hash.update(buffer[offset:offset+size]) return hash
def checksum_sha256_buffer(buffer, offset=0, size=None): try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() if size is None: hash.update(buffer) else: hash.update(buffer[offset : offset + size]) return hash
def checksum_sha256_file(filename, offset=0, size=None): try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() with open(deunicodise(filename),'rb') as f: if size is None: for chunk in iter(lambda: f.read(8192), b''): hash.update(chunk) else: f.seek(offset) chunk = f.read(size) hash.update(chunk) return hash
def checksum_sha256_file(filename, offset=0, size=None): try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() with open(deunicodise(filename), "rb") as f: if size is None: for chunk in iter(lambda: f.read(8192), b""): hash.update(chunk) else: f.seek(offset) chunk = f.read(size) hash.update(chunk) return hash
def checksum_sha256(filename, offset=0, size=None): canonical_uri = urllib.quote_plus(filename).replace('%2F', '/') try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() with open(filename,'rb') as f: if size is None: for chunk in iter(lambda: f.read(8192), b''): hash.update(chunk) else: f.seek(offset) chunk = f.read(size) hash.update(chunk) return hash
def checksum_sha256_file(filename, offset=0, size=None): try: hash = sha256() except: # fallback to Crypto SHA256 module hash = sha256.new() with open(deunicodise(filename),'rb') as f: if size is None: for chunk in iter(lambda: f.read(8192), b''): hash.update(chunk) else: f.seek(offset) size_left = size while size_left > 0: chunk = f.read(min(8192, size_left)) size_left -= len(chunk) hash.update(chunk) return hash
def sign_string_v4(method="GET", host="", canonical_uri="/", params={}, region="us-east-1", cur_headers={}, body=""): service = "s3" cfg = Config.Config() access_key = cfg.access_key secret_key = cfg.secret_key t = datetime.datetime.utcnow() amzdate = t.strftime("%Y%m%dT%H%M%SZ") datestamp = t.strftime("%Y%m%d") canonical_querystring = "&".join( ["%s=%s" % (urllib.quote_plus(p), quote_param(params[p])) for p in sorted(params.keys())] ) splits = canonical_uri.split("?") canonical_uri = quote_param(splits[0], quote_backslashes=False) canonical_querystring += "&".join([("%s" if "=" in qs else "%s=") % qs for qs in splits[1:]]) if type(body) == type(sha256("")): payload_hash = body.hexdigest() else: payload_hash = sha256(body).hexdigest() canonical_headers = {"host": host, "x-amz-content-sha256": payload_hash, "x-amz-date": amzdate} signed_headers = "host;x-amz-content-sha256;x-amz-date" for header in cur_headers.keys(): # avoid duplicate headers and previous Authorization if header == "Authorization" or header in signed_headers.split(";"): continue canonical_headers[header.strip()] = str(cur_headers[header]).strip() signed_headers += ";" + header.strip() # sort headers into a string canonical_headers_str = "" for k, v in sorted(canonical_headers.items()): canonical_headers_str += k + ":" + v + "\n" canonical_headers = canonical_headers_str debug(u"canonical_headers = %s" % canonical_headers) signed_headers = ";".join(sorted(signed_headers.split(";"))) canonical_request = ( method + "\n" + canonical_uri + "\n" + canonical_querystring + "\n" + canonical_headers + "\n" + signed_headers + "\n" + payload_hash ) debug("Canonical Request:\n%s\n----------------------" % canonical_request) algorithm = "AWS4-HMAC-SHA256" credential_scope = datestamp + "/" + region + "/" + service + "/" + "aws4_request" string_to_sign = algorithm + "\n" + amzdate + "\n" + credential_scope + "\n" + sha256(canonical_request).hexdigest() signing_key = getSignatureKey(secret_key, datestamp, region, service) signature = hmac.new(signing_key, encode_to_s3(string_to_sign), sha256).hexdigest() authorization_header = ( algorithm + " " + "Credential=" + access_key + "/" + credential_scope + "," + "SignedHeaders=" + signed_headers + "," + "Signature=" + signature ) headers = dict( cur_headers.items() + {"x-amz-date": amzdate, "Authorization": authorization_header, "x-amz-content-sha256": payload_hash}.items() ) debug("signature-v4 headers: %s" % headers) return headers