def get_sign_string(source, access_secret): key = load_der_private_key( b64_decode_bytes(ensure_bytes(access_secret)), password=None, backend=default_backend() ) signed_bytes = key.sign( ensure_bytes(source), padding.PKCS1v15(), hashes.SHA256() ) signed_base64 = b64_encode_bytes(signed_bytes) signature = ensure_string(signed_base64).replace('\n', '') return signature
def test_ecs_ram_role_signer(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "Success","AccessKeyId":"access_key_id",\ "AccessKeySecret":"access_key_secret","Expiration":3600,\ "SecurityToken": "security_token"}') mock_urlopen.return_value = res headers, url = signer.sign('cn-hangzhou', request) mock_urlopen.assert_called_once_with( 'http://100.100.100.200/latest/meta-data/ram/security-credentials/role') self.assertEqual(request.get_query_params().get( "SecurityToken"), 'security_token') # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1" # "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D" # "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get( "x-acs-security-token"), 'security_token')
def get_sign_string(source, access_secret): if platform.system() != "Windows": from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from Crypto.PublicKey import RSA key = RSA.importKey(b64_decode_bytes(ensure_bytes(access_secret))) h = SHA256.new(ensure_bytes(source)) signer = PKCS1_v1_5.new(key) signed_bytes = signer.sign(h) signed_base64 = b64_encode_bytes(signed_bytes) signature = ensure_string(signed_base64).replace('\n', '') return signature else: message = "auth type [publicKeyId] is disabled in Windows " \ "because 'pycrypto' is not supported, we will resolve " \ "this soon" raise exceptions.ClientException(error_code.SDK_NOT_SUPPORT, message)
def test_resolver_with_location(self): client = Mock() client.do_action_with_exception.return_value = ensure_bytes( '{"Code": "Success","Endpoints": {"Endpoint": []}}') resolver = LocationServiceEndpointResolver(client) request = ResolveEndpointRequest("region_id", "product", "servicecode", "") self.assertEqual(resolver.resolve(request), None)
def test_resolver_with_location2(self): client = Mock() client.do_action_with_exception.return_value = ensure_bytes( '{"Code": "Success","Endpoints": {"Endpoint": [{"ServiceCode":"servicecode",' + '"Type":"innerAPI","Endpoint":"the inner endpoint"},{"ServiceCode":"servicecode",' + '"Type":"openAPI","Endpoint":"the endpoint"}]}}') resolver = LocationServiceEndpointResolver(client) request = ResolveEndpointRequest("region_id", "product", "servicecode", "") self.assertEqual(resolver.resolve(request), "the endpoint")
def test_ecs_ram_role_signer_unsuccess(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "400"}') mock_urlopen.return_value = res with self.assertRaises(ServerException) as ex: signer.sign('cn-hangzhou', request) self.assertEqual( "refresh Ecs sts token err, code is 400", ex.exception.message)
def test_rsa_key_pair_signer(self): public_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa.pub") public_key_id = open(public_key_path).read() private_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa") private_key_id = open(private_key_path).read() # invalid session period with self.assertRaises(ClientException) as ce: credential = RsaKeyPairCredential( public_key_id, private_key_id, session_period=12) RsaKeyPairSigner(credential, "region_id") self.assertEqual( "Session expiration must between 900 and 3600 seconds", ce.exception.message) # ok credential = RsaKeyPairCredential( public_key_id, private_key_id, session_period=3600) signer = RsaKeyPairSigner(credential, "region_id") # for rpc request = RpcRequest("product", "version", "action_name") self.assertIsNone(request.get_query_params().get("SecurityToken")) signer._sts_client = Mock() do_action = Mock() do_action.return_value = ensure_bytes( '{"SessionAccessKey":{"SessionAccessKeyId":"session_access_key_id",' + '"SessionAccessKeySecret":"session_access_key_secret"}}') signer._sts_client.do_action_with_exception = do_action headers, url = signer.sign('cn-hangzhou', request) # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1" # "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D" # "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') # second headers, url = signer.sign('cn-hangzhou', request) # mock should update signer._last_update_time = signer._last_update_time - signer._session_period - 10 headers, url = signer.sign('cn-hangzhou', request)
def get_md5_base64_str(content): m = hashlib.md5() content_bytes = ensure_bytes(content) m.update(ensure_bytes(content_bytes)) return ensure_string(b64_encode_bytes(m.digest()).strip())
def get_sign_string(source, secret): source = ensure_bytes(source) secret = ensure_bytes(secret) h = hmac.new(secret, source, hashlib.sha1) signature = ensure_string(b64_encode_bytes(h.digest()).strip()) return signature
def do_action_200(self, request, signer): return 200, {}, ensure_bytes( '{"Credentials":{"AccessKeyId":"access_key_id",\ "AccessKeySecret":"access_key_secret","SecurityToken":"security_token"}}' )
def md5_sum(content): content_bytes = ensure_bytes(content) md5_bytes = hashlib.md5(content_bytes).digest() return ensure_string(base64.standard_b64encode(md5_bytes))
def _get_md5(content): m = hashlib.md5() content_bytes = ensure_bytes(content) m.update(bytearray(content_bytes)) return m.digest()