def test_generate_signature(self):
        """
        Using example data from
        http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

        """
        access_key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
        region = 'us-east-1'
        service = 'iam'
        date = '20110909'
        key = AWS4SigningKey(access_key, region, service, date)
        req_text = [
            'POST https://iam.amazonaws.com/ HTTP/1.1',
            'Host: iam.amazonaws.com',
            'Content-Type: application/x-www-form-urlencoded; charset=utf-8',
            'X-Amz-Date: 20110909T233600Z', '',
            'Action=ListUsers&Version=2010-05-08'
        ]
        req_text = '\n'.join(req_text) + '\n'
        req = request_from_text(req_text)
        del req.headers['content-length']
        include_hdrs = list(req.headers)
        auth = AWS4Auth('dummy', key, include_hdrs=include_hdrs)
        AWS4Auth.encode_body(req)
        hsh = hashlib.sha256(req.body)
        req.headers['x-amz-content-sha256'] = hsh.hexdigest()
        sreq = auth(req)
        signature = sreq.headers['Authorization'].split('=')[3]
        expected = ('ced6826de92d2bdeed8f846f0bf508e8559e98e4b0199114b84c541'
                    '74deb456c')
        self.assertEqual(signature, expected)
    def test_signing_key_phases(self):
        """
        Using example data from:
        http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html

        """
        access_key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
        region = 'us-east-1'
        service = 'iam'
        date = '20120215'
        # These are signing key, date_key, region_key and service_key
        # respectively
        expected_raw = (
            'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d',
            '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d',
            '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c',
            'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa')
        expected = []
        for hsh in expected_raw:
            hexen = re.findall('..', hsh)
            expected.append([int(x, base=16) for x in hexen])
        result = AWS4SigningKey.generate_key(access_key,
                                             region,
                                             service,
                                             date,
                                             intermediate=True)
        for i, hsh in enumerate(result):
            hsh = [ord(x) for x in hsh] if PY2 else list(hsh)
            self.assertEqual(hsh, expected[i], msg='Item number {}'.format(i))
    def test_signing_key_phases(self):
        """
        Using example data from:
        http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html

        """
        access_key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
        region = 'us-east-1'
        service = 'iam'
        date = '20120215'
        # These are signing key, date_key, region_key and service_key
        # respectively
        expected_raw = (
            'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d',
            '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d',
            '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c',
            'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa')
        expected = []
        for hsh in expected_raw:
            hexen = re.findall('..', hsh)
            expected.append([int(x, base=16) for x in hexen])
        result = AWS4SigningKey.generate_key(access_key, region,
                                             service, date, intermediate=True)
        for i, hsh in enumerate(result):
            hsh = [ord(x) for x in hsh] if PY2 else list(hsh)
            self.assertEqual(hsh, expected[i], msg='Item number {}'.format(i))
 def test_instantiate_from_signing_key(self):
     key = AWS4SigningKey('access_key', 'region', 'service', 'date')
     auth = AWS4Auth('access_id', key)
     self.assertEqual(auth.access_id, 'access_id')
     self.assertEqual(auth.region, 'region')
     self.assertEqual(auth.service, 'service')
     self.assertIsInstance(auth.signing_key, AWS4SigningKey)
     self.assertEqual(auth.signing_key.region, 'region')
     self.assertEqual(auth.signing_key.service, 'service')
 def test_sts_creds_include_security_token_header(self):
     key = AWS4SigningKey('secret_key', 'region', 'service', '1999010')
     auth = AWS4Auth('access_id', key, session_token='sessiontoken')
     req = requests.Request('GET', 'http://blah.com')
     req = req.prepare()
     sreq = auth(req)
     self.assertIn('x-amz-security-token', sreq.headers)
     self.assertEqual(sreq.headers.get('x-amz-security-token'),
                      'sessiontoken')
 def test_date_mismatch_nosecretkey_raise(self):
     key = AWS4SigningKey('secret_key', 'region', 'service', '1999010',
                          False)
     auth = AWS4Auth('access_id', key)
     req = requests.Request('GET', 'http://blah.com')
     req = req.prepare()
     if 'date' in req.headers: del req.headers['date']
     req.headers['x-amz-date'] = '20000101T010101Z'
     self.assertRaises(NoSecretKeyError, auth, req)
 def test_sign_sha256_bytes_msg(self):
     key = b'The quick brown fox jumps over the lazy dog'
     msg = (b'Forsaking monastic tradition, twelve jovial friars gave up '
            b'their vocation for a questionable existence on the flying '
            b'trapeze')
     expected = [250, 103, 254, 220, 118, 118, 37, 81, 166, 41, 65, 14,
                 142, 77, 204, 122, 185, 19, 38, 15, 145, 249, 113, 69,
                 178, 30, 131, 244, 230, 190, 246, 23]
     hsh = AWS4SigningKey.sign_sha256(key, msg)
     hsh = [ord(x) for x in hsh] if PY2 else list(hsh)
     self.assertEqual(hsh, expected)
 def setUp(self):
     self.region = 'region'
     self.service = 'service'
     self.date = '19990101'
     self.secret_key = 'secret_key'
     self.access_id = 'access_id'
     self.auth = AWS4Auth(self.access_id, self.secret_key, self.region,
                          self.service, self.date)
     self.sig_key_no_secret = AWS4SigningKey(self.secret_key, self.region,
                                             self.service, self.date, False)
     self.auth_no_secret = AWS4Auth(self.access_id, self.sig_key_no_secret)
 def test_aws4auth_add_header(self):
     req = requests.Request('GET', 'http://blah.com')
     req = req.prepare()
     if 'date' in req.headers: del req.headers['date']
     secret_key = 'dummy'
     region = 'us-east-1'
     service = 'iam'
     key = AWS4SigningKey(secret_key, region, service)
     auth = AWS4Auth('dummy', key)
     sreq = auth(req)
     self.assertIn('x-amz-date', sreq.headers)
     self.assertIsNotNone(AWS4Auth.get_request_date(sreq))
    def test_amz_date(self):
        """
        Will be removed when deprecated amz_date attribute is removed

        """
        with warnings.catch_warnings(record=True) as w:
            warnings.simplefilter('always')
            test_date = datetime.datetime.utcnow().strftime('%Y%m%d')
            obj = AWS4SigningKey('secret_key', 'region', 'service')
            if obj.amz_date != test_date:
                test_date = datetime.datetime.utcnow().strftime('%Y%m%d')
            self.assertEqual(obj.amz_date, test_date)
 def test_sign_sha256_bytes_msg(self):
     key = b'The quick brown fox jumps over the lazy dog'
     msg = (b'Forsaking monastic tradition, twelve jovial friars gave up '
            b'their vocation for a questionable existence on the flying '
            b'trapeze')
     expected = [
         250, 103, 254, 220, 118, 118, 37, 81, 166, 41, 65, 14, 142, 77,
         204, 122, 185, 19, 38, 15, 145, 249, 113, 69, 178, 30, 131, 244,
         230, 190, 246, 23
     ]
     hsh = AWS4SigningKey.sign_sha256(key, msg)
     hsh = [ord(x) for x in hsh] if PY2 else list(hsh)
     self.assertEqual(hsh, expected)
    def test_generate_key(self):
        """
        Using example data from:
        http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

        """
        access_key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
        region = 'us-east-1'
        service = 'iam'
        date = '20110909'
        expected = [152, 241, 216, 137, 254, 196, 244, 66, 26, 220, 82, 43,
                    171, 12, 225, 248, 46, 105, 41, 194, 98, 237, 21, 229,
                    169, 76, 144, 239, 209, 227, 176, 231]
        key = AWS4SigningKey.generate_key(access_key, region, service, date)
        key = [ord(x) for x in key] if PY2 else list(key)
        self.assertEqual(key, expected)
    def test_amz_date_warning(self):
        """
        Will be removed when deprecated amz_date attribute is removed

        """
        warnings.resetwarnings()
        with warnings.catch_warnings(record=True) as w:
            obj = AWS4SigningKey('secret_key', 'region', 'service')
            if PY2:
                warnings.simplefilter('always')
                obj.amz_date
                self.assertEqual(len(w), 1)
                self.assertEqual(w[-1].category, DeprecationWarning)
            else:
                warnings.simplefilter('ignore')
                self.assertWarns(DeprecationWarning, getattr, obj, 'amz_date')
    def test_instantiation_generate_key(self):
        """
        Using example data from:
        http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

        """
        access_key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
        region = 'us-east-1'
        service = 'iam'
        date = '20110909'
        expected = [
            152, 241, 216, 137, 254, 196, 244, 66, 26, 220, 82, 43, 171, 12,
            225, 248, 46, 105, 41, 194, 98, 237, 21, 229, 169, 76, 144, 239,
            209, 227, 176, 231
        ]
        key = AWS4SigningKey(access_key, region, service, date).key
        key = [ord(x) for x in key] if PY2 else list(key)
        self.assertEqual(key, expected)
 def test_regen_key_on_date_mismatch(self):
     vals = [('20001231T235959Z', '20010101'),
             ('20000101T010101Z', '20000102'),
             ('19900101T010101Z', '20000101')]
     for amzdate, scope_date in vals:
         req = requests.Request('GET', 'http://blah.com')
         req = req.prepare()
         if 'date' in req.headers: del req.headers['date']
         req.headers['x-amz-date'] = amzdate
         secret_key = 'dummy'
         region = 'us-east-1'
         service = 'iam'
         date = scope_date
         key = AWS4SigningKey(secret_key, region, service, date)
         orig_id = id(key)
         auth = AWS4Auth('dummy', key)
         sreq = auth(req)
         self.assertNotEqual(id(auth.signing_key), orig_id)
         self.assertEqual(auth.date, amzdate.split('T')[0])
 def _test_amz_test_suite_item(self, group_name):
     group = amz_aws4_testsuite.data[group_name]
     req = request_from_text(group['.req'])
     if 'content-length' in req.headers:
         del req.headers['content-length']
     include_hdrs = list(req.headers)
     AWS4Auth.encode_body(req)
     hsh = hashlib.sha256(req.body or b'')
     req.headers['x-amz-content-sha256'] = hsh.hexdigest()
     req.headers['x-amz-date'] = amz_aws4_testsuite.timestamp
     key = AWS4SigningKey(amz_aws4_testsuite.access_key,
                          amz_aws4_testsuite.region,
                          amz_aws4_testsuite.service,
                          amz_aws4_testsuite.date)
     auth = AWS4Auth(amz_aws4_testsuite.access_id,
                     key,
                     include_hdrs=include_hdrs)
     sreq = auth(req)
     auth_hdr = sreq.headers['Authorization']
     msg = 'Group: ' + group_name
     self.assertEqual(auth_hdr, group['.authz'], msg=msg)
 def test_mobileanalytics(self):
     url = 'https://mobileanalytics.us-east-1.amazonaws.com/2014-06-05/events'
     service = 'mobileanalytics'
     region = 'us-east-1'
     dt = datetime.utcnow()
     date = dt.strftime('%Y%m%d')
     sig_key = AWS4SigningKey(live_access_key, region, service, date)
     auth = AWS4Auth(live_access_id, sig_key)
     headers = {
         'Content-Type':
         'application/json',
         'X-Amz-Date':
         dt.strftime('%Y%m%dT%H%M%SZ'),
         'X-Amz-Client-Context':
         json.dumps({
             'client': {
                 'client_id': 'a',
                 'app_title': 'a'
             },
             'custom': {},
             'env': {
                 'platform': 'a'
             },
             'services': {}
         })
     }
     body = json.dumps({
         'events': [{
             'eventType': 'a',
             'timestamp': dt.strftime('%Y-%m-%dT%H:%M:%S.000Z'),
             'session': {}
         }]
     })
     response = requests.post(url, auth=auth, headers=headers, data=body)
     response.connection.close()
     self.assertTrue(response.ok)
 def test_no_store_secret_key(self):
     obj = AWS4SigningKey('secret_key',
                          'region',
                          'service',
                          store_secret_key=False)
     self.assertEqual(obj.secret_key, None)
def lambda_handler(event, context):

    logger.info("Event: " + dumps(event))
    logger.info("Request Context: " + dumps(event['requestContext']))

    requestContext = event['requestContext']

    table = dynamodb.Table('iotmx-lighting-socket')

    try:
        if requestContext['routeKey'] == "$connect":
            socketDTO = {}

            socketDTO['connectionId'] = requestContext['connectionId']
            socketDTO['connectionTime'] = requestContext['connectedAt']
            socketDTO['domainName'] = requestContext['domainName']
            socketDTO['identity'] = requestContext['identity']
            socketDTO['online'] = True
            socketDTO['_id'] = uuid.uuid4().hex

            logger.info("Putting item in iotmx-lighting-socket: " +
                        dumps(socketDTO))

            table.put_item(Item=socketDTO)

            statusCode = 200
            mensaje = "Connected."

        elif requestContext['routeKey'] == "message":

            statusCode = 200

            logger.info("Message: " + dumps(event['body']))

            onlineClient = list()
            response = table.scan(FilterExpression=Attr('online').eq(True))

            for i in response['Items']:
                onlineClient.append(i['connectionId'])

            if requestContext['connectionId'] in onlineClient:
                onlineClient.remove(requestContext['connectionId'])

            if len(onlineClient) != 0:
                #Post message to connected clients
                date = (datetime.datetime.utcnow()).strftime('%Y%m%d')
                auth = AWS4Auth(
                    aws.access_id,
                    AWS4SigningKey(aws.secret_key, aws.region, 'execute-api',
                                   date))
                headers = {
                    'Context-Type':
                    'application/json',
                    'X-Amz-Date':
                    (datetime.datetime.utcnow()).strftime('%Y%m%dT%H%M%SZ'),
                    'X-Amz-Client-Context':
                    dumps({})
                }
                for id in onlineClient:
                    endpoint = "https://" + requestContext[
                        'domainName'] + "/v1/@connections/" + str(id)
                    messageDTO = json.loads(event['body'])
                    payload = messageDTO['data']
                    r = requests.post(url=endpoint,
                                      data=dumps(payload),
                                      auth=auth,
                                      headers=headers)

            params = json.loads(event['body'])

            paramsDTO = {"httpMethod": "POST", "body": params['data']}

            logger.info("paramsDTO: " + dumps(paramsDTO))

            response = lambdaClient.invoke(
                FunctionName='iotmx-lighting-device',
                InvocationType='Event',
                Payload=dumps(paramsDTO))

            logger.info("Lambda Invokation: " + dumps(response))

            mensaje = "Message received."

        elif requestContext['routeKey'] == "$disconnect":

            client = {}
            response = table.scan(FilterExpression=Attr('connectionId').eq(
                requestContext['connectionId']))

            for i in response['Items']:
                client = i

            if len(client) != 0:

                logger.info("Connection Id: " + dumps(client['connectionId']))

                table.delete_item(Key={"_id": client['_id']})

            statusCode = 200
            mensaje = "Desconexion de socket"

        else:

            statusCode = 200
            mensaje = requestContext['routeKey']

    except Exception as e:

        logger.info("Error: " + str(e))

        statusCode = 500
        mensaje = "Error: " + str(e)

    return {
        "isBase64Encoded": False,
        "statusCode": statusCode,
        "body": mensaje,
        "headers": {
            'Content-Type': 'application/json',
            'charset': 'utf8',
            'Access-Control-Allow-Origin': '*'
        }
    }
 def test_basic_instantiation(self):
     obj = AWS4SigningKey('access_key', 'region', 'service', 'date')
     self.assertEqual(obj.region, 'region')
     self.assertEqual(obj.service, 'service')
     self.assertEqual(obj.amz_date, 'date')
     self.assertEqual(obj.scope, 'date/region/service/aws4_request')
 def test_default_store_secret_key(self):
     obj = AWS4SigningKey('secret_key', 'region', 'service')
     self.assertEqual(obj.secret_key, 'secret_key')
 def test_date(self):
     test_date = datetime.utcnow().strftime('%Y%m%d')
     obj = AWS4SigningKey('access_key', 'region', 'service')
     if obj.amz_date != test_date:
         test_date = datetime.utcnow().strftime('%Y%m%d')
     self.assertEqual(obj.amz_date, test_date)