161 lines
6.0 KiB
Python
161 lines
6.0 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one or more
|
|
# contributor license agreements. See the NOTICE file distributed with
|
|
# this work for additional information regarding copyright ownership.
|
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from datetime import datetime
|
|
import hashlib
|
|
import hmac
|
|
|
|
from libcloud.utils.py3 import urlquote
|
|
|
|
__all__ = [
|
|
'OSCRequestSignerAlgorithmV4',
|
|
]
|
|
|
|
|
|
class OSCRequestSigner(object):
|
|
"""
|
|
Class which handles signing the outgoing AWS requests.
|
|
"""
|
|
|
|
def __init__(self, access_key: str,
|
|
access_secret: str,
|
|
version: str,
|
|
connection):
|
|
"""
|
|
:param access_key: Access key.
|
|
:type access_key: ``str``
|
|
|
|
:param access_secret: Access secret.
|
|
:type access_secret: ``str``
|
|
|
|
:param version: API version.
|
|
:type version: ``str``
|
|
|
|
:param connection: Connection instance.
|
|
:type connection: :class:`Connection`
|
|
"""
|
|
self.access_key = access_key
|
|
self.access_secret = access_secret
|
|
self.version = version
|
|
self.connection = connection
|
|
|
|
|
|
class OSCRequestSignerAlgorithmV4(OSCRequestSigner):
|
|
@staticmethod
|
|
def sign(key, msg):
|
|
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
|
|
|
|
@staticmethod
|
|
def _get_signed_headers(headers: dict):
|
|
return ';'.join([k.lower() for k in sorted(headers.keys())])
|
|
|
|
@staticmethod
|
|
def _get_canonical_headers(headers: dict):
|
|
return '\n'.join([':'.join([k.lower(), str(v).strip()])
|
|
for k, v in sorted(headers.items())]) + '\n'
|
|
|
|
@staticmethod
|
|
def _get_request_params(params: dict):
|
|
return '&'.join(["%s=%s" %
|
|
(urlquote(k, safe=''), urlquote(str(v), safe='~'))
|
|
for k, v in sorted(params.items())])
|
|
|
|
def get_request_headers(self, service_name: str, region: str, action: str,
|
|
data: str):
|
|
date = datetime.utcnow()
|
|
host = "{}.{}.outscale.com".format(service_name, region)
|
|
headers = {
|
|
'Content-Type': "application/json; charset=utf-8",
|
|
'X-Osc-Date': date.strftime('%Y%m%dT%H%M%SZ'),
|
|
'Host': host,
|
|
}
|
|
path = "/{}/{}/{}".format(
|
|
self.connection.service_name,
|
|
self.version,
|
|
action
|
|
)
|
|
sig = self._get_authorization_v4_header(
|
|
headers=headers,
|
|
dt=date,
|
|
method='POST',
|
|
path=path,
|
|
data=data
|
|
)
|
|
headers.update({'Authorization': sig})
|
|
return headers
|
|
|
|
def _get_authorization_v4_header(self, headers: dict,
|
|
data: str,
|
|
dt: datetime,
|
|
method: str = 'GET',
|
|
path: str = '/'):
|
|
credentials_scope = self._get_credential_scope(dt=dt)
|
|
signed_headers = self._get_signed_headers(headers=headers)
|
|
signature = self._get_signature(headers=headers, dt=dt,
|
|
method=method, path=path,
|
|
data=data)
|
|
return 'OSC4-HMAC-SHA256 Credential=%(u)s/%(c)s, ' \
|
|
'SignedHeaders=%(sh)s, Signature=%(s)s' % {
|
|
'u': self.access_key,
|
|
'c': credentials_scope,
|
|
'sh': signed_headers,
|
|
's': signature
|
|
}
|
|
|
|
def _get_signature(self, headers: dict, dt: datetime,
|
|
method: str, path: str, data: str):
|
|
string_to_sign = self._get_string_to_sign(headers=headers, dt=dt,
|
|
method=method, path=path,
|
|
data=data)
|
|
signing_key = self._get_key_to_sign_with(
|
|
self.access_secret,
|
|
dt.strftime('%Y%m%d')
|
|
)
|
|
return hmac.new(signing_key, string_to_sign.encode('utf-8'),
|
|
hashlib.sha256).hexdigest()
|
|
|
|
def _get_key_to_sign_with(self, key: str, dt: str):
|
|
k_date = self.sign(('OSC4' + key).encode('utf-8'), dt)
|
|
k_region = self.sign(k_date, self.connection.region_name)
|
|
k_service = self.sign(k_region, self.connection.service_name)
|
|
return self.sign(k_service, 'osc4_request')
|
|
|
|
def _get_string_to_sign(self, headers: dict, dt: datetime, method: str,
|
|
path: str, data: str):
|
|
canonical_request = self._get_canonical_request(headers=headers,
|
|
method=method,
|
|
path=path,
|
|
data=data)
|
|
return 'OSC4-HMAC-SHA256' + '\n' \
|
|
+ dt.strftime('%Y%m%dT%H%M%SZ') + '\n' \
|
|
+ self._get_credential_scope(dt) + '\n' \
|
|
+ hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
|
|
|
|
def _get_credential_scope(self, dt):
|
|
return '/'.join([dt.strftime('%Y%m%d'),
|
|
self.connection.region_name,
|
|
self.connection.service_name,
|
|
'osc4_request'])
|
|
|
|
def _get_canonical_request(self, headers, method, path, data):
|
|
return '\n'.join([
|
|
method,
|
|
path,
|
|
self._get_request_params({}),
|
|
self._get_canonical_headers(headers),
|
|
self._get_signed_headers(headers),
|
|
hashlib.sha256(data.encode('utf-8')).hexdigest()
|
|
])
|