cc1  v2.1
CC1 source code docs
 All Classes Namespaces Files Functions Variables Pages
auth.py
Go to the documentation of this file.
1 # -*- coding: utf-8 -*-
2 # @COPYRIGHT_begin
3 #
4 # Copyright [2010-2014] Institute of Nuclear Physics PAN, Krakow, Poland
5 #
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
9 #
10 # http://www.apache.org/licenses/LICENSE-2.0
11 #
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 #
18 # @COPYRIGHT_end
19 
20 ##
21 # @package src.ec2.base.auth
22 # Signature generators for EC2 API requests
23 #
24 # @copyright Copyright (c) 2012 Institute of Nuclear Physics PAS <http://www.ifj.edu.pl/>
25 # @author Oleksandr Gituliar <gituliar@gmail.com>
26 # @author Rafał Grzymkowski
27 # @author Miłosz Zdybał
28 #
29 import base64
30 import hashlib
31 import hmac
32 import urllib
33 
34 
35 ##
36 # Authorize EC2 API request by comparing generated and request signatures.
37 def authorize_ec2_request(parameters, aws_secret_key, **kwargs):
38  signature_version = parameters.get('SignatureVersion')
39 
40  if signature_version == '1':
41  sign_parameters = _sign_parameters_ver1
42  elif signature_version == '2':
43  sign_parameters = _sign_parameters_ver2
44  else:
45  raise Exception("Unknown SignatureVersion: %s." % signature_version)
46 
47  correct_signature = sign_parameters(
48  paras,
49  aws_secret_key,
50  endpoint = parameters.get('Endpoint', endpoint),
51  method = parameters.get('Method', method),
52  )
53  request_signature = parameters.get('Signature')
54  return correct_signature == request_signature
55 
56 
57 ##
58 # Generate signature depending on parameters and password (once again).
59 def _sign_parameters_ver1(parameters, aws_secret_key, **kwargs):
60  #password = self.server.unsafe_ec2_gethash(parameters.get('AWSAccessKeyId'))
61  params = ''
62  for key in sorted(parameters.iterkeys(), key=str.lower):
63  if key == 'Signature' or key == 'Method' or key == 'Endpoint':
64  pass
65  else:
66  params += str(key)
67  params += str(parameters.get(key))
68  h = hmac.new(aws_secret_key, params, hashlib.sha1)
69  signature = h.digest()
70  signature = base64.b64encode(signature)
71  return signature
72 
73 
74 ##
75 # Method generating signature depending on parameters and password.
76 #
77 # Author: Miłosz Zdybał
78 #
79 def _sign_parameters_ver2_milosz(parameters, aws_secret_key, **kwargs):
80  params = {
81  'Action': parameters.get('Action'),
82  'AWSAccessKeyId': parameters.get('AWSAccessKeyId'),
83  'Timestamp': parameters.get('Timestamp'),
84  'Version': parameters.get('Version'),
85  'SignatureMethod': parameters.get('SignatureMethod'),
86  'SignatureVersion': parameters.get('SignatureVersion')
87  }
88  string_to_sign = '%s\n%s\n/\n' % (
89  parameters.get('Method'), parameters.get('Endpoint')
90  )
91  keys = params.keys()
92  keys.sort()
93  pairs = []
94  for key in keys:
95  val = params[key].encode('utf-8')
96  pairs.append(
97  urllib.quote(key, safe='') + '=' + urllib.quote(val, safe='-_~')
98  )
99  qs = '&'.join(pairs)
100  string_to_sign += qs
101  h = hmac.new(aws_secret_key, string_to_sign, hashlib.sha256)
102  b64 = base64.b64encode(h.digest())
103  return b64
104 
105 
106 ##
107 # Method generating signature depending on parameters and password
108 # (one that checks whether it works)
109 #
110 # Author: Rafał Grzymkowski
111 #
112 def _sign_parameters_ver2(parameters, aws_secret_key, endpoint=None,
113  method=None):
114  toSign = '%s\n%s\n/\n' % (
115  parameters.get('Method', method),
116  parameters.get('Endpoint', endpoint).lower(),
117  )
118  keys = parameters.keys()
119  keys.sort()
120  pairs = []
121  for key in keys:
122  val = parameters[key].encode('utf-8')
123  if key == 'Signature' or key == 'Method' or key == 'Endpoint':
124  continue
125  pairs.append(urllib.quote(key, safe='') + '=' + urllib.quote(val, safe='-_~'))
126  qs = '&'.join(pairs)
127  toSign += qs
128  h = hmac.new(aws_secret_key, toSign, hashlib.sha256)
129  b64 = base64.b64encode(h.digest())
130  return b64
131