keystone : Use Ec2Signer utility class from keystoneclient
The Ec2Signer class has been moved to python-keystoneclient, so we can remove the internal implementation and import the keystoneclient version blueprint ec2signer-to-keystoneclient Change-Id: I19d8575ab8b972467ce280a6197ae762da1ce790
This commit is contained in:
parent
ac2fb0f861
commit
39f12606a2
|
@ -18,14 +18,11 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import base64
|
||||
import hashlib
|
||||
import hmac
|
||||
import json
|
||||
import os
|
||||
import subprocess
|
||||
import time
|
||||
import urllib
|
||||
|
||||
import passlib.hash
|
||||
|
||||
|
@ -70,83 +67,6 @@ class SmarterEncoder(json.JSONEncoder):
|
|||
return super(SmarterEncoder, self).default(obj)
|
||||
|
||||
|
||||
class Ec2Signer(object):
|
||||
"""Hacked up code from boto/connection.py"""
|
||||
|
||||
def __init__(self, secret_key):
|
||||
secret_key = secret_key.encode()
|
||||
self.hmac = hmac.new(secret_key, digestmod=hashlib.sha1)
|
||||
if hashlib.sha256:
|
||||
self.hmac_256 = hmac.new(secret_key, digestmod=hashlib.sha256)
|
||||
|
||||
def generate(self, credentials):
|
||||
"""Generate auth string according to what SignatureVersion is given."""
|
||||
if credentials['params']['SignatureVersion'] == '0':
|
||||
return self._calc_signature_0(credentials['params'])
|
||||
if credentials['params']['SignatureVersion'] == '1':
|
||||
return self._calc_signature_1(credentials['params'])
|
||||
if credentials['params']['SignatureVersion'] == '2':
|
||||
return self._calc_signature_2(credentials['params'],
|
||||
credentials['verb'],
|
||||
credentials['host'],
|
||||
credentials['path'])
|
||||
raise Exception(_('Unknown Signature Version: %s') %
|
||||
credentials['params']['SignatureVersion'])
|
||||
|
||||
@staticmethod
|
||||
def _get_utf8_value(value):
|
||||
"""Get the UTF8-encoded version of a value."""
|
||||
if not isinstance(value, str) and not isinstance(value, unicode):
|
||||
value = str(value)
|
||||
if isinstance(value, unicode):
|
||||
return value.encode('utf-8')
|
||||
else:
|
||||
return value
|
||||
|
||||
def _calc_signature_0(self, params):
|
||||
"""Generate AWS signature version 0 string."""
|
||||
s = params['Action'] + params['Timestamp']
|
||||
self.hmac.update(s)
|
||||
return base64.b64encode(self.hmac.digest())
|
||||
|
||||
def _calc_signature_1(self, params):
|
||||
"""Generate AWS signature version 1 string."""
|
||||
keys = params.keys()
|
||||
keys.sort(cmp=lambda x, y: cmp(x.lower(), y.lower()))
|
||||
for key in keys:
|
||||
self.hmac.update(key)
|
||||
val = self._get_utf8_value(params[key])
|
||||
self.hmac.update(val)
|
||||
return base64.b64encode(self.hmac.digest())
|
||||
|
||||
def _calc_signature_2(self, params, verb, server_string, path):
|
||||
"""Generate AWS signature version 2 string."""
|
||||
LOG.debug(_('using _calc_signature_2'))
|
||||
string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path)
|
||||
if self.hmac_256:
|
||||
current_hmac = self.hmac_256
|
||||
params['SignatureMethod'] = 'HmacSHA256'
|
||||
else:
|
||||
current_hmac = self.hmac
|
||||
params['SignatureMethod'] = 'HmacSHA1'
|
||||
keys = params.keys()
|
||||
keys.sort()
|
||||
pairs = []
|
||||
for key in keys:
|
||||
val = self._get_utf8_value(params[key])
|
||||
val = urllib.quote(val, safe='-_~')
|
||||
pairs.append(urllib.quote(key, safe='') + '=' + val)
|
||||
qs = '&'.join(pairs)
|
||||
LOG.debug(_('query string: %s'), qs)
|
||||
string_to_sign += qs
|
||||
LOG.debug(_('string_to_sign: %s'), string_to_sign)
|
||||
current_hmac.update(string_to_sign)
|
||||
b64 = base64.b64encode(current_hmac.digest())
|
||||
LOG.debug(_('len(b64)=%d'), len(b64))
|
||||
LOG.debug(_('base64 encoded digest: %s'), b64)
|
||||
return b64
|
||||
|
||||
|
||||
def trunc_password(password):
|
||||
"""Truncate passwords to the MAX_PASSWORD_LENGTH."""
|
||||
try:
|
||||
|
|
|
@ -36,6 +36,8 @@ glance to list images needed to perform the requested task.
|
|||
|
||||
import uuid
|
||||
|
||||
from keystoneclient.contrib.ec2 import utils as ec2_utils
|
||||
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
from keystone.common import manager
|
||||
|
@ -98,7 +100,7 @@ class Ec2Extension(wsgi.ExtensionRouter):
|
|||
@dependency.requires('catalog_api', 'ec2_api')
|
||||
class Ec2Controller(controller.V2Controller):
|
||||
def check_signature(self, creds_ref, credentials):
|
||||
signer = utils.Ec2Signer(creds_ref['secret'])
|
||||
signer = ec2_utils.Ec2Signer(creds_ref['secret'])
|
||||
signature = signer.generate(credentials)
|
||||
if utils.auth_str_equal(credentials['signature'], signature):
|
||||
return
|
||||
|
|
|
@ -11,5 +11,5 @@ sqlalchemy-migrate>=0.7.2
|
|||
passlib
|
||||
lxml
|
||||
iso8601>=0.1.4
|
||||
python-keystoneclient>=0.2,<0.3
|
||||
python-keystoneclient>=0.2.1,<0.3
|
||||
http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b4.tar.gz#egg=oslo-config
|
||||
|
|
Loading…
Reference in New Issue