keystone : Use Ec2Signer utility class from keystoneclient

The Ec2Signer class has been moved to python-keystoneclient,
so we can remove the internal implementation and import the
keystoneclient version

blueprint ec2signer-to-keystoneclient

Change-Id: I19d8575ab8b972467ce280a6197ae762da1ce790

keystone/common/utils.py

@@ -18,14 +18,11 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import base64
 import hashlib
-import hmac
 import json
 import os
 import subprocess
 import time
-import urllib
 
 import passlib.hash
 
@@ -70,83 +67,6 @@ class SmarterEncoder(json.JSONEncoder):
         return super(SmarterEncoder, self).default(obj)
 
 
-class Ec2Signer(object):
-    """Hacked up code from boto/connection.py"""
-
-    def __init__(self, secret_key):
-        secret_key = secret_key.encode()
-        self.hmac = hmac.new(secret_key, digestmod=hashlib.sha1)
-        if hashlib.sha256:
-            self.hmac_256 = hmac.new(secret_key, digestmod=hashlib.sha256)
-
-    def generate(self, credentials):
-        """Generate auth string according to what SignatureVersion is given."""
-        if credentials['params']['SignatureVersion'] == '0':
-            return self._calc_signature_0(credentials['params'])
-        if credentials['params']['SignatureVersion'] == '1':
-            return self._calc_signature_1(credentials['params'])
-        if credentials['params']['SignatureVersion'] == '2':
-            return self._calc_signature_2(credentials['params'],
-                                          credentials['verb'],
-                                          credentials['host'],
-                                          credentials['path'])
-        raise Exception(_('Unknown Signature Version: %s') %
-                        credentials['params']['SignatureVersion'])
-
-    @staticmethod
-    def _get_utf8_value(value):
-        """Get the UTF8-encoded version of a value."""
-        if not isinstance(value, str) and not isinstance(value, unicode):
-            value = str(value)
-        if isinstance(value, unicode):
-            return value.encode('utf-8')
-        else:
-            return value
-
-    def _calc_signature_0(self, params):
-        """Generate AWS signature version 0 string."""
-        s = params['Action'] + params['Timestamp']
-        self.hmac.update(s)
-        return base64.b64encode(self.hmac.digest())
-
-    def _calc_signature_1(self, params):
-        """Generate AWS signature version 1 string."""
-        keys = params.keys()
-        keys.sort(cmp=lambda x, y: cmp(x.lower(), y.lower()))
-        for key in keys:
-            self.hmac.update(key)
-            val = self._get_utf8_value(params[key])
-            self.hmac.update(val)
-        return base64.b64encode(self.hmac.digest())
-
-    def _calc_signature_2(self, params, verb, server_string, path):
-        """Generate AWS signature version 2 string."""
-        LOG.debug(_('using _calc_signature_2'))
-        string_to_sign = '%s\n%s\n%s\n' % (verb, server_string, path)
-        if self.hmac_256:
-            current_hmac = self.hmac_256
-            params['SignatureMethod'] = 'HmacSHA256'
-        else:
-            current_hmac = self.hmac
-            params['SignatureMethod'] = 'HmacSHA1'
-        keys = params.keys()
-        keys.sort()
-        pairs = []
-        for key in keys:
-            val = self._get_utf8_value(params[key])
-            val = urllib.quote(val, safe='-_~')
-            pairs.append(urllib.quote(key, safe='') + '=' + val)
-        qs = '&'.join(pairs)
-        LOG.debug(_('query string: %s'), qs)
-        string_to_sign += qs
-        LOG.debug(_('string_to_sign: %s'), string_to_sign)
-        current_hmac.update(string_to_sign)
-        b64 = base64.b64encode(current_hmac.digest())
-        LOG.debug(_('len(b64)=%d'), len(b64))
-        LOG.debug(_('base64 encoded digest: %s'), b64)
-        return b64
-
-
 def trunc_password(password):
     """Truncate passwords to the MAX_PASSWORD_LENGTH."""
     try:

keystone/contrib/ec2/core.py

@@ -36,6 +36,8 @@ glance to list images needed to perform the requested task.
 
 import uuid
 
+from keystoneclient.contrib.ec2 import utils as ec2_utils
+
 from keystone.common import controller
 from keystone.common import dependency
 from keystone.common import manager
@@ -98,7 +100,7 @@ class Ec2Extension(wsgi.ExtensionRouter):
 @dependency.requires('catalog_api', 'ec2_api')
 class Ec2Controller(controller.V2Controller):
     def check_signature(self, creds_ref, credentials):
-        signer = utils.Ec2Signer(creds_ref['secret'])
+        signer = ec2_utils.Ec2Signer(creds_ref['secret'])
         signature = signer.generate(credentials)
         if utils.auth_str_equal(credentials['signature'], signature):
             return

tools/pip-requires

@@ -11,5 +11,5 @@ sqlalchemy-migrate>=0.7.2
 passlib
 lxml
 iso8601>=0.1.4
-python-keystoneclient>=0.2,<0.3
+python-keystoneclient>=0.2.1,<0.3
 http://tarballs.openstack.org/oslo-config/oslo-config-2013.1b4.tar.gz#egg=oslo-config