Browse Source

Fix string conversion in s3 handler for python 2

creds_ref['secret'] in s3/ec2 controller has type unicode.
and result type of six.b('AWS4' + secret) is an unicode.
but hmac.new decoder can't work with unicode strings - it
needs 'str' type in python 2.
So here simple change is needed - encode result string as 'utf-8'.
Same conversion we have in signature v1 checking.

Also two comments from previous review was fixed.

Change-Id: I80d862956eace35753f00459d49150a62f07101a
Related-Bug: #1473042
changes/44/246844/1
Andrey Pavlov 6 years ago
parent
commit
bce8575c20
2 changed files with 8 additions and 10 deletions
  1. +3
    -5
      keystone/contrib/s3/core.py
  2. +5
    -5
      keystone/tests/unit/test_contrib_s3_core.py

+ 3
- 5
keystone/contrib/s3/core.py View File

@ -108,17 +108,15 @@ class S3Controller(controllers.Ec2Controller):
"""
parts = string_to_sign.split(b'\n')
if len(parts) != 4 or parts[0] != b'AWS4-HMAC-SHA256':
raise exception.Unauthorized(
message=_('Invalid EC2 signature.'))
raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
scope = parts[2].split(b'/')
if len(scope) != 4 or scope[2] != b's3' or scope[3] != b'aws4_request':
raise exception.Unauthorized(
message=_('Invalid EC2 signature.'))
raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
def _sign(key, msg):
return hmac.new(key, msg, hashlib.sha256).digest()
signed = _sign(six.b('AWS4' + secret_key), scope[0])
signed = _sign(('AWS4' + secret_key).encode('utf-8'), scope[0])
signed = _sign(signed, scope[1])
signed = _sign(signed, scope[2])
signed = _sign(signed, b'aws4_request')


+ 5
- 5
keystone/tests/unit/test_contrib_s3_core.py View File

@ -29,7 +29,7 @@ class S3ContribCore(unit.TestCase):
def test_good_signature_v1(self):
creds_ref = {'secret':
'b121dd41cdcc42fe9f70e572e84295aa'}
u'b121dd41cdcc42fe9f70e572e84295aa'}
credentials = {'token':
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
@ -42,7 +42,7 @@ class S3ContribCore(unit.TestCase):
def test_bad_signature_v1(self):
creds_ref = {'secret':
'b121dd41cdcc42fe9f70e572e84295aa'}
u'b121dd41cdcc42fe9f70e572e84295aa'}
credentials = {'token':
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
@ -56,7 +56,7 @@ class S3ContribCore(unit.TestCase):
def test_good_signature_v4(self):
creds_ref = {'secret':
'e7a7a2240136494986991a6598d9fb9f'}
u'e7a7a2240136494986991a6598d9fb9f'}
credentials = {'token':
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
@ -71,7 +71,7 @@ class S3ContribCore(unit.TestCase):
def test_bad_signature_v4(self):
creds_ref = {'secret':
'e7a7a2240136494986991a6598d9fb9f'}
u'e7a7a2240136494986991a6598d9fb9f'}
credentials = {'token':
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
@ -85,7 +85,7 @@ class S3ContribCore(unit.TestCase):
def test_bad_token_v4(self):
creds_ref = {'secret':
'e7a7a2240136494986991a6598d9fb9f'}
u'e7a7a2240136494986991a6598d9fb9f'}
# token has invalid format of first part
credentials = {'token':
'QVdTNC1BQUEKWApYClg=',


Loading…
Cancel
Save