Fix string conversion in s3 handler for python 2
creds_ref['secret'] in s3/ec2 controller has type unicode. and result type of six.b('AWS4' + secret) is an unicode. but hmac.new decoder can't work with unicode strings - it needs 'str' type in python 2. So here simple change is needed - encode result string as 'utf-8'. Same conversion we have in signature v1 checking. Also two comments from previous review was fixed. Change-Id: I80d862956eace35753f00459d49150a62f07101a Related-Bug: #1473042
This commit is contained in:
parent
baf76a387c
commit
bce8575c20
@ -108,17 +108,15 @@ class S3Controller(controllers.Ec2Controller):
|
|||||||
"""
|
"""
|
||||||
parts = string_to_sign.split(b'\n')
|
parts = string_to_sign.split(b'\n')
|
||||||
if len(parts) != 4 or parts[0] != b'AWS4-HMAC-SHA256':
|
if len(parts) != 4 or parts[0] != b'AWS4-HMAC-SHA256':
|
||||||
raise exception.Unauthorized(
|
raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
|
||||||
message=_('Invalid EC2 signature.'))
|
|
||||||
scope = parts[2].split(b'/')
|
scope = parts[2].split(b'/')
|
||||||
if len(scope) != 4 or scope[2] != b's3' or scope[3] != b'aws4_request':
|
if len(scope) != 4 or scope[2] != b's3' or scope[3] != b'aws4_request':
|
||||||
raise exception.Unauthorized(
|
raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
|
||||||
message=_('Invalid EC2 signature.'))
|
|
||||||
|
|
||||||
def _sign(key, msg):
|
def _sign(key, msg):
|
||||||
return hmac.new(key, msg, hashlib.sha256).digest()
|
return hmac.new(key, msg, hashlib.sha256).digest()
|
||||||
|
|
||||||
signed = _sign(six.b('AWS4' + secret_key), scope[0])
|
signed = _sign(('AWS4' + secret_key).encode('utf-8'), scope[0])
|
||||||
signed = _sign(signed, scope[1])
|
signed = _sign(signed, scope[1])
|
||||||
signed = _sign(signed, scope[2])
|
signed = _sign(signed, scope[2])
|
||||||
signed = _sign(signed, b'aws4_request')
|
signed = _sign(signed, b'aws4_request')
|
||||||
|
@ -29,7 +29,7 @@ class S3ContribCore(unit.TestCase):
|
|||||||
|
|
||||||
def test_good_signature_v1(self):
|
def test_good_signature_v1(self):
|
||||||
creds_ref = {'secret':
|
creds_ref = {'secret':
|
||||||
'b121dd41cdcc42fe9f70e572e84295aa'}
|
u'b121dd41cdcc42fe9f70e572e84295aa'}
|
||||||
credentials = {'token':
|
credentials = {'token':
|
||||||
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
|
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
|
||||||
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
|
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
|
||||||
@ -42,7 +42,7 @@ class S3ContribCore(unit.TestCase):
|
|||||||
|
|
||||||
def test_bad_signature_v1(self):
|
def test_bad_signature_v1(self):
|
||||||
creds_ref = {'secret':
|
creds_ref = {'secret':
|
||||||
'b121dd41cdcc42fe9f70e572e84295aa'}
|
u'b121dd41cdcc42fe9f70e572e84295aa'}
|
||||||
credentials = {'token':
|
credentials = {'token':
|
||||||
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
|
'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
|
||||||
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
|
'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
|
||||||
@ -56,7 +56,7 @@ class S3ContribCore(unit.TestCase):
|
|||||||
|
|
||||||
def test_good_signature_v4(self):
|
def test_good_signature_v4(self):
|
||||||
creds_ref = {'secret':
|
creds_ref = {'secret':
|
||||||
'e7a7a2240136494986991a6598d9fb9f'}
|
u'e7a7a2240136494986991a6598d9fb9f'}
|
||||||
credentials = {'token':
|
credentials = {'token':
|
||||||
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
|
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
|
||||||
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
|
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
|
||||||
@ -71,7 +71,7 @@ class S3ContribCore(unit.TestCase):
|
|||||||
|
|
||||||
def test_bad_signature_v4(self):
|
def test_bad_signature_v4(self):
|
||||||
creds_ref = {'secret':
|
creds_ref = {'secret':
|
||||||
'e7a7a2240136494986991a6598d9fb9f'}
|
u'e7a7a2240136494986991a6598d9fb9f'}
|
||||||
credentials = {'token':
|
credentials = {'token':
|
||||||
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
|
'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
|
||||||
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
|
'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
|
||||||
@ -85,7 +85,7 @@ class S3ContribCore(unit.TestCase):
|
|||||||
|
|
||||||
def test_bad_token_v4(self):
|
def test_bad_token_v4(self):
|
||||||
creds_ref = {'secret':
|
creds_ref = {'secret':
|
||||||
'e7a7a2240136494986991a6598d9fb9f'}
|
u'e7a7a2240136494986991a6598d9fb9f'}
|
||||||
# token has invalid format of first part
|
# token has invalid format of first part
|
||||||
credentials = {'token':
|
credentials = {'token':
|
||||||
'QVdTNC1BQUEKWApYClg=',
|
'QVdTNC1BQUEKWApYClg=',
|
||||||
|
Loading…
Reference in New Issue
Block a user