OpenStack Identity (Keystone)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

51 lines
1.5 KiB

# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Main entry point into the S3 Credentials service.
TODO-DOCS
"""
import base64
import hmac
from hashlib import sha1
from keystone import config
from keystone.common import wsgi
from keystone.contrib import ec2
CONF = config.CONF
class S3Extension(wsgi.ExtensionRouter):
def add_routes(self, mapper):
controller = S3Controller()
# validation
mapper.connect('/s3tokens',
controller=controller,
action='authenticate',
conditions=dict(method=['POST']))
class S3Controller(ec2.Ec2Controller):
def check_signature(self, creds_ref, credentials):
msg = base64.urlsafe_b64decode(str(credentials['token']))
key = str(creds_ref['secret'])
signed = base64.encodestring(hmac.new(key, msg, sha1).digest()).strip()
if credentials['signature'] != signed:
raise Exception('Not Authorized')