From 4f53f935a40ad0c90c02a02a56c18825a3d14bdb Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Sat, 6 Jul 2013 09:29:09 +0100
Subject: [PATCH] Ec2Signer : Modify v4 signer to match latest boto

Previously the port component of the host:port header was stripped
to match what boto (2.6.0->2.9.2) did, however it seems that was a
n error in boto as from boto commit cfaba39 (in 2.9.3) the port is
now appended.

This means that when this fix is used with keystone, APIs which use
keystone to validate ec2 style v4 signatures (e.g the heat cfn API)
will require python-boto >= 2.9.3

Fixes bug #1197553

Change-Id: I4c01e7aef7015a79e6e6263492c51caf3a08e9e4
---
 keystoneclient/contrib/ec2/utils.py |  7 +-----
 tests/test_ec2utils.py              | 36 +++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/keystoneclient/contrib/ec2/utils.py b/keystoneclient/contrib/ec2/utils.py
index c971b5908..df1ca99d4 100644
--- a/keystoneclient/contrib/ec2/utils.py
+++ b/keystoneclient/contrib/ec2/utils.py
@@ -216,12 +216,7 @@ class Ec2Signer(object):
             for h in sh_str.split(';'):
                 if h not in headers_lower:
                     continue
-                if h == 'host':
-                    # Note we discard any port suffix
-                    header_list.append('%s:%s' %
-                                       (h, headers_lower[h].split(':')[0]))
-                else:
-                    header_list.append('%s:%s' % (h, headers_lower[h]))
+                header_list.append('%s:%s' % (h, headers_lower[h]))
             return '\n'.join(header_list) + '\n'
 
         # Create canonical request:
diff --git a/tests/test_ec2utils.py b/tests/test_ec2utils.py
index a3c36facf..45eb9b900 100644
--- a/tests/test_ec2utils.py
+++ b/tests/test_ec2utils.py
@@ -143,3 +143,39 @@ class Ec2SignerTest(testtools.TestCase):
         expected = ('ced6826de92d2bdeed8f846f0bf508e8'
                     '559e98e4b0199114b84c54174deb456c')
         self.assertEqual(signature, expected)
+
+    def test_generate_v4_port(self):
+        """
+        Test v4 generator with host:port format
+        """
+        # Create a new signer object with the AWS example key
+        secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
+        signer = Ec2Signer(secret)
+
+        body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
+                     '1bf2c23245fa365ef83fe8f1f955085e2')
+        auth_str = ('AWS4-HMAC-SHA256 '
+                    'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
+                    'us-east-1/iam/aws4_request,'
+                    'SignedHeaders=content-type;host;x-amz-date,')
+        headers = {'Content-type':
+                   'application/x-www-form-urlencoded; charset=utf-8',
+                   'X-Amz-Date': '20110909T233600Z',
+                   'Host': 'foo:8000',
+                   'Authorization': auth_str}
+        # Note the example in the AWS docs is inconsistent, previous
+        # examples specify no query string, but the final POST example
+        # does, apparently incorrectly since an empty parameter list
+        # aligns all steps and the final signature with the examples
+        params = {}
+        credentials = {'host': 'foo:8000',
+                       'verb': 'POST',
+                       'path': '/',
+                       'params': params,
+                       'headers': headers,
+                       'body_hash': body_hash}
+        signature = signer.generate(credentials)
+
+        expected = ('26dd92ea79aaa49f533d13b1055acdc'
+                    'd7d7321460d64621f96cc79c4f4d4ab2b')
+        self.assertEqual(signature, expected)