Ec2Signer : Modify v4 signer to match latest boto

Previously the port component of the host:port header was stripped
to match what boto (2.6.0->2.9.2) did, however it seems that was a
n error in boto as from boto commit cfaba39 (in 2.9.3) the port is
now appended.

This means that when this fix is used with keystone, APIs which use
keystone to validate ec2 style v4 signatures (e.g the heat cfn API)
will require python-boto >= 2.9.3

Fixes bug #1197553

Change-Id: I4c01e7aef7015a79e6e6263492c51caf3a08e9e4
This commit is contained in:
Steven Hardy
2013-07-06 09:29:09 +01:00
parent 6139663e09
commit 4f53f935a4
2 changed files with 37 additions and 6 deletions

View File

@@ -216,12 +216,7 @@ class Ec2Signer(object):
for h in sh_str.split(';'):
if h not in headers_lower:
continue
if h == 'host':
# Note we discard any port suffix
header_list.append('%s:%s' %
(h, headers_lower[h].split(':')[0]))
else:
header_list.append('%s:%s' % (h, headers_lower[h]))
header_list.append('%s:%s' % (h, headers_lower[h]))
return '\n'.join(header_list) + '\n'
# Create canonical request:

View File

@@ -143,3 +143,39 @@ class Ec2SignerTest(testtools.TestCase):
expected = ('ced6826de92d2bdeed8f846f0bf508e8'
'559e98e4b0199114b84c54174deb456c')
self.assertEqual(signature, expected)
def test_generate_v4_port(self):
"""
Test v4 generator with host:port format
"""
# Create a new signer object with the AWS example key
secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
signer = Ec2Signer(secret)
body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
'1bf2c23245fa365ef83fe8f1f955085e2')
auth_str = ('AWS4-HMAC-SHA256 '
'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
'us-east-1/iam/aws4_request,'
'SignedHeaders=content-type;host;x-amz-date,')
headers = {'Content-type':
'application/x-www-form-urlencoded; charset=utf-8',
'X-Amz-Date': '20110909T233600Z',
'Host': 'foo:8000',
'Authorization': auth_str}
# Note the example in the AWS docs is inconsistent, previous
# examples specify no query string, but the final POST example
# does, apparently incorrectly since an empty parameter list
# aligns all steps and the final signature with the examples
params = {}
credentials = {'host': 'foo:8000',
'verb': 'POST',
'path': '/',
'params': params,
'headers': headers,
'body_hash': body_hash}
signature = signer.generate(credentials)
expected = ('26dd92ea79aaa49f533d13b1055acdc'
'd7d7321460d64621f96cc79c4f4d4ab2b')
self.assertEqual(signature, expected)