Ec2Signer : Modify v4 signer to match latest boto

Previously the port component of the host:port header was stripped to match what boto (2.6.0->2.9.2) did, however it seems that was a n error in boto as from boto commit cfaba39 (in 2.9.3) the port is now appended. This means that when this fix is used with keystone, APIs which use keystone to validate ec2 style v4 signatures (e.g the heat cfn API) will require python-boto >= 2.9.3 Fixes bug #1197553 Change-Id: I4c01e7aef7015a79e6e6263492c51caf3a08e9e4
2013-07-06 09:29:09 +01:00
parent 6139663e09
commit 4f53f935a4
2 changed files with 37 additions and 6 deletions
--- a/keystoneclient/contrib/ec2/utils.py
+++ b/keystoneclient/contrib/ec2/utils.py
@@ -216,12 +216,7 @@ class Ec2Signer(object):
            for h in sh_str.split(';'):
                if h not in headers_lower:
                    continue
-                if h == 'host':
-                    # Note we discard any port suffix
-                    header_list.append('%s:%s' %
-                                       (h, headers_lower[h].split(':')[0]))
-                else:
-                    header_list.append('%s:%s' % (h, headers_lower[h]))
+                header_list.append('%s:%s' % (h, headers_lower[h]))
            return '\n'.join(header_list) + '\n'

        # Create canonical request:
--- a/tests/test_ec2utils.py
+++ b/tests/test_ec2utils.py
@@ -143,3 +143,39 @@ class Ec2SignerTest(testtools.TestCase):
        expected = ('ced6826de92d2bdeed8f846f0bf508e8'
                    '559e98e4b0199114b84c54174deb456c')
        self.assertEqual(signature, expected)
+
+    def test_generate_v4_port(self):
+        """
+        Test v4 generator with host:port format
+        """
+        # Create a new signer object with the AWS example key
+        secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
+        signer = Ec2Signer(secret)
+
+        body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
+                     '1bf2c23245fa365ef83fe8f1f955085e2')
+        auth_str = ('AWS4-HMAC-SHA256 '
+                    'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
+                    'us-east-1/iam/aws4_request,'
+                    'SignedHeaders=content-type;host;x-amz-date,')
+        headers = {'Content-type':
+                   'application/x-www-form-urlencoded; charset=utf-8',
+                   'X-Amz-Date': '20110909T233600Z',
+                   'Host': 'foo:8000',
+                   'Authorization': auth_str}
+        # Note the example in the AWS docs is inconsistent, previous
+        # examples specify no query string, but the final POST example
+        # does, apparently incorrectly since an empty parameter list
+        # aligns all steps and the final signature with the examples
+        params = {}
+        credentials = {'host': 'foo:8000',
+                       'verb': 'POST',
+                       'path': '/',
+                       'params': params,
+                       'headers': headers,
+                       'body_hash': body_hash}
+        signature = signer.generate(credentials)
+
+        expected = ('26dd92ea79aaa49f533d13b1055acdc'
+                    'd7d7321460d64621f96cc79c4f4d4ab2b')
+        self.assertEqual(signature, expected)