fix EC2 Signature Version 4 calculation, in the case of POST

When calculating the AWS Signature Version 4, in the case of POST,
We need to set the CanonicalQueryString to an empty string. this
follows the implementation of the AWS and boto clients.

Change-Id: Iad4e392119067e246c7b77009da3fef48d251382
Closes-Bug: 1360892
This commit is contained in:
Yukinori Sagara 2014-08-25 10:53:30 +09:00
parent 1643f7da32
commit cf5e45dd5b
2 changed files with 19 additions and 2 deletions

View File

@ -232,12 +232,19 @@ class Ec2Signer(object):
header_list.append('%s:%s' % (h, headers_lower[h]))
return '\n'.join(header_list) + '\n'
def canonical_query_str(verb, params):
# POST requests pass parameters in through the request body
canonical_qs = ''
if verb.upper() != 'POST':
canonical_qs = self._canonical_qs(params)
return canonical_qs
# Create canonical request:
# http://docs.aws.amazon.com/general/latest/gr/
# sigv4-create-canonical-request.html
# Get parameters and headers in expected string format
cr = "\n".join((verb.upper(), path,
self._canonical_qs(params),
canonical_query_str(verb, params),
canonical_header_str(),
auth_param('SignedHeaders'),
body_hash))

View File

@ -130,7 +130,17 @@ class Ec2SignerTest(testtools.TestCase):
# examples specify no query string, but the final POST example
# does, apparently incorrectly since an empty parameter list
# aligns all steps and the final signature with the examples
params = {}
params = {'Action': 'CreateUser',
'UserName': 'NewUser',
'Version': '2010-05-08',
'X-Amz-Algorithm': 'AWS4-HMAC-SHA256',
'X-Amz-Credential': 'AKIAEXAMPLE/20140611/'
'us-east-1/iam/aws4_request',
'X-Amz-Date': '20140611T231318Z',
'X-Amz-Expires': '30',
'X-Amz-SignedHeaders': 'host',
'X-Amz-Signature': 'ced6826de92d2bdeed8f846f0bf508e8'
'559e98e4b0199114b84c54174deb456c'}
credentials = {'host': 'iam.amazonaws.com',
'verb': 'POST',
'path': '/',