How to sign amazon web service requests from the python app engine?

后端未结

关注

 6  1683

清歌不尽 2021-02-06 18:53

I use Amazon web service api from within my Google app engine application. Amazon have said that they will only accept signed requests from Aug 15, 2009. While they have given

6条回答

故里飘歌 (楼主)

2021-02-06 19:43

I use this one using pycrypto to generate a custom policy:

import json                                                                                                                                                                 
import time                                                                                                                                                                 

from Crypto.Hash import SHA                                                                                                                                                 
from Crypto.PublicKey import RSA                                                                                                                                            
from Crypto.Signature import PKCS1_v1_5                                                                                                                                     
from base64 import b64encode                                                                                                                                                

url = "http://*"                                                                                                                                                            
expires = int(time.time() + 3600)

pem = """-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----"""

key_pair_id = 'APK.....'

policy = {}                                                                                                                                                                 
policy['Statement'] = [{}]                                                                                                                                                  
policy['Statement'][0]['Resource'] = url                                                                                                                                    
policy['Statement'][0]['Condition'] = {}                                                                                                                                    
policy['Statement'][0]['Condition']['DateLessThan'] = {}                                                                                                                    
policy['Statement'][0]['Condition']['DateLessThan']['AWS:EpochTime'] = expires

policy = json.dumps(policy) 

private_key = RSA.importKey(pem)                                                                                                                                            
policy_hash = SHA.new(policy)                                                                                                                                               
signer = PKCS1_v1_5.new(private_key)                                                                                                                                        
signature = b64encode(signer.sign(policy_hash))

print '?Policy=%s&Signature=%s&Key-Pair-Id=%s' % (b64encode(policy),                                                                                                        
                                                  signature,                                                                                                                
                                                  key_pair_id)

This allows me to use one key for multiple items, something like:

http://your_domain/image1.png?Policy...
http://your_domain/image2.png?Policy...
http://your_domain/file1.json?Policy...

Don't forget to enable pycrypto by adding this lines to the app.yaml

libraries:
- name: pycrypto
  version: latest

0 讨论(0)

查看其它6个回答