in alibabacloud_credentials/provider/rsa_key_pair.py [0:0]
def _refresh_credentials(self) -> RefreshResult[Credentials]:
tea_request = ph.get_new_request()
tea_request.query = {
'Action': 'GenerateSessionAccessKey',
'Format': 'JSON',
'Version': '2015-04-01',
'DurationSeconds': str(self._duration_seconds),
'SignatureMethod': 'HMAC-SHA1',
'SignatureVersion': '1.0',
'Timestamp': ph.get_iso_8061_date(),
'SignatureNonce': ph.get_uuid(),
'AccessKeyId': self._public_key_id,
}
string_to_sign = ph.compose_string_to_sign('GET', tea_request.query)
signature = ph.sign_string(string_to_sign, self._private_key + '&')
tea_request.query['Signature'] = signature
tea_request.protocol = 'https'
tea_request.headers['host'] = self._sts_endpoint
response = TeaCore.do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(
f'error refreshing credentials from rsa_key_pair, http_code: {response.status_code}, result: {response.body.decode("utf-8")}')
dic = json.loads(response.body.decode('utf-8'))
if 'SessionAccessKey' not in dic:
raise CredentialException(
f'error retrieving credentials from rsa_key_pair result: {response.body.decode("utf-8")}')
cre = dic.get('SessionAccessKey')
if 'SessionAccessKeyId' not in cre or 'SessionAccessKeySecret' not in cre:
raise CredentialException(
f'error retrieving credentials from rsa_key_pair result: {response.body.decode("utf-8")}')
# 先转换为时间数组
time_array = time.strptime(cre.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
# 转换为时间戳
expiration = calendar.timegm(time_array)
credentials = Credentials(
access_key_id=cre.get('SessionAccessKeyId'),
access_key_secret=cre.get('SessionAccessKeySecret'),
expiration=expiration,
provider_name=self.get_provider_name()
)
return RefreshResult(value=credentials,
stale_time=_get_stale_time(expiration))