in aws_jupyter_proxy/awsproxy.py [0:0]
def _sigv4_auth_header(self, downstream_request_path) -> str:
"""
Computes the SigV4 signature following https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
:param downstream_request_path: the URL path for the downstream service's request
:return: the Authorization header containing SigV4 credetntials
"""
# ************* TASK 1: CREATE THE CANONICAL REQUEST*************
canonical_method = self.upstream_request.method
canonical_uri = quote(downstream_request_path)
canonical_querystring = self._get_canonical_querystring()
signed_headers, canonical_headers = self._get_signed_canonical_headers()
payload_hash = hashlib.sha256(self.upstream_request.body).hexdigest()
canonical_request = (
f"{canonical_method}\n"
f"{canonical_uri}\n"
f"{canonical_querystring}\n"
f"{canonical_headers}\n"
f"{signed_headers}\n"
f"{payload_hash}"
)
# ************* TASK 2: CREATE THE STRING TO SIGN*************
algorithm = "AWS4-HMAC-SHA256"
region = self._get_downstream_signing_region()
amz_date = self.upstream_request.headers["X-Amz-Date"]
date_stamp = amz_date[0:8]
credential_scope = (
f"{date_stamp}/{region}/{self.service_info.service_name}/aws4_request"
)
request_digest = hashlib.sha256(canonical_request.encode("utf-8")).hexdigest()
string_to_sign = (
f"{algorithm}\n" f"{amz_date}\n" f"{credential_scope}\n" f"{request_digest}"
)
# ************* TASK 3: CALCULATE THE SIGNATURE *************
signing_key = get_signature_key(
self.credentials.secret_key,
date_stamp,
region,
self.service_info.service_name,
)
signature = hmac.new(
signing_key, string_to_sign.encode("utf-8"), hashlib.sha256
).hexdigest()
# ************* TASK 4: BUILD THE AUTH HEADER *************
authorization_header = (
f"{algorithm} "
f"Credential={self.credentials.access_key}/{credential_scope}, "
f"SignedHeaders={signed_headers}, "
f"Signature={signature}"
)
return authorization_header