]>
Commit | Line | Data |
---|---|---|
78466fca RA |
1 | # coding: utf-8 |
2 | from __future__ import unicode_literals | |
3 | ||
4 | import datetime | |
5 | import hashlib | |
6 | import hmac | |
7 | ||
8 | from .common import InfoExtractor | |
9 | from ..compat import compat_urllib_parse_urlencode | |
10 | ||
11 | ||
12 | class AWSIE(InfoExtractor): | |
13 | _AWS_ALGORITHM = 'AWS4-HMAC-SHA256' | |
14 | _AWS_REGION = 'us-east-1' | |
15 | ||
16 | def _aws_execute_api(self, aws_dict, video_id, query=None): | |
17 | query = query or {} | |
18 | amz_date = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ') | |
19 | date = amz_date[:8] | |
20 | headers = { | |
21 | 'Accept': 'application/json', | |
22 | 'Host': self._AWS_PROXY_HOST, | |
23 | 'X-Amz-Date': amz_date, | |
84f085d4 | 24 | 'X-Api-Key': self._AWS_API_KEY |
78466fca RA |
25 | } |
26 | session_token = aws_dict.get('session_token') | |
27 | if session_token: | |
28 | headers['X-Amz-Security-Token'] = session_token | |
78466fca RA |
29 | |
30 | def aws_hash(s): | |
31 | return hashlib.sha256(s.encode('utf-8')).hexdigest() | |
32 | ||
33 | # Task 1: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html | |
34 | canonical_querystring = compat_urllib_parse_urlencode(query) | |
35 | canonical_headers = '' | |
84f085d4 | 36 | for header_name, header_value in sorted(headers.items()): |
78466fca | 37 | canonical_headers += '%s:%s\n' % (header_name.lower(), header_value) |
84f085d4 | 38 | signed_headers = ';'.join([header.lower() for header in sorted(headers.keys())]) |
78466fca RA |
39 | canonical_request = '\n'.join([ |
40 | 'GET', | |
41 | aws_dict['uri'], | |
42 | canonical_querystring, | |
43 | canonical_headers, | |
44 | signed_headers, | |
45 | aws_hash('') | |
46 | ]) | |
47 | ||
48 | # Task 2: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html | |
49 | credential_scope_list = [date, self._AWS_REGION, 'execute-api', 'aws4_request'] | |
50 | credential_scope = '/'.join(credential_scope_list) | |
51 | string_to_sign = '\n'.join([self._AWS_ALGORITHM, amz_date, credential_scope, aws_hash(canonical_request)]) | |
52 | ||
53 | # Task 3: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html | |
54 | def aws_hmac(key, msg): | |
55 | return hmac.new(key, msg.encode('utf-8'), hashlib.sha256) | |
56 | ||
57 | def aws_hmac_digest(key, msg): | |
58 | return aws_hmac(key, msg).digest() | |
59 | ||
60 | def aws_hmac_hexdigest(key, msg): | |
61 | return aws_hmac(key, msg).hexdigest() | |
62 | ||
63 | k_signing = ('AWS4' + aws_dict['secret_key']).encode('utf-8') | |
64 | for value in credential_scope_list: | |
65 | k_signing = aws_hmac_digest(k_signing, value) | |
66 | ||
67 | signature = aws_hmac_hexdigest(k_signing, string_to_sign) | |
68 | ||
69 | # Task 4: http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html | |
70 | headers['Authorization'] = ', '.join([ | |
71 | '%s Credential=%s/%s' % (self._AWS_ALGORITHM, aws_dict['access_key'], credential_scope), | |
72 | 'SignedHeaders=%s' % signed_headers, | |
73 | 'Signature=%s' % signature, | |
74 | ]) | |
75 | ||
76 | return self._download_json( | |
77 | 'https://%s%s%s' % (self._AWS_PROXY_HOST, aws_dict['uri'], '?' + canonical_querystring if canonical_querystring else ''), | |
78 | video_id, headers=headers) |