Created
July 19, 2019 23:47
-
-
Save jmatt/f18fc75a10423147565ec6b22832726d to your computer and use it in GitHub Desktop.
GS presign source code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import binascii | |
import collections | |
import datetime | |
import hashlib | |
import sys | |
from six.moves.urllib.parse import quote | |
from google.oauth2 import service_account | |
def generate_signed_url(service_account_file, bucket_name, object_name, | |
expiration, http_method='GET', query_parameters=None, | |
headers=None): | |
if expiration > 604800: | |
print('Expiration Time can\'t be longer than 604800 seconds (7 days).') | |
sys.exit(1) | |
escaped_object_name = quote(object_name, safe='') | |
canonical_uri = '/{}/{}'.format(bucket_name, escaped_object_name) | |
datetime_now = datetime.datetime.utcnow() | |
request_timestamp = datetime_now.strftime('%Y%m%dT%H%M%SZ') | |
datestamp = datetime_now.strftime('%Y%m%d') | |
google_credentials = service_account.Credentials.from_service_account_file( | |
service_account_file) | |
client_email = google_credentials.service_account_email | |
credential_scope = '{}/auto/storage/goog4_request'.format(datestamp) | |
credential = '{}/{}'.format(client_email, credential_scope) | |
if headers is None: | |
headers = dict() | |
headers['host'] = 'storage.googleapis.com' | |
canonical_headers = '' | |
ordered_headers = collections.OrderedDict(sorted(headers.items())) | |
for k, v in ordered_headers.items(): | |
lower_k = str(k).lower() | |
strip_v = str(v).lower() | |
canonical_headers += '{}:{}\n'.format(lower_k, strip_v) | |
signed_headers = '' | |
for k, _ in ordered_headers.items(): | |
lower_k = str(k).lower() | |
signed_headers += '{};'.format(lower_k) | |
signed_headers = signed_headers[:-1] # remove trailing ';' | |
if query_parameters is None: | |
query_parameters = dict() | |
query_parameters['X-Goog-Algorithm'] = 'GOOG4-RSA-SHA256' | |
query_parameters['X-Goog-Credential'] = credential | |
query_parameters['X-Goog-Date'] = request_timestamp | |
query_parameters['X-Goog-Expires'] = expiration | |
query_parameters['X-Goog-SignedHeaders'] = signed_headers | |
canonical_query_string = '' | |
ordered_query_parameters = collections.OrderedDict( | |
sorted(query_parameters.items())) | |
for k, v in ordered_query_parameters.items(): | |
encoded_k = quote(str(k), safe='') | |
encoded_v = quote(str(v), safe='') | |
canonical_query_string += '{}={}&'.format(encoded_k, encoded_v) | |
canonical_query_string = canonical_query_string[:-1] # remove trailing ';' | |
canonical_request = '\n'.join([http_method, | |
canonical_uri, | |
canonical_query_string, | |
canonical_headers, | |
signed_headers, | |
'UNSIGNED-PAYLOAD']) | |
canonical_request_hash = hashlib.sha256( | |
canonical_request.encode()).hexdigest() | |
string_to_sign = '\n'.join(['GOOG4-RSA-SHA256', | |
request_timestamp, | |
credential_scope, | |
canonical_request_hash]) | |
signature = binascii.hexlify( | |
google_credentials.signer.sign(string_to_sign) | |
).decode() | |
host_name = 'https://storage.googleapis.com' | |
signed_url = '{}{}?{}&X-Goog-Signature={}'.format(host_name, canonical_uri, | |
canonical_query_string, | |
signature) | |
return signed_url |
Author
jmatt
commented
Jul 19, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment