ruiwen · December 19, 2015 16:18
diff --git a/s3selfsignedDELETE.py b/s3selfsignedDELETE.py

 import boto
 import os
 import json
 import base64
 import hashlib
 import requests
 import datetime
 import hmac
 import pytz


 sts_conn = boto.connect_sts(AWS_ACCESS_KEY, AWS_SECRET_KEY)
 s3_policy ='''{
  "Statement": [
    {
      "Sid": "AllowOnlyPutToBucket",
      "Action": ["s3:PutObject"],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bp-%(bucket_name)s/%(wrapper_id)s/*"
    },
    {
      "Sid": "AllowOnlyDeleteToBucket",
      "Action": ["s3:DeleteObject"],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bp-%(bucket_name)s/%(wrapper_id)s/*"
    }
    ]
 }'''

 data = {
    "bucket_name": "usermedia",
    "wrapper_id": "abc123"
 }
 ft = sts_conn.get_federation_token(name=data['wrapper_id'], policy=s3_policy % data, duration=3600)
 creds = ft.credentials

 print "Credentials obtained"

 print "Clients should implement the process below this line"
 print "#" * 30
 print "\n\n"

 delete_name = "%s/e3def85a65c3a2b58d8241b424a6d66b86ff1296_img_thumb.jpg" % data['wrapper_id']

 # Headers
 headers = {
    'Host': 'bp-%s.s3.amazonaws.com' % data['bucket_name'],
    'Date': (datetime.datetime.utcnow()).strftime("%a, %d %b %Y %H:%M:%S +0000"),
    'x-amz-security-token': creds.session_token
 }

 # CanonicalizedResource Element
 # /<bucket_name>/<file_name.ext>
 canonicalized_resource = "/bp-%s/%s" % (data['bucket_name'], delete_name)


 # CanonicalizedAmzHeaders
 prepped_headers = {}
 for h in headers:
    if not h.lower().startswith("x-amz"):
        continue
    hl = h.lower()
    prepped_headers[hl] =  prepped_headers[hl] + "," + headers[h] if hl in prepped_headers else headers[h]

 header_names = map(lambda x: x.lower(), prepped_headers.keys())
 header_names.sort()
 canonicalized_amz_headers = ["%s:%s" % (h, prepped_headers[h]) for h in header_names]
 canonicalized_amz_headers = u"\u000a".join(canonicalized_amz_headers)

 # StringToSign = HTTP-Verb + "\n" +
 #   Content-MD5 + "\n" +
 #   Content-Type + "\n" +
 #   Date + "\n" +
 #   CanonicalizedAmzHeaders +
 #   CanonicalizedResource;

 items_to_sign = [
                  "DELETE",
                  "",
                  "",
                  headers['Date'],
                  canonicalized_amz_headers,
                  canonicalized_resource
                ]
 string_to_sign = u'\u000a'.join(items_to_sign)
 print string_to_sign

 # Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
 signature = base64.b64encode(hmac.new(creds.secret_key.encode("utf-8"), string_to_sign.encode("utf-8"), hashlib.sha1).digest())

 # Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
 auth_header = "AWS %s:%s" % (creds.access_key, signature)
 print "Authorization: %s" % auth_header
 headers['Authorization'] = auth_header

 r = requests.delete("https://bp-%s.s3.amazonaws.com/%s" % (data['bucket_name'], delete_name), headers=headers)

 print r.headers
 print r.status_code
 print r.text

	import boto
	import os
	import json
	import base64
	import hashlib
	import requests
	import datetime
	import hmac
	import pytz


	sts_conn = boto.connect_sts(AWS_ACCESS_KEY, AWS_SECRET_KEY)
	s3_policy ='''{
	"Statement": [
	{
	"Sid": "AllowOnlyPutToBucket",
	"Action": ["s3:PutObject"],
	"Effect": "Allow",
	"Resource": "arn:aws:s3:::bp-%(bucket_name)s/%(wrapper_id)s/*"
	},
	{
	"Sid": "AllowOnlyDeleteToBucket",
	"Action": ["s3:DeleteObject"],
	"Effect": "Allow",
	"Resource": "arn:aws:s3:::bp-%(bucket_name)s/%(wrapper_id)s/*"
	}
	]
	}'''

	data = {
	"bucket_name": "usermedia",
	"wrapper_id": "abc123"
	}
	ft = sts_conn.get_federation_token(name=data['wrapper_id'], policy=s3_policy % data, duration=3600)
	creds = ft.credentials

	print "Credentials obtained"

	print "Clients should implement the process below this line"
	print "#" * 30
	print "\n\n"

	delete_name = "%s/e3def85a65c3a2b58d8241b424a6d66b86ff1296_img_thumb.jpg" % data['wrapper_id']

	# Headers
	headers = {
	'Host': 'bp-%s.s3.amazonaws.com' % data['bucket_name'],
	'Date': (datetime.datetime.utcnow()).strftime("%a, %d %b %Y %H:%M:%S +0000"),
	'x-amz-security-token': creds.session_token
	}

	# CanonicalizedResource Element
	# /<bucket_name>/<file_name.ext>
	canonicalized_resource = "/bp-%s/%s" % (data['bucket_name'], delete_name)


	# CanonicalizedAmzHeaders
	prepped_headers = {}
	for h in headers:
	if not h.lower().startswith("x-amz"):
	continue
	hl = h.lower()
	prepped_headers[hl] = prepped_headers[hl] + "," + headers[h] if hl in prepped_headers else headers[h]

	header_names = map(lambda x: x.lower(), prepped_headers.keys())
	header_names.sort()
	canonicalized_amz_headers = ["%s:%s" % (h, prepped_headers[h]) for h in header_names]
	canonicalized_amz_headers = u"\u000a".join(canonicalized_amz_headers)

	# StringToSign = HTTP-Verb + "\n" +
	# Content-MD5 + "\n" +
	# Content-Type + "\n" +
	# Date + "\n" +
	# CanonicalizedAmzHeaders +
	# CanonicalizedResource;

	items_to_sign = [
	"DELETE",
	"",
	"",
	headers['Date'],
	canonicalized_amz_headers,
	canonicalized_resource
	]
	string_to_sign = u'\u000a'.join(items_to_sign)
	print string_to_sign

	# Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
	signature = base64.b64encode(hmac.new(creds.secret_key.encode("utf-8"), string_to_sign.encode("utf-8"), hashlib.sha1).digest())

	# Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
	auth_header = "AWS %s:%s" % (creds.access_key, signature)
	print "Authorization: %s" % auth_header
	headers['Authorization'] = auth_header

	r = requests.delete("https://bp-%s.s3.amazonaws.com/%s" % (data['bucket_name'], delete_name), headers=headers)

	print r.headers
	print r.status_code
	print r.text