You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

78 lines
3.0 KiB

  1. # coding: utf-8
  2. from __future__ import unicode_literals
  3. import datetime
  4. import hashlib
  5. import hmac
  6. from .common import InfoExtractor
  7. from ..compat import compat_urllib_parse_urlencode
  8. class AWSIE(InfoExtractor):
  9. _AWS_ALGORITHM = 'AWS4-HMAC-SHA256'
  10. _AWS_REGION = 'us-east-1'
  11. def _aws_execute_api(self, aws_dict, video_id, query=None):
  12. query = query or {}
  13. amz_date = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
  14. date = amz_date[:8]
  15. headers = {
  16. 'Accept': 'application/json',
  17. 'Host': self._AWS_PROXY_HOST,
  18. 'X-Amz-Date': amz_date,
  19. 'X-Api-Key': self._AWS_API_KEY
  20. }
  21. session_token = aws_dict.get('session_token')
  22. if session_token:
  23. headers['X-Amz-Security-Token'] = session_token
  24. def aws_hash(s):
  25. return hashlib.sha256(s.encode('utf-8')).hexdigest()
  26. # Task 1: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
  27. canonical_querystring = compat_urllib_parse_urlencode(query)
  28. canonical_headers = ''
  29. for header_name, header_value in sorted(headers.items()):
  30. canonical_headers += '%s:%s\n' % (header_name.lower(), header_value)
  31. signed_headers = ';'.join([header.lower() for header in sorted(headers.keys())])
  32. canonical_request = '\n'.join([
  33. 'GET',
  34. aws_dict['uri'],
  35. canonical_querystring,
  36. canonical_headers,
  37. signed_headers,
  38. aws_hash('')
  39. ])
  40. # Task 2: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
  41. credential_scope_list = [date, self._AWS_REGION, 'execute-api', 'aws4_request']
  42. credential_scope = '/'.join(credential_scope_list)
  43. string_to_sign = '\n'.join([self._AWS_ALGORITHM, amz_date, credential_scope, aws_hash(canonical_request)])
  44. # Task 3: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
  45. def aws_hmac(key, msg):
  46. return hmac.new(key, msg.encode('utf-8'), hashlib.sha256)
  47. def aws_hmac_digest(key, msg):
  48. return aws_hmac(key, msg).digest()
  49. def aws_hmac_hexdigest(key, msg):
  50. return aws_hmac(key, msg).hexdigest()
  51. k_signing = ('AWS4' + aws_dict['secret_key']).encode('utf-8')
  52. for value in credential_scope_list:
  53. k_signing = aws_hmac_digest(k_signing, value)
  54. signature = aws_hmac_hexdigest(k_signing, string_to_sign)
  55. # Task 4: http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
  56. headers['Authorization'] = ', '.join([
  57. '%s Credential=%s/%s' % (self._AWS_ALGORITHM, aws_dict['access_key'], credential_scope),
  58. 'SignedHeaders=%s' % signed_headers,
  59. 'Signature=%s' % signature,
  60. ])
  61. return self._download_json(
  62. 'https://%s%s%s' % (self._AWS_PROXY_HOST, aws_dict['uri'], '?' + canonical_querystring if canonical_querystring else ''),
  63. video_id, headers=headers)