Merging in latest boto.

boto/auth.py

 # Copyright 2010 Google Inc.
 # Copyright (c) 2011 Mitch Garnaat http://garnaat.org/
 # Copyright (c) 2011, Eucalyptus Systems, Inc.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
 # copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish, dis-
 # tribute, sublicense, and/or sell copies of the Software, and to permit
 # persons to whom the Software is furnished to do so, subject to the fol-
@@ skipping 16 matching lines @@
 """
 
 import base64
 import boto
 import boto.auth_handler
 import boto.exception
 import boto.plugin
 import boto.utils
 import hmac
 import sys
-import time
 import urllib
+from email.utils import formatdate
 
 from boto.auth_handler import AuthHandler
 from boto.exception import BotoClientError
 #
 # the following is necessary because of the incompatibilities
 # between Python 2.4, 2.5, and 2.6 as well as the fact that some
 # people running 2.4 have installed hashlib as a separate module
 # this fix was provided by boto user mccormix.
 # see: http://code.google.com/p/boto/issues/detail?id=172
 # for more details.
@@ skipping 21 matching lines @@
 
 class HmacKeys(object):
     """Key based Auth handler helper."""
 
     def __init__(self, host, config, provider):
         if provider.access_key is None or provider.secret_key is None:
             raise boto.auth_handler.NotReadyToAuthenticate()
         self._provider = provider
         self._hmac = hmac.new(self._provider.secret_key, digestmod=sha)
         if sha256:
-            self._hmac_256 = hmac.new(self._provider.secret_key, digestmod=sha256)
+            self._hmac_256 = hmac.new(self._provider.secret_key,
+                                      digestmod=sha256)
         else:
             self._hmac_256 = None
 
     def algorithm(self):
         if self._hmac_256:
             return 'HmacSHA256'
         else:
             return 'HmacSHA1'
 
     def sign_string(self, string_to_sign):
@@ skipping 13 matching lines @@
     def __init__(self, host, config, provider):
         AuthHandler.__init__(self, host, config, provider)
         HmacKeys.__init__(self, host, config, provider)
         self._hmac_256 = None
         
     def add_auth(self, http_request, **kwargs):
         headers = http_request.headers
         method = http_request.method
         auth_path = http_request.auth_path
         if not headers.has_key('Date'):
-            headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT",
-                                            time.gmtime())
+            headers['Date'] = formatdate(usegmt=True)
 
+        if self._provider.security_token:
+            key = self._provider.security_token_header
+            headers[key] = self._provider.security_token
         c_string = boto.utils.canonical_string(method, auth_path, headers,
                                                None, self._provider)
         b64_hmac = self.sign_string(c_string)
         auth_hdr = self._provider.auth_header
         headers['Authorization'] = ("%s %s:%s" %
                                     (auth_hdr,
                                      self._provider.access_key, b64_hmac))
 
 class HmacAuthV2Handler(AuthHandler, HmacKeys):
     """
     Implements the simplified HMAC authorization used by CloudFront.
     """
     capability = ['hmac-v2', 'cloudfront']
     
     def __init__(self, host, config, provider):
         AuthHandler.__init__(self, host, config, provider)
         HmacKeys.__init__(self, host, config, provider)
         self._hmac_256 = None
         
     def add_auth(self, http_request, **kwargs):
         headers = http_request.headers
         if not headers.has_key('Date'):
-            headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT",
-                                            time.gmtime())
+            headers['Date'] = formatdate(usegmt=True)
 
         b64_hmac = self.sign_string(headers['Date'])
         auth_hdr = self._provider.auth_header
         headers['Authorization'] = ("%s %s:%s" %
                                     (auth_hdr,
                                      self._provider.access_key, b64_hmac))
         
 class HmacAuthV3Handler(AuthHandler, HmacKeys):
     """Implements the new Version 3 HMAC authorization used by Route53."""
     
     capability = ['hmac-v3', 'route53', 'ses']
     
     def __init__(self, host, config, provider):
         AuthHandler.__init__(self, host, config, provider)
         HmacKeys.__init__(self, host, config, provider)
         
     def add_auth(self, http_request, **kwargs):
         headers = http_request.headers
         if not headers.has_key('Date'):
-            headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT",
-                                            time.gmtime())
+            headers['Date'] = formatdate(usegmt=True)
 
         b64_hmac = self.sign_string(headers['Date'])
         s = "AWS3-HTTPS AWSAccessKeyId=%s," % self._provider.access_key
         s += "Algorithm=%s,Signature=%s" % (self.algorithm(), b64_hmac)
         headers['X-Amzn-Authorization'] = s
 
 class QuerySignatureHelper(HmacKeys):
     """Helper for Query signature based Auth handler.
 
     Concrete sub class need to implement _calc_sigature method.
     """
 
     def add_auth(self, http_request, **kwargs):
         headers = http_request.headers
         params = http_request.params
         params['AWSAccessKeyId'] = self._provider.access_key
         params['SignatureVersion'] = self.SignatureVersion
         params['Timestamp'] = boto.utils.get_ts()
         qs, signature = self._calc_signature(
             http_request.params, http_request.method,
-            http_request.path, http_request.host)
+            http_request.auth_path, http_request.host)
         boto.log.debug('query_string: %s Signature: %s' % (qs, signature))
         if http_request.method == 'POST':
             headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=UTF-8'
             http_request.body = qs + '&Signature=' + urllib.quote(signature)
+            http_request.headers['Content-Length'] = str(len(http_request.body))
         else:
             http_request.body = ''
-            http_request.path = (http_request.path + '?' + qs + '&Signature=' + urllib.quote(signature))
-        # Now that query params are part of the path, clear the 'params' field
-        # in request.
-        http_request.params = {}
+            # if this is a retried request, the qs from the previous try will
+            # already be there, we need to get rid of that and rebuild it
+            http_request.path = http_request.path.split('?')[0]
+            http_request.path = (http_request.path + '?' + qs +
+                                 '&Signature=' + urllib.quote(signature))
 
 class QuerySignatureV0AuthHandler(QuerySignatureHelper, AuthHandler):
-    """Class SQS query signature based Auth handler."""
+    """Provides Signature V0 Signing"""
 
     SignatureVersion = 0
     capability = ['sign-v0']
 
     def _calc_signature(self, params, *args):
         boto.log.debug('using _calc_signature_0')
         hmac = self._hmac.copy()
         s = params['Action'] + params['Timestamp']
         hmac.update(s)
         keys = params.keys()
         keys.sort(cmp = lambda x, y: cmp(x.lower(), y.lower()))
         pairs = []
         for key in keys:
-            val = bot.utils.get_utf8_value(params[key])
+            val = boto.utils.get_utf8_value(params[key])
             pairs.append(key + '=' + urllib.quote(val))
         qs = '&'.join(pairs)
         return (qs, base64.b64encode(hmac.digest()))
 
 class QuerySignatureV1AuthHandler(QuerySignatureHelper, AuthHandler):
     """
     Provides Query Signature V1 Authentication.
     """
 
     SignatureVersion = 1
@@ skipping 11 matching lines @@
             hmac.update(val)
             pairs.append(key + '=' + urllib.quote(val))
         qs = '&'.join(pairs)
         return (qs, base64.b64encode(hmac.digest()))
 
 class QuerySignatureV2AuthHandler(QuerySignatureHelper, AuthHandler):
     """Provides Query Signature V2 Authentication."""
 
     SignatureVersion = 2
     capability = ['sign-v2', 'ec2', 'ec2', 'emr', 'fps', 'ecs',
-                  'sdb', 'iam', 'rds', 'sns', 'sqs']
+                  'sdb', 'iam', 'rds', 'sns', 'sqs', 'cloudformation']
 
     def _calc_signature(self, params, verb, path, server_name):
         boto.log.debug('using _calc_signature_2')
         string_to_sign = '%s\n%s\n%s\n' % (verb, server_name.lower(), path)
         if self._hmac_256:
             hmac = self._hmac_256.copy()
             params['SignatureMethod'] = 'HmacSHA256'
         else:
             hmac = self._hmac.copy()
             params['SignatureMethod'] = 'HmacSHA1'
+        if self._provider.security_token:
+            params['SecurityToken'] = self._provider.security_token
         keys = params.keys()
         keys.sort()
         pairs = []
         for key in keys:
             val = boto.utils.get_utf8_value(params[key])
             pairs.append(urllib.quote(key, safe='') + '=' +
                          urllib.quote(val, safe='-_~'))
         qs = '&'.join(pairs)
         boto.log.debug('query string: %s' % qs)
         string_to_sign += qs
@@ skipping 34 matching lines @@
         try:
             ready_handlers.append(handler(host, config, provider))
         except boto.auth_handler.NotReadyToAuthenticate:
             pass
  
     if not ready_handlers:
         checked_handlers = auth_handlers
         names = [handler.__name__ for handler in checked_handlers]
         raise boto.exception.NoAuthHandlerFound(
               'No handler was ready to authenticate. %d handlers were checked.'
-              ' %s ' % (len(names), str(names)))
+              ' %s ' 
+              'Check your credentials' % (len(names), str(names)))
 
     if len(ready_handlers) > 1:
         # NOTE: Even though it would be nice to accept more than one handler
         # by using one of the many ready handlers, we are never sure that each
         # of them are referring to the same storage account. Since we cannot
         # easily guarantee that, it is always safe to fail, rather than operate
         # on the wrong account.
         names = [handler.__class__.__name__ for handler in ready_handlers]
         raise boto.exception.TooManyAuthHandlerReadyToAuthenticate(
-               '%d AuthHandlers ready to authenticate, '
-               'only 1 expected: %s' % (len(names), str(names)))
+               '%d AuthHandlers %s ready to authenticate for requested_capability '
+               '%s, only 1 expected. This happens if you import multiple '
+               'pluging.Plugin implementations that declare support for the '
+               'requested_capability.' % (len(names), str(names),
+               requested_capability))
 
     return ready_handlers[0]