Conversation
Notices
-
Santa Claes πΈπͺππ°π (clacke@libranet.de)'s status on Friday, 17-Mar-2023 07:03:49 UTC Santa Claes πΈπͺππ°π I searched pypi for HMAC AWS4 and pypi.org/project/awssig/ looks helpful.
/via pypi.org/search/?q=hmac%20aws4
We are getting an Authorization header with "AWS4-HMAC-SHA256", "Credential=", "SignedHeaders=" and "Signature=", so all we want to do is just validate that signature against those headers and we're good.-
badsynthesis (badsynthesis@infosec.exchange)'s status on Friday, 17-Mar-2023 07:03:53 UTC badsynthesis @clacke @python If you don't find anything, write a tiny proxy that translates http-s3? No storage involved, just sending and receiving requests.
-
Santa Claes πΈπͺππ°π (clacke@libranet.de)'s status on Friday, 17-Mar-2023 07:03:54 UTC Santa Claes πΈπͺππ°π Does anyone have a recommendation for a @python package that helps implement an S3-compatible backend?
On its face it's just a PUT, but there is some auth and signature stuff to be dealt with. Not a ridiculous amount of stuff, just some parameter normalization, SHA1-HMAC, etc, but nice if someone already got the details right.
The context is an integration scenario where I have an API I want to receive data on, but the source only implements #S3 and doesn't offer any generic http methods.
It's conceivable that #boto could be "run backwards", I'm gonna look there.
-