Raphaël G. Git Repositories - youtubedl/blob - youtube_dl/extractor/aws.py

   1 # coding: utf-8
   2 from __future__ import unicode_literals
   3
   4 import datetime
   5 import hashlib
   6 import hmac
   7
   8 from .common import InfoExtractor
   9 from ..compat import compat_urllib_parse_urlencode
  10
  11
  12 class AWSIE(InfoExtractor):
  13     _AWS_ALGORITHM = 'AWS4-HMAC-SHA256'
  14     _AWS_REGION = 'us-east-1'
  15
  16     def _aws_execute_api(self, aws_dict, video_id, query=None):
  17         query = query or {}
  18         amz_date = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
  19         date = amz_date[:8]
  20         headers = {
  21             'Accept': 'application/json',
  22             'Host': self._AWS_PROXY_HOST,
  23             'X-Amz-Date': amz_date,
  24             'X-Api-Key': self._AWS_API_KEY
  25         }
  26         session_token = aws_dict.get('session_token')
  27         if session_token:
  28             headers['X-Amz-Security-Token'] = session_token
  29
  30         def aws_hash(s):
  31             return hashlib.sha256(s.encode('utf-8')).hexdigest()
  32
  33         # Task 1: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
  34         canonical_querystring = compat_urllib_parse_urlencode(query)
  35         canonical_headers = ''
  36         for header_name, header_value in sorted(headers.items()):
  37             canonical_headers += '%s:%s\n' % (header_name.lower(), header_value)
  38         signed_headers = ';'.join([header.lower() for header in sorted(headers.keys())])
  39         canonical_request = '\n'.join([
  40             'GET',
  41             aws_dict['uri'],
  42             canonical_querystring,
  43             canonical_headers,
  44             signed_headers,
  45             aws_hash('')
  46         ])
  47
  48         # Task 2: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
  49         credential_scope_list = [date, self._AWS_REGION, 'execute-api', 'aws4_request']
  50         credential_scope = '/'.join(credential_scope_list)
  51         string_to_sign = '\n'.join([self._AWS_ALGORITHM, amz_date, credential_scope, aws_hash(canonical_request)])
  52
  53         # Task 3: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
  54         def aws_hmac(key, msg):
  55             return hmac.new(key, msg.encode('utf-8'), hashlib.sha256)
  56
  57         def aws_hmac_digest(key, msg):
  58             return aws_hmac(key, msg).digest()
  59
  60         def aws_hmac_hexdigest(key, msg):
  61             return aws_hmac(key, msg).hexdigest()
  62
  63         k_signing = ('AWS4' + aws_dict['secret_key']).encode('utf-8')
  64         for value in credential_scope_list:
  65             k_signing = aws_hmac_digest(k_signing, value)
  66
  67         signature = aws_hmac_hexdigest(k_signing, string_to_sign)
  68
  69         # Task 4: http://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
  70         headers['Authorization'] = ', '.join([
  71             '%s Credential=%s/%s' % (self._AWS_ALGORITHM, aws_dict['access_key'], credential_scope),
  72             'SignedHeaders=%s' % signed_headers,
  73             'Signature=%s' % signature,
  74         ])
  75
  76         return self._download_json(
  77             'https://%s%s%s' % (self._AWS_PROXY_HOST, aws_dict['uri'], '?' + canonical_querystring if canonical_querystring else ''),
  78             video_id, headers=headers)