I am creating an SES SMTP credentials from my iam accesskey and secretkey. i have referred to this document for creating the SES SMTP credentials
But the code produces different SES SMTP credentials for python2 and python3 but the python3 key is the valid one. how can i get the same key while executing the script with python2 Below is my script which returns accesskey and SES SMTP cred. Iam getting the IAM accesskey and secretkey from secrets manager
#!/usr/bin/env python3
import hmac
import hashlib
import base64
import argparse
import boto3
import json
from botocore.exceptions import ClientError
def get_secretmanager():
secret_name = "test"
region_name = "us-west-2"
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
raise e
# Decrypts secret using the associated KMS key.
secret = get_secret_value_response['SecretString']
response = json.loads(secret)
return str(response['Access Key Id']), str(response['Secret Access Key'])
SMTP_REGIONS = [
'us-east-2', # US East (Ohio)
'us-east-1', # US East (N. Virginia)
'us-west-2', # US West (Oregon)
'ap-south-1', # Asia Pacific (Mumbai)
'ap-northeast-2', # Asia Pacific (Seoul)
'ap-southeast-1', # Asia Pacific (Singapore)
'ap-southeast-2', # Asia Pacific (Sydney)
'ap-northeast-1', # Asia Pacific (Tokyo)
'ca-central-1', # Canada (Central)
'eu-central-1', # Europe (Frankfurt)
'eu-west-1', # Europe (Ireland)
'eu-west-2', # Europe (London)
'sa-east-1', # South America (Sao Paulo)
'us-gov-west-1', # AWS GovCloud (US)
]
# These values are required to calculate the signature. Do not change them.
DATE = "11111111"
SERVICE = "ses"
MESSAGE = "SendRawEmail"
TERMINAL = "aws4_request"
VERSION = 0x04
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
def calculate_key(secret_access_key, region):
if region not in SMTP_REGIONS:
raise ValueError("The " region " Region doesn't have an SMTP endpoint.")
signature = sign(("AWS4" secret_access_key).encode('utf-8'), DATE)
signature = sign(signature, region)
signature = sign(signature, SERVICE)
signature = sign(signature, TERMINAL)
signature = sign(signature, MESSAGE)
signature_and_version = bytes([VERSION]) signature
smtp_password = base64.b64encode(signature_and_version)
print(smtp_password)
return smtp_password.decode('utf-8')
def get_keys():
accesskey, secretkey = get_secretmanager()
mailsecret = calculate_key(secretkey, "us-west-2")
return accesskey, mailsecret
print(get_keys())
Any help is much appreciated, Thank you
CodePudding user response:
After a lot of debugging i found out bytes([VERSION])
does not work same in both python3 and python2 thats why it was returning 2 different calue for both 2 and 3
My simple fix was that to hardcode the bytes value of the hex 0x04 as b'\x04'
signature_and_version = b'\x04' signature
Make sure to return the value as a string return accesskey, str(mailsecret)
cuz in python2 it returns as a unicode.