| 331 | return isinstance(algorithm, dict) and algorithm.get('in') == 'trailer' |
| 332 | |
| 333 | def payload(self, request): |
| 334 | if self._is_streaming_checksum_payload(request): |
| 335 | return STREAMING_UNSIGNED_PAYLOAD_TRAILER |
| 336 | elif not self._should_sha256_sign_payload(request): |
| 337 | # When payload signing is disabled, we use this static string in |
| 338 | # place of the payload checksum. |
| 339 | return UNSIGNED_PAYLOAD |
| 340 | request_body = request.body |
| 341 | if request_body and hasattr(request_body, 'seek'): |
| 342 | position = request_body.tell() |
| 343 | read_chunksize = functools.partial( |
| 344 | request_body.read, PAYLOAD_BUFFER |
| 345 | ) |
| 346 | checksum = sha256() |
| 347 | for chunk in iter(read_chunksize, b''): |
| 348 | checksum.update(chunk) |
| 349 | hex_checksum = checksum.hexdigest() |
| 350 | request_body.seek(position) |
| 351 | return hex_checksum |
| 352 | elif request_body: |
| 353 | # The request serialization has ensured that |
| 354 | # request.body is a bytes() type. |
| 355 | return sha256(request_body).hexdigest() |
| 356 | else: |
| 357 | return EMPTY_SHA256_HASH |
| 358 | |
| 359 | def _should_sha256_sign_payload(self, request): |
| 360 | # Payloads will always be signed over insecure connections. |