diff --git a/oss2/crypto.py b/oss2/crypto.py index 3d5b9d42..a7b2672a 100644 --- a/oss2/crypto.py +++ b/oss2/crypto.py @@ -304,6 +304,7 @@ class AliKMSProvider(BaseCryptoProvider): def __init__(self, access_key_id, access_key_secret, region, cmk_id, sts_token=None, passphrase=None, cipher=utils.AESCTRCipher(), mat_desc=None): + from aliyunsdkcore.auth.credentials import StsTokenCredential super(AliKMSProvider, self).__init__(cipher=cipher, mat_desc=mat_desc) if not isinstance(cipher, utils.AESCTRCipher): @@ -312,7 +313,8 @@ def __init__(self, access_key_id, access_key_secret, region, cmk_id, sts_token=N self.custom_master_key_id = cmk_id self.sts_token = sts_token self.context = '{"x-passphrase":"' + passphrase + '"}' if passphrase else '' - self.kms_client = client.AcsClient(access_key_id, access_key_secret, region) + credential = StsTokenCredential(access_key_id, access_key_secret, sts_token) + self.kms_client = client.AcsClient(region_id=region, credential=credential) def get_key(self): plain_key, encrypted_key = self.__generate_data_key() @@ -357,8 +359,6 @@ def __generate_data_key(self): req.set_KeySpec('AES_256') req.set_NumberOfBytes(32) req.set_EncryptionContext(self.context) - if self.sts_token: - req.set_STSToken(self.sts_token) resp = self.__do(req) @@ -372,8 +372,6 @@ def __encrypt_data(self, data): req.set_KeyId(self.custom_master_key_id) req.set_Plaintext(data) req.set_EncryptionContext(self.context) - if self.sts_token: - req.set_STSToken(self.sts_token) resp = self.__do(req) @@ -386,8 +384,6 @@ def __decrypt_data(self, data): req.set_method(method_type.POST) req.set_CiphertextBlob(data) req.set_EncryptionContext(self.context) - if self.sts_token: - req.set_STSToken(self.sts_token) resp = self.__do(req) return resp['Plaintext']