U M8Úcêbã@sddlZddlmZddlmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZGdd„deƒZGd d „d eƒZGd d „d eƒZGd d„deƒZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZeeeeeeedœZdS)éN)ÚBytesIO)ÚSIGNED_HEADERS_BLACKLISTÚ"STREAMING_UNSIGNED_PAYLOAD_TRAILERÚUNSIGNED_PAYLOADÚ BaseSignerÚ_get_body_as_dictÚ_host_from_url)Ú HTTPHeadersÚawscrtÚparse_qsÚurlsplitÚ urlunsplit)ÚNoCredentialsError)Úpercent_encode_sequencec@s~eZdZdZddddgZejjjZ dZ dZ dd„Z dd „Z d d „Zd d „Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„ZdS)Ú CrtSigV4AuthTÚ Authorizationú X-Amz-DateúX-Amz-Content-SHA256úX-Amz-Security-TokencCs||_||_||_d|_dS©N©Ú credentialsÚ _service_nameÚ _region_nameÚ_expiration_in_seconds©ÚselfrÚ service_nameÚ region_name©rú5/tmp/pip-unpacked-wheel-ozje0y8b/botocore/crt/auth.pyÚ__init__*szCrtSigV4Auth.__init__cCs0|j di¡}| d¡}t|tƒo.| d¡dkS©NÚchecksumÚrequest_algorithmÚinÚtrailer©ÚcontextÚgetÚ isinstanceÚdict©rÚrequestÚchecksum_contextÚ algorithmrrr Ú_is_streaming_checksum_payload0s z+CrtSigV4Auth._is_streaming_checksum_payloadc Cs|jdkrtƒ‚tj ¡jtjjd}| |¡}| |¡t j j j |jj |jj|jjd}| |¡rjt}n| |¡r„|r~|}qˆd}nt}| |¡ržt j jj}n t j jj}t j jt j jj|j||j|j||j|j|j |||j!d }| "|¡}t j  #||¡} |  $¡| %||¡dS©N)Útzinfo)Z access_key_idZsecret_access_keyZ session_token) r/Zsignature_typeÚcredentials_providerZregionZserviceÚdateZshould_sign_headerZuse_double_uri_encodeZshould_normalize_uri_pathZsigned_body_valueZsigned_body_header_typeZexpiration_in_seconds)&rrÚdatetimeÚutcnowÚreplaceÚtimezoneÚutcÚ_get_existing_sha256Ú_modify_request_before_signingr ÚauthÚAwsCredentialsProviderÚ new_staticÚ access_keyÚ secret_keyÚtokenr0rÚ_should_sha256_sign_payloadrÚ!_should_add_content_sha256_headerÚAwsSignedBodyHeaderTypeÚX_AMZ_CONTENT_SHA_256ÚNONEÚAwsSigningConfigÚAwsSigningAlgorithmZV4Ú_SIGNATURE_TYPErrÚ_should_sign_headerÚ_USE_DOUBLE_URI_ENCODEÚ_SHOULD_NORMALIZE_URI_PATHrÚ_crt_request_from_aws_requestÚaws_sign_requestÚresultÚ_apply_signing_changes© rr-Z datetime_nowZexisting_sha256r3Úexplicit_payloadZ body_headerZsigning_configÚ crt_requestÚfuturerrr Úadd_auth5sR  ÿ  ý   ÿ ô zCrtSigV4Auth.add_authc CsÒt|jƒ}|jr|jnd}|jrhg}|j ¡D]$\}}t|ƒ}| |›d|›¡q.|dd |¡}n|jr~|›d|j›}t j   |j  ¡¡}d}|j r¸t|j dƒr®|j }n t|j ƒ}t j j|j|||d} | S©Nú/ú=ú?ú&Úseek)ÚmethodÚpathÚheadersZ body_stream©r Úurlr]ÚparamsÚitemsÚstrÚappendÚjoinÚqueryr ÚhttpZ HttpHeadersr^ÚbodyÚhasattrrZ HttpRequestr\© rÚ aws_requestÚ url_partsZcrt_pathÚarrayÚparamÚvalueZ crt_headersZcrt_body_streamrSrrr rMns.   üz*CrtSigV4Auth._crt_request_from_aws_requestcCst t|jƒ¡|_dSr©r Z from_pairsÚlistr^©rrkÚsigned_crt_requestrrr rPŒsÿz#CrtSigV4Auth._apply_signing_changescKs | ¡tkSr©Úlowerr©rÚnameÚkwargsrrr rJ’sz CrtSigV4Auth._should_sign_headercCs<|jD]}||jkr|j|=qd|jkr8t|jƒ|jd<dS©NÚhost©Ú_PRESIGNED_HEADERS_BLOCKLISTr^rr`©rr-Úhrrr r;•s     z+CrtSigV4Auth._modify_request_before_signingcCs |j d¡S©Nr©r^r)©rr-rrr r:Ÿsz!CrtSigV4Auth._get_existing_sha256cCs|j d¡sdS|j dd¡S©NÚhttpsTÚpayload_signing_enabled©r`Ú startswithr(r)rrrr rB¢s z(CrtSigV4Auth._should_sha256_sign_payloadcCs|dk Srr©rrRrrr rC¬sz.CrtSigV4Auth._should_add_content_sha256_headerN)Ú__name__Ú __module__Ú __qualname__ÚREQUIRES_REGIONr|r r<ÚAwsSignatureTypeÚHTTP_REQUEST_HEADERSrIrKrLr!r0rUrMrPrJr;r:rBrCrrrr rs&ü 9  rcs4eZdZdZdZdd„Z‡fdd„Zdd„Z‡ZS)ÚCrtS3SigV4AuthFcCsdSrrrrrr r:¶sz#CrtS3SigV4Auth._get_existing_sha256cs°|j d¡}t|ddƒ}|dkr$i}| dd¡}|dk r<|Sd}|j di¡}| d¡}t|tƒrx| d¡dkrx|d }|j d ¡rŽ||jkr’d S|j d d ¡r¤d Stƒ  |¡S)NÚ client_configÚs3r„ú Content-MD5r#r$r%ÚheaderrwrƒTÚhas_streaming_inputF) r(r)Úgetattrr*r+r`r†r^ÚsuperrB)rr-rÚ s3_configÚ sign_payloadZchecksum_headerr.r/©Ú __class__rr rBºs(     ÿþz*CrtS3SigV4Auth._should_sha256_sign_payloadcCsdS©NTrr‡rrr rCãsz0CrtS3SigV4Auth._should_add_content_sha256_header© rˆr‰rŠrKrLr:rBrCÚ __classcell__rrr˜r rŽ±s  )rŽc@s~eZdZdZddddgZejjjZ dZ dZ dd„Z dd „Z d d „Zd d „Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„ZdS)ÚCrtSigV4AsymAuthTrrrrcCs||_||_||_d|_dSrrrrrr r!ôszCrtSigV4AsymAuth.__init__c Cs|jdkrtƒ‚tj ¡jtjjd}| |¡}| |¡t j j j |jj |jj|jjd}| |¡rjt}n| |¡r„|r~|}qˆd}nt}| |¡ržt j jj}n t j jj}t j jt j jj|j||j|j||j|j|j |||j!d }| "|¡}t j  #||¡} |  $¡| %||¡dSr1)&rrr5r6r7r8r9r:r;r r<r=r>r?r@rAr0rrBrrCrDrErFrGrHZ V4_ASYMMETRICrIrrrJrKrLrrMrNrOrPrQrrr rUúsR  ÿ  ý   ÿ ô zCrtSigV4AsymAuth.add_authc CsÒt|jƒ}|jr|jnd}|jrhg}|j ¡D]$\}}t|ƒ}| |›d|›¡q.|dd |¡}n|jr~|›d|j›}t j   |j  ¡¡}d}|j r¸t|j dƒr®|j }n t|j ƒ}t j j|j|||d} | SrVr_rjrrr rM3s.   üz.CrtSigV4AsymAuth._crt_request_from_aws_requestcCst t|jƒ¡|_dSrrprrrrr rPQsÿz'CrtSigV4AsymAuth._apply_signing_changescKs | ¡tkSrrtrvrrr rJWsz$CrtSigV4AsymAuth._should_sign_headercCs<|jD]}||jkr|j|=qd|jkr8t|jƒ|jd<dSryr{r}rrr r;Zs     z/CrtSigV4AsymAuth._modify_request_before_signingcCs |j d¡Srr€rrrr r:dsz%CrtSigV4AsymAuth._get_existing_sha256cCs0|j di¡}| d¡}t|tƒo.| d¡dkSr"r'r,rrr r0gs z/CrtSigV4AsymAuth._is_streaming_checksum_payloadcCs|j d¡sdS|j dd¡Sr‚r…rrrr rBls z,CrtSigV4AsymAuth._should_sha256_sign_payloadcCs|dk Srrr‡rrr rCvsz2CrtSigV4AsymAuth._should_add_content_sha256_headerN)rˆr‰rŠr‹r|r r<rŒrrIrKrLr!rUrMrPrJr;r:r0rBrCrrrr rès&ü 9  rcs4eZdZdZdZdd„Z‡fdd„Zdd„Z‡ZS)ÚCrtS3SigV4AsymAuthFcCsdSrrrrrr r:€sz'CrtS3SigV4AsymAuth._get_existing_sha256cst|j d¡}t|ddƒ}|dkr$i}| dd¡}|dk r<|S|j d¡rRd|jkrVdS|j dd¡rhdStƒ |¡S) Nrrr„rƒr‘Tr“F)r(r)r”r`r†r^r•rB)rr-rr–r—r˜rr rB„s    ÿþz.CrtS3SigV4AsymAuth._should_sha256_sign_payloadcCsdSršrr‡rrr rC¨sz4CrtS3SigV4AsymAuth._should_add_content_sha256_headerr›rrr˜r rž{s  $ržcsFeZdZdZejjjZef‡fdd„ Z ‡fdd„Z ‡fdd„Z ‡Z S)ÚCrtSigV4AsymQueryAuthécstƒ |||¡||_dSr©r•r!r©rrrrÚexpiresr˜rr r!±szCrtSigV4AsymQueryAuth.__init__c s¤tƒ |¡|j d¡}|dkr(|jd=t|jƒ}t|jdd}dd„| ¡Dƒ}|j rl|  t |ƒ¡d|_ t |ƒ}|}|d|d |d ||d f}t |ƒ|_dS) Nú content-typeú0application/x-www-form-urlencoded; charset=utf-8T©Úkeep_blank_valuescSsi|]\}}||d“qS©rr©Ú.0ÚkÚvrrr Ú ÇszHCrtSigV4AsymQueryAuth._modify_request_before_signing..Úrééé)r•r;r^r)r r`r rfrbÚdataÚupdaterrr ) rr-Ú content_typerlZquery_string_partsÚ query_dictÚnew_query_stringÚpÚ new_url_partsr˜rr r;·s    z4CrtSigV4AsymQueryAuth._modify_request_before_signingcsLtƒ ||¡t|jƒj}t|jƒ}t|d|d|d||dfƒ|_dS©Nrr¯r°r±©r•rPr r]rfr`r ©rrkrsZ signed_queryr·r˜rr rPás  z,CrtSigV4AsymQueryAuth._apply_signing_changes© rˆr‰rŠZDEFAULT_EXPIRESr r<rŒZHTTP_REQUEST_QUERY_PARAMSrIr!r;rPrœrrr˜r rŸ­s  ÿ *rŸc@s(eZdZdZdZdZdd„Zdd„ZdS)ÚCrtS3SigV4AsymQueryAuthz¢S3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcCsdS©NFrrrrr rBüsz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCsdSr¾rr‡rrr rCsz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerN©rˆr‰rŠÚ__doc__rKrLrBrCrrrr r½òs r½csFeZdZdZejjjZef‡fdd„ Z ‡fdd„Z ‡fdd„Z ‡Z S)ÚCrtSigV4QueryAuthr cstƒ |||¡||_dSrr¡r¢r˜rr r! szCrtSigV4QueryAuth.__init__cs¸tƒ |¡|j d¡}|dkr(|jd=t|jƒ}dd„t|jdd ¡Dƒ}|j rf|  |j ¡i|_ |j r€|  t |ƒ¡d|_ t |ƒ}|}|d|d |d ||d f}t|ƒ|_dS) Nr¤r¥cSsi|]\}}||d“qSr¨rr©rrr r­!sÿzDCrtSigV4QueryAuth._modify_request_before_signing..Tr¦r®rr¯r°r±)r•r;r^r)r r`r rfrbrar³r²rrr )rr-r´rlrµr¶r·r¸r˜rr r;s*   ÿþ  z0CrtSigV4QueryAuth._modify_request_before_signingcsLtƒ ||¡t|jƒj}t|jƒ}t|d|d|d||dfƒ|_dSr¹rºr»r˜rr rPBs  z(CrtSigV4QueryAuth._apply_signing_changesr¼rrr˜r rÁs  ÿ 0rÁc@s(eZdZdZdZdZdd„Zdd„ZdS)ÚCrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html FcCsdSr¾rrrrr rB_sz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCsdSr¾rr‡rrr rCfsz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerNr¿rrrr rÂSs rÂ)Zv4zv4-queryZv4aZs3v4z s3v4-queryZs3v4az s3v4a-query)r5ÚiorZ botocore.authrrrrrrZbotocore.compatr r r r r Zbotocore.exceptionsrZbotocore.utilsrrrŽrržrŸr½rÁrÂZCRT_AUTH_TYPE_MAPSrrrr Ús.    72EKù