U 3ì dV£ã@s4dZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl Z ddl Z ddl Z ddlmZmZmZmZddlmZddlmZzddlmZddlmZWn ek rÔddlZdZYnXd d d d d dddddddddddddddgZdddd d!d"d#d$d%d&d'd(d)g ZGd*d+„d+eƒZGd,d-„d-eeƒZGd.d/„d/eeƒZGd0d1„d1eeƒZ Gd2d3„d3eeƒZ!Gd4d5„d5eeƒZ"Gd6d7„d7eeƒZ#Gd8d9„d9e#eƒZ$Gd:d;„d;eƒZ%Gdd?„d?e&eƒZ'Gd@dA„dAe&eƒZ(GdBdC„dCe&eƒZ)GdDdE„dEe)eƒZ*dLdFdG„Z+dHdI„Z,dJdK„Z-dS)Mz/ Handles authentication required to AWS and GS éN)Ú formatdate)ÚurllibÚ encodebytesÚ parse_qs_safeÚurlparse)Ú AuthHandler)ÚBotoClientError)Úsha1)Úsha256z-ap-northeast-1z.ap-northeast-1z-ap-southeast-1z.ap-southeast-1z-ap-southeast-2z.ap-southeast-2z -eu-west-1z .eu-west-1z -external-1z .external-1z -sa-east-1z .sa-east-1z -us-east-1z .us-east-1z-us-gov-west-1z.us-gov-west-1z -us-west-1z .us-west-1z -us-west-2z .us-west-2z.cn-z .eu-centralz -eu-centralz.ap-northeast-2z-ap-northeast-2z .ap-south-1z -ap-south-1z .us-east-2z -us-east-2z -ca-centralz .ca-centralz .eu-west-2z -eu-west-2c@sHeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dS)ÚHmacKeyszKey based Auth handler helper.cCs2|jdks|jdkrtj ¡‚||_| |¡dS©N)Ú access_keyÚ secret_keyÚbotoÚ auth_handlerÚNotReadyToAuthenticateÚhostÚupdate_provider©ÚselfrÚconfigÚprovider©rú-/tmp/pip-unpacked-wheel-d7dsrkjd/boto/auth.pyÚ__init__es zHmacKeys.__init__cCsJ||_tj|jj d¡td|_tr@tj|jj d¡td|_nd|_dS©Núutf-8)Ú digestmod) Ú _providerÚhmacÚnewrÚencodeÚshaÚ_hmacr Ú _hmac_256©rrrrrrksÿÿ zHmacKeys.update_providercCs|jr dSdSdS)NZ HmacSHA256ZHmacSHA1)r$©rrrrÚ algorithmuszHmacKeys.algorithmcCs(|jr t}nt}tj|jj d¡|dSr)r$r r"rr rrr!)rrrrrÚ _get_hmac{s ÿzHmacKeys._get_hmaccCs.| ¡}| | d¡¡t| ¡ƒ d¡ ¡S©Nr)r(Úupdater!rÚdigestÚdecodeÚstrip)rÚstring_to_signZnew_hmacrrrÚ sign_stringƒszHmacKeys.sign_stringcCst |j¡}|d=|d=|S)Nr#r$)ÚcopyÚ__dict__)rZ pickled_dictrrrÚ __getstate__ˆs zHmacKeys.__getstate__cCs||_| |j¡dSr )r1rr)rÚdctrrrÚ __setstate__ŽszHmacKeys.__setstate__N) Ú__name__Ú __module__Ú __qualname__Ú__doc__rrr'r(r/r2r4rrrrr bs r cs.eZdZdZdgZ‡fdd„Zdd„Z‡ZS)ÚAnonAuthHandlerz( Implements Anonymous requests. Úanoncstt|ƒ |||¡dSr )Úsuperr9rr©Ú __class__rrršszAnonAuthHandler.__init__cKsdSr r)rÚ http_requestÚkwargsrrrÚadd_authszAnonAuthHandler.add_auth)r5r6r7r8Ú capabilityrr@Ú __classcell__rrr<rr9“s r9cs8eZdZdZddgZdd„Z‡fdd„Zdd „Z‡ZS) ÚHmacAuthV1Handlerz: Implements the HMAC request signing used by S3 and GS.zhmac-v1Ús3cCs*t ||||¡t ||||¡d|_dSr ©rrr r$rrrrr¦szHmacAuthV1Handler.__init__cstt|ƒ |¡d|_dSr )r;rCrr$r%r<rrr«sz!HmacAuthV1Handler.update_providerc Ksª|j}|j}|j}d|kr(tdd|d<|jjrD|jj}|jj||<tj  |||d|j¡}tj   d|¡|  |¡}|jj } d| |jj|f} tj   d| ¡| |d<dS)NÚDateT©ÚusegmtúStringToSign: %sú%s %s:%sú Signature: %sÚ Authorization)ÚheadersÚmethodÚ auth_pathrrÚsecurity_tokenÚsecurity_token_headerrÚutilsZcanonical_stringÚlogÚdebugr/Ú auth_headerr ) rr>r?rMrNrOÚkeyr.Úb64_hmacÚauth_hdrÚauthrrrr@¯s&  þ zHmacAuthV1Handler.add_auth© r5r6r7r8rArrr@rBrrr<rrC¡s  rCcs8eZdZdZddgZdd„Z‡fdd„Zdd „Z‡ZS) ÚHmacAuthV2HandlerzJ Implements the simplified HMAC authorization used by CloudFront. zhmac-v2Z cloudfrontcCs*t ||||¡t ||||¡d|_dSr rErrrrrÊszHmacAuthV2Handler.__init__cstt|ƒ |¡d|_dSr )r;r[rr$r%r<rrrÏsz!HmacAuthV2Handler.update_providercKsh|j}d|krtdd|d<|jjr8|jj}|jj||<| |d¡}|jj}d||jj|f|d<dS)NrFTrGrJrL)rMrrrPrQr/rUr )rr>r?rMrVrWrXrrrr@Ós ÿÿzHmacAuthV2Handler.add_authrZrrr<rr[Äs  r[c@s*eZdZdZdddgZdd„Zdd„Zd S) ÚHmacAuthV3Handlerz@Implements the new Version 3 HMAC authorization used by Route53.zhmac-v3Zroute53ZsescCs$t ||||¡t ||||¡dSr ©rrr rrrrrçszHmacAuthV3Handler.__init__cKsr|j}d|krtdd|d<|jjr8|jj}|jj||<| |d¡}d|jj}|d| ¡|f7}||d<dS)NrFTrGzAWS3-HTTPS AWSAccessKeyId=%s,zAlgorithm=%s,Signature=%súX-Amzn-Authorization)rMrrrPrQr/r r')rr>r?rMrVrWÚsrrrr@ës  zHmacAuthV3Handler.add_authN)r5r6r7r8rArr@rrrrr\âs r\c@s>eZdZdZdgZdd„Zdd„Zdd„Zd d „Zd d „Z d S)ÚHmacAuthV3HTTPHandlerzK Implements the new Version 3 HMAC authorization used by DynamoDB. z hmac-v3-httpcCs$t ||||¡t ||||¡dSr r]rrrrrszHmacAuthV3HTTPHandler.__init__cCs<d|ji}|j ¡D]"\}}| ¡}| d¡r|||<q|S)úk Select the headers from the request that need to be included in the StringToSign. ÚHostúx-amz)rrMÚitemsÚlowerÚ startswith)rr>Úheaders_to_signÚnameÚvalueÚlnamerrrrgs    z%HmacAuthV3HTTPHandler.headers_to_signcs t‡fdd„ˆDƒƒ}d |¡S)á  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. cs(g|] }d| ¡ ¡ˆ| ¡f‘qS)ú%s:%s©rer-©Ú.0Ún©rgrrÚ sÿ  ÿz;HmacAuthV3HTTPHandler.canonical_headers..Ú ©ÚsortedÚjoin©rrgÚlrrqrÚcanonical_headerss ÿz'HmacAuthV3HTTPHandler.canonical_headerscCs8| |¡}| |¡}d |j|jd|d|jg¡}||fS)ú¬ Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. rsÚ)rgryrvrNrOÚbody)rr>rgryr.rrrr.s  ûz$HmacAuthV3HTTPHandler.string_to_signcKsºd|jkr|jd=tdd|jd<|jjr8|jj|jd<| |¡\}}tj d|¡t|  d¡ƒ  ¡}|  |¡}d|jj }|d |  ¡7}|d d  |¡7}|d |7}||jd<d S)z› Add AWS3 authentication to a request. :type req: :class`boto.connection.HTTPRequest` :param req: The HTTPRequest object. r^TrGú X-Amz-DateúX-Amz-Security-TokenrIrzAWS3 AWSAccessKeyId=%s,z Algorithm=%s,zSignedHeaders=%s,ú;ú Signature=%sN)rMrrrPr.rrSrTr r!r+r/r r'rv)rÚreqr?r.rgZ hash_valuerWr_rrrr@,s    zHmacAuthV3HTTPHandler.add_authN) r5r6r7r8rArrgryr.r@rrrrr`ús  r`c@s²eZdZdZdgZd+dd„Zd,dd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„ZdS)-ÚHmacAuthV4Handlerz: Implements the new Version 4 HMAC authorization. úhmac-v4NcCs0t ||||¡t ||||¡||_||_dSr )rrr Ú service_nameÚ region_name)rrrrr„r…rrrrLszHmacAuthV4Handler.__init__FcCsNt|tƒs| d¡}|r2t || d¡t¡ ¡}nt || d¡t¡ ¡}|Sr))Ú isinstanceÚbytesr!rr r Ú hexdigestr+)rrVÚmsgÚhexÚsigrrrÚ_signVs   zHmacAuthV4Handler._signcCsr| |j|¡}|j d¡r$|jd}d|i}|j ¡D]6\}}| ¡}| d¡r6t|tƒrd|  d¡}|||<q6|S)rarbrcr) Ú host_headerrrMÚgetrdrerfr†r‡r,©rr>Zhost_header_valuergrhrirjrrrrg`s      z!HmacAuthV4Handler.headers_to_signcCs8|j}|jdk}|dkr|r(|dkr,|r,|Sd||fS©NÚhttpséPi»rl)ÚportÚprotocol©rrr>r“Úsecurerrrrqs  zHmacAuthV4Handler.host_headercCsbt|j ¡ƒ}g}|D]@}tj |j|¡}| tjj |dddtjj |dd¡qd  |¡S)Nr{©Úsafeú=ú-_~ú&) ruÚparamsÚkeysrrRÚget_utf8_valueÚappendrÚparseÚquoterv)rr>Zparameter_namesÚpairsZpnameZpvalrrrÚ query_stringxsÿzHmacAuthV4Handler.query_stringc Csh|jdkrdSg}t|jƒD]@}tj |j|¡}| dtjj |ddtjj |ddf¡qd  |¡S)NÚPOSTr{ú%s=%sú-_.~r—r›) rNrurœrrRržrŸrr r¡rv©rr>rxÚparamrirrrÚcanonical_query_strings ÿ z(HmacAuthV4Handler.canonical_query_stringcCsjg}|D]R}| ¡ ¡}t||ƒ}d|kr6| ¡}nd | ¡ ¡¡}| d||f¡qd t|ƒ¡S)rkú"ú rlrs)rer-ÚstrrvÚsplitrŸru)rrgÚ canonicalÚheaderZc_nameZ raw_valueZc_valuerrrrys   z#HmacAuthV4Handler.canonical_headerscCs dd„|Dƒ}t|ƒ}d |¡S)NcSsg|]}d| ¡ ¡‘qS©z%srmrnrrrrr¡sz4HmacAuthV4Handler.signed_headers..rrtrwrrrÚsigned_headers sz HmacAuthV4Handler.signed_headerscCsF|j}t |¡ dd¡}tj |¡}t|ƒdkrB| d¡rB|d7}|S)Nú\ú/é) rOÚ posixpathÚnormpathÚreplacerr r¡ÚlenÚendswith)rr>ÚpathÚ normalizedÚencodedrrrÚ canonical_uri¥s  zHmacAuthV4Handler.canonical_uricCsN|j}t|dƒr.t|dƒr.tjj|tddSt|tƒsB| d¡}t|ƒ  ¡S)NÚseekÚread)Zhash_algorithmrr) r|ÚhasattrrrRZ compute_hashr r†r‡r!rˆ)rr>r|rrrÚpayload°s   zHmacAuthV4Handler.payloadcCst|j ¡g}| | |¡¡| | |¡¡| |¡}| | |¡d¡| | |¡¡| | |¡¡d  |¡S)Nrs) rNÚupperrŸr½r©rgryr±rÁrv)rr>ÚcrrgrrrÚcanonical_request»s  z#HmacAuthV4Handler.canonical_requestcCsB|jjg}| |j¡| |j¡| |j¡| d¡d |¡S)NÚ aws4_requestr³)rr rŸÚ timestampr…r„rv)rr>ÚscoperrrrÇÅs      zHmacAuthV4Handler.scopecCs | d¡S)NÚ.)r­©rrrrrÚsplit_host_partsÍsz"HmacAuthV4Handler.split_host_partscCsb| |¡}|jdk r|j}nBt|ƒdkrV|ddkr:d}q^t|ƒdkrLd}q^|d}n|d}|S)Nr´zus-govz us-gov-west-1éú us-east-1r)rÊr…r¸)rrÚpartsr…rrrÚdetermine_region_nameÐs      z'HmacAuthV4Handler.determine_region_namecCs(| |¡}|jdk r|j}n|d}|S)Nr)rÊr„)rrrÍr„rrrÚdetermine_service_nameás   z(HmacAuthV4Handler.determine_service_namecCstg}|jddd…|_| |j¡| |j¡}| |j¡}||_||_| |j¡| |j¡| d¡d |¡S)Nr}rérÅr³) rMrÆrŸrÎrrÏr„r…rv)rr>rÇr…r„rrrÚcredential_scopeés      z"HmacAuthV4Handler.credential_scopecCsHdg}| |jd¡| | |¡¡| t| d¡ƒ ¡¡d |¡S)rzúAWS4-HMAC-SHA256r}rrs)rŸrMrÑr r!rˆrv)rr>rÄÚstsrrrr.ús z HmacAuthV4Handler.string_to_signcCsX|jj}| d| d¡|j¡}| ||j¡}| ||j¡}| |d¡}|j||ddS)NZAWS4rrÅT)rŠ)rrrŒr!rÆr…r„)rr>r.rVZk_dateZk_regionZ k_serviceZ k_signingrrrÚ signaturesÿ zHmacAuthV4Handler.signaturec Ksbd|jkr|jd=tj ¡}| d¡|jd<|jjrB|jj|jd<| |¡}|}d|krf| |d¡}|rš|jdkrš||_d|jd<t t |jƒƒ|jd <n&|j   d ¡d |_ |rÀ|j d ||_ |  |¡}tj d |¡| ||¡}tj d |¡| ||¡}tj d|¡| |¡} d| |¡g} |  d| | ¡¡|  d|¡d | ¡|jd<dS)z› Add AWS4 authentication to a request. :type req: :class`boto.connection.HTTPRequest` :param req: The HTTPRequest object. r^ú%Y%m%dT%H%M%SZr}r~Ú unmangled_reqr¤ú0application/x-www-form-urlencoded; charset=UTF-8ú Content-TypeúContent-Lengthú?rzCanonicalRequest: %srIrKzAWS4-HMAC-SHA256 Credential=%szSignedHeaders=%sr€ú,rLN)rMÚdatetimeÚutcnowÚstrftimerrPr£rNr|r¬r¸rºr­rÄrrSrTr.rÔrgrÇrŸr±rv) rrr?ÚnowÚqsZ qs_to_postrÄr.rÔrgrxrrrr@s8         zHmacAuthV4Handler.add_auth)NN)F)r5r6r7r8rArrŒrgrr£r©ryr±r½rÁrÄrÇrÊrÎrÏrÑr.rÔr@rrrrr‚Es.ÿ        r‚csˆeZdZdZdgZ‡fdd„Zdd„Zdd„Zd d „Zd d „Z d d„Z dd„Z dd„Z dd„Z ‡fdd„Z‡fdd„Zddd„Z‡ZS)ÚS3HmacAuthV4HandlerzN Implements a variant of Version 4 HMAC authorization specific to S3. ú hmac-v4-s3cs*tt|ƒj||Ž|jr&| |j¡|_dSr )r;rárr…Úclean_region_name)rÚargsr?r<rrrOszS3HmacAuthV4Handler.__init__cCs| d¡r|dd…S|S)Nús3-rË)rf)rr…rrrrãUs  z%S3HmacAuthV4Handler.clean_region_namecCs0tj |j¡}tj |j¡}tjj|dd}|S)Nz/~r—)rr rrºÚunquoter¡)rr>rºZunquotedr¼rrrr½[sz!S3HmacAuthV4Handler.canonical_uric CsZg}t|jƒD]@}tj |j|¡}| dtjj|ddtjj|ddf¡qd  |¡S)Nr¥r¦r—r›) rurœrrRržrŸrr r¡rvr§rrrr©esÿ z*S3HmacAuthV4Handler.canonical_query_stringcCs<|j}|jdk}|dkr|r(|dkr.|r.|jSd|j|fSr)r“r”rr•rrrrps  zS3HmacAuthV4Handler.host_headercCsF| |j|¡}d|i}|j ¡D] \}}| ¡}|dkr |||<q |S)rarb)Ú authorization)rrrMrdrerrrrrgws z#S3HmacAuthV4Handler.headers_to_signcCs¢| |¡}|jdk r|j}n‚t|ƒdkrD| |d¡}|dkržd}nZtt|ƒƒD]L\}}| ¡}|dkr„|| }|dkr~d}qžqP| d¡rP| |¡}qžqP|S)NrËrrDrÌZ amazonawsrå)rÊr…r¸rãÚ enumerateÚreversedrerf)rrrÍr…ÚoffsetÚpartrrrr·s$      z)S3HmacAuthV4Handler.determine_region_namecCsdS)NrDrrÉrrrrÏ´sz*S3HmacAuthV4Handler.determine_service_namec Csœt |¡}tj |j¡}|j|_|jdkr2i|_n|j ¡}||_|j}t|dd}|  ¡D].\}}t |t t fƒr\t |ƒdkr\|d||<q\|j |¡|S)z| Returns a copy of the request object with fixed ``auth_path/params`` attributes from the original. NT)Úkeep_blank_valuesr´r)r0rr rrOrºrœÚqueryrrdr†ÚlistÚtupler¸r*) rrZ modified_reqZ parsed_pathZ copy_paramsZraw_qsZ existing_qsrVrirrrÚmangle_path_and_paramsºs$   þ  z*S3HmacAuthV4Handler.mangle_path_and_paramscs&|j d¡r|jdStt|ƒ |¡S)Núx-amz-content-sha256)rMrŽr;rárÁ)rr>r<rrrÁäs  zS3HmacAuthV4Handler.payloadc s^d|jkr8d|jkr(|j d¡|jd<n| |¡|jd<| |¡}tt|ƒj|fd|i|—ŽS)NrñÚ_sha256rÖ)rMÚpoprÁrðr;rár@)rrr?Z updated_reqr<rrr@ês   ÿþzS3HmacAuthV4Handler.add_authNc Cs|dkrtj ¡ d¡}| |j¡}| |j¡}dd|jj|dd…||f||ddœ}|jjrl|jj|d<|  |¡}t d d „|Dƒƒ}d   |¡|d <|j   |¡| |¡} d   |  d ¡dd…¡d} ||jd<| || ¡} | || ¡} | |j d<d|j|j|jtj |j ¡fS)zè Presign a request using SigV4 query params. Takes in an HTTP request and an expiration time in seconds and returns a URL. http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html NrÕrÒz%s/%s/%s/%s/aws4_requestrÐr)zX-Amz-AlgorithmzX-Amz-Credentialr}z X-Amz-ExpiresúX-Amz-SignedHeadersr~cSsg|]}d| ¡ ¡‘qSr°rmrnrrrrrsz/S3HmacAuthV4Handler.presign..rrôrséÿÿÿÿz UNSIGNED-PAYLOADr}zX-Amz-Signaturez %s://%s%s?%s)rÜrÝrÞrÎrrÏrr rPrgrurvrœr*rÄr­rMr.rÔr”rºrr Ú urlencode) rrÚexpiresZiso_dateÚregionZservicerœrgrxrÃrÓrÔrrrÚpresignõs<   üö          ÿzS3HmacAuthV4Handler.presign)N)r5r6r7r8rArrãr½r©rrgrÎrÏrðrÁr@rùrBrrr<rráIs   -*  rác@s.eZdZdZdgZdd„Zdd„Zdd„Zd S) ÚSTSAnonHandlerz¥ Provides pure query construction (no actual signing). Used for making anonymous STS request for operations like ``assume_role_with_web_identity``. zsts-anoncCs tj |¡Sr )rr r¡)rrirrrÚ _escape_value4szSTSAnonHandler._escape_valuec Csbt| ¡ƒ}|jdd„dg}|D]2}tj ||¡}| |d| | d¡¡¡q$d  |¡S)NcSs| ¡Sr ©re©ÚxrrrÚ=óz4STSAnonHandler._build_query_string..©rVr™rr›) rîrÚsortrrRržrŸrûr,rv)rrœrr¢rVÚvalrrrÚ_build_query_string;s  z"STSAnonHandler._build_query_stringcKs4|j}| |j¡}tj d|¡d|d<||_dS)Nzquery_string in body: %sz!application/x-www-form-urlencodedrØ)rMrrœrrSrTr|)rr>r?rMràrrrr@DsÿzSTSAnonHandler.add_authN)r5r6r7r8rArûrr@rrrrrú*s  rúc@seZdZdZdd„ZdS)ÚQuerySignatureHelperzy Helper for Query signature based Auth handler. Concrete sub class need to implement _calc_sigature method. cKsÚ|j}|j}|jj|d<|j|d<tj ¡|d<| |j|j |j |j ¡\}}tj   d||f¡|j dkržd|d<|dtj |¡|_tt|jƒƒ|jd <n8d |_|j d ¡d |_|jd |dtj |¡|_dS) NÚAWSAccessKeyIdÚSignatureVersionÚ Timestampúquery_string: %s Signature: %sr¤r×rØú &Signature=rÙr{rÚr)rMrœrr rrrRÚget_tsÚ_calc_signaturerNrOrrSrTrr Ú quote_plusr|r¬r¸rºr­)rr>r?rMrœràrÔrrrr@Ws.  þ  ÿ ÿzQuerySignatureHelper.add_authN)r5r6r7r8r@rrrrrPsrc@s"eZdZdZdZdgZdd„ZdS)ÚQuerySignatureV0AuthHandlerzProvides Signature V0 Signingrzsign-v0c Gs tj d¡| ¡}|d|d}| | d¡¡| ¡}|jdd„dg}|D].}tj  ||¡}|  |dt j   |¡¡qTd  |¡} | t | ¡¡fS) Nzusing _calc_signature_0ÚActionrrcSst| ¡| ¡ƒSr )Úcmpre)rþÚyrrrrÿzrz=QuerySignatureV0AuthHandler._calc_signature..)rr™r›)rrSrTr(r*r!rrrRržrŸrr r¡rvÚbase64Ú b64encoder+) rrœrärr_rr¢rVrràrrrr ts  z+QuerySignatureV0AuthHandler._calc_signatureN©r5r6r7r8rrAr rrrrrnsrc@s,eZdZdZdZddgZdd„Zdd„Zd S) ÚQuerySignatureV1AuthHandlerz5 Provides Query Signature V1 Authentication. r´zsign-v1ZmturkcOs.tj|f|ž|Žtj|f|ž|Žd|_dSr )rrrr$)rräÚkwrrrr‹sz$QuerySignatureV1AuthHandler.__init__c Gsžtj d¡| ¡}t| ¡ƒ}|jdd„dg}|D]H}| | d¡¡tj   ||¡}| |¡|  |dt j  |¡¡q8d |¡}|t | ¡¡fS)Nzusing _calc_signature_1cSs| ¡Sr rürýrrrrÿ”rz=QuerySignatureV1AuthHandler._calc_signature..rrr™r›)rrSrTr(rîrrr*r!rRržrŸrr r¡rvrrr+) rrœrärrr¢rVrràrrrr s    z+QuerySignatureV1AuthHandler._calc_signatureN)r5r6r7r8rrArr rrrrrƒs rc @s8eZdZdZdZdddddddd d d d d g Zdd„ZdS)ÚQuerySignatureV2AuthHandlerz+Provides Query Signature V2 Authentication.ézsign-v2Úec2ZemrZfpsZecsZsdbZiamZrdsZsnsZsqsZcloudformationc Cstj d¡d|| ¡|f}| ¡}| ¡|d<|jjrF|jj|d<t|  ¡ƒ}g}|D]>} tj   || ¡} |  t jj| dddt jj| dd¡qZd  |¡} tj d | ¡|| 7}tj d |¡| | d ¡¡t | ¡¡} tj d t| ƒ¡tj d| ¡| | fS)Nzusing _calc_signature_2z %s %s %s ZSignatureMethodZ SecurityTokenr{r—r™ršr›zquery string: %szstring_to_sign: %srz len(b64)=%dzbase64 encoded digest: %s)rrSrTrer(r'rrPrurrRržrŸrr r¡rvr*r!rrr+r¸) rrœZverbrºZ server_namer.rrr¢rVrràZb64rrrr ¦s,    ÿ z+QuerySignatureV2AuthHandler._calc_signatureNrrrrrrŸs ÿrc@seZdZdZdgZdd„ZdS)ÚPOSTPathQSV2AuthHandlerz„ Query Signature V2 Authentication relocating signed query into the path and allowing POST requests with Content-Types. ZmwscKsÊ|jj|jd<|j|jd<tj ¡|jd<| |j|j|j |j ¡\}}tj   d||f¡|jdkrŽt t|jƒƒ|jd<|j dd¡|jd<nd |_|j d ¡d |_|jd |d tj |¡|_dS) Nrrrr r¤rÙrØz text/plainr{rÚrr )rr rœrrrRr r rNrOrrSrTr¬r¸r|rMrŽrºr­rr r )rrr?ràrÔrrrr@Æs(  ÿ ÿ  ÿ ÿz POSTPathQSV2AuthHandler.add_authN)r5r6r7r8rAr@rrrrr¾src Cs†g}tj t|¡}|D]4}z| ||||ƒ¡Wqtjjk rHYqXq|s~|}dd„|Dƒ}tj dt |ƒt |ƒf¡‚|dS)aÇFinds an AuthHandler that is ready to authenticate. Lists through all the registered AuthHandlers to find one that is willing to handle for the requested capabilities, config and provider. :type host: string :param host: The name of the host :type config: :param config: :type provider: :param provider: Returns: An implementation of AuthHandler. Raises: boto.exception.NoAuthHandlerFound cSsg|] }|j‘qSr)r5)roÚhandlerrrrrrùsz$get_auth_handler..zYNo handler was ready to authenticate. %d handlers were checked. %s Check your credentialsrõ) rZpluginZ get_pluginrrŸrrÚ exceptionZNoAuthHandlerFoundr¸r¬) rrrZrequested_capabilityZready_handlersZ auth_handlersrZchecked_handlersÚnamesrrrÚget_auth_handlerÚs þÿrcs‡fdd„}|S)Ncsjtj dd¡rdgStj ddd¡r*dgSt|dƒrbt|jddƒrbtD]}||jj krFdgSqFˆ|ƒS) NZ EC2_USE_SIGV4Frƒrú use-sigv4røÚendpointr{) ÚosÚenvironrŽrrrÀÚgetattrrøÚ SIGV4_DETECTr )rÚtest©ÚfuncrrÚ_wrapper s   z(detect_potential_sigv4.._wrapperr©r'r(rr&rÚdetect_potential_sigv4 s r*cs‡fdd„}|S)Ncsôtj dd¡rdgStj ddd¡r*dgStˆdƒs<ˆˆƒStD]}|ˆjkr@dgSq@ˆj}ˆj d¡rxˆj d¡r€d|}t |ƒj }|  d ¡s¦|  d ¡s¦ˆˆƒS|  d ¡r¸ˆˆƒSt ‡fd d „t DƒƒrÖˆˆƒStˆdƒrîˆjrƒSdgS)NZ S3_USE_SIGV4FrârDrrzhttp://zhttps://z amazonaws.comzamazonaws.com.cnzs3.amazonaws.comc3s|]}|ˆjkVqdSr )r)ror%r&rrÚ Asz=detect_potential_s3sigv4.._wrapper..r:)r!r"rŽrrrÀr$rrfrÚnetlocr¹ÚanyÚS3_AUTH_DETECTr:)rr%rr,r&r&rr("s4     ÿ  ÿ z*detect_potential_s3sigv4.._wrapperrr)rr&rÚdetect_potential_s3sigv4!s )r/)N).r8rrZboto.auth_handlerZboto.exceptionZ boto.pluginZ boto.utilsr0rÜÚ email.utilsrrr!rµZ boto.compatrrrrrrÚhashlibr r"r Ú ImportErrorr.r$Úobjectr r9rCr[r\r`r‚rárúrrrrrrr*r/rrrrÚs˜     ìò1#Kb& 2