B =@Sa_[ã@süddlZddlmZddlmZmZmZmZmZddl m Z m Z m Z m Z mZddlmZddlmZGdd„deƒZGd d „d eƒZGd d „d eƒZGd d„deƒZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZeeeeeeedœZdS)éN)ÚBytesIO)Ú_host_from_urlÚ_get_body_as_dictÚ BaseSignerÚSIGNED_HEADERS_BLACKLISTÚUNSIGNED_PAYLOAD)ÚawscrtÚ HTTPHeadersÚparse_qsÚurlsplitÚ urlunsplit)Úpercent_encode_sequence)ÚNoCredentialsErrorc@sveZdZdZddddgZejjjZ dZ dZ dd„Z dd „Z d d „Zd d „Zdd„Zdd„Zdd„Zdd„Zdd„ZdS)Ú CrtSigV4AuthTÚ Authorizationz X-Amz-DatezX-Amz-Content-SHA256zX-Amz-Security-TokencCs||_||_||_d|_dS)N)Ú credentialsÚ _service_nameÚ _region_nameÚ_expiration_in_seconds)ÚselfrÚ service_nameÚ region_name©rúi/private/var/folders/fg/1jzmct0d7d72tjkvm_1nhqc5sw67yj/T/pip-unpacked-wheel-ef76ia09/botocore/crt/auth.pyÚ__init__szCrtSigV4Auth.__init__c Cs|jdkrtƒ‚tj ¡jtjjd}| |¡}| |¡t j j j |jj |jj|jjd}| |¡rt|rn|}qxd}nt}| |¡rŽt j jj}n t j jj}t j jt j jj|j||j|j||j|j|j|||jd }|  |¡}t j  !||¡} |  "¡| #||¡dS)N)Útzinfo)Ú access_key_idÚsecret_access_keyÚ session_token) Ú algorithmÚsignature_typeÚcredentials_providerÚregionÚserviceÚdateÚshould_sign_headerÚuse_double_uri_encodeÚshould_normalize_uri_pathÚsigned_body_valueÚsigned_body_header_typeÚexpiration_in_seconds)$rrÚdatetimeÚutcnowÚreplaceÚtimezoneÚutcÚ_get_existing_sha256Ú_modify_request_before_signingrÚauthÚAwsCredentialsProviderÚ new_staticÚ access_keyÚ secret_keyÚtokenÚ_should_sha256_sign_payloadrÚ!_should_add_content_sha256_headerÚAwsSignedBodyHeaderTypeÚX_AMZ_CONTENT_SHA_256ÚNONEÚAwsSigningConfigÚAwsSigningAlgorithmZV4Ú_SIGNATURE_TYPErrÚ_should_sign_headerÚ_USE_DOUBLE_URI_ENCODEÚ_SHOULD_NORMALIZE_URI_PATHrÚ_crt_request_from_aws_requestÚaws_sign_requestÚresultÚ_apply_signing_changes) rÚrequestÚ datetime_nowÚexisting_sha256r!Úexplicit_payloadÚ body_headerÚsigning_configÚ crt_requestÚfuturerrrÚadd_authsF            zCrtSigV4Auth.add_authc CsÒt|jƒ}|jr|jnd}|jrjg}x0|j ¡D]"\}}t|ƒ}| d||f¡q0W|dd |¡}n|jr~d||jf}t j   |j  ¡¡}d}|j r¸t|j dƒr®|j }n t|j ƒ}t j j|j|||d} | S)Nú/z%s=%sú?ú&z%s?%sÚseek)ÚmethodÚpathÚheadersÚ body_stream)r ÚurlrUÚparamsÚitemsÚstrÚappendÚjoinÚqueryrÚhttpÚ HttpHeadersrVÚbodyÚhasattrrÚ HttpRequestrT) rÚ aws_requestÚ url_partsÚcrt_pathÚarrayÚparamÚvalueÚ crt_headersÚcrt_body_streamrMrrrrCRs,   z*CrtSigV4Auth._crt_request_from_aws_requestcCst t|jƒ¡|_dS)N)r Ú from_pairsÚlistrV)rrdÚsigned_crt_requestrrrrFosz#CrtSigV4Auth._apply_signing_changescKs | ¡tkS)N)Úlowerr)rÚnameÚkwargsrrrr@tsz CrtSigV4Auth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkrZ V4_ASYMMETRICr?rrr@rArBrrCrDrErF) rrGrHrIr!rJrKrLrMrNrrrrOÕsF            zCrtSigV4AsymAuth.add_authc CsÒt|jƒ}|jr|jnd}|jrjg}x0|j ¡D]"\}}t|ƒ}| d||f¡q0W|dd |¡}n|jr~d||jf}t j   |j  ¡¡}d}|j r¸t|j dƒr®|j }n t|j ƒ}t j j|j|||d} | S)NrPz%s=%srQrRz%s?%srS)rTrUrVrW)r rXrUrYrZr[r\r]r^rr_r`rVrarbrrcrT) rrdrerfrgrhrirjrkrMrrrrC s,   z.CrtSigV4AsymAuth._crt_request_from_aws_requestcCst t|jƒ¡|_dS)N)r rlrmrV)rrdrnrrrrF&sz'CrtSigV4AsymAuth._apply_signing_changescKs | ¡tkS)N)ror)rrprqrrrr@+sz$CrtSigV4AsymAuth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkr’szHCrtSigV4AsymQueryAuth._modify_request_before_signing..T)Úkeep_blank_valuesÚrééé)r…r1rVrur rXÚdictr r^rZÚdataÚupdaterr r )rrGÚ content_typereÚ query_dictÚnew_query_stringÚpÚ new_url_parts)rˆrrr1‚s    z4CrtSigV4AsymQueryAuth._modify_request_before_signingcsLtƒ ||¡t|jƒj}t|jƒ}t|d|d|d||dfƒ|_dS)Nrr”r•r–)r…rFr rUr^rXr )rrdrnÚ signed_queryr)rˆrrrF¬s  z,CrtSigV4AsymQueryAuth._apply_signing_changes) rzr{r|ÚDEFAULT_EXPIRESrr2r~ÚHTTP_REQUEST_QUERY_PARAMSr?rr1rFr‰rr)rˆrrŒys   *rŒc@s(eZdZdZdZdZdd„Zdd„ZdS)ÚCrtS3SigV4AsymQueryAuthz¢S3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcCsdS)NFr)rrGrrrr8Çsz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrJrrrr9Îsz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerN)rzr{r|Ú__doc__rArBr8r9rrrrr¢½s r¢csFeZdZdZejjjZef‡fdd„ Z ‡fdd„Z ‡fdd„Z ‡Z S)ÚCrtSigV4QueryAuthicstƒ |||¡||_dS)N)r…rr)rrrrr)rˆrrr×szCrtSigV4QueryAuth.__init__cs¤tƒ |¡|j d¡}|dkr(|jd=t|jƒ}tdd„t|jdd  ¡Dƒƒ}|j rl|  t |ƒ¡d|_ t |ƒ}|}|d|d |d ||d f}t|ƒ|_dS) Nz content-typez0application/x-www-form-urlencoded; charset=utf-8cSsg|]\}}||df‘qS)rr)rŽrrrrrr‘ìszDCrtSigV4QueryAuth._modify_request_before_signing..T)r’r“rr”r•r–)r…r1rVrur rXr—r r^rZr˜r™rr r )rrGršrer›rœrrž)rˆrrr1Üs    z0CrtSigV4QueryAuth._modify_request_before_signingcsLtƒ ||¡t|jƒj}t|jƒ}t|d|d|d||dfƒ|_dS)Nrr”r•r–)r…rFr rUr^rXr )rrdrnrŸr)rˆrrrFs  z(CrtSigV4QueryAuth._apply_signing_changes) rzr{r|r rr2r~r¡r?rr1rFr‰rr)rˆrr¤Ós   *r¤c@s(eZdZdZdZdZdd„Zdd„ZdS)ÚCrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html FcCsdS)NFr)rrGrrrr8#sz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrJrrrr9*sz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerN)rzr{r|r£rArBr8r9rrrrr¥s r¥)Zv4zv4-queryZv4aZs3v4z s3v4-queryZs3v4az s3v4a-query)r+ÚiorZ botocore.authrrrrrZbotocore.compatrr r r r Zbotocore.utilsr Zbotocore.exceptionsrrr€rŠr‹rŒr¢r¤r¥ZCRT_AUTH_TYPE_MAPSrrrrÚs,   0/DD