o ?cvq@sddlZddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z m Z mZddlmZddlmZGdddZGd d d Zd d Zdd dZGdddZddZ dddZddZ dddZddZdS)N)create_request_objectprepare_request_dict) OrderedDict)UnknownClientMethodErrorUnknownSignatureVersionError UnsupportedSignatureVersionError)datetime2timestamp) fix_s3_hostc@seZdZdZ dddZeddZeddZed d Zdd d Z   dddZ ddZ dddZ e Z   dddZdS) RequestSignera0 An object to sign requests before they go out over the wire using one of the authentication mechanisms defined in ``auth.py``. This class fires two events scoped to a service and operation name: * choose-signer: Allows overriding the auth signer name. * before-sign: Allows mutating the request before signing. Together these events allow for customization of the request signing pipeline, including overrides, request path manipulation, and disabling signing per operation. :type service_id: botocore.model.ServiceId :param service_id: The service id for the service, e.g. ``S3`` :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type signature_version: string :param signature_version: Signature name like ``v4``. :type credentials: :py:class:`~botocore.credentials.Credentials` :param credentials: User credentials with which to sign requests. :type event_emitter: :py:class:`~botocore.hooks.BaseEventHooks` :param event_emitter: Extension mechanism to fire events. NcCs4||_||_||_||_||_||_t||_dSN) _region_name _signing_name_signature_version _credentials _auth_token _service_idweakrefproxy_event_emitter)selfZ service_id region_name signing_namesignature_version credentialsZ event_emitterZ auth_tokenrk/private/var/folders/cw/wlscbxl13mj6wd668h7l9g9sllkg5j/T/pip-target-b31awkwq/lib/python/botocore/signers.py__init__Ds zRequestSigner.__init__cC|jSr )r rrrrrXzRequestSigner.region_namecCrr )rrrrrr\rzRequestSigner.signature_versioncCrr )r rrrrr`rzRequestSigner.signing_namecKs |||Sr )sign)roperation_namerequestkwargsrrrhandlerds zRequestSigner.handlerstandardc Cs|}|dur |j}|dur|j}||||j}|jjd|j||||j|||d|t j kr|||d} |dur@|| d<|j di} |sT| drT| d| d<| d r_| d | d <z |j d i| } Wnt y} z |d krzt|d | d} ~ ww| |dSdS) a<Sign a request before it goes out over the wire. :type operation_name: string :param operation_name: The name of the current operation, e.g. ``ListBuckets``. :type request: AWSRequest :param request: The request object to be sent over the wire. :type region_name: str :param region_name: The region to sign the request for. :type signing_type: str :param signing_type: The type of signing to perform. This can be one of three possible values: * 'standard' - This should be used for most requests. * 'presign-url' - This should be used when pre-signing a request. * 'presign-post' - This should be used when pre-signing an S3 post. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. This parameter is only valid for signing type 'presign-url'. :type signing_name: str :param signing_name: The name to use for the service when signing. Nzbefore-sign.{}.{})r"rrrrequest_signerr!)rrrexpiresZsigningregionrrr%rr)r r _choose_signercontextremitformatr hyphenizebotocoreUNSIGNEDgetget_auth_instancerrZadd_auth) rr!r"r signing_type expires_inrZexplicit_region_namerr#Zsigning_contextautherrrr ksV#     zRequestSigner.signc Csddd}||d}|j}|tjur||s||7}|jjd|j ||j |j ||d\}}|durF|}|tjurF||sF||7}|S)ai Allow setting the signature version via the choose-signer event. A value of `botocore.UNSIGNED` means no signing will be performed. :param operation_name: The operation to sign. :param signing_type: The type of signing that the signer is to be used for. :return: The signature version to sign with. z -presign-postz-query) presign-post presign-urlzchoose-signer.{}.{})rrrr+N) r1rr/r0endswithrZemit_until_responser-rr.r r ) rr!r3r+Zsigning_type_suffix_mapsuffixrr$responserrrr*s6     zRequestSigner._choose_signerc Ks|dur|j}tjj|}|durt|d|jdur.d}|jdur(|j}||}|Sd}|j dur:|j }||d<|j rS|j durKtj ||d<||d<|di|}|S)a Get an auth instance which can be used to sign a request using the given signature version. :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signature_version: string :param signature_version: Signature name like ``v4``. :rtype: :py:class:`~botocore.auth.BaseSigner` :return: Auth instance to sign a request. Nr)TrrZ service_namer)rr/r5ZAUTH_TYPE_MAPSr1rZREQUIRES_TOKENrZget_frozen_tokenrZget_frozen_credentialsZREQUIRES_REGIONr exceptionsZ NoRegionError) rrrrr#clsZ frozen_tokenr5Zfrozen_credentialsrrrr2s0       zRequestSigner.get_auth_instancecCs*t|}||||d||||jS)aGenerates a presigned url :type request_dict: dict :param request_dict: The prepared request dictionary returned by ``botocore.awsrequest.prepare_request_dict()`` :type operation_name: str :param operation_name: The operation being signed. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds) :type region_name: string :param region_name: The region name to sign the presigned url. :type signing_name: str :param signing_name: The name to use for the service when signing. :returns: The presigned url r8)rr prepareurl)r request_dictr!r4rrr"rrrgenerate_presigned_url$s z$RequestSigner.generate_presigned_urlr NN)Nr%NN)r?NN)__name__ __module__ __qualname____doc__rpropertyrrrr$r r*r2Zget_authrCrrrrr !s0*       T. 6r c@s>eZdZdZddZd ddZddZ d d d Zd d ZdS)CloudFrontSigneraA signer to create a signed CloudFront URL. First you create a cloudfront signer based on a normalized RSA signer:: import rsa def rsa_signer(message): private_key = open('private_key.pem', 'r').read() return rsa.sign( message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')), 'SHA-1') # CloudFront requires SHA-1 hash cf_signer = CloudFrontSigner(key_id, rsa_signer) To sign with a canned policy:: signed_url = cf_signer.generate_signed_url( url, date_less_than=datetime(2015, 12, 1)) To sign with a custom policy:: signed_url = cf_signer.generate_signed_url(url, policy=my_policy) cCs||_||_dS)aCreate a CloudFrontSigner. :type key_id: str :param key_id: The CloudFront Key Pair ID :type rsa_signer: callable :param rsa_signer: An RSA signer. Its only input parameter will be the message to be signed, and its output will be the signed content as a binary string. The hash algorithm needed by CloudFront is SHA-1. N)key_id rsa_signer)rrKrLrrrrgs zCloudFrontSigner.__init__Nc Cs|duo|du}|duo|du}|s|rd}t||dur$|||}t|tr.|d}|durs4    0 6R A z