o ?c`@sddlZddlmZddlmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZGdddeZGd d d eZGd d d eZGd ddeZGdddeZGdddeZGdddeZGdddeZeeeeeeedZdS)N)BytesIO)SIGNED_HEADERS_BLACKLIST"STREAMING_UNSIGNED_PAYLOAD_TRAILERUNSIGNED_PAYLOAD BaseSigner_get_body_as_dict_host_from_url) HTTPHeadersawscrtparse_qsurlsplit urlunsplit)NoCredentialsError)percent_encode_sequencec@zeZdZdZgdZejjjZ dZ dZ ddZ ddZ ddZd d Zd d Zd dZddZddZddZddZdS) CrtSigV4AuthT Authorizationz X-Amz-DateX-Amz-Content-SHA256zX-Amz-Security-TokencC||_||_||_d|_dSN credentials _service_name _region_name_expiration_in_secondsselfr service_name region_namer l/private/var/folders/cw/wlscbxl13mj6wd668h7l9g9sllkg5j/T/pip-target-b31awkwq/lib/python/botocore/crt/auth.py__init__ zCrtSigV4Auth.__init__cC0|jdi}|d}t|to|ddkSNchecksumrequest_algorithmintrailercontextget isinstancedictrrequestchecksum_context algorithmr r r!_is_streaming_checksum_payload# z+CrtSigV4Auth._is_streaming_checksum_payloadc C|jdurttjjtjjd}||}||t j j j |jj |jj|jjd}||r5t}n||rB|r?|}nd}nt}||rOt j jj}nt j jj}t j jt j jj|j||j|j||j|j|j |||j!d }|"|}t j #||} | $|%||dSN)tzinfo)Z access_key_idZsecret_access_keyZ session_token) r2Zsignature_typecredentials_providerregionZservicedateZshould_sign_headerZuse_double_uri_encodeZshould_normalize_uri_pathZsigned_body_valueZsigned_body_header_typeZexpiration_in_seconds)&rrdatetimeutcnowreplacetimezoneutc_get_existing_sha256_modify_request_before_signingr authAwsCredentialsProvider new_static access_key secret_keytokenr3r_should_sha256_sign_payloadr!_should_add_content_sha256_headerAwsSignedBodyHeaderTypeX_AMZ_CONTENT_SHA_256NONEAwsSigningConfigAwsSigningAlgorithmZV4_SIGNATURE_TYPErr_should_sign_header_USE_DOUBLE_URI_ENCODE_SHOULD_NORMALIZE_URI_PATHr_crt_request_from_aws_requestaws_sign_requestresult_apply_signing_changes rr0Z datetime_nowZexisting_sha256r8explicit_payloadZ body_headerZsigning_config crt_requestfuturer r r!add_auth(R         zCrtSigV4Auth.add_authc Ct|j}|jr |jnd}|jr4g}|jD]\}}t|}||d|q|dd|}n |jr?|d|j}t j |j }d}|j r\t|j drW|j }nt|j }t j j|j|||d} | SN/=?&seek)methodpathheadersZ body_streamr urlreparamsitemsstrappendjoinqueryr httpZ HttpHeadersrfbodyhasattrrZ HttpRequestrd r aws_request url_partsZcrt_patharrayparamvalueZ crt_headersZcrt_body_streamrYr r r!rSa.   z*CrtSigV4Auth._crt_request_from_aws_requestcCtt|j|_dSrr Z from_pairslistrfrrssigned_crt_requestr r r!rV z#CrtSigV4Auth._apply_signing_changescK |tvSrlowerrrnamekwargsr r r!rP z CrtSigV4Auth._should_sign_headercC@|jD] }||jvr|j|=qd|jvrt|j|jd<dSdSNhost_PRESIGNED_HEADERS_BLOCKLISTrfrrhrr0hr r r!rA   z+CrtSigV4Auth._modify_request_before_signingcC |jdSNrrfr,rr0r r r!r@rz!CrtSigV4Auth._get_existing_sha256cC|jdsdS|jddSNhttpsTpayload_signing_enabledrh startswithr+r,rr r r!rH z(CrtSigV4Auth._should_sha256_sign_payloadcC|duSrr rrXr r r!rIz.CrtSigV4Auth._should_add_content_sha256_headerN)__name__ __module__ __qualname__REQUIRES_REGIONrr rBAwsSignatureTypeHTTP_REQUEST_HEADERSrOrQrRr"r3r[rSrVrPrAr@rHrIr r r r!rs  9  rc4eZdZdZdZddZfddZddZZS)CrtS3SigV4AuthFcCdSrr rr r r!r@z#CrtS3SigV4Auth._get_existing_sha256cs|jd}t|dd}|duri}|dd}|dur|Sd}|jdi}|d}t|tr<|ddkr<|d }|jd rG||jvrId S|jd d rRd St |S)N client_configs3r Content-MD5r&r'r(headerrrThas_streaming_inputF) r+r,getattrr-r.rhrrfsuperrH)rr0r s3_config sign_payloadZchecksum_headerr1r2 __class__r r!rHs(      z*CrtS3SigV4Auth._should_sha256_sign_payloadcCdSNTr rr r r!rIrz0CrtS3SigV4Auth._should_add_content_sha256_header rrrrQrRr@rHrI __classcell__r r rr!rs  )rc@r)CrtSigV4AsymAuthTrcCrrrrr r r!r"r#zCrtSigV4AsymAuth.__init__c Cr5r6)&rrr;r<r=r>r?r@rAr rBrCrDrErFrGr3rrHrrIrJrKrLrMrNZ V4_ASYMMETRICrOrrrPrQrRrrSrTrUrVrWr r r!r[r\zCrtSigV4AsymAuth.add_authc Cr]r^rgrrr r r!rS&rxz.CrtSigV4AsymAuth._crt_request_from_aws_requestcCryrrzr|r r r!rVDr~z'CrtSigV4AsymAuth._apply_signing_changescKrrrrr r r!rPJrz$CrtSigV4AsymAuth._should_sign_headercCrrrrr r r!rAMrz/CrtSigV4AsymAuth._modify_request_before_signingcCrrrrr r r!r@Wrz%CrtSigV4AsymAuth._get_existing_sha256cCr$r%r*r/r r r!r3Zr4z/CrtSigV4AsymAuth._is_streaming_checksum_payloadcCrrrrr r r!rH_rz,CrtSigV4AsymAuth._should_sha256_sign_payloadcCrrr rr r r!rIirz2CrtSigV4AsymAuth._should_add_content_sha256_headerN)rrrrrr rBrrrOrQrRr"r[rSrVrPrAr@r3rHrIr r r r!rs  9  rcr)CrtS3SigV4AsymAuthFcCrrr rr r r!r@srz'CrtS3SigV4AsymAuth._get_existing_sha256cst|jd}t|dd}|duri}|dd}|dur|S|jdr)d|jvr+dS|jddr4dSt|S) NrrrrrTrF)r+r,rrhrrfrrH)rr0rrrrr r!rHws     z.CrtS3SigV4AsymAuth._should_sha256_sign_payloadcCrrr rr r r!rIrz4CrtS3SigV4AsymAuth._should_add_content_sha256_headerrr r rr!rns  $rcFeZdZdZejjjZeffdd Z fddZ fddZ Z S)CrtSigV4AsymQueryAuthct|||||_dSrrr"rrrrrexpiresrr r!r" zCrtSigV4AsymQueryAuth.__init__c st||jd}|dkr|jd=t|j}t|jdd}dd|D}|j r6| t |d|_ t |}|}|d|d |d ||d f}t ||_dS) N content-type0application/x-www-form-urlencoded; charset=utf-8Tkeep_blank_valuescSi|] \}}||dqSrr .0kvr r r! szHCrtSigV4AsymQueryAuth._modify_request_before_signing..r)rrArfr,r rhr rnrjdataupdaterrr ) rr0 content_typertZquery_string_parts query_dictnew_query_stringp new_url_partsrr r!rAs    z4CrtSigV4AsymQueryAuth._modify_request_before_signingcLt||t|jj}t|j}t|d|d|d||df|_dSNrrrrrrVr rernrhr rrsr}Z signed_queryrrr r!rV  ( z,CrtSigV4AsymQueryAuth._apply_signing_changes rrrZDEFAULT_EXPIRESr rBrZHTTP_REQUEST_QUERY_PARAMSrOr"rArVrr r rr!rs  *rc@(eZdZdZdZdZddZddZdS)CrtS3SigV4AsymQueryAuthzS3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcCrNFr rr r r!rHz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCrrr rr r r!rIrz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerNrrr__doc__rQrRrHrIr r r r!rs  rcr)CrtSigV4QueryAuthrcrrrrrr r!r"rzCrtSigV4QueryAuth.__init__cst||jd}|dkr|jd=t|j}ddt|jddD}|j r3| |j i|_ |j r@| t |d|_ t |}|}|d|d |d ||d f}t||_dS) NrrcSrrr rr r r!rszDCrtSigV4QueryAuth._modify_request_before_signing..Trrrrrr)rrArfr,r rhr rnrjrirrrrr )rr0rrtrrrrrr r!rAs*     z0CrtSigV4QueryAuth._modify_request_before_signingcrrrrrr r!rV5rz(CrtSigV4QueryAuth._apply_signing_changesrr r rr!rs  0rc@r)CrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html FcCrrr rr r r!rHRrz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCrrr rr r r!rIYrz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerNrr r r r!rFs  r)Zv4zv4-queryZv4aZs3v4z s3v4-queryZs3v4az s3v4a-query)r;iorZ botocore.authrrrrrrZbotocore.compatr r r r r Zbotocore.exceptionsrZbotocore.utilsrrrrrrrrrZCRT_AUTH_TYPE_MAPSr r r r!s0    72EK