B ㊇cb@sddlZddlmZddlmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZGdddeZGd d d eZGd d d eZGd ddeZGdddeZGdddeZGdddeZGdddeZeeeeeeedZdS)N)BytesIO)SIGNED_HEADERS_BLACKLIST"STREAMING_UNSIGNED_PAYLOAD_TRAILERUNSIGNED_PAYLOAD BaseSigner_get_body_as_dict_host_from_url) HTTPHeadersawscrtparse_qsurlsplit urlunsplit)NoCredentialsError)percent_encode_sequencec@s~eZdZdZddddgZejjjZ dZ dZ ddZ dd Z d d Zd d ZddZddZddZddZddZddZdS) CrtSigV4AuthT Authorizationz X-Amz-DatezX-Amz-Content-SHA256zX-Amz-Security-TokencCs||_||_||_d|_dS)N) credentials _service_name _region_name_expiration_in_seconds)selfr service_name region_namerl/private/var/folders/8c/hx9_v10d5x38qmnzt13b7b8j1k3n5b/T/pip-target-x6xd5gna/lib/python/botocore/crt/auth.py__init__*szCrtSigV4Auth.__init__cCs0|jdi}|d}t|to.|ddkS)Nchecksumrequest_algorithmintrailer)contextget isinstancedict)rrequestchecksum_context algorithmrrr_is_streaming_checksum_payload0s z+CrtSigV4Auth._is_streaming_checksum_payloadc Cs|jdkrttjjtjjd}||}||t j j j |jj |jj|jjd}||rjt}n||r|r~|}qd}nt}||rt j jj}n t j jj}t j jt j jj|j||j|j||j|j|j |||j!d }|"|}t j #||} | $|%||dS)N)tzinfo) access_key_idsecret_access_key session_token) r&signature_typecredentials_providerregionservicedateshould_sign_headeruse_double_uri_encodeshould_normalize_uri_pathsigned_body_valuesigned_body_header_typeexpiration_in_seconds)&rrdatetimeutcnowreplacetimezoneutc_get_existing_sha256_modify_request_before_signingr authAwsCredentialsProvider new_static access_key secret_keytokenr'r_should_sha256_sign_payloadr!_should_add_content_sha256_headerAwsSignedBodyHeaderTypeX_AMZ_CONTENT_SHA_256NONEAwsSigningConfigAwsSigningAlgorithmZV4_SIGNATURE_TYPErr_should_sign_header_USE_DOUBLE_URI_ENCODE_SHOULD_NORMALIZE_URI_PATHr_crt_request_from_aws_requestaws_sign_requestresult_apply_signing_changes) rr$ datetime_nowexisting_sha256r-explicit_payload body_headersigning_config crt_requestfuturerrradd_auth5sJ             zCrtSigV4Auth.add_authc Cst|j}|jr|jnd}|jrlg}x2|jD]$\}}t|}||d|q0W|dd|}n|jr|d|j}t j |j }d}|j rt|j dr|j }n t|j }t j j|j|||d} | S)N/=?&seek)methodpathheaders body_stream)r urlraparamsitemsstrappendjoinqueryr http HttpHeadersrbbodyhasattrr HttpRequestr`) r aws_request url_partscrt_patharrayparamvalue crt_headerscrt_body_streamrXrrrrOns,   z*CrtSigV4Auth._crt_request_from_aws_requestcCstt|j|_dS)N)r from_pairslistrb)rrpsigned_crt_requestrrrrRsz#CrtSigV4Auth._apply_signing_changescKs |tkS)N)lowerr)rnamekwargsrrrrLsz CrtSigV4Auth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkrAwsSignatureTypeHTTP_REQUEST_HEADERSrKrMrNrr'rZrOrRrLr=r<rDrErrrrrs$ 9  rcs4eZdZdZdZddZfddZddZZS)CrtS3SigV4AuthFcCsdS)Nr)rr$rrrr<sz#CrtS3SigV4Auth._get_existing_sha256cs|jd}t|dd}|dkr$i}|dd}|dk r<|Sd}|jdi}|d}t|trx|ddkrx|d }|jd r||jkrd S|jd d rd St |S)N client_configs3rz Content-MD5rrrheaderr|rThas_streaming_inputF) r r!getattrr"r#rdrrbsuperrD)rr$r s3_config sign_payloadZchecksum_headerr%r&) __class__rrrDs$      z*CrtS3SigV4Auth._should_sha256_sign_payloadcCsdS)NTr)rrUrrrrEsz0CrtS3SigV4Auth._should_add_content_sha256_header) rrrrMrNr<rDrE __classcell__rr)rrrs  )rc@s~eZdZdZddddgZejjjZ dZ dZ ddZ dd Z d d Zd d ZddZddZddZddZddZddZdS)CrtSigV4AsymAuthTrz X-Amz-DatezX-Amz-Content-SHA256zX-Amz-Security-TokencCs||_||_||_d|_dS)N)rrrr)rrrrrrrrszCrtSigV4AsymAuth.__init__c Cs|jdkrttjjtjjd}||}||t j j j |jj |jj|jjd}||rjt}n||r|r~|}qd}nt}||rt j jj}n t j jj}t j jt j jj|j||j|j||j|j|j |||j!d }|"|}t j #||} | $|%||dS)N)r()r)r*r+) r&r,r-r.r/r0r1r2r3r4r5r6)&rrr7r8r9r:r;r<r=r r>r?r@rArBrCr'rrDrrErFrGrHrIrJZ V4_ASYMMETRICrKrrrLrMrNrrOrPrQrR) rr$rSrTr-rUrVrWrXrYrrrrZsJ             zCrtSigV4AsymAuth.add_authc Cst|j}|jr|jnd}|jrlg}x2|jD]$\}}t|}||d|q0W|dd|}n|jr|d|j}t j |j }d}|j rt|j dr|j }n t|j }t j j|j|||d} | S)Nr[r\r]r^r_)r`rarbrc)r rdrarerfrgrhrirjr rkrlrbrmrnrror`) rrprqrrrsrtrurvrwrXrrrrO3s,   z.CrtSigV4AsymAuth._crt_request_from_aws_requestcCstt|j|_dS)N)r rxryrb)rrprzrrrrRQsz'CrtSigV4AsymAuth._apply_signing_changescKs |tkS)N)r{r)rr|r}rrrrLWsz$CrtSigV4AsymAuth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkrrrrKrMrNrrZrOrRrLr=r<r'rDrErrrrrs$ 9  rcs4eZdZdZdZddZfddZddZZS)CrtS3SigV4AsymAuthFcCsdS)Nr)rr$rrrr<sz'CrtS3SigV4AsymAuth._get_existing_sha256cst|jd}t|dd}|dkr$i}|dd}|dk r<|S|jdrRd|jkrVdS|jddrhdSt|S) Nrrrrz Content-MD5TrF)r r!rrdrrbrrD)rr$rrr)rrrrDs     z.CrtS3SigV4AsymAuth._should_sha256_sign_payloadcCsdS)NTr)rrUrrrrEsz4CrtS3SigV4AsymAuth._should_add_content_sha256_header) rrrrMrNr<rDrErrr)rrr{s  $rcsFeZdZdZejjjZeffdd Z fddZ fddZ Z S)CrtSigV4AsymQueryAuthicst|||||_dS)N)rrr)rrrrexpires)rrrrszCrtSigV4AsymQueryAuth.__init__c st||jd}|dkr(|jd=t|j}t|jdd}dd|D}|j rl| t |d|_ t |}|}|d|d |d ||d f}t ||_dS) Nz content-typez0application/x-www-form-urlencoded; charset=utf-8T)keep_blank_valuescSsi|]\}}|d|qS)rr).0kvrrr szHCrtSigV4AsymQueryAuth._modify_request_before_signing..r)rr=rbr!r rdr rjrfdataupdaterrr ) rr$ content_typerqZquery_string_parts query_dictnew_query_stringp new_url_parts)rrrr=s    z4CrtSigV4AsymQueryAuth._modify_request_before_signingcsLt||t|jj}t|j}t|d|d|d||df|_dS)Nrrrr)rrRr rarjrdr )rrprz signed_queryr)rrrrRs  z,CrtSigV4AsymQueryAuth._apply_signing_changes) rrrDEFAULT_EXPIRESr r>rHTTP_REQUEST_QUERY_PARAMSrKrr=rRrrr)rrrs   *rc@s(eZdZdZdZdZddZddZdS)CrtS3SigV4AsymQueryAuthzS3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcCsdS)NFr)rr$rrrrDsz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrUrrrrEsz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerN)rrr__doc__rMrNrDrErrrrrs rcsFeZdZdZejjjZeffdd Z fddZ fddZ Z S)CrtSigV4QueryAuthicst|||||_dS)N)rrr)rrrrr)rrrr szCrtSigV4QueryAuth.__init__cst||jd}|dkr(|jd=t|j}ddt|jddD}|j rf| |j i|_ |j r| t |d|_ t |}|}|d|d |d ||d f}t||_dS) Nz content-typez0application/x-www-form-urlencoded; charset=utf-8cSsi|]\}}|d|qS)rr)rrrrrrr!szDCrtSigV4QueryAuth._modify_request_before_signing..T)rrrrrr)rr=rbr!r rdr rjrfrerrrrr )rr$rrqrrrr)rrrr=s$     z0CrtSigV4QueryAuth._modify_request_before_signingcsLt||t|jj}t|j}t|d|d|d||df|_dS)Nrrrr)rrRr rarjrdr )rrprzrr)rrrrRBs  z(CrtSigV4QueryAuth._apply_signing_changes) rrrrr r>rrrKrr=rRrrr)rrrs   0rc@s(eZdZdZdZdZddZddZdS)CrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html FcCsdS)NFr)rr$rrrrD_sz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrUrrrrEfsz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerN)rrrrrMrNrDrErrrrrSs r)Zv4zv4-queryZv4aZs3v4z s3v4-queryZs3v4az s3v4a-query)r7iorZ botocore.authrrrrrrZbotocore.compatr r r r r Zbotocore.exceptionsrZbotocore.utilsrrrrrrrrrZCRT_AUTH_TYPE_MAPSrrrrs,    72EK