Peb0ddlZddlmZddlmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZGddeZGd d eZGd d eZGd deZGddeZGddeZGddeZGddeZeeeeeeedZy)N)BytesIO)SIGNED_HEADERS_BLACKLIST"STREAMING_UNSIGNED_PAYLOAD_TRAILERUNSIGNED_PAYLOAD BaseSigner_get_body_as_dict_host_from_url) HTTPHeadersawscrtparse_qsurlsplit urlunsplit)NoCredentialsError)percent_encode_sequenceceZdZdZgdZej jjZ dZ dZ dZ dZ dZdZdZdZd Zd Zd Zd Zy ) CrtSigV4AuthT Authorizationz X-Amz-DateX-Amz-Content-SHA256zX-Amz-Security-Tokenc<||_||_||_d|_yN credentials _service_name _region_name_expiration_in_secondsselfr service_name region_names 3/usr/lib/python3/dist-packages/botocore/crt/auth.py__init__zCrtSigV4Auth.__init__*"&)'&*#c|jjdi}|jd}t|txr|jddk(SNchecksumrequest_algorithmintrailercontextget isinstancedictrrequestchecksum_context algorithms r!_is_streaming_checksum_payloadz+CrtSigV4Auth._is_streaming_checksum_payload0J"??..z2>$(()<= )T*Oy}}T/Bi/OOr$c|j ttjjj tj j }|j|}|j|tjjj|jj|jj|jj}|j!|rt"}n|j%|r|r|}n d}nt&}|j)|r%tjj*j,}n$tjj*j.}tjj1tjj2j4|j6||j8|j:||j<|j>|j@|||jB }|jE|}tjjG||} | jI|jK||yN)tzinfo) access_key_idsecret_access_key session_token) r3signature_typecredentials_providerregionservicedateshould_sign_headeruse_double_uri_encodeshould_normalize_uri_pathsigned_body_valuesigned_body_header_typeexpiration_in_seconds)&rrdatetimeutcnowreplacetimezoneutc_get_existing_sha256_modify_request_before_signingr authAwsCredentialsProvider new_static access_key secret_keytokenr4r_should_sha256_sign_payloadr!_should_add_content_sha256_headerAwsSignedBodyHeaderTypeX_AMZ_CONTENT_SHA_256NONEAwsSigningConfigAwsSigningAlgorithmV4_SIGNATURE_TYPErr_should_sign_header_USE_DOUBLE_URI_ENCODE_SHOULD_NORMALIZE_URI_PATHr_crt_request_from_aws_requestaws_sign_requestresult_apply_signing_changes rr1 datetime_nowexisting_sha256r=explicit_payload body_headersigning_config crt_requestfutures r!add_authzCrtSigV4Auth.add_auth5s    #$& & ((//199$$((: 33G< ++G4%{{AALL**55"..99**00 M   . .w 7A   - -g 6#2 #' /   1 12B C 33II !++==BBK55kk5588//!5$$&&#77"&"="=&*&E&E.$/"&"="=6  88A --k>J  ##G[9r$ct|j}|jr |jnd}|jr]g}|jj D]&\}}t |}|j |d|(|dzdj|z}n|jr|d|j}tjj|jj }d}|jr8t|jdr |j}nt|j}tjj!|j"|||} | SN/=?&seek)methodpathheaders body_streamr urlruparamsitemsstrappendjoinqueryr http HttpHeadersrvbodyhasattrr HttpRequestrt r aws_request url_partscrt_patharrayparamvalue crt_headerscrt_body_streamrjs r!r`z*CrtSigV4Auth._crt_request_from_aws_requestn6[__- %.^^9>>   E + 2 2 8 8 : 1 uE  waw/0 1 #~7H __"1Y__$56Hkk--k.A.A.G.G.IJ    {''0"-"2"2")+*:*:";kk--%%' . r$c^tjt|j|_yrr from_pairslistrvrrsigned_crt_requests r!rcz#CrtSigV4Auth._apply_signing_changes$)44 #++ , r$c .|jtvSrlowerrrnamekwargss r!r]z CrtSigV4Auth._should_sign_headerzz|#;;;r$c|jD]}||jvs|j|= d|jvr#t|j|jd<yyNhost_PRESIGNED_HEADERS_BLOCKLISTrvr ryrr1hs r!rMz+CrtSigV4Auth._modify_request_before_signing[22 'AGOO#OOA& '  (&4W[[&AGOOF # )r$c8|jjdSNrrvr-rr1s r!rLz!CrtSigV4Auth._get_existing_sha256""#9::r$cr|jjdsy|jjddSNhttpsTpayload_signing_enabledry startswithr,r-rs r!rTz(CrtSigV4Auth._should_sha256_sign_payload1{{%%g. ""#E  #  ("??..z2>$(()<= i &9==+>(+J'/O &&w/goo5 ??  4e <w27;;r$cyNTrrs r!rUz0CrtS3SigV4Auth._should_add_content_sha256_headerrr$ rrrr^r_rLrTrU __classcell__rs@r!rrs"!&'|j@|||jB }|jE|}tjjG||} | jI|jK||yr7)&rrrGrHrIrJrKrLrMr rNrOrPrQrRrSr4rrTrrUrVrWrXrYrZ V4_ASYMMETRICr\rrr]r^r_rr`rarbrcrds r!rlzCrtSigV4AsymAuth.add_auths    #$& & ((//199$$((: 33G< ++G4%{{AALL**55"..99**00 M   . .w 7A   - -g 6#2 #' /   1 12B C 33II !++==BBK55kk55CC//!5$$&&#77"&"="=&*&E&E.$/"&"="=6  88A --k>J  ##G[9r$ct|j}|jr |jnd}|jr]g}|jj D]&\}}t |}|j |d|(|dzdj|z}n|jr|d|j}tjj|jj }d}|jr8t|jdr |j}nt|j}tjj!|j"|||} | Srnrxrs r!r`z.CrtSigV4AsymAuth._crt_request_from_aws_request3rr$c^tjt|j|_yrrrs r!rcz'CrtSigV4AsymAuth._apply_signing_changesQrr$c .|jtvSrrrs r!r]z$CrtSigV4AsymAuth._should_sign_headerWrr$c|jD]}||jvs|j|= d|jvr#t|j|jd<yyrrrs r!rMz/CrtSigV4AsymAuth._modify_request_before_signingZrr$c8|jjdSrrrs r!rLz%CrtSigV4AsymAuth._get_existing_sha256drr$c|jjdi}|jd}t|txr|jddk(Sr&r+r0s r!r4z/CrtSigV4AsymAuth._is_streaming_checksum_payloadgr5r$cr|jjdsy|jjddSrrrs r!rTz,CrtSigV4AsymAuth._should_sha256_sign_payloadlrr$c |duSrrrs r!rUz2CrtSigV4AsymAuth._should_add_content_sha256_headervrr$N)rrrrrr rNrrr\r^r_r"rlr`rcr]rMrLr4rTrUrr$r!rrshO$ kk22GGO!!%+ 7:r< <B;P D,r$rc2eZdZdZdZdZfdZdZxZS)CrtS3SigV4AsymAuthFcyrrrs r!rLz'CrtS3SigV4AsymAuth._get_existing_sha256rr$c4|jjd}t|dd}|i}|jdd}||S|jj drd|j vry|jjddryt ||S) NrrrrrTrF)r,r-rryrrvrrT)rr1rrrrs r!rTz.CrtS3SigV4AsymAuth._should_sha256_sign_payloads ++O< M46   I!}}%>E  #  &&w/GOO3 ??  4e <w27;;r$cyrrrs r!rUz4CrtS3SigV4AsymAuth._should_add_content_sha256_headerrr$rrs@r!rr{s"!&": M M/W[[) &iooN*<*B*B*DE$!Qa1gE E <<   /8 9GL2:> 1qtQqT+;QqTB  / 1Fs=C.ct|||t|jj}t|j }t |d|d|d||df|_yNrrrrrrcr rurryrrrr signed_queryrrs r!rcz,CrtSigV4AsymQueryAuth._apply_signing_changesa &{4FG 2 7 78>> [__ %%adAaD!A$ ad%KL r$ rrrDEFAULT_EXPIRESr rNrHTTP_REQUEST_QUERY_PARAMSr\r"rMrcrrs@r!rrs:Okk22LLO?N. (0TMMr$rc$eZdZdZdZdZdZdZy)CrtS3SigV4AsymQueryAuthzS3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcyNFrrs r!rTz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payload r$cyrrrs r!rUz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerr$Nrrr__doc__r^r_rTrUrr$r!rrs #!&r$rczeZdZdZej j jZeffd Z fdZ fdZ xZ S)CrtSigV4QueryAuthrc6t||||||_yrrrs r!r"zCrtSigV4QueryAuth.__init__ rr$c@t |||jjd}|dk(r |jd=t |j }t |jdjDcic] \}}||d }}}|jr"|j|ji|_ |jr!|jt|d|_ t|}|}|d|d|d||d f} t| |_ycc}}wr)rrMrvr-r ryr rr{rzrrrrr) rr1rrrrrrrrrs r!rMz0CrtSigV4QueryAuth._modify_request_before_signings .w7**>: M M/W[[) !4eg  1 qtG  >>   gnn -GN <<   /8 9GL2:> 1qtQqT+;QqTB  / ? s;Dct|||t|jj}t|j }t |d|d|d||df|_yrrrs r!rcz(CrtSigV4QueryAuth._apply_signing_changesBrr$rrs@r!rrs:Okk22LLO?N. .0`MMr$rc$eZdZdZdZdZdZdZy)CrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html Fcyrrrs r!rTz/CrtS3SigV4QueryAuth._should_sha256_sign_payload_rr$cyrrrs r!rUz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerfr r$Nr rr$r!rrSs#!&r$r)v4zv4-queryv4as3v4z s3v4-querys3v4az s3v4a-query)rGior botocore.authrrrrrr botocore.compatr r r r rbotocore.exceptionsrbotocore.utilsrrrrrrrrrCRT_AUTH_TYPE_MAPSrr$r!r sPO22P,:P,f4\4nP,zP,f/)/dBM,BMJ3,HM HMV+6 !  % *r$