o Vfb@sddlZddlmZddlmZmZmZmZmZm Z ddl m Z m Z m Z mZmZddlmZddlmZGdddeZGd d d eZGd d d eZGd ddeZGdddeZGdddeZGdddeZGdddeZeeeeeeedZdS)N)BytesIO)SIGNED_HEADERS_BLACKLIST"STREAMING_UNSIGNED_PAYLOAD_TRAILERUNSIGNED_PAYLOAD BaseSigner_get_body_as_dict_host_from_url) HTTPHeadersawscrtparse_qsurlsplit urlunsplit)NoCredentialsError)percent_encode_sequencec@zeZdZdZgdZejjjZ dZ dZ ddZ ddZ ddZd d Zd d Zd dZddZddZddZddZdS) CrtSigV4AuthT Authorizationz X-Amz-DateX-Amz-Content-SHA256zX-Amz-Security-TokencC||_||_||_d|_dSN credentials _service_name _region_name_expiration_in_secondsselfr service_name region_namer R/home/ubuntu/oakencloud.com/venv/lib/python3.10/site-packages/botocore/crt/auth.py__init__* zCrtSigV4Auth.__init__cC0|jdi}|d}t|to|ddkSNchecksumrequest_algorithmintrailercontextget isinstancedictrrequestchecksum_context algorithmr r r!_is_streaming_checksum_payload0 z+CrtSigV4Auth._is_streaming_checksum_payloadc C|jdurttjjtjjd}||}||t j j j |jj |jj|jjd}||r5t}n||rB|r?|}nd}nt}||rOt j jj}nt j jj}t j jt j jj|j||j|j||j|j|j |||j!d }|"|}t j #||} | $|%||dSN)tzinfo) access_key_idsecret_access_key session_token) r2signature_typecredentials_providerregionservicedateshould_sign_headeruse_double_uri_encodeshould_normalize_uri_pathsigned_body_valuesigned_body_header_typeexpiration_in_seconds)&rrdatetimeutcnowreplacetimezoneutc_get_existing_sha256_modify_request_before_signingr authAwsCredentialsProvider new_static access_key secret_keytokenr3r_should_sha256_sign_payloadr!_should_add_content_sha256_headerAwsSignedBodyHeaderTypeX_AMZ_CONTENT_SHA_256NONEAwsSigningConfigAwsSigningAlgorithmV4_SIGNATURE_TYPErr_should_sign_header_USE_DOUBLE_URI_ENCODE_SHOULD_NORMALIZE_URI_PATHr_crt_request_from_aws_requestaws_sign_requestresult_apply_signing_changes rr0 datetime_nowexisting_sha256r<explicit_payload body_headersigning_config crt_requestfuturer r r!add_auth5R         zCrtSigV4Auth.add_authc Ct|j}|jr |jnd}|jr4g}|jD]\}}t|}||d|q|dd|}n |jr?|d|j}t j |j }d}|j r\t|j drW|j }nt|j }t j j|j|||d} | SN/=?&seek)methodpathheaders body_streamr urlruparamsitemsstrappendjoinqueryr http HttpHeadersrvbodyhasattrr HttpRequestrt r aws_request url_partscrt_patharrayparamvalue crt_headerscrt_body_streamrir r r!r_n.   z*CrtSigV4Auth._crt_request_from_aws_requestcCtt|j|_dSrr from_pairslistrvrrsigned_crt_requestr r r!rb z#CrtSigV4Auth._apply_signing_changescK |tvSrlowerrrnamekwargsr r r!r\ z CrtSigV4Auth._should_sign_headercC@|jD] }||jvr|j|=qd|jvrt|j|jd<dSdSNhost_PRESIGNED_HEADERS_BLOCKLISTrvrryrr0hr r r!rL   z+CrtSigV4Auth._modify_request_before_signingcC |jdSNrrvr,rr0r r r!rKrz!CrtSigV4Auth._get_existing_sha256cC|jdsdS|jddSNhttpsTpayload_signing_enabledry startswithr+r,rr r r!rS z(CrtSigV4Auth._should_sha256_sign_payloadcC|duSrr rrfr r r!rTz.CrtSigV4Auth._should_add_content_sha256_headerN)__name__ __module__ __qualname__REQUIRES_REGIONrr rMAwsSignatureTypeHTTP_REQUEST_HEADERSr[r]r^r"r3rkr_rbr\rLrKrSrTr r r r!rs  9  rc4eZdZdZdZddZfddZddZZS)CrtS3SigV4AuthFcCdSrr rr r r!rKz#CrtS3SigV4Auth._get_existing_sha256cs|jd}t|dd}|duri}|dd}|dur|Sd}|jdi}|d}t|tr<|ddkr<|d }|jd rG||jvrId S|jd d rRd St |S)N client_configs3r Content-MD5r&r'r(headerrrThas_streaming_inputF) r+r,getattrr-r.ryrrvsuperrS)rr0r s3_config sign_payloadchecksum_headerr1r2 __class__r r!rSs&       z*CrtS3SigV4Auth._should_sha256_sign_payloadcCdSNTr rr r r!rTrz0CrtS3SigV4Auth._should_add_content_sha256_header rrrr]r^rKrSrT __classcell__r r rr!rs  )rc@r)CrtSigV4AsymAuthTrcCrrrrr r r!r"r#zCrtSigV4AsymAuth.__init__c Cr5r6)&rrrFrGrHrIrJrKrLr rMrNrOrPrQrRr3rrSrrTrUrVrWrXrY V4_ASYMMETRICr[rrr\r]r^rr_r`rarbrcr r r!rkrlzCrtSigV4AsymAuth.add_authc Crmrnrxrr r r!r_3rz.CrtSigV4AsymAuth._crt_request_from_aws_requestcCrrrrr r r!rbQrz'CrtSigV4AsymAuth._apply_signing_changescKrrrrr r r!r\Wrz$CrtSigV4AsymAuth._should_sign_headercCrrrrr r r!rLZrz/CrtSigV4AsymAuth._modify_request_before_signingcCrrrrr r r!rKdrz%CrtSigV4AsymAuth._get_existing_sha256cCr$r%r*r/r r r!r3gr4z/CrtSigV4AsymAuth._is_streaming_checksum_payloadcCrrrrr r r!rSlrz,CrtSigV4AsymAuth._should_sha256_sign_payloadcCrrr rr r r!rTvrz2CrtSigV4AsymAuth._should_add_content_sha256_headerN)rrrrrr rMrrr[r]r^r"rkr_rbr\rLrKr3rSrTr r r r!rs  9  rcr)CrtS3SigV4AsymAuthFcCrrr rr r r!rKrz'CrtS3SigV4AsymAuth._get_existing_sha256cst|jd}t|dd}|duri}|dd}|dur|S|jdr)d|jvr+dS|jddr4dSt|S) NrrrrrTrF)r+r,rryrrvrrS)rr0rrrrr r!rSs      z.CrtS3SigV4AsymAuth._should_sha256_sign_payloadcCrrr rr r r!rTrz4CrtS3SigV4AsymAuth._should_add_content_sha256_headerrr r rr!r{s  $rcFeZdZdZejjjZeffdd Z fddZ fddZ Z S)CrtSigV4AsymQueryAuthct|||||_dSrrr"rrrrrexpiresrr r!r" zCrtSigV4AsymQueryAuth.__init__c st||jd}|dkr|jd=t|j}t|jdd}dd|D}|j r6| t |d|_ t |}|}|d|d |d ||d f}t ||_dS) N content-type0application/x-www-form-urlencoded; charset=utf-8Tkeep_blank_valuescSi|] \}}||dqSrr .0kvr r r! szHCrtSigV4AsymQueryAuth._modify_request_before_signing..r)rrLrvr,r ryr rr{dataupdaterrr ) rr0 content_typerquery_string_parts query_dictnew_query_stringp new_url_partsrr r!rLs    z4CrtSigV4AsymQueryAuth._modify_request_before_signingcLt||t|jj}t|j}t|d|d|d||df|_dSNrrrrrrbr rurryr rrr signed_queryrrr r!rb  ( z,CrtSigV4AsymQueryAuth._apply_signing_changes rrrDEFAULT_EXPIRESr rMrHTTP_REQUEST_QUERY_PARAMSr[r"rLrbrr r rr!rs  *rc@(eZdZdZdZdZddZddZdS)CrtS3SigV4AsymQueryAuthzS3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. FcCrNFr rr r r!rSz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCrrr rr r r!rTrz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerNrrr__doc__r]r^rSrTr r r r!rs  rcr)CrtSigV4QueryAuthrcrrrrrr r!r" rzCrtSigV4QueryAuth.__init__cst||jd}|dkr|jd=t|j}ddt|jddD}|j r3| |j i|_ |j r@| t |d|_ t |}|}|d|d |d ||d f}t||_dS) NrrcSrrr rr r r!r!szDCrtSigV4QueryAuth._modify_request_before_signing..Trrrrrr)rrLrvr,r ryr rr{rzrrrrr )rr0rrrrrrrr r!rLs*     z0CrtSigV4QueryAuth._modify_request_before_signingcrrrrrr r!rbBrz(CrtSigV4QueryAuth._apply_signing_changesrr r rr!rs  0rc@r)CrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html FcCrrr rr r r!rS_rz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCrrr rr r r!rTfrz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerNrr r r r!rSs  r)v4zv4-queryv4as3v4z s3v4-querys3v4az s3v4a-query)rFior botocore.authrrrrrrbotocore.compatr r r r r botocore.exceptionsrbotocore.utilsrrrrrrrrrCRT_AUTH_TYPE_MAPSr r r r!s0    72EK