HEX

File: //opt/alt/python37/lib/python3.7/site-packages/botocore/__pycache__/auth.cpython-37.pyc
B

�P�e��@s\ddlZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZddlm
Z
mZddlmZddlmZmZmZmZmZmZmZmZmZddlmZmZddlmZm Z m!Z!dd	lm"Z"e�#e$�Z%d
Z&dZ'dZ(d
Z)dddgZ*dZ+dZ,dd�Z-dd�Z.Gdd�d�Z/Gdd�de/�Z0Gdd�de/�Z1Gdd�de/�Z2Gdd �d e/�Z3Gd!d"�d"e3�Z4Gd#d$�d$e4�Z5Gd%d&�d&e5�Z6Gd'd(�d(e5�Z7Gd)d*�d*e3�Z8Gd+d,�d,e8�Z9Gd-d.�d.e3�Z:Gd/d0�d0e/�Z;Gd1d2�d2e;�Z<Gd3d4�d4e;�Z=Gd5d6�d6e0�Z>e1e2e2e;e<e=e:e5e7e6e>d7�Z?e�rDdd8l@mAZAe?�BeA�ne?�Be3e8e4e9d9��dS):�N)�Mapping)�
formatdate)�sha1�sha256)�
itemgetter)	�HAS_CRT�HTTPHeaders�encodebytes�ensure_unicode�parse_qs�quote�unquote�urlsplit�
urlunsplit)�NoAuthTokenError�NoCredentialsError)�is_valid_ipv6_endpoint_url�normalize_url_path�percent_encode_sequence)�
MD5_AVAILABLEZ@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ�expectz
user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCsZt|�}|j}t|�r"d|�d�}ddd�}|jdk	rV|j|�|j�krVd||jf}|S)N�[�]�Pi�)�http�httpsz%s:%d)r�hostnamer�port�get�scheme)�url�	url_parts�hostZ
default_ports�r#�>/opt/alt/python37/lib/python3.7/site-packages/botocore/auth.py�_host_from_urlFs
r%cCs:|j}t|t�r"t�|�d��}nt|t�r6t�|�}|S)Nzutf-8)�data�
isinstance�bytes�json�loads�decode�str)�requestr&r#r#r$�_get_body_as_dictYs


r.c@seZdZdZdZdd�ZdS)�
BaseSignerFcCstd��dS)N�add_auth)�NotImplementedError)�selfr-r#r#r$r0jszBaseSigner.add_authN)�__name__�
__module__�__qualname__�REQUIRES_REGION�REQUIRES_TOKENr0r#r#r#r$r/fsr/c@seZdZdZdd�ZdS)�TokenSignerTcCs
||_dS)N)�
auth_token)r2r9r#r#r$�__init__tszTokenSigner.__init__N)r3r4r5r7r:r#r#r#r$r8nsr8c@s(eZdZdZdd�Zdd�Zdd�ZdS)	�	SigV2Authz+
    Sign a request with Signature V2.
    cCs
||_dS)N)�credentials)r2r<r#r#r$r:}szSigV2Auth.__init__cCst�d�t|j�}|j}t|�dkr*d}|j�d|j�d|�d�}tj	|j
j�d�t
d�}g}x^t|�D]R}|dkrxqjt||�}	t|�d�dd	�}
t|	�d�d
d	�}|�|
�d|���qjWd�|�}||7}t�d
|�|�|�d��t�|������d�}
||
fS)Nz$Calculating signature using v2 auth.r�/�
zutf-8)�	digestmod�	Signature�)�safez-_~�=�&zString to sign: %s)�logger�debugrr �path�len�method�netloc�hmac�newr<�
secret_key�encoder�sortedr,r�append�join�update�base64�	b64encode�digest�stripr+)r2r-�params�splitrG�string_to_signZlhmac�pairs�key�valueZ
quoted_keyZquoted_value�qsZb64r#r#r$�calc_signature�s,


zSigV2Auth.calc_signaturecCs�|jdkrt��|jr|j}n|j}|jj|d<d|d<d|d<t�tt���|d<|jj	rh|jj	|d<|�
||�\}}||d<|S)	N�AWSAccessKeyId�2ZSignatureVersionZ
HmacSHA256ZSignatureMethod�	TimestampZ
SecurityTokenr@)r<rr&rW�
access_key�time�strftime�ISO8601�gmtime�tokenr^)r2r-rWr]�	signaturer#r#r$r0�s
zSigV2Auth.add_authN)r3r4r5�__doc__r:r^r0r#r#r#r$r;xsr;c@seZdZdd�Zdd�ZdS)�	SigV3AuthcCs
||_dS)N)r<)r2r<r#r#r$r:�szSigV3Auth.__init__cCs�|jdkrt��d|jkr"|jd=tdd�|jd<|jjrZd|jkrL|jd=|jj|jd<tj|jj�d�t	d�}|�
|jd�d��t|����
�}d|jj�d|�d���}d	|jkr�|jd	=||jd	<dS)
N�DateT)�usegmtzX-Amz-Security-Tokenzutf-8)r?zAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)r<r�headersrrgrKrLrMrNrrRr	rUrVrbr+)r2r-�new_hmacZencoded_signaturerhr#r#r$r0�s"



zSigV3Auth.add_authN)r3r4r5r:r0r#r#r#r$rj�srjc@s�eZdZdZdZdd�Zd1dd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)2�	SigV4Authz+
    Sign a request with Signature V4.
    TcCs||_||_||_dS)N)r<�_region_name�
_service_name)r2r<�service_name�region_namer#r#r$r:�szSigV4Auth.__init__FcCs:|rt�||�d�t���}nt�||�d�t���}|S)Nzutf-8)rKrLrNr�	hexdigestrU)r2r[�msg�hex�sigr#r#r$�_sign�szSigV4Auth._signcCsPt�}x.|j��D] \}}|��}|tkr|||<qWd|krLt|j�|d<|S)zk
        Select the headers from the request that need to be included
        in the StringToSign.
        r")rrm�items�lower�SIGNED_HEADERS_BLACKLISTr%r )r2r-Z
header_map�namer\�lnamer#r#r$�headers_to_sign�szSigV4Auth.headers_to_signcCs&|jr|�|j�S|�t|j��SdS)N)rW�_canonical_query_string_params�_canonical_query_string_urlrr )r2r-r#r#r$�canonical_query_string�sz SigV4Auth.canonical_query_stringcCs�g}t|t�r|��}x2|D]*\}}|�t|dd�tt|�dd�f�qWg}x(t|�D]\}}|�|�d|���qXWd�|�}|S)Nz-_.~)rBrCrD)r'rryrPrr,rOrQ)r2rW�
key_val_pairsr[r\�sorted_key_valsr�r#r#r$rs
"
z(SigV4Auth._canonical_query_string_paramsc	Cs~d}|jrzg}x2|j�d�D]"}|�d�\}}}|�||f�qWg}x(t|�D]\}}|�|�d|���qPWd�|�}|S)NrArDrC)�queryrX�	partitionrPrOrQ)	r2�partsr�r��pairr[�_r\r�r#r#r$r�s
z%SigV4Auth._canonical_query_string_urlcs^g}tt|��}xB|D]:}d��fdd�|�|�D��}|�|�dt|����qWd�|�S)a

        Return the headers that need to be included in the StringToSign
        in their canonical form by converting all header keys to lower
        case, sorting them in alphabetical order and then joining
        them into a string, separated by newlines.
        �,c3s|]}��|�VqdS)N)�
_header_value)�.0�v)r2r#r$�	<genexpr>-sz.SigV4Auth.canonical_headers.<locals>.<genexpr>�:r>)rO�setrQ�get_allrPr
)r2r~rmZsorted_header_namesr[r\r#)r2r$�canonical_headers"s
zSigV4Auth.canonical_headerscCsd�|���S)N� )rQrX)r2r\r#r#r$r�2szSigV4Auth._header_valuecCs tdd�t|�D��}d�|�S)Ncss|]}|����VqdS)N)rzrV)r��nr#r#r$r�;sz+SigV4Auth.signed_headers.<locals>.<genexpr>�;)rOr�rQ)r2r~rmr#r#r$�signed_headers:szSigV4Auth.signed_headerscCs0|j�di�}|�d�}t|t�o.|�d�dkS)N�checksum�request_algorithm�in�trailer)�contextrr'�dict)r2r-�checksum_context�	algorithmr#r#r$�_is_streaming_checksum_payload>s
z(SigV4Auth._is_streaming_checksum_payloadcCs�|�|�rtS|�|�stS|j}|r�t|d�r�|��}t�|j	t
�}t�}xt|d�D]}|�
|�qXW|��}|�|�|S|r�t|���StSdS)N�seek�)r��"STREAMING_UNSIGNED_PAYLOAD_TRAILER�_should_sha256_sign_payload�UNSIGNED_PAYLOAD�body�hasattr�tell�	functools�partial�read�PAYLOAD_BUFFERr�iterrRrtr��EMPTY_SHA256_HASH)r2r-�request_body�positionZread_chunksizer��chunkZhex_checksumr#r#r$�payloadCs$



zSigV4Auth.payloadcCs|j�d�sdS|j�dd�S)NrT�payload_signing_enabled)r �
startswithr�r)r2r-r#r#r$r�]sz%SigV4Auth._should_sha256_sign_payloadcCs�|j��g}|�t|j�j�}|�|�|�|�|��|�|�}|�|�	|�d�|�|�
|��d|jkr||jd}n
|�|�}|�|�d�
|�S)Nr>zX-Amz-Content-SHA256)rI�upper�_normalize_url_pathrr rGrPr�r~r�r�rmr�rQ)r2r-�crrGr~Z
body_checksumr#r#r$�canonical_requestgs




zSigV4Auth.canonical_requestcCstt|�dd�}|S)Nz/~)rB)rr)r2rGZnormalized_pathr#r#r$r�vszSigV4Auth._normalize_url_pathcCsN|jjg}|�|jddd��|�|j�|�|j�|�d�d�|�S)N�	timestampr��aws4_requestr=)r<rbrPr�rprqrQ)r2r-�scoper#r#r$r�zs

zSigV4Auth.scopecCsHg}|�|jddd��|�|j�|�|j�|�d�d�|�S)Nr�rr�r�r=)rPr�rprqrQ)r2r-r�r#r#r$�credential_scope�s
zSigV4Auth.credential_scopecCsHdg}|�|jd�|�|�|��|�t|�d�����d�|�S)z�
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        zAWS4-HMAC-SHA256r�zutf-8r>)rPr�r�rrNrtrQ)r2r-r��stsr#r#r$rY�s
zSigV4Auth.string_to_signcCsd|jj}|�d|����|jddd��}|�||j�}|�||j�}|�|d�}|j||dd�S)NZAWS4r�rr�r�T)rv)r<rMrxrNr�rprq)r2rYr-r[Zk_dateZk_regionZ	k_serviceZ	k_signingr#r#r$rh�s zSigV4Auth.signaturecCs�|jdkrt��tj��}|�t�|jd<|�|�|�|�}t	�
d�t	�
d|�|�||�}t	�
d|�|�||�}t	�
d|�|�
||�dS)Nr�z$Calculating signature using v4 auth.zCanonicalRequest:
%szStringToSign:
%sz
Signature:
%s)r<r�datetime�utcnowrd�SIGV4_TIMESTAMPr��_modify_request_before_signingr�rErFrYrh�_inject_signature_to_request)r2r-�datetime_nowr�rYrhr#r#r$r0�s




zSigV4Auth.add_authcCsRd|�|�g}|�|�}|�d|�|����|�d|�d�|�|jd<|S)NzAWS4-HMAC-SHA256 Credential=%szSignedHeaders=zSignature=%sz, �
Authorization)r�r~rPr�rQrm)r2r-rh�auth_strr~r#r#r$r��s
z&SigV4Auth._inject_signature_to_requestcCsrd|jkr|jd=|�|�|jjrDd|jkr6|jd=|jj|jd<|j�dd�snd|jkrd|jd=t|jd<dS)Nr�zX-Amz-Security-Tokenr�TzX-Amz-Content-SHA256)rm�_set_necessary_date_headersr<rgr�rr�)r2r-r#r#r$r��s



z(SigV4Auth._modify_request_before_signingcCs|d|jkrV|jd=tj�|jdt�}ttt�|�	����|jd<d|jkrx|jd=n"d|jkrh|jd=|jd|jd<dS)Nrkr�z
X-Amz-Date)
rmr��strptimer�r�r�int�calendar�timegm�	timetuple)r2r-Zdatetime_timestampr#r#r$r��s



z%SigV4Auth._set_necessary_date_headersN)F)r3r4r5rir6r:rxr~r�rr�r�r�r�r�r�r�r�r�r�r�rYrhr0r�r�r�r#r#r#r$ro�s0




rocs0eZdZ�fdd�Z�fdd�Zdd�Z�ZS)�S3SigV4Authcs2t��|�d|jkr|jd=|�|�|jd<dS)NzX-Amz-Content-SHA256)�superr�rmr�)r2r-)�	__class__r#r$r��s
z*S3SigV4Auth._modify_request_before_signingcs�|j�d�}t|dd�}|dkr$i}|�dd�}|dk	r<|Sd}|j�di�}|�d�}t|t�rx|�d�dkrx|d	}|j�d
�r�||jkr�dS|j�dd
�r�d
St��	|�S)N�
client_config�s3r�zContent-MD5r�r�r��headerr|rTZhas_streaming_inputF)
r�r�getattrr'r�r r�rmr�r�)r2r-r�Z	s3_configZsign_payloadZchecksum_headerr�r�)r�r#r$r��s$

z'S3SigV4Auth._should_sha256_sign_payloadcCs|S)Nr#)r2rGr#r#r$r�szS3SigV4Auth._normalize_url_path)r3r4r5r�r�r��
__classcell__r#r#)r�r$r��s)r�cs8eZdZdZ�fdd�Z�fdd�Z�fdd�Z�ZS)�
S3ExpressAuthTcst��|||�||_dS)N)r�r:Z_identity_cache)r2r<rrrs�identity_cache)r�r#r$r:szS3ExpressAuth.__init__cst��|�dS)N)r�r0)r2r-)r�r#r$r0szS3ExpressAuth.add_authcs:t��|�d|jkr$|jj|jd<d|jkr6|jd=dS)Nzx-amz-s3session-tokenzX-Amz-Security-Token)r�r�rmr<rg)r2r-)r�r#r$r� s


z,S3ExpressAuth._modify_request_before_signing)r3r4r5�REQUIRES_IDENTITY_CACHEr:r0r�r�r#r#)r�r$r�sr�c@seZdZdZdd�ZdS)�S3ExpressPostAuthTcCsPtj��}|�t�|jd<i}|j�dd�dk	r:|jd}i}g}|j�dd�dk	rv|jd}|�dd�dk	rv|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dk	�r|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr�zs3-presign-post-fieldszs3-presign-post-policy�
conditionszAWS4-HMAC-SHA256zx-amz-algorithmzx-amz-credentialz
x-amz-datezX-Amz-S3session-Tokenzutf-8�policyzx-amz-signature)r�r�rdr�r�rr�rPr<rgrSrTr)�dumpsrNr+rh)r2r-r��fieldsr�r�r#r#r$r0,s8




zS3ExpressPostAuth.add_authN)r3r4r5r�r0r#r#r#r$r�)sr�csJeZdZdZdZed��fdd�
Zdd�Zdd	�Zd
d�Zdd
�Z	�Z
S)�S3ExpressQueryAuthi,T)�expirescst�j||||d�||_dS)N)r�)r�r:�_expires)r2r<rrrsr�r�)r�r#r$r:Zs	zS3ExpressQueryAuth.__init__c
Cs|j�d�}d}||kr |jd=|�|�|��}d|�|�|jd|j|d�}|jjdk	rf|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jr�|�|j�i|_d}	|jr�|�t|��d|_|r�t|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)Nzcontent-typez0application/x-www-form-urlencoded; charset=utf-8zAWS4-HMAC-SHA256r�)zX-Amz-AlgorithmzX-Amz-Credentialz
X-Amz-Datez
X-Amz-ExpireszX-Amz-SignedHeaderszX-Amz-S3session-TokenT)�keep_blank_valuescSsi|]\}}|d|�qS)rr#)r��kr�r#r#r$�
<dictcomp>�szES3ExpressQueryAuth._modify_request_before_signing.<locals>.<dictcomp>rArDr���)rmrr�r~r�r�r�r<rgrr rr�ryrWrRr&r.rr)
r2r-�content_typeZblocklisted_content_typer��auth_paramsr!�query_string_parts�
query_dict�operation_params�new_query_string�p�
new_url_partsr#r#r$r�ks8

z1S3ExpressQueryAuth._modify_request_before_signingcCs|jd|7_dS)Nz&X-Amz-Signature=%s)r )r2r-rhr#r#r$r��sz/S3ExpressQueryAuth._inject_signature_to_requestcCs|S)Nr#)r2rGr#r#r$r��sz&S3ExpressQueryAuth._normalize_url_pathcCstS)N)r�)r2r-r#r#r$r��szS3ExpressQueryAuth.payload)r3r4r5�DEFAULT_EXPIRESr�r:r�r�r�r�r�r#r#)r�r$r�Vs	
Ar�cs4eZdZdZef�fdd�	Zdd�Zdd�Z�ZS)�SigV4QueryAuthicst��|||�||_dS)N)r�r:r�)r2r<rrrsr�)r�r#r$r:�szSigV4QueryAuth.__init__c
Cs|j�d�}d}||kr |jd=|�|�|��}d|�|�|jd|j|d�}|jjdk	rf|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jr�|�|j�i|_d}	|jr�|�t|��d|_|r�t|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)Nzcontent-typez0application/x-www-form-urlencoded; charset=utf-8zAWS4-HMAC-SHA256r�)zX-Amz-AlgorithmzX-Amz-Credentialz
X-Amz-Datez
X-Amz-ExpireszX-Amz-SignedHeaderszX-Amz-Security-TokenT)r�cSsi|]\}}|d|�qS)rr#)r�r�r�r#r#r$r��szASigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>rArDrr�r�r�)rmrr�r~r�r�r�r<rgrr rr�ryrWrRr&r.rr)
r2r-r�Zblacklisted_content_typer�r�r!r�r�r�r�r�r�r#r#r$r��s8

z-SigV4QueryAuth._modify_request_before_signingcCs|jd|7_dS)Nz&X-Amz-Signature=%s)r )r2r-rhr#r#r$r�sz+SigV4QueryAuth._inject_signature_to_request)r3r4r5r�r:r�r�r�r#r#)r�r$r��sAr�c@s eZdZdZdd�Zdd�ZdS)�S3SigV4QueryAuthaS3 SigV4 auth using query parameters.

    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.

    Based off of:

    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

    cCs|S)Nr#)r2rGr#r#r$r�sz$S3SigV4QueryAuth._normalize_url_pathcCstS)N)r�)r2r-r#r#r$r�szS3SigV4QueryAuth.payloadN)r3r4r5rir�r�r#r#r#r$r�s
r�c@seZdZdZdd�ZdS)�S3SigV4PostAuthz�
    Presigns a s3 post

    Implementation doc here:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
    cCsPtj��}|�t�|jd<i}|j�dd�dk	r:|jd}i}g}|j�dd�dk	rv|jd}|�dd�dk	rv|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dk	�r|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr�zs3-presign-post-fieldszs3-presign-post-policyr�zAWS4-HMAC-SHA256zx-amz-algorithmzx-amz-credentialz
x-amz-datezx-amz-security-tokenzutf-8r�zx-amz-signature)r�r�rdr�r�rr�rPr<rgrSrTr)r�rNr+rh)r2r-r�r�r�r�r#r#r$r0/s6




zS3SigV4PostAuth.add_authN)r3r4r5rir0r#r#r#r$r�'sr�c$@s�eZdZddddddddd	d
ddd
ddddddddddddddddd	ddd d!d"d#g$Zd;d%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd<d/d0�Z	d=d1d2�Z
d>d3d4�Zd5d6�Zd7d8�Z
d9d:�Zd$S)?�
HmacV1AuthZ
accelerateZaclZcorsZdefaultObjectAcl�location�loggingZ
partNumberr�ZrequestPaymentZtorrentZ
versioningZ	versionId�versionsZwebsiteZuploadsZuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encoding�deleteZ	lifecycleZtagging�restoreZstorageClassZnotificationZreplicationZ	analyticsZmetricsZ	inventory�selectzselect-typezobject-lockNcCs
||_dS)N)r<)r2r<rrrsr#r#r$r:�szHmacV1Auth.__init__cCs>tj|jj�d�td�}|�|�d��t|����	��
d�S)Nzutf-8)r?)rKrLr<rMrNrrRr	rUrVr+)r2rYrnr#r#r$�sign_string�szHmacV1Auth.sign_stringcCs�dddg}g}d|kr|d=|��|d<x^|D]V}d}x>|D]6}|��}||dk	r<||kr<|�||���d}q<W|s.|�d�q.Wd�|�S)	Nzcontent-md5zcontent-type�daterkFTrAr>)�	_get_daterzrPrVrQ)r2rmZinteresting_headers�hoiZih�foundr[�lkr#r#r$�canonical_standard_headers�s


z%HmacV1Auth.canonical_standard_headerscCs�g}i}xH|D]@}|��}||dk	r|�d�rd�dd�|�|�D��||<qWt|���}x$|D]}|�|�d||���qdWd�|�S)Nzx-amz-r�css|]}|��VqdS)N)rV)r�r�r#r#r$r��sz6HmacV1Auth.canonical_custom_headers.<locals>.<genexpr>r�r>)rzr�rQr�rO�keysrP)r2rmr��custom_headersr[r�Zsorted_header_keysr#r#r$�canonical_custom_headers�s


z#HmacV1Auth.canonical_custom_headerscCs(t|�dkr|S|dt|d�fSdS)z(
        TODO: Do we need this?
        r�rN)rHr
)r2�nvr#r#r$�	unquote_v�szHmacV1Auth.unquote_vcs�|dk	r|}n|j}|jr�|j�d�}dd�|D�}�fdd�|D�}t|�dkr�|jtd�d�dd�|D�}|d7}|d�|�7}|S)	NrDcSsg|]}|�dd��qS)rCr�)rX)r��ar#r#r$�
<listcomp>�sz1HmacV1Auth.canonical_resource.<locals>.<listcomp>cs$g|]}|d�jkr��|��qS)r)�
QSAOfInterestr)r�r)r2r#r$r�sr)r[cSsg|]}d�|��qS)rC)rQ)r�rr#r#r$r�s�?)rGr�rXrH�sortrrQ)r2rX�	auth_path�bufZqsar#)r2r$�canonical_resource�s	zHmacV1Auth.canonical_resourcecCsN|��d}||�|�d7}|�|�}|r8||d7}||j||d�7}|S)Nr>)r)r�r�rr
)r2rIrXrmr�r�csr�r#r#r$�canonical_string�s
zHmacV1Auth.canonical_stringcCsB|jjr|d=|jj|d<|j||||d�}t�d|�|�|�S)Nzx-amz-security-token)rzStringToSign:
%s)r<rgrrErFr�)r2rIrXrmr�rrYr#r#r$�
get_signature�szHmacV1Auth.get_signaturecCsX|jdkrt�t�d�t|j�}t�d|j�|j|j||j|j	d�}|�
||�dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %s)r)r<rrErFrr rIr
rmr�_inject_signature)r2r-rXrhr#r#r$r0�s


zHmacV1Auth.add_authcCs
tdd�S)NT)rl)r)r2r#r#r$r��szHmacV1Auth._get_datecCs4d|jkr|jd=d|jj�d|��}||jd<dS)Nr�zAWS r�)rmr<rb)r2r-rh�auth_headerr#r#r$r�s
zHmacV1Auth._inject_signature)NN)N)NN)NN)r3r4r5rr:r�r�rrr
rr
r0r�rr#r#r#r$r�Ws^
	


r�c@s0eZdZdZdZefdd�Zdd�Zdd�Zd	S)
�HmacV1QueryAuthz�
    Generates a presigned request for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    #RESTAuthenticationQueryStringAuth

    icCs||_||_dS)N)r<r�)r2r<r�r#r#r$r:
szHmacV1QueryAuth.__init__cCsttt��t|j���S)N)r,r�rcr�)r2r#r#r$r�szHmacV1QueryAuth._get_datec	Cs�i}|jj|d<||d<xN|jD]D}|��}|dkrD|jd|d<q |�d�sV|dkr |j|||<q Wt|�}t|j�}|dr�|d�d|��}|d	|d
|d||df}t|�|_dS)
Nr_r@rkZExpireszx-amz-)zcontent-md5zcontent-type�rDrr�r�r�)	r<rbrmrzr�rrr r)	r2r-rhr�Z
header_keyr�r�r�r�r#r#r$rs 
z!HmacV1QueryAuth._inject_signatureN)r3r4r5rir�r:r�rr#r#r#r$rs
	rc@seZdZdZdd�ZdS)�HmacV1PostAuthz�
    Generates a presigned post for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html
    cCs�i}|j�dd�dk	r |jd}i}g}|j�dd�dk	r\|jd}|�dd�dk	r\|d}||d<|jj|d<|jjdk	r�|jj|d<|�d|jji�t�t�	|��
d���d�|d<|�|d�|d<||jd<||jd<dS)	Nzs3-presign-post-fieldszs3-presign-post-policyr�r_zx-amz-security-tokenzutf-8r�rh)
r�rr<rbrgrPrSrTr)r�rNr+r�)r2r-r�r�r�r#r#r$r0>s(



zHmacV1PostAuth.add_authN)r3r4r5rir0r#r#r#r$r5src@seZdZdZdd�ZdS)�
BearerAuthz�
    Performs bearer token authorization by placing the bearer token in the
    Authorization header as specified by Section 2.1 of RFC 6750.

    https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
    cCs>|jdkrt��d|jj��}d|jkr0|jd=||jd<dS)NzBearer r�)r9rrgrm)r2r-rr#r#r$r0es

zBearerAuth.add_authN)r3r4r5rir0r#r#r#r$r]sr)Zv2Zv3Zv3httpsr�zs3-queryzs3-presign-postzs3v4-presign-postzv4-s3expresszv4-s3express-queryzv4-s3express-presign-postZbearer)�CRT_AUTH_TYPE_MAPS)Zv4zv4-queryZs3v4z
s3v4-query)CrSr�r�r�rKr)r�rc�collections.abcr�email.utilsr�hashlibrr�operatorrZbotocore.compatrrr	r
rrr
rrZbotocore.exceptionsrrZbotocore.utilsrrrr�	getLoggerr3rEr�r�rer�r{r�r�r%r.r/r8r;rjror�r�r�r�r�r�r�r�rrrZAUTH_TYPE_MAPSZbotocore.crt.authrrRr#r#r#r$�<module>s�,


=6-hQ0*5(