HEX

File: //opt/alt/python37/lib/python3.7/site-packages/botocore/crt/__pycache__/auth.cpython-37.pyc
B

�P�e�b�@sddlZddlmZddlmZmZmZmZmZm	Z	ddl
mZmZm
Z
mZmZddlmZddlmZGdd�de�ZGd	d
�d
e�ZGdd�de�ZGd
d�de�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�Zeeeeeeed�ZdS)�N)�BytesIO)�SIGNED_HEADERS_BLACKLIST�"STREAMING_UNSIGNED_PAYLOAD_TRAILER�UNSIGNED_PAYLOAD�
BaseSigner�_get_body_as_dict�_host_from_url)�HTTPHeaders�awscrt�parse_qs�urlsplit�
urlunsplit)�NoCredentialsError)�percent_encode_sequencec@s~eZdZdZddddgZejjjZ	dZ
dZdd�Zdd	�Z
d
d�Zdd
�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS)�CrtSigV4AuthT�
Authorizationz
X-Amz-DatezX-Amz-Content-SHA256zX-Amz-Security-TokencCs||_||_||_d|_dS)N)�credentials�
_service_name�_region_name�_expiration_in_seconds)�selfr�service_name�region_name�r�B/opt/alt/python37/lib/python3.7/site-packages/botocore/crt/auth.py�__init__*szCrtSigV4Auth.__init__cCs0|j�di�}|�d�}t|t�o.|�d�dkS)N�checksum�request_algorithm�in�trailer)�context�get�
isinstance�dict)r�request�checksum_context�	algorithmrrr�_is_streaming_checksum_payload0s
z+CrtSigV4Auth._is_streaming_checksum_payloadc
Cs|jdkrt��tj��jtjjd�}|�|�}|�|�t	j
jj|jj
|jj|jjd�}|�|�rjt}n|�|�r�|r~|}q�d}nt}|�|�r�t	j
jj}n
t	j
jj}t	j
jt	j
jj|j||j|j||j|j|j |||j!d�}|�"|�}t	j
�#||�}	|	�$�|�%||�dS)N)�tzinfo)�
access_key_id�secret_access_key�
session_token)r&�signature_type�credentials_provider�region�service�date�should_sign_header�use_double_uri_encode�should_normalize_uri_path�signed_body_value�signed_body_header_type�expiration_in_seconds)&rr�datetime�utcnow�replace�timezone�utc�_get_existing_sha256�_modify_request_before_signingr
�auth�AwsCredentialsProvider�
new_static�
access_key�
secret_key�tokenr'r�_should_sha256_sign_payloadr�!_should_add_content_sha256_header�AwsSignedBodyHeaderType�X_AMZ_CONTENT_SHA_256�NONE�AwsSigningConfig�AwsSigningAlgorithmZV4�_SIGNATURE_TYPErr�_should_sign_header�_USE_DOUBLE_URI_ENCODE�_SHOULD_NORMALIZE_URI_PATHr�_crt_request_from_aws_request�aws_sign_request�result�_apply_signing_changes)
rr$�datetime_now�existing_sha256r-�explicit_payload�body_header�signing_config�crt_request�futurerrr�add_auth5sJ









zCrtSigV4Auth.add_authc
Cs�t|j�}|jr|jnd}|jrlg}x2|j��D]$\}}t|�}|�|�d|���q0W|dd�|�}n|jr�|�d|j��}t	j
�|j���}d}|j
r�t|j
d�r�|j
}n
t|j
�}t	j
j|j|||d�}	|	S)N�/�=�?�&�seek)�method�path�headers�body_stream)r�urlra�params�items�str�append�join�queryr
�http�HttpHeadersrb�body�hasattrr�HttpRequestr`)
r�aws_request�	url_parts�crt_path�array�param�value�crt_headers�crt_body_streamrXrrrrOns,

z*CrtSigV4Auth._crt_request_from_aws_requestcCst�t|j��|_dS)N)r	�
from_pairs�listrb)rrp�signed_crt_requestrrrrR�sz#CrtSigV4Auth._apply_signing_changescKs|��tkS)N)�lowerr)r�name�kwargsrrrrL�sz CrtSigV4Auth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkr<t|j�|jd<dS)N�host)�_PRESIGNED_HEADERS_BLOCKLISTrbrrd)rr$�hrrrr=�s


z+CrtSigV4Auth._modify_request_before_signingcCs|j�d�S)NzX-Amz-Content-SHA256)rbr!)rr$rrrr<�sz!CrtSigV4Auth._get_existing_sha256cCs|j�d�sdS|j�dd�S)N�httpsT�payload_signing_enabled)rd�
startswithr r!)rr$rrrrD�sz(CrtSigV4Auth._should_sha256_sign_payloadcCs|dk	S)Nr)rrUrrrrE�sz.CrtSigV4Auth._should_add_content_sha256_headerN)�__name__�
__module__�__qualname__�REQUIRES_REGIONrr
r>�AwsSignatureType�HTTP_REQUEST_HEADERSrKrMrNrr'rZrOrRrLr=r<rDrErrrrrs$
9

rcs4eZdZdZdZdd�Z�fdd�Zdd�Z�ZS)�CrtS3SigV4AuthFcCsdS)Nr)rr$rrrr<�sz#CrtS3SigV4Auth._get_existing_sha256cs�|j�d�}t|dd�}|dkr$i}|�dd�}|dk	r<|Sd}|j�di�}|�d�}t|t�rx|�d�dkrx|d	}|j�d
�r�||jkr�dS|j�dd
�r�d
St��	|�S)N�
client_config�s3r�zContent-MD5rrr�headerr|r�T�has_streaming_inputF)
r r!�getattrr"r#rdr�rb�superrD)rr$r��	s3_config�sign_payloadZchecksum_headerr%r&)�	__class__rrrD�s$

z*CrtS3SigV4Auth._should_sha256_sign_payloadcCsdS)NTr)rrUrrrrE�sz0CrtS3SigV4Auth._should_add_content_sha256_header)	r�r�r�rMrNr<rDrE�
__classcell__rr)r�rr��s
)r�c@s~eZdZdZddddgZejjjZ	dZ
dZdd�Zdd	�Z
d
d�Zdd
�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS)�CrtSigV4AsymAuthTrz
X-Amz-DatezX-Amz-Content-SHA256zX-Amz-Security-TokencCs||_||_||_d|_dS)N)rrrr)rrrrrrrr�szCrtSigV4AsymAuth.__init__c
Cs|jdkrt��tj��jtjjd�}|�|�}|�|�t	j
jj|jj
|jj|jjd�}|�|�rjt}n|�|�r�|r~|}q�d}nt}|�|�r�t	j
jj}n
t	j
jj}t	j
jt	j
jj|j||j|j||j|j|j |||j!d�}|�"|�}t	j
�#||�}	|	�$�|�%||�dS)N)r()r)r*r+)r&r,r-r.r/r0r1r2r3r4r5r6)&rrr7r8r9r:r;r<r=r
r>r?r@rArBrCr'rrDrrErFrGrHrIrJZ
V4_ASYMMETRICrKrrrLrMrNrrOrPrQrR)
rr$rSrTr-rUrVrWrXrYrrrrZ�sJ









zCrtSigV4AsymAuth.add_authc
Cs�t|j�}|jr|jnd}|jrlg}x2|j��D]$\}}t|�}|�|�d|���q0W|dd�|�}n|jr�|�d|j��}t	j
�|j���}d}|j
r�t|j
d�r�|j
}n
t|j
�}t	j
j|j|||d�}	|	S)Nr[r\r]r^r_)r`rarbrc)rrdrarerfrgrhrirjr
rkrlrbrmrnrror`)
rrprqrrrsrtrurvrwrXrrrrO3s,

z.CrtSigV4AsymAuth._crt_request_from_aws_requestcCst�t|j��|_dS)N)r	rxryrb)rrprzrrrrRQsz'CrtSigV4AsymAuth._apply_signing_changescKs|��tkS)N)r{r)rr|r}rrrrLWsz$CrtSigV4AsymAuth._should_sign_headercCs@x |jD]}||jkr|j|=qWd|jkr<t|j�|jd<dS)Nr~)rrbrrd)rr$r�rrrr=Zs


z/CrtSigV4AsymAuth._modify_request_before_signingcCs|j�d�S)NzX-Amz-Content-SHA256)rbr!)rr$rrrr<dsz%CrtSigV4AsymAuth._get_existing_sha256cCs0|j�di�}|�d�}t|t�o.|�d�dkS)Nrrrr)r r!r"r#)rr$r%r&rrrr'gs
z/CrtSigV4AsymAuth._is_streaming_checksum_payloadcCs|j�d�sdS|j�dd�S)Nr�Tr�)rdr�r r!)rr$rrrrDlsz,CrtSigV4AsymAuth._should_sha256_sign_payloadcCs|dk	S)Nr)rrUrrrrEvsz2CrtSigV4AsymAuth._should_add_content_sha256_headerN)r�r�r�r�rr
r>r�r�rKrMrNrrZrOrRrLr=r<r'rDrErrrrr��s$
9

r�cs4eZdZdZdZdd�Z�fdd�Zdd�Z�ZS)�CrtS3SigV4AsymAuthFcCsdS)Nr)rr$rrrr<�sz'CrtS3SigV4AsymAuth._get_existing_sha256cst|j�d�}t|dd�}|dkr$i}|�dd�}|dk	r<|S|j�d�rRd|jkrVdS|j�dd�rhdSt��|�S)	Nr�r�r�r�zContent-MD5Tr�F)r r!r�rdr�rbr�rD)rr$r�r�r�)r�rrrD�s
z.CrtS3SigV4AsymAuth._should_sha256_sign_payloadcCsdS)NTr)rrUrrrrE�sz4CrtS3SigV4AsymAuth._should_add_content_sha256_header)	r�r�r�rMrNr<rDrEr�rr)r�rr�{s
$r�csFeZdZdZejjjZef�fdd�	Z	�fdd�Z
�fdd�Z�ZS)�CrtSigV4AsymQueryAuthicst��|||�||_dS)N)r�rr)rrrr�expires)r�rrr�szCrtSigV4AsymQueryAuth.__init__c	s�t��|�|j�d�}|dkr(|jd=t|j�}t|jdd�}dd�|��D�}|j	rl|�
t|��d|_	t|�}|}|d|d	|d
||df}t
|�|_dS)Nzcontent-typez0application/x-www-form-urlencoded; charset=utf-8T)�keep_blank_valuescSsi|]\}}|d|�qS)rr)�.0�k�vrrr�
<dictcomp>�szHCrtSigV4AsymQueryAuth._modify_request_before_signing.<locals>.<dictcomp>�r���)r�r=rbr!rrdrrjrf�data�updaterrr
)	rr$�content_typerqZquery_string_parts�
query_dict�new_query_string�p�
new_url_parts)r�rrr=�s
	z4CrtSigV4AsymQueryAuth._modify_request_before_signingcsLt��||�t|j�j}t|j�}t|d|d|d||df�|_dS)Nrr�r�r�)r�rRrrarjrdr
)rrprz�signed_queryr�)r�rrrR�s
	z,CrtSigV4AsymQueryAuth._apply_signing_changes)
r�r�r��DEFAULT_EXPIRESr
r>r��HTTP_REQUEST_QUERY_PARAMSrKrr=rRr�rr)r�rr��s

*r�c@s(eZdZdZdZdZdd�Zdd�ZdS)�CrtS3SigV4AsymQueryAuthz�S3 SigV4A auth using query parameters.
    This signer will sign a request using query parameters and signature
    version 4A, i.e a "presigned url" signer.
    FcCsdS)NFr)rr$rrrrD�sz3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrUrrrrEsz9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerN)r�r�r��__doc__rMrNrDrErrrrr��s
r�csFeZdZdZejjjZef�fdd�	Z	�fdd�Z
�fdd�Z�ZS)�CrtSigV4QueryAuthicst��|||�||_dS)N)r�rr)rrrrr�)r�rrrszCrtSigV4QueryAuth.__init__cs�t��|�|j�d�}|dkr(|jd=t|j�}dd�t|jdd���D�}|j	rf|�
|j	�i|_	|jr�|�
t|��d|_t
|�}|}|d|d	|d
||df}t|�|_dS)Nzcontent-typez0application/x-www-form-urlencoded; charset=utf-8cSsi|]\}}|d|�qS)rr)r�r�r�rrrr�!szDCrtSigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>T)r�r�rr�r�r�)r�r=rbr!rrdrrjrfrer�r�rrr
)rr$r�rqr�r�r�r�)r�rrr=s$
	z0CrtSigV4QueryAuth._modify_request_before_signingcsLt��||�t|j�j}t|j�}t|d|d|d||df�|_dS)Nrr�r�r�)r�rRrrarjrdr
)rrprzr�r�)r�rrrRBs
	z(CrtSigV4QueryAuth._apply_signing_changes)
r�r�r�r�r
r>r�r�rKrr=rRr�rr)r�rr�s

0r�c@s(eZdZdZdZdZdd�Zdd�ZdS)�CrtS3SigV4QueryAuthaS3 SigV4 auth using query parameters.
    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.
    Based off of:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
    FcCsdS)NFr)rr$rrrrD_sz/CrtS3SigV4QueryAuth._should_sha256_sign_payloadcCsdS)NFr)rrUrrrrEfsz5CrtS3SigV4QueryAuth._should_add_content_sha256_headerN)r�r�r�r�rMrNrDrErrrrr�Ss
r�)Zv4zv4-queryZv4aZs3v4z
s3v4-queryZs3v4azs3v4a-query)r7�iorZ
botocore.authrrrrrrZbotocore.compatr	r
rrr
Zbotocore.exceptionsrZbotocore.utilsrrr�r�r�r�r�r�r�ZCRT_AUTH_TYPE_MAPSrrrr�<module>s, 72EK