HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: //usr/lib/python3.6/site-packages/botocore/__pycache__/auth.cpython-36.pyc
3

�T_���@s�ddlZddlZddlmZddlmZddlZddlZddlmZddl	m
Z
ddlZddlZddl
Z
ddlZddlmZddlmZmZddlmZdd	lmZmZmZmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZeje �Z!dZ"d/Z#dZ$dZ%dddgZ&dZ'Gdd�de(�Z)Gdd�de)�Z*Gdd�de)�Z+Gdd�de)�Z,Gd d!�d!e,�Z-Gd"d#�d#e,�Z.Gd$d%�d%e.�Z/Gd&d'�d'e,�Z0Gd(d)�d)e)�Z1Gd*d+�d+e1�Z2Gd,d-�d-e1�Z3e*e,e.e+e+e1e2e3e-e/e0d.�Z4dS)0�N)�sha256)�sha1)�
formatdate)�
itemgetter)�NoCredentialsError)�normalize_url_path�percent_encode_sequence)�HTTPHeaders)�quote�unquote�urlsplit�parse_qs)�
urlunsplit)�encodebytes)�six)�json)�
MD5_AVAILABLE)�ensure_unicodeZ@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ�expectz
user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADc@seZdZdZdd�ZdS)�
BaseSignerFcCstd��dS)N�add_auth)�NotImplementedError)�self�request�r�/usr/lib/python3.6/auth.pyr<szBaseSigner.add_authN)�__name__�
__module__�__qualname__�REQUIRES_REGIONrrrrrr9src@s(eZdZdZdd�Zdd�Zdd�ZdS)	�	SigV2Authz+
    Sign a request with Signature V2.
    cCs
||_dS)N)�credentials)rr!rrr�__init__EszSigV2Auth.__init__cCs�tjd�t|j�}|j}t|�dkr*d}d|j|j|f}tj	|j
jjd�t
d�}g}xVt|�D]J}|dkrpqbtj||�}	|jt|jd�dd	�d
t|	jd�dd	��qbWdj|�}
||
7}tjd
|�|j|jd��tj|j��j�jd�}|
|fS)Nz$Calculating signature using v2 auth.r�/z	%s
%s
%s
zutf-8)�	digestmod�	Signature�)�safe�=z-_~�&zString to sign: %s)�logger�debugr�url�path�len�method�netloc�hmac�newr!�
secret_key�encoder�sortedrZ	text_type�appendr
�join�update�base64�	b64encode�digest�strip�decode)rr�params�splitr-�string_to_signZlhmacZpairs�key�value�qsZb64rrr�calc_signatureHs.


zSigV2Auth.calc_signaturecCs�|jdkrt�|jr|j}n|j}|jj|d<d|d<d|d<tjttj��|d<|jj	rf|jj	|d<|j
||�\}}||d<|S)	N�AWSAccessKeyId�2ZSignatureVersion�
HmacSHA256ZSignatureMethodZ	TimestampZ
SecurityTokenr%)r!r�datar>�
access_key�time�strftime�ISO8601Zgmtime�tokenrD)rrr>rC�	signaturerrrrds
zSigV2Auth.add_authN)rrr�__doc__r"rDrrrrrr @sr c@seZdZdd�Zdd�ZdS)�	SigV3AuthcCs
||_dS)N)r!)rr!rrrr"~szSigV3Auth.__init__cCs�|jdkrt�d|jkr |jd=tdd�|jd<|jjrXd|jkrJ|jd=|jj|jd<tj|jjjd�t	d�}|j
|jdjd��t|j��j
�}d|jjd|jd�f}d	|jkr�|jd	=||jd	<dS)
N�DateT)�usegmtzX-Amz-Security-Tokenzutf-8)r$z6AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=%s,Signature=%srGzX-Amzn-Authorization)r!r�headersrrMr1r2r3r4rr8rr;r<rIr=)rr�new_hmacZencoded_signaturerNrrrr�s&



zSigV3Auth.add_authN)rrrr"rrrrrrP}srPc@s�eZdZdZdZdd�Zd1dd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)2�	SigV4Authz+
    Sign a request with Signature V4.
    TcCs||_||_||_dS)N)r!�_region_name�
_service_name)rr!�service_name�region_namerrrr"�szSigV4Auth.__init__FcCs:|rtj||jd�t�j�}ntj||jd�t�j�}|S)Nzutf-8)r1r2r4r�	hexdigestr;)rrA�msg�hexZsigrrr�_sign�szSigV4Auth._signcCsVt�}x.|jj�D] \}}|j�}|tkr|||<qWd|krR|j|j�j�|d<|S)zk
        Select the headers from the request that need to be included
        in the StringToSign.
        �host)r	rS�items�lower�SIGNED_HEADERS_BLACKLIST�_canonical_hostr,)rrZ
header_map�namerBZlnamerrr�headers_to_sign�szSigV4Auth.headers_to_signcsDt|��ddd�}t�fdd�|j�D��r2�jS�jjdd�dS)	N�Pi�)Zhttp�httpsc3s&|]\}}�j|ko�j|kVqdS)N)�scheme�port)�.0rgrh)�	url_partsrr�	<genexpr>�sz,SigV4Auth._canonical_host.<locals>.<genexpr>�@����)r�anyr_Zhostnamer0�rsplit)rr,Z
default_portsr)rjrrb�szSigV4Auth._canonical_hostcCs&|jr|j|j�S|jt|j��SdS)N)r>�_canonical_query_string_params�_canonical_query_string_urlrr,)rrrrr�canonical_query_string�sz SigV4Auth.canonical_query_stringcCsRg}x>t|�D]2}t||�}|jdt|dd�t|dd�f�qWdj|�}|S)Nz%s=%sz-_.~)r'r))r5�strr6r
r7)rr>�lZparamrBZcqsrrrrq�s
z(SigV4Auth._canonical_query_string_paramsc	Cs|d}|jrxg}x2|jjd�D]"}|jd�\}}}|j||f�qWg}x&t|�D]\}}|jd||f�qPWdj|�}|S)Nr&r)r(z%s=%s)�queryr?�	partitionr6r5r7)	r�partsrsZ
key_val_pairsZpairrA�_rBZsorted_key_valsrrrrr�s
z%SigV4Auth._canonical_query_string_urlcs`g}tt|��}xD|D]<}dj�fdd�t|j|��D��}|jd|t|�f�qWdj|�S)a

        Return the headers that need to be included in the StringToSign
        in their canonical form by converting all header keys to lower
        case, sorting them in alphabetical order and then joining
        them into a string, separated by newlines.
        �,c3s|]}�j|�VqdS)N)�
_header_value)ri�v)rrrrk�sz.SigV4Auth.canonical_headers.<locals>.<genexpr>z%s:%s�
)r5�setr7�get_allr6r)rrdrSZsorted_header_namesrArBr)rr�canonical_headers�s
zSigV4Auth.canonical_headerscCsdj|j��S)N� )r7r?)rrBrrrr{�szSigV4Auth._header_valuecCs$dd�t|�D�}t|�}dj|�S)NcSsg|]}d|j�j��qS)z%s)r`r<)ri�nrrr�
<listcomp>sz,SigV4Auth.signed_headers.<locals>.<listcomp>�;)r~r5r7)rrdrurrr�signed_headersszSigV4Auth.signed_headerscCs�|j|�stS|j}|rrt|d�rr|j�}tj|jt�}t	�}xt
|d�D]}|j|�qJW|j�}|j
|�|S|r�t	|�j�StSdS)N�seek�)�_should_sha256_sign_payload�UNSIGNED_PAYLOADZbody�hasattr�tell�	functools�partial�read�PAYLOAD_BUFFERr�iterr8rZr��EMPTY_SHA256_HASH)rrZrequest_bodyZpositionZread_chunksizeZchecksum�chunkZhex_checksumrrr�payload
s 

zSigV4Auth.payloadcCs|jjd�sdS|jjdd�S)NrfT�payload_signing_enabled)r,�
startswith�context�get)rrrrrr�!sz%SigV4Auth._should_sha256_sign_payloadcCs�|jj�g}|jt|j�j�}|j|�|j|j|��|j|�}|j|j	|�d�|j|j
|��d|jkr||jd}n
|j|�}|j|�dj
|�S)Nr}zX-Amz-Content-SHA256)r/�upper�_normalize_url_pathrr,r-r6rsrdr�r�rSr�r7)rrZcrr-rdZ
body_checksumrrr�canonical_request+s




zSigV4Auth.canonical_requestcCstt|�dd�}|S)Nz/~)r')r
r)rr-Znormalized_pathrrrr�:szSigV4Auth._normalize_url_pathcCsN|jjg}|j|jddd��|j|j�|j|j�|jd�dj|�S)N�	timestampr��aws4_requestr#)r!rIr6r�rVrWr7)rr�scoperrrr�>s

zSigV4Auth.scopecCsHg}|j|jddd��|j|j�|j|j�|jd�dj|�S)Nr�rr�r�r#)r6r�rVrWr7)rrr�rrr�credential_scopeFs
zSigV4Auth.credential_scopecCsHdg}|j|jd�|j|j|��|jt|jd��j��dj|�S)z�
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        zAWS4-HMAC-SHA256r�zutf-8r})r6r�r�rr4rZr7)rrr��stsrrrr@Ns
zSigV4Auth.string_to_signcCsd|jj}|jd|jd�|jddd��}|j||j�}|j||j�}|j|d�}|j||dd�S)	NZAWS4zutf-8r�rr�r�T)r\)r!r3r]r4r�rVrW)rr@rrAZk_dateZk_regionZ	k_serviceZ	k_signingrrrrNZszSigV4Auth.signaturecCs�|jdkrt�tjj�}|jt�|jd<|j|�|j|�}t	j
d�t	j
d|�|j||�}t	j
d|�|j||�}t	j
d|�|j
||�dS)Nr�z$Calculating signature using v4 auth.zCanonicalRequest:
%szStringToSign:
%sz
Signature:
%s)r!r�datetime�utcnowrK�SIGV4_TIMESTAMPr��_modify_request_before_signingr�r*r+r@rN�_inject_signature_to_request)rr�datetime_nowr�r@rNrrrrcs




zSigV4Auth.add_authcCsPd|j|�g}|j|�}|jd|j|��|jd|�dj|�|jd<|S)NzAWS4-HMAC-SHA256 Credential=%szSignedHeaders=%szSignature=%sz, �
Authorization)r�rdr6r�r7rS)rrrNrurdrrrr�us
z&SigV4Auth._inject_signature_to_requestcCsrd|jkr|jd=|j|�|jjrDd|jkr6|jd=|jj|jd<|jjdd�snd|jkrd|jd=t|jd<dS)Nr�zX-Amz-Security-Tokenr�TzX-Amz-Content-SHA256)rS�_set_necessary_date_headersr!rMr�r�r�)rrrrrr�}s



z(SigV4Auth._modify_request_before_signingcCs|d|jkrV|jd=tjj|jdt�}tttj|j	����|jd<d|jkrx|jd=n"d|jkrh|jd=|jd|jd<dS)NrQr�z
X-Amz-Date)
rSr�Zstrptimer�r�r�int�calendarZtimegmZ	timetuple)rrZdatetime_timestamprrrr��s



z%SigV4Auth._set_necessary_date_headersN)F)rrrrOrr"r]rdrbrsrqrrr�r{r�r�r�r�r�r�r�r@rNrr�r�r�rrrrrU�s0


	
	rUcs0eZdZ�fdd�Z�fdd�Zdd�Z�ZS)�S3SigV4Authcs6tt|�j|�d|jkr"|jd=|j|�|jd<dS)NzX-Amz-Content-SHA256)�superr�r�rSr�)rr)�	__class__rrr��s
z*S3SigV4Auth._modify_request_before_signingcsz|jjd�}t|dd�}|dkr$i}|jdd�}|dk	r<|S|jjd�sTd|jkrXdS|jjdd�rjdStt|�j|�S)	N�
client_config�s3r�rfzContent-MD5TZhas_streaming_inputF)	r�r��getattrr,r�rSr�r�r�)rrr�Z	s3_configZsign_payload)r�rrr��s
z'S3SigV4Auth._should_sha256_sign_payloadcCs|S)Nr)rr-rrrr��szS3SigV4Auth._normalize_url_path)rrrr�r�r��
__classcell__rr)r�rr��s"r�cs<eZdZdZef�fdd�	Zdd�Zdd�Zdd	�Z�ZS)
�SigV4QueryAuthicstt|�j|||�||_dS)N)r�r�r"�_expires)rr!rXrY�expires)r�rrr"�szSigV4QueryAuth.__init__cCs�|jjd�}d}||kr |jd=|j|j|��}d|j|�|jd|j|d�}|jjdk	rf|jj|d<t	|j
�}tdd�t|j
d	d
�j�D��}d}|jr�|j|j|��d|_|r�t|�d}|t|�}	|}
|
d
|
d|
d|	|
df}t|�|_
dS)Nzcontent-typez0application/x-www-form-urlencoded; charset=utf-8zAWS4-HMAC-SHA256r�)zX-Amz-AlgorithmzX-Amz-Credentialz
X-Amz-Datez
X-Amz-ExpireszX-Amz-SignedHeaderszX-Amz-Security-TokencSsg|]\}}||df�qS)rr)ri�kr|rrrr��szASigV4QueryAuth._modify_request_before_signing.<locals>.<listcomp>T)Zkeep_blank_valuesr&r)rrm��)rSr�r�rdr�r�r�r!rMrr,�dictr
rvr_rHr8�_get_body_as_dictrr)rrZcontent_typeZblacklisted_content_typer�Zauth_paramsrj�
query_dictZoperation_params�new_query_string�p�
new_url_partsrrrr��s6

	z-SigV4QueryAuth._modify_request_before_signingcCs>|j}t|tj�r$tj|jd��}nt|tj�r:tj|�}|S)Nzutf-8)rH�
isinstancerZbinary_typer�loadsr=Zstring_types)rrrHrrrr�s
z SigV4QueryAuth._get_body_as_dictcCs|jd|7_dS)Nz&X-Amz-Signature=%s)r,)rrrNrrrr�sz+SigV4QueryAuth._inject_signature_to_request)	rrr�DEFAULT_EXPIRESr"r�r�r�r�rr)r�rr��s
=r�c@s eZdZdZdd�Zdd�ZdS)�S3SigV4QueryAuthaS3 SigV4 auth using query parameters.

    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.

    Based off of:

    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

    cCs|S)Nr)rr-rrrr�0sz$S3SigV4QueryAuth._normalize_url_pathcCstS)N)r�)rrrrrr�4szS3SigV4QueryAuth.payloadN)rrrrOr�r�rrrrr�%s
r�c@seZdZdZdd�ZdS)�S3SigV4PostAuthz�
    Presigns a s3 post

    Implementation doc here:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
    cCsPtjj�}|jt�|jd<i}|jjdd�dk	r:|jd}i}g}|jjdd�dk	rv|jd}|jdd�dk	rv|d}||d<d|d<|j|�|d<|jd|d<|jddi�|jd|j|�i�|jd|jdi�|jj	dk	�r|jj	|d	<|jd	|jj	i�t
jtj
|�jd
��jd
�|d<|j|d|�|d<||jd<||jd<dS)
Nr�zs3-presign-post-fieldszs3-presign-post-policy�
conditionszAWS4-HMAC-SHA256zx-amz-algorithmzx-amz-credentialz
x-amz-datezx-amz-security-tokenzutf-8�policyzx-amz-signature)r�r�rKr�r�r�r�r6r!rMr9r:r�dumpsr4r=rN)rrr��fieldsr�r�rrrrCs4



zS3SigV4PostAuth.add_authN)rrrrOrrrrrr�<sr�c#@s�eZdZddddddddd	d
ddd
ddddddddddddddddd	ddd d!d"g#Zd:d$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd;d.d/�Z	d<d0d1�Z
d=d2d3�Zd4d5�Zd6d7�Z
d8d9�Zd#S)>�
HmacV1AuthZ
accelerateZaclZcorsZdefaultObjectAcl�location�loggingZ
partNumberr�ZrequestPaymentZtorrentZ
versioningZ	versionIdZversionsZwebsiteZuploadsZuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encoding�deleteZ	lifecycleZtaggingZrestoreZstorageClassZnotificationZreplicationZ	analyticsZmetricsZ	inventoryZselectzselect-typeNcCs
||_dS)N)r!)rr!rXrYrrrr"yszHmacV1Auth.__init__cCs>tj|jjjd�td�}|j|jd��t|j��j	�j
d�S)Nzutf-8)r$)r1r2r!r3r4rr8rr;r<r=)rr@rTrrr�sign_string|szHmacV1Auth.sign_stringcCs�dddg}g}d|kr|d=|j�|d<x^|D]V}d}x>|D]6}|j�}||dk	r<||kr<|j||j��d}q<W|s.|jd�q.Wdj|�S)	Nzcontent-md5zcontent-typeZdaterQFTr&r})�	_get_dater`r6r<r7)rrSZinteresting_headers�hoiZih�foundrA�lkrrr�canonical_standard_headers�s


z%HmacV1Auth.canonical_standard_headerscCs�g}i}xH|D]@}|j�}||dk	r|jd�rdjdd�|j|�D��||<qWt|j��}x"|D]}|jd|||f�qdWdj|�S)Nzx-amz-rzcss|]}|j�VqdS)N)r<)rir|rrrrk�sz6HmacV1Auth.canonical_custom_headers.<locals>.<genexpr>z%s:%sr})r`r�r7rr5�keysr6)rrSr��custom_headersrAr�Zsorted_header_keysrrr�canonical_custom_headers�s



z#HmacV1Auth.canonical_custom_headerscCs(t|�dkr|S|dt|d�fSdS)z(
        TODO: Do we need this?
        rmrN)r.r)rZnvrrr�	unquote_v�szHmacV1Auth.unquote_vcs�|dk	r|}n|j}|jr�|jjd�}dd�|D�}�fdd�|D�}t|�dkr�|jtd�d�dd�|D�}|d7}|dj|�7}|S)	Nr)cSsg|]}|jdd��qS)r(rm)r?)ri�arrrr��sz1HmacV1Auth.canonical_resource.<locals>.<listcomp>cs$g|]}|d�jkr�j|��qS)r)�
QSAOfInterestr�)rir�)rrrr��sr)rAcSsg|]}dj|��qS)r()r7)rir�rrrr��s�?)r-rvr?r.�sortrr7)rr?�	auth_pathZbufZqsar)rr�canonical_resource�s	zHmacV1Auth.canonical_resourcecCsN|j�d}||j|�d7}|j|�}|r8||d7}||j||d�7}|S)Nr})r�)r�r�r�r�)rr/r?rSr�r�Zcsr�rrr�canonical_string�s
zHmacV1Auth.canonical_stringcCsB|jjr|d=|jj|d<|j||||d�}tjd|�|j|�S)Nzx-amz-security-token)r�zStringToSign:
%s)r!rMr�r*r+r�)rr/r?rSr�r�r@rrr�
get_signature�szHmacV1Auth.get_signaturecCsX|jdkrt�tjd�t|j�}tjd|j�|j|j||j|j	d�}|j
||�dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %s)r�)r!rr*r+rr,r/r�rSr��_inject_signature)rrr?rNrrrr�s




zHmacV1Auth.add_authcCs
tdd�S)NT)rR)r)rrrrr��szHmacV1Auth._get_datecCs,d|jkr|jd=d|jj|f|jd<dS)Nr�z	AWS %s:%s)rSr!rI)rrrNrrrr��s
zHmacV1Auth._inject_signature)NN)N)NN)NN)rrrr�r"r�r�r�r�r�r�r�rr�r�rrrrr�js0

	

	
r�c@s0eZdZdZdZefdd�Zdd�Zdd�Zd	S)
�HmacV1QueryAuthz�
    Generates a presigned request for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    #RESTAuthenticationQueryStringAuth

    icCs||_||_dS)N)r!r�)rr!r�rrrr"szHmacV1QueryAuth.__init__cCstttj�t|j���S)N)rtr�rJr�)rrrrr�szHmacV1QueryAuth._get_datec	Cs�i}|jj|d<||d<xN|jD]D}|j�}|dkrD|jd|d<q |jd�sV|dkr |j|||<q Wt|�}t|j�}|dr�d	|d|f}|d
|d|d||d
f}t|�|_dS)NrEr%rQZExpireszx-amz-�content-md5�content-type�z%s&%srrmr�r�)r�r�)	r!rIrSr`r�rrr,r)	rrrNr�Z
header_keyr�r�r�r�rrrr�s 
z!HmacV1QueryAuth._inject_signatureN)rrrrOr�r"r�r�rrrrr��s
	r�c@seZdZdZdd�ZdS)�HmacV1PostAuthz�
    Generates a presigned post for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html
    cCs�i}|jjdd�dk	r |jd}i}g}|jjdd�dk	r\|jd}|jdd�dk	r\|d}||d<|jj|d<|jjdk	r�|jj|d<|jd|jji�tjtj	|�j
d��jd�|d<|j|d�|d<||jd<||jd<dS)	Nzs3-presign-post-fieldszs3-presign-post-policyr�rEzx-amz-security-tokenzutf-8r�rN)
r�r�r!rIrMr6r9r:rr�r4r=r�)rrr�r�r�rrrr.s&


zHmacV1PostAuth.add_authN)rrrrOrrrrrr�&sr�)Zv2Zv4zv4-queryZv3Zv3httpsr�zs3-queryzs3-presign-postZs3v4z
s3v4-queryzs3v4-presign-posti)5r9r�Zhashlibrrr1r�Zemail.utilsr�operatorrr�rJr�rZbotocore.exceptionsrZbotocore.utilsrrZbotocore.compatr	r
rrr
rrrrrZ	getLoggerrr*r�r�rLr�rar��objectrr rPrUr�r�r�r�r�r�r�ZAUTH_TYPE_MAPSrrrr�<module>sn
=/Y.2)