HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: //usr/lib/python3.6/site-packages/botocore/__pycache__/signers.cpython-36.pyc
3

�T_Jn�@s�ddlZddlZddlZddlZddlZddlZddlmZmZddl	m
Z
mZddlm
Z
ddlmZddlmZddlmZmZGdd	�d	e�ZGd
d�de�Zdd
�Zddd�ZGdd�de�Zdd�Zddd�Zdd�Zddd�Zdd�ZdS) �N)�six�OrderedDict)�create_request_object�prepare_request_dict)�UnknownSignatureVersionError)�UnknownClientMethodError)� UnsupportedSignatureVersionError)�fix_s3_host�datetime2timestampc@speZdZdZdd�Zedd��Zedd��Zedd	��Zddd�Z	ddd�Z
dd�Zddd�ZeZ
ddd�Zd
S)�
RequestSignera0
    An object to sign requests before they go out over the wire using
    one of the authentication mechanisms defined in ``auth.py``. This
    class fires two events scoped to a service and operation name:

    * choose-signer: Allows overriding the auth signer name.
    * before-sign: Allows mutating the request before signing.

    Together these events allow for customization of the request
    signing pipeline, including overrides, request path manipulation,
    and disabling signing per operation.


    :type service_id: botocore.model.ServiceId
    :param service_id: The service id for the service, e.g. ``S3``

    :type region_name: string
    :param region_name: Name of the service region, e.g. ``us-east-1``

    :type signing_name: string
    :param signing_name: Service signing name. This is usually the
                         same as the service name, but can differ. E.g.
                         ``emr`` vs. ``elasticmapreduce``.

    :type signature_version: string
    :param signature_version: Signature name like ``v4``.

    :type credentials: :py:class:`~botocore.credentials.Credentials`
    :param credentials: User credentials with which to sign requests.

    :type event_emitter: :py:class:`~botocore.hooks.BaseEventHooks`
    :param event_emitter: Extension mechanism to fire events.
    cCs.||_||_||_||_||_tj|�|_dS)N)�_region_name�
_signing_name�_signature_version�_credentials�_service_id�weakref�proxy�_event_emitter)�selfZ
service_id�region_name�signing_name�signature_version�credentialsZ
event_emitter�r�/usr/lib/python3.6/signers.py�__init__>szRequestSigner.__init__cCs|jS)N)r)rrrrrIszRequestSigner.region_namecCs|jS)N)r)rrrrrMszRequestSigner.signature_versioncCs|jS)N)r
)rrrrrQszRequestSigner.signing_nameNcKs|j||�S)N)�sign)r�operation_name�request�kwargsrrr�handlerUszRequestSigner.handler�standardc
Cs|}|dkr|j}|dkr |j}|j|||j�}|jjdj|jj�|�|||j|||d�|t	j
k�r|||d�}	|dk	r�||	d<|jjdi�}
|r�|
jd�r�|
d|	d<|
jd	�r�|
d	|	d	<y|jf|	�}Wn<t
k
�r}z|d
kr�t|d��n|�WYdd}~XnX|j|�dS)a<Sign a request before it goes out over the wire.

        :type operation_name: string
        :param operation_name: The name of the current operation, e.g.
                               ``ListBuckets``.
        :type request: AWSRequest
        :param request: The request object to be sent over the wire.

        :type region_name: str
        :param region_name: The region to sign the request for.

        :type signing_type: str
        :param signing_type: The type of signing to perform. This can be one of
            three possible values:

            * 'standard'     - This should be used for most requests.
            * 'presign-url'  - This should be used when pre-signing a request.
            * 'presign-post' - This should be used when pre-signing an S3 post.

        :type expires_in: int
        :param expires_in: The number of seconds the presigned url is valid
            for. This parameter is only valid for signing type 'presign-url'.

        :type signing_name: str
        :param signing_name: The name to use for the service when signing.
        Nzbefore-sign.{0}.{1})rrrr�request_signerr)rrrZexpiresZsigning�regionrrr!)r)rr
�_choose_signer�contextr�emit�formatr�	hyphenize�botocore�UNSIGNED�get�get_auth_instancerrZadd_auth)
rrrr�signing_type�
expires_inrZexplicit_region_namerrZsigning_context�auth�errrr\sB

zRequestSigner.signc	Cs�ddd�}|j|d�}|j}|tjk	r:|j|�r:||7}|jjdj|jj	�|�|j
|j||d�\}}|dk	r�|}|tjk	r�|j|�r�||7}|S)ai
        Allow setting the signature version via the choose-signer event.
        A value of `botocore.UNSIGNED` means no signing will be performed.

        :param operation_name: The operation to sign.
        :param signing_type: The type of signing that the signer is to be used
            for.
        :return: The signature version to sign with.
        z
-presign-postz-query)zpresign-postzpresign-url�zchoose-signer.{0}.{1})rrrr%N)r+rr)r*�endswithrZemit_until_responser'rr(r
r)	rrr-r%Zsigning_type_suffix_map�suffixrr Zresponserrrr$�s$

zRequestSigner._choose_signercKs�|dkr|j}tjjj|�}|dkr.t|d��d}|jdk	rF|jj�}||d<|jrx|j	dkrhtj
j��||d<||d<|f|�}|S)a�
        Get an auth instance which can be used to sign a request
        using the given signature version.

        :type signing_name: string
        :param signing_name: Service signing name. This is usually the
                             same as the service name, but can differ. E.g.
                             ``emr`` vs. ``elasticmapreduce``.

        :type region_name: string
        :param region_name: Name of the service region, e.g. ``us-east-1``

        :type signature_version: string
        :param signature_version: Signature name like ``v4``.

        :rtype: :py:class:`~botocore.auth.BaseSigner`
        :return: Auth instance to sign a request.
        N)rrrZservice_name)rr)r/ZAUTH_TYPE_MAPSr+rrZget_frozen_credentialsZREQUIRES_REGIONr�
exceptionsZ
NoRegionError)rrrrr�clsZfrozen_credentialsr/rrrr,�s"




zRequestSigner.get_auth_instance�cCs*t|�}|j|||d||�|j�|jS)a�Generates a presigned url

        :type request_dict: dict
        :param request_dict: The prepared request dictionary returned by
            ``botocore.awsrequest.prepare_request_dict()``

        :type operation_name: str
        :param operation_name: The operation being signed.

        :type expires_in: int
        :param expires_in: The number of seconds the presigned url is valid
            for. By default it expires in an hour (3600 seconds)

        :type region_name: string
        :param region_name: The region name to sign the presigned url.

        :type signing_name: str
        :param signing_name: The name to use for the service when signing.

        :returns: The presigned url
        zpresign-url)rrZprepare�url)r�request_dictrr.rrrrrr�generate_presigned_url�s


z$RequestSigner.generate_presigned_url)NN)Nr!NN)N)r6NN)�__name__�
__module__�__qualname__�__doc__r�propertyrrrr rr$r,Zget_authr9rrrrrs!

G&
+rc@s<eZdZdZdd�Zd
dd�Zdd�Zdd	d
�Zdd�ZdS)�CloudFrontSignera�A signer to create a signed CloudFront URL.

    First you create a cloudfront signer based on a normalized RSA signer::

        import rsa
        def rsa_signer(message):
            private_key = open('private_key.pem', 'r').read()
            return rsa.sign(
                message,
                rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')),
                'SHA-1')  # CloudFront requires SHA-1 hash
        cf_signer = CloudFrontSigner(key_id, rsa_signer)

    To sign with a canned policy::

        signed_url = cf_signer.generate_signed_url(
            url, date_less_than=datetime(2015, 12, 1))

    To sign with a custom policy::

        signed_url = cf_signer.generate_signed_url(url, policy=my_policy)
    cCs||_||_dS)a�Create a CloudFrontSigner.

        :type key_id: str
        :param key_id: The CloudFront Key Pair ID

        :type rsa_signer: callable
        :param rsa_signer: An RSA signer.
               Its only input parameter will be the message to be signed,
               and its output will be the signed content as a binary string.
               The hash algorithm needed by CloudFront is SHA-1.
        N)�key_id�
rsa_signer)rr@rArrrr/szCloudFrontSigner.__init__NcCs�|dk	r|dk	s |dkr,|dkr,d}t|��|dk	r@|j||�}t|tj�rV|jd�}|dk	rrdtt|��g}nd|j|�j	d�g}|j
|�}|jd|j|�j	d�d|jg�|j
||�S)a�Creates a signed CloudFront URL based on given parameters.

        :type url: str
        :param url: The URL of the protected object

        :type date_less_than: datetime
        :param date_less_than: The URL will expire after that date and time

        :type policy: str
        :param policy: The custom policy, possibly built by self.build_policy()

        :rtype: str
        :return: The signed URL.
        Nz=Need to provide either date_less_than or policy, but not both�utf8z
Expires=%sz	Policy=%szSignature=%szKey-Pair-Id=%s)�
ValueError�build_policy�
isinstancerZ	text_type�encode�intr
�_url_b64encode�decoderA�extendr@�
_build_url)rr7�date_less_than�policyr0�paramsZ	signaturerrrr9>s 

z'CloudFrontSigner.generate_presigned_urlcCs"d|krdnd}||dj|�S)N�?�&)�join)rZbase_urlZextra_paramsZ	separatorrrrrKaszCloudFrontSigner._build_urlc	Cs�tt|��}tdd|ii�}|r<d|kr0|d7}d|i|d<|rXtt|��}d|i|d<d|fd	|fg}d
t|�gi}tj|dd
�S)a0A helper to build policy.

        :type resource: str
        :param resource: The URL or the stream filename of the protected object

        :type date_less_than: datetime
        :param date_less_than: The URL will expire after the time has passed

        :type date_greater_than: datetime
        :param date_greater_than: The URL will not be valid until this time

        :type ip_address: str
        :param ip_address: Use 'x.x.x.x' for an IP, or 'x.x.x.x/x' for a subnet

        :rtype: str
        :return: The policy in a compact string.
        ZDateLessThanz
AWS:EpochTime�/z/32zAWS:SourceIpZ	IpAddressZDateGreaterThanZResourceZ	ConditionZ	Statement�,�:)Z
separators)rSrT)rGr
r�json�dumps)	rZresourcerLZdate_greater_thanZ
ip_addressZmoment�	conditionZordered_payloadZ
custom_policyrrrrDeszCloudFrontSigner.build_policycCs"tj|�jdd�jdd�jdd�S)N�+�-�=�_�/�~)�base64Z	b64encode�replace)r�datarrrrH�szCloudFrontSigner._url_b64encode)NN)NN)	r:r;r<r=rr9rKrDrHrrrrr?s
#
(r?cKst|d<dS)N�generate_db_auth_token)ra)�class_attributesrrrr�add_generate_db_auth_token�srccCsp|}|dkr|jj}d|d�}ddi|dd�}d}d	|||f}	t||	�|jjd||d
dd�}
|
t|�d�S)
aGenerates an auth token used to connect to a db with IAM credentials.

    :type DBHostname: str
    :param DBHostname: The hostname of the database to connect to.

    :type Port: int
    :param Port: The port number the database is listening on.

    :type DBUsername: str
    :param DBUsername: The username to log in as.

    :type Region: str
    :param Region: The region the database is in. If None, the client
        region will be used.

    :return: A presigned url which can be used as an auth token.
    NZconnect)ZActionZDBUserrRr1ZGET)Zurl_pathZquery_stringZheadersZbody�methodzhttps://z%s%s:%si�zrds-db)rr8rr.r)�metarr�_request_signerr9�len)rZ
DBHostnameZPortZ
DBUsernameZRegionr#rNr8�scheme�endpoint_urlZ
presigned_urlrrrra�s"	
rac@seZdZdd�Zddd�ZdS)�S3PostPresignercCs
||_dS)N)rf)rr"rrrr�szS3PostPresigner.__init__N�cCs�|dkri}|dkrg}i}tjj�}|tj|d�}|jtjj�|d<g|d<x|D]}	|dj|	�qVWt|�}
||
j	d<||
j	d<|j
jd|
|d�|
j|d	�S)
a�Generates the url and the form fields used for a presigned s3 post

        :type request_dict: dict
        :param request_dict: The prepared request dictionary returned by
            ``botocore.awsrequest.prepare_request_dict()``

        :type fields: dict
        :param fields: A dictionary of prefilled form fields to build on top
            of.

        :type conditions: list
        :param conditions: A list of conditions to include in the policy. Each
            element can be either a list or a structure. For example:
            [
             {"acl": "public-read"},
             {"bucket": "mybucket"},
             ["starts-with", "$key", "mykey"]
            ]

        :type expires_in: int
        :param expires_in: The number of seconds the presigned post is valid
            for.

        :type region_name: string
        :param region_name: The region name to sign the presigned post to.

        :rtype: dict
        :returns: A dictionary with two elements: ``url`` and ``fields``.
            Url is the url to post to. Fields is a dictionary filled with
            the form fields and respective values to use when submitting the
            post. For example:

            {'url': 'https://mybucket.s3.amazonaws.com
             'fields': {'acl': 'public-read',
                        'key': 'mykey',
                        'signature': 'mysignature',
                        'policy': 'mybase64 encoded policy'}
            }
        N)ZsecondsZ
expiration�
conditionszs3-presign-post-fieldszs3-presign-post-policyZ	PutObjectzpresign-post)r7�fields)
�datetimeZutcnowZ	timedeltaZstrftimer)r/ZISO8601�appendrr%rfrr7)rr8rmrlr.rrMZdatetime_nowZexpire_daterWrrrr�generate_presigned_post�s"*



z'S3PostPresigner.generate_presigned_post)NNrkN)r:r;r<rrprrrrrj�srjcKst|d<dS)Nr9)r9)rbrrrr�add_generate_presigned_urlsrq�c
Cs�|}|}|dkri}|}|}dt|�d�}	|j}
|j}y|j|}Wntk
rbt|d��YnX|jjj|�}
|j	||
|	�}|j
||
�}|dk	r�||d<t||jj|	d�|
j
|||d�S)axGenerate a presigned url given a client, its method, and arguments

    :type ClientMethod: string
    :param ClientMethod: The client method to presign for

    :type Params: dict
    :param Params: The parameters normally passed to
        ``ClientMethod``.

    :type ExpiresIn: int
    :param ExpiresIn: The number of seconds the presigned url is valid
        for. By default it expires in an hour (3600 seconds)

    :type HttpMethod: string
    :param HttpMethod: The http method to use on the generated url. By
        default, the http method is whatever is used in the method's model.

    :returns: The presigned url
    NT)�is_presign_request�use_global_endpoint)Zmethod_namerd)rir%)r8r.r)�_should_use_global_endpointrf�_serializerZ_PY_TO_OP_NAME�KeyErrorrre�
service_model�operation_modelZ_emit_api_params�serialize_to_requestrrir9)rZClientMethodZParams�	ExpiresInZ
HttpMethodZ
client_methodrNr.Zhttp_methodr%r"�
serializerrryr8rrrr9s4r9cKst|d<dS)Nrp)rp)rbrrrr�add_generate_presigned_post[sr}cCs�|}|}|}|}	|}
|dkr"i}n|j�}|	dkr6g}	t|j�}|j}|jjjd�}
|jd|i|
�}t||jj	dt
|�d�d�|	jd|i�|jd�r�|	jd	d
|dt
d��g�n|	jd|i�||d<|j|||	|
d�S)
a�	Builds the url and the form fields used for a presigned s3 post

    :type Bucket: string
    :param Bucket: The name of the bucket to presign the post to. Note that
        bucket related conditions should not be included in the
        ``conditions`` parameter.

    :type Key: string
    :param Key: Key name, optionally add ${filename} to the end to
        attach the submitted filename. Note that key related conditions and
        fields are filled out for you and should not be included in the
        ``Fields`` or ``Conditions`` parameter.

    :type Fields: dict
    :param Fields: A dictionary of prefilled form fields to build on top
        of. Elements that may be included are acl, Cache-Control,
        Content-Type, Content-Disposition, Content-Encoding, Expires,
        success_action_redirect, redirect, success_action_status,
        and x-amz-meta-.

        Note that if a particular element is included in the fields
        dictionary it will not be automatically added to the conditions
        list. You must specify a condition for the element as well.

    :type Conditions: list
    :param Conditions: A list of conditions to include in the policy. Each
        element can be either a list or a structure. For example:

        [
         {"acl": "public-read"},
         ["content-length-range", 2, 5],
         ["starts-with", "$success_action_redirect", ""]
        ]

        Conditions that are included may pertain to acl,
        content-length-range, Cache-Control, Content-Type,
        Content-Disposition, Content-Encoding, Expires,
        success_action_redirect, redirect, success_action_status,
        and/or x-amz-meta-.

        Note that if you include a condition, you must specify
        the a valid value in the fields dictionary as well. A value will
        not be added automatically to the fields dictionary based on the
        conditions.

    :type ExpiresIn: int
    :param ExpiresIn: The number of seconds the presigned post
        is valid for.

    :rtype: dict
    :returns: A dictionary with two elements: ``url`` and ``fields``.
        Url is the url to post to. Fields is a dictionary filled with
        the form fields and respective values to use when submitting the
        post. For example:

        {'url': 'https://mybucket.s3.amazonaws.com
         'fields': {'acl': 'public-read',
                    'key': 'mykey',
                    'signature': 'mysignature',
                    'policy': 'mybase64 encoded policy'}
        }
    NZCreateBucket�BucketT)rsrt)rir%�bucketz${filename}zstarts-withz$key�key)r8rmrlr.)�copyrjrfrvrerxryrzrriruror2rgrp)rr~ZKeyZFieldsZ
Conditionsr{rr�rmrlr.Zpost_presignerr|ryr8rrrrp_s8@

 rpcCsR|jjdkrdS|jjj}|rN|jdd�r.dS|jd�dkrN|jjjdkrNdSdS)NZawsFZuse_dualstack_endpointZus_east_1_regional_endpointZregionalz	us-east-1T)re�	partition�configZs3r+r)ZclientZ	s3_configrrrru�s
ru)N)NrrN)NNrr)rnrrUr^r)Z
botocore.authZbotocore.compatrrZbotocore.awsrequestrrZbotocore.exceptionsrrrZbotocore.utilsr	r
�objectrr?rcrarjrqr9r}rprurrrr�<module>
s0|~
3L
>
t