io ddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZmZmZmZmZmZmZddlmZmZm Z m!Z!ddl"m#Z#m$Z$m%Z%ej&e'Z(d Z)d Z*d Z+d Z,gd Z-dZ.dZ/dZ0dZ1GddZ2Gdde2Z3Gdde2Z4Gdde2Z5Gdde2Z6Gdde6Z7Gdde7Z8Gd d!e8Z9Gd"d#e8Z:Gd$d%e6Z;Gd&d'e;Z<Gd(d)e6Z=Gd*d+e2Z>Gd,d-e>Z?Gd.d/e>Z@Gd0d1e3ZAd2ZBd3ZCe4e5e5e>e?e@e=e8e:e9eAd4 ZDerdd5lEmFZFeDGeFneDGe6e;e7e]..y/?@@ @ @--Y^--D Kc|j}t|tr(tj|d}n)t|t rtj|}|SNutf-8)data isinstancebytesjsonloadsdecodestr)requestr6s r0_get_body_as_dictr>ds` >D#NFFelFFdFFF   ' . .w 7 76   &>> 9 9Ck!!s $$Eszz'22<<::: ^**733444u||~~..4466==gFFCyr2c\|jt|jr|j}n|j}|jj|d<d|d<d|d<t jtt j|d<|jj r|jj |d<| ||\}}||d<|S) NAWSAccessKeyId2SignatureVersion HmacSHA256SignatureMethod Timestamp SecurityTokenr^) rVrr6rv access_keytimestrftimeISO8601gmtimetokenr)rEr=rvr signatures r0rBzSigV2Auth.add_auths   #$&& & < $\FF^F#'#3#> %(!"$0 !"mGT[]]CC{   ! =&*&6& K66w~FF F33HW[4I4IJJ Jr2c |g}t|tr|}|D]G\}}|t |dt t |dfHg}t |D]\}}||d| d|}|S)Nz-_.~r`rbrc)r7rrrorr<rnrp)rErv key_val_pairsr{r|sorted_key_valsrs r0rz(SigV4Auth._canonical_query_string_params s fg & & $\\^^F   JC  s(((%E *H*H*HI    !// 5 5JC  " "c#3#3E#3#3 4 4 4 4!$/!:!:%%r2cBd}|jrg}|jdD]2}|d\}}}|||f3g}t |D]\}}||d| d|}|S)Nr_rcrb)queryrw partitionrornrp) rEpartsrrpairr{_r|rs r0rz%SigV4Auth._canonical_query_string_urls!# ; ?M ))#.. 3 3 $s 3 3 Q$$c5\2222 O%]33 9 9 U&&#'7'7'7'78888%(XXo%>%> "%%r2c*g}tt|}|D]]}dfd||D}||dt |^d|S)a  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. ,c3BK|]}|VdSrO) _header_value).0vrEs r0 z.SigV4Auth.canonical_headers..7sB*+""1%%r2r'r[)rnsetrpget_allror )rErrsorted_header_namesr{r|s` r0canonical_headerszSigV4Auth.canonical_headers-s$S%9%9::& = =CHH/>/F/Fs/K/KE NNc;;N5$9$9;; < < < <yy!!!r2cPd|S)N )rprw)rEr|s r0rzSigV4Auth._header_value=s xx &&&r2cxtdt|D}d|S)Nc3bK|]*}|V+dSrO)rru)rns r0rz+SigV4Auth.signed_headers..Fs4IIq**IIIIIIr2;)rnrrp)rErrs r0signed_headerszSigV4Auth.signed_headersEs8IIC4H4HIIIIIxx   r2c|jdi}|d}t|to|ddkS)Nchecksumrequest_algorithminr)contextr*r7dict)rEr=checksum_context algorithms r0_is_streaming_checksum_payloadz(SigV4Auth._is_streaming_checksum_payloadIsT"?..z2>>$(()<== )T**Oy}}T/B/Bi/OOr2c ||rtS||stS|j}|rt |dr|}tj|j t}t}t|dD]}| ||}|||S|r!t|St S)Nseekr2)r"STREAMING_UNSIGNED_PAYLOAD_TRAILER_should_sha256_sign_payloadUNSIGNED_PAYLOADbodyhasattrtell functoolspartialreadPAYLOAD_BUFFERriterrqrrEMPTY_SHA256_HASH)rEr= request_bodypositionread_chunksizerchunk hex_checksums r0payloadzSigV4Auth.payloadNs  . .w 7 7 $5 511':: $$ #|  %GL&99 %#((**H&.!>NxxHnc22 ' '&&&&#--//L   h ' ' '   %,''1133 3$ $r2cp|jdsdS|jddS)Nr&Tpayload_signing_enabled)r, startswithrr*rDs r0rz%SigV4Auth._should_sha256_sign_payloadhs:{%%g.. 4 ""#>>r2c>|jtt}|t|jd<||||}t dt d|| ||}t d|| ||}t d|| ||dS)Nrz$Calculating signature using v4 auth.zCanonicalRequest: %sStringToSign: %sz Signature: %s) rVrrrSIGV4_TIMESTAMPr_modify_request_before_signingrrdrerxr_inject_signature_to_request)rEr= datetime_nowrrxrs r0rBzSigV4Auth.add_auths   #$&& &+-- '3'<'<_'M'M $ ++G444 227;; ;<<< ,.?@@@,,W6GHH (.999NN>7;;  %y111 ))'9=====r2c"d||g}||}|d|||d|d||jd<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z Signature=, Authorization)rrrorrpr)rEr=rauth_strrs r0rz&SigV4Auth._inject_signature_to_requestsH4::g3F3FHHI..w77 CT00AA C C    0Y00111+/99X+>+>(r2c.d|jvr|jd=|||jjr%d|jvr|jd=|jj|jd<|jdds"d|jvr|jd=t |jd<dSdS)NrrrTr)r_set_necessary_date_headersrVrrr*rrDs r0rz(SigV4Auth._modify_request_before_signings go - -0 ((111   ! M%88O$:;6:6F6LGO2 3""#>>$ G G GIIIIIr2rc.eZdZfdZfdZdZxZS) S3SigV4Authct|d|jvr|jd=|||jd<dS)Nr)superrrrrEr= __class__s r0rz*S3SigV4Auth._modify_request_before_signingsR ..w777 !W_ 4 4 6726,,w2G2G.///r2c,|jd}t|dd}|i}|dd}||Sd}|jdi}|d}t|tr!|ddkr|d }|jd r ||jvrd S|jd d rd St |S)N client_configs3rz Content-MD5rrrheaderrr&Thas_streaming_inputF) rr*getattrr7rr,rrr%r) rEr=r) s3_config sign_payloadchecksum_headerrrr's r0rz'S3SigV4Auth._should_sha256_sign_payloads% ++O<< M466   I!}}%>EE  #  ("?..z2>>$(()<== i & & 09==+>+>(+J+J'/O &&w// go554 ?  4e < < 5ww227;;;r2c|SrOrKrErfs r0rzS3SigV4Auth._normalize_url_path r2)rFrGrHrrr __classcell__r's@r0r#r#sfHHHHH'<'<'<'<' > J_%=>F ?  7 > > J_%=>Fzz,--9#L1 )|$6 !%)ZZ%8%8!"&{;|,.@ABBB-tzz'/B/BCDDD<)EFGGG   ! -.2.>.DF* +   ($*:*@A    "+ Jv   % %g . .  &// x%)NN6(3CW$M$M !4:014:0111r2N)rFrGrHr=rBrKr2r0r?r?4s)"';';';';';r2r?cDeZdZdZdZedfd ZdZdZdZdZ xZ S) S3ExpressQueryAuthi,T)expiresc`t||||||_dS)N)r:r%rQ_expires)rErVrrr:rPr's r0rQzS3ExpressQueryAuth.__init__es?    )      r2c2|jd}d}||kr|jd=|||}d|||jd|j|d}|jj|jj|d<t|j }t|j d}d | D}|jr!||ji|_d } |jr)|t#|d |_|rt%|d z} | t%|} |} | d | d | d| | df} t'| |_ dS)N content-type0application/x-www-form-urlencoded; charset=utf-8rrzX-Amz-AlgorithmzX-Amz-Credentialrz X-Amz-ExpireszX-Amz-SignedHeadersrGTkeep_blank_valuesc&i|]\}}||dSrrKrkrs r0 zES3ExpressQueryAuth._modify_request_before_signing.."EEE$!Qa1EEEr2r_rcrrr*rrrrrSrVrrr,rrrrvrqr6r>rr) rEr= content_typeblocklisted_content_typer auth_paramsr-query_string_parts query_dictoperation_paramsnew_query_stringp new_url_partss r0rz1S3ExpressQueryAuth._modify_request_before_signingvs**>:: > ! 3 3 3/ ,,T-A-A'-J-JKK 2 $ 7 3 3!/+6!]#1      ! -373C3IK/ 0W[)) &ioNNNEE*<*B*B*D*DEEE >   gn - - -GN <    /88 9 9 9GL  I6zBBSH  G!8!E!E G G  1qtQqT+;QqTB  // r2c,|xjd|z c_dSNz&X-Amz-Signature=r,rEr=rs r0rz/S3ExpressQueryAuth._inject_signature_to_request!  69666 r2c|SrOrKr2s r0rz&S3ExpressQueryAuth._normalize_url_pathr3r2ctSrOrrDs r0rzS3ExpressQueryAuth.payload  r2) rFrGrHDEFAULT_EXPIRESr=rQrrrrr4r5s@r0rOrOasO"        "?0?0?0B777        r2rOc2eZdZdZeffd ZdZdZxZS)SigV4QueryAuthc\t|||||_dSrOrR)rErVrrrPr's r0rQzSigV4QueryAuth.__init__s, lK@@@ r2c2|jd}d}||kr|jd=|||}d|||jd|j|d}|jj|jj|d<t|j }t|j d}d | D}|jr!||ji|_d } |jr)|t#|d |_|rt%|d z} | t%|} |} | d | d | d| | df} t'| |_ dS)NrUrVrrrWrTrXc&i|]\}}||dSr[rKr\s r0r^zASigV4QueryAuth._modify_request_before_signing..r_r2r_rcrr`rarbrc) rEr=rdblacklisted_content_typerrfr-rgrhrirjrkrls r0rz-SigV4QueryAuth._modify_request_before_signings**>:: > ! 3 3 3/ ,,T-A-A'-J-JKK 2 $ 7 3 3!/+6!]#1      ! -262B2HK. /W[)) &ioNNNEE*<*B*B*D*DEEE >   gn - - -GN <    /88 9 9 9GL  I6zBBSH  G!8!E!E G G  1qtQqT+;QqTB  // r2c,|xjd|z c_dSrnrorps r0rz+SigV4QueryAuth._inject_signature_to_requestrqr2)rFrGrHrvrQrrr4r5s@r0rxrxsgO?N      ?0?0?0B7777777r2rxceZdZdZdZdZdS)S3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html c|SrOrKr2s r0rz$S3SigV4QueryAuth._normalize_url_path&r3r2ctSrOrtrDs r0rzS3SigV4QueryAuth.payload*rur2N)rFrGrHrrrrKr2r0rrs<       r2rceZdZdZdZdS)S3SigV4PostAuthz Presigns a s3 post Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html ct}|t|jd<i}|jdd |jd}i}g}|jdd+|jd}|dd|d}||d<d|d<|||d<|jd|d<|ddi|d||i|d|jdi|jj0|jj|d <|d |jjitj tj | d d |d <||d ||d <||jd<||jd<dS) NrrArBrCrrDrErFx-amz-security-tokenr5rHrIrJrLs r0rBzS3SigV4PostAuth.add_auth:s+-- '3'<'<_'M'M $ ?  7 > > J_%=>F ?  7 > > J_%=>Fzz,--9#L1 )|$6 !%)ZZ%8%8!"&{;|,.@ABBB-tzz'/B/BCDDD<)EFGGG   ! --1-=-CF) *   5t7G7MN O O O"+ Jv   % %g . .  &// x%)NN6(3CW$M$M !4:014:0111r2NrFrGrHrrBrKr2r0rr2s-%;%;%;%;%;r2rcdeZdZgdZddZdZdZdZdZddZ dd Z dd Z d Z d Z d ZdS) HmacV1Auth)$ accelerateaclcorsdefaultObjectAcllocationlogging partNumberrHrequestPaymenttorrent versioning versionIdversionswebsiteuploadsuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encodingdelete lifecycletaggingrestore storageClass notification replicationr analyticsmetrics inventoryselectz select-typez object-lockNc||_dSrOrUrs r0rQzHmacV1Auth.__init__rXr2cNtj|jjdt }||dt| dS)Nr5r\) rjrkrVrlrmrrqr rtrur;)rErxrs r0 sign_stringzHmacV1Auth.sign_strings8   ' . .w 7 74    --g667778??,,--3355<K|]}|VdSrO)ru)rrs r0rz6HmacV1Auth.canonical_custom_headers..s;22&' 222222r2r'r[)rrrprrnkeysro)rErrcustom_headersr{rsorted_header_keyss r0canonical_custom_headersz#HmacV1Auth.canonical_custom_headerss  CBs|'==**),22+2??3+?+?222**N2&$N$7$7$9$9::% 7 7C JJ#55s 355 6 6 6 6yy~~r2cft|dkr|S|dt|dfS)z( TODO: Do we need this? r`r)rgr)rEnvs r0 unquote_vzHmacV1Auth.unquote_vs1 r77a<<IqE72a5>>* *r2cT||}n|j}|jr|jd}d|D}fd|D}t|dkrL|t dd|D}|dz }|d|z }|S)Nrcc:g|]}|ddS)rbr`rwras r0 z1HmacV1Auth.canonical_resource..s$000q1773??000r2cXg|]&}|djv|'Sr[) QSAOfInterestr)rrrEs r0rz1HmacV1Auth.canonical_resource..s=&'!A$$:L2L2Lq!!2L2L2Lr2r)r{c8g|]}d|S)rb)rprs r0rz1HmacV1Auth.canonical_resource..s"000qsxx{{000r2?)rfrrwrgsortrrp)rErw auth_pathbufqsas` r0canonical_resourcezHmacV1Auth.canonical_resources  CC*C ; %+##C((C00C000C+.C3xx!||Z]]+++00C000s sxx}}$ r2c|dz}|||dzz }||}|r||dzz }||||z }|S)Nr[r)rrrr)rErhrwrrPrcsrs r0canonical_stringzHmacV1Auth.canonical_strings\\^^d " d--g66==66w??  ( .4' 'B d%%ey%AAA r2c|jjr|d=|jj|d<|||||}td|||S)Nrrr)rVrrrdrer)rErhrwrrPrrxs r0 get_signaturezHmacV1Auth.get_signatures{   ! E./.2.>.DG* +.. E7i/    (.999///r2c:|jttdt |j}td|j||j||j|j }| ||dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %sr) rVrrdrerr,rhrrr_inject_signature)rEr=rwrs r0rBzHmacV1Auth.add_auths   #$ $ ?@@@%% .???&& NE7?g>O'   w 22222r2c"tdS)NTrrrEs r0rzHmacV1Auth._get_dates&&&&r2c`d|jvr|jd=d|jjd|}||jd<dS)NrzAWS r')rrVr)rEr=r auth_headers r0rzHmacV1Auth._inject_signaturesH go - -0FT-8FF9FF +6(((r2)NNrO)rFrGrHrrQrrrrrrrrBrrrKr2r0rrbs%%%MN''''FFF"   +++6?C    ?C 0 0 0 0 3 3 3''' 7 7 7 7 7r2rc,eZdZdZdZefdZdZdZdS)HmacV1QueryAuthz Generates a presigned request for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html #RESTAuthenticationQueryStringAuth ryc"||_||_dSrO)rVrS)rErVrPs r0rQzHmacV1QueryAuth.__init__s& r2ctttjt|jzSrO)r<rrrSrs r0rzHmacV1QueryAuth._get_dates-3ty{{S%7%7788999r2ci}|jj|d<||d<|jD]V}|}|dkr|jd|d<-|ds|dvr|j|||<Wt |}t |j}|dr |dd|}|d |d |d ||d f}t||_dS) Nrr^rExpiresr)rrUrcrr`rarb) rVrrrrrrr,r) rEr=rrh header_keyrrjrkrls r0rz!HmacV1QueryAuth._inject_signatures '+'7'B #$"+ ;!/ 5 5J!!##BV##(/(? 9%%x(( 5B3--")!4 23:>> W[ ! ! Q4 <#$A$;;)9;; 1qtQqT+;QqTB  // r2N)rFrGrHrrvrQrrrKr2r0rr sZO,;    :::00000r2rceZdZdZdZdS)HmacV1PostAuthz Generates a presigned post for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html ci}|jdd |jd}i}g}|jdd+|jd}|dd|d}||d<|jj|d<|jj0|jj|d<|d|jjit jtj | d d|d<| |d|d<||jd<||jd<dS) NrArBrCrrr5rHr) rr*rVrrrorrrsr9rKrmr;r)rEr=rMrHrCs r0rBzHmacV1PostAuth.add_authIsT ?  7 > > J_%=>F ?  7 > > J_%=>Fzz,--9#L1 )|#'#3#>   ! --1-=-CF) *   5t7G7MN O O O"+ Jv   % %g . .  &// x#..vh/?@@{4:014:0111r2NrrKr2r0rr@s-;;;;;r2rceZdZdZdZdS) BearerAuthz Performs bearer token authorization by placing the bearer token in the Authorization header as specified by Section 2.1 of RFC 6750. https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 c|jtd|jj}d|jvr|jd=||jd<dS)NzBearer r)rPrrr)rEr=rs r0rBzBearerAuth.add_authpsQ ? ""$$ $7 577 go - -0+6(((r2NrrKr2r0rrhs-77777r2rc|D]J}|dkrt|cS|tvrt|}|tvr|cS;t|t|)Nsmithy.api#noAuthsignature_version)AUTH_TYPE_TO_SIGNATURE_VERSIONAUTH_TYPE_MAPSrr) auth_trait auth_typers r0resolve_auth_typerzsLL + + +1)< < < < 8 8 8 >y I  N22((((3/KKK K *Z H H HHr2cd|Dd|D}|rtd||z}fdt|D}|D]>}|dkrt|cSt|}|t vr|cS?tdt)NcDg|]}|ddS#rrr+s r0rz2resolve_auth_scheme_preference..s)JJJ6c**2.JJJr2c$g|] }|tv |SrK)AUTH_PREF_TO_SIGNATURE_VERSIONrs r0rz2resolve_auth_scheme_preference..s.  7 7 7  7 7 7r2z/Unsupported auth schemes in preference list: %rcg|]}|v| SrKrK)rr+service_supporteds r0rz2resolve_auth_scheme_preference..s/  & & &  & & &r2noAuthrr) rdrerfromkeysrr*rrrprn)preference_list auth_options unsupportedcombinedprioritized_schemesr+ sig_versionrs @r0resolve_auth_scheme_preferencers)JJ\JJJ%K   ={   !22HmmH-- & X  1&9 9 9 9488@@ . ( (    ) +))F+<$=$=>>   r2) v2v3v3httpsr*zs3-queryzs3-presign-postzs3v4-presign-postz v4-s3expresszv4-s3express-queryzv4-s3express-presign-postbearer)CRT_AUTH_TYPE_MAPS)v4zv4-querys3v4z s3v4-queryrv4arnone)zaws.auth#sigv4zaws.auth#sigv4azsmithy.api#httpBearerAuthrcLi|]!\}}|dd|"Srr)r auth_schemers r0r^r^sA""" [c2 """r2)Krrrrrrjr9rrcollections.abcr email.utilsrhashlibrroperatorrbotocore.compatr r r r r rrrrrrbotocore.exceptionsrrrrbotocore.utilsrrr getLoggerrFrdrrrrrrrr1r>r@rMrSrrr#r7r?rOrxrrrrrrrrrbotocore.crt.authrrqrrrrKr2r0rs   ######""""""                              8 $ $G  "   &%I"&   ........%%%%%*%%%::::: :::z<<<<< <<<8JIJIJIJIJI JIJIJIZ33333)333l88888K888**;*;*;*;*; *;*;*;Ze e e e e e e e PN7N7N7N7N7YN7N7N7b     ~   0-;-;-;-;-;i-;-;-;`f7f7f7f7f7f7f7f7R2020202020j202020j%;%;%;%;%;Z%;%;%;P77777777$ I I IB   %(!,!2   444444,----&*   !) """"$B$H$H$J$J"""r2