HEX

File: //home/arjun/projects/env/lib/python3.10/site-packages/botocore/__pycache__/auth.cpython-310.pyc
o

*we
��	@s&ddlZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZddlm
Z
mZddlmZddlmZmZmZmZmZmZmZmZmZddlmZmZddlmZm Z m!Z!dd	lm"Z"e�#e$�Z%d
Z&dZ'dZ(d
Z)gd�Z*dZ+dZ,dd�Z-dd�Z.Gdd�d�Z/Gdd�de/�Z0Gdd�de/�Z1Gdd�de/�Z2Gdd�de/�Z3Gdd �d e3�Z4Gd!d"�d"e3�Z5Gd#d$�d$e5�Z6Gd%d&�d&e3�Z7Gd'd(�d(e/�Z8Gd)d*�d*e8�Z9Gd+d,�d,e8�Z:Gd-d.�d.e0�Z;e1e2e2e8e9e:e7e;d/�Z<e�rdd0l=m>Z>e<�?e>�dSe<�?e3e5e4e6d1��dS)2�N)�Mapping��
formatdate)�sha1�sha256)�
itemgetter)	�HAS_CRT�HTTPHeaders�encodebytes�ensure_unicode�parse_qs�quote�unquote�urlsplit�
urlunsplit)�NoAuthTokenError�NoCredentialsError)�is_valid_ipv6_endpoint_url�normalize_url_path�percent_encode_sequence)�
MD5_AVAILABLE�@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ)�expectz
user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCsZt|�}|j}t|�rd|�d�}ddd�}|jdur+|j|�|j�kr+d||jf}|S)N�[�]�Pi�)�http�httpsz%s:%d)r�hostnamer�port�get�scheme)�url�	url_parts�host�
default_ports�r&�F/home/arjun/projects/env/lib/python3.10/site-packages/botocore/auth.py�_host_from_urlFs�
r(cCs<|j}t|t�rt�|�d��}|St|t�rt�|�}|S�N�utf-8)�data�
isinstance�bytes�json�loads�decode�str)�requestr+r&r&r'�_get_body_as_dictYs

�
r3c@seZdZdZdZdd�ZdS)�
BaseSignerFcCstd��)N�add_auth)�NotImplementedError��selfr2r&r&r'r5jszBaseSigner.add_authN)�__name__�
__module__�__qualname__�REQUIRES_REGION�REQUIRES_TOKENr5r&r&r&r'r4fsr4c@seZdZdZ	dd�ZdS)�TokenSignerTcC�
||_dS�N)�
auth_token)r8rAr&r&r'�__init__t�
zTokenSigner.__init__N)r9r:r;r=rBr&r&r&r'r>nsr>c@s(eZdZdZdd�Zdd�Zdd�ZdS)	�	SigV2Authz+
    Sign a request with Signature V2.
    cCr?r@��credentials�r8rFr&r&r'rB}rCzSigV2Auth.__init__cCs
t�d�t|j�}|j}t|�dkrd}|j�d|j�d|�d�}tj	|j
j�d�t
d�}g}t|�D])}|dkr;q4t||�}	t|�d�dd	�}
t|	�d�d
d	�}|�|
�d|���q4d�|�}||7}t�d
|�|�|�d��t�|������d�}
||
fS)Nz$Calculating signature using v2 auth.r�/�
r*��	digestmod�	Signature���safez-_~�=�&zString to sign: %s)�logger�debugrr"�path�len�method�netloc�hmac�newrF�
secret_key�encoder�sortedr1r
�append�join�update�base64�	b64encode�digest�stripr0)r8r2�params�splitrT�string_to_sign�lhmac�pairs�key�value�
quoted_key�quoted_value�qs�b64r&r&r'�calc_signature�s.

�
zSigV2Auth.calc_signaturecCs�|jdurt��|jr|j}n|j}|jj|d<d|d<d|d<t�tt���|d<|jj	r4|jj	|d<|�
||�\}}||d<|S)	N�AWSAccessKeyId�2�SignatureVersion�
HmacSHA256�SignatureMethod�	Timestamp�
SecurityTokenrL)rFrr+rd�
access_key�time�strftime�ISO8601�gmtime�tokenro)r8r2rdrm�	signaturer&r&r'r5�s
zSigV2Auth.add_authN)r9r:r;�__doc__rBror5r&r&r&r'rDxs
rDc@seZdZdd�Zdd�ZdS)�	SigV3AuthcCr?r@rErGr&r&r'rB�rCzSigV3Auth.__init__cCs�|jdurt��d|jvr|jd=tdd�|jd<|jjr-d|jvr&|jd=|jj|jd<tj|jj�d�t	d�}|�
|jd�d��t|����
�}d|jj�d|�d���}d	|jvrb|jd	=||jd	<dS)
N�DateT��usegmt�X-Amz-Security-Tokenr*rJzAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rFr�headersrr|rXrYrZr[rr_r
rbrcrwr0)r8r2�new_hmac�encoded_signaturer}r&r&r'r5�s*


���
zSigV3Auth.add_authN)r9r:r;rBr5r&r&r&r'r�src@s�eZdZdZdZdd�Zd1dd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)2�	SigV4Authz+
    Sign a request with Signature V4.
    TcCs||_||_||_dSr@)rF�_region_name�
_service_name�r8rF�service_name�region_namer&r&r'rB�s
zSigV4Auth.__init__FcCs<|rt�||�d�t���}|St�||�d�t���}|Sr))rXrYr[r�	hexdigestrb)r8ri�msg�hex�sigr&r&r'�_sign�s
�zSigV4Auth._signcCsLt�}|j��D]\}}|��}|tvr|||<qd|vr$t|j�|d<|S)zk
        Select the headers from the request that need to be included
        in the StringToSign.
        r$)r	r��items�lower�SIGNED_HEADERS_BLACKLISTr(r")r8r2�
header_map�namerj�lnamer&r&r'�headers_to_sign�s�zSigV4Auth.headers_to_signcCs"|jr	|�|j�S|�t|j��Sr@)rd�_canonical_query_string_params�_canonical_query_string_urlrr"r7r&r&r'�canonical_query_string�sz SigV4Auth.canonical_query_stringcCs~g}t|t�r|��}|D]\}}|�t|dd�tt|�dd�f�q
g}t|�D]\}}|�|�d|���q)d�|�}|S)Nz-_.~rNrPrQ)r,rr�r]r
r1r\r^)r8rd�
key_val_pairsrirj�sorted_key_valsr�r&r&r'r�s
�
z(SigV4Auth._canonical_query_string_paramsc	Csvd}|jr9g}|j�d�D]}|�d�\}}}|�||f�q
g}t|�D]\}}|�|�d|���q%d�|�}|S)NrMrQrP)�queryre�	partitionr]r\r^)	r8�partsr�r��pairri�_rjr�r&r&r'r�s
z%SigV4Auth._canonical_query_string_urlcsZg}tt|��}|D]}d��fdd�|�|�D��}|�|�dt|����q
d�|�S)a

        Return the headers that need to be included in the StringToSign
        in their canonical form by converting all header keys to lower
        case, sorting them in alphabetical order and then joining
        them into a string, separated by newlines.
        �,c3s�|]}��|�VqdSr@)�
_header_value��.0�v�r8r&r'�	<genexpr>,s�

�z.SigV4Auth.canonical_headers.<locals>.<genexpr>�:rI)r\�setr^�get_allr]r)r8r�r��sorted_header_namesrirjr&r�r'�canonical_headers"s�
zSigV4Auth.canonical_headerscCsd�|���S)N� )r^re)r8rjr&r&r'r�2szSigV4Auth._header_valuecCs tdd�t|�D��}d�|�S)Ncss�|]	}|����VqdSr@)r�rc)r��nr&r&r'r�;s�z+SigV4Auth.signed_headers.<locals>.<genexpr>�;)r\r�r^)r8r�r�r&r&r'�signed_headers:s
zSigV4Auth.signed_headerscCs0|j�di�}|�d�}t|t�o|�d�dkS)N�checksum�request_algorithm�in�trailer)�contextr r,�dict)r8r2�checksum_context�	algorithmr&r&r'�_is_streaming_checksum_payload>s
z(SigV4Auth._is_streaming_checksum_payloadcCs�|�|�rtS|�|�stS|j}|r>t|d�r>|��}t�|j	t
�}t�}t|d�D]}|�
|�q+|��}|�|�|S|rFt|���StS)N�seek�)r��"STREAMING_UNSIGNED_PAYLOAD_TRAILER�_should_sha256_sign_payload�UNSIGNED_PAYLOAD�body�hasattr�tell�	functools�partial�read�PAYLOAD_BUFFERr�iterr_r�r��EMPTY_SHA256_HASH)r8r2�request_body�position�read_chunksizer��chunk�hex_checksumr&r&r'�payloadCs&

�
zSigV4Auth.payloadcCs|j�d�sdS|j�dd�S)NrT�payload_signing_enabled)r"�
startswithr�r r7r&r&r'r�]sz%SigV4Auth._should_sha256_sign_payloadcCs�|j��g}|�t|j�j�}|�|�|�|�|��|�|�}|�|�	|�d�|�|�
|��d|jvr>|jd}n|�|�}|�|�d�
|�S)NrI�X-Amz-Content-SHA256)rV�upper�_normalize_url_pathrr"rTr]r�r�r�r�r�r�r^)r8r2�crrTr��
body_checksumr&r&r'�canonical_requestgs





zSigV4Auth.canonical_requestcCstt|�dd�}|S)Nz/~rN)r
r)r8rT�normalized_pathr&r&r'r�vszSigV4Auth._normalize_url_pathcCsN|jjg}|�|jddd��|�|j�|�|j�|�d�d�|�S�N�	timestampr��aws4_requestrH)rFrwr]r�r�r�r^�r8r2�scoper&r&r'r�zs


zSigV4Auth.scopecCsHg}|�|jddd��|�|j�|�|j�|�d�d�|�Sr�)r]r�r�r�r^r�r&r&r'�credential_scope�s

zSigV4Auth.credential_scopecCsHdg}|�|jd�|�|�|��|�t|�d�����d�|�S)z�
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        �AWS4-HMAC-SHA256r�r*rI)r]r�r�rr[r�r^)r8r2r��stsr&r&r'rf�s

zSigV4Auth.string_to_signcCsd|jj}|�d|����|jddd��}|�||j�}|�||j�}|�|d�}|j||dd�S)N�AWS4r�rr�r�T)r�)rFrZr�r[r�r�r�)r8rfr2ri�k_date�k_region�	k_service�	k_signingr&r&r'r}�s�zSigV4Auth.signaturecCs�|jdurt��tj��}|�t�|jd<|�|�|�|�}t	�
d�t	�
d|�|�||�}t	�
d|�|�||�}t	�
d|�|�
||�dS)Nr�z$Calculating signature using v4 auth.zCanonicalRequest:
%s�StringToSign:
%sz
Signature:
%s)rFr�datetime�utcnowry�SIGV4_TIMESTAMPr��_modify_request_before_signingr�rRrSrfr}�_inject_signature_to_request)r8r2�datetime_nowr�rfr}r&r&r'r5�s




zSigV4Auth.add_authcCsRd|�|�g}|�|�}|�d|�|����|�d|�d�|�|jd<|S)NzAWS4-HMAC-SHA256 Credential=%szSignedHeaders=zSignature=%sz, �
Authorization)r�r�r]r�r^r�)r8r2r}�auth_strr�r&r&r'r��s
�z&SigV4Auth._inject_signature_to_requestcCsvd|jvr	|jd=|�|�|jjr"d|jvr|jd=|jj|jd<|j�dd�s9d|jvr2|jd=t|jd<dSdS)Nr�r�r�Tr�)r��_set_necessary_date_headersrFr|r�r r�r7r&r&r'r��s



�z(SigV4Auth._modify_request_before_signingcCs�d|jvr.|jd=tj�|jdt�}ttt�|�	����|jd<d|jvr,|jd=dSdSd|jvr7|jd=|jd|jd<dS)Nr�r��
X-Amz-Date)
r�r��strptimer�r�r�int�calendar�timegm�	timetuple)r8r2�datetime_timestampr&r&r'r��s

�
�
�
z%SigV4Auth._set_necessary_date_headersN)F)r9r:r;r~r<rBr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rfr}r5r�r�r�r&r&r&r'r��s2




r�cs0eZdZ�fdd�Z�fdd�Zdd�Z�ZS)�S3SigV4Authcs2t��|�d|jvr|jd=|�|�|jd<dS)Nr�)�superr�r�r�r7��	__class__r&r'r��s
z*S3SigV4Auth._modify_request_before_signingcs�|j�d�}t|dd�}|duri}|�dd�}|dur|Sd}|j�di�}|�d�}t|t�r<|�d�dkr<|d	}|j�d
�rG||jvrIdS|j�dd
�rRd
St��	|�S)N�
client_config�s3r�zContent-MD5r�r�r��headerr�rT�has_streaming_inputF)
r�r �getattrr,r�r"r�r�r�r�)r8r2r��	s3_config�sign_payload�checksum_headerr�r�r�r&r'r��s&

�
z'S3SigV4Auth._should_sha256_sign_payloadcC�|Sr@r&�r8rTr&r&r'r��zS3SigV4Auth._normalize_url_path)r9r:r;r�r�r��
__classcell__r&r&r�r'r��s)r�cs4eZdZdZef�fdd�	Zdd�Zdd�Z�ZS)�SigV4QueryAuth�cst��|||�||_dSr@)r�rB�_expires)r8rFr�r��expiresr�r&r'rBs
zSigV4QueryAuth.__init__c
Cs|j�d�}d}||kr|jd=|�|�|��}d|�|�|jd|j|d�}|jjdur3|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jrT|�|j�i|_d}	|jrc|�t|��d|_|rkt|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)N�content-typez0application/x-www-form-urlencoded; charset=utf-8r�r�)zX-Amz-AlgorithmzX-Amz-Credentialr�z
X-Amz-ExpireszX-Amz-SignedHeadersr�T)�keep_blank_valuescSsi|]	\}}||d�qS�rr&)r��kr�r&r&r'�
<dictcomp><szASigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>rMrQr���)r�r r�r�r�r�r
rFr|rr"rr�r�rdr_r+r3rr)
r8r2�content_type�blacklisted_content_typer��auth_paramsr#�query_string_parts�
query_dict�operation_params�new_query_string�p�
new_url_partsr&r&r'r�s>��
�z-SigV4QueryAuth._modify_request_before_signingcCs|jd|7_dS)Nz&X-Amz-Signature=%s)r")r8r2r}r&r&r'r�^sz+SigV4QueryAuth._inject_signature_to_request)r9r:r;�DEFAULT_EXPIRESrBr�r�rr&r&r�r'rs�Arc@s eZdZdZdd�Zdd�ZdS)�S3SigV4QueryAuthaS3 SigV4 auth using query parameters.

    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.

    Based off of:

    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

    cCrr@r&rr&r&r'r�qrz$S3SigV4QueryAuth._normalize_url_pathcCstSr@)r�r7r&r&r'r�uszS3SigV4QueryAuth.payloadN)r9r:r;r~r�r�r&r&r&r'resrc@�eZdZdZdd�ZdS)�S3SigV4PostAuthz�
    Presigns a s3 post

    Implementation doc here:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
    cCsNtj��}|�t�|jd<i}|j�dd�dur|jd}i}g}|j�dd�dur;|jd}|�dd�dur;|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dur�|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr��s3-presign-post-fields�s3-presign-post-policy�
conditionsr�zx-amz-algorithmzx-amz-credentialz
x-amz-date�x-amz-security-tokenr*�policyzx-amz-signature)r�r�ryr�r�r r�r]rFr|r`rar.�dumpsr[r0r})r8r2r��fieldsr%r#r&r&r'r5�s:


��
zS3SigV4PostAuth.add_authN�r9r:r;r~r5r&r&r&r'r }�r c@sxeZdZgd�Zddd�Zdd�Zdd�Zd	d
�Zdd�Zdd
d�Z		ddd�Z
	ddd�Zdd�Zdd�Z
dd�ZdS)�
HmacV1Auth)$�
accelerate�acl�cors�defaultObjectAcl�location�logging�
partNumberr%�requestPayment�torrent�
versioning�	versionId�versions�website�uploads�uploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encoding�delete�	lifecycle�tagging�restore�storageClass�notification�replicationr2�	analytics�metrics�	inventory�selectzselect-typezobject-lockNcCr?r@rEr�r&r&r'rB�rCzHmacV1Auth.__init__cCs>tj|jj�d�td�}|�|�d��t|����	��
d�S)Nr*rJ)rXrYrFrZr[rr_r
rbrcr0)r8rfr�r&r&r'�sign_string�s
�zHmacV1Auth.sign_stringcCs�gd�}g}d|vr
|d=|��|d<|D])}d}|D]}|��}||dur6||kr6|�||���d}q|s>|�d�qd�|�S)N)�content-md5r�dater�FTrMrI)�	_get_dater�r]rcr^)r8r��interesting_headers�hoi�ih�foundri�lkr&r&r'�canonical_standard_headers�s"�
�
z%HmacV1Auth.canonical_standard_headerscCs�g}i}|D] }|��}||dur&|�d�r&d�dd�|�|�D��||<qt|���}|D]}|�|�d||���q/d�|�S)N�x-amz-r�css�|]}|��VqdSr@)rcr�r&r&r'r��s�
�z6HmacV1Auth.canonical_custom_headers.<locals>.<genexpr>r�rI)r�r�r^r�r\�keysr])r8r�rJ�custom_headersrirM�sorted_header_keysr&r&r'�canonical_custom_headers�s

��
z#HmacV1Auth.canonical_custom_headerscCs$t|�dkr|S|dt|d�fS)z(
        TODO: Do we need this?
        rr)rUr)r8�nvr&r&r'�	unquote_vszHmacV1Auth.unquote_vcs�|dur|}n|j}|jrC|j�d�}dd�|D�}�fdd�|D�}t|�dkrC|jtd�d�dd�|D�}|d7}|d�|�7}|S)	NrQcSsg|]}|�dd��qS)rPr)re�r��ar&r&r'�
<listcomp>sz1HmacV1Auth.canonical_resource.<locals>.<listcomp>cs$g|]}|d�jvr��|��qSr)�
QSAOfInterestrUrVr�r&r'rXsr)ricSsg|]}d�|��qS)rP)r^rVr&r&r'rXs�?)rTr�rerU�sortrr^)r8re�	auth_path�buf�qsar&r�r'�canonical_resource	s	
�zHmacV1Auth.canonical_resourcecCsN|��d}||�|�d7}|�|�}|r||d7}||j||d�7}|S)NrI�r\)r�rNrSr_)r8rVrer�rr\�csrQr&r&r'�canonical_string#s
zHmacV1Auth.canonical_stringcCsB|jjr
|d=|jj|d<|j||||d�}t�d|�|�|�S)Nr$r`r�)rFr|rbrRrSrE)r8rVrer�rr\rfr&r&r'�
get_signature.s�
zHmacV1Auth.get_signaturecCsX|jdurt�t�d�t|j�}t�d|j�|j|j||j|j	d�}|�
||�dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %sr`)rFrrRrSrr"rVrcr�r\�_inject_signature)r8r2rer}r&r&r'r5:s


�zHmacV1Auth.add_authcCs
tdd�S)NTr�rr�r&r&r'rHErCzHmacV1Auth._get_datecCs4d|jvr	|jd=d|jj�d|��}||jd<dS)Nr�zAWS r�)r�rFrw)r8r2r}�auth_headerr&r&r'rdHs
zHmacV1Auth._inject_signature)NNr@)r9r:r;rYrBrErNrSrUr_rbrcr5rHrdr&r&r&r'r*�s
'
	
�
�r*c@s0eZdZdZdZefdd�Zdd�Zdd�Zd	S)
�HmacV1QueryAuthz�
    Generates a presigned request for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    #RESTAuthenticationQueryStringAuth

    r	cCs||_||_dSr@)rFr
)r8rFrr&r&r'rBcs
zHmacV1QueryAuth.__init__cCsttt��t|j���Sr@)r1r�rxr
r�r&r&r'rHgszHmacV1QueryAuth._get_datec	Cs�i}|jj|d<||d<|jD]"}|��}|dkr!|jd|d<q|�d�s*|dvr1|j|||<qt|�}t|j�}|drH|d�d|��}|d	|d
|d||df}t|�|_dS)
NrprLr��ExpiresrO)rFr�rQrrrr)	rFrwr�r�r�rrr"r)	r8r2r}r�
header_keyrMrrrr&r&r'rdjs 
�
z!HmacV1QueryAuth._inject_signatureN)r9r:r;r~rrBrHrdr&r&r&r'rfVs
rfc@r)�HmacV1PostAuthz�
    Generates a presigned post for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html
    cCs�i}|j�dd�dur|jd}i}g}|j�dd�dur.|jd}|�dd�dur.|d}||d<|jj|d<|jjdurM|jj|d<|�d|jji�t�t�	|��
d���d�|d<|�|d�|d<||jd<||jd<dS)	Nr!r"r#rpr$r*r%r})
r�r rFrwr|r]r`rar.r&r[r0rE)r8r2r'r%r#r&r&r'r5�s,

��
zHmacV1PostAuth.add_authNr(r&r&r&r'rj�srjc@r)�
BearerAuthz�
    Performs bearer token authorization by placing the bearer token in the
    Authorization header as specified by Section 2.1 of RFC 6750.

    https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
    cCs>|jdurt��d|jj��}d|jvr|jd=||jd<dS)NzBearer r�)rArr|r�)r8r2rer&r&r'r5�s

zBearerAuth.add_authNr(r&r&r&r'rk�r)rk)�v2�v3�v3httpsr�zs3-queryzs3-presign-postzs3v4-presign-post�bearer)�CRT_AUTH_TYPE_MAPS)�v4zv4-query�s3v4z
s3v4-query)@r`r�r�r�rXr.r0rx�collections.abcr�email.utilsr�hashlibrr�operatorr�botocore.compatrr	r
rrr
rrr�botocore.exceptionsrr�botocore.utilsrrrr�	getLoggerr9rRr�r�rzr�r�r�r�r(r3r4r>rDrr�r�rrr r*rfrjrk�AUTH_TYPE_MAPS�botocore.crt.authrpr_r&r&r&r'�<module>s|
,
�

=6Q0*5(���