HEX

File: //usr/local/CyberCP/lib64/python3.10/site-packages/botocore/__pycache__/auth.cpython-310.pyc
o

�h��@s\ddlZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZddlm
Z
mZddlmZddlmZmZmZmZmZmZmZmZmZddlmZmZddlmZm Z m!Z!dd	lm"Z"e�#e$�Z%d
Z&dZ'dZ(d
Z)gd�Z*dZ+dZ,dd�Z-dd�Z.Gdd�d�Z/Gdd�de/�Z0Gdd�de/�Z1Gdd�de/�Z2Gdd�de/�Z3Gdd �d e3�Z4Gd!d"�d"e4�Z5Gd#d$�d$e5�Z6Gd%d&�d&e5�Z7Gd'd(�d(e3�Z8Gd)d*�d*e8�Z9Gd+d,�d,e3�Z:Gd-d.�d.e/�Z;Gd/d0�d0e;�Z<Gd1d2�d2e;�Z=Gd3d4�d4e0�Z>e1e2e2e;e<e=e:e5e7e6e>d5�Z?e�r"dd6l@mAZAe?�BeA�dSe?�Be3e8e4e9d7��dS)8�N)�Mapping��
formatdate)�sha1�sha256)�
itemgetter)	�HAS_CRT�HTTPHeaders�encodebytes�ensure_unicode�parse_qs�quote�unquote�urlsplit�
urlunsplit)�NoAuthTokenError�NoCredentialsError)�is_valid_ipv6_endpoint_url�normalize_url_path�percent_encode_sequence)�
MD5_AVAILABLE�@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ)�expectz
user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCsZt|�}|j}t|�rd|�d�}ddd�}|jdur+|j|�|j�kr+d||jf}|S)N�[�]�Pi�)�http�httpsz%s:%d)r�hostnamer�port�get�scheme)�url�	url_parts�host�
default_ports�r&�@/usr/local/CyberCP/lib/python3.10/site-packages/botocore/auth.py�_host_from_urlFs�
r(cCs<|j}t|t�rt�|�d��}|St|t�rt�|�}|S�N�utf-8)�data�
isinstance�bytes�json�loads�decode�str)�requestr+r&r&r'�_get_body_as_dictYs

�
r3c@seZdZdZdZdd�ZdS)�
BaseSignerFcCstd��)N�add_auth)�NotImplementedError��selfr2r&r&r'r5jszBaseSigner.add_authN)�__name__�
__module__�__qualname__�REQUIRES_REGION�REQUIRES_TOKENr5r&r&r&r'r4fsr4c@seZdZdZ	dd�ZdS)�TokenSignerTcC�
||_dS�N)�
auth_token)r8rAr&r&r'�__init__t�
zTokenSigner.__init__N)r9r:r;r=rBr&r&r&r'r>nsr>c@s(eZdZdZdd�Zdd�Zdd�ZdS)	�	SigV2Authz+
    Sign a request with Signature V2.
    cCr?r@��credentials�r8rFr&r&r'rB}rCzSigV2Auth.__init__cCs
t�d�t|j�}|j}t|�dkrd}|j�d|j�d|�d�}tj	|j
j�d�t
d�}g}t|�D])}|dkr;q4t||�}	t|�d�dd	�}
t|	�d�d
d	�}|�|
�d|���q4d�|�}||7}t�d
|�|�|�d��t�|������d�}
||
fS)Nz$Calculating signature using v2 auth.r�/�
r*��	digestmod�	Signature���safez-_~�=�&zString to sign: %s)�logger�debugrr"�path�len�method�netloc�hmac�newrF�
secret_key�encoder�sortedr1r
�append�join�update�base64�	b64encode�digest�stripr0)r8r2�params�splitrT�string_to_sign�lhmac�pairs�key�value�
quoted_key�quoted_value�qs�b64r&r&r'�calc_signature�s.

�
zSigV2Auth.calc_signaturecCs�|jdurt��|jr|j}n|j}|jj|d<d|d<d|d<t�tt���|d<|jj	r4|jj	|d<|�
||�\}}||d<|S)	N�AWSAccessKeyId�2�SignatureVersion�
HmacSHA256�SignatureMethod�	Timestamp�
SecurityTokenrL)rFrr+rd�
access_key�time�strftime�ISO8601�gmtime�tokenro)r8r2rdrm�	signaturer&r&r'r5�s
zSigV2Auth.add_authN)r9r:r;�__doc__rBror5r&r&r&r'rDxs
rDc@seZdZdd�Zdd�ZdS)�	SigV3AuthcCr?r@rErGr&r&r'rB�rCzSigV3Auth.__init__cCs�|jdurt��d|jvr|jd=tdd�|jd<|jjr-d|jvr&|jd=|jj|jd<tj|jj�d�t	d�}|�
|jd�d��t|����
�}d|jj�d|�d���}d	|jvrb|jd	=||jd	<dS)
N�DateT��usegmt�X-Amz-Security-Tokenr*rJzAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rFr�headersrr|rXrYrZr[rr_r
rbrcrwr0)r8r2�new_hmac�encoded_signaturer}r&r&r'r5�s*


���
zSigV3Auth.add_authN)r9r:r;rBr5r&r&r&r'r�src@s�eZdZdZdZdd�Zd1dd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)2�	SigV4Authz+
    Sign a request with Signature V4.
    TcCs||_||_||_dSr@)rF�_region_name�
_service_name�r8rF�service_name�region_namer&r&r'rB�s
zSigV4Auth.__init__FcCs<|rt�||�d�t���}|St�||�d�t���}|Sr))rXrYr[r�	hexdigestrb)r8ri�msg�hex�sigr&r&r'�_sign�s
�zSigV4Auth._signcCsLt�}|j��D]\}}|��}|tvr|||<qd|vr$t|j�|d<|S)zk
        Select the headers from the request that need to be included
        in the StringToSign.
        r$)r	r��items�lower�SIGNED_HEADERS_BLACKLISTr(r")r8r2�
header_map�namerj�lnamer&r&r'�headers_to_sign�s�zSigV4Auth.headers_to_signcCs"|jr	|�|j�S|�t|j��Sr@)rd�_canonical_query_string_params�_canonical_query_string_urlrr"r7r&r&r'�canonical_query_string�sz SigV4Auth.canonical_query_stringcCs~g}t|t�r|��}|D]\}}|�t|dd�tt|�dd�f�q
g}t|�D]\}}|�|�d|���q)d�|�}|S)Nz-_.~rNrPrQ)r,rr�r]r
r1r\r^)r8rd�
key_val_pairsrirj�sorted_key_valsr�r&r&r'r�s
�
z(SigV4Auth._canonical_query_string_paramsc	Csvd}|jr9g}|j�d�D]}|�d�\}}}|�||f�q
g}t|�D]\}}|�|�d|���q%d�|�}|S)NrMrQrP)�queryre�	partitionr]r\r^)	r8�partsr�r��pairri�_rjr�r&r&r'r�s
z%SigV4Auth._canonical_query_string_urlcsZg}tt|��}|D]}d��fdd�|�|�D��}|�|�dt|����q
d�|�S)a

        Return the headers that need to be included in the StringToSign
        in their canonical form by converting all header keys to lower
        case, sorting them in alphabetical order and then joining
        them into a string, separated by newlines.
        �,c3s�|]}��|�VqdSr@)�
_header_value��.0�v�r8r&r'�	<genexpr>,s�

�z.SigV4Auth.canonical_headers.<locals>.<genexpr>�:rI)r\�setr^�get_allr]r)r8r�r��sorted_header_namesrirjr&r�r'�canonical_headers"s�
zSigV4Auth.canonical_headerscCsd�|���S)N� )r^re)r8rjr&r&r'r�2szSigV4Auth._header_valuecCs tdd�t|�D��}d�|�S)Ncss�|]	}|����VqdSr@)r�rc)r��nr&r&r'r�;s�z+SigV4Auth.signed_headers.<locals>.<genexpr>�;)r\r�r^)r8r�r�r&r&r'�signed_headers:s
zSigV4Auth.signed_headerscCs0|j�di�}|�d�}t|t�o|�d�dkS)N�checksum�request_algorithm�in�trailer)�contextr r,�dict)r8r2�checksum_context�	algorithmr&r&r'�_is_streaming_checksum_payload>s
z(SigV4Auth._is_streaming_checksum_payloadcCs�|�|�rtS|�|�stS|j}|r>t|d�r>|��}t�|j	t
�}t�}t|d�D]}|�
|�q+|��}|�|�|S|rFt|���StS)N�seek�)r��"STREAMING_UNSIGNED_PAYLOAD_TRAILER�_should_sha256_sign_payload�UNSIGNED_PAYLOAD�body�hasattr�tell�	functools�partial�read�PAYLOAD_BUFFERr�iterr_r�r��EMPTY_SHA256_HASH)r8r2�request_body�position�read_chunksizer��chunk�hex_checksumr&r&r'�payloadCs&

�
zSigV4Auth.payloadcCs|j�d�sdS|j�dd�S)NrT�payload_signing_enabled)r"�
startswithr�r r7r&r&r'r�]sz%SigV4Auth._should_sha256_sign_payloadcCs�|j��g}|�t|j�j�}|�|�|�|�|��|�|�}|�|�	|�d�|�|�
|��d|jvr>|jd}n|�|�}|�|�d�
|�S)NrI�X-Amz-Content-SHA256)rV�upper�_normalize_url_pathrr"rTr]r�r�r�r�r�r�r^)r8r2�crrTr��
body_checksumr&r&r'�canonical_requestgs





zSigV4Auth.canonical_requestcCstt|�dd�}|S)Nz/~rN)r
r)r8rT�normalized_pathr&r&r'r�vszSigV4Auth._normalize_url_pathcCsN|jjg}|�|jddd��|�|j�|�|j�|�d�d�|�S�N�	timestampr��aws4_requestrH)rFrwr]r�r�r�r^�r8r2�scoper&r&r'r�zs


zSigV4Auth.scopecCsHg}|�|jddd��|�|j�|�|j�|�d�d�|�Sr�)r]r�r�r�r^r�r&r&r'�credential_scope�s

zSigV4Auth.credential_scopecCsHdg}|�|jd�|�|�|��|�t|�d�����d�|�S)z�
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        �AWS4-HMAC-SHA256r�r*rI)r]r�r�rr[r�r^)r8r2r��stsr&r&r'rf�s

zSigV4Auth.string_to_signcCsd|jj}|�d|����|jddd��}|�||j�}|�||j�}|�|d�}|j||dd�S)N�AWS4r�rr�r�T)r�)rFrZr�r[r�r�r�)r8rfr2ri�k_date�k_region�	k_service�	k_signingr&r&r'r}�s�zSigV4Auth.signaturecCs�|jdurt��tj��}|�t�|jd<|�|�|�|�}t	�
d�t	�
d|�|�||�}t	�
d|�|�||�}t	�
d|�|�
||�dS)Nr�z$Calculating signature using v4 auth.zCanonicalRequest:
%szStringToSign:
%sz
Signature:
%s)rFr�datetime�utcnowry�SIGV4_TIMESTAMPr��_modify_request_before_signingr�rRrSrfr}�_inject_signature_to_request)r8r2�datetime_nowr�rfr}r&r&r'r5�s




zSigV4Auth.add_authcCsVd|�|���g}|�|�}|�d|�|����|�d|���d�|�|jd<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z
Signature=z, �
Authorization)r�r�r]r�r^r�)r8r2r}�auth_strr�r&r&r'r��s
�z&SigV4Auth._inject_signature_to_requestcCsvd|jvr	|jd=|�|�|jjr"d|jvr|jd=|jj|jd<|j�dd�s9d|jvr2|jd=t|jd<dSdS)Nr�r�r�Tr�)r��_set_necessary_date_headersrFr|r�r r�r7r&r&r'r��s



�z(SigV4Auth._modify_request_before_signingcCs�d|jvr.|jd=tj�|jdt�}ttt�|�	����|jd<d|jvr,|jd=dSdSd|jvr7|jd=|jd|jd<dS)Nr�r��
X-Amz-Date)
r�r��strptimer�r�r�int�calendar�timegm�	timetuple)r8r2�datetime_timestampr&r&r'r��s

�
�
�
z%SigV4Auth._set_necessary_date_headersN)F)r9r:r;r~r<rBr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rfr}r5r�r�r�r&r&r&r'r��s2




r�cs0eZdZ�fdd�Z�fdd�Zdd�Z�ZS)�S3SigV4Authcs2t��|�d|jvr|jd=|�|�|jd<dS)Nr�)�superr�r�r�r7��	__class__r&r'r��s
z*S3SigV4Auth._modify_request_before_signingcs�|j�d�}t|dd�}|duri}|�dd�}|dur|Sd}|j�di�}|�d�}t|t�r<|�d�dkr<|d	}|j�d
�rG||jvrIdS|j�dd
�rRd
St��	|�S)N�
client_config�s3r�zContent-MD5r�r�r��headerr�rT�has_streaming_inputF)
r�r �getattrr,r�r"r�r�r�r�)r8r2r��	s3_config�sign_payload�checksum_headerr�r�r�r&r'r��s&

�
z'S3SigV4Auth._should_sha256_sign_payloadcC�|Sr@r&�r8rTr&r&r'r��zS3SigV4Auth._normalize_url_path)r9r:r;r�r�r��
__classcell__r&r&r�r'r��s)r�cs8eZdZdZ�fdd�Z�fdd�Z�fdd�Z�ZS)�
S3ExpressAuthTc�t��|||�||_dSr@)r�rB�_identity_cache)r8rFr�r��identity_cacher�r&r'rB�
zS3ExpressAuth.__init__cst��|�dSr@)r�r5r7r�r&r'r5szS3ExpressAuth.add_authcs>t��|�d|jvr|jj|jd<d|jvr|jd=dSdS)Nzx-amz-s3session-tokenr�)r�r�r�rFr|r7r�r&r'r� s

�z,S3ExpressAuth._modify_request_before_signing)r9r:r;�REQUIRES_IDENTITY_CACHErBr5r�rr&r&r�r'rs
rc@�eZdZdZdd�ZdS)�S3ExpressPostAuthTcC�Ntj��}|�t�|jd<i}|j�dd�dur|jd}i}g}|j�dd�dur;|jd}|�dd�dur;|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dur�|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr��s3-presign-post-fields�s3-presign-post-policy�
conditionsr��x-amz-algorithm�x-amz-credential�
x-amz-date�X-Amz-S3session-Tokenr*�policy�x-amz-signature�r�r�ryr�r�r r�r]rFr|r`rar.�dumpsr[r0r}�r8r2r��fieldsrrr&r&r'r5,s>



���
zS3ExpressPostAuth.add_authN)r9r:r;rr5r&r&r&r'r)srcsJeZdZdZdZed��fdd�
Zdd�Zdd	�Zd
d�Zdd
�Z	�Z
S)�S3ExpressQueryAuthi,T)�expirescst�j||||d�||_dS)N)r
�r�rB�_expires)r8rFr�r�r
rr�r&r'rBZs	�
zS3ExpressQueryAuth.__init__c
C�|j�d�}d}||kr|jd=|�|�|��}d|�|�|jd|j|d�}|jjdur3|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jrT|�|j�i|_d}	|jrc|�t|��d|_|rkt|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)N�content-type�0application/x-www-form-urlencoded; charset=utf-8r�r��zX-Amz-AlgorithmzX-Amz-Credentialr�z
X-Amz-ExpireszX-Amz-SignedHeadersrT��keep_blank_valuescS�i|]	\}}||d�qS�rr&�r��kr�r&r&r'�
<dictcomp>��zES3ExpressQueryAuth._modify_request_before_signing.<locals>.<dictcomp>rMrQr����r�r r�r�r�r�r rFr|rr"rr�r�rdr_r+r3rr)
r8r2�content_type�blocklisted_content_typer��auth_paramsr#�query_string_parts�
query_dict�operation_params�new_query_string�p�
new_url_partsr&r&r'r�k�>��
�z1S3ExpressQueryAuth._modify_request_before_signingcC�|jd|��7_dS�Nz&X-Amz-Signature=�r"�r8r2r}r&r&r'r���z/S3ExpressQueryAuth._inject_signature_to_requestcCrr@r&rr&r&r'r��rz&S3ExpressQueryAuth._normalize_url_pathcC�tSr@�r�r7r&r&r'r���zS3ExpressQueryAuth.payload)r9r:r;�DEFAULT_EXPIRESrrBr�r�r�r�rr&r&r�r'rVs	�Arcs4eZdZdZef�fdd�	Zdd�Zdd�Z�ZS)�SigV4QueryAuth�crr@r)r8rFr�r�rr�r&r'rB�rzSigV4QueryAuth.__init__c
Cr!)Nr"r#r�r�r$r�Tr%cSr'r(r&r)r&r&r'r+�r,zASigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>rMrQrr-r.r/r0)
r8r2r1�blacklisted_content_typer�r3r#r4r5r6r7r8r9r&r&r'r��r:z-SigV4QueryAuth._modify_request_before_signingcCr;r<r=r>r&r&r'r�r?z+SigV4QueryAuth._inject_signature_to_request)r9r:r;rCrBr�r�rr&r&r�r'rD�s�ArDc@s eZdZdZdd�Zdd�ZdS)�S3SigV4QueryAuthaS3 SigV4 auth using query parameters.

    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.

    Based off of:

    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

    cCrr@r&rr&r&r'r�rz$S3SigV4QueryAuth._normalize_url_pathcCr@r@rAr7r&r&r'r�rBzS3SigV4QueryAuth.payloadN)r9r:r;r~r�r�r&r&r&r'rGsrGc@r
)�S3SigV4PostAuthz�
    Presigns a s3 post

    Implementation doc here:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
    cCr)
Nr�rrrr�rrr�x-amz-security-tokenr*rrrrr&r&r'r5/s:


��
zS3SigV4PostAuth.add_authN�r9r:r;r~r5r&r&r&r'rH'�rHc@sxeZdZgd�Zddd�Zdd�Zdd�Zd	d
�Zdd�Zdd
d�Z		ddd�Z
	ddd�Zdd�Zdd�Z
dd�ZdS)�
HmacV1Auth)$�
accelerate�acl�cors�defaultObjectAcl�location�logging�
partNumberr�requestPayment�torrent�
versioning�	versionId�versions�website�uploads�uploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encoding�delete�	lifecycle�tagging�restore�storageClass�notification�replicationrT�	analytics�metrics�	inventory�selectzselect-typezobject-lockNcCr?r@rEr�r&r&r'rB�rCzHmacV1Auth.__init__cCs>tj|jj�d�td�}|�|�d��t|����	��
d�S)Nr*rJ)rXrYrFrZr[rr_r
rbrcr0)r8rfr�r&r&r'�sign_string�s
�zHmacV1Auth.sign_stringcCs�gd�}g}d|vr
|d=|��|d<|D])}d}|D]}|��}||dur6||kr6|�||���d}q|s>|�d�qd�|�S)N)�content-md5r"�dater�FTrMrI)�	_get_dater�r]rcr^)r8r��interesting_headers�hoi�ih�foundri�lkr&r&r'�canonical_standard_headers�s"�
�
z%HmacV1Auth.canonical_standard_headerscCs�g}i}|D] }|��}||dur&|�d�r&d�dd�|�|�D��||<qt|���}|D]}|�|�d||���q/d�|�S)N�x-amz-r�css�|]}|��VqdSr@)rcr�r&r&r'r��s�
�z6HmacV1Auth.canonical_custom_headers.<locals>.<genexpr>r�rI)r�r�r^r�r\�keysr])r8r�rl�custom_headersriro�sorted_header_keysr&r&r'�canonical_custom_headers�s

��
z#HmacV1Auth.canonical_custom_headerscCs$t|�dkr|S|dt|d�fS)z(
        TODO: Do we need this?
        r-r)rUr)r8�nvr&r&r'�	unquote_v�szHmacV1Auth.unquote_vcs�|dur|}n|j}|jrC|j�d�}dd�|D�}�fdd�|D�}t|�dkrC|jtd�d�dd�|D�}|d7}|d�|�7}|S)	NrQcSsg|]}|�dd��qS)rPr-)re�r��ar&r&r'�
<listcomp>�sz1HmacV1Auth.canonical_resource.<locals>.<listcomp>cs$g|]}|d�jvr��|��qSr()�
QSAOfInterestrwrxr�r&r'rz�sr)ricSsg|]}d�|��qS)rP)r^rxr&r&r'rz�s�?)rTr�rerU�sortrr^)r8re�	auth_path�buf�qsar&r�r'�canonical_resource�s	
�zHmacV1Auth.canonical_resourcecCsN|��d}||�|�d7}|�|�}|r||d7}||j||d�7}|S)NrI�r~)r�rprur�)r8rVrer�rr~�csrsr&r&r'�canonical_string�s
zHmacV1Auth.canonical_stringcCsF|jjr
|d=|jj|d<|j||||d�}t�d|���|�|�S)NrIr�zStringToSign:
)rFr|r�rRrSrg)r8rVrer�rr~rfr&r&r'�
get_signature�s�
zHmacV1Auth.get_signaturecCs\|jdurt�t�d�t|j�}t�d|j���|j|j||j|j	d�}|�
||�dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: r�)rFrrRrSrr"rVr�r�r~�_inject_signature)r8r2rer}r&r&r'r5�s


�zHmacV1Auth.add_authcCs
tdd�S)NTr�rr�r&r&r'rj�rCzHmacV1Auth._get_datecCs4d|jvr	|jd=d|jj�d|��}||jd<dS)Nr�zAWS r�)r�rFrw)r8r2r}�auth_headerr&r&r'r��s
zHmacV1Auth._inject_signature)NNr@)r9r:r;r{rBrgrprurwr�r�r�r5rjr�r&r&r&r'rLWs
'
	
�
�rLc@s0eZdZdZdZefdd�Zdd�Zdd�Zd	S)
�HmacV1QueryAuthz�
    Generates a presigned request for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    #RESTAuthenticationQueryStringAuth

    rEcCs||_||_dSr@)rFr )r8rFrr&r&r'rB
s
zHmacV1QueryAuth.__init__cCsttt��t|j���Sr@)r1r�rxr r�r&r&r'rjszHmacV1QueryAuth._get_datec	Cs�i}|jj|d<||d<|jD]"}|��}|dkr!|jd|d<q|�d�s*|dvr1|j|||<qt|�}t|j�}|drH|d�d|��}|d	|d
|d||df}t|�|_dS)
NrprLr��Expiresrq)rhr"�rQrr-r.r/)	rFrwr�r�r�rrr"r)	r8r2r}r5�
header_keyror7r8r9r&r&r'r�s 
�
z!HmacV1QueryAuth._inject_signatureN)r9r:r;r~rCrBrjr�r&r&r&r'r�s
r�c@r
)�HmacV1PostAuthz�
    Generates a presigned post for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html
    cCs�i}|j�dd�dur|jd}i}g}|j�dd�dur.|jd}|�dd�dur.|d}||d<|jj|d<|jjdurM|jj|d<|�d|jji�t�t�	|��
d���d�|d<|�|d�|d<||jd<||jd<dS)	NrrrrprIr*rr})
r�r rFrwr|r]r`rar.rr[r0rg)r8r2rrrr&r&r'r5>s,

��
zHmacV1PostAuth.add_authNrJr&r&r&r'r�5sr�c@r
)�
BearerAuthz�
    Performs bearer token authorization by placing the bearer token in the
    Authorization header as specified by Section 2.1 of RFC 6750.

    https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
    cCs>|jdurt��d|jj��}d|jvr|jd=||jd<dS)NzBearer r�)rArr|r�)r8r2r�r&r&r'r5es

zBearerAuth.add_authNrJr&r&r&r'r�]rKr�)�v2�v3�v3httpsr�zs3-queryzs3-presign-postzs3v4-presign-postzv4-s3expresszv4-s3express-queryzv4-s3express-presign-post�bearer)�CRT_AUTH_TYPE_MAPS)�v4zv4-query�s3v4z
s3v4-query)Cr`r�r�r�rXr.rRrx�collections.abcr�email.utilsr�hashlibrr�operatorr�botocore.compatrr	r
rrr
rrr�botocore.exceptionsrr�botocore.utilsrrrr�	getLoggerr9rRr�r�rzr�r�r�r�r(r3r4r>rDrr�r�rrrrDrGrHrLr�r�r��AUTH_TYPE_MAPS�botocore.crt.authr�r_r&r&r&r'�<module>s�
,
�

=6-hQ0*5(���