o

�h�b�@s
dd
lZddl
mZ
ddlmZmZmZmZmZm	Z	
ddl
mZmZm
Z
mZmZ
ddlmZ
ddlmZ
Gdd�de�ZGd	d
�d
e�ZGdd�de�ZGd
d�de�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�Zeeeeeeed�Zd
S)�N)
�BytesIO)�SIGNED_HEADERS_BLACKLIST�"STREAMING_UNSIGNED_PAYLOAD_TRAILER�UNSIGNED_PAYLOAD�
BaseSigner�_get_body_as_dict�_host_from_url)�HTTPHeaders�awscrt�parse_qs�urlsplit�
urlunsplit)
�NoCredentialsError)
�percent_encode_sequencec@�zeZ
dZd
Zgd�
ZejjjZ	d
Z
d
Zdd�Zdd�Z
dd�Zd	d
�Zdd�Zd
d�Zdd�Zdd�Zdd�Zdd�ZdS)�CrtSigV4AuthT��
Authorizationz
X-Amz-Date�X-Amz-Content-SHA256zX-Amz-Security-TokencC�|
|_||_
||_d|_dS�
N��credentials�
_service_name�_region_name�_expiration_in_seconds��selfr�service_name�region_name�r �D/usr/local/CyberCP/lib/python3.10/site-packages/botocore/crt/auth.py�__init__*�




zCrtSigV4Auth.__init__cC�0|
j�
d
i�}|�
d�
}t|t�o|�
d�
dkS�N�checksum�request_algorithm�in�trailer��context�get�
isinstance�dict�r�request�checksum_context�	algorithmr r r!�_is_streaming_checksum_payload0�



z+CrtSigV4Auth._is_streaming_checksum_payloadc
C�
|jdurt
��
tj��jtjjd
�
}|�|
�
}|�|
�

t	j
jj|jj
|jj|jjd�}|�|
�
r5t}n|�|
�
rB|r?|}nd}nt}|�|�
rOt	j
jj}nt	j
jj}t	j
jt	j
jj|j||j|j||j|j|j |||j!d�}|�"|
�
}t	j
�#||�}	|	�$�
|�%|
|�
dS�N)
�tzinfo)�
access_key_id�secret_access_key�
session_token)r2�signature_type�credentials_provider�region�service�date�should_sign_header�use_double_uri_encode�should_normalize_uri_path�signed_body_value�signed_body_header_type�expiration_in_seconds)&rr�datetime�utcnow�replace�timezone�utc�_get_existing_sha256�_modify_request_before_signingr
�auth�AwsCredentialsProvider�
new_static�
access_key�
secret_key�tokenr3r�_should_sha256_sign_payloadr�!_should_add_content_sha256_header�AwsSignedBodyHeaderType�X_AMZ_CONTENT_SHA_256�NONE�AwsSigningConfig�AwsSigningAlgorithm�V4�_SIGNATURE_TYPErr�_should_sign_header�_USE_DOUBLE_URI_ENCODE�_SHOULD_NORMALIZE_URI_PATHr�_crt_request_from_aws_request�aws_sign_request�result�_apply_signing_changes�
rr0�datetime_now�existing_sha256r<�explicit_payload�body_header�signing_config�crt_request�futurer r r!�add_auth5�R




�




�






�












�



zCrtSigV4Auth.add_authc
C��t|
j
�
}|jr|jn
d
}|
jr4g}|
j��D]\}}t|�
}|�|�d|���

q|dd�|�
}n|jr?|�d|j��}t	j
�|
j���
}d}|
j
r\t|
j
d�rW|
j
}nt|
j
�
}t	j
j|
j|||d�}	|	S�N�
/�
=�
?�
&�seek)�method�path�headers�body_stream�r�urlru�params�items�str�append�join�queryr
�http�HttpHeadersrv�body�hasattrr�HttpRequestrt�
r�aws_request�	url_parts�crt_path�array�param�value�crt_headers�crt_body_streamrir r r!r_n�.


















�z*CrtSigV4Auth._crt_request_from_aws_requestcC�t�
t|j�
�
|
_dSr�r	�
from_pairs�listrv�rr��signed_crt_requestr r r!rb��

�z#CrtSigV4Auth._apply_signing_changescK�|
��t
v
Sr��lowerr�r�name�kwargsr r r!r\��
z CrtSigV4Auth._should_sign_headercC�@|jD]}||
j
vr|
j
|=qd
|
j
v
rt|
j�
|
j
d
<dSdS�N�host��_PRESIGNED_HEADERS_BLOCKLISTrvrry�rr0�
hr r r!rL��



�

�z+CrtSigV4Auth._modify_request_before_signingcC�|
j�
d
�
S�Nr�rvr,�rr0r r r!rK�r�z!CrtSigV4Auth._get_existing_sha256cC�|
j�
d
�
sdS|
j�dd�S�N�httpsT�payload_signing_enabled�ry�
startswithr+r,r�r r r!rS��
z(CrtSigV4Auth._should_sha256_sign_payloadcC�|
du
Srr �rrfr r r!rT��z.CrtSigV4Auth._should_add_content_sha256_headerN)�__name__�
__module__�__qualname__�REQUIRES_REGIONr�r
rM�AwsSignatureType�HTTP_REQUEST_HEADERSr[r]r^r"r3rkr_rbr\rLrKrSrTr r r r!rs 




9

rc�4eZ
dZd
Zd
Zdd�Z�f
dd�Zdd�Z�ZS)�CrtS3SigV4AuthFc
C�dSrr r�r r r!rK��z#CrtS3SigV4Auth._get_existing_sha256cs�|
j�
d
�
}t|dd�}|duri}|�
dd�}|du
r|Sd}|
j�
di�}|�
d�
}t|t�r<|�
d�
dkr<|d	}|
j�d
�
rG||
jv
rIdS|
j�
dd
�rRd
St��	|
�
S)N�
client_config�s3r��Content-MD5r&r'r(�headerr�r�T�has_streaming_inputF)
r+r,�getattrr-r.ryr�rv�superrS)rr0r��	s3_config�sign_payload�checksum_headerr1r2�
�	__class__r r!rS�s&









�

z*CrtS3SigV4Auth._should_sha256_sign_payloadc
C�d
S�NTr r�r r r!rT�r�z0CrtS3SigV4Auth._should_add_content_sha256_header�	r�r�r�r]r^rKrSrT�
__classcell__r r r�r!r��s
)r�c@r)�CrtSigV4AsymAuthTrcCrrrrr r r!r"�r#zCrtSigV4AsymAuth.__init__c
Cr5r6)&rrrFrGrHrIrJrKrLr
rMrNrOrPrQrRr3rrSrrTrUrVrWrXrY�
V4_ASYMMETRICr[rrr\r]r^rr_r`rarbrcr r r!rk�rlzCrtSigV4AsymAuth.add_authc
Crmrnrxr�r r r!r_3
r�z.CrtSigV4AsymAuth._crt_request_from_aws_requestcCr�rr�r�r r r!rbQ
r�z'CrtSigV4AsymAuth._apply_signing_changescKr�rr�r�r r r!r\W
r�z$CrtSigV4AsymAuth._should_sign_headercCr�r�r�r�r r r!rLZ
r�z/CrtSigV4AsymAuth._modify_request_before_signingcCr�r�r�r�r r r!rKd
r�z%CrtSigV4AsymAuth._get_existing_sha256cCr$r%r*r/r r r!r3g
r4z/CrtSigV4AsymAuth._is_streaming_checksum_payloadcCr�r�r�r�r r r!rSl
r�z,CrtSigV4AsymAuth._should_sha256_sign_payloadcCr�rr r�r r r!rTv
r�z2CrtSigV4AsymAuth._should_add_content_sha256_headerN)r�r�r�r�r�r
rMr�r�r[r]r^r"rkr_rbr\rLrKr3rSrTr r r r!r��s 




9

r�cr�)�CrtS3SigV4AsymAuthFc
Cr�rr r�r r r!rK�
r�z'CrtS3SigV4AsymAuth._get_existing_sha256cst|
j�
d
�
}t|dd�}|duri}|�
dd�}|du
r|S|
j�d�
r)d|
jv
r+dS|
j�
dd�r4dSt��|
�
S)	Nr�r�r�r�r�Tr�F)r+r,r�ryr�rvr�rS)rr0r�r�r�r�r r!rS�
s




�

z.CrtS3SigV4AsymAuth._should_sha256_sign_payloadc
Cr�r�r r�r r r!rT�
r�z4CrtS3SigV4AsymAuth._should_add_content_sha256_headerr�r r r�r!r�{
s
$r�c�FeZ
dZd
ZejjjZef
�f
dd�	Z	�f
dd�Z
�f
dd�Z�ZS)�CrtSigV4AsymQueryAuth�c�t��
|
||�
||_dSr�r�r"r�rrrr�expiresr�r r!r"�
�

zCrtSigV4AsymQueryAuth.__init__c	s�t��
|
�

|
j�d
�
}|dkr|
jd
=t|
j�
}t|jdd�}dd�|��D�
}|
j	r6|�
t|
�
�

d|
_	t|�
}|}|d|d	|d
||df}t
|�
|
_dS)N�content-type�0application/x-www-form-urlencoded; charset=utf-8T�
�keep_blank_valuesc
S�i|]	\}
}|
|d�qS�
r
r ��.0�
k�
vr r r!�
<dictcomp>�
szHCrtSigV4AsymQueryAuth._modify_request_before_signing.<locals>.<dictcomp>�r
�
��)r�rLrvr,rryrrr{�data�updaterrr
)	rr0�content_typer��query_string_parts�
query_dict�new_query_string�
p�
new_url_partsr�r r!rL�
s






	

z4CrtSigV4AsymQueryAuth._modify_request_before_signingc�Lt��
|
|�
t|j�
j}t|
j�
}t|d
|d|d||df�
|
_dS�Nr
r�r�r��r�rbrrurryr
�rr�r��signed_queryr�r�r r!rb�
�

(	z,CrtSigV4AsymQueryAuth._apply_signing_changes�
r�r�r��DEFAULT_EXPIRESr
rMr��HTTP_REQUEST_QUERY_PARAMSr[r"rLrbr�r r r�r!r��
s


�*r�c@�(eZ
dZd
ZdZdZdd�Zdd�ZdS)�CrtS3SigV4AsymQueryAuthz�S3 SigV4A auth using query parameters.
    This signer will sign a request using query parameters and signature
    version 4A, i.e a "presigned url" signer.
    Fc
Cr��NFr r�r r r!rS�
�z3CrtS3SigV4AsymQueryAuth._should_sha256_sign_payloadc
Cr�r�r r�r r r!rTr�z9CrtS3SigV4AsymQueryAuth._should_add_content_sha256_headerN�r�r�r��__doc__r]r^rSrTr r r r!r��
s

r�cr�)�CrtSigV4QueryAuthr�cr�rr�r�r�r r!r"r�zCrtSigV4QueryAuth.__init__cs�t��
|
�

|
j�d
�
}|dkr|
jd
=t|
j�
}dd�t|jdd���D�
}|
j	r3|�
|
j	�

i|
_	|
jr@|�
t|
�
�

d|
_t
|�
}|}|d|d	|d
||df}t|�
|
_dS)Nr�r�c
Sr�r�r r�r r r!r�!s��zDCrtSigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>Tr�r�r
r�r�r�)r�rLrvr,rryrrr{rzr�r�rrr
)rr0r�r�r�r�r�r�r�r r!rLs*




��



	

z0CrtSigV4QueryAuth._modify_request_before_signingcr�r�r�r�r�r r!rbBr�z(CrtSigV4QueryAuth._apply_signing_changesr�r r r�r!r�s


�0r�c@r�)�CrtS3SigV4QueryAutha
S3 SigV4 auth using query parameters.
    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.
    Based off of:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
    Fc
Cr�r�r r�r r r!rS_r�z/CrtS3SigV4QueryAuth._should_sha256_sign_payloadc
Cr�r�r r�r r r!rTfr�z5CrtS3SigV4QueryAuth._should_add_content_sha256_headerNr�r r r r!r�Ss

r�)�v4zv4-query�v4a�s3v4z
s3v4-query�s3v4azs3v4a-query)rF�ior�
botocore.authrrrrrr�botocore.compatr	r
rrr
�botocore.exceptionsr�botocore.utilsrrr�r�r�r�r�r�r��CRT_AUTH_TYPE_MAPSr r r r!�<module>
s0

 

72EK






�