U EZhu@sddlZddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZddlmZmZddlmZGdddZGd d d Zd d Zd dZd%ddZd&ddZd'ddZd(ddZGdddZddZd)ddZdd Zd*d!d"Z d#d$Z!dS)+N)create_request_objectprepare_request_dict) OrderedDict)ParamValidationErrorUnknownClientMethodErrorUnknownSignatureVersionError UnsupportedSignatureVersionError) ArnParserdatetime2timestamp) fix_s3_hostc@szeZdZdZdddZeddZeddZed d Zdd d Z dddZ ddZ ddZ dddZ e ZdddZdS) RequestSignera0 An object to sign requests before they go out over the wire using one of the authentication mechanisms defined in ``auth.py``. This class fires two events scoped to a service and operation name: * choose-signer: Allows overriding the auth signer name. * before-sign: Allows mutating the request before signing. Together these events allow for customization of the request signing pipeline, including overrides, request path manipulation, and disabling signing per operation. :type service_id: botocore.model.ServiceId :param service_id: The service id for the service, e.g. ``S3`` :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type signature_version: string :param signature_version: Signature name like ``v4``. :type credentials: :py:class:`~botocore.credentials.Credentials` :param credentials: User credentials with which to sign requests. :type event_emitter: :py:class:`~botocore.hooks.BaseEventHooks` :param event_emitter: Extension mechanism to fire events. NcCs4||_||_||_||_||_||_t||_dSN) _region_name _signing_name_signature_version _credentials _auth_token _service_idweakrefproxy_event_emitter)selfZ service_id region_name signing_namesignature_version credentialsZ event_emitterZ auth_tokenrW/home/aprabhat/apps/x.techxrdev.in/venv/lib/python3.8/site-packages/botocore/signers.py__init__Es zRequestSigner.__init__cCs|jSr )rrrrrrYszRequestSigner.region_namecCs|jSr )rrrrrr]szRequestSigner.signature_versioncCs|jSr )rrrrrraszRequestSigner.signing_namecKs |||Sr )sign)roperation_namerequestkwargsrrrhandlereszRequestSigner.handlerstandardc Cs\|}|dkr|j}|dkr |j}||||j}|jjd|jd||||j|||d|tj krX|||d} |dk r|| d<|j di} |s| dr| d| d <| d r| d | d <| d r| d | d <| d dk r| | | d | d z|j f| } Wn>t k rL} z|dkr8t|dn| W5d} ~ XYnX| |dS)a<Sign a request before it goes out over the wire. :type operation_name: string :param operation_name: The name of the current operation, e.g. ``ListBuckets``. :type request: AWSRequest :param request: The request object to be sent over the wire. :type region_name: str :param region_name: The region to sign the request for. :type signing_type: str :param signing_type: The type of signing to perform. This can be one of three possible values: * 'standard' - This should be used for most requests. * 'presign-url' - This should be used when pre-signing a request. * 'presign-post' - This should be used when pre-signing an S3 post. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. This parameter is only valid for signing type 'presign-url'. :type signing_name: str :param signing_name: The name to use for the service when signing. Nz before-sign..)r"rrrrequest_signerr!)rrrexpiressigningregionrrrequest_credentialsidentity_cache cache_keyr%r)rr_choose_signercontextremitr hyphenizebotocoreUNSIGNEDget_resolve_identity_cacheget_auth_instancerrZadd_auth) rr!r"r signing_type expires_inrZexplicit_region_namerr#Zsigning_contextautherrrr lsd#      zRequestSigner.signcCs||d<||d<dS)Nr,r-r)rr#cacher-rrrr6sz%RequestSigner._resolve_identity_cachec Csddd}||d}|dp$|j}|di}|d|j}|d|j} |tjk rj||sj||7}|jjd |j d ||| ||d \} } | d k r| }|tjk r||s||7}|S) ai Allow setting the signature version via the choose-signer event. A value of `botocore.UNSIGNED` means no signing will be performed. :param operation_name: The operation to sign. :param signing_type: The type of signing that the signer is to be used for. :return: The signature version to sign with. z -presign-postz-query) presign-post presign-urlZ auth_typer)rr*zchoose-signer.r&)rrrr0N) r5rrrr3r4endswithrZemit_until_responserr2) rr!r8r0Zsigning_type_suffix_mapsuffixrr)rrr$responserrrr/s8    zRequestSigner._choose_signerc Ks|dkr|j}tjj|}|dkr.t|d|jdkr\d}|jdk rP|j}||}|S|pd|j } t |dddkr|d} |d} | | } |d=d} | dk r| } | |d<|j r|jdkrtj||d<||d <|f|}|S) a Get an auth instance which can be used to sign a request using the given signature version. :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signature_version: string :param signature_version: Signature name like ``v4``. :rtype: :py:class:`~botocore.auth.BaseSigner` :return: Auth instance to sign a request. Nr.TZREQUIRES_IDENTITY_CACHEr,r-rr service_name)rr3r:ZAUTH_TYPE_MAPSr5rZREQUIRES_TOKENrZget_frozen_tokenrgetattrZget_credentialsZget_frozen_credentialsZREQUIRES_REGIONr exceptionsZ NoRegionError) rrrrr+r#clsZ frozen_tokenr:rr<keyZfrozen_credentialsrrrr7s<        zRequestSigner.get_auth_instancecCs*t|}||||d||||jS)aGenerates a presigned url :type request_dict: dict :param request_dict: The prepared request dictionary returned by ``botocore.awsrequest.prepare_request_dict()`` :type operation_name: str :param operation_name: The operation being signed. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds) :type region_name: string :param region_name: The region name to sign the presigned url. :type signing_name: str :param signing_name: The name to use for the service when signing. :returns: The presigned url r>)rr prepareurl)r request_dictr!r9rrr"rrrgenerate_presigned_url@s z$RequestSigner.generate_presigned_url)N)NN)Nr%NN)NN)rHNN)__name__ __module__ __qualname____doc__rpropertyrrrr$r r6r/r7Zget_authrLrrrrr "s2*      \4 Br c@s<eZdZdZddZd ddZddZdd d Zd d ZdS)CloudFrontSigneraA signer to create a signed CloudFront URL. First you create a cloudfront signer based on a normalized RSA signer:: import rsa def rsa_signer(message): private_key = open('private_key.pem', 'r').read() return rsa.sign( message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')), 'SHA-1') # CloudFront requires SHA-1 hash cf_signer = CloudFrontSigner(key_id, rsa_signer) To sign with a canned policy:: signed_url = cf_signer.generate_signed_url( url, date_less_than=datetime(2015, 12, 1)) To sign with a custom policy:: signed_url = cf_signer.generate_signed_url(url, policy=my_policy) cCs||_||_dS)aCreate a CloudFrontSigner. :type key_id: str :param key_id: The CloudFront Key Pair ID :type rsa_signer: callable :param rsa_signer: An RSA signer. Its only input parameter will be the message to be signed, and its output will be the signed content as a binary string. The hash algorithm needed by CloudFront is SHA-1. N)key_id rsa_signer)rrSrTrrrrs zCloudFrontSigner.__init__Nc Cs|dk o|dk }|dko|dk}|s(|r4d}t||dk rH|||}t|tr\|d}|dk rzdtt|g}nd||dg}| |}| d||dd|j g| ||S)aCreates a signed CloudFront URL based on given parameters. :type url: str :param url: The URL of the protected object :type date_less_than: datetime :param date_less_than: The URL will expire after that date and time :type policy: str :param policy: The custom policy, possibly built by self.build_policy() :rtype: str :return: The signed URL. Nz=Need to provide either date_less_than or policy, but not bothutf8zExpires=zPolicy=z Signature=z Key-Pair-Id=) ValueError build_policy isinstancestrencodeintr _url_b64encodedecoderTextendrS _build_url) rrJdate_less_thanpolicyZboth_args_suppliedZneither_arg_suppliedr;params signaturerrrrLs&     z'CloudFrontSigner.generate_presigned_urlcCs"d|kr dnd}||d|S)N?&)join)rbase_urlZ extra_params separatorrrrr_szCloudFrontSigner._build_urlc Cstt|}tdd|ii}|rsrcCs|}|}|}|} |} |dkr"i}n|}| dkr6g} dt|d} t|j} |jjd} |jd|i| | d}t | dd}|j | || | d\}}}|j || || |d d }| d |i|d r| d d|dtd  gn| d|i||d<| j||| | dS)aw Builds the url and the form fields used for a presigned s3 post :type Bucket: string :param Bucket: The name of the bucket to presign the post to. Note that bucket related conditions should not be included in the ``conditions`` parameter. :type Key: string :param Key: Key name, optionally add ${filename} to the end to attach the submitted filename. Note that key related conditions and fields are filled out for you and should not be included in the ``Fields`` or ``Conditions`` parameter. :type Fields: dict :param Fields: A dictionary of prefilled form fields to build on top of. Elements that may be included are acl, Cache-Control, Content-Type, Content-Disposition, Content-Encoding, Expires, success_action_redirect, redirect, success_action_status, and x-amz-meta-. Note that if a particular element is included in the fields dictionary it will not be automatically added to the conditions list. You must specify a condition for the element as well. :type Conditions: list :param Conditions: A list of conditions to include in the policy. Each element can be either a list or a structure. For example: .. code:: python [ {"acl": "public-read"}, ["content-length-range", 2, 5], ["starts-with", "$success_action_redirect", ""] ] Conditions that are included may pertain to acl, content-length-range, Cache-Control, Content-Type, Content-Disposition, Content-Encoding, Expires, success_action_redirect, redirect, success_action_status, and/or x-amz-meta-. Note that if you include a condition, you must specify a valid value in the fields dictionary as well. A value will not be added automatically to the fields dictionary based on the conditions. :type ExpiresIn: int :param ExpiresIn: The number of seconds the presigned post is valid for. :rtype: dict :returns: A dictionary with two elements: ``url`` and ``fields``. Url is the url to post to. Fields is a dictionary filled with the form fields and respective values to use when submitting the post. For example: .. code:: python { 'url': 'https://amzn-s3-demo-bucket.s3.amazonaws.com', 'fields': { 'acl': 'public-read', 'key': 'mykey', 'signature': 'mysignature', 'policy': 'mybase64 encoded policy' } } NTrZ CreateBucketrrr?rFrbucketz ${filename}z starts-withz$keyrG)rKrrr9)copyrrrrrrrr rr5rrrr@rr)rrKeyZFieldsZ ConditionsrrrGrrr9r0Zpost_presignerrrbrrrrrKrrrrBsdH    rcCsd|jjdkrdS|jjj}|r`|ddr.dS|ddkrN|jjjdkrNdS|ddkr`dSd S) NZawsFZuse_dualstack_endpointZus_east_1_regional_endpointZregionalz us-east-1Zaddressing_styleZvirtualT)r partitionconfigZs3r5r)clientZ s3_configrrrrs     r)N)Nr)Nr)Nr)NrHN)NNrH)"rzrrorr3Z botocore.authZbotocore.awsrequestrrZbotocore.compatrZbotocore.exceptionsrrrrZbotocore.utilsr r r r rRrrr~rrrrrrLrrrrrrr sP  K 7 4  Z O