HEX

File: //opt/cppython/lib/python3.8/site-packages/botocore/__pycache__/auth.cpython-38.pyc
U

KD�g_��@s|ddlZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddl
mZddlm
Z
mZddlmZddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZddl m!Z!m"Z"m#Z#dd	lm$Z$e�%e&�Z'd
Z(dZ)dZ*d
Z+ddddgZ,dZ-dZ.dd�Z/dd�Z0Gdd�d�Z1Gdd�de1�Z2Gdd�de1�Z3Gdd�de1�Z4Gd d!�d!e1�Z5Gd"d#�d#e5�Z6Gd$d%�d%e6�Z7Gd&d'�d'e7�Z8Gd(d)�d)e7�Z9Gd*d+�d+e5�Z:Gd,d-�d-e:�Z;Gd.d/�d/e5�Z<Gd0d1�d1e1�Z=Gd2d3�d3e=�Z>Gd4d5�d5e=�Z?Gd6d7�d7e2�Z@d8d9�ZAe3e4e4e=e>e?e<e7e9e8e@d:�ZBe�rVdd;lCmDZDeB�EeD�neB�Ee5e:e6e;d<��d=d>d?d@dA�ZFdS)B�N)�Mapping��
formatdate)�sha1�sha256)�
itemgetter)	�HAS_CRT�HTTPHeaders�encodebytes�ensure_unicode�parse_qs�quote�unquote�urlsplit�
urlunsplit)�NoAuthTokenError�NoCredentialsError�UnknownSignatureVersionError� UnsupportedSignatureVersionError)�is_valid_ipv6_endpoint_url�normalize_url_path�percent_encode_sequence)�
MD5_AVAILABLEZ@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ�expectztransfer-encodingz
user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCsZt|�}|j}t|�r"d|�d�}ddd�}|jdk	rV|j|�|j�krVd||jf}|S)N�[�]�Pi�)�http�httpsz%s:%d)r�hostnamer�port�get�scheme)�url�	url_parts�hostZ
default_ports�r&�:/opt/cppython/lib/python3.8/site-packages/botocore/auth.py�_host_from_urlLs�
r(cCs:|j}t|t�r"t�|�d��}nt|t�r6t�|�}|S�N�utf-8)�data�
isinstance�bytes�json�loads�decode�str)�requestr+r&r&r'�_get_body_as_dict_s


r3c@seZdZdZdZdd�ZdS)�
BaseSignerFcCstd��dS)N�add_auth)�NotImplementedError��selfr2r&r&r'r5pszBaseSigner.add_authN)�__name__�
__module__�__qualname__�REQUIRES_REGION�REQUIRES_TOKENr5r&r&r&r'r4lsr4c@seZdZdZdd�ZdS)�TokenSignerTcCs
||_dS�N)�
auth_token)r8r@r&r&r'�__init__zszTokenSigner.__init__N)r9r:r;r=rAr&r&r&r'r>tsr>c@s(eZdZdZdd�Zdd�Zdd�ZdS)	�	SigV2Authz+
    Sign a request with Signature V2.
    cCs
||_dSr?��credentials�r8rDr&r&r'rA�szSigV2Auth.__init__cCs
t�d�t|j�}|j}t|�dkr*d}|j�d|j�d|�d�}tj	|j
j�d�t
d�}g}t|�D]R}|dkrvqht||�}	t|�d�dd	�}
t|	�d�d
d	�}|�|
�d|���qhd�|�}||7}t�d
|�|�|�d��t�|������d�}
||
fS)Nz$Calculating signature using v2 auth.r�/�
r*��	digestmod�	Signature���safez-_~�=�&zString to sign: %s)�logger�debugrr#�path�len�method�netloc�hmac�newrD�
secret_key�encoder�sortedr1r
�append�join�update�base64�	b64encode�digest�stripr0)r8r2�params�splitrR�string_to_signZlhmac�pairs�key�valueZ
quoted_keyZquoted_value�qsZb64r&r&r'�calc_signature�s0

�
zSigV2Auth.calc_signaturecCs�|jdkrt��|jr|j}n|j}|jj|d<d|d<d|d<t�tt���|d<|jj	rh|jj	|d<|�
||�\}}||d<|S)	N�AWSAccessKeyId�2ZSignatureVersionZ
HmacSHA256ZSignatureMethod�	TimestampZ
SecurityTokenrJ)rDrr+rb�
access_key�time�strftime�ISO8601�gmtime�tokenri)r8r2rbrh�	signaturer&r&r'r5�s
zSigV2Auth.add_authN)r9r:r;�__doc__rArir5r&r&r&r'rB~srBc@seZdZdd�Zdd�ZdS)�	SigV3AuthcCs
||_dSr?rCrEr&r&r'rA�szSigV3Auth.__init__cCs�|jdkrt��d|jkr"|jd=tdd�|jd<|jjrZd|jkrL|jd=|jj|jd<tj|jj�d�t	d�}|�
|jd�d��t|����
�}d|jj�d|�d���}d	|jkr�|jd	=||jd	<dS)
N�DateT��usegmt�X-Amz-Security-Tokenr*rHzAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rDr�headersrrrrVrWrXrYrr]r
r`rarmr0)r8r2�new_hmacZencoded_signaturersr&r&r'r5�s(


��
zSigV3Auth.add_authN)r9r:r;rAr5r&r&r&r'ru�sruc@s�eZdZdZdZdd�Zd1dd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0S)2�	SigV4Authz+
    Sign a request with Signature V4.
    TcCs||_||_||_dSr?)rD�_region_name�
_service_name�r8rD�service_name�region_namer&r&r'rA�szSigV4Auth.__init__FcCs:|rt�||�d�t���}nt�||�d�t���}|Sr))rVrWrYr�	hexdigestr`)r8rf�msg�hex�sigr&r&r'�_sign�szSigV4Auth._signcCsLt�}|j��D] \}}|��}|tkr|||<qd|krHt|j�|d<|S)zk
        Select the headers from the request that need to be included
        in the StringToSign.
        r%)r	rz�items�lower�SIGNED_HEADERS_BLACKLISTr(r#)r8r2Z
header_map�namerg�lnamer&r&r'�headers_to_sign�s
zSigV4Auth.headers_to_signcCs&|jr|�|j�S|�t|j��SdSr?)rb�_canonical_query_string_params�_canonical_query_string_urlrr#r7r&r&r'�canonical_query_string�sz SigV4Auth.canonical_query_stringcCs~g}t|t�r|��}|D]*\}}|�t|dd�tt|�dd�f�qg}t|�D]\}}|�|�d|���qRd�|�}|S)Nz-_.~rLrNrO)r,rr�r[r
r1rZr\)r8rb�
key_val_pairsrfrg�sorted_key_valsr�r&r&r'r�s
�
z(SigV4Auth._canonical_query_string_paramsc	Csvd}|jrrg}|j�d�D]"}|�d�\}}}|�||f�qg}t|�D]\}}|�|�d|���qJd�|�}|S)NrKrOrN)�queryrc�	partitionr[rZr\)	r8�partsr�r��pairrf�_rgr�r&r&r'r�s
z%SigV4Auth._canonical_query_string_urlcsZg}tt|��}|D]:}d��fdd�|�|�D��}|�|�dt|����qd�|�S)a

        Return the headers that need to be included in the StringToSign
        in their canonical form by converting all header keys to lower
        case, sorting them in alphabetical order and then joining
        them into a string, separated by newlines.
        �,c3s|]}��|�VqdSr?)�
_header_value��.0�v�r8r&r'�	<genexpr>2sz.SigV4Auth.canonical_headers.<locals>.<genexpr>�:rG)rZ�setr\�get_allr[r)r8r�rzZsorted_header_namesrfrgr&r�r'�canonical_headers(s�zSigV4Auth.canonical_headerscCsd�|���S)N� )r\rc)r8rgr&r&r'r�8szSigV4Auth._header_valuecCs tdd�t|�D��}d�|�S)Ncss|]}|����VqdSr?)r�ra)r��nr&r&r'r�Asz+SigV4Auth.signed_headers.<locals>.<genexpr>�;)rZr�r\)r8r�rzr&r&r'�signed_headers@szSigV4Auth.signed_headerscCs0|j�di�}|�d�}t|t�o.|�d�dkS)N�checksum�request_algorithm�in�trailer)�contextr!r,�dict)r8r2�checksum_context�	algorithmr&r&r'�_is_streaming_checksum_payloadDs
z(SigV4Auth._is_streaming_checksum_payloadcCs�|�|�rtS|�|�stS|j}|r|t|d�r||��}t�|j	t
�}t�}t|d�D]}|�
|�qV|��}|�|�|S|r�t|���StSdS)N�seek�)r��"STREAMING_UNSIGNED_PAYLOAD_TRAILER�_should_sha256_sign_payload�UNSIGNED_PAYLOAD�body�hasattr�tell�	functools�partial�read�PAYLOAD_BUFFERr�iterr]r�r��EMPTY_SHA256_HASH)r8r2�request_body�positionZread_chunksizer��chunkZhex_checksumr&r&r'�payloadIs(

�
zSigV4Auth.payloadcCs|j�d�sdS|j�dd�S)NrT�payload_signing_enabled)r#�
startswithr�r!r7r&r&r'r�csz%SigV4Auth._should_sha256_sign_payloadcCs�|j��g}|�t|j�j�}|�|�|�|�|��|�|�}|�|�	|�d�|�|�
|��d|jkr||jd}n
|�|�}|�|�d�
|�S)NrG�X-Amz-Content-SHA256)rT�upper�_normalize_url_pathrr#rRr[r�r�r�r�rzr�r\)r8r2�crrRr�Z
body_checksumr&r&r'�canonical_requestms




zSigV4Auth.canonical_requestcCstt|�dd�}|S)Nz/~rL)r
r)r8rRZnormalized_pathr&r&r'r�|szSigV4Auth._normalize_url_pathcCsN|jjg}|�|jddd��|�|j�|�|j�|�d�d�|�S�N�	timestampr��aws4_requestrF)rDrmr[r�r}r~r\�r8r2�scoper&r&r'r��s

zSigV4Auth.scopecCsHg}|�|jddd��|�|j�|�|j�|�d�d�|�Sr�)r[r�r}r~r\r�r&r&r'�credential_scope�s
zSigV4Auth.credential_scopecCsHdg}|�|jd�|�|�|��|�t|�d�����d�|�S)z�
        Return the canonical StringToSign as well as a dict
        containing the original version of all headers that
        were included in the StringToSign.
        �AWS4-HMAC-SHA256r�r*rG)r[r�r�rrYr�r\)r8r2r��stsr&r&r'rd�s
zSigV4Auth.string_to_signcCsd|jj}|�d|����|jddd��}|�||j�}|�||j�}|�|d�}|j||dd�S)NZAWS4r�rr�r�T)r�)rDrXr�rYr�r}r~)r8rdr2rfZk_dateZk_regionZ	k_serviceZ	k_signingr&r&r'rs�s�zSigV4Auth.signaturecCs�|jdkrt��tj��}|�t�|jd<|�|�|�|�}t	�
d�t	�
d|�|�||�}t	�
d|�|�||�}t	�
d|�|�
||�dS)Nr�z$Calculating signature using v4 auth.zCanonicalRequest:
%szStringToSign:
%sz
Signature:
%s)rDr�datetime�utcnowro�SIGV4_TIMESTAMPr��_modify_request_before_signingr�rPrQrdrs�_inject_signature_to_request)r8r2�datetime_nowr�rdrsr&r&r'r5�s




zSigV4Auth.add_authcCsVd|�|���g}|�|�}|�d|�|����|�d|���d�|�|jd<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z
Signature=z, �
Authorization)r�r�r[r�r\rz)r8r2rs�auth_strr�r&r&r'r��s
�z&SigV4Auth._inject_signature_to_requestcCsrd|jkr|jd=|�|�|jjrDd|jkr6|jd=|jj|jd<|j�dd�snd|jkrd|jd=t|jd<dS)Nr�ryr�Tr�)rz�_set_necessary_date_headersrDrrr�r!r�r7r&r&r'r��s



z(SigV4Auth._modify_request_before_signingcCs|d|jkrV|jd=tj�|jdt�}ttt�|�	����|jd<d|jkrx|jd=n"d|jkrh|jd=|jd|jd<dS)Nrvr��
X-Amz-Date)
rzr��strptimer�r�r�int�calendar�timegm�	timetuple)r8r2Zdatetime_timestampr&r&r'r��s
��



z%SigV4Auth._set_necessary_date_headersN)F)r9r:r;rtr<rAr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rdrsr5r�r�r�r&r&r&r'r|�s0




r|cs0eZdZ�fdd�Z�fdd�Zdd�Z�ZS)�S3SigV4Authcs2t��|�d|jkr|jd=|�|�|jd<dS)Nr�)�superr�rzr�r7��	__class__r&r'r��s
z*S3SigV4Auth._modify_request_before_signingcs�|j�d�}t|dd�}|dkr$i}|�dd�}|dk	r<|Sd}|j�di�}|�d�}t|t�rx|�d�dkrx|d	}|j�d
�r�||jkr�dS|j�dd
�r�d
St��	|�S)N�
client_config�s3r�zContent-MD5r�r�r��headerr�rTZhas_streaming_inputF)
r�r!�getattrr,r�r#r�rzr�r�)r8r2r�Z	s3_configZsign_payloadZchecksum_headerr�r�r�r&r'r��s(

��z'S3SigV4Auth._should_sha256_sign_payloadcCs|Sr?r&�r8rRr&r&r'r�szS3SigV4Auth._normalize_url_path)r9r:r;r�r�r��
__classcell__r&r&r�r'r��s)r�cs8eZdZdZ�fdd�Z�fdd�Z�fdd�Z�ZS)�
S3ExpressAuthTcst��|||�||_dSr?)r�rAZ_identity_cache)r8rDr�r��identity_cacher�r&r'rAszS3ExpressAuth.__init__cst��|�dSr?)r�r5r7r�r&r'r5#szS3ExpressAuth.add_authcs:t��|�d|jkr$|jj|jd<d|jkr6|jd=dS)Nzx-amz-s3session-tokenry)r�r�rzrDrrr7r�r&r'r�&s


z,S3ExpressAuth._modify_request_before_signing)r9r:r;�REQUIRES_IDENTITY_CACHErAr5r�r�r&r&r�r'r�sr�c@seZdZdZdd�ZdS)�S3ExpressPostAuthTcCsPtj��}|�t�|jd<i}|j�dd�dk	r:|jd}i}g}|j�dd�dk	rv|jd}|�dd�dk	rv|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dk	�r|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr��s3-presign-post-fields�s3-presign-post-policy�
conditionsr��x-amz-algorithm�x-amz-credential�
x-amz-date�X-Amz-S3session-Tokenr*�policy�x-amz-signature�r�r�ror�r�r!r�r[rDrrr^r_r.�dumpsrYr0rs�r8r2r��fieldsr�r�r&r&r'r52s>



���
zS3ExpressPostAuth.add_authN)r9r:r;r�r5r&r&r&r'r�/sr�csJeZdZdZdZed��fdd�
Zdd�Zdd	�Zd
d�Zdd
�Z	�Z
S)�S3ExpressQueryAuthi,T)�expirescst�j||||d�||_dS)N)r��r�rA�_expires)r8rDr�r�r�r�r�r&r'rA`s	�zS3ExpressQueryAuth.__init__c
Cs|j�d�}d}||kr |jd=|�|�|��}d|�|�|jd|j|d�}|jjdk	rf|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jr�|�|j�i|_d}	|jr�|�t|��d|_|r�t|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)N�content-type�0application/x-www-form-urlencoded; charset=utf-8r�r��zX-Amz-AlgorithmzX-Amz-Credentialr�z
X-Amz-ExpireszX-Amz-SignedHeadersr�T��keep_blank_valuescSsi|]\}}||d�qS�rr&�r��kr�r&r&r'�
<dictcomp>�szES3ExpressQueryAuth._modify_request_before_signing.<locals>.<dictcomp>rKrOr����rzr!r�r�r�r�r�rDrrrr#rr�r�rbr]r+r3rr)
r8r2�content_typeZblocklisted_content_typer��auth_paramsr$�query_string_parts�
query_dict�operation_params�new_query_string�p�
new_url_partsr&r&r'r�qs>��
�z1S3ExpressQueryAuth._modify_request_before_signingcCs|jd|��7_dS�Nz&X-Amz-Signature=�r#�r8r2rsr&r&r'r��sz/S3ExpressQueryAuth._inject_signature_to_requestcCs|Sr?r&r�r&r&r'r��sz&S3ExpressQueryAuth._normalize_url_pathcCstSr?�r�r7r&r&r'r��szS3ExpressQueryAuth.payload)r9r:r;�DEFAULT_EXPIRESr�rAr�r�r�r�r�r&r&r�r'r�\s	�Ar�cs4eZdZdZef�fdd�	Zdd�Zdd�Z�ZS)�SigV4QueryAuth�cst��|||�||_dSr?r�)r8rDr�r�r�r�r&r'rA�szSigV4QueryAuth.__init__c
Cs|j�d�}d}||kr |jd=|�|�|��}d|�|�|jd|j|d�}|jjdk	rf|jj|d<t	|j
�}t|jdd�}d	d
�|�
�D�}|jr�|�|j�i|_d}	|jr�|�t|��d|_|r�t|�d}	|	�t|���}
|}|d
|d|d|
|df}t|�|_
dS)Nr�rr�r�rryTrcSsi|]\}}||d�qSrr&rr&r&r'r�szASigV4QueryAuth._modify_request_before_signing.<locals>.<dictcomp>rKrOrrr	r
r)
r8r2rZblacklisted_content_typer�r
r$rrrrrrr&r&r'r��s>��
�z-SigV4QueryAuth._modify_request_before_signingcCs|jd|��7_dSrrrr&r&r'r�sz+SigV4QueryAuth._inject_signature_to_request)r9r:r;rrAr�r�r�r&r&r�r'r�s
�Arc@s eZdZdZdd�Zdd�ZdS)�S3SigV4QueryAuthaS3 SigV4 auth using query parameters.

    This signer will sign a request using query parameters and signature
    version 4, i.e a "presigned url" signer.

    Based off of:

    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

    cCs|Sr?r&r�r&r&r'r�!sz$S3SigV4QueryAuth._normalize_url_pathcCstSr?rr7r&r&r'r�%szS3SigV4QueryAuth.payloadN)r9r:r;rtr�r�r&r&r&r'rsrc@seZdZdZdd�ZdS)�S3SigV4PostAuthz�
    Presigns a s3 post

    Implementation doc here:
    http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html
    cCsPtj��}|�t�|jd<i}|j�dd�dk	r:|jd}i}g}|j�dd�dk	rv|jd}|�dd�dk	rv|d}||d<d|d<|�|�|d<|jd|d<|�ddi�|�d|�|�i�|�d|jdi�|jj	dk	�r|jj	|d	<|�d	|jj	i�t
�t�
|��d
���d
�|d<|�|d|�|d<||jd<||jd<dS)
Nr�r�r�r�r�r�r�r��x-amz-security-tokenr*r�r�r�r�r&r&r'r55s:


��
zS3SigV4PostAuth.add_authN�r9r:r;rtr5r&r&r&r'r-src$@s�eZdZddddddddd	d
ddd
ddddddddddddddddd	ddd d!d"d#g$Zd;d%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd<d/d0�Z	d=d1d2�Z
d>d3d4�Zd5d6�Zd7d8�Z
d9d:�Zd$S)?�
HmacV1AuthZ
accelerateZaclZcorsZdefaultObjectAcl�location�loggingZ
partNumberr�ZrequestPaymentZtorrentZ
versioningZ	versionId�versionsZwebsiteZuploadsZuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encoding�deleteZ	lifecycleZtaggingZrestoreZstorageClassZnotificationZreplicationZ	analyticsZmetricsZ	inventory�selectzselect-typezobject-lockNcCs
||_dSr?rCrr&r&r'rA�szHmacV1Auth.__init__cCs>tj|jj�d�td�}|�|�d��t|����	��
d�S)Nr*rH)rVrWrDrXrYrr]r
r`rar0)r8rdr{r&r&r'�sign_string�s�zHmacV1Auth.sign_stringcCs�dddg}g}d|kr|d=|��|d<|D]R}d}|D]6}|��}||dk	r8||kr8|�||���d}q8|s,|�d�q,d�|�S)	N�content-md5r��datervFTrKrG)�	_get_dater�r[rar\)r8rzZinteresting_headers�hoiZih�foundrf�lkr&r&r'�canonical_standard_headers�s
z%HmacV1Auth.canonical_standard_headerscCs�g}i}|D]@}|��}||dk	r|�d�rd�dd�|�|�D��||<qt|���}|D]}|�|�d||���q^d�|�S)N�x-amz-r�css|]}|��VqdSr?)rar�r&r&r'r��sz6HmacV1Auth.canonical_custom_headers.<locals>.<genexpr>r�rG)r�r�r\r�rZ�keysr[)r8rzr)�custom_headersrfr+Zsorted_header_keysr&r&r'�canonical_custom_headers�s

�z#HmacV1Auth.canonical_custom_headerscCs(t|�dkr|S|dt|d�fSdS)z(
        TODO: Do we need this?
        rrN)rSr)r8�nvr&r&r'�	unquote_v�szHmacV1Auth.unquote_vcs�|dk	r|}n|j}|jr�|j�d�}dd�|D�}�fdd�|D�}t|�dkr�|jtd�d�dd�|D�}|d7}|d�|�7}|S)	NrOcSsg|]}|�dd��qS)rNr)rc�r��ar&r&r'�
<listcomp>�sz1HmacV1Auth.canonical_resource.<locals>.<listcomp>cs$g|]}|d�jkr��|��qSr)�
QSAOfInterestr2r3r�r&r'r5�sr)rfcSsg|]}d�|��qS)rN)r\r3r&r&r'r5�s�?)rRr�rcrS�sortrr\)r8rc�	auth_path�bufZqsar&r�r'�canonical_resource�s	
�zHmacV1Auth.canonical_resourcecCsN|��d}||�|�d7}|�|�}|r8||d7}||j||d�7}|S)NrG�r9)r�r,r0r;)r8rTrcrzr�r9�csr/r&r&r'�canonical_string�s
zHmacV1Auth.canonical_stringcCsF|jjr|d=|jj|d<|j||||d�}t�d|���|�|�S)Nrr<zStringToSign:
)rDrrr>rPrQr%)r8rTrcrzr�r9rdr&r&r'�
get_signature�s�zHmacV1Auth.get_signaturecCs\|jdkrt�t�d�t|j�}t�d|j���|j|j||j|j	d�}|�
||�dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: r<)rDrrPrQrr#rTr?rzr9�_inject_signature)r8r2rcrsr&r&r'r5�s


�zHmacV1Auth.add_authcCs
tdd�S)NTrwrr�r&r&r'r(�szHmacV1Auth._get_datecCs4d|jkr|jd=d|jj�d|��}||jd<dS)Nr�zAWS r�)rzrDrm)r8r2rs�auth_headerr&r&r'r@�s
zHmacV1Auth._inject_signature)NN)N)NN)NN)r9r:r;r6rAr%r,r0r2r;r>r?r5r(r@r&r&r&r'r]sh�'
	
�
�
rc@s0eZdZdZdZefdd�Zdd�Zdd�Zd	S)
�HmacV1QueryAuthz�
    Generates a presigned request for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    #RESTAuthenticationQueryStringAuth

    rcCs||_||_dSr?)rDr�)r8rDr�r&r&r'rAszHmacV1QueryAuth.__init__cCsttt��t|j���Sr?)r1r�rnr�r�r&r&r'r(szHmacV1QueryAuth._get_datec	Cs�i}|jj|d<||d<|jD]D}|��}|dkrB|jd|d<q|�d�sT|dkr|j|||<qt|�}t|j�}|dr�|d�d|��}|d	|d
|d||df}t|�|_dS)
NrjrJrvZExpiresr-)r&r��rOrrr	r
)	rDrmrzr�r�rrr#r)	r8r2rsrZ
header_keyr+rrrr&r&r'r@s

z!HmacV1QueryAuth._inject_signatureN)r9r:r;rtrrAr(r@r&r&r&r'rBs

rBc@seZdZdZdd�ZdS)�HmacV1PostAuthz�
    Generates a presigned post for s3.

    Spec from this document:

    http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html
    cCs�i}|j�dd�dk	r |jd}i}g}|j�dd�dk	r\|jd}|�dd�dk	r\|d}||d<|jj|d<|jjdk	r�|jj|d<|�d|jji�t�t�	|��
d���d�|d<|�|d�|d<||jd<||jd<dS)	Nr�r�r�rjrr*r�rs)
r�r!rDrmrrr[r^r_r.r�rYr0r%)r8r2r�r�r�r&r&r'r5Ds,

��
zHmacV1PostAuth.add_authNrr&r&r&r'rD;srDc@seZdZdZdd�ZdS)�
BearerAuthz�
    Performs bearer token authorization by placing the bearer token in the
    Authorization header as specified by Section 2.1 of RFC 6750.

    https://datatracker.ietf.org/doc/html/rfc6750#section-2.1
    cCs>|jdkrt��d|jj��}d|jkr0|jd=||jd<dS)NzBearer r�)r@rrrrz)r8r2rAr&r&r'r5ks

zBearerAuth.add_authNrr&r&r&r'rEcsrEcCsX|D]D}|dkrt|S|tkr>t|}|tkrH|Sqt|d��qt|d��dS)N�smithy.api#noAuth)�signature_version)�AUTH_TYPE_TO_SIGNATURE_VERSION�AUTH_TYPE_MAPSrr)Z
auth_traitZ	auth_typerGr&r&r'�resolve_auth_typeus
rJ)Zv2Zv3Zv3httpsr�zs3-queryzs3-presign-postzs3v4-presign-postzv4-s3expresszv4-s3express-queryzv4-s3express-presign-post�bearer)�CRT_AUTH_TYPE_MAPS)�v4zv4-queryZs3v4z
s3v4-queryrMZv4arK�none)zaws.auth#sigv4zaws.auth#sigv4azsmithy.api#httpBearerAuthrF)Gr^r�r�r�rVr.r!rn�collections.abcr�email.utilsr�hashlibrr�operatorrZbotocore.compatrr	r
rrr
rrrZbotocore.exceptionsrrrrZbotocore.utilsrrrr�	getLoggerr9rPr�r�rpr�r�r�r�r(r3r4r>rBrur|r�r�r�r�rrrrrBrDrErJrIZbotocore.crt.authrLr]rHr&r&r&r'�<module>s�,
��

=6-hQ0*5(���
�