o Qa,@sHddlmZddlZddlZzddlmZWney%ddlmZYnwddlm Z ddl m Z ddl m Z mZmZdd lmZmZmZdd lmZddlZdd lmZmZgZd&d dZedddZedd'ddZedddZedddZddZ ddZ!  d(d d!Z"ed!d)d"d#Z#d)d$d%Z$dS)*)absolute_importN) encodebytes) encodestring)Config)debug) encode_to_s3decode_from_s3s3_quote) time_to_epoch deunicodisecheck_bucket_name_dns_support) SortedDict)sha1sha256FcCs|sdSd}|r dp d}t|D],}|r||vrq||}|dvr0|dt|dd|f7}q|d|t||ddf7}q|oHd|d d S) a Format URL parameters from a params dict and returns ?parm1=val1&parm2=val2 or an empty string if there are no parameters. Output of this function should be appended directly to self.resource['uri'] - Set "always_have_equal" to always have the "=" char for a param even when there is no value for it. - Set "limited_keys" list to restrict the param string to keys that are defined in it. =)Nrz&%s%sTunicode_outputz&%s=%s?rN)sortedkeysr )paramsalways_have_equal limited_keys param_str equal_strkeyvaluer+/usr/lib/python3/dist-packages/S3/Crypto.pyformat_param_str s   r!cCs,tj}ttt||t}|S)a{Sign a string with the secret key, returning base64 encoded results. By default the configured secret key is used, but may be overridden as an argument. Useful for REST authentication. See http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html string_to_sign should be utf-8 "bytes". and returned signature will be utf-8 encoded "bytes". ) r secret_keyrhmacnewrrdigeststrip)string_to_signr" signaturerrr sign_string_v2<s r)GET/c Cs4gd}|dur tdd}tj}|d}||ddd7}||ddd7}||d dd7}t|D]$}|d rM||d ||d7}|d r^||d ||d7}q:t|d dd}t||d}||7}||7}t dt |t t t |} tt|dd} d|d | | d<| S)aASign a string with the secret key, returning base64 encoded results. By default the configured secret key is used, but may be overridden as an argument. Useful for REST authentication. See http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html string_to_sign should be utf-8 "bytes". )acl lifecyclelocationlogging notification partNumberpolicyrequestPaymenttorrentuploadIduploads versionId versioningversionswebsitedeletecorsrestoreNT ignore_case z content-md5rz content-typedatezx-amz-:zx-emc-Fquote_backslashesr)rz SignHeaders: zAWS Authorization)rr access_keygetrr startswithr r!rreprr r)rlistitems) method canonical_urir cur_headersSUBRESOURCES_TO_INCLUDErFr'headercanonical_querystringr( new_headersrrr sign_request_v2Js.      rScCst|||dS)aESign a URL in s3://bucket/object form with the given expiry time. The object will be accessible via the signed URL until the AWS key and secret are revoked or the expiry time is reached, even if the object is otherwise private. See: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html )bucketobjectexpiry)sign_url_base_v2rTrU) url_to_signrVrrr sign_url_v2}s rYcKsLtj}tj}t|d|d<tj|d<tj|d<t|dddd|d<d|d <tjr8d |d <td |dd |}d }|rQ||d|7}d}|r]||d|7}d}td|tt t |dd|d<td|dt tj |drd}nd}|d7}||}|r|dt|dd7}|r|dt|dd7}|S)zcShared implementation of sign_url methods. Takes a hash of 'bucket', 'object' and 'expiry' as args.rVrF host_baserUFTrChttpprotohttpsz#Expiry interpreted as epoch time %sz'GET %(expiry)d /%(bucket)s/%(object)srzresponse-content-disposition=&zresponse-content-type=zSigning plaintext: %rrsigzUrlencoded signature: %srTz/%(proto)s://%(bucket)s.%(host_base)s/%(object)sz/%(proto)s://%(host_base)s/%(bucket)s/%(object)szC?AWSAccessKeyId=%(access_key)s&Expires=%(expiry)d&Signature=%(sig)sz&response-content-disposition=z&response-content-type=) rcontent_disposition content_typer rFrZr signurl_use_httpsrr)rr host_bucket)parmsr`rasigntextparam_separatorurlrrr rWs>    rWcCst|t|tSN)r#r$rrr%)rmsgrrr signsrjcCs4ttd||}t||}t||}t|d}|S)z1 Input: unicode params Output: bytes AWS4 aws4_request)rjr)r dateStamp regionName serviceNamekDatekRegionkServicekSigningrrr getSignatureKeys    rtr us-east-1cCsTd}|dur tdd}t}|j} |j} tj} | d} | d} t| | ||}t|ddd}t |dd d }t |t t d krLt |}n t t t|}||| d }d }|D] }|d kso||dvrpqb||||<|d|7}qbd}t|D]\}}||d|d7}q|}td|dt|d}|d|d|d|d|d|}td|d}| d|d|dd}|d| d|dt t t|}t t|t|t }|dd| d|dd|dd|}t|}|| ||dtd||S)Ns3Tr>z%Y%m%dT%H%M%SZz%Y%m%dFrC)rrrv)hostx-amz-content-sha256 x-amz-datez$host;x-amz-content-sha256;x-amz-daterE;rrBr@zcanonical_headers = %sz,Canonical Request: %s ----------------------zAWS4-HMAC-SHA256r+rl z Credential=,zSignedHeaders=z Signature=)rzrEryzsignature-v4 headers: %s)rrrFr"datetimeutcnowstrftimertr r!lstriptyperr hexdigestrrsplitr&rrKrjoinr#r$update)rLrxrMrregionrNbodyservicecfgrFr"tamzdate datestamp signing_keyrQ payload_hashcanonical_headerssigned_headersrPcanonical_headers_strkvcanonical_request algorithmcredential_scoper'r(authorization_headerrRrrr sign_request_v4sZ      , ,0  rcszt}Wn tyt}Ynwtt|d\|dur1tfdddD]}||q(n-||}|dkrft d|}|sGn'|t |8}|||dkss z&checksum_sha256_file..rvrr) r Exceptionr$openr iterrseekrminlen)filenameoffsetsizehashchunk size_leftrrr checksum_sha256_files@           rcCsVzt}Wn tyt}Ynw|dur|||S||||||Srh)rrr$r)bufferrrrrrr checksum_sha256_buffers    r)FN)r*r+NN)r*rr+NruNrv)rN)% __future__rsysr#base64rr ImportErrorrrr/r BaseUtilsrr r Utilsr r r rr~hashlibrr__all__r!appendr)rSrYrWrjrtrrrrrrr sB         1 #  ?