o ckF[V£ã@sødZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl Z ddl Z ddl Z ddlmZmZmZmZddlmZddlmZzddlmZddlmZWneyiddlZdZYnwgd ¢Zgd ¢ZGd d „d eƒZGd d„deeƒZGdd„deeƒZGdd„deeƒZ Gdd„deeƒZ!Gdd„deeƒZ"Gdd„deeƒZ#Gdd„de#eƒZ$Gdd„deƒZ%Gdd„deƒZ&Gdd „d e&eƒZ'Gd!d"„d"e&eƒZ(Gd#d$„d$e&eƒZ)Gd%d&„d&e)eƒZ*d-d'd(„Z+d)d*„Z,d+d,„Z-dS).z/ Handles authentication required to AWS and GS éN)Ú formatdate)ÚurllibÚ encodebytesÚ parse_qs_safeÚurlparse)Ú AuthHandler)ÚBotoClientError)Úsha1)Úsha256)z-ap-northeast-1z.ap-northeast-1z-ap-southeast-1z.ap-southeast-1z-ap-southeast-2z.ap-southeast-2z -eu-west-1z .eu-west-1z -external-1z .external-1z -sa-east-1z .sa-east-1z -us-east-1z .us-east-1z-us-gov-west-1z.us-gov-west-1z -us-west-1z .us-west-1z -us-west-2z .us-west-2) z.cn-z .eu-centralz -eu-centralz.ap-northeast-2z-ap-northeast-2z .ap-south-1z -ap-south-1z .us-east-2z -us-east-2z -ca-centralz .ca-centralz .eu-west-2z -eu-west-2c@sHeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dS)ÚHmacKeyszKey based Auth handler helper.cCs2|jdus |jdurtj ¡‚||_| |¡dS©N)Ú access_keyÚ secret_keyÚbotoÚ auth_handlerÚNotReadyToAuthenticateÚhostÚupdate_provider©ÚselfrÚconfigÚprovider©rú+/usr/lib/python3/dist-packages/boto/auth.pyÚ__init__es zHmacKeys.__init__cCsL||_tj|jj d¡td|_tr!tj|jj d¡td|_dSd|_dS©Núutf-8)Ú digestmod) Ú _providerÚhmacÚnewrÚencodeÚshaÚ_hmacr Ú _hmac_256©rrrrrrksÿ ÿ zHmacKeys.update_providercCs|jrdSdS)NÚ HmacSHA256ÚHmacSHA1)r$©rrrrÚ algorithmuszHmacKeys.algorithmcCs(|jrt}nt}tj|jj d¡|dSr)r$r r"rr rrr!)rrrrrÚ _get_hmac{s ÿzHmacKeys._get_hmaccCs.| ¡}| | d¡¡t| ¡ƒ d¡ ¡S©Nr)r*Úupdater!rÚdigestÚdecodeÚstrip)rÚstring_to_signÚnew_hmacrrrÚ sign_stringƒszHmacKeys.sign_stringcCst |j¡}|d=|d=|S)Nr#r$)ÚcopyÚ__dict__)rÚ pickled_dictrrrÚ __getstate__ˆs zHmacKeys.__getstate__cCs||_| |j¡dSr )r4rr)rÚdctrrrÚ __setstate__ŽszHmacKeys.__setstate__N) Ú__name__Ú __module__Ú __qualname__Ú__doc__rrr)r*r2r6r8rrrrr bs  r cs.eZdZdZdgZ‡fdd„Zdd„Z‡ZS)ÚAnonAuthHandlerz( Implements Anonymous requests. Úanoncstt|ƒ |||¡dSr )Úsuperr=rr©Ú __class__rrršszAnonAuthHandler.__init__cKsdSr r)rÚ http_requestÚkwargsrrrÚadd_authszAnonAuthHandler.add_auth)r9r:r;r<Ú capabilityrrDÚ __classcell__rrr@rr=“s  r=có8eZdZdZddgZdd„Z‡fdd„Zdd „Z‡ZS) ÚHmacAuthV1Handlerz: Implements the HMAC request signing used by S3 and GS.zhmac-v1Ús3cCó*t ||||¡t ||||¡d|_dSr ©rrr r$rrrrr¦ó zHmacAuthV1Handler.__init__cótt|ƒ |¡d|_dSr )r?rHrr$r%r@rrr«ó z!HmacAuthV1Handler.update_providerc Ksª|j}|j}|j}d|vrtdd|d<|jjr"|jj}|jj||<tj  |||d|j¡}tj   d|¡|  |¡}|jj } d| |jj|f} tj   d| ¡| |d<dS)NÚDateT©ÚusegmtúStringToSign: %sú%s %s:%sú Signature: %sÚ Authorization)ÚheadersÚmethodÚ auth_pathrrÚsecurity_tokenÚsecurity_token_headerrÚutilsÚcanonical_stringÚlogÚdebugr2Ú auth_headerr ) rrBrCrVrWrXÚkeyr0Úb64_hmacÚauth_hdrÚauthrrrrD¯s$  þ  zHmacAuthV1Handler.add_auth© r9r:r;r<rErrrDrFrrr@rrH¡s  rHcrG) ÚHmacAuthV2HandlerzJ Implements the simplified HMAC authorization used by CloudFront. zhmac-v2Ú cloudfrontcCrJr rKrrrrrÊrLzHmacAuthV2Handler.__init__crMr )r?rerr$r%r@rrrÏrNz!HmacAuthV2Handler.update_providercKsh|j}d|vrtdd|d<|jjr|jj}|jj||<| |d¡}|jj}d||jj|f|d<dS)NrOTrPrSrU)rVrrrYrZr2r_r )rrBrCrVr`rarbrrrrDÓs ÿ ÿzHmacAuthV2Handler.add_authrdrrr@rreÄs  rec@s(eZdZdZgd¢Zdd„Zdd„ZdS)ÚHmacAuthV3Handlerz@Implements the new Version 3 HMAC authorization used by Route53.)zhmac-v3Úroute53ÚsescCó$t ||||¡t ||||¡dSr ©rrr rrrrrçózHmacAuthV3Handler.__init__cKsr|j}d|vrtdd|d<|jjr|jj}|jj||<| |d¡}d|jj}|d| ¡|f7}||d<dS)NrOTrPzAWS3-HTTPS AWSAccessKeyId=%s,zAlgorithm=%s,Signature=%súX-Amzn-Authorization)rVrrrYrZr2r r))rrBrCrVr`raÚsrrrrDës   zHmacAuthV3Handler.add_authN)r9r:r;r<rErrDrrrrrgâs  rgc@s>eZdZdZdgZdd„Zdd„Zdd„Zd d „Zd d „Z d S)ÚHmacAuthV3HTTPHandlerzK Implements the new Version 3 HMAC authorization used by DynamoDB. z hmac-v3-httpcCrjr rkrrrrrrlzHmacAuthV3HTTPHandler.__init__cCs<d|ji}|j ¡D]\}}| ¡}| d¡r|||<q |S)úk Select the headers from the request that need to be included in the StringToSign. ÚHostúx-amz)rrVÚitemsÚlowerÚ startswith)rrBÚheaders_to_signÚnameÚvalueÚlnamerrrrvs  €z%HmacAuthV3HTTPHandler.headers_to_signcs t‡fdd„ˆDƒƒ}d |¡S)á  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. cs(g|]}d| ¡ ¡ˆ| ¡f‘qS)ú%s:%s©rtr/©Ú.0Ún©rvrrÚ s  ÿ  ÿz;HmacAuthV3HTTPHandler.canonical_headers..Ú ©ÚsortedÚjoin©rrvÚlrr€rÚcanonical_headerss ÿ z'HmacAuthV3HTTPHandler.canonical_headerscCs8| |¡}| |¡}d |j|jd|d|jg¡}||fS)ú¬ Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. r‚Ú)rvrˆr…rWrXÚbody)rrBrvrˆr0rrrr0s  ûz$HmacAuthV3HTTPHandler.string_to_signcKsºd|jvr |jd=tdd|jd<|jjr|jj|jd<| |¡\}}tj d|¡t|  d¡ƒ  ¡}|  |¡}d|jj }|d |  ¡7}|d d  |¡7}|d |7}||jd<d S)z› Add AWS3 authentication to a request. :type req: :class`boto.connection.HTTPRequest` :param req: The HTTPRequest object. rmTrPú X-Amz-DateúX-Amz-Security-TokenrRrzAWS3 AWSAccessKeyId=%s,z Algorithm=%s,zSignedHeaders=%s,ú;ú Signature=%sN)rVrrrYr0rr]r^r r!r-r2r r)r…)rÚreqrCr0rvÚ hash_valuerarnrrrrD,s    zHmacAuthV3HTTPHandler.add_authN) r9r:r;r<rErrvrˆr0rDrrrrroús  roc@s´eZdZdZdgZ d+dd„Zd,dd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„ZdS)-ÚHmacAuthV4Handlerz: Implements the new Version 4 HMAC authorization. úhmac-v4NcCs0t ||||¡t ||||¡||_||_dSr )rrr Ú service_nameÚ region_name)rrrrr”r•rrrrLs zHmacAuthV4Handler.__init__FcCsPt|tƒs | d¡}|rt || d¡t¡ ¡}|St || d¡t¡ ¡}|Sr+)Ú isinstanceÚbytesr!rr r Ú hexdigestr-)rr`ÚmsgÚhexÚsigrrrÚ_signVs  ÿzHmacAuthV4Handler._signcCsr| |j|¡}|j d¡r|jd}d|i}|j ¡D]\}}| ¡}| d¡r6t|tƒr2|  d¡}|||<q|S)rprqrrr) Ú host_headerrrVÚgetrsrtrur–r—r.©rrBÚhost_header_valuervrwrxryrrrrv`s     €z!HmacAuthV4Handler.headers_to_signcCs8|j}|jdk}|dkr|r|dkr|r|Sd||fS©NÚhttpséPi»r{)ÚportÚprotocol©rrrBr¤Úsecurerrrrqs   zHmacAuthV4Handler.host_headercCsbt|j ¡ƒ}g}|D] }tj |j|¡}| tjj |dddtjj |dd¡q d  |¡S)NrŠ©Úsafeú=ú-_~ú&) r„ÚparamsÚkeysrr[Úget_utf8_valueÚappendrÚparseÚquoter…)rrBÚparameter_namesÚpairsÚpnameÚpvalrrrÚ query_stringxsÿ zHmacAuthV4Handler.query_stringc Csh|jdkrdSg}t|jƒD] }tj |j|¡}| dtjj |ddtjj |ddf¡qd  |¡S)NÚPOSTrŠú%s=%sú-_.~r¨r¬) rWr„r­rr[r¯r°rr±r²r…©rrBr‡ÚparamrxrrrÚcanonical_query_strings  ÿ z(HmacAuthV4Handler.canonical_query_stringcCsjg}|D])}| ¡ ¡}t||ƒ}d|vr| ¡}n d | ¡ ¡¡}| d||f¡qd t|ƒ¡S)rzú"ú r{r‚)rtr/Ústrr…Úsplitr°r„)rrvÚ canonicalÚheaderÚc_nameÚ raw_valueÚc_valuerrrrˆs   z#HmacAuthV4Handler.canonical_headerscCs dd„|Dƒ}t|ƒ}d |¡S)NcSóg|] }d| ¡ ¡‘qS©z%sr|r}rrrr¡óz4HmacAuthV4Handler.signed_headers..rŽrƒr†rrrÚsigned_headers s z HmacAuthV4Handler.signed_headerscCsF|j}t |¡ dd¡}tj |¡}t|ƒdkr!| d¡r!|d7}|S)Nú\ú/é) rXÚ posixpathÚnormpathÚreplacerr±r²ÚlenÚendswith)rrBÚpathÚ normalizedÚencodedrrrÚ canonical_uri¥s  zHmacAuthV4Handler.canonical_uricCsN|j}t|dƒrt|dƒrtjj|tddSt|tƒs!| d¡}t|ƒ  ¡S)NÚseekÚread)Úhash_algorithmrr) r‹Úhasattrrr[Ú compute_hashr r–r—r!r˜)rrBr‹rrrÚpayload°s    zHmacAuthV4Handler.payloadcCst|j ¡g}| | |¡¡| | |¡¡| |¡}| | |¡d¡| | |¡¡| | |¡¡d  |¡S)Nr‚) rWÚupperr°rÖr½rvrˆrÊrÜr…)rrBÚcrrvrrrÚcanonical_request»s   z#HmacAuthV4Handler.canonical_requestcCsB|jjg}| |j¡| |j¡| |j¡| d¡d |¡S)NÚ aws4_requestrÌ)rr r°Ú timestampr•r”r…)rrBÚscoperrrrâÅs      zHmacAuthV4Handler.scopecCs | d¡S)NÚ.)rÁ©rrrrrÚsplit_host_partsÍs z"HmacAuthV4Handler.split_host_partscCsj| |¡}|jdur|j}|St|ƒdkr/|ddkrd}|St|ƒdkr)d}|S|d}|S|d}|S)NrÍzus-govz us-gov-west-1éú us-east-1r)rår•rÑ)rrÚpartsr•rrrÚdetermine_region_nameÐs   õ  ùüþz'HmacAuthV4Handler.determine_region_namecCs*| |¡}|jdur|j}|S|d}|S)Nr)rår”)rrrèr”rrrÚdetermine_service_nameás  ÿz(HmacAuthV4Handler.determine_service_namecCstg}|jddd…|_| |j¡| |j¡}| |j¡}||_||_| |j¡| |j¡| d¡d |¡S)NrŒréràrÌ) rVrár°rérrêr”r•r…)rrBrâr•r”rrrÚcredential_scopeés       z"HmacAuthV4Handler.credential_scopecCsHdg}| |jd¡| | |¡¡| t| d¡ƒ ¡¡d |¡S)r‰úAWS4-HMAC-SHA256rŒrr‚)r°rVrìr r!r˜r…)rrBrßÚstsrrrr0ús  z HmacAuthV4Handler.string_to_signcCsX|jj}| d| d¡|j¡}| ||j¡}| ||j¡}| |d¡}|j||ddS)NÚAWS4rràT)rš)rrrœr!rár•r”)rrBr0r`Úk_dateÚk_regionÚ k_serviceÚ k_signingrrrÚ signaturesÿ zHmacAuthV4Handler.signaturec Ksbd|jvr |jd=tj ¡}| d¡|jd<|jjr!|jj|jd<| |¡}|}d|vr3| |d¡}|rM|jdkrM||_d|jd<t t |jƒƒ|jd <n|j   d ¡d |_ |r`|j d ||_ |  |¡}tj d |¡| ||¡}tj d |¡| ||¡}tj d|¡| |¡} d| |¡g} |  d| | ¡¡|  d|¡d | ¡|jd<dS)z› Add AWS4 authentication to a request. :type req: :class`boto.connection.HTTPRequest` :param req: The HTTPRequest object. rmú%Y%m%dT%H%M%SZrŒrÚ unmangled_reqr¸ú0application/x-www-form-urlencoded; charset=UTF-8ú Content-TypeúContent-Lengthú?rzCanonicalRequest: %srRrTzAWS4-HMAC-SHA256 Credential=%szSignedHeaders=%srú,rUN)rVÚdatetimeÚutcnowÚstrftimerrYr·rWr‹rÀrÑrÓrÁrßrr]r^r0rôrvrâr°rÊr…) rrrCÚnowÚqsÚ qs_to_postrßr0rôrvr‡rrrrDs8         zHmacAuthV4Handler.add_auth)NN)F)r9r:r;r<rErrœrvrr·r½rˆrÊrÖrÜrßrârårérêrìr0rôrDrrrrr’Es. ÿ        r’csˆeZdZdZdgZ‡fdd„Zdd„Zdd„Zd d „Zd d „Z d d„Z dd„Z dd„Z dd„Z ‡fdd„Z‡fdd„Zddd„Z‡ZS)ÚS3HmacAuthV4HandlerzN Implements a variant of Version 4 HMAC authorization specific to S3. ú hmac-v4-s3cs2tt|ƒj|i|¤Ž|jr| |j¡|_dSdSr )r?rrr•Úclean_region_name)rÚargsrCr@rrrOsÿzS3HmacAuthV4Handler.__init__cCs| d¡r |dd…S|S)Nús3-ræ)ru)rr•rrrrUs  z%S3HmacAuthV4Handler.clean_region_namecCs0tj |j¡}tj |j¡}tjj|dd}|S)Nz/~r¨)rr±rrÓÚunquoter²)rrBrÓÚunquotedrÕrrrrÖ[sz!S3HmacAuthV4Handler.canonical_uric CsZg}t|jƒD] }tj |j|¡}| dtjj|ddtjj|ddf¡qd  |¡S)Nr¹rºr¨r¬) r„r­rr[r¯r°rr±r²r…r»rrrr½es ÿ z*S3HmacAuthV4Handler.canonical_query_stringcCs<|j}|jdk}|dkr|r|dkr|r|jSd|j|fSr¡)r¤r¥rr¦rrrrps  zS3HmacAuthV4Handler.host_headercCsF| |j|¡}d|i}|j ¡D]\}}| ¡}|dvr |||<q|S)rprq)Ú authorization)rrrVrsrtrŸrrrrvws€z#S3HmacAuthV4Handler.headers_to_signcCs¨| |¡}|jdur|j}|St|ƒdkr$| |d¡}|dkr"d}|Stt|ƒƒD]'\}}| ¡}|dkrD|| }|dkrAd}|S| d¡rQ| |¡}|Sq*|S)NrærrIrçÚ amazonawsr)rår•rÑrÚ enumerateÚreversedrtru)rrrèr•ÚoffsetÚpartrrrré‡s.  æî  ü üz)S3HmacAuthV4Handler.determine_region_namecCsdS)NrIrrärrrrê´sz*S3HmacAuthV4Handler.determine_service_namec Csœt |¡}tj |j¡}|j|_|jduri|_n|j ¡}||_|j}t|dd}|  ¡D]\}}t |t t fƒrEt |ƒdkrE|d||<q.|j |¡|S)z| Returns a copy of the request object with fixed ``auth_path/params`` attributes from the original. NT)Úkeep_blank_valuesrÍr)r3rr±rrXrÓr­Úqueryrrsr–ÚlistÚtuplerÑr,) rrÚ modified_reqÚ parsed_pathÚ copy_paramsÚraw_qsÚ existing_qsr`rxrrrÚmangle_path_and_paramsºs&   þ  € z*S3HmacAuthV4Handler.mangle_path_and_paramscs&|j d¡r |jdStt|ƒ |¡S)Núx-amz-content-sha256)rVržr?rrÜ)rrBr@rrrÜäs  zS3HmacAuthV4Handler.payloadc s^d|jvrd|jvr|j d¡|jd<n| |¡|jd<| |¡}tt|ƒj|fd|i|¤ŽS)NrÚ_sha256rö)rVÚpoprÜrr?rrD)rrrCÚ updated_reqr@rrrDês   ÿþzS3HmacAuthV4Handler.add_authNc Cs|dur tj ¡ d¡}| |j¡}| |j¡}dd|jj|dd…||f||ddœ}|jjr6|jj|d<|  |¡}t d d „|Dƒƒ}d   |¡|d <|j   |¡| |¡} d   |  d ¡dd…¡d} ||jd<| || ¡} | || ¡} | |j d<d|j|j|jtj |j ¡fS)zè Presign a request using SigV4 query params. Takes in an HTTP request and an expiration time in seconds and returns a URL. http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html Nrõríz%s/%s/%s/%s/aws4_requestrër)zX-Amz-AlgorithmzX-Amz-CredentialrŒz X-Amz-ExpiresúX-Amz-SignedHeadersrcSrÇrÈr|r}rrrrrÉz/S3HmacAuthV4Handler.presign..rŽrr‚éÿÿÿÿz UNSIGNED-PAYLOADrŒzX-Amz-Signaturez %s://%s%s?%s)rürýrþrérrêrr rYrvr„r…r­r,rßrÁrVr0rôr¥rÓrr±Ú urlencode) rrÚexpiresÚiso_dateÚregionÚservicer­rvr‡rÞrîrôrrrÚpresignõs<   üö         ÿzS3HmacAuthV4Handler.presignr )r9r:r;r<rErrrÖr½rrvrérêrrÜrDr$rFrrr@rrIs   - *  rc@s.eZdZdZdgZdd„Zdd„Zdd„Zd S) ÚSTSAnonHandlerz¥ Provides pure query construction (no actual signing). Used for making anonymous STS request for operations like ``assume_role_with_web_identity``. zsts-anoncCs tj |¡Sr )rr±r²)rrxrrrÚ _escape_value4s zSTSAnonHandler._escape_valuec Csbt| ¡ƒ}|jdd„dg}|D]}tj ||¡}| |d| | d¡¡¡qd  |¡S)NcSó| ¡Sr ©rt©ÚxrrrÚ=óz4STSAnonHandler._build_query_string..©r`rªrr¬) rr®Úsortrr[r¯r°r&r.r…)rr­r®r´r`ÚvalrrrÚ_build_query_string;s   z"STSAnonHandler._build_query_stringcKs4|j}| |j¡}tj d|¡d|d<||_dS)Nzquery_string in body: %sz!application/x-www-form-urlencodedrø)rVr0r­rr]r^r‹)rrBrCrVrrrrrDDsÿ zSTSAnonHandler.add_authN)r9r:r;r<rEr&r0rDrrrrr%*s  r%c@seZdZdZdd„ZdS)ÚQuerySignatureHelperzy Helper for Query signature based Auth handler. Concrete sub class need to implement _calc_sigature method. cKsÜ|j}|j}|jj|d<|j|d<tj ¡|d<| |j|j |j |j ¡\}}tj   d||f¡|j dkrPd|d<|dtj |¡|_tt|jƒƒ|jd <dSd |_|j d ¡d |_|jd |dtj |¡|_dS) NÚAWSAccessKeyIdÚSignatureVersionÚ Timestampúquery_string: %s Signature: %sr¸r÷røú &Signature=rùrŠrúr)rVr­rr r3rr[Úget_tsÚ_calc_signaturerWrXrr]r^rr±Ú quote_plusr‹rÀrÑrÓrÁ)rrBrCrVr­rrôrrrrDWs*  þ  ÿ  ÿzQuerySignatureHelper.add_authN)r9r:r;r<rDrrrrr1Ps r1c@s"eZdZdZdZdgZdd„ZdS)ÚQuerySignatureV0AuthHandlerzProvides Signature V0 Signingrzsign-v0c Gs tj d¡| ¡}|d|d}| | d¡¡| ¡}|jdd„dg}|D]}tj  ||¡}|  |dt j   |¡¡q*d  |¡} | t | ¡¡fS) Nzusing _calc_signature_0ÚActionr4rcSst| ¡| ¡ƒSr )Úcmprt)r*Úyrrrr+zóz=QuerySignatureV0AuthHandler._calc_signature..)r<rªr¬)rr]r^r*r,r!r®r.r[r¯r°rr±r²r…Úbase64Ú b64encoder-) rr­rrrnr®r´r`r/rrrrr8ts  z+QuerySignatureV0AuthHandler._calc_signatureN©r9r:r;r<r3rEr8rrrrr:ns  r:c@s,eZdZdZdZddgZdd„Zdd„Zd S) ÚQuerySignatureV1AuthHandlerz5 Provides Query Signature V1 Authentication. rÍzsign-v1ÚmturkcOs:tj|g|¢Ri|¤Žtj|g|¢Ri|¤Žd|_dSr )r1rrr$)rrÚkwrrrr‹s z$QuerySignatureV1AuthHandler.__init__c Gsžtj d¡| ¡}t| ¡ƒ}|jdd„dg}|D]$}| | d¡¡tj   ||¡}| |¡|  |dt j  |¡¡qd |¡}|t | ¡¡fS)Nzusing _calc_signature_1cSr'r r(r)rrrr+”r,z=QuerySignatureV1AuthHandler._calc_signature..r-rrªr¬)rr]r^r*rr®r.r,r!r[r¯r°rr±r²r…r?r@r-) rr­rrr®r´r`r/rrrrr8s    z+QuerySignatureV1AuthHandler._calc_signatureN)r9r:r;r<r3rErr8rrrrrBƒs  rBc@s$eZdZdZdZgd¢Zdd„ZdS)ÚQuerySignatureV2AuthHandlerz+Provides Query Signature V2 Authentication.é) zsign-v2Úec2rGÚemrÚfpsÚecsÚsdbÚiamÚrdsÚsnsÚsqsÚcloudformationc Cstj d¡d|| ¡|f}| ¡}| ¡|d<|jjr#|jj|d<t|  ¡ƒ}g}|D]} tj   || ¡} |  t jj| dddt jj| dd¡q-d  |¡} tj d | ¡|| 7}tj d |¡| | d ¡¡t | ¡¡} tj d t| ƒ¡tj d| ¡| | fS)Nzusing _calc_signature_2z %s %s %s ÚSignatureMethodÚ SecurityTokenrŠr¨rªr«r¬zquery string: %szstring_to_sign: %srz len(b64)=%dzbase64 encoded digest: %s)rr]r^rtr*r)rrYr„r®r[r¯r°rr±r²r…r,r!r?r@r-rÑ) rr­ÚverbrÓÚ server_namer0rr®r´r`r/rÚb64rrrr8¦s,    ÿ z+QuerySignatureV2AuthHandler._calc_signatureNrArrrrrEŸs  rEc@seZdZdZdgZdd„ZdS)ÚPOSTPathQSV2AuthHandlerz„ Query Signature V2 Authentication relocating signed query into the path and allowing POST requests with Content-Types. ÚmwscKsÊ|jj|jd<|j|jd<tj ¡|jd<| |j|j|j |j ¡\}}tj   d||f¡|jdkrGt t|jƒƒ|jd<|j dd¡|jd<nd |_|j d ¡d |_|jd |d tj |¡|_dS) Nr2r3r4r5r¸rùrøz text/plainrŠrúrr6)rr r­r3rr[r7r8rWrXrr]r^rÀrÑr‹rVržrÓrÁrr±r9)rrrCrrôrrrrDÆs&  ÿ  ÿ ÿ  ÿz POSTPathQSV2AuthHandler.add_authN)r9r:r;r<rErDrrrrrV¾s rVc Cs‚g}tj t|¡}|D]}z | ||||ƒ¡Wq tjjy#Yq w|s=|}dd„|Dƒ}tj dt |ƒt |ƒf¡‚|dS)aÇFinds an AuthHandler that is ready to authenticate. Lists through all the registered AuthHandlers to find one that is willing to handle for the requested capabilities, config and provider. :type host: string :param host: The name of the host :type config: :param config: :type provider: :param provider: Returns: An implementation of AuthHandler. Raises: boto.exception.NoAuthHandlerFound cSsg|]}|j‘qSr)r9)r~Úhandlerrrrrùr>z$get_auth_handler..zYNo handler was ready to authenticate. %d handlers were checked. %s Check your credentialsr) rÚpluginÚ get_pluginrr°rrÚ exceptionÚNoAuthHandlerFoundrÑrÀ) rrrÚrequested_capabilityÚready_handlersÚ auth_handlersrXÚchecked_handlersÚnamesrrrÚget_auth_handlerÚs"ÿþÿrbcó‡fdd„}|S)Ncsjtj dd¡r dgStj ddd¡rdgSt|dƒr1t|jddƒr1tD] }||jj vr0dgSq#ˆ|ƒS) NÚ EC2_USE_SIGV4Fr“rGú use-sigv4r"ÚendpointrŠ) ÚosÚenvironržrrrÚÚgetattrr"Ú SIGV4_DETECTrf)rÚtest©ÚfuncrrÚ_wrapper s   ÿz(detect_potential_sigv4.._wrapperr©rmrnrrlrÚdetect_potential_sigv4 s rpcrc)Ncsôtj dd¡r dgStj ddd¡rdgStˆdƒsˆˆƒStD] }|ˆjvr,dgSq ˆj}ˆj d¡r<ˆj d¡r@d|}t |ƒj }|  d ¡sS|  d ¡sSˆˆƒS|  d ¡r\ˆˆƒSt ‡fd d „t DƒƒrkˆˆƒStˆdƒrwˆjrwˆˆƒSdgS)NÚ S3_USE_SIGV4FrrIrerzhttp://zhttps://z amazonaws.comzamazonaws.com.cnzs3.amazonaws.comc3s|]}|ˆjvVqdSr )r)r~rkr(rrÚ As€z=detect_potential_s3sigv4.._wrapper..r>)rgrhržrrrÚrjrrurÚnetlocrÒÚanyÚS3_AUTH_DETECTr>)rrkrrsrlr(rrn"s6   ÿ  ÿ  ÿ z*detect_potential_s3sigv4.._wrapperrrorrlrÚdetect_potential_s3sigv4!s )rvr ).r<r?rÚboto.auth_handlerÚboto.exceptionÚ boto.pluginÚ boto.utilsr3rüÚ email.utilsrrrgrÎÚ boto.compatrrrrrrÚhashlibr r"r Ú ImportErrorrurjÚobjectr r=rHrergror’rr%r1r:rBrErVrbrprvrrrrÚsZ     þ1#Kb& 2