o i @sddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZmZmZmZmZmZmZddlmZmZm Z m!Z!ddl"m#Z#m$Z$m%Z%e&e'Z(d Z)d Z*d Z+d Z,gd Z-dZ.dZ/ddZ0ddZ1GdddZ2Gddde2Z3Gddde2Z4Gddde2Z5Gddde2Z6Gddde6Z7Gd d!d!e7Z8Gd"d#d#e8Z9Gd$d%d%e8Z:Gd&d'd'e6Z;Gd(d)d)e;ZGd.d/d/e>Z?Gd0d1d1e>Z@Gd2d3d3e3ZAd4d5ZBd6d7ZCe4e5e5e>e?e@e=e8e:e9eAd8 ZDer+dd9lEmFZFeDGeFn eDGe6e;e7ed?ZHd@dAeHIDZJdS)BN)Mapping formatdate)sha1sha256) itemgetter) HAS_CRT MD5_AVAILABLE HTTPHeaders encodebytesensure_unicodeget_current_datetimeparse_qsquoteunquoteurlsplit urlunsplit)NoAuthTokenErrorNoCredentialsErrorUnknownSignatureVersionError UnsupportedSignatureVersionError)is_valid_ipv6_endpoint_urlnormalize_url_pathpercent_encode_sequence@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ)expectztransfer-encodingz user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCs\t|}|j}t|rd|d}ddd}|jdur,|j||jkr,|d|j}|S)N[]Pi)httphttps:)rhostnamerportgetscheme)url url_partshost default_portsr*S/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/botocore/auth.py_host_from_urlJs  r,cCs<|j}t|trt|d}|St|trt|}|SNutf-8)data isinstancebytesjsonloadsdecodestr)requestr/r*r*r+_get_body_as_dict]s  r7c@seZdZdZdZddZdS) BaseSignerFcCstd)Nadd_auth)NotImplementedErrorselfr6r*r*r+r9nszBaseSigner.add_authN)__name__ __module__ __qualname__REQUIRES_REGIONREQUIRES_TOKENr9r*r*r*r+r8js r8c@seZdZdZ ddZdS) TokenSignerTcC ||_dSN) auth_token)r<rEr*r*r+__init__x zTokenSigner.__init__N)r=r>r?rArFr*r*r*r+rBrs rBc@s(eZdZdZddZddZddZdS) SigV2Authz+ Sign a request with Signature V2. cCrCrD credentialsr<rJr*r*r+rFrGzSigV2Auth.__init__cCs tdt|j}|j}t|dkrd}|jd|jd|d}tj |j j dt d}g}t|D])}|dkr;q4t||} t| ddd } t| dd d } || d | q4d |} || 7}td ||| dt|d} | | fS)Nz$Calculating signature using v2 auth.r/ r. digestmod Signaturesafez-_~=&zString to sign: %s)loggerdebugrr&pathlenmethodnetlochmacnewrJ secret_keyencodersortedr5rappendjoinupdatebase64 b64encodedigeststripr4)r<r6paramssplitrXstring_to_signlhmacpairskeyvalue quoted_key quoted_valueqsb64r*r*r+calc_signatures.       zSigV2Auth.calc_signaturecCs|jdurt|jr|j}n|j}|jj|d<d|d<d|d<ttt|d<|jj r4|jj |d<| ||\}}||d<|S) NAWSAccessKeyId2SignatureVersion HmacSHA256SignatureMethod Timestamp SecurityTokenrP) rJrr/rh access_keytimestrftimeISO8601gmtimetokenrs)r<r6rhrq signaturer*r*r+r9s   zSigV2Auth.add_authN)r=r>r?__doc__rFrsr9r*r*r*r+rH|s  rHc@seZdZddZddZdS) SigV3AuthcCrCrDrIrKr*r*r+rFrGzSigV3Auth.__init__cCs|jdurtd|jvr|jd=tdd|jd<|jjr-d|jvr&|jd=|jj|jd<tj|jjdt d}| |jddt |  }d|jjd|d}d |jvrb|jd =||jd <dS) NDateTusegmtX-Amz-Security-Tokenr.rNzAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rJrheadersrrr\r]r^r_rrcr rfrgr{r4)r<r6new_hmacencoded_signaturerr*r*r+r9s*     zSigV3Auth.add_authN)r=r>r?rFr9r*r*r*r+rs rc@seZdZdZdZddZd1ddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0S)2 SigV4Authz+ Sign a request with Signature V4. TcCs||_||_||_dSrD)rJ _region_name _service_namer<rJ service_name region_namer*r*r+rFs zSigV4Auth.__init__FcCs<|rt||dt}|St||dt}|Sr-)r\r]r_r hexdigestrf)r<rmmsghexsigr*r*r+_signs zSigV4Auth._signcCsLt}|jD]\}}|}|tvr|||<qd|vr$t|j|d<|S)zk Select the headers from the request that need to be included in the StringToSign. r()r ritemslowerSIGNED_HEADERS_BLACKLISTr,r&)r<r6 header_mapnamernlnamer*r*r+headers_to_signszSigV4Auth.headers_to_signcCs"|jr ||jS|t|jSrD)rh_canonical_query_string_params_canonical_query_string_urlrr&r;r*r*r+canonical_query_strings z SigV4Auth.canonical_query_stringcCs~g}t|tr |}|D]\}}|t|ddtt|ddfq g}t|D]\}}||d|q)d|}|S)Nz-_.~rRrTrU)r0rrrarr5r`rb)r<rh key_val_pairsrmrnsorted_key_valsrr*r*r+rs   z(SigV4Auth._canonical_query_string_paramsc Csvd}|jr9g}|jdD]}|d\}}}|||fq g}t|D]\}}||d|q%d|}|S)NrQrUrT)queryri partitionrar`rb) r<partsrrpairrm_rnrr*r*r+rs z%SigV4Auth._canonical_query_string_urlcsZg}tt|}|D]}dfdd||D}||dt|q d|S)a  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. ,c3s|]}|VqdSrD) _header_value.0vr<r*r+ 0s  z.SigV4Auth.canonical_headers..r!rM)r`setrbget_allrar )r<rrsorted_header_namesrmrnr*rr+canonical_headers&s  zSigV4Auth.canonical_headerscCsd|S)N )rbri)r<rnr*r*r+r6szSigV4Auth._header_valuecCs tddt|D}d|S)Ncss|] }|VqdSrD)rrg)rnr*r*r+r?sz+SigV4Auth.signed_headers..;)r`rrb)r<rrr*r*r+signed_headers>s zSigV4Auth.signed_headerscCs0|jdi}|d}t|to|ddkS)Nchecksumrequest_algorithmintrailer)contextr$r0dict)r<r6checksum_context algorithmr*r*r+_is_streaming_checksum_payloadBs z(SigV4Auth._is_streaming_checksum_payloadcCs||rtS||stS|j}|r>t|dr>|}t|j t }t }t |dD]}| |q+|}|||S|rFt |StS)Nseek)r"STREAMING_UNSIGNED_PAYLOAD_TRAILER_should_sha256_sign_payloadUNSIGNED_PAYLOADbodyhasattrtell functoolspartialreadPAYLOAD_BUFFERriterrcrrEMPTY_SHA256_HASH)r<r6 request_bodypositionread_chunksizerchunk hex_checksumr*r*r+payloadGs&     zSigV4Auth.payloadcCs|jdsdS|jddS)Nr Tpayload_signing_enabled)r& startswithrr$r;r*r*r+ras z%SigV4Auth._should_sha256_sign_payloadcCs|jg}|t|jj}|||||||}|| |d|| |d|j vr>|j d}n| |}||d |S)NrMX-Amz-Content-SHA256)rZupper_normalize_url_pathrr&rXrarrrrrrrb)r<r6crrXr body_checksumr*r*r+canonical_requestks        zSigV4Auth.canonical_requestcCstt|dd}|S)Nz/~rR)rr)r<rXnormalized_pathr*r*r+rzszSigV4Auth._normalize_url_pathcCsN|jjg}||jddd||j||j|dd|SN timestampr aws4_requestrL)rJr{rarrrrbr<r6scoper*r*r+r~s     zSigV4Auth.scopecCsHg}||jddd||j||j|dd|Sr)rarrrrbrr*r*r+credential_scopes     zSigV4Auth.credential_scopecCsHdg}||jd||||t|dd|S)z Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. AWS4-HMAC-SHA256rr.rM)rarrrr_rrb)r<r6rstsr*r*r+rjs  zSigV4Auth.string_to_signcCsd|jj}|d||jddd}|||j}|||j}||d}|j||ddS)NAWS4rrrrT)r)rJr^rr_rrr)r<rjr6rmk_datek_region k_service k_signingr*r*r+rs zSigV4Auth.signaturecCs|jdurtt}|t|jd<||||}t dt d|| ||}t d|| ||}t d|| ||dS)Nrz$Calculating signature using v4 auth.zCanonicalRequest: %sStringToSign: %sz Signature: %s) rJrr r}SIGV4_TIMESTAMPr_modify_request_before_signingrrVrWrjr_inject_signature_to_request)r<r6 datetime_nowrrjrr*r*r+r9s         zSigV4Auth.add_authcCsVd||g}||}|d|||d|d||jd<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z Signature=, Authorization)rrrarrbr)r<r6rauth_strrr*r*r+rs z&SigV4Auth._inject_signature_to_requestcCsvd|jvr |jd=|||jjr"d|jvr|jd=|jj|jd<|jdds9d|jvr2|jd=t|jd<dSdS)NrrrTr)r_set_necessary_date_headersrJrrr$rr;r*r*r+rs    z(SigV4Auth._modify_request_before_signingcCsd|jvr.|jd=tj|jdt}ttt| |jd<d|jvr,|jd=dSdSd|jvr7|jd=|jd|jd<dS)Nrr X-Amz-Date) rdatetimestrptimerrrintcalendartimegm timetuple)r<r6datetime_timestampr*r*r+rs     z%SigV4Auth._set_necessary_date_headersN)F)r=r>r?rr@rFrrrrrrrrrrrrrrrrjrr9rrrr*r*r*r+rs2      rcs0eZdZfddZfddZddZZS) S3SigV4Authcs2t|d|jvr|jd=|||jd<dS)Nr)superrrrr; __class__r*r+rs  z*S3SigV4Auth._modify_request_before_signingcs|jd}t|dd}|duri}|dd}|dur|Sd}|jdi}|d}t|tr<|ddkr<|d }|jd rG||jvrId S|jd d rRd St |S)N client_configs3rz Content-MD5rrrheaderrr Thas_streaming_inputF) rr$getattrr0rr&rrrr)r<r6r s3_config sign_payloadchecksum_headerrrrr*r+rs&       z'S3SigV4Auth._should_sha256_sign_payloadcC|SrDr*r<rXr*r*r+rzS3SigV4Auth._normalize_url_path)r=r>r?rrr __classcell__r*r*rr+rs  )rcs8eZdZdZfddZfddZfddZZS) S3ExpressAuthTct|||||_dSrD)rrF_identity_cache)r<rJrridentity_cacherr*r+rF zS3ExpressAuth.__init__cst|dSrD)rr9r;rr*r+r9!szS3ExpressAuth.add_authcs>t|d|jvr|jj|jd<d|jvr|jd=dSdS)Nzx-amz-s3session-tokenr)rrrrJrr;rr*r+r$s    z,S3ExpressAuth._modify_request_before_signing)r=r>r?REQUIRES_IDENTITY_CACHErFr9rr r*r*rr+r s   r c@eZdZdZddZdS)S3ExpressPostAuthTcCJt}|t|jd<i}|jdddur|jd}i}g}|jdddur9|jd}|dddur9|d}||d<d|d<|||d<|jd|d<|ddi|d||i|d|jdi|jjdur|jj|d <|d |jjit t | d d |d <||d ||d <||jd<||jd<dS) Nrs3-presign-post-fieldss3-presign-post-policy conditionsrx-amz-algorithmx-amz-credential x-amz-dateX-Amz-S3session-Tokenr.policyx-amz-signaturer r}rrr$rrarJrrdrer2dumpsr_r4rr<r6rfieldsrrr*r*r+r90s>      zS3ExpressPostAuth.add_authN)r=r>r?rr9r*r*r*r+r-s rcsJeZdZdZdZedfdd ZddZdd Zd d Zd d Z Z S)S3ExpressQueryAuthi,T)expirescstj||||d||_dS)N)rrrF_expires)r<rJrrrr"rr*r+rF^s  zS3ExpressQueryAuth.__init__c C|jd}d}||kr|jd=|||}d|||jd|j|d}|jjdur3|jj|d<t |j }t |j dd}d d | D}|jrT||ji|_d } |jrc|t|d |_|rkt|d } | t|} |} | d | d| d| | df} t| |_ dS)N content-type0application/x-www-form-urlencoded; charset=utf-8rrzX-Amz-AlgorithmzX-Amz-Credentialrz X-Amz-ExpireszX-Amz-SignedHeadersrTkeep_blank_valuescSi|] \}}||dqSrr*rkrr*r*r+ zES3ExpressQueryAuth._modify_request_before_signing..rQrUrrr$rrrrr$rJrrr&rrrrhrcr/r7rr) r<r6 content_typeblocklisted_content_typer auth_paramsr'query_string_parts query_dictoperation_paramsnew_query_stringp new_url_partsr*r*r+ro>       z1S3ExpressQueryAuth._modify_request_before_signingcC|jd|7_dSNz&X-Amz-Signature=r&r<r6rr*r*r+rz/S3ExpressQueryAuth._inject_signature_to_requestcCrrDr*rr*r*r+rr z&S3ExpressQueryAuth._normalize_url_pathcCtSrDrr;r*r*r+rzS3ExpressQueryAuth.payload) r=r>r?DEFAULT_EXPIRESrrFrrrrr r*r*rr+r!Zs Ar!cs4eZdZdZeffdd ZddZddZZS)SigV4QueryAuthcr rDr#)r<rJrrr"rr*r+rFrzSigV4QueryAuth.__init__c Cr%)Nr&r'rrr(rTr)cSr+r,r*r-r*r*r+r/r0zASigV4QueryAuth._modify_request_before_signing..rQrUrr1r2r3r4) r<r6r5blacklisted_content_typerr7r'r8r9r:r;r<r=r*r*r+rr>z-SigV4QueryAuth._modify_request_before_signingcCr?r@rArBr*r*r+r rCz+SigV4QueryAuth._inject_signature_to_request)r=r>r?rGrFrrr r*r*rr+rHs ArHc@s eZdZdZddZddZdS)S3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html cCrrDr*rr*r*r+rr z$S3SigV4QueryAuth._normalize_url_pathcCrDrDrEr;r*r*r+r#rFzS3SigV4QueryAuth.payloadN)r=r>r?rrrr*r*r*r+rKs rKc@r)S3SigV4PostAuthz Presigns a s3 post Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html cCr) Nrrrrrrrrx-amz-security-tokenr.rrrrr*r*r+r93s:     zS3SigV4PostAuth.add_authNr=r>r?rr9r*r*r*r+rL+ rLc@sxeZdZgdZdddZddZddZd d Zd d Zdd dZ dddZ dddZ ddZ ddZ ddZdS) HmacV1Auth)$ accelerateaclcorsdefaultObjectAcllocationlogging partNumberrrequestPaymenttorrent versioning versionIdversionswebsiteuploadsuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encodingdelete lifecycletaggingrestore storageClass notification replicationrX analyticsmetrics inventoryselectz select-typez object-lockNcCrCrDrIrr*r*r+rFrGzHmacV1Auth.__init__cCs>tj|jjdtd}||dt| dS)Nr.rN) r\r]rJr^r_rrcr rfrgr4)r<rjrr*r*r+ sign_strings zHmacV1Auth.sign_stringcCsgd}g}d|vr |d=||d<|D])}d}|D]}|}||dur6||kr6|||d}q|s>|dqd|S)N) content-md5r&daterFTrQrM) _get_daterrargrb)r<rinteresting_headershoiihfoundrmlkr*r*r+canonical_standard_headerss"   z%HmacV1Auth.canonical_standard_headerscCsg}i}|D] }|}||dur&|dr&ddd||D||<qt|}|D]}||d||q/d|S)Nx-amz-rcss|]}|VqdSrD)rgrr*r*r+rs z6HmacV1Auth.canonical_custom_headers..r!rM)rrrbrr`keysra)r<rrpcustom_headersrmrssorted_header_keysr*r*r+canonical_custom_headerss      z#HmacV1Auth.canonical_custom_headerscCs$t|dkr|S|dt|dfS)z( TODO: Do we need this? r1r)rYr)r<nvr*r*r+ unquote_vs zHmacV1Auth.unquote_vcs|dur|}n|j}|jrC|jd}dd|D}fdd|D}t|dkrC|jtdddd|D}|d7}|d|7}|S) NrUcSsg|]}|ddqS)rTr1rirar*r*r+ sz1HmacV1Auth.canonical_resource..cs$g|]}|djvr|qSr,) QSAOfInterestr{r}rr*r+rsr)rmcSsg|]}d|qS)rT)rbr}r*r*r+rs?)rXrrirYsortrrb)r<ri auth_pathbufqsar*rr+canonical_resources    zHmacV1Auth.canonical_resourcecCsN|d}|||d7}||}|r||d7}||j||d7}|S)NrMr)rrtryr)r<rZrirr"rcsrwr*r*r+canonical_strings   zHmacV1Auth.canonical_stringcCsB|jjr |d=|jj|d<|j||||d}td|||S)NrMrr)rJrrrVrWrk)r<rZrirr"rrjr*r*r+ get_signatures   zHmacV1Auth.get_signaturecCsX|jdurttdt|j}td|j|j|j||j|j d}| ||dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %sr) rJrrVrWrr&rZrrr_inject_signature)r<r6rirr*r*r+r9s   zHmacV1Auth.add_authcCs tddS)NTrrrr*r*r+rnrGzHmacV1Auth._get_datecCs4d|jvr |jd=d|jjd|}||jd<dS)NrzAWS r!)rrJr{)r<r6r auth_headerr*r*r+rs zHmacV1Auth._inject_signature)NNrD)r=r>r?rrFrkrtryr{rrrr9rnrr*r*r*r+rP[s '     rPc@s0eZdZdZdZefddZddZddZd S) HmacV1QueryAuthz Generates a presigned request for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html #RESTAuthenticationQueryStringAuth rIcCs||_||_dSrD)rJr$)r<rJr"r*r*r+rFs zHmacV1QueryAuth.__init__cCstttt|jSrD)r5rr|r$rr*r*r+rnszHmacV1QueryAuth._get_datec Csi}|jj|d<||d<|jD]"}|}|dkr!|jd|d<q|ds*|dvr1|j|||<qt|}t|j}|drH|dd|}|d |d |d ||d f}t||_dS) NrtrPrExpiresru)rlr&rUrr1r2r3) rJr{rrrrrr&r) r<r6rr9 header_keyrsr;r<r=r*r*r+rs    z!HmacV1QueryAuth._inject_signatureN)r=r>r?rrGrFrnrr*r*r*r+rs   rc@r)HmacV1PostAuthz Generates a presigned post for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html cCsi}|jdddur|jd}i}g}|jdddur.|jd}|dddur.|d}||d<|jj|d<|jjdurM|jj|d<|d|jjitt | d d|d<| |d|d<||jd<||jd<dS) NrrrrtrMr.rr) rr$rJr{rrardrer2rr_r4rk)r<r6r rrr*r*r+r9Bs,      zHmacV1PostAuth.add_authNrNr*r*r*r+r9s rc@r) BearerAuthz Performs bearer token authorization by placing the bearer token in the Authorization header as specified by Section 2.1 of RFC 6750. https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 cCs>|jdurtd|jj}d|jvr|jd=||jd<dS)NzBearer r)rErrr)r<r6rr*r*r+r9is  zBearerAuth.add_authNrNr*r*r*r+rarOrcCsR|D]!}|dkrt|S|tvrt|}|tvr|Sqt|dt|d)Nsmithy.api#noAuthsignature_version)AUTH_TYPE_TO_SIGNATURE_VERSIONAUTH_TYPE_MAPSrr) auth_trait auth_typerr*r*r+resolve_auth_typess   rcsdd|Ddd|D}|rtd||}fddt|D}|D]}|dkr4t|St|}|tvrA|Sq(tdt d) NcSsg|] }|ddqS#r|rr%r*r*r+rr0z2resolve_auth_scheme_preference..cSsg|]}|tvr|qSr*)AUTH_PREF_TO_SIGNATURE_VERSIONrr*r*r+r z/Unsupported auth schemes in preference list: %rcsg|]}|vr|qSr*r*rservice_supportedr*r+rrnoAuthrr) rVrWrfromkeysrr$rrrbr`)preference_list auth_options unsupportedcombinedprioritized_schemesr% sig_versionr*rr+resolve_auth_scheme_preferences,    r) v2v3v3httpsrzs3-queryzs3-presign-postzs3v4-presign-postz v4-s3expresszv4-s3express-queryzv4-s3express-presign-postbearer)CRT_AUTH_TYPE_MAPS)v4zv4-querys3v4z s3v4-queryrv4arnone)zaws.auth#sigv4zaws.auth#sigv4azsmithy.api#httpBearerAuthrcCs i|] \}}|dd|qSrr|)r auth_schemerr*r*r+r/sr/)Krdrrrr\r2rVr|collections.abcr email.utilsrhashlibrroperatorrbotocore.compatrr r r r r rrrrrbotocore.exceptionsrrrrbotocore.utilsrrr getLoggerr=rVrrr~rrrrr,r7r8rBrHrrrr rr!rHrKrLrPrrrrrrbotocore.crt.authrrcrrrr*r*r*r+s    4    =6-hQ0*5( !