>ac@swddlZddlmZddlmZmZmZmZmZddl m Z m Z m Z m Z mZddlmZddlmZdefdYZd efd YZd efd YZd efdYZdefdYZdefdYZdefdYZdefdYZied6ed6ed6ed6ed6ed6ed6ZdS(iN(tBytesIO(t_host_from_urlt_get_body_as_dictt BaseSignertSIGNED_HEADERS_BLACKLISTtUNSIGNED_PAYLOAD(tawscrtt HTTPHeaderstparse_qsturlsplitt urlunsplit(tpercent_encode_sequence(tNoCredentialsErrort CrtSigV4AuthcBseZeZddddgZejjjZ eZ eZ dZ dZ dZdZdZd Zd Zd Zd ZRS( t Authorizations X-Amz-DatesX-Amz-Content-SHA256sX-Amz-Security-TokencCs(||_||_||_d|_dS(N(t credentialst _service_namet _region_nametNonet_expiration_in_seconds(tselfRt service_namet region_name((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyt__init__s   c Cs|jdkrtntjjjdtjj}|j|}|j |t j j j d|jjd|jjd|jj}|j|r|r|}qd}nt}|j|rt j jj}nt j jj}t j jdt j jjd|jd|d|jd |jd |d |jd |jd |jd|d|d|j }|j!|}t j j"||} | j#|j$||dS(Nttzinfot access_key_idtsecret_access_keyt session_tokent algorithmtsignature_typetcredentials_providertregiontservicetdatetshould_sign_headertuse_double_uri_encodetshould_normalize_uri_pathtsigned_body_valuetsigned_body_header_typetexpiration_in_seconds(%RRR tdatetimetutcnowtreplacettimezonetutct_get_existing_sha256t_modify_request_before_signingRtauthtAwsCredentialsProvidert new_statict access_keyt secret_keyttokent_should_sha256_sign_payloadRt!_should_add_content_sha256_headertAwsSignedBodyHeaderTypetX_AMZ_CONTENT_SHA_256tNONEtAwsSigningConfigtAwsSigningAlgorithmtV4t_SIGNATURE_TYPERRt_should_sign_headert_USE_DOUBLE_URI_ENCODEt_SHOULD_NORMALIZE_URI_PATHRt_crt_request_from_aws_requesttaws_sign_requesttresultt_apply_signing_changes( Rtrequestt datetime_nowtexisting_sha256Rtexplicit_payloadt body_headertsigning_configt crt_requesttfuture((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pytadd_authsF               c Cs:t|j}|jr!|jnd}|jrg}x@|jjD]/\}}t|}|jd||fqFW|ddj|}n|jrd||jf}nt j j |j j}d}|jr t|jdr|j}q t|j}nt j jd|jd|d |d |} | S( Nt/s%s=%st?t&s%s?%stseektmethodtpaththeaderst body_stream(R turlRStparamstitemststrtappendtjointqueryRthttpt HttpHeadersRTRtbodythasattrRt HttpRequestRR( Rt aws_requestt url_partstcrt_pathtarraytparamtvaluet crt_headerstcrt_body_streamRK((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRASs,        cCstjt|j|_dS(N(Rt from_pairstlistRT(RRbtsigned_crt_request((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRDpscKs|jtkS(N(tlowerR(Rtnametkwargs((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR>uscCs\x-|jD]"}||jkr |j|=q q Wd|jkrXt|j|jdR.R-R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR s"   4     tCrtS3SigV4AuthcBs/eZeZeZdZdZdZRS(cCsdS(N(R(RRE((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR-scCs|jjd}t|dd}|dkr9i}n|jdd}|dk r[|S|jjd s}d|jkrtS|jjdtrtSt j |S(Nt client_configts3RuRts Content-MD5thas_streaming_input( RxRstgetattrRRVRvRTRwtFalsetsuperR5(RRERt s3_configt sign_payload((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR5s   cCstS(N(Rw(RRH((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR6s(RyRzRR?R@R-R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR~s   "tCrtSigV4AsymAuthcBseZeZddddgZejjjZ eZ eZ dZ dZ dZdZdZd Zd Zd Zd ZRS( Rs X-Amz-DatesX-Amz-Content-SHA256sX-Amz-Security-TokencCs(||_||_||_d|_dS(N(RRRRR(RRRR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRs   c Cs|jdkrtntjjjdtjj}|j|}|j |t j j j d|jjd|jjd|jj}|j|r|r|}qd}nt}|j|rt j jj}nt j jj}t j jdt j jjd|jd|d|jd |jd |d |jd |jd |jd|d|d|j }|j!|}t j j"||} | j#|j$||dS(NRRRRRRRRR R!R"R#R$R%R&R'(%RRR R(R)R*R+R,R-R.RR/R0R1R2R3R4R5RR6R7R8R9R:R;t V4_ASYMMETRICR=RRR>R?R@RRARBRCRD( RRERFRGRRHRIRJRKRL((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRMsF               c Cs:t|j}|jr!|jnd}|jrg}x@|jjD]/\}}t|}|jd||fqFW|ddj|}n|jrd||jf}nt j j |j j}d}|jr t|jdr|j}q t|j}nt j jd|jd|d |d |} | S( NRNs%s=%sRORPs%s?%sRQRRRSRTRU(R RVRSRWRXRYRZR[R\RR]R^RTRR_R`RRaRR( RRbRcRdReRfRgRhRiRK((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRA s,        cCstjt|j|_dS(N(RRjRkRT(RRbRl((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRD'scKs|jtkS(N(RmR(RRnRo((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR>,scCs\x-|jD]"}||jkr |j|=q q Wd|jkrXt|j|jdR.R-R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRs"   4     tCrtS3SigV4AsymAuthcBs/eZeZeZdZdZdZRS(cCsdS(N(R(RRE((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR-PscCs|jjd}t|dd}|dkr9i}n|jdd}|dk r[|S|jjd s}d|jkrtS|jjdtrtSt j |S(NRRRuRts Content-MD5R( RxRsRRRVRvRTRwRRR5(RRERRR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR5Ts   cCstS(N(Rw(RRH((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR6vs(RyRzRR?R@R-R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRKs   "tCrtSigV4AsymQueryAuthcBs;eZdZejjjZedZdZ dZ RS(icCs#tj|||||_dS(N(RRR(RRRRtexpires((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRsc Cstj||jjd}|dkr;|jd=nt|j}tgt|jdt j D]\}}||df^qi}|j r|j t |d|_ nt|}|}|d|d|d||df} t| |_dS( Ns content-types0application/x-www-form-urlencoded; charset=utf-8tkeep_blank_valuesitiii(RR.RTRsR RVtdictRR\RwRXtdatatupdateRR R ( RREt content_typeRctktvt query_dicttnew_query_stringtpt new_url_parts((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR.s  >   %cCsftj||t|jj}t|j}t|d|d|d||df|_dS(Niiii(RRDR RSR\RVR (RRbRlt signed_queryR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRDs ( RyRztDEFAULT_EXPIRESRR/R|tHTTP_REQUEST_QUERY_PARAMSR=RR.RD(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR{s   *tCrtS3SigV4AsymQueryAuthcBs,eZdZeZeZdZdZRS(sS3 SigV4A auth using query parameters. This signer will sign a request using query parameters and signature version 4A, i.e a "presigned url" signer. cCstS(N(R(RRE((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR5scCstS(N(R(RRH((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR6s(RyRzt__doc__RR?R@R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRs  tCrtSigV4QueryAuthcBs;eZdZejjjZedZdZ dZ RS(icCs#tj|||||_dS(N(RRR(RRRRR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRsc Cs%tj||jjd}|dkr;|jd=nt|j}tgt|jdt j D]\}}||df^qi}|j r|j |j i|_ n|j r|j t|d|_ nt|}|}|d|d|d||df} t| |_dS( Ns content-types0application/x-www-form-urlencoded; charset=utf-8RiRiii(RR.RTRsR RVRRR\RwRXRWRRRR R ( RRERRcRRRRRR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR.s$  >     %cCsftj||t|jj}t|j}t|d|d|d||df|_dS(Niiii(RRDR RSR\RVR (RRbRlRR((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRD s ( RyRzRRR/R|RR=RR.RD(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRs   -tCrtS3SigV4QueryAuthcBs,eZdZeZeZdZdZRS(sS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html cCstS(N(R(RRE((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR5(scCstS(N(R(RRH((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyR6/s(RyRzRRR?R@R5R6(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyRs  tv4sv4-querytv4ats3v4s s3v4-queryts3v4as s3v4a-query(R(tioRt botocore.authRRRRRtbotocore.compatRRRR R tbotocore.utilsR tbotocore.exceptionsR R R~RRRRRRtCRT_AUTH_TYPE_MAPS(((s2/usr/lib/fence-agents/bundled/botocore/crt/auth.pyts* ((00DG