rmLbc@sddlZddlZddlZddlZddlmZddlmZmZddl Z ddl Z ddl m Z ddl Z ddlmZmZmZmZmZmZmZmZmZmZmZddlmZddlmZmZmZddlm Z e j!e"Z#d Z$d5Z%d Z&d Z'd ddgZ(dZ)dZ*dZ+de,fdYZ-de-fdYZ.de-fdYZ/de-fdYZ0de0fdYZ1de0fdYZ2de2fd YZ3d!e0fd"YZ4d#e-fd$YZ5d%e5fd&YZ6d'e5fd(YZ7ie.d)6e/d*6e/d+6e5d,6e6d-6e7d.6e4d/6Z8erdd0l9m:Z:e8j;e:n)e8j;ie0d16e2d26e1d36e3d46dS(6iN(t formatdate(tsha1tsha256(t itemgetter( t encodebytestensure_unicodet HTTPHeaderstjsontparse_qstquotetsixtunquoteturlsplitt urlunsplittHAS_CRT(tNoCredentialsError(tis_valid_ipv6_endpoint_urltnormalize_url_pathtpercent_encode_sequence(t MD5_AVAILABLEt@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855is%Y-%m-%dT%H:%M:%SZs%Y%m%dT%H%M%SZtexpects user-agentsx-amzn-trace-idsUNSIGNED-PAYLOADcCst|}|j}t|r.d|}nidd6dd6}|jdk r|j|j|jkrd||jf}qn|S(Ns[%s]iPthttpithttpss%s:%d(R thostnameRtporttNonetgettscheme(turlt url_partsthostt default_ports((s./usr/lib/fence-agents/bundled/botocore/auth.pyt_host_from_url7s     cCs^|j}t|tjr6tj|jd}n$t|tjrZtj|}n|S(Nsutf-8(tdatat isinstanceR t binary_typeRtloadstdecodet string_types(trequestR"((s./usr/lib/fence-agents/bundled/botocore/auth.pyt_get_body_as_dictJs  t BaseSignercBseZeZdZRS(cCstddS(Ntadd_auth(tNotImplementedError(tselfR(((s./usr/lib/fence-agents/bundled/botocore/auth.pyR+Zs(t__name__t __module__tFalsetREQUIRES_REGIONR+(((s./usr/lib/fence-agents/bundled/botocore/auth.pyR*Wst SigV2AuthcBs)eZdZdZdZdZRS(s+ Sign a request with Signature V2. cCs ||_dS(N(t credentials(R-R3((s./usr/lib/fence-agents/bundled/botocore/auth.pyt__init__cscCswtjdt|j}|j}t|dkr@d}nd|j|j|f}tj |j j j ddt }g}xt|D]v}|dkrqntj||} t|j ddd } t| j ddd } |j| d | qWd j|} || 7}tjd ||j|j dtj|jjjd} | | fS(Ns$Calculating signature using v2 auth.it/s %s %s %s sutf-8t digestmodt Signaturetsafets-_~t=t&sString to sign: %s(tloggertdebugR RtpathtlentmethodtnetlocthmactnewR3t secret_keytencodeRtsortedR t text_typeR tappendtjointupdatetbase64t b64encodetdigesttstripR&(R-R(tparamstsplitR>tstring_to_signtlhmactpairstkeytvaluet quoted_keyt quoted_valuetqstb64((s./usr/lib/fence-agents/bundled/botocore/auth.pytcalc_signaturefs0        $cCs|jdkrtn|jr0|j}n |j}|jj|dss%s:%ss (RFtsetRItget_allRHR(R-RRmtsorted_header_namesRTRU((R-s./usr/lib/fence-agents/bundled/botocore/auth.pytcanonical_headerss !cCsdj|jS(Nt (RIRP(R-RU((s./usr/lib/fence-agents/bundled/botocore/auth.pyRscCs>tgt|D]}|jj^q}dj|S(Nt;(RFRR|RNRI(R-RtnRm((s./usr/lib/fence-agents/bundled/botocore/auth.pytsigned_headerss.cCs|j|stS|j}|rt|dr|j}tj|jt}t }x$t |dD]}|j |qkW|j }|j ||S|rt |j StSdS(NtseekR9(t_should_sha256_sign_payloadtUNSIGNED_PAYLOADtbodythasattrttellt functoolstpartialtreadtPAYLOAD_BUFFERRtiterRJRvRtEMPTY_SHA256_HASH(R-R(t request_bodytpositiontread_chunksizetchecksumtchunkt hex_checksum((s./usr/lib/fence-agents/bundled/botocore/auth.pytpayload!s        cCs)|jjdstS|jjdtS(NRtpayload_signing_enabled(Rt startswithRntcontextR(R-R(((s./usr/lib/fence-agents/bundled/botocore/auth.pyR8scCs|jjg}|jt|jj}|j||j|j||j|}|j|j |d|j|j |d|j kr|j d}n|j |}|j|dj |S(Ns sX-Amz-Content-SHA256(R@tuppert_normalize_url_pathR RR>RHRRRRRmRRI(R-R(tcrR>Rt body_checksum((s./usr/lib/fence-agents/bundled/botocore/auth.pytcanonical_requestBs  cCstt|dd}|S(NR8s/~(R R(R-R>tnormalized_path((s./usr/lib/fence-agents/bundled/botocore/auth.pyRQscCsd|jjg}|j|jddd!|j|j|j|j|jddj|S(Nt timestampiit aws4_requestR5(R3RbRHRRrRsRI(R-R(tscope((s./usr/lib/fence-agents/bundled/botocore/auth.pyRUs  cCs[g}|j|jddd!|j|j|j|j|jddj|S(NRiiRR5(RHRRrRsRI(R-R(R((s./usr/lib/fence-agents/bundled/botocore/auth.pytcredential_scope]s  cCsbdg}|j|jd|j|j||jt|jdjdj|S(s Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. sAWS4-HMAC-SHA256Rsutf-8s (RHRRRRERvRI(R-R(Rtsts((s./usr/lib/fence-agents/bundled/botocore/auth.pyRQes  "cCs|jj}|jd|jd|jddd!}|j||j}|j||j}|j|d}|j||dtS(NtAWS4sutf-8RiiRRx(R3RDRzRERRrRsRn(R-RQR(RTtk_datetk_regiont k_servicet k_signing((s./usr/lib/fence-agents/bundled/botocore/auth.pyRhqs cCs|jdkrtntjj}|jt|jd<|j||j |}t j dt j d||j ||}t j d||j ||}t j d||j||dS(NRs$Calculating signature using v4 auth.sCanonicalRequest: %ssStringToSign: %ss Signature: %s(R3RRtdatetimetutcnowRdtSIGV4_TIMESTAMPRt_modify_request_before_signingRR<R=RQRht_inject_signature_to_request(R-R(t datetime_nowRRQRh((s./usr/lib/fence-agents/bundled/botocore/auth.pyR+zs   cCsjd|j|g}|j|}|jd|j||jd|dj||jd<|S(NsAWS4-HMAC-SHA256 Credential=%ssSignedHeaders=%ss Signature=%ss, t Authorization(RRRHRRIRm(R-R(Rhtauth_strR((s./usr/lib/fence-agents/bundled/botocore/auth.pyRs cCsd|jkr|jd=n|j||jjrgd|jkrQ|jd=n|jj|jd((s./usr/lib/fence-agents/bundled/botocore/auth.pyRs(R.R/RRR(((s./usr/lib/fence-agents/bundled/botocore/auth.pyRs  "tSigV4QueryAuthcBs,eZdZedZdZdZRS(icCs)tt|j|||||_dS(N(RRR4t_expires(R-R3RtRutexpires((s./usr/lib/fence-agents/bundled/botocore/auth.pyR4scCs|jjd}d}||kr1|jd=n|j|j|}idd6|j|d6|jdd6|jd6|d 6}|jjdk r|jj|d     >     %cCs|jd|7_dS(Ns&X-Amz-Signature=%s(R(R-R(Rh((s./usr/lib/fence-agents/bundled/botocore/auth.pyR,s(R.R/tDEFAULT_EXPIRESR4RR(((s./usr/lib/fence-agents/bundled/botocore/auth.pyRs  @tS3SigV4QueryAuthcBs eZdZdZdZRS(sS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html cCs|S(N((R-R>((s./usr/lib/fence-agents/bundled/botocore/auth.pyR>scCstS(N(R(R-R(((s./usr/lib/fence-agents/bundled/botocore/auth.pyRBs(R.R/RiRR(((s./usr/lib/fence-agents/bundled/botocore/auth.pyR3s  tS3SigV4PostAuthcBseZdZdZRS(s Presigns a s3 post Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html cCstjj}|jt|jdss%s:%ss (R|RRRIRRFtkeysRH(R-RmR tcustom_headersRTR tsorted_header_keys((s./usr/lib/fence-agents/bundled/botocore/auth.pytcanonical_custom_headerss   $ cCs2t|dkr|S|dt|dfSdS(s( TODO: Do we need this? iiN(R?R (R-tnv((s./usr/lib/fence-agents/bundled/botocore/auth.pyt unquote_vscCs|dk r|}n |j}|jr|jjd}g|D]}|jdd^q@}g|D](}|d|jkre|j|^qe}t|dkr|jdtdg|D]}dj |^q}|d7}|dj |7}qn|S(NR;R:iiRTt?( RR>RRPt QSAOfInterestRR?tsortRRI(R-RPt auth_pathtbuftqsata((s./usr/lib/fence-agents/bundled/botocore/auth.pytcanonical_resources    % (" cCsj|jd}||j|d7}|j|}|rM||d7}n||j|d|7}|S(Ns R(RRRR(R-R@RPRmRRtcsR((s./usr/lib/fence-agents/bundled/botocore/auth.pytcanonical_stringscCs^|jjr&|d=|jj|dsf       L   >/P.2&