o "`^hF @sxddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZddl m!Z!m"Z"m#Z#dd lm$Z$e%e&Z'd Z(d Z)d Z*d Z+gdZ,dZ-dZ.ddZ/ddZ0GdddZ1Gddde1Z2Gddde1Z3Gddde1Z4Gddde1Z5Gdd d e5Z6Gd!d"d"e6Z7Gd#d$d$e7Z8Gd%d&d&e7Z9Gd'd(d(e5Z:Gd)d*d*e:Z;Gd+d,d,e5ZGd1d2d2e=Z?Gd3d4d4e2Z@d5d6ZAe3e4e4e=e>e?eZFdS)?N)Mapping formatdate)sha1sha256) itemgetter) HAS_CRT HTTPHeaders encodebytesensure_unicodeparse_qsquoteunquoteurlsplit urlunsplit)NoAuthTokenErrorNoCredentialsErrorUnknownSignatureVersionError UnsupportedSignatureVersionError)is_valid_ipv6_endpoint_urlnormalize_url_pathpercent_encode_sequence) MD5_AVAILABLE@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ)expectz user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERcCsZt|}|j}t|rd|d}ddd}|jdur+|j||jkr+d||jf}|S)N[]Pi)httphttpsz%s:%d)rhostnamerportgetscheme)url url_partshost default_portsr(K/home/air/shanriGPT/back/venv/lib/python3.10/site-packages/botocore/auth.py_host_from_urlKs  r*cCs<|j}t|trt|d}|St|trt|}|SNutf-8)data isinstancebytesjsonloadsdecodestr)requestr-r(r(r)_get_body_as_dict^s  r5c@seZdZdZdZddZdS) BaseSignerFcCstd)Nadd_auth)NotImplementedErrorselfr4r(r(r)r7oszBaseSigner.add_authN)__name__ __module__ __qualname__REQUIRES_REGIONREQUIRES_TOKENr7r(r(r(r)r6ks r6c@seZdZdZ ddZdS) TokenSignerTcC ||_dSN) auth_token)r:rCr(r(r)__init__y zTokenSigner.__init__N)r;r<r=r?rDr(r(r(r)r@ss r@c@s(eZdZdZddZddZddZdS) SigV2Authz+ Sign a request with Signature V2. cCrArB credentialsr:rHr(r(r)rDrEzSigV2Auth.__init__cCs tdt|j}|j}t|dkrd}|jd|jd|d}tj |j j dt d}g}t|D])}|dkr;q4t||} t| ddd } t| dd d } || d | q4d |} || 7}td ||| dt|d} | | fS)Nz$Calculating signature using v2 auth.r/ r, digestmod Signaturesafez-_~=&zString to sign: %s)loggerdebugrr$pathlenmethodnetlochmacnewrH secret_keyencodersortedr3r appendjoinupdatebase64 b64encodedigeststripr2)r:r4paramssplitrVstring_to_signlhmacpairskeyvalue quoted_key quoted_valueqsb64r(r(r)calc_signatures.       zSigV2Auth.calc_signaturecCs|jdurt|jr|j}n|j}|jj|d<d|d<d|d<ttt|d<|jj r4|jj |d<| ||\}}||d<|S) NAWSAccessKeyId2SignatureVersion HmacSHA256SignatureMethod Timestamp SecurityTokenrN) rHrr-rf access_keytimestrftimeISO8601gmtimetokenrq)r:r4rfro signaturer(r(r)r7s   zSigV2Auth.add_authN)r;r<r=__doc__rDrqr7r(r(r(r)rF}s  rFc@seZdZddZddZdS) SigV3AuthcCrArBrGrIr(r(r)rDrEzSigV3Auth.__init__cCs|jdurtd|jvr|jd=tdd|jd<|jjr-d|jvr&|jd=|jj|jd<tj|jjdt d}| |jddt |  }d|jjd|d}d |jvrb|jd =||jd <dS) NDateTusegmtX-Amz-Security-Tokenr,rLzAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rHrheadersrr~rZr[r\r]rrar rdreryr2)r:r4new_hmacencoded_signaturerr(r(r)r7s*     zSigV3Auth.add_authN)r;r<r=rDr7r(r(r(r)rs rc@seZdZdZdZddZd1ddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zd0S)2 SigV4Authz+ Sign a request with Signature V4. TcCs||_||_||_dSrB)rH _region_name _service_namer:rH service_name region_namer(r(r)rDs zSigV4Auth.__init__FcCs<|rt||dt}|St||dt}|Sr+)rZr[r]r hexdigestrd)r:rkmsghexsigr(r(r)_signs zSigV4Auth._signcCsLt}|jD]\}}|}|tvr|||<qd|vr$t|j|d<|S)zk Select the headers from the request that need to be included in the StringToSign. r&)r ritemslowerSIGNED_HEADERS_BLACKLISTr*r$)r:r4 header_mapnamerllnamer(r(r)headers_to_signszSigV4Auth.headers_to_signcCs"|jr ||jS|t|jSrB)rf_canonical_query_string_params_canonical_query_string_urlrr$r9r(r(r)canonical_query_strings z SigV4Auth.canonical_query_stringcCs~g}t|tr |}|D]\}}|t|ddtt|ddfq g}t|D]\}}||d|q)d|}|S)Nz-_.~rPrRrS)r.rrr_r r3r^r`)r:rf key_val_pairsrkrlsorted_key_valsrr(r(r)rs   z(SigV4Auth._canonical_query_string_paramsc Csvd}|jr9g}|jdD]}|d\}}}|||fq g}t|D]\}}||d|q%d|}|S)NrOrSrR)queryrg partitionr_r^r`) r:partsrrpairrk_rlrr(r(r)rs z%SigV4Auth._canonical_query_string_urlcsZg}tt|}|D]}dfdd||D}||dt|q d|S)a  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. ,c3s|]}|VqdSrB) _header_value.0vr:r(r) 1s  z.SigV4Auth.canonical_headers..:rK)r^setr`get_allr_r )r:rrsorted_header_namesrkrlr(rr)canonical_headers's  zSigV4Auth.canonical_headerscCsd|S)N )r`rg)r:rlr(r(r)r7szSigV4Auth._header_valuecCs tddt|D}d|S)Ncss|] }|VqdSrB)rre)rnr(r(r)r@sz+SigV4Auth.signed_headers..;)r^rr`)r:rrr(r(r)signed_headers?s zSigV4Auth.signed_headerscCs0|jdi}|d}t|to|ddkS)Nchecksumrequest_algorithmintrailer)contextr"r.dict)r:r4checksum_context algorithmr(r(r)_is_streaming_checksum_payloadCs z(SigV4Auth._is_streaming_checksum_payloadcCs||rtS||stS|j}|r>t|dr>|}t|j t }t }t |dD]}| |q+|}|||S|rFt |StS)Nseek)r"STREAMING_UNSIGNED_PAYLOAD_TRAILER_should_sha256_sign_payloadUNSIGNED_PAYLOADbodyhasattrtell functoolspartialreadPAYLOAD_BUFFERriterrarrEMPTY_SHA256_HASH)r:r4 request_bodypositionread_chunksizerchunk hex_checksumr(r(r)payloadHs&     zSigV4Auth.payloadcCs|jdsdS|jddS)NrTpayload_signing_enabled)r$ startswithrr"r9r(r(r)rbs z%SigV4Auth._should_sha256_sign_payloadcCs|jg}|t|jj}|||||||}|| |d|| |d|j vr>|j d}n| |}||d |S)NrKX-Amz-Content-SHA256)rXupper_normalize_url_pathrr$rVr_rrrrrrr`)r:r4crrVr body_checksumr(r(r)canonical_requestls        zSigV4Auth.canonical_requestcCstt|dd}|S)Nz/~rP)r r)r:rVnormalized_pathr(r(r)r{szSigV4Auth._normalize_url_pathcCsN|jjg}||jddd||j||j|dd|SN timestampr aws4_requestrJ)rHryr_rrrr`r:r4scoper(r(r)rs     zSigV4Auth.scopecCsHg}||jddd||j||j|dd|Sr)r_rrrr`rr(r(r)credential_scopes     zSigV4Auth.credential_scopecCsHdg}||jd||||t|dd|S)z Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. AWS4-HMAC-SHA256rr,rK)r_rrrr]rr`)r:r4rstsr(r(r)rhs  zSigV4Auth.string_to_signcCsd|jj}|d||jddd}|||j}|||j}||d}|j||ddS)NAWS4rrrrT)r)rHr\rr]rrr)r:rhr4rkk_datek_region k_service k_signingr(r(r)rs zSigV4Auth.signaturecCs|jdurttj}|t|jd<||||}t dt d|| ||}t d|| ||}t d|| ||dS)Nrz$Calculating signature using v4 auth.zCanonicalRequest: %szStringToSign: %sz Signature: %s)rHrdatetimeutcnowr{SIGV4_TIMESTAMPr_modify_request_before_signingrrTrUrhr_inject_signature_to_request)r:r4 datetime_nowrrhrr(r(r)r7s          zSigV4Auth.add_authcCsVd||g}||}|d|||d|d||jd<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z Signature=z, Authorization)rrr_rr`r)r:r4rauth_strrr(r(r)rs z&SigV4Auth._inject_signature_to_requestcCsvd|jvr |jd=|||jjr"d|jvr|jd=|jj|jd<|jdds9d|jvr2|jd=t|jd<dSdS)NrrrTr)r_set_necessary_date_headersrHr~rr"rr9r(r(r)rs    z(SigV4Auth._modify_request_before_signingcCsd|jvr.|jd=tj|jdt}ttt| |jd<d|jvr,|jd=dSdSd|jvr7|jd=|jd|jd<dS)Nrr X-Amz-Date) rrstrptimerrrintcalendartimegm timetuple)r:r4datetime_timestampr(r(r)rs     z%SigV4Auth._set_necessary_date_headersN)F)r;r<r=rr>rDrrrrrrrrrrrrrrrrhrr7rrrr(r(r(r)rs2      rcs0eZdZfddZfddZddZZS) S3SigV4Authcs2t|d|jvr|jd=|||jd<dS)Nr)superrrrr9 __class__r(r)rs  z*S3SigV4Auth._modify_request_before_signingcs|jd}t|dd}|duri}|dd}|dur|Sd}|jdi}|d}t|tr<|ddkr<|d }|jd rG||jvrId S|jd d rRd St |S)N client_configs3rz Content-MD5rrrheaderrrThas_streaming_inputF) rr"getattrr.rr$rrrr)r:r4r s3_config sign_payloadchecksum_headerrrrr(r)rs&       z'S3SigV4Auth._should_sha256_sign_payloadcC|SrBr(r:rVr(r(r)rzS3SigV4Auth._normalize_url_path)r;r<r=rrr __classcell__r(r(rr)rs  )rcs8eZdZdZfddZfddZfddZZS) S3ExpressAuthTct|||||_dSrB)rrD_identity_cache)r:rHrridentity_cacherr(r)rD zS3ExpressAuth.__init__cst|dSrB)rr7r9rr(r)r7"szS3ExpressAuth.add_authcs>t|d|jvr|jj|jd<d|jvr|jd=dSdS)Nzx-amz-s3session-tokenr)rrrrHr~r9rr(r)r%s    z,S3ExpressAuth._modify_request_before_signing)r;r<r=REQUIRES_IDENTITY_CACHErDr7rrr(r(rr)r s   r c@eZdZdZddZdS)S3ExpressPostAuthTcCNtj}|t|jd<i}|jdddur|jd}i}g}|jdddur;|jd}|dddur;|d}||d<d|d<|||d<|jd|d<|ddi|d||i|d|jdi|jj dur|jj |d <|d |jj it t |d d |d <||d ||d <||jd<||jd<dS) Nrs3-presign-post-fieldss3-presign-post-policy conditionsrx-amz-algorithmx-amz-credential x-amz-dateX-Amz-S3session-Tokenr,policyx-amz-signaturerrr{rrr"rr_rHr~rbrcr0dumpsr]r2rr:r4rfieldsrrr(r(r)r71s>       zS3ExpressPostAuth.add_authN)r;r<r=rr7r(r(r(r)r.s rcsJeZdZdZdZedfdd ZddZdd Zd d Zd d Z Z S)S3ExpressQueryAuthi,T)expirescstj||||d||_dS)N)r rrD_expires)r:rHrrr r rr(r)rD_s  zS3ExpressQueryAuth.__init__c C|jd}d}||kr|jd=|||}d|||jd|j|d}|jjdur3|jj|d<t |j }t |j dd}d d | D}|jrT||ji|_d } |jrc|t|d |_|rkt|d } | t|} |} | d | d| d| | df} t| |_ dS)N content-type0application/x-www-form-urlencoded; charset=utf-8rrzX-Amz-AlgorithmzX-Amz-Credentialrz X-Amz-ExpireszX-Amz-SignedHeadersrTkeep_blank_valuescSi|] \}}||dqSrr(rkrr(r(r) zES3ExpressQueryAuth._modify_request_before_signing..rOrSrrr"rrrrr"rHr~rr$r rrrfrar-r5rr) r:r4 content_typeblocklisted_content_typer auth_paramsr%query_string_parts query_dictoperation_paramsnew_query_stringp new_url_partsr(r(r)rp>       z1S3ExpressQueryAuth._modify_request_before_signingcC|jd|7_dSNz&X-Amz-Signature=r$r:r4rr(r(r)rz/S3ExpressQueryAuth._inject_signature_to_requestcCrrBr(rr(r(r)rrz&S3ExpressQueryAuth._normalize_url_pathcCtSrBrr9r(r(r)rzS3ExpressQueryAuth.payload) r;r<r=DEFAULT_EXPIRESrrDrrrrrr(r(rr)r[s Arcs4eZdZdZeffdd ZddZddZZS)SigV4QueryAuthcr rBr!)r:rHrrr rr(r)rDr zSigV4QueryAuth.__init__c Cr#)Nr$r%rrr&rTr'cSr)r*r(r+r(r(r)r-r.zASigV4QueryAuth._modify_request_before_signing..rOrSrr/r0r1r2) r:r4r3blacklisted_content_typerr5r%r6r7r8r9r:r;r(r(r)rr<z-SigV4QueryAuth._modify_request_before_signingcCr=r>r?r@r(r(r)r rAz+SigV4QueryAuth._inject_signature_to_request)r;r<r=rErDrrrr(r(rr)rFs ArFc@s eZdZdZddZddZdS)S3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html cCrrBr(rr(r(r)r rz$S3SigV4QueryAuth._normalize_url_pathcCrBrBrCr9r(r(r)r$rDzS3SigV4QueryAuth.payloadN)r;r<r=rrrr(r(r(r)rIs rIc@r)S3SigV4PostAuthz Presigns a s3 post Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html cCr) Nrrrrrrrrx-amz-security-tokenr,rrrrr(r(r)r74s:      zS3SigV4PostAuth.add_authNr;r<r=rr7r(r(r(r)rJ, rJc@sxeZdZgdZdddZddZddZd d Zd d Zdd dZ dddZ dddZ ddZ ddZ ddZdS) HmacV1Auth)$ accelerateaclcorsdefaultObjectAcllocationlogging partNumberrrequestPaymenttorrent versioning versionIdversionswebsiteuploadsuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encodingdelete lifecycletaggingrestore storageClass notification replicationrV analyticsmetrics inventoryselectz select-typez object-lockNcCrArBrGrr(r(r)rDrEzHmacV1Auth.__init__cCs>tj|jjdtd}||dt| dS)Nr,rL) rZr[rHr\r]rrar rdrer2)r:rhrr(r(r) sign_strings zHmacV1Auth.sign_stringcCsgd}g}d|vr |d=||d<|D])}d}|D]}|}||dur6||kr6|||d}q|s>|dqd|S)N) content-md5r$daterFTrOrK) _get_daterr_rer`)r:rinteresting_headershoiihfoundrklkr(r(r)canonical_standard_headerss"   z%HmacV1Auth.canonical_standard_headerscCsg}i}|D] }|}||dur&|dr&ddd||D||<qt|}|D]}||d||q/d|S)Nx-amz-rcss|]}|VqdSrB)rerr(r(r)rs z6HmacV1Auth.canonical_custom_headers..rrK)rrr`rr^keysr_)r:rrncustom_headersrkrqsorted_header_keysr(r(r)canonical_custom_headerss      z#HmacV1Auth.canonical_custom_headerscCs$t|dkr|S|dt|dfS)z( TODO: Do we need this? r/r)rWr)r:nvr(r(r) unquote_vs zHmacV1Auth.unquote_vcs|dur|}n|j}|jrC|jd}dd|D}fdd|D}t|dkrC|jtdddd|D}|d7}|d|7}|S) NrScSsg|]}|ddqS)rRr/)rgrar(r(r) sz1HmacV1Auth.canonical_resource..cs$g|]}|djvr|qSr*) QSAOfInterestryrzrr(r)r|sr)rkcSsg|]}d|qS)rR)r`rzr(r(r)r|s?)rVrrgrWsortrr`)r:rg auth_pathbufqsar(rr)canonical_resources    zHmacV1Auth.canonical_resourcecCsN|d}|||d7}||}|r||d7}||j||d7}|S)NrKr)rrrrwr)r:rXrgrr rcsrur(r(r)canonical_strings   zHmacV1Auth.canonical_stringcCsF|jjr |d=|jj|d<|j||||d}td|||S)NrKrzStringToSign: )rHr~rrTrUri)r:rXrgrr rrhr(r(r) get_signatures  zHmacV1Auth.get_signaturecCs\|jdurttdt|j}td|j|j|j||j|j d}| ||dS)Nz(Calculating signature using hmacv1 auth.zHTTP request method: r) rHrrTrUrr$rXrrr_inject_signature)r:r4rgrr(r(r)r7s   zHmacV1Auth.add_authcCs tddS)NTrrrr(r(r)rlrEzHmacV1Auth._get_datecCs4d|jvr |jd=d|jjd|}||jd<dS)NrzAWS r)rrHry)r:r4r auth_headerr(r(r)rs zHmacV1Auth._inject_signature)NNrB)r;r<r=r}rDrirrrwryrrrr7rlrr(r(r(r)rN\s '     rNc@s0eZdZdZdZefddZddZddZd S) HmacV1QueryAuthz Generates a presigned request for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html #RESTAuthenticationQueryStringAuth rGcCs||_||_dSrB)rHr")r:rHr r(r(r)rDs zHmacV1QueryAuth.__init__cCstttt|jSrB)r3rrzr"rr(r(r)rlszHmacV1QueryAuth._get_datec Csi}|jj|d<||d<|jD]"}|}|dkr!|jd|d<q|ds*|dvr1|j|||<qt|}t|j}|drH|dd|}|d |d |d ||d f}t||_dS) NrrrNrExpiresrs)rjr$rSrr/r0r1) rHryrrrrrr$r) r:r4rr7 header_keyrqr9r:r;r(r(r)rs    z!HmacV1QueryAuth._inject_signatureN)r;r<r=rrErDrlrr(r(r(r)rs   rc@r)HmacV1PostAuthz Generates a presigned post for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html cCsi}|jdddur|jd}i}g}|jdddur.|jd}|dddur.|d}||d<|jj|d<|jjdurM|jj|d<|d|jjitt | d d|d<| |d|d<||jd<||jd<dS) NrrrrrrKr,rr) rr"rHryr~r_rbrcr0rr]r2ri)r:r4rrrr(r(r)r7Cs,      zHmacV1PostAuth.add_authNrLr(r(r(r)r:s rc@r) BearerAuthz Performs bearer token authorization by placing the bearer token in the Authorization header as specified by Section 2.1 of RFC 6750. https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 cCs>|jdurtd|jj}d|jvr|jd=||jd<dS)NzBearer r)rCrr~r)r:r4rr(r(r)r7js  zBearerAuth.add_authNrLr(r(r(r)rbrMrcCsR|D]!}|dkrt|S|tvrt|}|tvr|Sqt|dt|d)Nsmithy.api#noAuth)signature_version)AUTH_TYPE_TO_SIGNATURE_VERSIONAUTH_TYPE_MAPSrr) auth_trait auth_typerr(r(r)resolve_auth_typets   r) v2v3v3httpsrzs3-queryzs3-presign-postzs3v4-presign-postz v4-s3expresszv4-s3express-queryzv4-s3express-presign-postbearer)CRT_AUTH_TYPE_MAPS)v4zv4-querys3v4z s3v4-queryrv4arnone)zaws.auth#sigv4zaws.auth#sigv4azsmithy.api#httpBearerAuthr)GrbrrrrZr0rTrzcollections.abcr email.utilsrhashlibrroperatorrbotocore.compatrr r r r r rrrbotocore.exceptionsrrrrbotocore.utilsrrrr getLoggerr;rTrrr|rrrrr*r5r6r@rFrrrr rrrFrIrJrNrrrrrbotocore.crt.authrrarr(r(r(r)s    ,     =6-hQ0*5(