?F[c@s dZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl Z ddl Z ddl Z ddlmZmZmZmZddlmZddlmZy$ddlmZddlmZWn#ek r%ddlZeZnXd d d d d dddddddddddddddgZdddd d!d"d#d$d%d&d'd(d)g Zd*efd+YZd,eefd-YZd.eefd/YZ d0eefd1YZ!d2eefd3YZ"d4eefd5YZ#d6eefd7YZ$d8e$efd9YZ%d:efd;YZ&d<efd=YZ'd>e'efd?YZ(d@e'efdAYZ)dBe'efdCYZ*dDe*efdEYZ+edFZ,dGZ-dHZ.dS(Is/ Handles authentication required to AWS and GS iN(t formatdate(turllibt encodebytest parse_qs_safeturlparse(t AuthHandler(tBotoClientError(tsha1(tsha256s-ap-northeast-1s.ap-northeast-1s-ap-southeast-1s.ap-southeast-1s-ap-southeast-2s.ap-southeast-2s -eu-west-1s .eu-west-1s -external-1s .external-1s -sa-east-1s .sa-east-1s -us-east-1s .us-east-1s-us-gov-west-1s.us-gov-west-1s -us-west-1s .us-west-1s -us-west-2s .us-west-2s.cn-s .eu-centrals -eu-centrals.ap-northeast-2s-ap-northeast-2s .ap-south-1s -ap-south-1s .us-east-2s -us-east-2s -ca-centrals .ca-centrals .eu-west-2s -eu-west-2tHmacKeyscBsMeZdZdZdZdZdZdZdZdZ RS(sKey based Auth handler helper.cCsJ|jdks|jdkr0tjjn||_|j|dS(N(t access_keytNonet secret_keytbotot auth_handlertNotReadyToAuthenticatethosttupdate_provider(tselfRtconfigtprovider((s(lib/python2.7/site-packages/boto/auth.pyt__init__es cCsm||_tj|jjjddt|_tr`tj|jjjddt|_n d|_dS(Nsutf-8t digestmod( t _providerthmactnewR tencodetshat_hmacRt _hmac_256R (RR((s(lib/python2.7/site-packages/boto/auth.pyRks  cCs|jr dSdSdS(Nt HmacSHA256tHmacSHA1(R(R((s(lib/python2.7/site-packages/boto/auth.pyt algorithmus cCs:|jrt}nt}tj|jjjdd|S(Nsutf-8R(RRRRRRR R(RR((s(lib/python2.7/site-packages/boto/auth.pyt _get_hmac{s   cCsA|j}|j|jdt|jjdjS(Nsutf-8(R!tupdateRRtdigesttdecodetstrip(Rtstring_to_signtnew_hmac((s(lib/python2.7/site-packages/boto/auth.pyt sign_strings cCs$tj|j}|d=|d=|S(NRR(tcopyt__dict__(Rt pickled_dict((s(lib/python2.7/site-packages/boto/auth.pyt __getstate__scCs||_|j|jdS(N(R*RR(Rtdct((s(lib/python2.7/site-packages/boto/auth.pyt __setstate__s ( t__name__t __module__t__doc__RRR R!R(R,R.(((s(lib/python2.7/site-packages/boto/auth.pyR bs     tAnonAuthHandlercBs)eZdZdgZdZdZRS(s( Implements Anonymous requests. tanoncCs tt|j|||dS(N(tsuperR2R(RRRR((s(lib/python2.7/site-packages/boto/auth.pyRscKsdS(N((Rt http_requesttkwargs((s(lib/python2.7/site-packages/boto/auth.pytadd_auths(R/R0R1t capabilityRR7(((s(lib/python2.7/site-packages/boto/auth.pyR2s  tHmacAuthV1HandlercBs5eZdZddgZdZdZdZRS(s: Implements the HMAC request signing used by S3 and GS.shmac-v1ts3cCs9tj||||tj||||d|_dS(N(RRR R R(RRRR((s(lib/python2.7/site-packages/boto/auth.pyRscCs#tt|j|d|_dS(N(R4R9RR R(RR((s(lib/python2.7/site-packages/boto/auth.pyRsc Ks|j}|j}|j}d|kr=tdt|dR?R@tkeyR&tb64_hmactauth_hdrtauth((s(lib/python2.7/site-packages/boto/auth.pyR7s"        (R/R0R1R8RRR7(((s(lib/python2.7/site-packages/boto/auth.pyR9s    tHmacAuthV2HandlercBs5eZdZddgZdZdZdZRS(sJ Implements the simplified HMAC authorization used by CloudFront. shmac-v2t cloudfrontcCs9tj||||tj||||d|_dS(N(RRR R R(RRRR((s(lib/python2.7/site-packages/boto/auth.pyRscCs#tt|j|d|_dS(N(R4RMRR R(RR((s(lib/python2.7/site-packages/boto/auth.pyRscKs|j}d|kr+tdt|dRRARRBRCR(RHR (RR5R6R>RIRJRK((s(lib/python2.7/site-packages/boto/auth.pyR7s     (R/R0R1R8RRR7(((s(lib/python2.7/site-packages/boto/auth.pyRMs    tHmacAuthV3HandlercBs/eZdZdddgZdZdZRS(s@Implements the new Version 3 HMAC authorization used by Route53.shmac-v3troute53tsescCs0tj||||tj||||dS(N(RRR (RRRR((s(lib/python2.7/site-packages/boto/auth.pyRscKs|j}d|kr+tdt|dRRARRBRCR(R R (RR5R6R>RIRJts((s(lib/python2.7/site-packages/boto/auth.pyR7s    (R/R0R1R8RR7(((s(lib/python2.7/site-packages/boto/auth.pyROs tHmacAuthV3HTTPHandlercBsDeZdZdgZdZdZdZdZdZRS(sK Implements the new Version 3 HMAC authorization used by DynamoDB. s hmac-v3-httpcCs0tj||||tj||||dS(N(RRR (RRRR((s(lib/python2.7/site-packages/boto/auth.pyRscCs\i|jd6}xE|jjD]4\}}|j}|jdr |||titemstlowert startswith(RR5theaders_to_signtnametvaluetlname((s(lib/python2.7/site-packages/boto/auth.pyRXs  cCsLtg|D],}d|jj||jf^q }dj|S(s  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. s%s:%ss (tsortedRVR%tjoin(RRXtntl((s(lib/python2.7/site-packages/boto/auth.pytcanonical_headerss9cCsR|j|}|j|}dj|j|jd|d|jg}||fS(s Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. s t(RXR`R]R?R@tbody(RR5RXR`R&((s(lib/python2.7/site-packages/boto/auth.pyR&s cKsd|jkr|jd=ntdt|jd<|jjrT|jj|jdRRARRBR&R RFRGRRR#R(R R R](RtreqR6R&RXt hash_valueRJRR((s(lib/python2.7/site-packages/boto/auth.pyR7,s   ( R/R0R1R8RRXR`R&R7(((s(lib/python2.7/site-packages/boto/auth.pyRSs   tHmacAuthV4HandlercBseZdZdgZdddZedZdZdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdZRS(s: Implements the new Version 4 HMAC authorization. shmac-v4cCsBtj||||tj||||||_||_dS(N(RRR t service_namet region_name(RRRRRgRh((s(lib/python2.7/site-packages/boto/auth.pyRLs cCsvt|ts!|jd}n|rNtj||jdtj}n$tj||jdtj}|S(Nsutf-8(t isinstancetbytesRRRRt hexdigestR#(RRItmsgthextsig((s(lib/python2.7/site-packages/boto/auth.pyt_signVs '$cCs|j|j|}|jjdr7|jd}ni|d6}xf|jjD]U\}}|j}|jdrTt|tr|j d}n|||tgetRURVRWRiRjR$(RR5thost_header_valueRXRYRZR[((s(lib/python2.7/site-packages/boto/auth.pyRX`s  cCsO|j}|jdk}|dkr+| s=|dkrA|rA|Sd||fS(NthttpsiPis%s:%s(tporttprotocol(RRR5Rttsecure((s(lib/python2.7/site-packages/boto/auth.pyRpqs  %cCst|jj}g}x`|D]X}tjj|j|}|jtjj |dddtjj |ddq"Wdj |S(NtsafeRat=s-_~t&( R\tparamstkeysR RDtget_utf8_valuetappendRtparsetquoteR](RR5tparameter_namestpairstpnametpval((s(lib/python2.7/site-packages/boto/auth.pyt query_stringxs cCs|jdkrdSg}xkt|jD]Z}tjj|j|}|jdtjj |ddtjj |ddfq)Wdj |S(NtPOSTRas%s=%sRws-_.~Ry( R?R\RzR RDR|R}RR~RR](RR5R_tparamRZ((s(lib/python2.7/site-packages/boto/auth.pytcanonical_query_strings!cCsg}x}|D]u}|jj}t||}d|krP|j}ndj|jj}|jd||fq Wdjt|S(s  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. t"t s%s:%ss (RVR%tstrR]tsplitR}R\(RRXt canonicaltheadertc_namet raw_valuetc_value((s(lib/python2.7/site-packages/boto/auth.pyR`s  cCsBg|D]}d|jj^q}t|}dj|S(Ns%sRc(RVR%R\R](RRXR^R_((s(lib/python2.7/site-packages/boto/auth.pytsigned_headerss) cCsh|j}tj|jdd}tjj|}t|dkrd|jdrd|d7}n|S(Ns\t/i( R@t posixpathtnormpathtreplaceRR~Rtlentendswith(RR5tpatht normalizedtencoded((s(lib/python2.7/site-packages/boto/auth.pyt canonical_uris  ! cCsr|j}t|drAt|drAtjj|dtdSt|tsb|jd}nt|j S(Ntseektreadthash_algorithmisutf-8( RbthasattrR RDt compute_hashRRiRjRRk(RR5Rb((s(lib/python2.7/site-packages/boto/auth.pytpayloads  cCs|jjg}|j|j||j|j||j|}|j|j|d|j|j||j|j|dj |S(Ns ( R?tupperR}RRRXR`RRR](RR5tcrRX((s(lib/python2.7/site-packages/boto/auth.pytcanonical_requestscCsY|jjg}|j|j|j|j|j|j|jddj|S(Nt aws4_requestR(RR R}t timestampRhRgR](RR5tscope((s(lib/python2.7/site-packages/boto/auth.pyRs  cCs |jdS(Nt.(R(RR((s(lib/python2.7/site-packages/boto/auth.pytsplit_host_partsscCs|j|}|jdk r*|j}n]t|dkr}|ddkrUd}qt|dkrpd}q|d}n |d}|S(Nisus-govs us-gov-west-1is us-east-1i(RRhR R(RRtpartsRh((s(lib/python2.7/site-packages/boto/auth.pytdetermine_region_names     cCs8|j|}|jdk r*|j}n |d}|S(Ni(RRgR (RRRRg((s(lib/python2.7/site-packages/boto/auth.pytdetermine_service_names   cCsg}|jddd!|_|j|j|j|j}|j|j}||_||_|j|j|j|j|jddj|S(Ns X-Amz-DateiiRR( R>RR}RRRRgRhR](RR5RRhRg((s(lib/python2.7/site-packages/boto/auth.pytcredential_scopes   cCsbdg}|j|jd|j|j||jt|jdjdj|S(s Return the canonical StringToSign as well as a dict containing the original version of all headers that were included in the StringToSign. sAWS4-HMAC-SHA256s X-Amz-Datesutf-8s (R}R>RRRRkR](RR5Rtsts((s(lib/python2.7/site-packages/boto/auth.pyR&s  "cCs|jj}|jd|jd|j}|j||j}|j||j}|j|d}|j||dtS(NtAWS4sutf-8RRm(RR RoRRRhRgRA(RR5R&RItk_datetk_regiont k_servicet k_signing((s(lib/python2.7/site-packages/boto/auth.pyt signatures  c Ksd|jkr|jd=ntjj}|jd|jd<|jjrc|jj|jdtdatetimetutcnowtstrftimeRRBRR?RbRRRRRR RFRGR&RRXRR}RR]( RRdR6tnowtqst qs_to_postRR&RRXR_((s(lib/python2.7/site-packages/boto/auth.pyR7s8      N(R/R0R1R8R RtFalseRoRXRpRRR`RRRRRRRRRR&RR7(((s(lib/python2.7/site-packages/boto/auth.pyRfEs*           tS3HmacAuthV4HandlercBseZdZdgZdZdZdZdZdZdZ dZ d Z d Z d Z d Zdd ZRS(sN Implements a variant of Version 4 HMAC authorization specific to S3. s hmac-v4-s3cOs>tt|j|||jr:|j|j|_ndS(N(R4RRRhtclean_region_name(RtargsR6((s(lib/python2.7/site-packages/boto/auth.pyROs cCs|jdr|dS|S(Nss3-i(RW(RRh((s(lib/python2.7/site-packages/boto/auth.pyRUscCsFtjj|j}tjj|j}tjj|dd}|S(NRws/~(RR~RRtunquoteR(RR5RtunquotedR((s(lib/python2.7/site-packages/boto/auth.pyR[scCsg}xkt|jD]Z}tjj|j|}|jdtjj|ddtjj|ddfqWdj |S(Ns%s=%sRws-_.~Ry( R\RzR RDR|R}RR~RR](RR5R_RRZ((s(lib/python2.7/site-packages/boto/auth.pyRes !cCsU|j}|jdk}|dkr+| s=|dkrD|rD|jSd|j|fS(NRsiPis%s:%s(RtRuR(RRR5RtRv((s(lib/python2.7/site-packages/boto/auth.pyRpps  %cCsk|j|j|}i|d6}xB|jjD]1\}}|j}|dkr2|||RURV(RR5RrRXRYRZR[((s(lib/python2.7/site-packages/boto/auth.pyRXws   cCs|j|}|jdk r*|j}nt|dkrg|j|d}|dkrd}qnx~tt|D]j\}}|j}|dkr|| }|dkrd}nPqz|jdrz|j|}PqzqzW|S(NiiR:s us-east-1t amazonawsss3-( RRhR RRt enumeratetreversedRVRW(RRRRhtoffsettpart((s(lib/python2.7/site-packages/boto/auth.pyRs$         cCsdS(NR:((RR((s(lib/python2.7/site-packages/boto/auth.pyRsc Cstj|}tjj|j}|j|_|jdkrKi|_n|jj}||_|j}t |dt }xU|j D]G\}}t |t tfrt|dkr|d||RqR4RR(RR5((s(lib/python2.7/site-packages/boto/auth.pyRs cKsd|jkrSd|jkr:|jjd|jdtpopRRR4RR7(RRdR6t updated_req((s(lib/python2.7/site-packages/boto/auth.pyR7sc Cs|dkr'tjjjd}n|j|j}|j|j}idd6d|jj|d ||fd6|d6|d6d d 6}|jj r|jj |d R&RRuRRR~t urlencode( RRdtexpirestiso_datetregiontserviceRzRXR^R_RRR((s(lib/python2.7/site-packages/boto/auth.pytpresigns8     /   N(R/R0R1R8RRRRRpRXRRRRR7R R(((s(lib/python2.7/site-packages/boto/auth.pyRIs      -  *  tSTSAnonHandlercBs2eZdZdgZdZdZdZRS(s Provides pure query construction (no actual signing). Used for making anonymous STS request for operations like ``assume_role_with_web_identity``. ssts-anoncCstjj|S(N(RR~R(RRZ((s(lib/python2.7/site-packages/boto/auth.pyt _escape_value4scCst|j}|jddg}xK|D]C}tjj||}|j|d|j|jdq2Wdj |S(NRIcSs |jS(N(RV(tx((s(lib/python2.7/site-packages/boto/auth.pyt=sRxsutf-8Ry( RR{tsortR RDR|R}RR$R](RRzR{RRItval((s(lib/python2.7/site-packages/boto/auth.pyt_build_query_string;s +cKsF|j}|j|j}tjjd|d|d<||_dS(Nsquery_string in body: %ss!application/x-www-form-urlencodeds Content-Type(R>RRzR RFRGRb(RR5R6R>R((s(lib/python2.7/site-packages/boto/auth.pyR7Ds    (R/R0R1R8RRR7(((s(lib/python2.7/site-packages/boto/auth.pyR*s    tQuerySignatureHelpercBseZdZdZRS(sy Helper for Query signature based Auth handler. Concrete sub class need to implement _calc_sigature method. cKs)|j}|j}|jj|d<|j|dRzRR RR RDtget_tst_calc_signatureR?R@RRFRGRR~t quote_plusRbRRRR(RR5R6R>RzRR((s(lib/python2.7/site-packages/boto/auth.pyR7Ws       (R/R0R1R7(((s(lib/python2.7/site-packages/boto/auth.pyRPstQuerySignatureV0AuthHandlercBs&eZdZdZdgZdZRS(sProvides Signature V0 Signingissign-v0c Gstjjd|j}|d|d}|j|jd|j}|jddg}xE|D]=}tjj ||}|j |dt j j |qpWdj|} | tj|jfS( Nsusing _calc_signature_0tActionRsutf-8tcmpcSst|j|jS(N(RRV(Rty((s(lib/python2.7/site-packages/boto/auth.pyRzsRxRy(R RFRGR!R"RR{RRDR|R}RR~RR]tbase64t b64encodeR#( RRzRRRRR{RRIRR((s(lib/python2.7/site-packages/boto/auth.pyRts   %(R/R0R1RR8R(((s(lib/python2.7/site-packages/boto/auth.pyRns tQuerySignatureV1AuthHandlercBs2eZdZdZddgZdZdZRS(s5 Provides Query Signature V1 Authentication. issign-v1tmturkcOs3tj|||tj|||d|_dS(N(RRRR R(RRtkw((s(lib/python2.7/site-packages/boto/auth.pyRsc Gstjjd|j}t|j}|jddg}xh|D]`}|j|jdtj j ||}|j||j |dt j j|qNWdj|}|tj|jfS(Nsusing _calc_signature_1RIcSs |jS(N(RV(R((s(lib/python2.7/site-packages/boto/auth.pyRssutf-8RxRy(R RFRGR!RR{RR"RRDR|R}RR~RR]RRR#( RRzRRR{RRIRR((s(lib/python2.7/site-packages/boto/auth.pyRs   %(R/R0R1RR8RR(((s(lib/python2.7/site-packages/boto/auth.pyRs   tQuerySignatureV2AuthHandlerc BsGeZdZdZddddddddd d d d g Zd ZRS(s+Provides Query Signature V2 Authentication.issign-v2tec2temrtfpstecstsdbtiamtrdstsnstsqstcloudformationc Cstjjdd||j|f}|j}|j|d<|jjrd|jj|dRqRRRR~R(RRdR6RR((s(lib/python2.7/site-packages/boto/auth.pyR7s  (R/R0R1R8R7(((s(lib/python2.7/site-packages/boto/auth.pyRs c Csg}tjjt|}xE|D]=}y|j||||Wq"tjjk r^q"Xq"W|s|}g|D]}|j^qv}tjj dt |t |fn|dS(sFinds an AuthHandler that is ready to authenticate. Lists through all the registered AuthHandlers to find one that is willing to handle for the requested capabilities, config and provider. :type host: string :param host: The name of the host :type config: :param config: :type provider: :param provider: Returns: An implementation of AuthHandler. Raises: boto.exception.NoAuthHandlerFound sYNo handler was ready to authenticate. %d handlers were checked. %s Check your credentialsi( R tplugint get_pluginRR}RRR/t exceptiontNoAuthHandlerFoundRR( RRRtrequested_capabilitytready_handlerst auth_handlersthandlertchecked_handlerstnames((s(lib/python2.7/site-packages/boto/auth.pytget_auth_handlers   csfd}|S(NcstjjdtrdgStjjddtr;dgSt|drt|jddrx*t D]}||jj krfdgSqfWqn|S(Nt EC2_USE_SIGV4shmac-v4Rs use-sigv4RtendpointRa( tostenvironRqRR RRtgetattrRt SIGV4_DETECTR(Rttest(tfunc(s(lib/python2.7/site-packages/boto/auth.pyt_wrapper s ((RR((Rs(lib/python2.7/site-packages/boto/auth.pytdetect_potential_sigv4 scsfd}|S(NcsUtjjdtrdgStjjddtr;dgStdsTSx$tD]}|jkr[dgSq[Wj}jj d sjj drd|}nt |j }|j dp|j d sS|j d rSt fd tDr,Std rNjrNSdgS( Nt S3_USE_SIGV4s hmac-v4-s3R:s use-sigv4Rshttp://shttps://s amazonaws.comsamazonaws.com.cnss3.amazonaws.comc3s|]}|jkVqdS(N(R(t.0R(R(s(lib/python2.7/site-packages/boto/auth.pys AsR3(RRRqRR RRRRRWRtnetlocRtanytS3_AUTH_DETECTR3(RRRR(R(Rs(lib/python2.7/site-packages/boto/auth.pyR"s0         ((RR((Rs(lib/python2.7/site-packages/boto/auth.pytdetect_potential_s3sigv4!s)(/R1RR tboto.auth_handlertboto.exceptiont boto.plugint boto.utilsR)Rt email.utilsRRRRt boto.compatRRRRRRthashlibRRRt ImportErrorR RRtobjectR R2R9RMRORSRfRRRRRRRRRR (((s(lib/python2.7/site-packages/boto/auth.pyts           "     1#K& 2