3 b,@sFddlmZddlZddlZyddlmZWn ek rLddlmZYnXddlm Z ddl m Z ddl m Z mZmZdd lmZmZmZdd lmZddlZdd lmZmZgZd&d dZejdddZejdd'ddZejdddZejdddZddZ ddZ!d(d d!Z"ejd!d)d"d#Z#d*d$d%Z$dS)+)absolute_importN) encodebytes) encodestring)Config)debug) encode_to_s3decode_from_s3s3_quote) time_to_epoch deunicodisecheck_bucket_name_dns_support) SortedDict)sha1sha256FcCs|sdSd}|rdpd}xht|jD]X}|r8||kr8q&||}|d krb|dt|dd|f7}q&|d|t||ddf7}q&W|od|d dS) a Format URL parameters from a params dict and returns ?parm1=val1&parm2=val2 or an empty string if there are no parameters. Output of this function should be appended directly to self.resource['uri'] - Set "always_have_equal" to always have the "=" char for a param even when there is no value for it. - Set "limited_keys" list to restrict the param string to keys that are defined in it. =Nz&%s%sT)unicode_outputz&%s=%s?r)Nr)sortedkeysr )paramsalways_have_equal limited_keysZ param_strZ equal_strkeyvaluerI/oak/stanford/groups/akundaje/marinovg/programs/s3cmd-master/S3/Crypto.pyformat_param_str s    rcCs,tjj}ttjt||tjj}|S)a{Sign a string with the secret key, returning base64 encoded results. By default the configured secret key is used, but may be overridden as an argument. Useful for REST authentication. See http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html string_to_sign should be utf-8 "bytes". and returned signature will be utf-8 encoded "bytes". ) r secret_keyrhmacnewrrdigeststrip)string_to_signr signaturerrrsign_string_v2<s r&GET/c CsXddddddddd d d d d dddddg}|dkr:tdd}tjj}|d}||jddd7}||jddd7}||jddd7}xXt|jD]H}|jdr||d||d7}|jdr||d||d7}qWt|ddd}t||d }||7}||7}t d!t |t t t |} tt|jdd} d"|d| | d#<| S)$aASign a string with the secret key, returning base64 encoded results. By default the configured secret key is used, but may be overridden as an argument. Useful for REST authentication. See http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html string_to_sign should be utf-8 "bytes". acl lifecyclelocationloggingZ notification partNumberpolicyrequestPaymentZtorrentuploadIduploadsZ versionIdZ versioningZversionswebsitedeletecorsrestoreNT) ignore_case z content-md5rz content-typedatezx-amz-:zx-emc-F)quote_backslashesr)rz SignHeaders: zAWS Authorization)rr access_keygetrr startswithr rrreprr r&rlistitems) method canonical_urir cur_headersZSUBRESOURCES_TO_INCLUDEr<r$headercanonical_querystringr% new_headersrrrsign_request_v2Js6       rHcCst|j|j|dS)aESign a URL in s3://bucket/object form with the given expiry time. The object will be accessible via the signed URL until the AWS key and secret are revoked or the expiry time is reached, even if the object is otherwise private. See: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html )bucketobjectexpiry)sign_url_base_v2rIrJ) url_to_signrKrrr sign_url_v2}srNcKsRtjj}tjj}t|d|d<tjj|d<tjj|d<t|dddd|d<d|d <tjjrpd |d <td |dd |}d }|r||d|7}d}|r||d|7}d}td|tt t |dd|d<td|dt tjj |drd}nd}|d7}||}|r4|dt|dd7}|rN|dt|dd7}|S)zcShared implementation of sign_url methods. Takes a hash of 'bucket', 'object' and 'expiry' as args.rKr< host_baserJFT)r:rhttpprotohttpsz#Expiry interpreted as epoch time %sz'GET %(expiry)d /%(bucket)s/%(object)srzresponse-content-disposition=&zresponse-content-type=zSigning plaintext: %r)rsigzUrlencoded signature: %srIz/%(proto)s://%(bucket)s.%(host_base)s/%(object)sz/%(proto)s://%(host_base)s/%(bucket)s/%(object)szC?AWSAccessKeyId=%(access_key)s&Expires=%(expiry)d&Signature=%(sig)sz&response-content-disposition=z&response-content-type=) rcontent_disposition content_typer r<rOr signurl_use_httpsrr&rr host_bucket)parmsrUrVZsigntextZparam_separatorurlrrrrLs>    rLcCstj|t|tjS)N)r r!rrr")rmsgrrrsignsr\cCs4ttd||}t||}t||}t|d}|S)z1 Input: unicode params Output: bytes ZAWS4 aws4_request)r\r)rZ dateStampZ regionNameZ serviceNameZkDateZkRegionZkServiceZkSigningrrrgetSignatureKeys    r^r us-east-1cCs^d}|dkrtdd}tj}|j} |j} tjj} | jd} | jd} t| | ||}t|ddd}t |ddj d }t |t t d krt |j}nt t t|j}||| d }d }xL|jD]@}|d ks||jdkrq||j||j<|d|j7}qWd}x.t|jD]\}}||d|d7}qW|}td|djt|jd}|d|d|d|d|d|}td|d}| d|d|dd}|d| d|dt t t|j}t tj|t|t j}|dd| d|dd|dd|}t|j}|j| ||dtd||S)Ns3T)r6z%Y%m%dT%H%M%SZz%Y%m%dF)r:r)rrr`)hostzx-amz-content-sha256z x-amz-datez$host;x-amz-content-sha256;x-amz-dater;;rr9r7zcanonical_headers = %sz,Canonical Request: %s ----------------------zAWS4-HMAC-SHA256r(r] z Credential=,zSignedHeaders=z Signature=)z x-amz-dater;zx-amz-content-sha256zsignature-v4 headers: %s)rrr<rdatetimeutcnowstrftimer^r rlstriptyperr hexdigestrrsplitr#rrArjoinr r!update)rBrbrCrregionrDbodyZservicecfgr<rtZamzdateZ datestampZ signing_keyrFZ payload_hashZcanonical_headersZsigned_headersrEZcanonical_headers_strkvZcanonical_request algorithmZcredential_scoper$r%Zauthorization_headerrGrrrsign_request_v4sV     , ,0   rvcsy t}Wntk r&tj}YnXtt|d~|dkrhxntfdddD]}|j|qTWnHj||}x8|dkrjt d|}|sP|t |8}|j|qxWWdQRX|S)Nrbcs jdS)Ni )readr)frrsz&checksum_sha256_file..r`ri ) r Exceptionr!openr iterrnseekrxminlen)filenameoffsetsizehashchunk size_leftr)ryrchecksum_sha256_files"    rc CsVy t}Wntk r&tj}YnX|dkr<|j|n|j|||||S)N)rr{r!rn)bufferrrrrrrchecksum_sha256_buffers  r)FN)r'r(NN)r'rr(Nr_Nr`)rN)rN)% __future__rsysr base64rr ImportErrorrrr,r BaseUtilsrr r Utilsr r r rrfhashlibrr__all__rappendr&rHrNrLr\r^rvrrrrrr s<        1  #  >