]jo ddlZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZmZmZmZmZmZmZddlmZmZm Z m!Z!ddl"m#Z#m$Z$m%Z%ejLe'Z(d Z)d Z*d Z+d Z,gd Z-dZ.dZ/dZ0dZ1GddZ2Gdde2Z3Gdde2Z4Gdde2Z5Gdde2Z6Gdde6Z7Gdde7Z8Gd d!e8Z9Gd"d#e8Z:Gd$d%e6Z;Gd&d'e;Z<Gd(d)e6Z=Gd*d+e2Z>Gd,d-e>Z?Gd.d/e>Z@Gd0d1e3ZAd2ZBd3ZCe4e5e5e>e?e@e=e8e:e9eAd4 ZDerdd5lEmFZFeDjeFneDje6e;e7eN)Mapping formatdate)sha1sha256) itemgetter) HAS_CRT MD5_AVAILABLE HTTPHeaders encodebytesensure_unicodeget_current_datetimeparse_qsquoteunquoteurlsplit urlunsplit)NoAuthTokenErrorNoCredentialsErrorUnknownSignatureVersionError UnsupportedSignatureVersionError)is_valid_ipv6_endpoint_urlnormalize_url_pathpercent_encode_sequence@e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855iz%Y-%m-%dT%H:%M:%SZz%Y%m%dT%H%M%SZ) connectionexpectz keep-alivezproxy-authenticatezproxy-authorizationtetrailerztransfer-encodingupgradez user-agentzx-amzn-trace-idzUNSIGNED-PAYLOADz"STREAMING-UNSIGNED-PAYLOAD-TRAILERct|}|j}t|rd|d}ddd}|j9|j|j |j k7r|d|j}|S)N[]Pi)httphttps:)rhostnamerportgetscheme)url url_partshost default_portss 7/root/env/lib/python3.12/site-packages/botocore/auth.py_host_from_urlr1Qs}  I   D!#&4&{M~~! >>]..y/?/?@ @V1Y^^,-D Kc|j}t|tr&tj|j d}|St|t rtj|}|SNutf-8)data isinstancebytesjsonloadsdecodestr)requestr6s r0_get_body_as_dictr>dsT <D#NN+2ell^2dV2F    ' ' . .w 76 &> 9Ck!s $Eszz'2: ^**734u||~.446==gFCyr2c|j t|jr |j}n |j}|jj|d<d|d<d|d<t j tt j|d<|jjr|jj|d<|j||\}}||d<|S) NAWSAccessKeyId2SignatureVersion HmacSHA256SignatureMethod Timestamp SecurityTokenr^) rVrr6rv access_keytimestrftimeISO8601gmtimetokenr)rEr=rvr signatures r0rBzSigV2Auth.add_auths    #$& & <<\\F^^F#'#3#3#>#> %(!"$0 !"mmGT[[]C{    ! !&*&6&6&<&d|jvr |jd=|jj|jd<t j |jjjdt}|j|jdjdt|jj}d|jjd|jd}d |jvr |jd =||jd <y) NDateTusegmtX-Amz-Security-Tokenr5r\zAWS3-HTTPS AWSAccessKeyId=z ,Algorithm=HmacSHA256,Signature=zX-Amzn-Authorization)rVrheadersrrrjrkrlrmrrqr rtrurr;)rEr=new_hmacencoded_signaturers r0rBzSigV3Auth.add_authsL    #$& & W__ $'",D"9    ! !%8OO$:;6:6F6F6L6LGOO2 388    ' ' . .w 76  /66w?@'(9:@@B()9)9)D)D(EF..?.F.Fw.O-P R  "W__ 4 672;./r2N)rFrGrHrQrBrKr2r0rrs '>66w~~F F33HW[[4IJ Jr2c :g}t|tr|j}|D]7\}}|jt |dt t |df9g}t |D]\}}|j|d|dj|}|S)Nz-_.~r`rbrc)r7rrrorr<rnrp)rErv key_val_pairsr{r|sorted_key_valsrs r0rz(SigV4Auth._canonical_query_string_params s fg &\\^F  JC  s(%E *HI  !/ 5JC  " "cU!E7#3 4 5!$/!:%%r2c.d}|jrg}|jjdD]*}|jd\}}}|j||f,g}t |D]\}}|j|d|dj |}|S)Nr_rcrb)queryrw partitionrornrp) rEpartsrrpairr{_r|rs r0rz%SigV4Auth._canonical_query_string_urls!# ;;M ))#. 3 $s 3 Q$$c5\2 3!O%]3 9 U&&#aw'78 9%(XXo%> "%%r2cg}tt|}|D]J}djfd|j|D}|j |dt |Ldj|S)a  Return the headers that need to be included in the StringToSign in their canonical form by converting all header keys to lower case, sorting them in alphabetical order and then joining them into a string, separated by newlines. ,c3@K|]}j|ywrO) _header_value).0vrEs r0 z.SigV4Auth.canonical_headers..7s!*+""1%sr'r[)rnsetrpget_allror )rErrsorted_header_namesr{r|s` r0canonical_headerszSigV4Auth.canonical_headers-s$S%9:& =CHH/>/F/Fs/KE NNcU!N5$9#:; <  = yy!!r2c@dj|jS)N )rprw)rEr|s r0rzSigV4Auth._header_value=s xx &&r2cZtdt|D}dj|S)Nc3XK|]"}|jj$ywrO)rru)rns r0rz+SigV4Auth.signed_headers..FsIq*Is(*;)rnrrp)rErrs r0signed_headerszSigV4Auth.signed_headersEs&IC4HIIxx  r2c|jjdi}|jd}t|txr|jddk(S)Nchecksumrequest_algorithminr)contextr*r7dict)rEr=checksum_context algorithms r0_is_streaming_checksum_payloadz(SigV4Auth._is_streaming_checksum_payloadIsJ"??..z2>$(()<= )T*Oy}}T/Bi/OOr2c|j|rtS|j|stS|j}|rt |dr|j }tj|jt}t}t|dD]}|j||j}|j||S|rt|jSt S)Nseekr2)r"STREAMING_UNSIGNED_PAYLOAD_TRAILER_should_sha256_sign_payloadUNSIGNED_PAYLOADbodyhasattrtell functoolspartialreadPAYLOAD_BUFFERriterrqrrEMPTY_SHA256_HASH)rEr= request_bodypositionread_chunksizerchunk hex_checksums r0payloadzSigV4Auth.payloadNs  . .w 75 511':$ #|| GL&9#((*H&..!!>NxHnc2 '& '#--/L   h '  ,'113 3$ $r2cr|jjdsy|jjddS)Nr&Tpayload_signing_enabled)r, startswithrr*rDs r0rz%SigV4Auth._should_sha256_sign_payloadhs1{{%%g. ""#>r2c|j tt}|jt|j d<|j ||j|}tjdtjd||j||}tjd||j||}tjd||j||y)Nrz$Calculating signature using v4 auth.zCanonicalRequest: %sStringToSign: %sz Signature: %s) rVrrrSIGV4_TIMESTAMPr_modify_request_before_signingrrdrerxr_inject_signature_to_request)rEr= datetime_nowrrxrs r0rBzSigV4Auth.add_auths    #$& &+- '3'<'<_'M $ ++G4 227; ;< ,.?@,,W6GH (.9NN>7;  %y1 ))'9=r2cd|j|g}|j|}|jd|j||jd|dj ||j d<|S)NzAWS4-HMAC-SHA256 Credential=zSignedHeaders=z Signature=, Authorization)rrrorrpr)rEr=rauth_strrs r0rz&SigV4Auth._inject_signature_to_requests~24::g3F2GHI..w7T00AB C  *YK01+/99X+>(r2cd|jvr |jd=|j||jjr>d|jvr |jd=|jj|jd<|jj dds/d|jvr |jd=t |jd<yy)NrrrTr)r_set_necessary_date_headersrVrrr*rrDs r0rz(SigV4Auth._modify_request_before_signings goo -0 ((1    ! !%8OO$:;6:6F6F6L6LGOO2 3""#$ GIr2rc.eZdZfdZfdZdZxZS) S3SigV4Authct||d|jvr |jd=|j||jd<y)Nr)superrrrrEr= __class__s r0rz*S3SigV4Auth._modify_request_before_signingsA .w7 !W__ 4 6726,,w2G./r2c|jjd}t|dd}|i}|jdd}||Sd}|jjdi}|jd}t|tr|jddk(r|d }|j j d r||jvry |jjd d ry t|%|S)N client_configs3rz Content-MD5rrrheaderrr&Thas_streaming_inputF) rr*getattrr7rr,rrr%r) rEr=r) s3_config sign_payloadchecksum_headerrrr's r0rz'S3SigV4Auth._should_sha256_sign_payloads ++O< M46   I!}}%>E  #  ("??..z2>$(()<= i &9==+>(+J'/O &&w/goo5 ??  4e <w27;;r2c|SrOrKrErfs r0rzS3SigV4Auth._normalize_url_path r2)rFrGrHrrr __classcell__r's@r0r#r#sH' J__%=>F ??  7 > J__%=>Fzz,-9#L1 )|$6 !%)ZZ%8!"&{;|,.@AB-tzz'/BCD<)EFG    ! ! -.2.>.>.D.DF* +   ($*:*:*@*@A  "++ JJv  % %g . &/ x%)NN6(3CW$M !4:014:01r2N)rFrGrHr=rBrKr2r0r?r?4s "';r2r?cDeZdZdZdZedfd ZdZdZdZdZ xZ S) S3ExpressQueryAuthi,T)expiresc:t|||||||_y)N)r:r%rQ_expires)rErVrrr:rPr's r0rQzS3ExpressQueryAuth.__init__es,    )    r2cN|jjd}d}||k(r |jd=|j|j|}d|j ||j d|j |d}|jj|jj|d<t|j}t|jd}|jD cic] \}} || d  } }} |jr"| j|ji|_d } |j r!| jt#|d |_| rt%| d z} | t%|} |} | d | d | d | | df}t'||_ ycc} }w)N content-type0application/x-www-form-urlencoded; charset=utf-8rrzX-Amz-AlgorithmzX-Amz-Credentialrz X-Amz-ExpireszX-Amz-SignedHeadersrGTkeep_blank_valuesrr_rcrr*rrrrrSrVrrr,rrrrvrqr6r>rr)rEr= content_typeblocklisted_content_typer auth_paramsr-query_string_partskr query_dictoperation_paramsnew_query_stringp new_url_partss r0rz1S3ExpressQueryAuth._modify_request_before_signingvs**>: > ! 3 3/ ,,T-A-A'-JK 2 $ 7 3!//+6!]]#1      ! ! -373C3C3I3IK/ 0W[[) &iooN*<*B*B*DE$!Qa1gE E >>   gnn -GN <<   /8 9GL 6zBSH  !8!E F G  1qtQqT+;QqTB  / AF,F!c4|xjd|z c_yNz&X-Amz-Signature=r,rEr=rs r0rz/S3ExpressQueryAuth._inject_signature_to_request  *9+66 r2c|SrOrKr2s r0rz&S3ExpressQueryAuth._normalize_url_pathr3r2ctSrOrrDs r0rzS3ExpressQueryAuth.payload  r2) rFrGrHDEFAULT_EXPIRESr=rQrrrrr4r5s@r0rOrOas-O"  "?0B7  r2rOc2eZdZdZeffd ZdZdZxZS)SigV4QueryAuthc6t||||||_yrOrR)rErVrrrPr's r0rQzSigV4QueryAuth.__init__s lK@ r2cN|jjd}d}||k(r |jd=|j|j|}d|j ||j d|j |d}|jj|jj|d<t|j}t|jd}|jD cic] \}} || d  } }} |jr"| j|ji|_d } |j r!| jt#|d |_| rt%| d z} | t%|} |} | d | d | d | | df}t'||_ ycc} }w)NrUrVrrrWrTrXrr_rcrZr[r\r])rEr=r^blacklisted_content_typerr`r-rarbrrcrdrerfrgs r0rz-SigV4QueryAuth._modify_request_before_signings**>: > ! 3 3/ ,,T-A-A'-JK 2 $ 7 3!//+6!]]#1      ! ! -262B2B2H2HK. /W[[) &iooN*<*B*B*DE$!Qa1gE E >>   gnn -GN <<   /8 9GL 6zBSH  !8!E F G  1qtQqT+;QqTB  / AFrhc4|xjd|z c_yrjrkrls r0rz+SigV4QueryAuth._inject_signature_to_requestrmr2)rFrGrHrrrQrrr4r5s@r0rtrtsO?N ?0B7r2rtceZdZdZdZdZy)S3SigV4QueryAuthaS3 SigV4 auth using query parameters. This signer will sign a request using query parameters and signature version 4, i.e a "presigned url" signer. Based off of: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html c|SrOrKr2s r0rz$S3SigV4QueryAuth._normalize_url_path&r3r2ctSrOrprDs r0rzS3SigV4QueryAuth.payload*rqr2N)rFrGrHrrrrKr2r0r{r{s  r2r{ceZdZdZdZy)S3SigV4PostAuthz Presigns a s3 post Implementation doc here: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html ct}|jt|jd<i}|jj dd|jd}i}g}|jj dd&|jd}|j dd|d}||d<d|d<|j ||d<|jd|d<|j ddi|j d|j |i|j d|jdi|jj@|jj|d <|j d |jjitjtj|jd jd |d <|j|d ||d <||jd<||jd<y) NrrArBrCrrDrErFx-amz-security-tokenr5rHrIrJrLs r0rBzS3SigV4PostAuth.add_auth:s+- '3'<'<_'M $ ??  7 > J__%=>F ??  7 > J__%=>Fzz,-9#L1 )|$6 !%)ZZ%8!"&{;|,.@AB-tzz'/BCD<)EFG    ! ! --1-=-=-C-CF) *   5t7G7G7M7MN O"++ JJv  % %g . &/ x%)NN6(3CW$M !4:014:01r2NrFrGrHrrBrKr2r0rr2s %;r2rcbeZdZgdZddZdZdZdZdZddZ dd Z dd Z d Z d Z d Zy) HmacV1Auth)$ accelerateaclcorsdefaultObjectAcllocationlogging partNumberrHrequestPaymenttorrent versioning versionIdversionswebsiteuploadsuploadIdzresponse-content-typezresponse-content-languagezresponse-expireszresponse-cache-controlzresponse-content-dispositionzresponse-content-encodingdelete lifecycletaggingrestore storageClass notification replicationr analyticsmetrics inventoryselectz select-typez object-lockNc||_yrOrUrs r0rQzHmacV1Auth.__init__rXr2c*tj|jjj dt }|j |j dt|jjjdS)Nr5r\) rjrkrVrlrmrrqr rtrur;)rErxrs r0 sign_stringzHmacV1Auth.sign_stringsk88    ' ' . .w 74  --g678??,-335<.s2&' 2sr'r[)rrrprrnkeysro)rErrcustom_headersr{rsorted_header_keyss r0canonical_custom_headersz#HmacV1Auth.canonical_custom_headerss CBs|'==*),2+2??3+?2*N2&  $N$7$7$9:% 7C JJ#as 345 6 7yy~r2cHt|dk(r|S|dt|dfS)z( TODO: Do we need this? rZr)rgr)rEnvs r0 unquote_vzHmacV1Auth.unquote_vs+ r7a<IqE72a5>* *r2c||}n |j}|jr|jjd}|Dcgc]}|jdd}}|Dcgc]%}|d|jvs|j |'}}t |dkDrR|j td|Dcgc]}dj|}}|dz }|dj|z }|Scc}wcc}wcc}w)NrcrbrZr)r{?) rfrrw QSAOfInterestrrgsortrrp)rErw auth_pathbufqsaas r0canonical_resourcezHmacV1Auth.canonical_resources  C**C ;;++##C(C,/0q1773?0C0+.&'!A$$:L:L2Lq!C3x!|Z]+,/0qsxx{00s sxx}$ 1 1sC*C/3C/5C4c|jdz}||j|dzz }|j|}|r||dzz }||j||z }|S)Nr[r)rrrr)rErhrwrrPrcsrs r0canonical_stringzHmacV1Auth.canonical_stringso\\^d " d--g6==66w?  .4' 'B d%%ey%AA r2c|jjr|d=|jj|d<|j||||}tj d||j |S)Nrrr)rVrrrdrer)rErhrwrrPrrxs r0 get_signaturezHmacV1Auth.get_signaturess    ! !./.2.>.>.D.DG* +.. E7i/   (.9//r2cF|jttjdt |j }tjd|j |j|j ||j|j}|j||y)Nz(Calculating signature using hmacv1 auth.zHTTP request method: %sr) rVrrdrerr,rhrrr_inject_signature)rEr=rwrs r0rBzHmacV1Auth.add_auths    #$ $ ?@% .?&& NNE7??g>O>O'  w 2r2ctdS)NTrrrEs r0rzHmacV1Auth._get_dates &&r2cd|jvr |jd=d|jjd|}||jd<y)NrzAWS r')rrVr)rEr=r auth_headers r0rzHmacV1Auth._inject_signaturesI goo -0T--8899+F +6(r2)NNrO)rFrGrHrrQrrrrrrrrBrrrKr2r0rrbsN%MN'F" +6?C ?C 0 3' 7r2rc*eZdZdZdZefdZdZdZy)HmacV1QueryAuthz Generates a presigned request for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html #RESTAuthenticationQueryStringAuth ruc ||_||_yrO)rVrS)rErVrPs r0rQzHmacV1QueryAuth.__init__s& r2cztttjt|jzSrO)r<rrrSrs r0rzHmacV1QueryAuth._get_dates&3tyy{S%77899r2ci}|jj|d<||d<|jD]R}|j}|dk(r|jd|d<+|j ds|dvsA|j|||<Tt |}t |j}|dr |dd|}|d |d |d ||d f}t||_y) Nrr^rExpiresr)rrUrcrrZr[r\) rVrrrrrrr,r) rEr=rrc header_keyrrerfrgs r0rz!HmacV1QueryAuth._inject_signatures '+'7'7'B'B #$"+ ;!// 5J!!#BV#(/(? 9%x(B3-")!4 2 5 3:> W[[ ! Q4#$A$q)9(:; 1qtQqT+;QqTB  / r2N)rFrGrHrrrrQrrrKr2r0rr s O,; :0r2rceZdZdZdZy)HmacV1PostAuthz Generates a presigned post for s3. Spec from this document: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingHTTPPOST.html ci}|jjdd|jd}i}g}|jjdd&|jd}|jdd|d}||d<|jj|d<|jj@|jj|d<|j d|jjit jtj|jdjd|d<|j|d|d<||jd<||jd<y) NrArBrCrrr5rHr) rr*rVrrrorrrsr9rKrmr;r)rEr=rMrHrCs r0rBzHmacV1PostAuth.add_authIsX ??  7 > J__%=>F ??  7 > J__%=>Fzz,-9#L1 )|#'#3#3#>#>    ! ! --1-=-=-C-CF) *   5t7G7G7M7MN O"++ JJv  % %g . &/ x#..vh/?@{4:014:01r2NrrKr2r0rr@s ;r2rceZdZdZdZy) BearerAuthz Performs bearer token authorization by placing the bearer token in the Authorization header as specified by Section 2.1 of RFC 6750. https://datatracker.ietf.org/doc/html/rfc6750#section-2.1 c|j td|jj}d|jvr |jd=||jd<y)NzBearer r)rPrrr)rEr=rs r0rBzBearerAuth.add_authpsR ?? ""$ $ 5 567 goo -0+6(r2NrrKr2r0rrhs 7r2rc|D];}|dk(r t|cS|tvrt|}|tvs-|cSt|t|)Nsmithy.api#noAuthsignature_version)AUTH_TYPE_TO_SIGNATURE_VERSIONAUTH_TYPE_MAPSrr) auth_trait auth_typers r0resolve_auth_typerzsaL + +1)< < 8 8 >y I  N2((.K KL +Z HHr2c|Dcgc]}|jdd}}|Dcgc] }|tvr|}}|rtjd|||z}tj |Dcgc]}||vr| }}|D]3}|dk(r t|cStj |}|tvs1|cStdjt|cc}wcc}wcc}w)N#z/Unsupported auth schemes in preference list: %rnoAuthrr) rwAUTH_PREF_TO_SIGNATURE_VERSIONrdrerfromkeysr*rrrprn)preference_list auth_optionsr+service_supported unsupportedcombinedprioritized_schemes sig_versions r0resolve_auth_scheme_preferencers=IJ6c*2.JJ&  7 7 K  ={ !22HmmH-  & &  & X 1&9 9488@ . (   +))F+<$=> 5KsCC- C") v2v3v3httpsr*zs3-queryzs3-presign-postzs3v4-presign-postz v4-s3expresszv4-s3express-queryzv4-s3express-presign-postbearer)CRT_AUTH_TYPE_MAPS)v4zv4-querys3v4z s3v4-queryrv4arnone)zaws.auth#sigv4zaws.auth#sigv4azsmithy.api#httpBearerAuthrrr)Lrrrrrrjr9rrcollections.abcr email.utilsrhashlibrroperatorrbotocore.compatr r r r r rrrrrrbotocore.exceptionsrrrrbotocore.utilsrrr getLoggerrFrdrrrrrrrr1r>r@rMrSrrr#r7r?rOrtr{rrrrrrrrbotocore.crt.authrrqrrrwr) auth_schemers00r0rs:  #"         8 $G  " &%I"& ..%*%: :z< <8JI JIZ3)3l8K8**; *;Ze e PN7YN7b ~ 0-;i-;`f7f7R20j20j%;Z%;P77$ IB   %(!,!2  4,-&*  !) "%C$H$H$J" [c2 +""s G