Current File : //usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyo
�
�p/Xc@@s�ddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddljjZddlmZddlmZddlmZdZdZdefd	��YZd
efd��YZdefd
��YZdefd��YZdefd��YZdefd��YZ d�Z!d�Z"dS(i(tabsolute_importN(tArg(tBaseAuth(t	AuthErrors%Y-%m-%dT%H:%M:%SZs%Y%m%dT%H%M%SZtHmacKeyAuthcB@s�eZdZedddddd�edddd	dd
�eddddd
�gZed��Zd�Zd�Zd�Z	d�Z
RS(s1
    Basis for AWS HMAC-based authentication
    s-Is--access-key-idtdesttkey_idtmetavartKEY_IDs-Ss--secret-keyt
secret_keytKEYs--security-tokentsecurity_tokentTOKENcK@s�|jd|jj�|jd|jjd��|jd|jjd��|jd|jjd��|jd|jjd��||j|�}|j�|S(NtloglevelRR	Rtcredential_expiration(t
setdefaulttlogtleveltargstgettconfigt	configure(tclstothertkwargstnew((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt
from_other1s	
cC@s�|j�|jjd�s+td��n|jjd�sLtd��n|jjd�r�d}xfd
D]>}y!tjj|jd|�}PWqktk
r�qkqkXqkW|jj	dj
|jd��|r�|tjj�kr�td	��q�ndS(NRs0missing access key ID; please supply one with -IR	s-missing secret key; please supply one with -SRs%Y-%m-%dT%H:%M:%S.%fZs%Y-%m-%dT%H:%M:%SZsOfailed to parse credential expiration time '{0}'; proceeding without validationscredentials have expired(s%Y-%m-%dT%H:%M:%S.%fZs%Y-%m-%dT%H:%M:%SZ(t _HmacKeyAuth__populate_auth_argsRRRtNonetdatetimetstrptimet
ValueErrorRtwarntformattutcnow(tselft
expirationtfmt((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR=s&

	
	c
C@s#dtjkrtjd�}tjj|�}tjj|�}t|���}x�|D]�}|jdd�d}d|krX|jdd�\}}|j�dkr�|j	j
d�r�|j�|j	d<q|j�dkr|j	j
d	�r|j�|j	d	<qqXqXWWdQX|SdS(
NtAWS_CREDENTIAL_FILEt#iit=tAWSAccessKeyIdRtAWSSecretKeyR	(tostenvirontgetenvtpatht
expandvarst
expandusertopentsplittstripRR(R#R.tcredfiletlinetkeytval((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt"configure_from_aws_credential_fileUs 
#c	C@s�|jjd�r4|jjd�r4td��n|jjd�rh|jjd�rhtd��n|j�r�|jjd�dStjd�p�tjd�|jd<tjd	�p�tjd
�|jd<tjd�|jd<tjd
�|jd<|j�r|jjd�dS|j�}|rS|j�rS|jjd|�dS|j	j
d�|jd<|j	j
ddt�|jd<|j�r�|jjd�dSdS(s
        Try to get auth info from each source in turn until one provides
        both a key ID and a secret key.  After each time a source fails
        to provide enough info we wipe self.args out so we don't wind up
        mixing info from multiple sources.
        RR	s-missing secret key; please supply one with -Ss0missing access key ID; please supply one with -Is!using auth info provided directlyNtAWS_ACCESS_KEY_IDtAWS_ACCESS_KEYtAWS_SECRET_ACCESS_KEYtAWS_SECRET_KEYtAWS_SECURITY_TOKENRtAWS_CREDENTIAL_EXPIRATIONRs using auth info from environments+using auth info from AWS credential file %sskey-ids
secret-keytredacts"using auth info from configuration(RRRt _HmacKeyAuth__reset_unless_readyRtdebugR+R-R8Rtget_user_optiontTrue(R#taws_credfile_path((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt__populate_auth_argsis6	%%cC@sJ|jjd�r(|jjd�r(tSxdD]}d|j|<q/WtS(s�
        If both an access key ID and a secret key are set in self.args
        return True.  Otherwise, clear auth info from self.args and
        return False.
        RR	RR(skey_ids
secret_keyssecurity_tokenscredential_expirationN(RRRCRtFalse(R#targ((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt__reset_unless_ready�s$
(t__name__t
__module__t__doc__RtARGStclassmethodRRR8RR@(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR)s			-t
HmacV1AuthcB@sbeZdZed�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d�Zd�ZRS(sk
    S3 REST authentication
    http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
    taclt	lifecycletlocationtloggingtnotificationt
partNumbertpolicytrequestPaymentttorrenttuploadIdtuploadst	versionIdt
versioningtversionstwebsitecC@s�|j|�|j|�}|j||�}|j|||�}|jjdt|��|j|jd��}|jjd|�|j	||�|S(Nsstring to sign: %ssutf-8sb64-encoded signature: %s(
t_update_request_before_signingtget_canonicalized_headerstget_canonicalized_resourcet_get_string_to_signRRAtreprtsign_stringtencodet_apply_signature(R#treqtservicet	c_headerst
c_resourcetto_signt	signature((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pytapply_to_request�s
c
C@s�d}|jj|�tj|t�x!dD]}|jj|d�q-Wtj|j	��}|t
j
j�}|j|j
|jdddd}|jjd	||�|j|�}	|jjd
t|	��|j||�}
|jjdt|
��dj|j|jjd
d�|jjdd�tj|�|	|
f�}|jjdt|��|j|jd��}|jjd|�|jd|jd<tj|�|jd<||jd<|jjd�r�|jd|jd<ndS(NseS3RestAuth.apply_to_request_params is deprecated; use requestbuilder.auth.aws.QueryHmacV1Auth insteadR)tExpirest	Signatureiii
is$expiration: %i (%f seconds from now)scanonicalized headers: %sscanonicalized resource: %ss
sContent-MD5tsContent-Typesstring to sign: %ssutf-8sb64-encoded signature: %sRRt
SecurityToken(sAWSAccessKeyIdRmRni@Bi@B(RR twarningstDeprecationWarningtparamstpopRtcalendarttimegmtutctimetupleRR"tmicrosecondstsecondstdaysRAR_RbR`tjointmethodtheadersRtsixt	text_typeRcRdR(
R#RfRgtexpiration_datetimetmsgtparamR$tdelta_ttdelta_t_secRhRiRjRk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pytapply_to_request_params�s:


cC@s�|jsi|_ntjj�|jd<tj|j�j|jd<|jjd�rp|jd|jd<n|jj	dd�dS(NtDatetHostRsx-amz-security-tokenRn(R}temailtutilst
formatdateturlparseturltnetlocRRRtR(R#Rf((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR^�s	cC@sSdj|jj�|jjdd�|jjdd�|jjd�||f�S(Ns
sContent-MD5RosContent-TypeR�(R{R|tupperR}R(R#RfRhRi((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRa�s
cC@s$dj|jd|�|jd<dS(NsAWS {0}:{1}Rt
Authorization(R!RR}(R#RfRk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRe�sc
C@sDtj|j�j}tj|j�j}|t|�}|jd�rVd|}n|sed}nt|dd�r�|j}nt	|j�}|r'g}x�t
|j��D]o\}}	||jkr|	dkr�|j
|�q|j
|d|	�n|r�|ddj|�7}q�q�Wn|jjdt|��|S(Nt/RsR(t?t&scanonicalized resource: %s(R�R�R.tendpointtlentendswithtgetattrRRst_get_params_from_urltsortedt	iteritemst
HASHED_PARAMStappendR{RRARb(
R#RfRgtparsed_req_pathtparsed_svc_pathtresourceRstsubresourcesR6R7((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR`�s*
	!cC@si}xq|jj�D]`\}}|j�jd�r|j|j�g�||j�jdj|j���qqWg}xBt|j��D].\}}|jdj	|dj|���q�W|r�dj|�d}nd}|j
jdt|��|S(Nsx-amz-t s{0}:{1}t,s
Roscanonicalized headers: %s(
R}R�tlowert
startswithRR�R{R2R�R!RRARb(R#Rftheaders_dictR6R7theaders_strstvalsRh((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR_s-&cC@s?tj|jddtj�}|j|�tj|j��S(NR	t	digestmod(	thmacRRthashlibtsha1tupdatetbase64t	b64encodetdigest(R#Rjtreq_hmac((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRc&s
(RORPRQRRRSRTRURVRWRXRYRZR[R\R](
RIRJRKtsetR�RlR�R^RaReR`R_Rc(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRN�s			$					#	tQueryHmacV1AuthcB@s)eZdZd�Zd�Zd�ZRS(iXcC@s�t|jjd��p|j}t|j�}|jd|d<ttj�|�|d<|jdd�|j	t
|j�|�dS(NttimeoutRR)RmRn(tintRRtDEFAULT_TIMEOUTR�R�ttimeRtRtprepare_urlt_remove_params_from_url(R#RfR�Rs((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR^/s!cC@sZt|j�}dj|jj�|jjdd�|jjdd�|d||f�S(Ns
sContent-MD5RosContent-TypeRm(R�R�R{R|R�R}R(R#RfRhRiRs((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRa8scC@s|j|ji|d6�dS(NRn(R�R�(R#RfRk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRe@s(RIRJR�R^RaRe(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR�,s			tQueryHmacV2AuthcB@s eZdZd�Zd�ZRS(sk
    AWS signature version 2
    http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html
    c	C@s5tj|j�}|jdkrBtj|jp3ddt�}ntj|jdt�}td�|j�D��}|j	d|d<d|d<d	|d
<t
jtt
j
��|d<|j	jd�r�|j	d|d
<n|jdd�djd|jd|jj�d|jpd�}g}xZt|�D]L}tj||�}|jtj|dd�dtj|dd��q3Wdj|�}	||	7}tjdd|�}
|jjdt|
��|j |�}|jjd|�||d<|jdkr|j!|i�n|j"t#|j�|�|S(NtPOSTRotkeep_blank_valuescs@s%|]\}}||dfVqdS(iN((t.0R6R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pys	<genexpr>QsRR)itSignatureVersiont
HmacSHA256tSignatureMethodt	TimestampRRpRns{method}
{host}
{path}
R|thostR.R�tsafeR(s-_~R�s
assword=[^&]*sassword=<redacted>sstring to sign: %ssb64-encoded signature: %s($R�R�R|tparse_qstbodyRCtquerytdictR�RR�tstrftimetISO8601tgmtimeRRtRR!R�R�R.R�R~RR�tquoteR{tretsubRRARbRctprepare_bodyR�R�(R#RfRgtparsedRsRjt
quoted_paramsR6R7tquery_stringtredacted_to_signRk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRlJs@!

	
	
cC@s?tj|jddtj�}|j|�tj|j��S(NR	R�(	R�RRR�tsha256R�R�R�R�(R#RjR�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRcrs
(RIRJRKRlRc(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR�Ds	(t
HmacV4AuthcB@sheZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�ZRS(sk
    AWS signature version 4
    http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
    cC@sE|js@|jjd|jj�tdj|jj���n|j|�}tj�}tj	t
tj|��}|j||�}dj
|jdf|�}|j||||�|j|�}|j|�}	|j|�}
|j|�}dj
|jj�||	|
d||f�}|jjdt|��dj
d|dj
|�tj|�j�f�}
tjd	d
|
�}|jjdt|��tjdj|jd
�dtj�}x9|D]1}|j|�tj|j �dtj�}q�W|j|
�|j�}|jjd|�|j!|||�|S(Ns8service class %s must have a NAME attribute to use sigv4s+BUG: service class {0} does not have a nameR�Rs
Roscanonical request: %ssAWS4-HMAC-SHA256s
assword=[^&]*sassword=<redacted>sstring to sign: %ssAWS4{0}R	R�s
signature: %s("tNAMERtcriticalt	__class__RIRR!t
_hash_payloadR�R�t
ISO8601_BASICR�t_build_scopeR{RR^t_get_canonical_urit_get_canonical_queryt_get_canonical_headerst_get_signed_headersR|R�RARbR�R�t	hexdigestR�R�R�RR�R�Re(R#RfRgtpayload_hashtnowtdate_headertscopet
credentialtc_uritc_queryRht	s_headerst	c_requestRjR�tderived_hmactchunkRk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRl~sF	
		


cC@s|tj|j�}|j|jd<|jjdd�||jd<||jd<|jjd�rx|jd|jd<ndS(NR�R�sX-Amz-Content-SHA256s
X-Amz-DateRsX-Amz-Security-Token(R�R�R�R}RtRRR(R#RfR�tpayload_sha256R�R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR^�s

cC@sMdjdj|�dj|j|��dj|�f�}||jd<dS(Ns, sAWS4-HMAC-SHA256 Credential={0}sSignedHeaders={0}s
Signature={0}R�(R{R!R�R}(R#RfR�Rktauth_header((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRe�s
cC@s�|jr|j}n=tjd�r6tjd�}n|jjd�td��tjdtj|��||j	df}|jj
ddj|��|S(NtAWS_AUTH_REGIONs&a region name is required to use sigv4swregion name is required; either use a config file to supply the service's URL or set AWS_AUTH_REGION in the environments%Y%m%dtaws4_requests	scope: %sR�(tregion_nameR+R-RterrorRR�R�R�R�RAR{(R#Rgt	timestamptregionR�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��s		cC@sGtj|j�jpd}tj|dd�}|jjd|�|S(NR�R�s/~scanonical URI: %s(R�turlsplitR�R.R�RRA(R#RfR.R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��sc	C@s�tjtj|j�jdt�}g}xZt|p9g�D]F\}}|jdjtj|dd�tj|dd�f��q=Wdj|�}|j	j
d|�|S(NR�R(R�s~-_.R�scanonical query: %s(R�t	parse_qslR�R�RCR�R�R{R�RRA(R#Rft
req_paramsRsR6R7tc_params((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��s	 cC@s[i}xN|jj�D]=\}}|j�dkr|j�||j�j�<qqW|S(Nt
connections
user-agent(R�s
user-agent(R}R�R�R3(R#RfR}R6R7((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt_get_normalized_headers�s
#cC@szg}|j|�}x<t|j��D](\}}|jdj||f��q(W|jjdt|��dj|�S(Nt:scanonical headers: %ss
(R�R�titemsR�R{RRAtstr(R#RfR}tnormalized_headersR6R7((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��s cC@s;|j|�}djt|��}|jjd|�|S(Nt;ssigned headers: %s(R�R{R�RRA(R#RfR�R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��scC@s�|jjd�r|jdStj�}|js5nJt|jd�r�|jj�}|jj	d�x3t
r�|jjd�}|s�Pn|j|�qiW|jj
|�|jj	d�n�t|jd�ro|jj	d�tjdd�}x@t
r5|jjd�}|sPn|j|�|j|�q�W|jj	d�|j
d�|jjd
�||_n|j|j�|jj	d|j��|j�S(NR�tseekspayload hashing startingi@spayload hashing donetreads!payload spooling/hashing startingtmax_sizei
ispayload spooling/hashing doneis+re-pointing request body at spooled payloadspayload hash: %si(i�(RRR�R�R�thasattrtdatattellRRARCR�R�R�ttempfiletSpooledTemporaryFiletwritetinfoR�(R#RfR�t
body_positionR�tspool((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR��s>			

(
RIRJRKRlR^ReR�R�R�R�R�R�R�(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR�xs	)	
					
		tQueryHmacV4AuthcB@seZd�Zd�ZRS(cC@s|jj�dkrCd|jjdd�krC|jjd�ntj|j�}|j|jd<|jj	dd�idd	6|d
6|d6|j|�d6}|jjd
�r�|jd
|d<n|jjd�r�|jd|d<n|j
|j|�dS(NR�sform-urlencodedsContent-TypeRoskQuery string authentication and POST form data are generally mutually exclusive; GET is recommended insteadR�R�sAWS4-HMAC-SHA256sX-Amz-AlgorithmsX-Amz-Credentials
X-Amz-DatesX-Amz-SignedHeadersR�s
X-Amz-ExpiresRsX-Amz-Security-Token(R|R�R}RRR R�R�R�RtRR�RR�(R#RfR�R�R�R�Rs((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR^s cC@s|j|ji|d6�dS(NsX-Amz-Signature(R�R�(R#RfR�Rk((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRe/s(RIRJR^Re(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyRs	cC@sAtj|�}tj|jdt�}td�|j�D��S(s�
    Given a URL, return a dict of parameters and their values.  If a
    parameter appears more than once all but the first value will be lost.
    R�cs@s%|]\}}||dfVqdS(iN((R�R6R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pys	<genexpr>:s(R�R�R�RCR�R�(R�R�Rs((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR�3scC@s:tj|�}tj|d|d|ddddf�S(s^
    Return a copy of a URL with its parameters, fragments, and query
    string removed.
    iiiRo(R�t
urlunparse(R�R�((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyR�=s(#t
__future__RR�RuRtemail.utilsR�R�R�R+R�RR�RqR~tsix.moves.urllib_parsetmovesturllib_parseR�trequestbuilderRtrequestbuilder.authRtrequestbuilder.exceptionsRR�R�RRNR�R�R�RR�R�(((s;/usr/lib/python2.7/site-packages/requestbuilder/auth/aws.pyt<module>s4{�4�