U d/e^ @sdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z dZ ed Zd+d d Zd dZddZddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*ZdS),z minio.signer ~~~~~~~~~~~~~~~ This module implements all helpers for AWS Signature version '4' support. :copyright: (c) 2015 by MinIO, Inc. :license: Apache 2.0, see LICENSE for more details. N) OrderedDict) SplitResult)time) queryencode sha256_hashzAWS4-HMAC-SHA256z( +)FcCs$t||tj}|r|S|S)z/Return HMacSHA256 digest of given key and data.)hmacnewhashlibsha256 hexdigestdigest)keydatar Zhasherr0/tmp/pip-unpacked-wheel-xery97c7/minio/signer.py _hmac_hash*srcCst|d|d|dS)zGet scope string./z /aws4_requestrto_signer_date)dateregion service_namerrr _get_scope1srcCsi}|D]H\}}|}|dkr t|ttfr6|n|g}ddd|D||<q tt|}d|}ddd|D}||fS)zGet canonical headers.) authorizationz user-agent,cSsg|]}td|qS) )_MULTI_SPACE_REGEXsub).0valuerrr Asz*_get_canonical_headers..; cSsg|]\}}|d|qS):r)rrr rrrr!Hs) itemslower isinstancelisttuplejoinrsortedkeys)headerscanonical_headersrvaluessigned_headersrrr_get_canonical_headers6s r1cCs0|pd}dddtdd|dDDS)zGet canonical query string.&cSsg|]}d|qS=)r*)rpairrrrr!Rsz/_get_canonical_query_string..cSsg|]}|dqSr4)split)rparamsrrrr!Ts)r*r+r7)queryrrr_get_canonical_query_stringMsr:c CsNt|\}}t|j}|d|jp$dd|d|d|d| }t||fS)zGet canonical request hash.r#r )r1r:r9pathr)methodurlr-content_sha256r.r0canonical_query_stringcanonical_requestrrr_get_canonical_request_hashZs   *rBcCsdt|d|d|S)zGet string-to-sign.zAWS4-HMAC-SHA256 r#)r to_amz_date)rscopecanonical_request_hashrrr_get_string_to_signqsrFcCsBtd|t|}t||}t||}t|dS)zGet signing key.ZAWS4s aws4_request)rencoderr) secret_keyrrrZdate_keyZdate_region_keyZdate_region_service_keyrrr_get_signing_keyys  rIcCst||ddS)zGet signature.T)r )rrG) signing_keystring_to_signrrr_get_signaturesrLcCsd|d|d|d|S)zGet authorization.zAWS4-HMAC-SHA256 Credential=rz, SignedHeaders=z , Signature=r) access_keyrDr0 signaturerrr_get_authorizationsrOcCs`t|||}t||||\} } t||| } t|j|||} t| | } t|j|| | }||d<|S)z8Do signature V4 of given request for given service name. Authorization)rrBrFrIrHrLrOrM)rr=r>rr- credentialsr?rrDrEr0rKrJrNrrrr_sign_v4s.   rRc Cstd|||||||S)z0Do signature V4 of given request for S3 service.s3rRr=r>rr-rQr?rrrr sign_v4_s3s rVc Cstd|||||||S)z1Do signature V4 of given request for STS service.stsrTrUrrr sign_v4_stss rXc Cst|d|}d|jd}}|jr0|jdnd} | d|dt|d|d |7} t|} | | d <t| }t| } |d |jpdd | d |d |d } t | |fS)z/Get canonical request hash for presign request.rzhost:hostr3r2z2X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=z &X-Amz-Date=z&X-Amz-Expires=z&X-Amz-SignedHeaders=r#r;z UNSIGNED-PAYLOAD) rnetlocr9rrCr(rr:r<r) r=r>rMrDrexpiresZx_amz_credentialr.r0r9partsr@rArrr#_get_presign_canonical_request_hashs  &r^c Cstt||d}t|||j|||\}}t|||}t|j||d} t| |} t|} |jdt | | d<t | }|S)z)Do signature V4 of given presign request.rSz&X-Amz-Signature=rZ) rr^rMrFrIrHrLr(r9rr) r=r>rrQrr\rDrErKrJrNr]rrr presign_v4s   r_cCs|dt|d|dS)z;Get credential string of given access key, date and region.rz/s3/aws4_requestr)rMrrrrrget_credential_stringsr`cCstt|||d|S)z0Do signature V4 of given presign POST form-data.rS)rLrI)rrHrrrrrpost_presign_v4!s ra)F) __doc__r rre collectionsr urllib.parserr2rZhelpersrrZSIGN_V4_ALGORITHMcompilerrrr1r:rBrFrIrLrOrRrVrXr^r_r`rarrrrs2       '