vKgzSSKrSSKrSSKrSSKrSSKrSSKrSSKJrJr SSK J r SSK J r J r Jr SSKJrJr SSKJr "SS5r"S S 5rS rSS jr"S S5rSrSSjrSrSSjrSrg)N)create_request_objectprepare_request_dict) OrderedDict)UnknownClientMethodErrorUnknownSignatureVersionError UnsupportedSignatureVersionError) ArnParserdatetime2timestamp) fix_s3_hostc\rSrSrSrSSjr\S5r\S5r\S5r SSjr SS jr S r S r SS jr\rSS jrSrg) RequestSigner!a An object to sign requests before they go out over the wire using one of the authentication mechanisms defined in ``auth.py``. This class fires two events scoped to a service and operation name: * choose-signer: Allows overriding the auth signer name. * before-sign: Allows mutating the request before signing. Together these events allow for customization of the request signing pipeline, including overrides, request path manipulation, and disabling signing per operation. :type service_id: botocore.model.ServiceId :param service_id: The service id for the service, e.g. ``S3`` :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type signature_version: string :param signature_version: Signature name like ``v4``. :type credentials: :py:class:`~botocore.credentials.Credentials` :param credentials: User credentials with which to sign requests. :type event_emitter: :py:class:`~botocore.hooks.BaseEventHooks` :param event_emitter: Extension mechanism to fire events. NcX lX0lX@lXPlXplXl[ R"U5UlgN) _region_name _signing_name_signature_version _credentials _auth_token _service_idweakrefproxy_event_emitter)self service_id region_name signing_namesignature_version credentials event_emitter auth_tokens P/var/www/highfloat_scraper/venv/lib/python3.13/site-packages/botocore/signers.py__init__RequestSigner.__init__Ds;()"3'%%&mmM:cUR$r)rrs r"rRequestSigner.region_nameXs   r%cUR$r)rr's r"rRequestSigner.signature_version\s&&&r%cUR$r)rr's r"rRequestSigner.signing_name`s!!!r%c $URX5$r)sign)roperation_namerequestkwargss r"handlerRequestSigner.handlerds yy11r%c ,UnUc URnUc URnURXUR5nURR SUR R5SU3UUURUUUS9 U[R:waUUUS.n UbXYS'URRS05n U(dU RS5(aU SU S 'U RS 5(aU S U S 'U RS 5(aU S U S 'U RS 5bURU U S U S 5 UR"S0U D6n U RU5 gg![an US:wa [US9eU eSn A ff=f)aSign a request before it goes out over the wire. :type operation_name: string :param operation_name: The name of the current operation, e.g. ``ListBuckets``. :type request: AWSRequest :param request: The request object to be sent over the wire. :type region_name: str :param region_name: The region to sign the request for. :type signing_type: str :param signing_type: The type of signing to perform. This can be one of three possible values: * 'standard' - This should be used for most requests. * 'presign-url' - This should be used when pre-signing a request. * 'presign-post' - This should be used when pre-signing an S3 post. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. This parameter is only valid for signing type 'presign-url'. :type signing_name: str :param signing_name: The name to use for the service when signing. Nz before-sign..)r0rrrrequest_signerr/)rrrexpiressigningregionrrrequest_credentialsidentity_cache cache_keystandardr)rr_choose_signercontextremitr hyphenizebotocoreUNSIGNEDget_resolve_identity_cacheget_auth_instancerradd_auth) rr/r0r signing_type expires_inrexplicit_region_namerr1signing_contextauthes r"r.RequestSigner.signksF +  ++K  --L // '//    4++5578.9I J%))/) !   1 1 1 ,*%6F %$.y!%oo11)R@O'O,?,?,I,I(7(A}%"">22)8)H~&""#8990?)1,-""#34@,,#$45#K0  --77 MM' "C 220 :-:*;G  sE33 F=FFcX!S'X1S'g)Nr;r<r?)rr1cacher<s r"rG%RequestSigner._resolve_identity_caches#( '{r%cHSSS.nURUS5nURS5=(d URnURS05nURSUR5nURSUR5n U[R LaUR U5(dXe- nURRS URR5S U3UU UUS 9upU b/U nU[R LaUR U5(dXe- nU$) a1 Allow setting the signature version via the choose-signer event. A value of `botocore.UNSIGNED` means no signing will be performed. :param operation_name: The operation to sign. :param signing_type: The type of signing that the signer is to be used for. :return: The signature version to sign with. z -presign-postz-query) presign-post presign-url auth_typer8rr9zchoose-signer.r5)rrrrA) rFrrrrDrEendswithremit_until_responserrC) rr/rJrAsigning_type_suffix_mapsuffixrr8rrr2responses r"r@RequestSigner._choose_signers0,## ),,\2>$KK 4O8O8O++i,{{>43E3EF kk(D,=,=> X%6%6 6%..v66  '  //CCT--779:!N;K L%#/ D    ( "):)::)226::!+!  r%c bUc URn[RRR U5nUc [ US9eUR SLa3SnURbURR5nU"U5nU$U=(d URn [USS5SLaUSn USn U RU 5n US Sn U bU R5n XS'UR(a3URc[RR!5eX%S'XS 'U"S 0UD6nU$) aA Get an auth instance which can be used to sign a request using the given signature version. :type signing_name: string :param signing_name: Service signing name. This is usually the same as the service name, but can differ. E.g. ``emr`` vs. ``elasticmapreduce``. :type region_name: string :param region_name: Name of the service region, e.g. ``us-east-1`` :type signature_version: string :param signature_version: Signature name like ``v4``. :rtype: :py:class:`~botocore.auth.BaseSigner` :return: Auth instance to sign a request. Nr>TREQUIRES_IDENTITY_CACHEr;r<rr service_namer?)rrDrNAUTH_TYPE_MAPSrFrREQUIRES_TOKENrget_frozen_tokenrgetattrget_credentialsget_frozen_credentialsREQUIRES_REGIONr exceptions NoRegionError) rrrrr:r1cls frozen_tokenrNrrRkeyfrozen_credentialss r"rHRequestSigner.get_auth_instancesH4  $ $ 7 7 mm**../@A ;."3     %L+#//@@B |$DK)>T->-> 314 8D @+,E%C//4K{# "  "!,!C!C!E  2}     ())7799$/= !%1> "}V} r%c|[U5nURUUUSUU5 UR5 UR$)a]Generates a presigned url :type request_dict: dict :param request_dict: The prepared request dictionary returned by ``botocore.awsrequest.prepare_request_dict()`` :type operation_name: str :param operation_name: The operation being signed. :type expires_in: int :param expires_in: The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds) :type region_name: string :param region_name: The region name to sign the presigned url. :type signing_name: str :param signing_name: The name to use for the service when signing. :returns: The presigned url rV)rr.prepareurl)r request_dictr/rKrrr0s r"generate_presigned_url$RequestSigner.generate_presigned_url?sB:( 5         {{r%)rrrrrrrrNN)Nr=NN)NN)__name__ __module__ __qualname____firstlineno____doc__r#propertyrrrr2r.rGr@rHget_authrt__static_attributes__r?r%r"r r !s T;(!!''""2Z#x(.!h ?D!H  (r%r c@\rSrSrSrSrS SjrSrS SjrSr S r g) CloudFrontSignerijaA signer to create a signed CloudFront URL. First you create a cloudfront signer based on a normalized RSA signer:: import rsa def rsa_signer(message): private_key = open('private_key.pem', 'r').read() return rsa.sign( message, rsa.PrivateKey.load_pkcs1(private_key.encode('utf8')), 'SHA-1') # CloudFront requires SHA-1 hash cf_signer = CloudFrontSigner(key_id, rsa_signer) To sign with a canned policy:: signed_url = cf_signer.generate_signed_url( url, date_less_than=datetime(2015, 12, 1)) To sign with a custom policy:: signed_url = cf_signer.generate_signed_url(url, policy=my_policy) cXlX lg)aVCreate a CloudFrontSigner. :type key_id: str :param key_id: The CloudFront Key Pair ID :type rsa_signer: callable :param rsa_signer: An RSA signer. Its only input parameter will be the message to be signed, and its output will be the signed content as a binary string. The hash algorithm needed by CloudFront is SHA-1. Nkey_id rsa_signer)rrrs r"r#CloudFrontSigner.__init__s $r%Nc.USL=(a USLnUSL=(a USLnU(dU(a Sn[U5eUbURX5n[U[5(aUR S5nUbS[ [ U553/nO$SURU5RS53/nURU5nURSURU5RS53SUR3/5 URX5$)a\Creates a signed CloudFront URL based on given parameters. :type url: str :param url: The URL of the protected object :type date_less_than: datetime :param date_less_than: The URL will expire after that date and time :type policy: str :param policy: The custom policy, possibly built by self.build_policy() :rtype: str :return: The signed URL. Nz=Need to provide either date_less_than or policy, but not bothutf8zExpires=zPolicy=z Signature=z Key-Pair-Id=) ValueError build_policy isinstancestrencodeintr _url_b64encodedecoderextendr _build_url) rrrdate_less_thanpolicyboth_args_suppliedneither_arg_suppliedrOparams signatures r"rt'CloudFrontSigner.generate_presigned_urls,47NF$?F,;V+DI' (&1K3KL${?'C&DE zz-J??r%c[R"U5RSS5RSS5RSS5$)N+-=_/~)base64 b64encodereplace)rdatas r"rCloudFrontSigner._url_b64encodes;   T " WT4 WT4 WT4  r%rrv) rxryrzr{r|r#rtrrrrr?r%r"rrjs*. %$,L= LP(@T r%rc [US'g)Ngenerate_db_auth_token)rclass_attributesr1s r"add_generate_db_auth_tokenr1G-.r%cUnUcURRnSUS.nSS0USS.nSnUUS U3n [Xy5 URR SUUS S S 9n U [ U5S$) aGenerates an auth token used to connect to a db with IAM credentials. :type DBHostname: str :param DBHostname: The hostname of the database to connect to. :type Port: int :param Port: The port number the database is listening on. :type DBUsername: str :param DBUsername: The username to log in as. :type Region: str :param Region: The region the database is in. If None, the client region will be used. :return: A presigned url which can be used as an auth token. Nconnect)ActionDBUserrrWGET)url_path query_stringheadersbodymethodzhttps://rizrds-db)r/rsrrKr)metarr_request_signerrtlen) r DBHostnamePort DBUsernameRegionr9rrsscheme endpoint_url presigned_urls r"rrs$F ~&&F  LFXj\4&1L4((?? ! @M V ''r%c,\rSrSrSrSSjrSrg)S3PostPresigneri*cXlgrr)rr6s r"r#S3PostPresigner.__init__+s-r%NcUc0nUc/n0n[RR5nU[R"US9-nUR[R R 5US'/US'UHn USRU 5 M [U5n X*RS'XjRS'URRSXS5 U RUS.$) aeGenerates the url and the form fields used for a presigned s3 post :type request_dict: dict :param request_dict: The prepared request dictionary returned by ``botocore.awsrequest.prepare_request_dict()`` :type fields: dict :param fields: A dictionary of prefilled form fields to build on top of. :type conditions: list :param conditions: A list of conditions to include in the policy. Each element can be either a list or a structure. For example: .. code:: python [ {"acl": "public-read"}, {"bucket": "amzn-s3-demo-bucket"}, ["starts-with", "$key", "mykey"] ] :type expires_in: int :param expires_in: The number of seconds the presigned post is valid for. :type region_name: string :param region_name: The region name to sign the presigned post to. :rtype: dict :returns: A dictionary with two elements: ``url`` and ``fields``. Url is the url to post to. Fields is a dictionary filled with the form fields and respective values to use when submitting the post. For example: .. code:: python { 'url': 'https://amzn-s3-demo-bucket.s3.amazonaws.com', 'fields': { 'acl': 'public-read', 'key': 'mykey', 'signature': 'mysignature', 'policy': 'mybase64 encoded policy' } } )seconds expiration conditionszs3-presign-post-fieldszs3-presign-post-policy PutObjectrU)rrfields) datetimeutcnow timedeltastrftimerDrNISO8601appendrrArr.rr) rrsrrrKrr datetime_now expire_daterr0s r"generate_presigned_post'S3PostPresigner.generate_presigned_post.sn >F  J ((//1 "X%7%7 %KK *33HMM4I4IJ| "|#I < ' ' 2$( 54:014:01 !! ~ {{f55r%r)NNrwN)rxryrzr{r#rrr?r%r"rr*s.  S6r%rc [US'g)Nrt)rtrs r"add_generate_presigned_urlrrr%c UnUnUc0nUnUnS[U5S.n URn URUn UR R RU 5n URUU U S9n[R"URSS55n URU UU U (+S9unnnURUU UU USS 9nUbUUS 'U RUUU S 9$![a [ US9ef=f) aDGenerate a presigned url given a client, its method, and arguments :type ClientMethod: string :param ClientMethod: The client method to presign for :type Params: dict :param Params: The parameters normally passed to ``ClientMethod``. :type ExpiresIn: int :param ExpiresIn: The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds) :type HttpMethod: string :param HttpMethod: The http method to use on the generated url. By default, the http method is whatever is used in the method's model. :returns: The presigned url Tis_presign_requestuse_global_endpoint) method_name api_paramsoperation_modelrABucketrWignore_signing_regionFrrrrArset_user_agent_headerr)rsrKr/)_should_use_global_endpointr_PY_TO_OP_NAMEKeyErrorrr service_modelr_emit_api_paramsr is_arnrF_resolve_endpoint_ruleset_convert_to_request_dictrt)r ClientMethodParams ExpiresIn HttpMethod client_methodrrK http_methodrAr6r/r bucket_is_arnradditional_headers propertiesrss r"rtrts],!M F ~JK":4@G ))NB,,];ii--==nMO  " "'#F $$VZZ"%=>M &&#00 '  00'!"# 1L!, X  0 0!% 1 G B&=AABs CC0c [US'g)Nr)rrs r"add_generate_presigned_postrs2I./r%c UnUnUnUn Un Uc0nOUR5nU c/n S[U5S.n [UR5n URR R S5n URSU0U U S9n[R"URSS55nURU UU U(+S9unnnURUU UU US S 9nU RS U05 URS 5(a"U RS SUS[S 5*/5 OU RSU05 XxS'U R!UUU U S9$)a Builds the url and the form fields used for a presigned s3 post :type Bucket: string :param Bucket: The name of the bucket to presign the post to. Note that bucket related conditions should not be included in the ``conditions`` parameter. :type Key: string :param Key: Key name, optionally add ${filename} to the end to attach the submitted filename. Note that key related conditions and fields are filled out for you and should not be included in the ``Fields`` or ``Conditions`` parameter. :type Fields: dict :param Fields: A dictionary of prefilled form fields to build on top of. Elements that may be included are acl, Cache-Control, Content-Type, Content-Disposition, Content-Encoding, Expires, success_action_redirect, redirect, success_action_status, and x-amz-meta-. Note that if a particular element is included in the fields dictionary it will not be automatically added to the conditions list. You must specify a condition for the element as well. :type Conditions: list :param Conditions: A list of conditions to include in the policy. Each element can be either a list or a structure. For example: .. code:: python [ {"acl": "public-read"}, ["content-length-range", 2, 5], ["starts-with", "$success_action_redirect", ""] ] Conditions that are included may pertain to acl, content-length-range, Cache-Control, Content-Type, Content-Disposition, Content-Encoding, Expires, success_action_redirect, redirect, success_action_status, and/or x-amz-meta-. Note that if you include a condition, you must specify a valid value in the fields dictionary as well. A value will not be added automatically to the fields dictionary based on the conditions. :type ExpiresIn: int :param ExpiresIn: The number of seconds the presigned post is valid for. :rtype: dict :returns: A dictionary with two elements: ``url`` and ``fields``. Url is the url to post to. Fields is a dictionary filled with the form fields and respective values to use when submitting the post. For example: .. code:: python { 'url': 'https://amzn-s3-demo-bucket.s3.amazonaws.com', 'fields': { 'acl': 'public-read', 'key': 'mykey', 'signature': 'mysignature', 'policy': 'mybase64 encoded policy' } } NTr CreateBucketrrrWrFrbucketz ${filename}z starts-withz$keyrm)rsrrrK)copyrrrrrrrr rrFrrrrYrr)rrKeyFields Conditionsr rrmrrrKrApost_presignerrrrrrrrss r"rrsPF C FJJ ~ #:4@G %T%9%9:Nii--==nMO  " "f%'#F $$VZZ"%=>M &&#00 '  00'!"# 1Lx() ||M""=K]9K8K2LMN5#,'5M  1 1! 2 r%cXURRS:wagURRRnU(ahUR SS5(agUR S5S:Xa%URRR S:XagUR S5S:Xagg ) NawsFuse_dualstack_endpointus_east_1_regional_endpointregionalz us-east-1addressing_stylevirtualT)r partitionconfigs3rFr)client s3_configs r"rrjs {{% ""%%I ==15 9 9 MM7 8J F ""..+= ==+ , 9 r%r)NrwN)NNrw)rrrrrD botocore.authbotocore.awsrequestrrbotocore.compatrbotocore.exceptionsrrrbotocore.utilsr r r r rrrrrrtrrrr?r%r"r-s K' 9'FFR C C LH3(lW6W6tH AEL^J @DL^r%