o tBh|&@sddlZddlZddlZzddlmZddlmZWney+ddlmZmZYnwddlZddZ ddZ Gd d d ej j Z dS) N)quote)urlparse)rrcCst||dtjS)f Copied from https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html utf-8)hmacnewencodehashlibsha256digest)keymsgrq/var/www/html/riverr-enterprise-integrations-main/venv/lib/python3.10/site-packages/aws_requests_auth/aws_auth.pysignsrcCs6td|d|}t||}t||}t|d}|S)rAWS4r aws4_request)rr)r dateStamp regionName serviceNamekDatekRegionkServicekSigningrrrgetSignatureKeys    rc@sLeZdZdZ dddZddZddZd d Zed d Z ed dZ dS)AWSRequestsAuthz Auth class that allows us to connect to AWS services via Amazon's signature version 4 signing process Adapted from https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html NcCs(||_||_||_||_||_||_dS)a Example usage for talking to an AWS Elasticsearch Service: AWSRequestsAuth(aws_access_key='YOURKEY', aws_secret_access_key='YOURSECRET', aws_host='search-service-foobar.us-east-1.es.amazonaws.com', aws_region='us-east-1', aws_service='es', aws_token='...') The aws_token is optional and is used only if you are using STS temporary credentials. N)aws_access_keyaws_secret_access_keyaws_host aws_regionservice aws_token)selfrrrr aws_servicer!rrr__init__*s  zAWSRequestsAuth.__init__cCs||}|j||S)z Adds the authorization headers required by Amazon's signature version 4 signing process to the request. Adapted from https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html )get_aws_request_headers_handlerheadersupdate)r"r aws_headersrrr__call__Es  zAWSRequestsAuth.__call__cCs|j||j|j|jdS)aN Override get_aws_request_headers_handler() if you have a subclass that needs to call get_aws_request_headers() with an arbitrary set of AWS credentials. The default implementation calls get_aws_request_headers() with self.aws_access_key, self.aws_secret_access_key, and self.aws_token )r(rrr!)get_aws_request_headersrrr!)r"r(rrrr%Ps z/AWSRequestsAuth.get_aws_request_headers_handlerc Cstj}|d}|d}t|}t|} d|jdd|d} |r0| d|d7} d} |r8| d7} |jr>|jnt} z| d } Wn t t fyU| } Ynwt | } |jd|d| d| d| d| }d }|d |jd |jd d }|d|d|dt | d }t|||j|j}| d }t||t j }|d d|d |dd| dd|}||| d}|r||d<|S)a Returns a dictionary containing the necessary headers for Amazon's signature version 4 signing process. An example return value might look like { 'Authorization': 'AWS4-HMAC-SHA256 Credential=YOURKEY/20160618/us-east-1/es/aws4_request, ' 'SignedHeaders=host;x-amz-date, ' 'Signature=ca0a856286efce2a4bd96a978ca6c8966057e53184776c0685169d08abd74739', 'x-amz-date': '20160618T220405Z', } z%Y%m%dT%H%M%SZz%Y%m%dzhost: z x-amz-date:zx-amz-security-token:zhost;x-amz-datez;x-amz-security-tokenrzAWS4-HMAC-SHA256/r z Credential=z, zSignedHeaders=z Signature=) Authorizationz x-amz-datezx-amz-content-sha256zX-Amz-Security-Token)datetimeutcnowstrftimerget_canonical_pathget_canonical_querystringrbodybytesrAttributeErrorUnicodeDecodeErrorr r hexdigestmethodrr rrr)r"r(rrr!tamzdate datestamp canonical_uricanonical_querystringcanonical_headerssigned_headersr5 payload_hashcanonical_request algorithmcredential_scopestring_to_sign signing_keystring_to_sign_utf8 signatureauthorization_headerr&rrrr+]s        z'AWSRequestsAuth.get_aws_request_headerscCs(t|j}t|jr|jddSdddS)zt Create canonical URI--the part of the URI from domain to query string (use '/' if no path) r-z/-_.~)safe)rurlrpath)clsr( parsedurlrrrr3s z"AWSRequestsAuth.get_canonical_pathc Csd}t|j}dt|jd}|dD]*}|dd}|d}t|dkr.|d}nd}|rA|r8|d7}|d||g7}q|S)af Create the canonical query string. According to AWS, by the end of this function our query string values must be URL-encoded (space=%20) and the parameters must be sorted by name. This method assumes that the query params in `r` are *already* url encoded. If they are not url encoded by the time they make it to this function, AWS may complain that the signature for your request is incorrect. It appears elasticsearc-py url encodes query paramaters on its own: https://github.com/elastic/elasticsearch-py/blob/5dfd6985e5d32ea353d2b37d01c2521b2089ac2b/elasticsearch/connection/http_requests.py#L64 If you are using a different client than elasticsearch-py, it will be your responsibility to urleconde your query params before this method is called. &=r)rrLjoinsortedquerysplitlen) rNr(r?rOquerystring_sorted query_param key_val_splitr valrrrr4s    z)AWSRequestsAuth.get_canonical_querystring)N) __name__ __module__ __qualname____doc__r$r*r%r+ classmethodr3r4rrrrr"s   `  r)rr r0urllibrr ImportError urllib.parserequestsrrauthAuthBaserrrrrs