o ³©iÇ€ã@sFddlZddlZddlZddlmZddlmZddlmZddlm Z m Z m Z ddl Tddl Z ddlmZd Zd Zd Zd d gZe  e¡Zefdd„ZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZGdd„deƒZdd„Zdd„Ze ddgƒZ!Gd d!„d!eƒZ"Gd"d#„d#e"ƒZ#Gd$d%„d%eƒZ$Gd&d'„d'e$ƒZ%dS)(éN)Údatetimeé)Úutils)Ú ClientError)ÚurlquoteÚto_bytesÚis_py2)Ú*)ÚStaticCredentialsProviderÚv1Úv2Úv4ú content-typeú content-md5cCsv|tkrt d |¡¡t| ¡| ¡ƒS|tkr*t d |¡¡t| ¡| ¡ƒSt d |¡¡t| ¡| ¡ƒS)Nz;Init Auth V2: access_key_id: {0}, access_key_secret: ******z;Init Auth V4: access_key_id: {0}, access_key_secret: ******z;Init Auth v1: access_key_id: {0}, access_key_secret: ******) ÚAUTH_VERSION_2ÚloggerÚdebugÚformatÚAuthV2ÚstripÚAUTH_VERSION_4ÚAuthV4ÚAuth)Ú access_key_idÚaccess_key_secretÚ auth_version©rú=/home/ubuntu/.local/lib/python3.10/site-packages/oss2/auth.pyÚ make_authsrc@s(eZdZdZdd„Zdd„Zdd„ZdS) ÚAuthBaseuP用于ä¿å­˜ç”¨æˆ·AccessKeyIdã€AccessKeySecret,以åŠè®¡ç®—ç­¾å的对象。cCs ||_dS©N)Úcredentials_provider)Úselfr!rrrÚ__init__$ó zAuthBase.__init__cCsR|j ¡}| ¡r| ¡|d<tt ¡ƒ|}d||f}g} |rC| ¡} | D]\} } | dkrB| dkrB| dkrB| dkrB|  | | f¡q'| jdd„d d } | D] \} } | d | | f7} qO|r`|ni}t|ƒd | |}t   d   |¡¡t   t| ¡ƒt|ƒtj¡}t | ¡¡}| ¡|d<t|ƒ|d<||d<|dd dd„| ¡Dƒ¡S)Núsecurity-tokenz/%s/%sÚOSSAccessKeyIdÚ SignatureÚExpiresÚ SecurityTokencSó|dS©Nrr©ÚerrrÚ7óz)AuthBase._sign_rtmp_url..©ÚkeyÚz%s:%s Ú z(Sign Rtmp url: string to be signed = {0}ú?ú&csó|] \}}t||ƒVqdSr ©Ú_param_to_quoted_query©Ú.0ÚkÚvrrrÚ Hó€z*AuthBase._sign_rtmp_url..)r!Úget_credentialsÚget_security_tokenÚintÚtimeÚitemsÚappendÚsortÚstrrrrÚhmacÚnewrÚget_access_key_secretÚhashlibÚsha1rÚb64encode_as_stringÚdigestÚget_access_key_idÚjoin)r"ÚurlÚ bucket_nameÚ channel_nameÚexpiresÚparamsÚ credentialsÚexpiration_timeÚcanonicalized_resourceÚcanonicalized_paramsrCr;r<Úcanon_params_strÚpÚstring_to_signÚhÚ signaturerrrÚ_sign_rtmp_url's2     €     zAuthBase._sign_rtmp_urlcCódS©Nr2r©r"rrrrJózAuthBase.auth_versionN)Ú__name__Ú __module__Ú __qualname__Ú__doc__r#r^rrrrrr"s  #rc@steZdZdZegd¢ƒZdd„Zdd„Zdd„Zd d „Z d d „Z d d„Z dd„Z dd„Z dd„Zdd„Zdd„ZdS)Ú ProviderAuthu]ç­¾å版本1 默认构造函数åŒçˆ¶ç±»AuthBase,需è¦ä¼ é€’credentials_provider )Xzresponse-content-typezresponse-content-languagezresponse-cache-controlÚloggingzresponse-content-encodingÚaclÚuploadIdÚuploadsÚ partNumberÚgroupÚlinkÚdeleteÚwebsiteÚlocationÚ objectInfoÚ objectMetazresponse-expireszresponse-content-dispositionÚcorsÚ lifecycleÚrestoreÚqosÚrefererÚstatÚ bucketInforDÚpositionr%ÚliveÚcompÚstatusÚvodÚ startTimeÚendTimez x-oss-processÚsymlinkÚcallbackú callback-varÚtaggingÚ encryptionÚversionsÚ versioningÚ versionIdÚpolicyÚrequestPaymentzx-oss-traffic-limitÚqosInfoÚ asyncFetchzx-oss-request-payerÚ sequentialÚ inventoryÚ inventoryIdzcontinuation-tokenrƒr„ÚwormÚwormIdÚ wormExtendÚ replicationÚreplicationLocationÚreplicationProgressÚtransferAccelerationÚcnameÚ metaQueryzx-oss-ac-source-ipzx-oss-ac-subnet-maskzx-oss-ac-vpc-idzx-oss-ac-forward-allowÚ resourceGroupÚstyleÚ styleNamezx-oss-async-processÚ regionListzx-oss-write-get-object-responseÚbucketArchiveDirectReadÚ httpsConfigÚredundancyTransitionzx-oss-target-redundancy-typez"x-oss-redundancy-transition-taskidÚ accessPointÚaccessPointPolicyÚpublicAccessBlockzx-oss-access-point-nameÚrequesterQosInfoÚ qosRequesterÚresourcePoolInfoÚ resourcePoolÚresourcePoolBucketscCsX|j ¡}| ¡r| ¡|jt<t ¡|jd<| ||||¡}d |  ¡|¡|jd<dS)NÚdatez OSS {0}:{1}Ú authorization) r!r?r@ÚheadersÚOSS_SECURITY_TOKENrÚ http_dateÚ_ProviderAuth__make_signaturerrN)r"ÚreqrQr1rUr]rrrÚ _sign_requestes zProviderAuth._sign_requestcCs˜|j ¡}| ¡r| ¡|jd<tt ¡ƒ|}t|ƒ|jd<| ||||¡}|  ¡|jd<t|ƒ|jd<||jd<|j dd  dd „|j  ¡Dƒ¡S) Nr%r©r&r(r'r4r5csr6r r7r9rrrr=}r>z)ProviderAuth._sign_url..) r!r?r@rTrArBrFr«r®rNrPrOrC)r"r¯rQr1rSrUrVr]rrrÚ _sign_urlos  $zProviderAuth._sign_urlcCs\tr | |||¡}n| |||¡}t d |¡¡t t|  ¡ƒt|ƒt j ¡}t   | ¡¡S©Nú)Make signature: string to be signed = {0})rÚ!_ProviderAuth__get_string_to_signÚ _ProviderAuth__get_bytes_to_signrrrrGrHrrIrJrKrrLrM)r"r¯rQr1rUr[r\rrrÚ__make_signatures zProviderAuth.__make_signaturec Csj| |||¡}| |¡}|j dd¡}|j dd¡}|j dd¡p'|j dd¡}d |j|||||g¡S)Nrr2rú x-oss-dater©r3)Ú"_ProviderAuth__get_resource_stringÚ!_ProviderAuth__get_headers_stringr«ÚgetrOÚmethod) r"r¯rQr1Úresource_stringÚheaders_stringÚ content_md5Ú content_typer©rrrÚ__get_string_to_signŠs üz!ProviderAuth.__get_string_to_signcCól|j}g}| ¡D]\}}| ¡}| d¡r| ||f¡q |jdd„d|r4d dd„|Dƒ¡dSdS) Núx-oss-cSr*r+r©Úxrrrr.Ÿr/z3ProviderAuth.__get_headers_string..r0r3css |] \}}|d|VqdS)ú:Nrr9rrrr=¢ó€z4ProviderAuth.__get_headers_string..r2©r«rCÚlowerÚ startswithrDrErO©r"r¯r«Ú canon_headersr;r<Ú lower_keyrrrÚ__get_headers_string—ó €z!ProviderAuth.__get_headers_stringcCs*|s d| |j¡Sd ||| |j¡¡S)Nú/z /{0}/{1}{2})Ú%_ProviderAuth__get_subresource_stringrTr©r"r¯rQr1rrrÚ__get_resource_string¦sz"ProviderAuth.__get_resource_stringcsj|sdSg}| ¡D]\}}|ˆjvr| ||f¡q |jdd„d|r3dd ‡fdd„|Dƒ¡SdS) Nr2cSr*r+rr,rrrr.µr/z7ProviderAuth.__get_subresource_string..r0r4r5c3ó |] \}}ˆ ||¡VqdSr )Ú_ProviderAuth__param_to_queryr9rarrr=¸rÆz8ProviderAuth.__get_subresource_string..)rCÚ_subresource_key_setrDrErO)r"rTÚsubresource_paramsr1ÚvaluerrarÚ__get_subresource_string¬s €z%ProviderAuth.__get_subresource_stringcCó|r|d|S|S©Nú=r©r"r;r<rrrÚ__param_to_query¼ó zProviderAuth.__param_to_queryc CsŽ| |||¡ d¡}| |¡}|j dd¡ d¡}|j dd¡ d¡}|j dd¡ d¡p6|j dd¡ d¡}d |j d¡|||||g¡S)Núutf-8rr2rr·r©ó )r¸ÚencodeÚ _ProviderAuth__get_headers_bytesr«rºrOr») r"r¯rQr1Úresource_bytesÚ headers_bytesr¾r¿r©rrrÚ__get_bytes_to_signÂs (üz ProviderAuth.__get_bytes_to_signcCrÁ) NrÂcSr*r+rrÃrrrr.×r/z2ProviderAuth.__get_headers_bytes..r0ràcss(|]\}}t|ƒdt|ƒVqdS)ó:N©rr9rrrr=Úó€&z3ProviderAuth.__get_headers_bytes..órÇrÊrrrÚ__get_headers_bytesÏrÎz ProviderAuth.__get_headers_bytescCótSr )ÚAUTH_VERSION_1rarrrrÞrbzProviderAuth.auth_versionN)rcrdrerfÚ frozensetrÕr°r±r®r´r¹r¸rÐrÔrµrârrrrrrgMs ÿ    rgcó eZdZdZ‡fdd„Z‡ZS)ruç­¾å版本1 có&t| ¡| ¡ƒ}tt|ƒ |¡dSr )r rÚsuperrr#©r"rrr!©Ú __class__rrr#äóz Auth.__init__©rcrdrerfr#Ú __classcell__rrròrrásrc@s0eZdZdZdd„Zdd„Zdd„Zdd „Zd S) Ú AnonymousAuthuè用于匿å访问。 .. note:: 匿å用户åªèƒ½è¯»å–public-readçš„Bucket,或åªèƒ½è¯»å–ã€å†™å…¥public-read-writeçš„Bucket。 ä¸èƒ½è¿›è¡ŒServiceã€Bucket相关的æ“作,也ä¸èƒ½ç½—列文件等。 cCsdSr rrÑrrrr°ðrbzAnonymousAuth._sign_requestcCs$|jdd dd„|j ¡Dƒ¡S)Nr4r5csr6r r7r9rrrr=ôr>z*AnonymousAuth._sign_url..)rPrOrTrC©r"r¯rQr1rSrrrr±óó$zAnonymousAuth._sign_urlcCs |dd dd„| ¡Dƒ¡S)Nr4r5csr6r r7r9rrrr=÷r>z/AnonymousAuth._sign_rtmp_url..)rOrC©r"rPrQrRrSrTrrrr^ös zAnonymousAuth._sign_rtmp_urlcCr_r`rrarrrrùrbzAnonymousAuth.auth_versionN)rcrdrerfr°r±r^rrrrrr÷és  r÷c@s<eZdZdZefdd„Zdd„Zdd„Zdd „Zd d „Z d S) ÚStsAuthuj用于STS临时凭è¯è®¿é—®ã€‚å¯ä»¥é€šè¿‡å®˜æ–¹STS客户端获得临时密钥(AccessKeyIdã€AccessKeySecret)以åŠä¸´æ—¶å®‰å…¨ä»¤ç‰Œï¼ˆSecurityToken)。 注æ„到临时凭è¯ä¼šåœ¨ä¸€æ®µæ—¶é—´åŽè¿‡æœŸï¼Œåœ¨æ­¤ä¹‹å‰éœ€è¦é‡æ–°èŽ·å–临时凭è¯ï¼Œå¹¶æ›´æ–° :class:`Bucket ` çš„ `auth` æˆå‘˜å˜é‡ä¸ºæ–° çš„ `StsAuth` 实例。 :param str access_key_id: 临时AccessKeyId :param str access_key_secret: 临时AccessKeySecret :param str security_token: 临时安全令牌(SecurityToken) :param str auth_version: 需è¦ç”Ÿæˆauth的版本,默认为AUTH_VERSION_1(v1) cCsVt d |¡¡t|||ƒ}|tkrt|ƒ|_dS|tkr$t|ƒ|_dSt |ƒ|_dS)NzSInit StsAuth: access_key_id: {0}, access_key_secret: ******, security_token: ******) rrrr rÚProviderAuthV2Ú_StsAuth__authrÚProviderAuthV4rg)r"rrÚsecurity_tokenrr!rrrr#s zStsAuth.__init__cCs|j |||¡dSr )rýr°rÑrrrr°ózStsAuth._sign_requestcCs|j ||||¡Sr )rýr±rørrrr±szStsAuth._sign_urlcCs|j |||||¡Sr )rýr^rúrrrr^rzStsAuth._sign_rtmp_urlcCs |j ¡Sr )rýrrarrrrr$zStsAuth.auth_versionN) rcrdrerfrìr#r°r±r^rrrrrrûýs   rûcCs&|rt|dƒdt|dƒSt|dƒS)Nr2rÛ)r)r;r<rrrr8!s r8cCs†t|ƒ}d}|D]8}t|tƒrt|ƒ}n|}|dkr|dks2|dkr&|dks2|dkr.|dks2|dvr7||7}q|d  t|ƒ¡7}q|S) Nr2ÚAÚZÚaÚzÚ0Ú9©Ú_ú-ú~Ú.ú%{0:02X}©rÚ isinstancerAÚchrrÚord)Úraw_textÚresÚbÚcrrrÚ v2_uri_encode(s    rÚrangezif-modified-sincec@steZdZdZddd„Zddd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„ZdS)rüuáç­¾å版本2,默认构造函数åŒçˆ¶ç±»AuthBase,需è¦ä¼ é€’credentials_provider 与版本1的区别在: 1. 使用SHA256算法,具有更高的安全性 2. å‚数计算包å«æ‰€æœ‰çš„HTTP查询å‚æ•° NcCs˜|j ¡}| ¡r| ¡|jt<|durt}| ||¡}t ¡|jd<|  |||||¡}|r?d  |  ¡d  |¡|¡|jd<dSd  |  ¡|¡|jd<dS)õB把authorization放入reqçš„headeré‡Œé¢ :param req: authorizationä¿¡æ¯å°†ä¼šåŠ å…¥åˆ°è¿™ä¸ªè¯·æ±‚çš„headeré‡Œé¢ :type req: oss2.http.Request :param bucket_name: bucketå称 :param key: OSS文件å :param in_additional_headers: 加入签å计算的é¢å¤–header列表 Nr©z8OSS2 AccessKeyId:{0},AdditionalHeaders:{1},Signature:{2}ú;rªz"OSS2 AccessKeyId:{0},Signature:{1}) r!r?r@r«r¬Ú_DEFAULT_ADDITIONAL_HEADERSÚ'_ProviderAuthV2__get_additional_headersrr­Ú_ProviderAuthV2__make_signaturerrNrO)r"r¯rQr1Úin_additional_headersrUÚadditional_headersr]rrrr°Es   ÿzProviderAuthV2._sign_requestc CsÒ|j ¡}| ¡r| ¡|jd<|durtƒ}| ||¡}tt ¡ƒ|}t|ƒ|j d<d|jd<t|ƒ|jd<|  ¡|jd<|rId  |¡|jd <|  |||||¡} | |jd <|j d d   d d„|j ¡Dƒ¡S)õq返回一个签过åçš„URL :param req: 需è¦ç­¾å的请求 :type req: oss2.http.Request :param bucket_name: bucketå称 :param key: OSS文件å :param int expires: 返回的url将在`expires`秒åŽè¿‡æœŸ. :param in_additional_headers: 加入签å计算的é¢å¤–header列表 :return: a signed URL r%Nr©ÚOSS2úx-oss-signature-versionú x-oss-expireszx-oss-access-key-idrúx-oss-additional-headersúx-oss-signaturer4r5csr6r r7r9rrrr=†r>z+ProviderAuthV2._sign_url..)r!r?r@rTÚsetrrArBrFr«rNrOrrPrC) r"r¯rQr1rSrrUrrVr]rrrr±bs    $zProviderAuthV2._sign_urlcCs`tr | ||||¡}n| ||||¡}t d |¡¡t t|  ¡ƒt|ƒt j ¡}t   | ¡¡Sr²)rÚ#_ProviderAuthV2__get_string_to_signÚ"_ProviderAuthV2__get_bytes_to_signrrrrGrHrrIrJÚsha256rrLrM)r"r¯rQr1rrUr[r\rrrr¶ˆs zProviderAuthV2.__make_signaturecCó2tdd„|Dƒƒ}tdd„|j ¡Dƒƒ}||@S)Ncsó|]}| ¡VqdSr ©rÈ©r:r\rrrr=–ó€z:ProviderAuthV2.__get_additional_headers..csr)r r*©r:r;rrrr=—r,©r$r«Úkeys©r"r¯rrÚkeys_in_headerrrrÚ__get_additional_headers“óz'ProviderAuthV2.__get_additional_headersc Csˆ|j}|j dd¡}|j dd¡}|j dd¡}| ||¡} d t|ƒ¡} | |||¡} |d|d|d|d| | d| S)Nrr2rr©rr3)r»r«rºÚ._ProviderAuthV2__get_canonicalized_oss_headersrOÚsortedÚ$_ProviderAuthV2__get_resource_string© r"r¯rQr1Úadditional_header_listÚverbr¾r¿r©Úcanonicalized_oss_headersrrWrrrrÀ›s8 ÿÿþþýýüûûúz#ProviderAuthV2.__get_string_to_signcCsB|r td|d|ƒ}ntdƒ}t d ||¡¡|| |¡S)NrÏzencoded_uri={0} key={1})rrÚinforÚ-_ProviderAuthV2__get_canonalized_query_string)r"r¯rQr1Ú encoded_urirrrrÒ­s z$ProviderAuthV2.__get_resource_stringcs`i}|j ¡D] \}}t|ƒ|t|ƒ<q|sdSt| ¡dd„d}dd ‡fdd„|Dƒ¡S) Nr2cSr*r+rr,rrrr.¿r/z?ProviderAuthV2.__get_canonalized_query_string..r0r4r5c3rÓr )Ú_ProviderAuthV2__param_to_queryr9rarrr=ÀrÆz@ProviderAuthV2.__get_canonalized_query_string..)rTrCrr5rO©r"r¯Úencoded_paramsÚparamr×Ú sorted_paramsrrarÚ__get_canonalized_query_string·sz-ProviderAuthV2.__get_canonalized_query_stringcCrÙrÚrrÜrrrrÝÂrÞzProviderAuthV2.__param_to_querycCódg}|j ¡D]\}}| ¡}| d¡s||vr| ||f¡q|jdd„dd dd„|Dƒ¡S)õs :param additional_headers: å°å†™çš„headers列表, 并且这些headers都ä¸ä»¥'x-oss-'为å‰ç¼€. rÂcSr*r+rrÃrrrr.Ór/z@ProviderAuthV2.__get_canonicalized_oss_headers..r0r2csó(|]}|dd|ddVqdS©rrÅrr3Nr©r:r<rrrr=ÕrèzAProviderAuthV2.__get_canonicalized_oss_headers..rÇ©r"r¯rrËr;r<rÌrrrÚ__get_canonicalized_oss_headersÈó€z.ProviderAuthV2.__get_canonicalized_oss_headersc Cs¬|j d¡}|j dd¡ d¡}|j dd¡ d¡}|j dd¡ d¡}| ||¡} d t|ƒ¡ d¡} | |||¡ d¡} |d|d|d|d| | d| S)Nrßrr2rr©rrà)r»rár«rºÚ4_ProviderAuthV2__get_canonicalized_oss_headers_bytesrOr5r6r7rrrrå×s8  ÿÿþþýýüûûúz"ProviderAuthV2.__get_bytes_to_signcCrD)rErÂcSr*r+rrÃrrrr.ôr/zFProviderAuthV2.__get_canonicalized_oss_headers_bytes..r0récsó0|]}t|dƒdt|dƒdVqdS©rrærràNrçrHrrrr=öó€.zGProviderAuthV2.__get_canonicalized_oss_headers_bytes..rÇrIrrrÚ%__get_canonicalized_oss_headers_bytesérKz4ProviderAuthV2.__get_canonicalized_oss_headers_bytescCrër )rrarrrrørbzProviderAuthV2.auth_versionr )rcrdrerfr°r±rrr%r6r<r>r4r&rLrrrrrrü?s  &    rücrî)ru–ç­¾å版本2,与版本1的区别在: 1. 使用SHA256算法,具有更高的安全性 2. å‚数计算包å«æ‰€æœ‰çš„HTTP查询å‚æ•° crïr )r rrðrr#rñròrrr#rôzAuthV2.__init__rõrrròrrûórc@sÌeZdZdZd1dd„Zd1dd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„Zd'd(„Zd)d*„Zd+d,„Zd-d.„Zd/d0„ZdS)2rþuOç­¾å版本4,默认构造函数åŒçˆ¶ç±»AuthBase,需è¦ä¼ é€’credentials_provider 与版本2的区别在: 1. v4 ç­¾å规则引入了scope概念,SignToString(å¾…ç­¾å串) å’Œ SigningKey (签å密钥)都需è¦åŒ…å« regionä¿¡æ¯ 2. 资æºè·¯å¾„里的 / ä¸åšè½¬ä¹‰ã€‚ query里的 / 需è¦è½¬ä¹‰ä¸º %2F Nc CsÌ|jdur tdƒ‚|j ¡}| ¡r| ¡|jt<t ¡}|  d¡}|dd…}||jd<d|jd<|  |¡} |  ¡d|  ||¡} |  |||| ||¡} d  | | ¡} | r_| d  d  | ¡¡} | |jd <dS) rNz5The region should not be None in signature version 4.ú%Y%m%dT%H%M%SZér·úUNSIGNED-PAYLOADúx-oss-content-sha256rÏz.OSS4-HMAC-SHA256 Credential={0}, Signature={1}z, AdditionalHeaders={0}rrª)Úregionrr!r?r@r«r¬rÚutcnowÚstrftimeÚ._ProviderAuthV4__get_additional_signed_headersrNÚ_ProviderAuthV4__get_scopeÚ_ProviderAuthV4__make_signaturerrO) r"r¯rQr1rrUÚ now_datetimeÚnow_datetime_iso8601Únow_dateÚadditional_signed_headersÚ credentialr]rªrrrr° s"        zProviderAuthV4._sign_requestc Csø|j ¡}| ¡r| ¡|jd<|durtƒ}| ||¡}| |¡}t ¡}|  d¡} | dd…} | |jd<t |ƒ|jd<d|jd<|  ¡d |  | |¡|jd <|r[|  |¡|jd <| |||||| ¡} | |jd <|jd d dd„|j ¡Dƒ¡S)rzx-oss-security-tokenNrRrSr·r!zOSS4-HMAC-SHA256r rÏzx-oss-credentialr"r#r4r5csr6r r7r9rrrr=Pr>z+ProviderAuthV4._sign_url..)r!r?r@rTr$Ú'_ProviderAuthV4__get_additional_headersrYrrWrXrFrNrZÚ8_ProviderAuthV4__get_canonical_additional_signed_headersr[rPrOrC) r"r¯rQr1rSrrUrr\r]r^r]rrrr±,s&        $zProviderAuthV4._sign_urlc CsŒtr| ||||¡}| |||¡}n| ||||¡}| |||¡}| |||¡} t | t|ƒt j ¡  ¡} t   d |¡¡t   d |¡¡| S)Nz'Make signature: canonical_request = {0}r³)rÚ&_ProviderAuthV4__get_canonical_requestÚ#_ProviderAuthV4__get_string_to_signÚ,_ProviderAuthV4__get_canonical_request_bytesÚ)_ProviderAuthV4__get_string_to_sign_bytesÚ _ProviderAuthV4__get_signing_keyrGrHrrJr'Ú hexdigestrrr) r"r¯rQr1r_rUÚ date_timeÚcanonical_requestr[Ú signing_keyr]rrrr¶RszProviderAuthV4.__make_signaturecCr()Ncsr)r r*r+rrrr=dr,z:ProviderAuthV4.__get_additional_headers..csr)r r*r-rrrr=er,r.r0rrrr2ar3z'ProviderAuthV4.__get_additional_headerscCsT|durdSg}|D]}| ¡}| d¡st |¡s| |¡q |jdd„d|S)NrÂcSr*r+rrÃrrrr.qr/z@ProviderAuthV4.__get_additional_signed_headers..r0)rÈrÉÚDEFAULT_SIGNED_HEADERSÚ __contains__rDrE)r"rr«r;r1rrrÚ__get_additional_signed_headersis €z.ProviderAuthV4.__get_additional_signed_headerscCs&|r d|d|}nd}| |d¡S)NrÏT)Ú_ProviderAuthV4__v4_uri_encode)r"rQr1r=rrrÚ__get_canonical_urits z"ProviderAuthV4.__get_canonical_uricCrÙrÚrrÜrrrrÝ{rÞzProviderAuthV4.__param_to_querycsdi}|j ¡D]\}}ˆ |d¡|ˆ |d¡<q|sdSt| ¡dd„d}d ‡fdd„|Dƒ¡S) NFr2cSr*r+rr,rrrr.‰r/z6ProviderAuthV4.__get_canonical_query..r0r5c3rÓr )Ú_ProviderAuthV4__param_to_queryr9rarrr=ŠrÆz7ProviderAuthV4.__get_canonical_query..)rTrCror5rOr?rrarÚ__get_canonical_querysz$ProviderAuthV4.__get_canonical_querycCs>|dur| d¡r dSt |¡rdS|dur| |¡rdSdS)NrÂTF)rÉrlrm)r"r1rrrrÚ__is_sign_headerŒs  zProviderAuthV4.__is_sign_headercCó^g}|j ¡D]\}}| ¡}| ||¡r| ||f¡q|jdd„dd dd„|Dƒ¡S)NcSr*r+rrÃrrrr.Ÿr/z8ProviderAuthV4.__get_canonical_headers..r0r2csrFrGrrHrrrr= rèz9ProviderAuthV4.__get_canonical_headers..©r«rCrÈÚ_ProviderAuthV4__is_sign_headerrDrErOrIrrrÚ__get_canonical_headers™ó €z&ProviderAuthV4.__get_canonical_headerscCrt)NcSr*r+rrÃrrrr.¨r/z>ProviderAuthV4.__get_canonical_headers_bytes..r0récsrMrNrçrHrrrr=©rOz?ProviderAuthV4.__get_canonical_headers_bytes..rurIrrrÚ__get_canonical_headers_bytes¢rxz,ProviderAuthV4.__get_canonical_headers_bytescCs|durdSd t|ƒ¡S)Nr2r)rOr5)r"rrrrÚ)__get_canonical_additional_signed_headers«sz8ProviderAuthV4.__get_canonical_additional_signed_headerscCs|j d¡r |j dd¡SdS)NrUr2rT)r«rmrº©r"r¯rrrÚ__get_canonical_hash_payload°s z+ProviderAuthV4.__get_canonical_hash_payloadcCs|jp|jpdSr`)Ú cloudbox_idrVr{rrrÚ __get_regionµszProviderAuthV4.__get_regioncCs|jSr )Úproductr{rrrÚ __get_product¸szProviderAuthV4.__get_productcCs$|d| |¡d| |¡dS)NrÏz/aliyun_v4_request)Ú_ProviderAuthV4__get_regionÚ_ProviderAuthV4__get_product)r"r©r¯rrrÚ __get_scope»rùzProviderAuthV4.__get_scopecCsP|jd| ||¡d| |¡d| ||¡d| |¡d| |¡S)Nr3)r»Ú"_ProviderAuthV4__get_canonical_uriÚ$_ProviderAuthV4__get_canonical_queryÚ&_ProviderAuthV4__get_canonical_headersrbÚ+_ProviderAuthV4__get_canonical_hash_payload©r"r¯rQr1r_rrrÚ__get_canonical_request¾s& ÿÿþþ ýýüüûz&ProviderAuthV4.__get_canonical_requestcCs:|dd…}d|d| ||¡dt t|ƒ¡ ¡S©NrSzOSS4-HMAC-SHA256 r3)rZrJr'rrh)r"r¯rjrir©rrrrÀÆs ÿÿ þþýz#ProviderAuthV4.__get_string_to_signcCsdt|jƒdt| ||¡ƒdt| |¡ƒd| ||¡dt| |¡ƒdt| |¡ƒS)Nrà)rr»r„r…Ú,_ProviderAuthV4__get_canonical_headers_bytesrbr‡rˆrrrÚ__get_canonical_request_bytesÍs& ÿÿ þþ ýý üü ûz,ProviderAuthV4.__get_canonical_request_bytescCs6|dd…}d|d| ||¡dt |¡ ¡SrŠ)rZrJr'rh)r"r¯Úcanonical_request_bytesrir©rrrÚ__get_string_to_sign_bytesÕs ÿÿ þþ ýz)ProviderAuthV4.__get_string_to_sign_bytesc CsŒ|dd…}d| ¡}t t|ƒt|ƒtj¡}t | ¡t| |¡ƒtj¡}t | ¡t| |¡ƒtj¡}t | ¡tdƒtj¡} |  ¡S)NrSÚ aliyun_v4Úaliyun_v4_request) rIrGrHrrJr'rMrr‚) r"r¯rUrir©Ú key_secretÚ signing_dateÚsigning_regionÚsigning_productrkrrrÚ__get_signing_keyÜs  z ProviderAuthV4.__get_signing_keycCs t|ƒ}d}|D]E}t|tƒrt|ƒ}n|}|dkr|dks2|dkr&|dks2|dkr.|dks2|dvr7||7}q|d urD|d krD||7}q|d  t|ƒ¡7}q|S) Nr2rrrrrrrTrÏr r )r"rÚ ignoreSlashesrrrrrrÚ__v4_uri_encodeås     zProviderAuthV4.__v4_uri_encodecCrër )rrarrrrùrbzProviderAuthV4.auth_versionr )rcrdrerfr°r±r[rarYr„rqr…rvr†r‹rbr‡rr‚rZrcrdrerfrgrorrrrrrþs2  !&      rþcrî)ruç­¾å版本4,与版本2的区别在: 1. v4 ç­¾å规则引入了scope概念,SignToString(å¾…ç­¾å串) å’Œ SigningKey (签å密钥)都需è¦åŒ…å« regionä¿¡æ¯ 2. 资æºè·¯å¾„里的 / ä¸åšè½¬ä¹‰ã€‚ query里的 / 需è¦è½¬ä¹‰ä¸º %2F crïr )r rrðrr#rñròrrr#rôzAuthV4.__init__rõrrròrrürQr)&rGrJrBrr2rÚ exceptionsrÚcompatrrrr«rhrUr rìrrrlÚ getLoggerrcrrÚobjectrrgrr÷rûr8rr$rrürrþrrrrrÚsB       +$ÿ= x