dZddlmZddlmZddlmZddlZddlZddlZddlZddl m Z ddl m Z ddl mZddlZd Zd Zd Zd ZGd de j*ZdZdZdZdZy)z/Utilities for generating Cloud CDN Signed URLs.)absolute_import)division)unicode_literalsN) exceptions)requests)encodingz,The URL scheme must be either HTTP or HTTPS.z,The URL must not have a '{}' query parameterz!The URL must not have a fragment.)ExpiresKeyName SignatureceZdZdZy)InvalidCdnSignedUrlErrorzInvalid URL error.N)__name__ __module__ __qualname____doc__8lib/googlecloudsdk/command_lib/compute/sign_url_utils.pyr r (srr ctj||tjj }t j |S)a,Gets the base64url encoded HMAC-SHA1 signature of the specified URL. Args: key: The key value to use for signing. url: The url to use for signing. Returns: The signature of the specified URL calculated using HMAC-SHA1 signature digest and encoding the result using base64url. )hmacnewhashlibsha1digestbase64urlsafe_b64encode)keyurl signatures r _GetSignaturer ,s4hhsC.557)  ! !) ,,rcBttj|zS)z>Converts the number of seconds from now into a unix timestamp.)inttime)seconds_from_nows r_SecondsFromNowToUnixTimestampr%;s TYY[+ + ,,rc|j}tjjjj |}|j dk7r|j dk7rtt|jrtttjjjj|jd}tD]$}||vsttj|dj||rdndt!||}t#t%j&||j)d } d j|t+j,|  S) a`Gets the Signed URL string for the specified URL and configuration. Args: url: The URL to sign. key_name: Signed URL key name to use for the 'KeyName=' query parameter. encoded_key_value: The base64url encoded key value to use for signing. validity_seconds: The number of seconds for which this signed URL will be valid, starting when this function is called. Returns: Returns the Signed URL appended with the query parameters based on the specified configuration. Raises: InvalidCdnSignedUrlError: if the URL is invalid and/or failed to parse the URL. httpshttpT)keep_blank_valuesz3{url}{separator}Expires={expires}&KeyName={keyName}&?)r separatorexpireskeyNamezutf-8z{url}&Signature={signature})rr)stripsixmovesurllibparseurlsplitschemer &_URL_SCHEME_MUST_BE_HTTP_HTTPS_MESSAGEfragment#_URL_MUST_NOT_HAVE_FRAGMENT_MESSAGEparse_qsquery_DISALLOWED_QUERY_PARAMETERS _URL_MUST_NOT_HAVE_PARAM_MESSAGEformatr%r rurlsafe_b64decodeencoderDecode) rkey_nameencoded_key_valuevalidity_seconds stripped_url parsed_url query_paramsparam url_to_signrs rSignUrlrI@sH$,yy%%..|<*'!j&7&76&A "#I JJ "#F GG!!''00$10,,e  $ * 1 1% 8 ::,FLL #,-=> M+ 01;3E3Eg3NP) & - - !; . ==rcftj}|jd|}|jS)zValidates the Signed URL by returning the response code for HEAD request. Args: signed_url: The Signed URL which should be validated. Returns: Returns the response code for the HEAD request to the specified Signed URL. HEAD)r GetSessionrequest status_code) signed_url http_client http_responses rValidateSignedUrlrRts0##%+%%fj9-  " ""r)r __future__rrrrrrr#googlecloudsdk.corercore_exceptionsrgooglecloudsdk.core.utilrsix.moves.urllib.parser0r6r<r8r;Errorr r r%rIrRrrrrYsr6&'  =(-3'5!'J#B44 -- 1=h #r