\dZddlZddlmZddlmZddlZddlmZddlZddlm Z dZ dZ d Z d Z d Zd Z dd ZdZefdZy)z&Utility functions for signurl command.N)datetime)timezone)UTF8)urllibzN{method} {resource} {query_string} {headers} {signed_headers} {hashed_payload}zGOOG4-RSA-SHA256zA{signing_algo} {request_time} {credential_scope} {hashed_request}z;https://{host}/{path}?x-goog-signature={sig}&{query_string}zUNSIGNED-PAYLOADcjtjtjj dS)N)tz)tzinfo)rnowrutcreplace-platform/gsutil/gslib/utils/signurl_helper.py_NowUTCr$s#  & . .d . ;;rc (t} | jd} | jd} dj| |} t|dz| z| dj t |j d|jzd}|||d <|||d <d j|}d j t |j Dcgc]4}d j|tjj||6c}}dj t |j Dcgc]%}dj|j||'c}dz}dj t |j }tj|||||t}tjr|j!t"}t%j&}|j)|t+j,|j/jj1t"}t2jt| | |}| r*|r(|j5d|z|j5d|z||fScc}wcc}w)aCreate a string that needs to be signed. Args: client_id: Client ID signing this URL. method: The HTTP method to be used with the signed URL. duration: timedelta for which the constructed signed URL should be valid. path: String path to the bucket of object for signing, in the form 'bucket' or 'bucket/object'. generation: If not None, specifies a version of an object for signing. logger: logging.Logger for warning and debug output. region: Geographic region in which the requested resource resides. signed_headers: Dict containing the header info like host content-type etc. billing_project: Specify a user project to be billed for the request. string_to_sign_debug: If true AND logger is enabled for debug level, print string to sign to debug. Used to differentiate user's signed URL from the probing permissions-check signed URL. Returns: A tuple where the 1st element is the string to sign. The second element is the query string. z%Y%m%dz%Y%m%dT%H%M%SZz%{date}/{region}/storage/goog4_request)dateregion/;z%d)zx-goog-algorithmzx-goog-credentialz x-goog-datezx-goog-signedheaderszx-goog-expires userProject generationz/{}&z{}={} z{}:{})methodresource query_stringheaderssigned_headershashed_payload) signing_algo request_timecredential_scopehashed_requestz=Canonical request (ignore opening/closing brackets): [[[%s]]]z:String to sign (ignore opening/closing brackets): [[[%s]]])rstrftimeformat _SIGNING_ALGOjoinsortedkeys total_secondsrparse quote_pluslower_CANONICAL_REQUEST_FORMAT_UNSIGNED_PAYLOADsixPY3encoderhashlibsha256updatebase64 b16encodedigestdecode_STRING_TO_SIGN_FORMATdebug) client_idrdurationpathrloggerrrbilling_projectstring_to_sign_debug signing_time canonical_daycanonical_timecanonical_scopesigned_query_paramscanonical_resourceparamcanonical_query_stringheadercanonical_headerscanonical_signed_headerscanonical_requestcanonical_request_hasherhashed_canonical_requeststring_to_signs r CreatePayloadrQ(s@,''1-(()9:.;BB C)/($s?_<#!hhvn.A.A.C'DEx5577 !)8 &(2 %||D)88-2245%5%nnUFLL334G4NOP5%ii>..01!1&nnV\\^^F%;<1!  !XXf^-@-@-B&CD/66 !)-& 7( WW)006$^^-!!"34#--%%')).*00 !&- 1/. f LLG  LLM ! / //O%!s 9J 4*Jctj|jj}tj ||||S)zGet the final signed url.)hostr>sigr)r6r7r-r9_SIGNED_URL_FORMATr%) raw_signaturerSr>rI signatures r GetFinalUrlrXsI}-335<<>)  " "(,'00F # HHrcHt|tr|S|j|S)N) isinstancebytesr2)valueencodings rto_bytesr^s u L h r)NF)__doc__r6rrr3gslib.utils.constantsrr0 six.movesrr.r&r:rUr/rrQrXr^r rrrbsg- & D" /'&<#'',]0@H" r