o |nh@sDddlZddlmZddlmZddlZGdddZdddZdS) N)datetime)sha256c@seZdZdddZddZdS) SigV4AuthN us-east-1cCs||_||_||_||_dSN) access_key secret_key session_tokenregion)selfrrr r r 9/usr/local/lib/python3.10/dist-packages/hvac/aws_utils.py__init__s zSigV4Auth.__init__csztd}|jd<|jr|jjd<dfddtjD}dddtjD}tj d  }d j d d|||g}d }d |d d|j ddg}t| d  } d |||| g} d|j  } t| |d d d t} t| |j d t} t| dt} t| dt} t| | d t } d||j||| } | jd<dS)Nz%Y%m%dT%H%M%SZz X-Amz-DatezX-Amz-Security-Tokenc3s*|]}|dj|dVqdS): N)lowerheaders.0krequestr r s z%SigV4Auth.add_auth..;css|]}|VqdSr)rrr r r rszutf-8r/zAWS4-HMAC-SHA256rsts aws4_requestAWS4sstss aws4_requestz3{} Credential={}/{}, SignedHeaders={}, Signature={} Authorization)rutcnowstrftimerr joinsortedrbodyencode hexdigestmethodr rhmacnewdigestformatr)r r timestampcanonical_headerssigned_headers payload_hashcanonical_request algorithmcredential_scopecanonical_request_hashstring_to_signkey signature authorizationr rr add_auths<     zSigV4Auth.add_auth)Nr)__name__ __module__ __qualname__rr9r r r r rs  rcCs2tjddddddd}|r||jd<|}|S) aHelper function to prepare a AWS API request to subsequently generate a "AWS Signature Version 4" header. :param header_value: Vault allows you to require an additional header, X-Vault-AWS-IAM-Server-ID, to be present to mitigate against different types of replay attacks. Depending on the configuration of the AWS auth backend, providing a argument to this optional parameter may be required. :type header_value: str :return: A PreparedRequest instance, optionally containing the provided header value under a 'X-Vault-AWS-IAM-Server-ID' header name pointed to AWS's simple token service with action "GetCallerIdentity" :rtype: requests.PreparedRequest POSTzhttps://sts.amazonaws.com/z0application/x-www-form-urlencoded; charset=utf-8zsts.amazonaws.com)z Content-TypeHostz+Action=GetCallerIdentity&Version=2011-06-15)r(urlrdatazX-Vault-AWS-IAM-Server-ID)requestsRequestrprepare) header_valuerprepared_requestr r r generate_sigv4_auth_request8s  rFr)r)rhashlibrrArrFr r r r s   1