R}3      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~)Copyright 2014 AlephCloud Systems, Inc.BSD3 Lars Kuhtz <lars@alephcloud.com> experimentalNone+BM Amazon Resource Names Fhttp://docs.aws.amazon.com/general/1.0/gr/aws-arns-and-namespaces.html6From the specification it is not clear if elements of m can be empty. Though examples given in the specification do not inlcude such a case, our parser allows it.9expected to be non-empty. Elements are separated by only :. / is not treated specially.AWS Service Namespaces dhttp://docs.aws.amazon.com/general/1.0/gr/aws-arns-and-namespaces.html#genref-aws-service-namespacesFor testing purposes (see  Fhttp://docs.aws.amazon.com/general/1.0/gr/signature-v4-test-suite.html)Amazon EC2 and Amazon VPC$AWS Canonical User ID Bhttp://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html.*This is actually a long hexadecimal number&AWS Account Id ?http://docs.aws.amazon.com/general/1.0/gr/acct-identifiers.html.#This is actually a 12 digit number.(Region 4http://docs.aws.amazon.com/general/1.0/gr/rande.htmlThe relation between regions and service endpoints is not bijective for all AWS services. Not all AWS services support all regions. Some services don't use the concept of region at all.)YTo override the region settings with a custom service endpoint, e.g. for testing purposeERegions are parsed as follows: 1 ::= "ap-northeast-1" 0 ::= "ap-southeast-1" / ::= "ap-southeast-2" . ::= "eu-west-1" - ::= "sa-east-1" , ::= "us-east-1" + ::= "us-west-1" * ::= "us-west-2" ) ::= "custom:"  ":"  This instance if for general testing of the syntax of ARNs. For service specific ARNs you should use a newtype wrapper and define an  ArbitraryE instance the satisfies the constraints of that particular services.c  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN:;<=89>?576@A243BC(10/.-,+*)DE&'FG$%HI#"!  JKLM.#"!  $%&'( 10/.-,+*)24357689:;<=>?@ABCDEFGHIJKLM)Copyright 2014 AlephCloud Systems, Inc.MIT Lars Kuhtz <lars@alephcloud.com> experimentalNone+EWThis key can be computed once and cached. It is valid for all requests to the same service and the region till 00:00:00 UTC time.jAWS access credentials.!This type is compatible with the  Credential type from the  'https://hackage.haskell.org/package/aws aws package/. You may use the following function to get a SignatureV4Credential from a  Credential: cred2credv4 :: Credential -> SignatureV4Credential #if MIN_VERSION_aws(0,9,2) cred2credv4 (Credential a b c _) = SignatureV4Credential a b c #else cred2credv4 (Credential a b c) = SignatureV4Credential a b c #endifn+used internally for caching the singing keyp5We only support SHA256 since SHA1 has been deprecatedsCompute canonical URI Mhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-create-canonical-request.htmlDThe input is assumed to be an absolute URI. If the first segment is ..7 it is kept as is. Most likely such an URI is invalid.t0Normalize URI Path according to RFC 3986 (6.2.2)u1Normalize URI Query according to RFC 3986 (6.2.2)vCompute canonical HTTP headers Mhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-create-canonical-request.htmlIt is assumed (and not checked) that the header values comform with the definitions in RFC 2661. In particular non-comformant usage of quotation characters may lead to invalid results.6Parse HTTP-date according to section 3.3.1 of RFC 2616,the implementation is copie from the module Aws.Core of the  'https://hackage.haskell.org/package/aws aws package.wtNormalization of the date header breaks the AWS test suite, since the tests in that test suite use an invalid date.`Date normalization is enabled by default but can be turned of via the cabal (compiletime) flag normalize-signature-v4-date.xCompute signed headers Mhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-create-canonical-request.htmly4Create Canonical Request for AWS Signature Version 4 Mhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-create-canonical-request.htmlThis functions performs normalization of the URI and the Headers which is expensive. We should consider providing an alternate version of this function that bypasses these steps and simply assumes that the input is already canonical.|5Create the String to Sign for AWS Signature Version 4 Jhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-create-string-to-sign.html}Derive the signing key Hhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-calculate-signature.html~"Compute an AWS Signature Version 4 Hhttp://docs.aws.amazon.com/general/1.0/gr/sigv4-calculate-signature.html"Compute an AWS Signature Version 4FThis version computes the derivied signing key each time it is invokedThe request headers must include the host header. The query must include the Action parameter."Compute an AWS Signature Version 4FThis version computes the derivied signing key each time it is invokedThe request headers must include the host header. The query must include the Action parameter.The  x-amz-date7 header is generated by the code. A possibly existing  x-amz-date header or date header is replaced.The request headers must include the host header. The query must include the Action parameter.The request headers must include the host header. The query must include the Action parameter.The  x-amz-date7 header is generated by the code. A possibly existing  x-amz-date header or date header is replaced.Get cached signing keyThis should be improved: 3use an MVar instead of an IORef (for thread safety)Suse a better cache data structure (either a dense vector of MVars or a hashmap.)use more efficient value representations:7Hashable instance for the index (or use a Int directly)@represent dates as number of days or seconds (e.g. since epoche)NNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr Access Key IDSecret Access KeySecurity TokenstuvwxyHTTP method of requestcanonical URI Path of requestcanonical URI Query of requestcanonical request headersRequest payloadz{| request date credential scope for the requestcanonical request}~ AWS credentialsrequest regionservice of the request request timeHTTP method of requestURI Path of requestURI Query of requestrequest headersrequest payload AWS credentialsrequest regionservice of the request request timeHTTP method of requestURI Path of requestURI Query of requestrequest headers request payload AWS credentialsrequest regionservice of the request request timeHTTP method of requestURI Path of requestURI Query of requestrequest headersrequest payload AWS credentialsrequest regionservice of the request request timeHTTP method of requestURI Path of requestURI Query of requestrequest headers request payload the updated HTTP headersAWS credentialsHTTP method of requestURI Path of requestURI Query of requestrequest headersrequest payloadAWS credentialsHTTP method of requestURI Path of requestURI Query of requestrequest headersrequest payloadAWS credentials<89>?NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~<89>?qjklmnorNOPQRSTwpihtufgsdevcxaby`z[\]^_{YZ|WX}UV~7NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&&''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNNOPQRSTTUUVVWWXYZ[\\]^^__`abbcdefghijklmnopqrstuvwxyz{|}~[]aws-general-0.2.1 Aws.GeneralAws.SignatureV4Arn arnService arnRegion arnAccount arnResourceServiceNamespaceServiceNamespaceHostServiceNamespaceSwfServiceNamespaceSupportServiceNamespaceStsServiceNamespaceStoragegatewayServiceNamespaceSnsServiceNamespaceSqsServiceNamespaceSdbServiceNamespaceSesServiceNamespaceS3ServiceNamespaceRoute53ServiceNamespaceRedshiftServiceNamespaceRdsServiceNamespaceOpsworks(ServiceNamespaceAwsMarketplaceManagementServiceNamespaceKinesisServiceNamespaceIamServiceNamespaceGlacierServiceNamespaceElasticache ServiceNamespaceElasticmapreduce$ServiceNamespaceElasticloadbalancing ServiceNamespaceElasticbeanstalkServiceNamespaceEc2ServiceNamespaceDynamodbServiceNamespaceCloudwatchServiceNamespaceCloudfrontServiceNamespaceCloudformationServiceNamespaceAutoscalingServiceNamespaceAwsPortalCanonicalUserId AccountIdRegionCustomEndpointUsWest2UsWest1UsEast1SaEast1EuWest1 ApSoutheast2 ApSoutheast1 ApNortheast1SignatureMethodSignatureMethodSha256SignatureMethodSha1SignatureVersionSignatureVersion4SignatureVersion2GeneralVersionGeneralVersion_1_0AwsTypetoTextparsefromTextgeneralVersionToTextparseGeneralVersionsignatureVersionToTextparseSignatureVersionsignatureMethodToTextparseSignatureMethod regionToText parseRegionaccountIdToTextparseAccountIdcanonicalUserIdToTextparseCanonicalUserIdserviceNamespaceToTextparseServiceNamespace arnToTextparseArnAuthorizationInfoauthzInfoAlgorithmauthzInfoCredentialauthzInfoSignedHeaders authzInfoDateauthzInfoSignature Signature SigningKey StringToSignCredentialScopecredentialScopeDatecredentialScopeRegioncredentialScopeServiceHashedCanonicalRequestCanonicalRequest SignedHeadersCanonicalHeaders CanonicalUriUriQueryUriPathSignatureV4CredentialssigV4AccessKeyIdsigV4SecretAccessKeysigV4SigningKeyssigV4SecurityTokensigningAlgorithmsignatureVersionnewCredentials canonicalUrinormalizeUriPathnormalizeUriQuerycanonicalHeadersdateNormalizationEnabled signedHeaderscanonicalRequesthashedCanonicalRequestcredentialScopeToText stringToSign signingKeyrequestSignatureauthorizationInfoauthorizationInfoQueryauthorizationInfoHeadersignGetRequestsignPostRequestsignGetRequestIOsignPostRequestIO text-1.2.0.4Data.Text.InternalTextghc-prim GHC.TypesInt$fArbitraryArnstandardRegions $fFromJSONArn $fToJSONArn $fAwsTypeArn$fArbitraryServiceNamespace$fHashableServiceNamespace$fAwsTypeServiceNamespace$fArbitraryCanonicalUserId$fAwsTypeCanonicalUserId$fArbitraryAccountId$fAwsTypeAccountId$fArbitraryRegion$fHashableRegion$fAwsTypeRegion$fArbitrarySignatureMethod$fAwsTypeSignatureMethod$fArbitrarySignatureVersion$fAwsTypeSignatureVersion$fArbitraryGeneralVersion$fAwsTypeGeneralVersion parseHttpDate getSigningKeySigV4Key signingHash signingHash16 signingHmaccanonicalDateHeaderFormatparseCredentialScopeterminationStringcredentialScopeDateFormatcredentialScopeDateTextsigningStringDateFormatsigningKeyPrefixauthorizationCredentialsignGetRequest_signPostRequest_fTime$fArbitraryCredentialScope$fAwsTypeCredentialScope$fEqCredentialScope