1 files changed, 52 insertions, 6 deletions

diff --git a/boto/auth.py b/boto/auth.py
index 0aa299f9..0d4221d6 100644
--- a/boto/auth.py
+++ b/boto/auth.py
@@ -385,8 +385,9 @@ class HmacAuthV4Handler(AuthHandler, HmacKeys):
 
     def canonical_uri(self, http_request):
         path = http_request.auth_path
-        # Normalize the path.
-        normalized = posixpath.normpath(path)
+        # Normalize the path
+        # in windows normpath('/') will be '\\' so we chane it back to '/'
+        normalized = posixpath.normpath(path).replace('\\','/')
         # Then urlencode whatever's left.
         encoded = urllib.quote(normalized)
         if len(path) > 1 and path.endswith('/'):
@@ -430,11 +431,17 @@ class HmacAuthV4Handler(AuthHandler, HmacKeys):
         parts = http_request.host.split('.')
         if self.region_name is not None:
             region_name = self.region_name
-        else:
-            if len(parts) == 3:
-                region_name = 'us-east-1'
+        elif len(parts) > 1:
+            if parts[1] == 'us-gov':
+                region_name = 'us-gov-west-1'
             else:
-                region_name = parts[1]
+                if len(parts) == 3:
+                    region_name = 'us-east-1'
+                else:
+                    region_name = parts[1]
+        else:
+            region_name = parts[0]
+
         if self.service_name is not None:
             service_name = self.service_name
         else:
@@ -509,6 +516,45 @@ class HmacAuthV4Handler(AuthHandler, HmacKeys):
         req.headers['Authorization'] = ','.join(l)
 
 
+class QueryAuthHandler(AuthHandler):
+    """
+    Provides pure query construction (no actual signing).
+
+    Mostly useful for STS' ``assume_role_with_web_identity``.
+
+    Does **NOT** escape query string values!
+    """
+
+    capability = ['pure-query']
+
+    def _escape_value(self, value):
+        # Would normally be ``return urllib.quote(value)``.
+        return value
+
+    def _build_query_string(self, params):
+        keys = params.keys()
+        keys.sort(cmp=lambda x, y: cmp(x.lower(), y.lower()))
+        pairs = []
+        for key in keys:
+            val = boto.utils.get_utf8_value(params[key])
+            pairs.append(key + '=' + self._escape_value(val))
+        return '&'.join(pairs)
+
+    def add_auth(self, http_request, **kwargs):
+        headers = http_request.headers
+        params = http_request.params
+        qs = self._build_query_string(
+            http_request.params
+        )
+        boto.log.debug('query_string: %s' % qs)
+        headers['Content-Type'] = 'application/json; charset=UTF-8'
+        http_request.body = ''
+        # if this is a retried request, the qs from the previous try will
+        # already be there, we need to get rid of that and rebuild it
+        http_request.path = http_request.path.split('?')[0]
+        http_request.path = http_request.path + '?' + qs
+
+
 class QuerySignatureHelper(HmacKeys):
     """
     Helper for Query signature based Auth handler.