| Server IP : 162.144.4.212 / Your IP : 216.73.216.108 Web Server : Apache System : Linux gator2125.hostgator.com 5.14.0-162.23.1.9991722448259.nf.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jul 31 18:11:45 UTC 2024 x86_64 User : cozeellc ( 2980) PHP Version : 8.3.31 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/lib/python3.9/site-packages/oci/auth/__pycache__/ |
Upload File : |
a
�������f�I������������������� ���@���s����d�dl�mZ�d�dlmZ�d�dlmZ�d�dlmZ�d�dlm Z �d�dl
Z
d�dl
Z
d�dlmZ�d�dlZd�dlZd�dlZe
jjdg�g�g�d �dd
d
d
d
d��d�������ZG�dd��de�ZG�dd��de�ZG�dd��de�ZG�dd��de�Z
G�dd��de
�Z
dS�)�����)�x509)�default_backend)�requests)� HTTPError)�
ServiceErrorN)�sixT)���i���i���� ����
�����������)Zservice_error_checkZservice_error_retry_configZ
service_error_retry_on_any_5xxZ$retry_max_wait_between_calls_secondsZ
retry_base_sleep_time_secondsZ retry_exponential_growth_factorZtotal_elapsed_time_seconds����c�������������������@���sD���e�Zd�Zdd��Zdd��Zdd��Zdd��Zd d
��Zd
d
��Zd
d��Z dS�)�
AbstractCertificateRetrieverc�����������������K���s���d�d�d�d�|�_�d�S�)N)�
certificate�private_key_pem�
private_key��certificate_and_private_key��self�kwargs��r����B/usr/lib/python3.9/site-packages/oci/auth/certificate_retriever.py�__init__1���s�����z%AbstractCertificateRetriever.__init__c�����������������C���s
���t�d��d�S��Nz Subclasses should implement this��NotImplementedError�r���r���r���r����refresh9���s����z$AbstractCertificateRetriever.refreshc�����������������C���s
���t�d��d�S�r���r���r
���r���r���r���� get_certificate_and_private_key=���s����z<AbstractCertificateRetriever.get_certificate_and_private_keyc�����������������C���s
���t�d��d�S�r���r���r
���r���r���r����
get_certificate_as_certificateA���s����z;AbstractCertificateRetriever.get_certificate_as_certificatec�����������������C���s
���t�d��d�S�r���r���r
���r���r���r����get_certificate_rawE���s����z0AbstractCertificateRetriever.get_certificate_rawc�����������������C���s
���t�d��d�S�r���r���r
���r���r���r����get_private_key_pemI���s����z0AbstractCertificateRetriever.get_private_key_pemc�����������������C���s
���t�d��d�S�r���r���r
���r���r���r����get_private_keyM���s����z,AbstractCertificateRetriever.get_private_keyN)
�__name__�
__module__�
__qualname__r���r
���r ���r ���r!���r"���r#���r���r���r���r���r���0���s���r���c�����������������������sd���e�Zd�ZdZdZ��fdd�Zdd��Zdd��Zd d
��Zd
d
��Z d
d��Z
dd��Z
dd��Z
dd��Z
���ZS�)�
UrlBasedCertificateRetrievera���
A certificate retriever which reads PEM-format strings from URLs.
:param str certificate_url:
The URL from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate.
This is mandatory
:param str private_key_url: (optional)
The URL from which to retrieve the private key corresponding to certificate_url (if any). It is assumed that what we retrieve is the PEM-formatted string for
the private key.
:param str passphrase: (optional)
The passphrase of the private key (if any).
:param obj retry_strategy: (optional)
A retry strategy to use when retrieving the certificate and private key from the URLs provided to this class. This should be one of the strategies available in
the :py:mod:`~oci.retry` module. By default this retriever will not perform any retries.
:param bool log_requests: (optional)
log_request if set to True will log the request url and response data when retrieving
the certificate & corresponding private key (if there is one defined for this retriever)
**Note:** This class is used internally, it is not recommended for user's direct use.
i���c�����������������
���s���t�t|������d|vr
td��|d�|�_|�d�|�_|�d�|�_|�d�|�_t �
d�
t
t
|����|�_|�j�t �����|�d�r�d|�j_|�j�t j��nd |�j_|�jr�t|�jtj�r�|�j�d
�|�_t���|�_t�
��|�_
|�d
d��r�|�j
j
� |�d
���|�� ���d�S�)
NZcertificate_urlz6certificate_url must be supplied as a keyword argument�private_key_url�
passphrase�retry_strategyz{}.{}Z
log_requestsFT�ascii�headers)!�superr'���r���� TypeError�cert_url�getr(���r)���r*����loggingZ getLogger�formatr$����id�loggerZ
addHandlerZ
NullHandlerZdisabledZsetLevel�DEBUG�
isinstancer���� text_type�encode� threading�Lock�
_refresh_lockr���ZSession�requests_sessionr,����updater
���r����� __class__r���r���r���m���s(����
z%UrlBasedCertificateRetriever.__init__c�����������������C���sH���|�j�����z,|�jr"|�j�|�j��n|�����W�|�j�����n
|�j�����0�dS�)zp
Refresh the token by making a call to Identity for a new token.
Returns the new token.
N)r;����acquirer*���Zmake_retrying_call�_refresh_inner�releaser
���r���r���r���r
�������s
����
z$UrlBasedCertificateRetriever.refreshc�����������������C���s"���|�j�����|�j���}|�j�����|S��z]
Returns the certificate_and_private_key dictionary contained by this object
�r;���r@���r����copyrB���)r���Zret_valr���r���r���r �������s����
z<UrlBasedCertificateRetriever.get_certificate_and_private_keyc�����������������C���s"���|�����}|rt�|t���S�dS�dS�)�N
Retrieves the certificate as a cryptography.x509.Certificate
N)r!���r����load_pem_x509_certificater���)r���Zraw_certr���r���r���r �������s����z;UrlBasedCertificateRetriever.get_certificate_as_certificatec�����������������C���s&���|�j�����|�j���d�}|�j�����|S��zH
Retrieves a string containing the certificate contents
r���rD���)r���r���r���r���r���r!�������s����
z0UrlBasedCertificateRetriever.get_certificate_rawc�����������������C���s&���|�j�����|�j���d�}|�j�����|S�)zK
Retrievea a string containing the PEM-encoded private key
r���rD����r���r���r���r���r���r"�������s����
z0UrlBasedCertificateRetriever.get_private_key_pemc�����������������C���s&���|�j�����|�j���d�}|�j�����|S��zI
Retrieves the private key as a cryptography private key
r���rD���rI���r���r���r���r#�������s����
z,UrlBasedCertificateRetriever.get_private_keyc��������������
���C���s���ddl�}t���}|�j�d|�j���|�jj|�jddd�}|�j�d�t j
|j
|j
t
|j����|jd�d d
����z
|����W�n@�ty��}�z(t|jj
|j|jjt|���W�Y�d}~n
d}~0�0�|jj|�jd
d
�D�]}|�|��q�|����
��|�j
d
<�|�
���t |�j
d
�tj ��r |�j
d
��!d�|�j
d
<�|��"|�j
d
���|�j#�r�t���}|�j�d|�j#���|�jj|�j#ddd�}|�j�d�t j
|j
|j
t
|j����|jd�d d
����z
|����W�nB�t�y��}�z(t|jj
|j|jjt|���W�Y�d}~n
d}~0�0�|jj|�jd
d
�D�]}|�|���q�|����
��|�j
d<�|�
���t |�j
d�tj ��rT|�j
d��!d�|�j
d<�z |j$�%|�j
d�|�j&�|�j
d<�W�n*�|j'j(�y����t)d|�j
d�d��Y�n0�dS�)af��
Refreshes the certificate and its corresponding private key (if there is one defined for this retriever).
This method represents the unit of retrying for the certificate retriever. It is intentionally coarse
grained (e.g. if we retrieve the certificate but fail to retrieve the private key then we'll retry and
retrieve both the certificate and private key again) to try and best maintain consistency in the data.
For example, if we had separate retries for the certificate and the private key, in the scenario where
a certificate was successfully retrieved but the private key failed, the private key we successfully
retrieved upon retry may not relate to the certificate that we retrieved (e.g. because of rotation). This
is still a risk in coarse grained retries, but hopefully a smaller one.
r���Nz!Requesting certificate from : %s T)�
����<���)�stream�timeoutz(Receiving certificate response......
{}
)�
status_code�url�header�reason����)�indentF)Zdecode_contentr���r+���z!Requesting private key from : %s z(Receiving private key response......
{}
r���r�����certificate_type�certificate_raw)*�
oci.signerr����BytesIOr4����debugr/���r<���r0���r2����pprintZpformatrO���rP����dictr,����itemsrR���Zraise_for_statusr���r����response�errno�str�rawrM����READ_CHUNK_BYTES�write�getvalue�stripr����closer6���r7���r8���� _check_valid_certificate_stringr(����signer�load_private_keyr)����
exceptionsZInvalidPrivateKey�+InvalidCertificateFromInstanceMetadataError)r����ociZdownloaded_certificater^����e�chunkZdownloaded_private_key_rawr���r���r���rA�������sf����
��
2
��
2��z+UrlBasedCertificateRetriever._refresh_innerc�����������������C���s6���zt��|t����W�n
�ty0���td|d��Y�n0�dS�)a���
Determines whether a given string is a valid certificate. Valid in this context means that it
can be parsed into a cryptography.io X509 certificate object. If the string is not valid then
this method will throw an exception.
:param str certificate_string_to_check:
The certificate string to check. If it is valid then it should be a PEM-formatted string
and able to be parsed into a cryptography.io X509 certificate object
r���rU���N)r���rG���r����
ValueErrorrk���)r���Zcertificate_string_to_checkr���r���r���rg�����s����
�z<UrlBasedCertificateRetriever._check_valid_certificate_string)r$���r%���r&����__doc__rb���r���r
���r ���r ���r!���r"���r#���rA���rg����
__classcell__r���r���r>���r���r'���Q���s���
Fr'���c�����������������������sP���e�Zd�ZdZ��fdd�Zdd��Zdd��Zdd ��Zd
d
��Zd
d
��Z dd��Z
���Z
S�)�
PEMStringCertificateRetrievera?��
A certificate retriever which is provided PEM format strings directly. This retriever is non-refreshable, and calling refresh() is a no-op.
:param str certificate_pem:
The PEM-formatted string of the certificate. This is mandatory.
:param str private_key_pem (optional):
The PEM-formatted string of the private key corresponding to certificate_pem (if any).
:param str passphrase (optional):
The passphrase of the private key (if any).
**Note:** This class is used internally, it is not recommended for user's direct use.
c�����������������
���s����dd�l�}tt|������d|vr&td��t|d�tj�rL|d��d�|�j d<�n|d�|�j d<�d|v�r�|d�r�t|d�tj�r�|d��d�|�j d<�n|d�|�j d<�d|v�r�|d�r�|d��d�}nd�}|j
�
|�j d�|�|�j d<�d�S�) Nr����certificate_pemz6certificate_pem must be supplied as a keyword argumentr+���r���r���r)���r���)
rX���r-���rr���r���r.���r6���r���r7���r8���r���rh���ri���)r���r���rl���r)���r>���r���r���r���4��s$�����z&PEMStringCertificateRetriever.__init__c�����������������C���s���dS�)z�
Since these are just the string, there is no refresh as such. A new object should be created
if the strings change
Nr���r
���r���r���r���r
���Q��s����z%PEMStringCertificateRetriever.refreshc�����������������C���s
���|�j����S�rC���)r���rE���r
���r���r���r���r ���X��s����z=PEMStringCertificateRetriever.get_certificate_and_private_keyc�����������������C���s���t��|�jd�t���S�)rF���r���)r���rG���r���r���r
���r���r���r���r ���^��s����z<PEMStringCertificateRetriever.get_certificate_as_certificatec�����������������C���s
���|�j�d�S�rH���r���r
���r���r���r���r!���d��s����z1PEMStringCertificateRetriever.get_certificate_rawc�����������������C���s
���|�j�d�S�)zL
Retrieve a a string containing the PEM-encoded private key
r���r���r
���r���r���r���r"���j��s����z1PEMStringCertificateRetriever.get_private_key_pemc�����������������C���s
���|�j�d�S�rJ���r���r
���r���r���r���r#���p��s����z-PEMStringCertificateRetriever.get_private_key)
r$���r%���r&���rp���r���r
���r ���r ���r!���r"���r#���rq���r���r���r>���r���rr���$��s���
rr���c�����������������������s(���e�Zd�ZdZ��fdd�Zdd��Z���ZS�)�
FileBasedCertificateRetrievera/��
A specialization of PEMStringCertificateRetriever which reads certificates from a file. This retriever is non-refreshable, and calling refresh() is a no-op.
:param str certificate_file_path:
The file path from which to retrieve a certificate. It is assumed that what we retrieve is the PEM-formatted string for the certificate.
This is mandatory
:param str private_key_pem_file_path (optional):
The file path from which to retrieve the private key corresponding to certificate_file_path (if any). It is assumed that what we retrieve is the PEM-formatted string for
the private key.
:param str passphrase (optional):
The passphrase of the private key (if any).
**Note:** This class is used internally, it is not recommended for user's direct use.
c�����������������
���sb���d|vrt�d��d|v�r(|��|d��}nd�}|��|d��||�d�d�}tt|��jf�i�|���d�S�)NZcertificate_file_pathz<certificate_file_path must be supplied as a keyword argumentZprivate_key_pem_file_pathr)���)rs���r���r)���)r.����_load_data_from_filer0���r-���rt���r���)r���r���r���Zparent_class_kwargsr>���r���r���r������s����
�z&FileBasedCertificateRetriever.__init__c�����������������C���sH���t�j�|�}t|dd��
}|������}W�d�����n1�s:0����Y��|S�)N�rb)�mode)�os�path�
expanduser�open�readre���)r����filename�fZ cert_datar���r���r���ru������s����
*z2FileBasedCertificateRetriever._load_data_from_file)r$���r%���r&���rp���r���ru���rq���r���r���r>���r���rt���w��s���
rt���c�����������������������s
���e�Zd�Zd��fdd� Z���ZS�)rk���r���Nc��������������������s,���||�_�||�_tt|���d|�j|�j�d���d�S�)NzTInvalid certificate returned from instance metadata. Expected a PEM-formatted string)�messagerV���rW���)rW���rV���r-���rk���r���)r���rV���rW���r>���r���r���r������s����
�z4InvalidCertificateFromInstanceMetadataError.__init__)r���N)r$���r%���r&���r���rq���r���r���r>���r���rk������s���rk���) Z
cryptographyr���Z
cryptography.hazmat.backendsr���Z
oci._vendorr���Z oci._vendor.requests.exceptionsr���Zoci.exceptionsr���Z oci.retryrl���Zos.pathrx���r���r9���r1���r[���ZretryZRetryStrategyBuilderZadd_max_attemptsZadd_total_elapsed_timeZget_retry_strategyZ:INSTANCE_METADATA_URL_CERTIFICATE_RETRIEVER_RETRY_STRATEGY�objectr���r'���rr���rt���� Exceptionrk���r���r���r���r����<module>���s6���
��
�!�TS+