o ɶd-@sddlmZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z mZmZddlmZmZddlmZmZddlmZdd lmZdd lmZddlZeeZd Z dd d Z!ddZ"ddZ#Gdddej$j%Z&Gdddej'j(Z)Gddde)Z*dS))absolute_importN)six)record_body_position_for_rewind rewind_body,back_up_body_calculate_stream_content_lengthread_stream_for_signing) httpsig_cffirequests)InvalidPrivateKeyMissingPrivateKeyPassphrase)UnsupportedAlgorithm)default_backend) serialization1cCsPtj|}tj|dd}|}Wdn1swYt||S)Nrb)mode)ospath expanduserioopenreadstripload_private_key)filename pass_phrasefZprivate_key_datar.usr/lib/python3.10/site-packages/oci/signer.pyload_private_key_from_files  r c Cst|tjr |d}t|tjr|d}t}z tj|||dWSty;|dur1tdtj|d|dYSt yftj tj tj fD]}z |||dWtdt t fyaYqIwtdw)zLoads a private key that may use a pass_phrase. Tries to correct or diagnose common errors: - provided pass_phrase but didn't need one - provided a public key ascii)backendNz'The provided key requires a passphrase.zEAuthentication requires a private key, but a public key was provided.zOThe provided key is not a private key, or the provided passphrase is incorrect.) isinstancerZ text_typeencoderrZload_pem_private_key TypeErrorr ValueErrorZload_der_public_keyZload_pem_public_keyZload_ssh_public_keyr r )Zsecretrr"loaderrrrr$s0      rc Cs|jdtjjdd|jdtjjj |j j t |j ds't |j dr.|jdd|jdd |rd |jvr|r|j pBd }t}t|tjrc|d }|jd tt|||ndt|ttfrp||nWt |dszt |drt|\}}|rt||}|dkrtd|jd t|t||}|stdn#tdt|} | d|_ || d|jd t| d|rt !|"} | #d } | |jd <dSdSdSdSdS)NdateT)usegmthostbufferr content-typezapplication/octet-streamzapplication/jsonx-content-sha256zutf-8content-lengthznUnable to read stream for signing! Please sign the stream yourself by using the custom header x-content-sha256z,Unable to rewind request body while signing!z=Stream cannot be rewound, trying to backup and sign the body!Z byte_contentcontent_length)$headers setdefaultemailutils formatdatermovesurllibparseurlparseurlnetlochasattrbodyhashlibsha256r#Z string_typesr$strlenupdatebytes bytearrayrrIOErrorrloggerwarningrgetbase64 b64encodedigestdecode) request sign_bodyenforce_content_headersr>mZis_body_rewindableZoriginal_positionr1Zis_rewind_successstreamZ base64digestZ base64stringrrrinject_missing_headersYsT           rSc@s"eZdZdZ ddZddZdS)_PatchedHeaderSignerzTSignature algorithm="rsa-sha256",headers="{}",keyId="{}",signature="%s",version="{}"cCsVd|_d|_d|_tjj|j|_||_|j|_ ||_ |j d ||t|_dS)Nrsar@ )Zsign_algorithmZhash_algorithm_hashr r5ZHASHESZ_rsahash _rsa_private public_key _rsa_publicr2HEADER_SIGNER_TEMPLATEformatjoinSIGNATURE_VERSIONsignature_template)selfkey_id private_keyr2rrr__init__s z_PatchedHeaderSigner.__init__cCs6d|_||_|j|_|jd|j|t|_ dS)NrV) rWrXrYrZr[r\r]r2r^r_)r`rarbrrr reset_signers z!_PatchedHeaderSigner.reset_signerN)__name__ __module__ __qualname__r[rcrdrrrrrTs  rTc@s<eZdZddZddZd ddZd dd Zed d Zd S)AbstractBaseSignercCs(t|||d|_t||||d|_dS)N)rarbr2)rT _basic_signer _body_signer)r`api_keyrbgeneric_headers body_headersrrrcreate_signerss z!AbstractBaseSigner.create_signerscCs$|j}|dvrtd|dS)N)rIheaddeleteputpostpatchz&Don't know how to sign request verb {})methodlowerr&r\)r`rNverbrrrvalidate_requests z#AbstractBaseSigner.validate_requestTcCsz|j}|dv}|r|r|j}n |j}|jddt||||j|jtj j j |j j|j|jd}|j||S)N)rqrrrszTransfer-Encoding)r*rtr)rtrurjrir2poprSsignrr7r8r9r:r;r<Zpath_urlrC)r`rNrPrvrOZsignerZsigned_headersrrrdo_request_signs   z"AbstractBaseSigner.do_request_signcCs|||||SN)rwrz)r`rNrPrrr__call__s  zAbstractBaseSigner.__call__cCstj|ddS)NF)rP) functoolspartial)r`rrrwithout_content_headerssz*AbstractBaseSigner.without_content_headersN)T) rerfrgrnrwrzr|propertyrrrrrrhs  rhc@s&eZdZdZdddZeddZdS)Signera A requests auth instance that can be reused across requests. This signer is intended to be used when signing requests for a given user and it requires that user's ID, their private key and cerificate fingerprint. The private key can be sourced from a file (private_key_file_location) or the PEM string can be provided directly (private_key_content). The headers to be signed by this signer are not customizable. You can manually sign calls by creating an instance of the signer, and providing it as the ``auth`` argument to Requests functions: .. code-block:: python import requests from oci import Signer auth = Signer(...) resp = requests.get("https://...", auth=auth) Nc Cs\|d|d||_|rt|||_nt|||_gd}gd}||j|j||dS)N/)r(z(request-target)r*)r/r,r-)rkrrbr rn) r`tenancyuser fingerprintprivate_key_file_locationrprivate_key_contentrlrmrrrrcs zSigner.__init__c CsDddlm}||t|d|d|d|d|d|dd S) Nr)validate_configrrrZkey_filerZ key_content)rrr)configrrrI)rrrrr from_configs zSigner.from_config)NN)rerfrg__doc__rc staticmethodrrrrrrs   rr{)+ __future__rrJ email.utilsr4r?rr}rZ oci._vendorrZoci.utilrrrr_vendorr r exceptionsr r Zcryptography.exceptionsr Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrlogging getLoggerrerGr^r rrSryZ HeaderSignerrTZauthZAuthBaserhrrrrrs.       55!1