U 4Je3@sdZddlZddlZddlmZddlmZddlmZm Z m Z ddl m Z ddl m Z z8dd lmZdd lmZmZdd lmZdd lmZWn ek re d dYnXzddlmZmZWn ek re ddYnXddl mZdZdZdZdZ dZ!GdddeZ"dS)zOCI Authentication Plugin.N) b64encode)Path)AnyDictOptional)errors)logger)UnsupportedAlgorithm)hashes serialization)padding)PRIVATE_KEY_TYPESz'Package 'cryptography' is not installed)config exceptionszGPackage 'oci' (Oracle Cloud Infrastructure Python SDK) is not installed)BaseAuthPluginMySQLOCIAuthPlugini(z0Ephemeral security token is too large (10KB max)zGEphemeral security token file ('security_token_file') could not be readzKOCI configuration file does not contain a 'fingerprint' or 'key_file' entryc@seZdZUdZdZeed<dZeed<dZ e ed<dZ eed <e j Zeed <eeeee fed d d ZeeedddZeee fdddZdeeedddZdS)rz2Implement the MySQL OCI IAM authentication plugin.Zauthentication_oci_client plugin_nameF requires_sslNcontextDEFAULToci_config_profileoci_config_file) signature oci_configreturnc Cst|}|d|d}|drz8t|d}|jtkrJtt |j dd|d<Wn2t t fk r}ztt |W5d}~XYnXtj|dd S) a=Prepare client's authentication response Prepares client's authentication response in JSON format Args: signature (bytes): server's nonce to be signed by client. oci_config (dict): OCI configuration object. Returns: str: JSON string with the following format: {"fingerprint": str, "signature": str, "token": base64.base64.base64} Raises: ProgrammingError: If the ephemeral security token file can't be open or the token is too large. fingerprint)rrsecurity_token_filezutf-8)encodingtokenN),:) separators)rdecodegetrstatst_sizeOCI_SECURITY_TOKEN_MAX_SIZErProgrammingErrorOCI_SECURITY_TOKEN_TOO_LARGE read_textOSError UnicodeError%OCI_SECURITY_TOKEN_FILE_NOT_AVAILABLEjsondumps)rrZ signature_64 auth_responsererrr3U/tmp/pip-unpacked-wheel-7_167w8m/mysql/connector/plugins/authentication_oci_client.py_prepare_auth_responsePs"   z)MySQLOCIAuthPlugin._prepare_auth_response)key_pathrc Cszz4ttj|d}tj|dd}W5QRXWn@ttt t fk rt}zt d|d|W5d}~XYnX|S)z+Get the private_key form the given locationrbN)passwordz2An error occurred while reading the API_KEY from "z": ) openospath expanduserr Zload_pem_private_keyread TypeErrorr, ValueErrorr rr))r6key_file private_keyr2r3r3r4_get_private_keyxsz#MySQLOCIAuthPlugin._get_private_key)rc Csg}ddddd}i}zt|jp*tj|jp2d}|D]X\}}z*||rn|||sn|d|dWq>tk r|d|Yq>Xq>WnDtj tj tj tj tj fk r}z|t|W5d }~XYnX|rtd |jd ||S) z=Get a valid OCI config from the given configuration file pathcSs t|dkS)N )lenxr3r3r4z:MySQLOCIAuthPlugin._get_valid_oci_config..cSstjtj|S)N)r:r;existsr<rEr3r3r4rGrH)rr@rz Parameter "z " is invalidzDoes not contain parameter NzInvalid oci-config-file: z. Errors found: )r from_filerDEFAULT_LOCATIONritemsappendKeyErrorrZConfigFileNotFoundZ InvalidConfigZInvalidKeyFilePathZInvalidPrivateKeyZProfileNotFoundstrrr))selfZ error_listZreq_keysrZreq_keyZ req_valuer2r3r3r4_get_valid_oci_configs:  z(MySQLOCIAuthPlugin._get_valid_oci_config) auth_datarcCsdtd|jt|j|}||d}||jtt }| ||}td|| S)z-Prepare authentication string for the server.zserver nonce: %s, len %dr@zauthentication response: %s) r debugZ _auth_datarDrQrBsignr ZPKCS1v15r SHA256r5encode)rPrRrrArr1r3r3r4r1s  z MySQLOCIAuthPlugin.auth_response)N)__name__ __module__ __qualname____doc__rrO__annotations__rboolrrrrrKr staticmethodbytesrr5rrBrQrr1r3r3r3r4rGs     '()#rZr/r:base64rpathlibrtypingrrrrr Zcryptography.exceptionsr Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr Z/cryptography.hazmat.primitives.asymmetric.typesr ImportErrorr)ZocirrrZAUTHENTICATION_PLUGIN_CLASSr(r*r.ZOCI_PROFILE_MISSING_PROPERTIESrr3r3r3r4s>