o g$@s$dZddlZddlZddlmZddlmZddlmZm Z m Z m Z ddl m Z ddlmZer6dd lmZzdd lmZdd lmZmZdd lmZdd lmZWn ey_e ddwz ddlmZmZWn eywe ddwddl mZdZ dZ!dZ"dZ#dZ$GdddeZ%dS)zOCI Authentication Plugin.N) b64encode)Path) TYPE_CHECKINGAnyDictOptional)errors)logger) MySQLSocket)UnsupportedAlgorithm)hashes serialization)padding)PRIVATE_KEY_TYPESz'Package 'cryptography' is not installed)config exceptionszGPackage 'oci' (Oracle Cloud Infrastructure Python SDK) is not installed)MySQLAuthPluginMySQLOCIAuthPlugini(z0Ephemeral security token is too large (10KB max)zGEphemeral security token file ('security_token_file') could not be readzKOCI configuration file does not contain a 'fingerprint' or 'key_file' entryc@seZdZUdZdZeed<dZeed<e j Z eed<e de deeefd efd d Ze d ed efd dZd eeeffddZed efddZed efddZde ded ee fddZddde ded e fddZdS)rz2Implement the MySQL OCI IAM authentication plugin.NcontextDEFAULToci_config_profileoci_config_file signature oci_configreturnc Cst|}|d|d}|drCzt|d}|jtkr%tt |j dd|d<Wnt t fyB}ztt |d}~wwtj|dd S) a=Prepare client's authentication response Prepares client's authentication response in JSON format Args: signature (bytes): server's nonce to be signed by client. oci_config (dict): OCI configuration object. Returns: str: JSON string with the following format: {"fingerprint": str, "signature": str, "token": base64.base64.base64} Raises: ProgrammingError: If the ephemeral security token file can't be open or the token is too large. fingerprint)rrsecurity_token_filezutf-8)encodingtokenN),:) separators)rdecodegetrstatst_sizeOCI_SECURITY_TOKEN_MAX_SIZEr ProgrammingErrorOCI_SECURITY_TOKEN_TOO_LARGE read_textOSError UnicodeError%OCI_SECURITY_TOKEN_FILE_NOT_AVAILABLEjsondumps)rr signature_64 auth_responsererrr4k/var/www/html/api-tag/env/lib/python3.10/site-packages/mysql/connector/plugins/authentication_oci_client.py_prepare_auth_responseQs&   z)MySQLOCIAuthPlugin._prepare_auth_responsekey_pathc Csz'ttj|d}tj|dd}WdW|S1s wYW|Sttt t fyB}z t d|d|d}~ww)z+Get the private_key form the given locationrbN)passwordz2An error occurred while reading the API_KEY from "z": ) openospath expanduserrload_pem_private_keyread TypeErrorr, ValueErrorr r r))r7key_file private_keyr3r4r4r5_get_private_keyys(   z#MySQLOCIAuthPlugin._get_private_keyc Csg}ddddd}i}z>t|jptj|jpd}|D]*\}}z||r7|||s7|d|dWqtyI|d|YqwWn#tj tj tj tj tj fyn}z |t|WYd }~nd }~ww|r}td |jd ||S) z=Get a valid OCI config from the given configuration file pathcSs t|dkS)N )lenxr4r4r5s z:MySQLOCIAuthPlugin._get_valid_oci_config..cSstjtj|S)N)r;r<existsr=rGr4r4r5rIs)rrBrz Parameter "z " is invalidzDoes not contain parameter NzInvalid oci-config-file: z. Errors found: )r from_filerDEFAULT_LOCATIONritemsappendKeyErrorrConfigFileNotFound InvalidConfigInvalidKeyFilePathInvalidPrivateKeyProfileNotFoundstrr r))self error_listreq_keysrreq_key req_valuer3r4r4r5_get_valid_oci_configsH     z(MySQLOCIAuthPlugin._get_valid_oci_configcCdS)zPlugin official name.authentication_oci_clientr4rVr4r4r5namezMySQLOCIAuthPlugin.namecCr\)z'Signals whether or not SSL is required.Fr4r^r4r4r5 requires_sslr`zMySQLOCIAuthPlugin.requires_ssl auth_datakwargscKs^td|t||}||d}||tt }| ||}td|| S)z-Prepare authentication string for the server.zserver nonce: %s, len %drBzauthentication response: %s) r debugrFr[rDsignrPKCS1v15r SHA256r6encode)rVrbrcrrCrr2r4r4r5r2s  z MySQLOCIAuthPlugin.auth_responsesockr cKs|dd|_|dtj|_td|j|j|fi|}|dur(t dtd|t || || }td|t |S) aSHandles server's `auth switch request` response. Args: sock: Pointer to the socket connection. auth_data: Plugin provided data (extracted from a packet representing an `auth switch request` response). kwargs: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: packet: Last server's response after back-and-forth communication. rrrz!# oci configuration file path: %sNzGot a NULL auth responsez# request: %s size: %sz# server response packet: %s)r%rrrLrr rdr2r InterfaceErrorrFsendrecvbytes)rVrirbrcresponsepacketr4r4r5auth_switch_responses   z'MySQLOCIAuthPlugin.auth_switch_response)__name__ __module__ __qualname____doc__rr__annotations__rrUrrLr staticmethodrmrr6rrDr[propertyr_boolrarr2rpr4r4r4r5rJs0    '( )&rtr/r;base64rpathlibrtypingrrrrr r networkr cryptography.exceptionsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricr/cryptography.hazmat.primitives.asymmetric.typesr ImportErrorr)ocirrrAUTHENTICATION_PLUGIN_CLASSr(r*r.OCI_PROFILE_MISSING_PROPERTIESrr4r4r4r5sH