o bi @sdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl Z ddl Z eeZejdefddZ dded ed eed ejfd d ZddZddZ dddZdddZdS)z< Helper functions for mTLS in async for discovery of certs. N)Optional) exceptionscontentc cst\}}z.t|d }||Wdn1swY|VWtj|r4t|dSdStj|rBt|ww)zCreates a temporary file with the given content. Args: content (bytes): The content to write to the file. Yields: str: The path to the temporary file. wbN)tempfilemkstemposfdopenwritepathexistsremove)rfd file_pathfrX/home/kim/smarthome/.venv/lib/python3.10/site-packages/google/auth/aio/transport/mtls.py_create_temp_file"s    r cert_bytes key_bytes passphrasereturncCst|O}t|:}z ttjj}|j|||d|WWdWdStjttt t fyB}zt d|d}~ww1sFwYWddS1sVwYdS)aCreates an SSLContext with the given client certificate and key. This function writes the certificate and key to temporary files so that ssl.create_default_context can load them, as the ssl module requires file paths for client certificates. These temporary files are deleted immediately after the SSL context is created. Args: cert_bytes (bytes): The client certificate content in PEM format. key_bytes (bytes): The client private key content in PEM format. passphrase (Optional[bytes]): The passphrase for the private key, if any. Returns: ssl.SSLContext: The configured SSL context with client certificate. Raises: google.auth.exceptions.TransportError: If there is an error loading the certificate. )certfilekeyfilepasswordNz3Failed to load client certificate and key for mTLS.) rsslcreate_default_contextPurpose SERVER_AUTHload_cert_chainSSLErrorOSErrorIOError ValueError RuntimeErrorrZTransportError)rrrZ cert_pathZkey_pathcontextexcrrrmake_client_cert_ssl_context8s(  4r'csRz tj|g|RIdHWSty(t}|jd|g|RIdHYSw)zRun a blocking function in an executor to avoid blocking the event loop. This implements the non-blocking execution strategy for disk I/O operations. N)asyncioZ to_threadAttributeErrorZget_running_loopZrun_in_executor)funcargslooprrr_run_in_executorYs r-cCs(tjjjjddstddd}|S)aGet a callback which returns the default client SSL credentials. Returns: Awaitable[Callable[[], Tuple[bytes, bytes]]]: A callback which returns the default client certificate bytes and private key bytes, both in PEM format. Raises: google.auth.exceptions.DefaultClientCertSourceError: If the default client SSL credentials don't exist or are malformed. F)Zinclude_context_awarez(Default client cert source doesn't existc sNztIdH\}}}W||fStttfy&}zt|}||d}~wwN)get_client_cert_and_keyr!r$r#rMutualTLSChannelError)_rrZ caught_excnew_excrrrcallbackys z,default_client_cert_source..callback)googleauth transportZmtlsZhas_default_client_cert_sourcerr0)r3rrrdefault_client_cert_sourcegs  r7cs8ttjjjj|dIdH\}}|r|rd||dfSdS)aReturns the client side certificate, private key and passphrase. We look for certificates and keys with the following order of priority: 1. Certificate and key specified by certificate_config.json. Currently, only X.509 workload certificates are supported. Args: certificate_config_path (str): The certificate_config.json file path. Returns: Tuple[bool, bytes, bytes, bytes]: A boolean indicating if cert, key and passphrase are obtained, the cert bytes and key bytes both in PEM format, and passphrase bytes. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert, key and passphrase. FNT)FNNN)r-r4r5r6Z _mtls_helperZ_get_workload_cert_and_key)Zcertificate_config_pathcertkeyrrrget_client_ssl_credentialss  r:csb|r"|}z |IdH\}}Wn ty|\}}Ynwd||fStIdH\}}}}|||fS)aReturns the client side certificate and private key. The function first tries to get certificate and key from client_cert_callback; if the callback is None or doesn't provide certificate and key, the function tries application default SSL credentials. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): An optional callback which returns client certificate bytes and private key bytes both in PEM format. Returns: Tuple[bool, bytes, bytes]: A boolean indicating if cert and key are obtained, the cert bytes and key bytes both in PEM format. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert and key. NT) TypeErrorr:)Zclient_cert_callbackresultr8r9Zhas_certr1rrrr/s    r/r.)__doc__r( contextlibloggingrrrtypingrZ google.authrZ"google.auth.transport._mtls_helperr4Zgoogle.auth.transport.mtls getLogger__name__Z_LOGGERcontextmanagerbytesr SSLContextr'r-r7r:r/rrrrs:    ! #