o bi+@sNdZddlmZddlmZddlmZdddZdd Zd d Z d d Z dS)zUtilites for mutual TLS.)getenv) exceptions) _mtls_helperTcCsN|r ttjdur dSttjdurdStd}|r%t|dur%dSdS)a2Check if default client SSL credentials exists on the device. Args: include_context_aware (bool): include_context_aware indicates if context_aware path location will be checked or should it be skipped. Returns: bool: indicating if the default client cert source exists. NTZGOOGLE_API_CERTIFICATE_CONFIGF)rZ_check_config_pathZCONTEXT_AWARE_METADATA_PATHZ&CERTIFICATE_CONFIGURATION_DEFAULT_PATHr)include_context_awareZcert_config_pathrT/home/kim/smarthome/.venv/lib/python3.10/site-packages/google/auth/transport/mtls.pyhas_default_client_cert_sources$  rcCs tdds tddd}|S)aGet a callback which returns the default client SSL credentials. Returns: Callable[[], [bytes, bytes]]: A callback which returns the default client certificate bytes and private key bytes, both in PEM format. Raises: google.auth.exceptions.DefaultClientCertSourceError: If the default client SSL credentials don't exist or are malformed. Trz(Default client cert source doesn't existc SsHz t\}}}W||fStttfy#}zt|}||d}~ww)N)rZget_client_cert_and_keyOSError RuntimeError ValueErrorrMutualTLSChannelError)_ cert_bytes key_bytes caught_excnew_excrrrcallbackGs z,default_client_cert_source..callbackrrr )rrrrdefault_client_cert_source7s  rcs&tdds tdfdd}|S)atGet a callback which returns the default encrpyted client SSL credentials. Args: cert_path (str): The cert file path. The default client certificate will be written to this file when the returned callback is called. key_path (str): The key file path. The default encrypted client key will be written to this file when the returned callback is called. Returns: Callable[[], [str, str, bytes]]: A callback which generates the default client certificate, encrpyted private key and passphrase. It writes the certificate and private key into the cert_path and key_path, and returns the cert_path, key_path and passphrase bytes. Raises: google.auth.exceptions.DefaultClientCertSourceError: If any problem occurs when loading or saving the client certificate and key. Tr z2Default client encrypted cert source doesn't existc sz@tjdd\}}}}td }||Wdn1s wYtd }||Wdn1s:wYWntjtfyW}zt|}||d}~ww|fS)NT)Zgenerate_encrypted_keywb)rZget_client_ssl_credentialsopenwriterZClientCertErrorr r )rrrZpassphrase_bytes cert_filekey_filerr cert_pathkey_pathrrrks(       z6default_client_encrypted_cert_source..callbackr)rrrrrr$default_client_encrypted_cert_sourceSs rcCstS)adReturns boolean for whether the client certificate should be used for mTLS. This is a wrapper around _mtls_helper.check_use_client_cert(). If GOOGLE_API_USE_CLIENT_CERTIFICATE is set to true or false, a corresponding bool value will be returned If GOOGLE_API_USE_CLIENT_CERTIFICATE is unset, the value will be inferred by reading a file pointed at by GOOGLE_API_CERTIFICATE_CONFIG, and verifying it contains a "workload" section. If so, the function will return True, otherwise False. Returns: bool: indicating whether the client certificate should be used for mTLS. )rZcheck_use_client_certrrrrshould_use_client_certsrN)T) __doc__osrZ google.authrZgoogle.auth.transportrrrrrrrrrs      -