U ØÄ/j‘ã@s¾dZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddlZddl Ze e¡Zejedœdd„ƒZdeeeeejdœd d „Zdd„Zd d„Zddd„Zddd„ZdS)z< Helper functions for mTLS in async for discovery of certs. éN)ÚOptional)Ú exceptions)Úcontentc csVt ¡\}}z,t |d¡}| |¡W5QRX|VW5tj |¡rPt |¡XdS)zµCreates a temporary file with the given content. Args: content (bytes): The content to write to the file. Yields: str: The path to the temporary file. ÚwbN)ÚtempfileÚmkstempÚosÚpathÚexistsÚremoveÚfdopenÚwrite)rÚfdÚ file_pathÚf©rúB/tmp/pip-unpacked-wheel-l8yytoim/google/auth/aio/transport/mtls.pyÚ_create_temp_file"s r)Ú cert_bytesÚ key_bytesÚ passphraseÚreturncCs¤t|ƒ’}t|ƒ~}z.callback)ÚgoogleÚauthÚ transportZmtlsZhas_default_client_cert_sourcerr.)r1rrrÚdefault_client_cert_sourcegs ÿÿ r5cÃs6ttjjjj|dƒIdH\}}|r2|r2d||dfSdS)a×Returns the client side certificate, private key and passphrase. We look for certificates and keys with the following order of priority: 1. Certificate and key specified by certificate_config.json. Currently, only X.509 workload certificates are supported. Args: certificate_config_path (str): The certificate_config.json file path. Returns: Tuple[bool, bytes, bytes, bytes]: A boolean indicating if cert, key and passphrase are obtained, the cert bytes and key bytes both in PEM format, and passphrase bytes. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert, key and passphrase. FNT)FNNN)r,r2r3r4Z_mtls_helperZ_get_workload_cert_and_key)Zcertificate_config_pathÚcertÚkeyrrrÚget_client_ssl_credentials…s ýr8cÃsb|rD|ƒ}z|IdH\}}Wntk r8|\}}YnXd||fStƒIdH\}}}}|||fS)aReturns the client side certificate and private key. The function first tries to get certificate and key from client_cert_callback; if the callback is None or doesn't provide certificate and key, the function tries application default SSL credentials. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): An optional callback which returns client certificate bytes and private key bytes both in PEM format. Returns: Tuple[bool, bytes, bytes]: A boolean indicating if cert and key are obtained, the cert bytes and key bytes both in PEM format. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert and key. NT)Ú TypeErrorr8)Zclient_cert_callbackÚresultr6r7Zhas_certr/rrrr-¨s r-)N)N)N)Ú__doc__r(Ú contextlibÚloggingrrrÚtypingrZgoogle.authrZ"google.auth.transport._mtls_helperr2Zgoogle.auth.transport.mtlsÚ getLoggerÚ__name__Z_LOGGERÚcontextmanagerÚbytesrÚ SSLContextr'r,r5r8r-rrrrÚs2 ÿþ!ÿ #