U Tc @sdZddlZddlZddlZddlZddlZddlZddlZddlm Z e e Z e ejeejeejeejejZddZddZdd Zd d Zd d ZddZGdddeZdS)z] Code for configuring client side TLS to offload the signing operation to signing libraries. N) exceptionscCstttd|tjS)NZintptr_t)ctypescastintcffiZFFIc_void_p)Zssl_ctxrL/tmp/pip-unpacked-wheel-hwewmx0w/google/auth/transport/_custom_tls_signer.py_cast_ssl_ctx_to_void_p2sr cCsXtd|tjdkr.tjdkr.tj|ddnt|}ttj tj g|j _ tj |j _|S)Nzloading offload library from %sntrwinmode)_LOGGERdebugsys version_infoosnamerCDLLSIGN_CALLBACK_CTYPEc_char_prConfigureSslContextargtypesc_intrestype)Zoffload_lib_pathlibrrr load_offload_lib7s   rcCstd|tjdkr.tjdkr.tj|ddnt|}tjtjtj g|j _ tj |j _ tjtjtj tjtj g|j _ tj |j _ |S)Nzloading signer library from %sr rrr)rrrrrrrrrrGetCertPemForPythonrr SignForPython)Zsigner_lib_pathrrrr load_signer_libOs"   r"cCs8ddlm}t||}||}|||S)Nr)hashes)Zcryptography.hazmat.primitivesr#r string_atZHashSHA256updatefinalize)Z to_be_signedZto_be_signed_lenr#datahashrrr _compute_sha256_digestps    r*csfdd}t|S)Nc stdt||}tjt|}d}t|}| t |t|||}|dkr`dS||d<t |} t |D]} | | || <qxdS)Nzcalling sign callback...ir) rrr*rc_charlencreate_string_bufferr!encode from_buffer bytearrayrange) sigZsig_lenZtbsZtbs_lendigestZ digestArrayZsig_holder_lenZ sig_holderZ signature_lenbsiconfig_file_path signer_librr sign_callback|s&     z(get_sign_callback..sign_callback)r)r9r8r:rr7r get_sign_callback{sr;cCsH||dd}|dkr$tdt|}||||t|S)Nrzfailed to get certificate)r r/rMutualTLSChannelErrorrr.bytes)r9r8Zcert_lenZ cert_holderrrr get_certs  r>c@s,eZdZddZddZddZddZd S) CustomTlsSignercCs||_d|_d|_dS)a This class loads the offload and signer library, and calls APIs from these libraries to obtain the cert and a signing callback, and attach them to SSL context. The cert and the signing callback will be used for client authentication in TLS handshake. Args: enterprise_cert_file_path (str): the path to a enterprise cert JSON file. The file should contain the following field: { "libs": { "ecp_client": "...", "tls_offload": "..." } } N)_enterprise_cert_file_path_cert_sign_callback)selfZenterprise_cert_file_pathrrr __init__szCustomTlsSigner.__init__c Csz>t|jd(}t|}|d}|d}|d}W5QRXWn>ttfk r|}ztd|}t ||W5d}~XYnXt ||_ t ||_ dS)NrlibsZ ecp_clientZ tls_offloadzenterprise cert file is invalid)openr@jsonloadKeyError ValueErrorrr<six raise_fromr _offload_libr" _signer_lib)rCfZenterprise_cert_jsonrFZsigner_libraryZoffload_libraryZ caught_excnew_excrrr load_librariess  zCustomTlsSigner.load_librariescCs$t|j|j|_t|j|j|_dS)N)r>rOr@rAr;rB)rCrrr set_up_custom_keys z!CustomTlsSigner.set_up_custom_keycCs0|j|jt|jt|jjs,t ddS)Nzfailed to configure SSL context) rNrrBrrrAr Z_ctx_contextrr<)rCctxrrr attach_to_ssl_contexts   z%CustomTlsSigner.attach_to_ssl_contextN)__name__ __module__ __qualname__rDrRrSrVrrrr r?sr?)__doc__rrHloggingrrrrLZ google.authr getLoggerrWr CFUNCTYPErPOINTERc_ubytec_size_trr rr"r*r;r>objectr?rrrr s.      ! &