a lJh$@s,dZddlZddlZddlmZddlmZddlmZm Z m Z m Z ddl m Z ddlmZerldd lmZz8dd lmZdd lmZmZdd lmZdd lmZWneye ddYn0zddlmZmZWneye ddYn0ddl mZdZ dZ!dZ"dZ#dZ$GdddeZ%dS)zOCI Authentication Plugin.N) b64encode)Path) TYPE_CHECKINGAnyDictOptional)errors)logger) MySQLSocket)UnsupportedAlgorithm)hashes serialization)padding)PRIVATE_KEY_TYPESz'Package 'cryptography' is not installed)config exceptionszGPackage 'oci' (Oracle Cloud Infrastructure Python SDK) is not installed)MySQLAuthPluginMySQLOCIAuthPlugini(z0Ephemeral security token is too large (10KB max)zGEphemeral security token file ('security_token_file') could not be readzKOCI configuration file does not contain a 'fingerprint' or 'key_file' entryc@seZdZUdZdZeed<dZeed<e j Z eed<e e eeefeddd Ze eed d d Zeeefd ddZeed ddZeed ddZe eee dddZde ee dddZdS)rz2Implement the MySQL OCI IAM authentication plugin.NcontextDEFAULToci_config_profileoci_config_file) signature oci_configreturnc Cst|}|d|d}|drz8t|d}|jtkrJtt |j dd|d<Wn4t t fy}ztt |WYd}~n d}~00tj|dd S) a=Prepare client's authentication response Prepares client's authentication response in JSON format Args: signature (bytes): server's nonce to be signed by client. oci_config (dict): OCI configuration object. Returns: str: JSON string with the following format: {"fingerprint": str, "signature": str, "token": base64.base64.base64} Raises: ProgrammingError: If the ephemeral security token file can't be open or the token is too large. fingerprint)rrsecurity_token_filezutf-8)encodingtokenN),:) separators)rdecodegetrstatst_sizeOCI_SECURITY_TOKEN_MAX_SIZEr ProgrammingErrorOCI_SECURITY_TOKEN_TOO_LARGE read_textOSError UnicodeError%OCI_SECURITY_TOKEN_FILE_NOT_AVAILABLEjsondumps)rrZ signature_64 auth_responsererrr3c/var/www/shaz/venv/lib/python3.9/site-packages/mysql/connector/plugins/authentication_oci_client.py_prepare_auth_responseQs"   z)MySQLOCIAuthPlugin._prepare_auth_response)key_pathrc CszHttj|d"}tj|dd}Wdn1s<0YWnBttt t fy}z"t d|d|WYd}~n d}~00|S)z+Get the private_key form the given locationrbN)passwordz2An error occurred while reading the API_KEY from "z": ) openospath expanduserrZload_pem_private_keyread TypeErrorr, ValueErrorr r r))r6key_file private_keyr2r3r3r4_get_private_keyys(z#MySQLOCIAuthPlugin._get_private_key)rc Csg}ddddd}i}z~t|jp*tj|jp2d}|D]V\}}z*||rn|||sn|d|dWq>ty|d|Yq>0q>WnFtj tj tj tj tj fy}z|t|WYd }~n d }~00|rtd |jd ||S) z=Get a valid OCI config from the given configuration file pathcSs t|dkS)N )lenxr3r3r4z:MySQLOCIAuthPlugin._get_valid_oci_config..cSstjtj|S)N)r:r;existsr<rEr3r3r4rGrH)rr@rz Parameter "z " is invalidzDoes not contain parameter NzInvalid oci-config-file: z. Errors found: )r from_filerDEFAULT_LOCATIONritemsappendKeyErrorrZConfigFileNotFoundZ InvalidConfigZInvalidKeyFilePathZInvalidPrivateKeyZProfileNotFoundstrr r))selfZ error_listZreq_keysrZreq_keyZ req_valuer2r3r3r4_get_valid_oci_configs>   $ z(MySQLOCIAuthPlugin._get_valid_oci_configcCsdS)zPlugin official name.Zauthentication_oci_clientr3rPr3r3r4nameszMySQLOCIAuthPlugin.namecCsdS)z'Signals whether or not SSL is required.Fr3rRr3r3r4 requires_sslszMySQLOCIAuthPlugin.requires_ssl) auth_datakwargsrcKs^td|t||}||d}||tt }| ||}td|| S)z-Prepare authentication string for the server.zserver nonce: %s, len %dr@zauthentication response: %s) r debugrDrQrBsignrZPKCS1v15r SHA256r5encode)rPrUrVrrArr1r3r3r4r1s  z MySQLOCIAuthPlugin.auth_responser )sockrUrVrcKs|dd|_|dtj|_td|j|j|fi|}|durPt dtd|t || || }td|t |S) aSHandles server's `auth switch request` response. Args: sock: Pointer to the socket connection. auth_data: Plugin provided data (extracted from a packet representing an `auth switch request` response). kwargs: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: packet: Last server's response after back-and-forth communication. rrrz!# oci configuration file path: %sNzGot a NULL auth responsez# request: %s size: %sz# server response packet: %s)r%rrrKrr rWr1r ZInterfaceErrorrDsendrecvbytes)rPr[rUrVresponsepacketr3r3r4auth_switch_responses   z'MySQLOCIAuthPlugin.auth_switch_response)__name__ __module__ __qualname____doc__rr__annotations__rrOrrKr staticmethodr^rr5rrBrQpropertyrSboolrTrr1rar3r3r3r4rJs"   '()&rer/r:base64rpathlibrtypingrrrrr r networkr Zcryptography.exceptionsr Zcryptography.hazmat.primitivesr rZ)cryptography.hazmat.primitives.asymmetricrZ/cryptography.hazmat.primitives.asymmetric.typesr ImportErrorr)ZocirrrZAUTHENTICATION_PLUGIN_CLASSr(r*r.ZOCI_PROFILE_MISSING_PROPERTIESrr3r3r3r4sB