p[i dZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl Z ddl Z ejeZej"defdZ ddeded eed ej(fd Zd Zd Z ddZddZy)z< Helper functions for mTLS in async for discovery of certs. N)Optional) exceptionscontentc#Ktj\}} tj|d5}|j |ddd|tj j |rtj|yy#1swYCxYw#tj j |rtj|wwxYww)zCreates a temporary file with the given content. Args: content (bytes): The content to write to the file. Yields: str: The path to the temporary file. wbN)tempfilemkstemposfdopenwritepathexistsremove)rfd file_pathfs W/mnt/data/GridWatch/venv/lib/python3.12/site-packages/google/auth/aio/transport/mtls.py_create_temp_filer"s$$&MB ! YYr4  A GGG   77>>) $ IIi  %    77>>) $ IIi  %s3C BB B6C B B7CC  cert_bytes key_bytes passphrasereturnc t|5}t|5} tjtjj}|j ||||cdddcdddS#tj ttttf$r}tjd|d}~wwxYw#1swYnxYwdddy#1swYyxYw)aCreates an SSLContext with the given client certificate and key. This function writes the certificate and key to temporary files so that ssl.create_default_context can load them, as the ssl module requires file paths for client certificates. These temporary files are deleted immediately after the SSL context is created. Args: cert_bytes (bytes): The client certificate content in PEM format. key_bytes (bytes): The client private key content in PEM format. passphrase (Optional[bytes]): The passphrase for the private key, if any. Returns: ssl.SSLContext: The configured SSL context with client certificate. Raises: google.auth.exceptions.TransportError: If there is an error loading the certificate. )certfilekeyfilepasswordNz3Failed to load client certificate and key for mTLS.) rsslcreate_default_contextPurpose SERVER_AUTHload_cert_chainSSLErrorOSErrorIOError ValueError RuntimeErrorrTransportError)rrr cert_pathkey_pathcontextexcs rmake_client_cert_ssl_contextr,8s$ : & )5F6   001H1HIG  # #"Hz $     gw LI ++E       s@ C B5AA/ C /(B2B--B22B55B> :C  CcK tj|g|d{S7#t$r4tj}|jd|g|d{7cYSwxYww)zRun a blocking function in an executor to avoid blocking the event loop. This implements the non-blocking execution strategy for disk I/O operations. N)asyncio to_threadAttributeErrorget_running_looprun_in_executor)funcargsloops r_run_in_executorr6Ysc =&&t3d3333 =''))T))$.callbackys^ *-D-F'F $Az9 9$$ (Gz2 * 66zBGz ) *s0A  A AA  AA)googleauth transportmtlshas_default_client_cert_sourcerr<)r@s rdefault_client_cert_sourcerFgsO ;; % % D D# E .. 6  % OcKttjjjj |dd{\}}|r|rd||dfSy7w)aReturns the client side certificate, private key and passphrase. We look for certificates and keys with the following order of priority: 1. Certificate and key specified by certificate_config.json. Currently, only X.509 workload certificates are supported. Args: certificate_config_path (str): The certificate_config.json file path. Returns: Tuple[bool, bytes, bytes, bytes]: A boolean indicating if cert, key and passphrase are obtained, the cert bytes and key bytes both in PEM format, and passphrase bytes. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert, key and passphrase. FNT)FNNN)r6rArBrC _mtls_helper_get_workload_cert_and_key)certificate_config_pathcertkeys rget_client_ssl_credentialsrNsX.' **EE ID#  T3$$ "s=AAAcK|r|} |d{\}}d||fStd{\}}}}|||fS7(#t$r|\}}Y3wxYw7$w)aReturns the client side certificate and private key. The function first tries to get certificate and key from client_cert_callback; if the callback is None or doesn't provide certificate and key, the function tries application default SSL credentials. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): An optional callback which returns client certificate bytes and private key bytes both in PEM format. Returns: Tuple[bool, bytes, bytes]: A boolean indicating if cert and key are obtained, the cert bytes and key bytes both in PEM format. Raises: google.auth.exceptions.ClientCertError: if problems occurs when getting the cert and key. NT) TypeErrorrN)client_cert_callbackresultrLrMhas_certr=s rr;r;su(%' $ ID#T3#=#??HdC T3  % ID# @s; A=;=AAA=A A AAr:)__doc__r. contextlibloggingr rrtypingr google.authr"google.auth.transport._mtls_helperrAgoogle.auth.transport.mtls getLogger__name___LOGGERcontextmanagerbytesr SSLContextr,r6rFrNr;rGrrbs ")! '  H % !u!!,HL"'5=e_^^B =>! #FrG