a-h$^dZddlZddlZddlmZddlmZddlmZm Z m Z m Z ddl m Z ddlmZerdd lmZ dd lmZdd lmZmZdd lmZdd lmZ ddlmZmZddl mZdZ dZ!dZ"dZ#dZ$GddeZ%y#e$re j6ddwxYw#e$re j6ddwxYw)zOCI Authentication Plugin.N) b64encode)Path) TYPE_CHECKINGAnyDictOptional)errors)logger) MySQLSocket)UnsupportedAlgorithm)hashes serialization)padding)PRIVATE_KEY_TYPESz'Package 'cryptography' is not installed)config exceptionszGPackage 'oci' (Oracle Cloud Infrastructure Python SDK) is not installed)MySQLAuthPluginMySQLOCIAuthPlugini(z0Ephemeral security token is too large (10KB max)zGEphemeral security token file ('security_token_file') could not be readzKOCI configuration file does not contain a 'fingerprint' or 'key_file' entryceZdZUdZdZeed<dZeed<e jZ eed<e de deeefd efd Ze d ed efd Zd eeeffd Zed efdZed efdZde ded ee fdZddde ded e fdZy)rz2Implement the MySQL OCI IAM authentication plugin.NcontextDEFAULToci_config_profileoci_config_file signature oci_configreturnct|}|d|jd}|jdr^ t|d}|j j t kDrtjt|jd|d<tj|d S#ttf$r}tjt|d}~wwxYw) a=Prepare client's authentication response Prepares client's authentication response in JSON format Args: signature (bytes): server's nonce to be signed by client. oci_config (dict): OCI configuration object. Returns: str: JSON string with the following format: {"fingerprint": str, "signature": str, "token": base64.base64.base64} Raises: ProgrammingError: If the ephemeral security token file can't be open or the token is too large. fingerprint)r rsecurity_token_filezutf-8)encodingtokenN),:) separators)rdecodegetrstatst_sizeOCI_SECURITY_TOKEN_MAX_SIZEr ProgrammingErrorOCI_SECURITY_TOKEN_TOO_LARGE read_textOSError UnicodeError%OCI_SECURITY_TOKEN_FILE_NOT_AVAILABLEjsondumps)rr signature_64 auth_responser!errs w/var/www/core.comfia.cic-ware.com/crm/lib/python3.12/site-packages/mysql/connector/plugins/authentication_oci_client.py_prepare_auth_responsez)MySQLOCIAuthPlugin._prepare_auth_responseQs"!+ %m4%,,.  >>/ 0 &*:6K+L&M#&++-558SS 112NOO)<)F)FPW)F)X g& zz-J?? \* --9 sAB((C7CCkey_pathcH ttjj|d5}t j |j d}ddd|S#1swYSxYw#ttttf$r }tjd|d|d}~wwxYw)z+Get the private_key form the given locationrbN)passwordz2An error occurred while reading the API_KEY from "z": ) openospath expanduserrload_pem_private_keyread TypeErrorr/ ValueErrorr r r,)r9key_file private_keyr6s r7_get_private_keyz#MySQLOCIAuthPlugin._get_private_keyys bgg((2D9 X+@@MMO!    7J0DE )):S'  s4)A(&AA(A% A(%A((B!BB!cg}ddd}i} tj|jxstj|jxsd}|j D]+\}} ||r |||s|j d|d- |r%tj d |jd ||S#t$r|j d|YwwxYw#tjtjtjtjtjf$r$}|j t|Yd}~d}~wwxYw) z=Get a valid OCI config from the given configuration file pathct|dkDS)N )lenxs r7z:MySQLOCIAuthPlugin._get_valid_oci_config..sc!frkcztjjtjj|S)N)r>r?existsr@rLs r7rNz:MySQLOCIAuthPlugin._get_valid_oci_config..s"277>>"''2D2DQ2G#HrO)r rErz Parameter "z " is invalidzDoes not contain parameter NzInvalid oci-config-file: z. Errors found: )r from_filerDEFAULT_LOCATIONritemsappendKeyErrorrConfigFileNotFound InvalidConfigInvalidKeyFilePathInvalidPrivateKeyProfileNotFoundstrr r,)self error_listreq_keysrreq_key req_valuer6s r7_get_valid_oci_configz(MySQLOCIAuthPlugin._get_valid_oci_configsa 1H  &(  ())$$?(?(?''49J'/nn&6 O"O!'*9Z=P3Q"))Ky *MN  O" ))+D,@,@+AB!!+ .  % O%%(CG9&MNO  ) )  $ $  ) )  ( (  & &   (   c#h ' ' (s=AC$%B5 C5CCCCAE (EE cy)zPlugin official name.authentication_oci_clientr]s r7namezMySQLOCIAuthPlugin.names+rOcy)z'Signals whether or not SSL is required.Frerfs r7 requires_sslzMySQLOCIAuthPlugin.requires_sslsrO auth_datakwargsc htjd|t||j}|j |d}|j |t jtj}|j||}tjd||jS)z-Prepare authentication string for the server.zserver nonce: %s, len %drEzauthentication response: %s) r debugrKrbrGsignrPKCS1v15rSHA256r8encode)r]rjrkrrFrr5s r7r5z MySQLOCIAuthPlugin.auth_responses /C NK//1 ++Jz,BC $$Y0@0@0BFMMOT 33IzJ  2MB##%%rOsockr c |jdd|_|jdtj|_t j d|j|j|fi|}|tjdt j d|t||j||j}t j d|t|S)aSHandles server's `auth switch request` response. Args: sock: Pointer to the socket connection. auth_data: Plugin provided data (extracted from a packet representing an `auth switch request` response). kwargs: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: packet: Last server's response after back-and-forth communication. rrrz!# oci configuration file path: %szGot a NULL auth responsez# request: %s size: %sz# server response packet: %s)r(rrrSrr rmr5r InterfaceErrorrKsendrecvbytes)r]rrrjrkresponsepackets r7auth_switch_responsez'MySQLOCIAuthPlugin.auth_switch_responses" &zz*;YG"(** &"9"9#   8$:N:NO%4%%i:6:  ''(BC C -xXG ( 3V<V}rO)__name__ __module__ __qualname____doc__rr__annotations__rr\rrSr staticmethodrwrr8rrGrbpropertyrgboolrirr5rzrerOr7rrJs<GS''!22OS2%@%%@T#s(^%@PS%@%@N3+< &tCH~&P+c++d &u & & &!!!.3!?B! !rO)&r~r2r>base64rpathlibrtypingrrrrr r networkr cryptography.exceptionsr cryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricr/cryptography.hazmat.primitives.asymmetric.typesr ImportErrorr,ocirrrAUTHENTICATION_PLUGIN_CLASSr+r-r1OCI_PROFILE_MISSING_PROPERTIESrrerOr7rs>! 55%W<DAQ& 2'QM&R ``/W !& ! !"K LRVVW  !& ! !Q  sA7B7BB,