o ³©ió:ã@sŠdZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl Z ddl m Z m Z ddlmZddlmZddlmZmZddlmZmZdd lmZmZmZd d lmZd d lmZd d lmZd dlm Z m!Z!d dl"m#Z#m$Z$d dl%m&Z&m'Z'm(Z(e )e*¡Z+Gdd„de,ƒZ-e  .ej/¡Gdd„de,ƒƒZ0dZ1e  .ej/¡Gdd„de0ƒƒZ2e  .ej/¡Gdd„de0ƒƒZ3Gdd„de0ƒZ4dS)u^ oss2.encryption ~~~~~~~~~~~~~~ 该模å—包å«äº†å®¢æˆ·ç«¯åŠ è§£å¯†ç›¸å…³çš„函数和类。 éN)Úpartial)Ú PKCS1_OAEPÚ PKCS1_v1_5)ÚRSA)Úclient)ÚServerExceptionÚClientException)Ú format_typeÚ method_type)ÚGenerateDataKeyRequestÚDecryptRequestÚEncryptRequesté)Úmodels)Úheaders)Úutils)Úb64decode_from_stringÚb64encode_as_string)Úto_bytesÚ to_unicode)Ú ClientErrorÚOpenApiFormatErrorÚOpenApiServerErrorc@s&eZdZddd„Zdd„Zdd„ZdS) ÚEncryptionMaterialsNcCs`i|_|rt|tƒr||_ntdƒ‚|r|rtdƒ‚|r%t|tƒs%tdƒ‚||_||_||_dS)Nú0Invalid type, the type of mat_desc must be dict!z3Both key_pair and custom_master_key_id are not noneú0Invalid type, the type of key_pair must be dict!)ÚdescÚ isinstanceÚdictrÚkey_pairÚcustom_master_key_idÚ passphrase)Úselfrrr r!©r#ú?/home/ubuntu/.local/lib/python3.10/site-packages/oss2/crypto.pyÚ__init__%s  zEncryptionMaterials.__init__cCs||j|<dS©N©r)r"ÚkeyÚvaluer#r#r$Úadd_description6óz#EncryptionMaterials.add_descriptioncCs|D] }|||j|<qdSr&r')r"Ú descriptionsr(r#r#r$Úadd_descriptions9sÿz$EncryptionMaterials.add_descriptions)NNN)Ú__name__Ú __module__Ú __qualname__r%r*r-r#r#r#r$r$s  rc@sšeZdZdZddd„Zejdd„ƒZdd„Ze d d „ƒZ e dd d „ƒZ ejdd„ƒZ ejdd„ƒZ ejdd„ƒZdd„Zejdd„ƒZdd„Zdd„ZdS)ÚBaseCryptoProvideruFCryptoProvider 基类,æ供基础的数æ®åŠ å¯†è§£å¯†adapter NcCsN|stdƒ‚||_d|_d|_d|_i|_|r%t|tƒr!||_dStdƒ‚dS)Nz&Please initialize the value of cipher!r)rÚcipherÚcek_algÚwrap_algÚmat_descÚencryption_materials_dictrr)r"r2r5r#r#r$r%Ds  üzBaseCryptoProvider.__init__cCódSr&r#©r"r#r#r$Úget_keyRózBaseCryptoProvider.get_keycCó |j ¡Sr&)r2Úget_ivr8r#r#r$r<Vó zBaseCryptoProvider.get_ivcCst |t|jƒ¡Sr&)rÚmake_cipher_adapterrÚencrypt)Ústreamr2r#r#r$Úmake_encrypt_adapterYsz'BaseCryptoProvider.make_encrypt_adapterrcCst |t|jƒ|¡Sr&)rr>rÚdecrypt)r@r2Údiscardr#r#r$Úmake_decrypt_adapter]sz'BaseCryptoProvider.make_decrypt_adaptercCr7r&r#©r"Ú encrypted_keyr#r#r$Údecrypt_encrypted_keyar:z(BaseCryptoProvider.decrypt_encrypted_keycCr7r&r#)r"Ú encrypted_ivr#r#r$Údecrypt_encrypted_iver:z'BaseCryptoProvider.decrypt_encrypted_ivcCr7r&r#©r"Úencryption_materialsr#r#r$Úreset_encryption_materialsir:z-BaseCryptoProvider.reset_encryption_materialscCs|j ||¡Sr&)r2Ú adjust_range)r"ÚstartÚendr#r#r$rMmr+zBaseCryptoProvider.adjust_rangecCr7r&r#r8r#r#r$Úcreate_content_materialpr:z*BaseCryptoProvider.create_content_materialcCs&|jrt|j ¡ƒ}||j|<dSdSr&)rÚ frozensetÚitemsr6)r"rKr(r#r#r$Úadd_encryption_materialstsþz+BaseCryptoProvider.add_encryption_materialscCs0|rt| ¡ƒ}||j ¡vr|j|SdSdSr&)rQrRr6Úkeys)r"rr(r#r#r$Úget_encryption_materialsys   ýz+BaseCryptoProvider.get_encryption_materialsr&)r)r.r/r0Ú__doc__r%ÚabcÚabstractmethodr9r<Ú staticmethodrArDrGrIrLrMrPrSrUr#r#r#r$r1>s*         r1z.oss-local-rsacsreZdZdZdZdZddde ¡eef‡fdd„ Zdd „Z d d „Z d d „Z dd„Z dd„Z dd„Zdd„Z‡ZS)ÚLocalRsaProviderõ]使用本地RSA加密数æ®å¯†é’¥ã€‚ :param str dir: 本地RSA公钥ç§é’¥å­˜å‚¨è·¯å¾„ :param str key: 本地RSA公钥ç§é’¥å称å‰ç¼€ :param str passphrase: 本地RSA公钥ç§é’¥å¯†ç  :param class cipher: æ•°æ®åŠ å¯†ï¼Œé»˜è®¤aes256,用户å¯è‡ªè¡Œå®žçŽ°å¯¹ç§°åŠ å¯†ç®—法,需符åˆAESCipher注释规则 z.public_key.pemz.private_key.pemNÚc sîtt|ƒj|dtj|_|ptj tj  d¡t ¡}tj |||¡}tj |||¡} zµtj  |¡r‚tj  | ¡r‚t |dƒ} t  tj|  ¡|d¡|_Wdƒn1sVwYt | dƒ} t  tj|  ¡|d¡|_WdƒWdS1szwYWdSt d¡t d¡} |  ¡} t  | ¡|_t  | ¡|_t |¡t |dƒ} |  | j|d¡Wdƒn1sºwYt | dƒ} |  | j|d¡WdƒWdS1sÚwYWdStttfyö} ztt | ƒƒ‚d} ~ ww)N)r2ú~Úrb©r!zOThe file path of private key or public key is not exist, will generate key pairiÚwb)!ÚsuperrZr%rÚ#RSA_NONE_OAEPWithSHA1AndMGF1Paddingr4ÚosÚpathÚjoinÚ expanduserÚ_LOCAL_RSA_TMP_DIRÚexistsÚopenrÚnewrÚ importKeyÚreadÚ_LocalRsaProvider__decrypt_objÚ_LocalRsaProvider__encrypt_objÚloggerÚwarnÚgenerateÚ publickeyrÚ makedir_pÚwriteÚ exportKeyÚ ValueErrorÚ TypeErrorÚ IndexErrorrÚstr)r"Údirr(r!r2Úpub_key_suffixÚprivate_key_suffixÚkeys_dirÚ priv_key_pathÚ pub_key_pathÚfÚ private_keyÚ public_keyÚe©Ú __class__r#r$r%s: ÿ &ÿ      ÿ &ÿ €ÿzLocalRsaProvider.__init__cCr;r&©r2r9r8r#r#r$r9³r=zLocalRsaProvider.get_keyc Có6z| |¡WSttfy}ztt|ƒƒ‚d}~wwr&©Ú_LocalRsaProvider__decrypt_datarwrvrry©r"rFrƒr#r#r$rG¶ó   €ÿz&LocalRsaProvider.decrypt_encrypted_keyc Cr‡r&rˆ©r"rHrƒr#r#r$rI¼r‹z%LocalRsaProvider.decrypt_encrypted_ivcCstdƒ‚)Nz*do not support reset_encryption_materials!)rrJr#r#r$rLÂsz+LocalRsaProvider.reset_encryption_materialsc Có^| ¡}| |¡}| ¡}| |¡}t |j¡}|j}|j}| ||¡t  |||||¡}|Sr&) r9Ú_LocalRsaProvider__encrypt_datar<Úcopyr2r4r5Ú initializerÚContentCryptoMaterial© r"Ú plain_keyrFÚplain_ivrHr2r4r5Úcontent_crypto_materialr#r#r$rPÅó     ÿz(LocalRsaProvider.create_content_materialcCó |j |¡Sr&)rnr?©r"Údatar#r#r$Ú__encrypt_dataÔó zLocalRsaProvider.__encrypt_datacCr—r&)rmrBr˜r#r#r$Ú__decrypt_data×r›zLocalRsaProvider.__decrypt_data)r.r/r0rVÚDEFAULT_PUB_KEY_SUFFIXÚDEFAULT_PRIV_KEY_SUFFIXrÚ AESCTRCipherr%r9rGrIrLrPrŽr‰Ú __classcell__r#r#r„r$rZƒs ÿ#rZcsdeZdZdZde ¡df‡fdd„ Zdd„Zdd„Zd d „Z d d „Z d d„Z dd„Z dd„Z ‡ZS)Ú RsaProviderr[Nc s¬tt|ƒj||dtj|_|rt|tƒstdƒ‚z(d|vr+t   t j |d|d¡|_ d|vr?t   t j |d|d¡|_WdSWdSttfyU}ztt|ƒƒ‚d}~ww)N©r2r5rr‚r_r)rar¡r%rÚ$RSA_NONE_PKCS1Padding_WRAP_ALGORITHMr4rrrrrjrrkÚ_RsaProvider__encrypt_objÚ_RsaProvider__decrypt_objrvrwry)r"rr!r2r5rƒr„r#r$r%ås ÿ €ÿzRsaProvider.__init__cCr;r&r†r8r#r#r$r9ör=zRsaProvider.get_keyc Cr‡r&©Ú_RsaProvider__decrypt_datarwrvrryrŠr#r#r$rGùr‹z!RsaProvider.decrypt_encrypted_keyc Cr‡r&r¦rŒr#r#r$rIÿr‹z RsaProvider.decrypt_encrypted_ivcCst|j|j|j|jƒSr&)r¡rr!r2rrJr#r#r$rLsÿz&RsaProvider.reset_encryption_materialsc Crr&) r9Ú_RsaProvider__encrypt_datar<rr2r4r5rrr‘r’r#r#r$rP r–z#RsaProvider.create_content_materialcCr—r&)r¤r?r˜r#r#r$ršr›zRsaProvider.__encrypt_datacCs"|j |t¡}|tkrtdƒ‚|S)Nz0Decrypted data error, please check you key pair!)r¥rBÚobjectr)r"r™Údecrypted_datar#r#r$rœszRsaProvider.__decrypt_data)r.r/r0rVrrŸr%r9rGrIrLrPr¨r§r r#r#r„r$r¡Ûsr¡csxeZdZdZdde ¡df‡fdd„ Zdd„Zdd„Zdd d „Z d d „Z dd„Z dd„Z dd„Z dd„Zdd„Z‡ZS)ÚAliKMSProvideruó使用aliyun kmsæœåŠ¡åŠ å¯†æ•°æ®å¯†é’¥ã€‚kms的详细说明å‚è§ https://help.aliyun.com/product/28933.html?spm=a2c4g.11186623.3.1.jlYT4v 此接å£åœ¨py3.3下暂时ä¸å¯ç”¨ï¼Œè¯¦è§ https://github.com/aliyun/aliyun-openapi-python-sdk/issues/61 :param str access_key_id: å¯ä»¥è®¿é—®kms密钥æœåŠ¡çš„access_key_id :param str access_key_secret: å¯ä»¥è®¿é—®kms密钥æœåŠ¡çš„access_key_secret :param str region: kms密钥æœåŠ¡åœ°åŒº :param str cmkey: 用户主密钥 :param str sts_token: security token,如果使用的是临时AK需æä¾› :param str passphrase: kms密钥æœåŠ¡å¯†ç  :param class cipher: æ•°æ®åŠ å¯†ï¼Œé»˜è®¤aes256,当å‰ä»…支æŒé»˜è®¤å®žçŽ° Nc sftt|ƒj||dt|tjƒstdƒ‚tj|_ ||_ ||_ |r&d|dnd|_ t  |||¡|_dS)Nr¢z-AliKMSProvider only support AES256 cipher nowú{"x-passphrase":"ú"}r\)rar«r%rrrŸrrÚKMS_ALI_WRAP_ALGORITHMr4r Ú sts_tokenÚcontextrÚ AcsClientÚ kms_client) r"Ú access_key_idÚaccess_key_secretÚregionÚcmk_idr¯r!r2r5r„r#r$r%1s zAliKMSProvider.__init__cCs| ¡\}}||fSr&)Ú"_AliKMSProvider__generate_data_key)r"r“rFr#r#r$r9=s zAliKMSProvider.get_keycCst| |¡ƒSr&)rÚ_AliKMSProvider__decrypt_datarEr#r#r$rGAr+z$AliKMSProvider.decrypt_encrypted_keyFcCs|r| |¡St| |¡ƒSr&)r¸r)r"rHÚ deprecatedr#r#r$rIDs z#AliKMSProvider.decrypt_encrypted_ivcCs8t |¡}|j|_|jrd|jdnd|_|j|_|S)Nr¬r­r\)rr r!r°rr5)r"rKÚproviderr#r#r$rLIs z)AliKMSProvider.reset_encryption_materialsc Cs\| ¡\}}| ¡}| t|ƒ¡}t |j¡}|j}|j}| ||¡t   |||||¡}|Sr&) r9r<Ú_AliKMSProvider__encrypt_datarrr2r4r5rrr‘r’r#r#r$rPPs    ÿz&AliKMSProvider.create_content_materialcCs|t ¡}| tj¡| tj¡| |j¡|  d¡|  d¡|  |j ¡|j r/| |j ¡| |¡}t|dƒ|dfS)NÚAES_256é Ú PlaintextÚCiphertextBlob)r Úset_accept_formatr ÚJSONÚ set_methodr ÚPOSTÚ set_KeyIdr Ú set_KeySpecÚset_NumberOfBytesÚset_EncryptionContextr°r¯Ú set_STSTokenÚ_AliKMSProvider__dor)r"ÚreqÚrespr#r#r$Ú__generate_data_key^s        z"AliKMSProvider.__generate_data_keycCsft ¡}| tj¡| tj¡| |j¡|  |¡|  |j ¡|j r*|  |j ¡| |¡}|dS)Nr¿)r rÀr rÁrÂr rÃrÄr Ú set_PlaintextrÇr°r¯rÈrÉ©r"r™rÊrËr#r#r$ršos       zAliKMSProvider.__encrypt_datacCsZt ¡}| tj¡| tj¡| |¡| |j ¡|j r$|  |j ¡|  |¡}|dS)Nr¾) r rÀr rÁrÂr rÃÚset_CiphertextBlobrÇr°r¯rÈrÉrÎr#r#r$rœ~s      zAliKMSProvider.__decrypt_datac Cs˜z|j |¡}t t|ƒ¡WSty%}z t|j|j|j |j ƒ‚d}~wt y5}zt |j ƒ‚d}~wt ttfyK}ztdt|ƒƒ‚d}~ww)Nz Json Error: )r²Údo_action_with_exceptionÚjsonÚloadsrrrÚ http_statusÚ request_idÚmessageÚ error_coderrÚKeyErrorrvrwrry)r"rÊÚbodyrƒr#r#r$Ú__do‹s € €€ÿzAliKMSProvider.__do)F)r.r/r0rVrrŸr%r9rGrIrLrPr·r»r¸rÉr r#r#r„r$r«"sÿ   r«)5rVrWÚhashlibrÑrcrÚloggingÚstructÚ functoolsrÚsixÚ Crypto.CipherrrÚCrypto.PublicKeyrÚ aliyunsdkcorerÚ&aliyunsdkcore.acs_exception.exceptionsrrÚaliyunsdkcore.httpr r Úaliyunsdkkms.request.v20160120r r r r\rrrrrÚcompatrrÚ exceptionsrrrÚ getLoggerr.ror©rÚ add_metaclassÚABCMetar1rgrZr¡r«r#r#r#r$Ús@        A  WF