o biM@s4ddlZddlZddlZddZddZddZdS)NcCsz"ddlm}ddlm}ddlm}m}ddlm}ddl m }Wn t y-t dw|j dd |d }|j |jj|jj|d }|||jd g}ttjtj} | d | d} | ||tt |d|| |dg} t!j!"} |#$|%|j&| dd'|'(|)*| +| t!j,dd-||.|} | /|jj}||fS)zwCreate self-signed key/cert pair for testing. This method requires the library ``cryptography`` be installed. r)x509)default_backend)hashes serialization)rsa)NameOIDz_Using `Security.temporary` requires `cryptography`, please install it using either pip or condaii)public_exponentkey_sizebackend)encodingformatencryption_algorithmz ray-internal)z8.8.8.8Pz 127.0.0.1 localhostF)criticalim)days)0 cryptographyrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrcryptography.x509.oidr ImportErrorgenerate_private_key private_bytesEncodingPEM PrivateFormatPKCS8 NoEncryptiondecodeName NameAttribute COMMON_NAMEsocketAF_INET SOCK_DGRAMconnect getsocknamecloseSubjectAlternativeNameDNSName gethostbyname gethostnamedatetimeutcnowCertificateBuilder subject_name issuer_name add_extension public_key serial_numberrandom_serial_numbernot_valid_beforenot_valid_after timedeltasignSHA256 public_bytes)rrrrrrkey key_contents ray_interalsprivate_ip_addressaltnamesnowcert cert_contentsrEJ/home/ubuntu/.local/lib/python3.10/site-packages/ray/_private/tls_utils.pygenerate_self_signed_tls_certssb           rGcCsZddl}tjdddvr(t\}}}|j||fg||dud}|||S||S)Nr RAY_USE_TLS0)1true)root_certificatesrequire_client_auth) grpcosenvirongetlowerload_certs_from_envssl_server_credentialsadd_secure_portadd_insecure_port)serveraddressrNserver_cert_chain private_keyca_cert credentialsrErErFadd_port_to_grpc_serverDs   r]cCsgd}tdd|Drtdttjdd }|}Wdn1s(wYttjdd }|}Wdn1sDwYttjdd }|}Wdn1s`wY|||fS) N)RAY_TLS_SERVER_CERTRAY_TLS_SERVER_KEYRAY_TLS_CA_CERTcss|]}|tjvVqdS)N)rOrP).0vrErErF Usz&load_certs_from_env..zIf the environment variable RAY_USE_TLS is set to true then RAY_TLS_SERVER_CERT, RAY_TLS_SERVER_KEY and RAY_TLS_CA_CERT must also be set.r^rbr_r`)any RuntimeErroropenrOrPread) tls_env_varsfrYrZr[rErErFrSSs    rS)r-rOr#rGr]rSrErErErFs >