|
Server : LiteSpeed System : Linux server51.dnsbootclub.com 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : nandedex ( 1060) PHP Version : 8.1.33 Disable Function : NONE Directory : /opt/cppython/lib/python3.8/site-packages/google/auth/__pycache__/ |
U
����O��gB����������������������@���s����d�Z�ddlZddlmZ�ddlZddlmZ�ddlmZ�ddlm Z �ddlm
Z
�ddlm
Z
�ej
ej
ejejhZdgZd Zd
Zd
Zd
ZG�d
d��de
j�ZdS�)z�Tools for using the Google `Cloud Identity and Access Management (IAM)
API`_'s auth-related functionality.
.. _Cloud Identity and Access Management (IAM) API:
https://cloud.google.com/iam/docs/
�����N)�_exponential_backoff)�_helpers)�
credentials)�crypt)�
exceptionsz#https://www.googleapis.com/auth/iamzZhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateAccessTokenzOhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:signBlobzNhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:signJwtzVhttps://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateIdTokenc�������������������@���s@���e�Zd�ZdZdd��Zdd��Zedd���Ze� e
j
�dd ���Z
d
S�)
�Signera
��Signs messages using the IAM `signBlob API`_.
This is useful when you need to sign bytes but do not have access to the
credential's private key file.
.. _signBlob API:
https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts
/signBlob
c�����������������C���s���||�_�||�_||�_dS�)a���
Args:
request (google.auth.transport.Request): The object used to make
HTTP requests.
credentials (google.auth.credentials.Credentials): The credentials
that will be used to authenticate the request to the IAM API.
The credentials must have of one the following scopes:
- https://www.googleapis.com/auth/iam
- https://www.googleapis.com/auth/cloud-platform
service_account_email (str): The service account email identifying
which service account to use to sign bytes. Often, this can
be the same as the service account email in the given
credentials.
N)�_request�
_credentials�_service_account_email)�self�requestr���Zservice_account_email��r
����</opt/cppython/lib/python3.8/site-packages/google/auth/iam.py�__init__I���s����zSigner.__init__c����������� ������C���s����t��|�}d}t�tj|�jj��|�j �}ddi}t
�
dt
�
|��d�i��d�}t���}|D�]h}|�j�|�j|||��|�j||||d�}|jtkr�q\|jtjkr�t�d�|j���t
�|j�d����S�t�d��d S�)
z(Makes a request to the API signBlob API.�POSTz
Content-Typezapplication/json�payloadzutf-8)�url�method�body�headersz&Error calling the IAM signBlob API: {}z#exhausted signBlob endpoint retriesN)
r����to_bytes�_IAM_SIGN_ENDPOINT�replacer���ZDEFAULT_UNIVERSE_DOMAINr ���Zuniverse_domain�formatr
����json�dumps�base64� b64encode�decode�encoder���ZExponentialBackoffZbefore_requestr����status�IAM_RETRY_CODES�
http_client�OKr���ZTransportError�data�loads) r
����messager���r���r���r����retries�_�responser
���r
���r����_make_signing_request]���s4����
�����
�z
Signer._make_signing_requestc�����������������C���s���dS�)z�Optional[str]: The key ID used to identify this private key.
.. warning::
This is always ``None``. The key ID used by IAM can not
be reliably determined ahead of time.
Nr
���)r
���r
���r
���r����key_id{���s����z
Signer.key_idc�����������������C���s���|���|�}t�|d��S�)NZ
signedBlob)r*���r
���� b64decode)r
���r&���r)���r
���r
���r����sign����s����
z
Signer.signN)
�__name__�
__module__�
__qualname__�__doc__r���r*����propertyr+���r���Zcopy_docstringr���r���r-���r
���r
���r
���r���r���>���s���
r���)r1���r
����
http.client�clientr"���r���Z
google.authr���r���r���r���r����INTERNAL_SERVER_ERROR�
BAD_GATEWAY�SERVICE_UNAVAILABLE�GATEWAY_TIMEOUTr!���Z
_IAM_SCOPEZ
_IAM_ENDPOINTr���Z_IAM_SIGNJWT_ENDPOINTZ_IAM_IDTOKEN_ENDPOINTr���r
���r
���r
���r����<module>���s.���
�����