o >Bii@sdZddlmZmZddlZddlZddlZddlmZddl Z ddl m Z m Z ddl Z ddlmZddlmZmZeeZdZed Zed Zd d Zd dZeGdddZdefddZGdddejZddZefdefddZ GdddeZ!dS)z5Mutual TLS for Google Compute Engine metadata server.) dataclassfieldN)Path)urlparse urlunparse) HTTPAdapter)environment_vars exceptionsntz#C:/ProgramData/Google/ComputeEnginez/run/google-mds-mtlscCtjtkr tdStdS)Nzmds-mtls-root.crtzroot.crtosname_WINDOWS_OS_NAME"_WINDOWS_MTLS_COMPONENTS_BASE_PATH_MTLS_COMPONENTS_BASE_PATHrr`/var/www/html/Trade-python/venv/lib/python3.10/site-packages/google/auth/compute_engine/_mtls.py_get_mds_root_crt_path, rcCr )Nzmds-mtls-client.keyz client.keyr rrrr"_get_mds_client_combined_cert_path3rrc@s2eZdZUeedZeed<eedZ eed<dS) MdsMtlsConfig)default_factory ca_cert_pathclient_combined_cert_pathN) __name__ __module__ __qualname__rrrr__annotations__rrrrrrr:s rmds_mtls_configcCstj|jo tj|jS)z&Checks if the mTLS certificates exist.)r pathexistsrr)rrrr _certs_existDsr"c@seZdZdZdZdZdZdS) MdsMtlsModeaGMDS mTLS mode. Used to configure connection behavior when connecting to MDS. STRICT: Always use HTTPS/mTLS. If certificates are not found locally, an error will be returned. NONE: Never use mTLS. Requests will use regular HTTP. DEFAULT: Use mTLS if certificates are found locally, otherwise use regular HTTP. strictnonedefaultN)rrr__doc__STRICTNONEDEFAULTrrrrr#Ks r#cCs6tjtjd}zt|WStytdw)z7Parses the GCE_METADATA_MTLS_MODE environment variable.r&zXInvalid value for GCE_METADATA_MTLS_MODE. Must be one of 'strict', 'none', or 'default'.)r environgetrGCE_METADATA_MTLS_MODElowerr# ValueError)mode_strrrr_parse_mds_modeXs  r1cCs<t}|tjkrt|stddS|tjkrdSt|S)z:Determines if mTLS should be used for the metadata server.z+mTLS certificates not found in strict mode.TF)r1r#r(r"r MutualTLSChannelErrorr))rmoderrrshould_use_mds_mtlses  r4csPeZdZdZefdeffdd ZfddZfddZfd d ZZ S) MdsMtlsAdapterz7An HTTP adapter that uses mTLS for the metadata server.rcsDt|_|jj|jd|jj|jdtt|j |i|dS)N)cafile)certfile) sslcreate_default_context ssl_contextload_verify_locationsrload_cert_chainrsuperr5__init__)selfrargskwargs __class__rrr>ws zMdsMtlsAdapter.__init__c |j|d<tt|j|i|SNr:)r:r=r5init_poolmanagerr?r@rArBrrrF zMdsMtlsAdapter.init_poolmanagercrDrE)r:r=r5proxy_manager_forrGrBrrrIrHz MdsMtlsAdapter.proxy_manager_forc sttjkrtt|j|fi|Sztt|j|fi|}||WStjt j jt j j fya}z(t d|t|j}t|jdd}||_t}|j|fi|WYd}~Sd}~ww)NzcmTLS connection to Compute Engine Metadata server failed. Falling back to standard HTTP. Reason: %shttp)scheme)r1r#r(r=r5sendraise_for_statusr8SSLErrorrequestsr HTTPError_LOGGERwarningrurlr_replacer)r?requestrAresponseeparsed_original_urlhttp_fallback_url http_adapterrBrrrLs,   zMdsMtlsAdapter.send) rrrr'rr>rFrIrL __classcell__rrrBrr5ts r5)"r' dataclassesrrenumloggingr pathlibrr8 urllib.parserrrOrequests.adaptersr google.authrr getLoggerrrQrrrrrrr"Enumr#r1r4r5rrrrs0