B Ø‹dõ7ã @sždZddlZddlZddlZddlZddlZddlZye d¡djZ Wn(ej k rpZ zdZ WddZ [ XYnXyddl m Z Wnek ržddlZ YnXy ddlZWn ek rÌddlmZYnXddlZddlmZmZmZddlmmZddlmmmmZddlmmmm Z ddl!m"Z"m#Z#m$Z$m%Z%m&Z&ddl'm(Z(ddl)m*m+Z+dZ,da-Gd d „d e"ƒZ.Gd d „d e/ƒZ0dS) zU A module for effectively caching the public keys of various token issuer endpoints. éNÚ scitokensz1.0.0)ÚEncodingÚ PublicFormatÚload_pem_public_key)ÚSciTokensExceptionÚMissingKeyExceptionÚNonHTTPSIssuerÚUnableToCreateCacheÚUnsupportedKeyException)Úlong_from_byteszscitokens_keycache.sqllitec@seZdZdZdS)ÚUnableToWriteKeyCachez? For whatever reason, unable to write to the Key Cache N)Ú__name__Ú __module__Ú __qualname__Ú__doc__©rrúe/work/yifan.wang/ringdown/master-ringdown-env/lib/python3.7/site-packages/scitokens/utils/keycache.pyr +sr c@s„eZdZdZdd„Zedd„ƒZddd„Zedd d „ƒZd d „Z d d„Z ddd„Z e dd„ƒZ eddd„ƒZdd„Zedd„ƒZdS)ÚKeyCachez_ Object that persistently caches signing keys associated with a token issuer endpoint. cCs| ¡|_dS)N)Ú_get_cache_fileÚcache_location)ÚselfrrrÚ__init__6szKeyCache.__init__cCstdkrtƒatS)z@ Return the singleton instance of the KeyCache. N)ÚKEYCACHE_INSTANCErrrrrÚ getinstance:szKeyCache.getinstancercCsd|dkr d}t |j¡}tj|_| ¡}| d ||¡¡tj ||||||d|  ¡|  ¡dS)aP Add a single, known public key to the cache. :param str issuer: URI of the issuer :param str key_id: Key Identifier :param public_key: Cryptography public_key object :param int cache_timer: Cache lifetime of the public_key :param int next_update: Seconds until next update time riz:DELETE FROM keycache WHERE issuer = '{}' AND key_id = '{}')Ú cache_timerÚ next_updateN) Úsqlite3ÚconnectrÚRowÚ row_factoryÚcursorÚexecuteÚformatrÚ _addkeyinfoÚcommitÚclose)rÚissuerÚkey_idÚ public_keyrrÚconnÚcursrrrÚ addkeyinfoDs  zKeyCache.addkeyinfoc Csdd}d| tjtj¡ d¡i}| |j|t ¡||t   |¡t ¡|d¡|j dkr`t dƒ‚dS)zM Given an open database cursor to a key cache, insert a key. z€INSERT INTO keycache VALUES('{issuer}', '{expiration}', '{key_id}', '{keydata}', '{next_update}')Úpub_keyÚascii)r&Ú expirationr'ÚkeydatarézUnable to insert into key cacheN) Z public_bytesrZPEMrZSubjectPublicKeyInfoÚdecoder!r"ÚtimeÚjsonÚdumpsZrowcountr )r*r&r'r(rrZinsert_key_statementr/rrrr#[s  zKeyCache._addkeyinfocCs>yt |¡dStk r8t d¡| ||¡dSXdS)a| Keydata is stored as a JSON object inside the DB. Therefore, we must extract it. :param str issuer: Token Issuer in keydata :param str kid: Key ID :param str keydata: Raw JSON key data (at least, it should be) :param curs: SQLite cursor, in case it has to delete the row :returns str: encoded public key, otherwise None r,z†Unable to parse JSON stored in keycache. This likely means the database format needsto be updated, which we will now do automaticallyN)r3ÚloadsÚ ValueErrorÚloggingÚ exceptionÚ_delete_cache_entry)rr&Úkidr/rrrÚ_parse_key_datals   zKeyCache._parse_key_datacCs:t |j¡}| ¡}| d ||¡¡| ¡| ¡dS)z& Delete a cache entry z:DELETE FROM keycache WHERE issuer = '{}' AND key_id = '{}'N)rrrr r!r"r$r%)rr&r'r)r*rrrr9„s   zKeyCache._delete_cache_entryNFc CsÈd}|dkr|d7}t |j¡}tj|_| ¡}| |j||d¡| ¡}|  ¡|  ¡|dkr¢t |dƒt   ¡kr(|  |¡r(y&| |||¡\}} | |||| ¡|Stk r$} zVt d¡} |  d t| ƒ¡¡| |d|d |d ¡} | rt|  ¡t ¡d SWdd} ~ XYnXnz|  |¡rŽ| |d|d |d ¡} | rht|  ¡t ¡d S| |||¡\}} | |||| ¡|S| |d|d ¡| |||¡\}} | |||| ¡|S) a3 Get the key information :param str issuer: The issuer URI :param str key_id: Text key id to identify the key :param bool insecure: Whether insecure methods are acceptable (defaults to False). :returns: None if no key is found. Else, returns the public key z0SELECT * FROM keycache WHERE issuer = '{issuer}'Nz AND key_id = '{key_id}')r&r'rrz/Unable to get key triggered by next update: {0}r&r'r/)Úbackend)rrrrrr r!r"Zfetchoner$r%Úintr2Ú_check_validityÚ_get_issuer_publickeyr+Ú Exceptionr7Ú getLoggerÚwarningÚstrr;rÚencodeÚbackendsÚdefault_backendr9) rr&r'ÚinsecureZ key_queryr)r*Úrowr(rÚexÚloggerr/rrrÚ getkeyinfo‘sB   " (  zKeyCache.getkeyinfocCs|dt ¡krdSdSdS)z8 Check the key to see if it has expired r.FTN)r2)ÚclsZkey_inforrrr>ÕszKeyCache._check_validitycCsLdd t¡i}d}| d¡s$|d}t |¡}t |j|¡}t|ƒ}||d<t |¡}|svt |¡}|jdkrvt dƒ‚t   t j ||d¡} t  |  ¡ d ¡¡} | d } |sÆt | ¡}|jdkrÆt d ƒ‚t   t j | |d¡} d } |  ¡}d |kr"d|d kr"t d|d ¡} | r"t|  d¡ƒ} t| t d¡ƒ} t  |  ¡ d ¡¡}d}d}|dkr‚t|dƒdkrttdƒ‚n |dd }n(x&|dD]}|d|krŒ|}PqŒW|dkrÂtd | ¡ƒ‚|ddkrüt t|dƒt|dƒ¡}| t  !¡¡}nH|ddkrr?rr~rrrrr1s   D  [$r)1rrvrr2Ú pkg_resourcesrer7ÚrequireÚversionrXÚDistributionNotFoundÚerrorÚurllib.requestr`Ú ImportErrorÚurllib2rZÚ urllib.parseÚparser3Z,cryptography.hazmat.primitives.serializationrrrZcryptography.hazmat.backendsZhazmatrEZ,cryptography.hazmat.primitives.asymmetric.ecZ primitivesZ asymmetricrmZ-cryptography.hazmat.primitives.asymmetric.rsarlZscitokens.utils.errorsrrrr r Zscitokens.utilsr Zscitokens.utils.configÚutilsrir}rr ÚobjectrrrrrÚs<