Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/google/auth/transport/mtls.py: 19%

32 statements  

« prev     ^ index     » next       coverage.py v7.3.2, created at 2023-12-08 06:45 +0000

1# Copyright 2020 Google LLC 

2# 

3# Licensed under the Apache License, Version 2.0 (the "License"); 

4# you may not use this file except in compliance with the License. 

5# You may obtain a copy of the License at 

6# 

7# http://www.apache.org/licenses/LICENSE-2.0 

8# 

9# Unless required by applicable law or agreed to in writing, software 

10# distributed under the License is distributed on an "AS IS" BASIS, 

11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

12# See the License for the specific language governing permissions and 

13# limitations under the License. 

14 

15"""Utilites for mutual TLS.""" 

16 

17from google.auth import exceptions 

18from google.auth.transport import _mtls_helper 

19 

20 

21def has_default_client_cert_source(): 

22 """Check if default client SSL credentials exists on the device. 

23 

24 Returns: 

25 bool: indicating if the default client cert source exists. 

26 """ 

27 metadata_path = _mtls_helper._check_dca_metadata_path( 

28 _mtls_helper.CONTEXT_AWARE_METADATA_PATH 

29 ) 

30 return metadata_path is not None 

31 

32 

33def default_client_cert_source(): 

34 """Get a callback which returns the default client SSL credentials. 

35 

36 Returns: 

37 Callable[[], [bytes, bytes]]: A callback which returns the default 

38 client certificate bytes and private key bytes, both in PEM format. 

39 

40 Raises: 

41 google.auth.exceptions.DefaultClientCertSourceError: If the default 

42 client SSL credentials don't exist or are malformed. 

43 """ 

44 if not has_default_client_cert_source(): 

45 raise exceptions.MutualTLSChannelError( 

46 "Default client cert source doesn't exist" 

47 ) 

48 

49 def callback(): 

50 try: 

51 _, cert_bytes, key_bytes = _mtls_helper.get_client_cert_and_key() 

52 except (OSError, RuntimeError, ValueError) as caught_exc: 

53 new_exc = exceptions.MutualTLSChannelError(caught_exc) 

54 raise new_exc from caught_exc 

55 

56 return cert_bytes, key_bytes 

57 

58 return callback 

59 

60 

61def default_client_encrypted_cert_source(cert_path, key_path): 

62 """Get a callback which returns the default encrpyted client SSL credentials. 

63 

64 Args: 

65 cert_path (str): The cert file path. The default client certificate will 

66 be written to this file when the returned callback is called. 

67 key_path (str): The key file path. The default encrypted client key will 

68 be written to this file when the returned callback is called. 

69 

70 Returns: 

71 Callable[[], [str, str, bytes]]: A callback which generates the default 

72 client certificate, encrpyted private key and passphrase. It writes 

73 the certificate and private key into the cert_path and key_path, and 

74 returns the cert_path, key_path and passphrase bytes. 

75 

76 Raises: 

77 google.auth.exceptions.DefaultClientCertSourceError: If any problem 

78 occurs when loading or saving the client certificate and key. 

79 """ 

80 if not has_default_client_cert_source(): 

81 raise exceptions.MutualTLSChannelError( 

82 "Default client encrypted cert source doesn't exist" 

83 ) 

84 

85 def callback(): 

86 try: 

87 ( 

88 _, 

89 cert_bytes, 

90 key_bytes, 

91 passphrase_bytes, 

92 ) = _mtls_helper.get_client_ssl_credentials(generate_encrypted_key=True) 

93 with open(cert_path, "wb") as cert_file: 

94 cert_file.write(cert_bytes) 

95 with open(key_path, "wb") as key_file: 

96 key_file.write(key_bytes) 

97 except (exceptions.ClientCertError, OSError) as caught_exc: 

98 new_exc = exceptions.MutualTLSChannelError(caught_exc) 

99 raise new_exc from caught_exc 

100 

101 return cert_path, key_path, passphrase_bytes 

102 

103 return callback