6 SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKr SSK J r SSK J r SSKJr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKrSrSrSrSrSr Sr!Sr"Sr#SSjr$SSjr%Sr&g)z#Utilities for the sign-url command.)absolute_import)division)unicode_literalsN) apis_internal)iam_util)errors)log)requests) transport) console_io) transports)files)timesz RSA-SHA256zGOOG4-RSA-SHA256zUNSIGNED-PAYLOAD client_email private_keyc [RRUSS9n [R"[R S9n UR S5u pSU 0nURU5 SR[UR55VVs/sH&unnSRUR5U5PM( snn5nSR[UR555nS RU RS 5UR5S 9nU RS 5n[US -U-UU[!U5S.nURU5 SR[UR55VVs/sH5unnSRU[RR#U55PM7 snn5nSRUU UUU[$/5n[&R("SU-5 [*R,"UR/S55R15nSR[UUU/5n[&R("SU-5 U(a [3UU5O [5UUU 5n[6R8"U5R5R;S5nSRUU UUS9$s snnfs snnf)aGets a signed URL for a GCS XML API request. https://cloud.google.com/storage/docs/access-control/signed-urls Args: client_id (str): Email of the service account that makes the request. duration (int): Amount of time (seconds) that the URL is valid for. headers (dict[str, str]): User-inputted headers for the request. host (str): The endpoint URL for the request. This should include a scheme, e.g. "https://" key (crypto.PKey): Key for the service account specified by client_id. verb (str): HTTP verb associated with the request. parameters (dict[str, str]): User-inputted parameters for the request. path (str): Of the form `/bucket-name/object-name`. Specifies the resource that is targeted by the request. region (str): The region of the target resource instance. delegates (list[str]|None): The list of service accounts in a delegation chain specified in --impersonate-service-account. Returns: A URL (str) used to make the specified request. z/~)safe)tzinfoz://hostz{}:{} ;z%{date}/{region}/storage/goog4_requestz%Y%m%d)dateregionz%Y%m%dT%H%M%SZ/)zx-goog-algorithmzx-goog-credentialz x-goog-datezx-goog-signedheaderszx-goog-expires&z{}={} zCanonical request string: utf-8zString to sign: z8{host}{path}?x-goog-signature={signature}&{query_string})rpath signature query_string)urllibparsequoterNowUTC rpartitionupdatejoinsorteditemsformatlowerkeysstrftime_SIGNING_ALGORITHMstr quote_plus_UNSIGNED_PAYLOADr debughashlibsha256encode hexdigest_sign_with_key_sign_with_iambase64 b16encodedecode) client_iddurationheadersrkeyverb parametersrr delegates encoded_path signing_time_host_without_schemeheaders_to_signkvcanonical_headers_stringcanonical_signed_headers_stringcanonical_scopecanonical_timequery_params_to_signcanonical_query_stringcanonical_request_stringcanonical_request_hashstring_to_sign raw_signaturers 7lib/googlecloudsdk/command_lib/storage/sign_url_util.pyget_signed_urlrV2sD##Dt#4,%)),,"ooe4!Q01/!WW_22455da   1779a (5 %(HHVO4H4H4J-K$L!;BB   * \\^C/  (()9:.-$s?_<#=H j)881779::da ..FLL33A6 7:"YY % ()) ),D DE">>%%g. IK 99 .)) . 01 S.) )^Y ? }-335< +  "00 7n ne , ,%,,W5n"("B"B#C#Ka++33K@K##::7;N;NOI Q<  { **'+sAAB0D  D cU(aURS5nOSn[R"U5nUR5nSSS5 [ WU5$!,(df  N=f)aLoads signing information from a JSON or P12 private key file. Args: path (str): The location of the file. password (str|None): The password used to decrypt encrypted private keys. Returns: A tuple (client_id: str, key: crypto.PKey), which can be used to sign URLs. rN)r6rBinaryFileReaderreadr)rr{rfilers rU!get_signing_information_from_filersR__W-NN d#tyy{H$ +8^ DD$#s A A%c 0n SU;aUSU S'[US0UUSU UUSS9 n [R"5n U RU 5n U RS:XaUS:XagSU;n U (agUR R 5(a/[R"S RUR 55e[R"S RUR 55eU RS :Xa0[R"S RXR 55 gU R5 g![RRa*n[R"S RU55eSnAff=f)a.Checks if provided credentials offer appropriate access to a resource. Args: client_id (str): Email of the service account that makes the request. host (str): The endpoint URL for the request. key (crypto.PKey): Key for the service account specified by client_id. path (str): Of the form `/bucket-name/object-name`. Specifies the resource that is targeted by the request. region (str): The region of the target resource instance. requested_headers (dict[str, str]): Headers used in the user's request. These do not need to be passed into the HEAD request performed by this function, but they do need to be checked for this function to raise appropriate errors for different use cases (e.g. for resumable uploads). requested_http_verb (str): Method the user requested. requested_parameters (dict[str, str]): URL parameters the user requested. requested_resource (resource_reference.Resource): Resource the user requested to access. Raises: errors.Error if the requested resource is not available for the requested operation. userProject<HEADN) r=r>r?rr@rArBrrrCiPUTzx-goog-resumablezjBucket {} does not exist. Please create a bucket with that name before creating a signed URL to access it.zkObject {} does not exist. Please create an object with that name before creating a signed URL to access it.iz{} does not have permissions on {}. Using this link will likely result in a 403 error until at least READ permissions are granted.zbExpected an HTTP response code of 200 while querying object readability, but received an error: {})rV core_requests GetSessionhead status_code storage_url is_bucketrErrorr+r warningraise_for_statusr exceptions HTTPError)r=rr@rrrequested_headersrequested_http_verbrequested_parametersrequested_resourcerBurlsessionrois_resumable_uploaderrors rUprobe_access_to_resourcer)sB*** 4] CJ}     #  $ $ &' \\# ( S e# -0AA %%//11 LL 88> ,,9   LL 88> ,,9  s"KK GGMv 55H !    ( ( LL 44:F5M s+D<<F%E??F)N)'__doc__ __future__rrrr:r4r~ urllib.parser!googlecloudsdk.api_lib.utilrgooglecloudsdk.command_lib.iamr"googlecloudsdk.command_lib.storagergooglecloudsdk.corer r rr googlecloudsdk.core.consoler googlecloudsdk.core.credentialsr googlecloudsdk.core.utilrrrur/r2rrrVr9r8rrrrvrUrs*&'  535#9)26** '&$$m`*Z C4+nE*brv