TSrSSKrSSKrSSKrSSKrSSKJr SSKJr SSKJr SSKJ r SSKJ r SSKJ r SS KJ r SS K Jr SS KJr SSKr\R$R&\R$R(\R$R*\R$R,\R$R./r"S S \R2R45rSrSrSrSrSr g)a  Classes and functions to allow google.auth credentials to be used within oauth2client. In particular, the External Account credentials don't have an equivalent in oauth2client, so we create helper methods to allow variants of this particular class to be used in oauth2client workflows. N)aws) credentials) exceptions)external_account) external_account_authorized_user) identity_pool) pluggable)requests) constantsc6^\rSrSrSr\"\"\RRR5S/-5r U4Sjr Sr \ S5r\RS5r\ S5r\RS 5rU4S jr\S 5r\S 5r\S 5rSrU=r$)WrappedCredentials0zWA utility class to use Google Auth credentials in place of oauth2client credentials. _basec >Xl[U[R5(aURRnSnSnOm[U[ R5(aCURR nURRnURRnO [S5e[[U]3URRUUUURRSSS9 g)zInitializes oauth2client credentials based on underlying Google Auth credentials. Args: external_account_creds: subclass of google.auth.external_account.Credentials NzInvalid Credentials) access_token client_id client_secret refresh_token token_expiry token_uri user_agent)r isinstancer Credentials _audiencerrrr TypeErrorsuperr __init__tokenexpiry)self base_credsrrr __class__s 2platform/gsutil/gslib/utils/wrapped_credentials.pyrWrappedCredentials.__init__7s J*.::;;**&&imm J @ L L M M**&&ijj..mjj..m + ,, d,$**:J:J7@;H;H:>**:K:K7;8< ->cURR[R"55 URbURR U5 ggN)rrefreshr Requeststore locked_put)r https r#_do_refresh_request&WrappedCredentials._do_refresh_requestQs>JJx'')* zz jjD!r%c.URR$r'rrr s r#rWrappedCredentials.access_tokenVs ::  r%c$XRlgr'r0r values r#rr2Zs JJr%c.URR$r'rrr1s r#rWrappedCredentials.token_expiry^s ::  r%c$XRlgr'r7r4s r#rr8bs JJr%c4>[TU]5n[R"U5n[R"UR R 5US'UR RUS'[UR5US'[R"U5$)zUtility function that creates JSON repr. of a Credentials object. Returns: string, a JSON representation of this instance, suitable to pass to from_json(). rrr) rto_jsonjsonloadscopyrinfor _parse_expiryrdumps)r serialized_datadeserialized_datar"s r#r;WrappedCredentials.to_jsonfswgo'O ?3!%4::??!;g(, (8(8n%(5d6G6G(Hn% ::' ((r%c([U5nU"U5$r')+_get_external_account_credentials_from_fileclsfilenamecredss r#for_external_account'WrappedCredentials.for_external_accountus 7 AE u:r%c([U5nU"U5$r');_get_external_account_authorized_user_credentials_from_filerGs r#$for_external_account_authorized_user7WrappedCredentials.for_external_account_authorized_userzs G E u:r%cZ[R"U5nURS5nSnURS5S:Xa [U5nO URS5S:Xa [ U5nU"U5nURS5UlURS5(aa[ US[R5(d?[RRUS[RR5US'URS5Ul U$![a SUS'N)f=f)zInstantiate a Credentials object from a JSON description of it. The JSON should have been produced by calling .to_json() on the object. Args: data: dict, A deserialized JSON object. Returns: An instance of a Credentials subclass. rNtyperrrr)r<r=get+_get_external_account_credentials_from_info;_get_external_account_authorized_user_credentials_from_inforrdatetimestrptime oauth2clientclient EXPIRY_FORMAT ValueErrorr)rH json_datadatabaser!rJs r# from_jsonWrappedCredentials.from_jsons  ::i D 88G DJ xx-->tDj & ? ?N j  OE.1E   tN+X->-> ? ?$'0099  ,"5"5"C"C E^.1E L$#^$s>DD*)D*)r)__name__ __module__ __qualname____firstlineno____doc__ frozensetlistrXrYOAuth2CredentialsNON_SERIALIZED_MEMBERSrr-propertyrsetterrr; classmethodrKrOr___static_attributes__ __classcell__)r"s@r#r r 0s$ <   0 0 G GHi>4"      )   r%r c^URS5S:Xa"[RRU[S9$URS5bCURS5RS5b"[ RRU[S9$[ RRU[S9$)Nsubject_token_typez+urn:ietf:params:aws:token-type:aws4_request)scopescredential_source executable)rSrr from_infoDEFAULT_SCOPESr rr?s r#rTrTs XXLM ?? $ $T. $ AA $%1 $%)),7C  * *4 * GG  $ $ . .tN . KKr%c[R"USSS9n[R"U5n[ U5sSSS5 $!,(df  g=fNrzutf-8)encoding)ioopenr<loadrTrI json_filer]s r#rFrFs6 wwxw/9 99Y D 6t <0// !A Ac@[RRU5$r')rrrtrvs r#rUrUs ) 5 5 ? ? EEr%c[R"USSS9n[R"U5n[ U5sSSS5 $!,(df  g=frx)r{r|r<r}rUr~s r#rNrNs6 wwxw/9 99Y D Ft L0//rcU(aH[U[R5(a)UR[RR 5$gr')rrVstrftimerXrYrZ)rs r#r@r@s5 68#4#455 ??<..<< == r%)!rer>rVr{r< google.authrrrrrrr google.auth.transportr gslib.utilsr rXScopesCLOUD_PLATFORMCLOUD_PLATFORM_READ_ONLY FULL_CONTROL READ_ONLY READ_WRITErurYrhr rTrFrUrNr@r%r#rs  #"(8%!*!## -- !!   q,,>>qh L= FM r%