i SSKrSSKrSSKJr SSKrSSKrSSKrSSKrSSK J r SSK r SSK J r Jr SSK Jr SSK Jr SSK Jr SSK Jr SSKJr S rS rS rS rS rSR5\5r\\-rSrSS/r\R>RA\R>RC\"5S5r#\R>RA\#S5r$\R>RA\#S5r%\R>RA\#S5r&\R>RA\#S5r'\R>RA\#S5r(\R>RA\#S5r)\R>RA\#S5r*\R>RA\#S5r+Sr,\-"\$5r.\.R_5r0SSS5 \-"\%5r.\Rb"\.5r2\2Rg\,5r4SSS5 \-"\)S5r5\Rl"\ Rn"\ Rp\ Rr"\ Rt\5R_5555RwS5rSr?S r@S!rAS"rBS#rCS$rD/S%QrE/S&QrF/S'QrG/S(QrH"S)S*\R5rJ"S+S,\K5rLg!,(df  GNp=f!,(df  GNN=f!,(df  N=f!,(df  N=f)-N)crypto)_helpersexternal_account) exceptions) identity_pool)metrics) transport)DEFAULT_UNIVERSE_DOMAINusernamepasswordzdXNlcm5hbWU6cGFzc3dvcmQ=z1service-1234@service-name.iam.gserviceaccount.comz.https://us-east1-iamcredentials.googleapis.comz5/v1/projects/-/serviceAccounts/{}:generateAccessTokenQUOTA_PROJECT_IDscope1scope2datazexternal_subject_token.txtzexternal_subject_token.jsonztrust_chain_with_leaf.pemztrust_chain_without_leaf.pemztrust_chain_wrong_order.pemzpublic_cert.pemzprivatekey.pemzother_cert.pem access_tokenrbutf-8z#https://sts.googleapis.com/v1/tokenz(https://sts.googleapis.com/v1/introspectz$urn:ietf:params:oauth:token-type:jwtzi//iam.googleapis.com/projects/123456/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_IDzR//iam.googleapis.com/locations/global/workforcePools/POOL_ID/providers/PROVIDER_IDz)urn:ietf:params:oauth:token-type:id_token"WORKFORCE_POOL_USER_PROJECT_NUMBER) https://sts.googleapis.comz$https://us-east-1.sts.googleapis.comz$https://US-EAST-1.sts.googleapis.comz$https://sts.us-east-1.googleapis.comz$https://sts.US-WEST-1.googleapis.comz$https://us-east-1-sts.googleapis.comz$https://US-WEST-1-sts.googleapis.comz/https://us-west-1-sts.googleapis.com/path?queryz&https://sts-us-east-1.p.googleapis.com)%https://iamcredentials.googleapis.comzsts.googleapis.comhttps://zhttp://sts.googleapis.comzhttps://st.s.googleapis.comz$https://us-eas -1.sts.googleapis.comz#https:/us-east-1.sts.googleapis.comz%https://US-WE/ST-1-sts.googleapis.comz$https://sts-us-east-1.googleapis.comz$https://sts-US-WEST-1.googleapis.comz(testhttps://us-east-1.sts.googleapis.comz,https://us-east-1.sts.googleapis.comevil.comz.https://us-east-1.us-east-1.sts.googleapis.comz$https://us-ea.s.t.sts.googleapis.comz"https://sts.googleapis.comevil.comz%hhttps://us-east-1.sts.googleapis.comz!https://us- -1.sts.googleapis.comzhttps://-sts.googleapis.comz-https://us-east-1.sts.googleapis.com.evil.comzhttps://sts.pgoogleapis.comhttps://p.googleapis.comzhttps://sts.p.comzhttp://sts.p.googleapis.comz https://xyz-sts.p.googleapis.comz$https://sts-xyz.123.p.googleapis.comz!https://sts-xyz.p1.googleapis.comzhttps://sts-xyz.p.foo.comz$https://sts-xyz.p.foo.googleapis.com) rz/https://us-east-1.iamcredentials.googleapis.comz/https://US-EAST-1.iamcredentials.googleapis.comz/https://iamcredentials.us-east-1.googleapis.comz/https://iamcredentials.US-WEST-1.googleapis.comz/https://us-east-1-iamcredentials.googleapis.comz/https://US-WEST-1-iamcredentials.googleapis.comz:https://us-west-1-iamcredentials.googleapis.com/path?queryz1https://iamcredentials-us-east-1.p.googleapis.com)rziamcredentials.googleapis.comrz$http://iamcredentials.googleapis.comz&https://iamcre.dentials.googleapis.comz/https://us-eas -1.iamcredentials.googleapis.comz.https:/us-east-1.iamcredentials.googleapis.comz0https://US-WE/ST-1-iamcredentials.googleapis.comz/https://iamcredentials-us-east-1.googleapis.comz/https://iamcredentials-US-WEST-1.googleapis.comz3testhttps://us-east-1.iamcredentials.googleapis.comz7https://us-east-1.iamcredentials.googleapis.comevil.comz9https://us-east-1.us-east-1.iamcredentials.googleapis.comz/https://us-ea.s.t.iamcredentials.googleapis.comz-https://iamcredentials.googleapis.comevil.comz0hhttps://us-east-1.iamcredentials.googleapis.comz,https://us- -1.iamcredentials.googleapis.comz&https://-iamcredentials.googleapis.comz8https://us-east-1.iamcredentials.googleapis.com.evil.comz&https://iamcredentials.pgoogleapis.comrzhttps://iamcredentials.p.comz&http://iamcredentials.p.googleapis.comz+https://xyz-iamcredentials.p.googleapis.comz/https://iamcredentials-xyz.123.p.googleapis.comz,https://iamcredentials-xyz.p1.googleapis.comz$https://iamcredentials-xyz.p.foo.comz/https://iamcredentials-xyz.p.foo.googleapis.comc&\rSrSrSSjrSrSrg)TestSubjectTokenSupplierNc(XlX lX0lgN)_subject_token_subject_token_exception_expected_context)self subject_tokensubject_token_exceptionexpected_contexts Rplatform/gsutil/third_party/google-auth-library-python/tests/test_identity_pool.py__init__!TestSubjectTokenSupplier.__init__s,(?%!1cURbURU:XdeURb UReUR$r)r rr)r!contextrequests r%get_subject_token*TestSubjectTokenSupplier.get_subject_tokensF  ! ! -))W4 44  ( ( 4// /"""r()r rr)NNN)__name__ __module__ __qualname____firstlineno__r&r,__static_attributes__r(r%rrsQU2#r(rc\rSrSrS\0r\SSS.S.rSrS\0r \SSS.S .r S S S 00r S S S00r S S \ S.0rS S \S.0rS S \S.0rSSSSSR'\5S.r\S5r\\R2S4Sj5r\\4Sj5r\\4Sj5r\\4Sj5r\SoSj5r \\!\"\\#SSSSSSSSS4 Sj5r$\%RLRO\(RRSSS9S 5r*\%RLRO\(RRSSS9S!5r+\%RLRO\(RRSSS9S"5r,\%RLRO\(RRSSS9S#5r-\%RLRO\(RRSSS9S$5r.\%RLRO\(RRSSS9S%5r/\%RLRO\(RRSSS9S&5r0S'r1S(r2S)r3S*r4S+r5S,r6S-r7S.r8S/r9S0r:S1r;S2rS5r?S6r@S7rAS8rBS9rCS:rDS;rES<rFS=rGS>rH\%RL"S?\I\J4S9S@5rK\%RL"S?\I\J4S9SA5rL\%RL"S?\I\J4S9SB5rM\%RL"S?\I\J4S9SC5rN\%RL"S?\I\J4S9SD5rO\%RL"S?\I\J4S9SE5rP\%RL"S?\I\J4S9SF5rQSGrRSHrSSIrTSJrUSKrVSLrWSMrXSNrYSOrZSPr[SQr\SRr]SSr^STr_SUr`SVraSWrbSXrcSYrdSZreS[rfS\rgS]rhS^riS_rjS`rkSarlSbrmScrnSdroSerpSfrqSgrrShrsSirtSjru\%RL"S?SkS9Sl5rvSmrwSnrxg)pTestCredentialsfilejsonrtypesubject_token_field_namer7formatzhttp://fakeurl.comurlr>r= certificateuse_default_certificate_configtruecertificate_config_locationzpath/to/configrAtrust_chain_path ACCESS_TOKEN-urn:ietf:params:oauth:token-type:access_tokenBearer )rissued_token_type token_type expires_inscopec[R"[RSS9nXl[ U[ 5(a,[R"U5RS5Ul U$X#l U$)NT)instancer) mockcreate_autospecr Responsestatus isinstancedictr8dumpsencoder)clsrTrresponses r%make_mock_response"TestCredentials.make_mock_responsesZ'' (:(:TJ  dD ! ! JJt,33GmethodGETheadersbody)get)rYrequest_kwargsrmr>s r% assert_credential_request_kwargs0TestCredentials.assert_credential_request_kwargs sVe$+++h'5000i(G333!!&$/777r(cPUSU:XdeUSS:XdeUSU:XdeUSce[RRUS5n[U5[UR 55:XdeUH-upgUR S5X6R S5:XaM-e gNr>rkPOSTrmrnr)urllibparse parse_qslrakeysdecode)rYrprm request_data token_url body_tupleskvs r%assert_token_request_kwargs+TestCredentials.assert_token_request_kwargsse$ 111h'6111i(G333f%111ll,,^F-CD ;3|'8'8':#;;;;!FQ88G$ XXg5F(GG GG"r(cUSU:XdeUSS:XdeUSU:XdeUSce[R"USRS55nXS:Xdegrt)r8loadsrz)rYrprmr{!service_account_impersonation_url body_jsons r%#assert_impersonation_request_kwargs3TestCredentials.assert_impersonation_request_kwargs"sye$(IIIIh'6111i(G333f%111JJ~f5< programmaticx-goog-api-clientz#https://www.googleapis.com/auth/iamrJz/urn:ietf:params:oauth:grant-type:token-exchangerG) grant_typeaudiencerequested_token_typerNr"subject_token_type userProjectoptionsz9gl-python/3.7 auth/1.1 auth-request-type/at cred-type/impr) microsecondrI)secondsTZSA_ACCESS_TOKEN) accessToken expireTimezapplication/jsonz Bearer {}r0x0)r authorizationrzx-allowed-locationsN3600s) delegatesrNlifetimez:google.auth.metrics.token_request_access_token_impersonate return_valuer^r)$SUCCESS_RESPONSEcopy"_service_account_impersonation_url_credential_source_credential_source_filerbyoid_metrics_headerjoinrvrwquoter8rWrutcnowreplacedatetime timedelta isoformatr=r` http_clientOKrarhrQpatchrefreshcall_args_listrqrrtokenquota_project_idscopesdefault_scopes)rY credentialsrr"rr|rbasic_auth_encodingr used_scopescredential_datarrworkforce_pool_user_projecttoken_response token_headersmetrics_options token_scopestoken_request_datametrics_header_value expire_timeimpersonation_responseimpersonation_headersimpersonation_request_datarequeststoken_request_indeximpersonation_request_indexreqelr+s r%%assert_underlying_credentials_refresh5TestCredentials.assert_underlying_credentials_refresh1s.--224')LM -58K-KM/ *  9 928O. /29O. /-4)*  ) )22,2),1)(6OH %-4-I-I . )* -@L88K$526LL $S!*"4   ',2LL,>,> M+FGH- y ) H  -!))a)8$$T23ins#K 1)& " !3!,!3!3N>4R!S%9', % !"$#* &  OO[^^_= >!(m89 ,*-h- ' OO[^^-CD E'')O3R"3")OP ZZ H-     (  7))*c(m;;;   0 01G1G1J11Mt T ''  " "#6 7 :      -  3 3&&'BCAF%*1   $$(>}(MM MM$$~(FF FF++/????!!V+++))^;;;A*P  sM! M'' M6cB[R"UUUUU U U UUUUU U S9 $)N) rrr|token_info_urlrcredential_sourcesubject_token_supplier client_id client_secretrrrr)r Credentials)rYrrr|rrrrrrrrrrs r%make_credentials TestCredentials.make_credentialss>"((1).O/#9'-)(C  r(r&rc[RR[[[ [ [SS0[[[URS. 5n[U[R5(deUR[[[ [ [SS0[[URS[S[S9 g)Ntoken_lifetime_seconds rrr|rrservice_account_impersonationrrrr rrr|rr%service_account_impersonation_optionsrrrrrruniverse_domain)rr from_infoAUDIENCESUBJECT_TOKEN_TYPE TOKEN_URLTOKEN_INFO_URL!SERVICE_ACCOUNT_IMPERSONATION_URL CLIENT_ID CLIENT_SECRETr CREDENTIAL_SOURCE_TEXTrUassert_called_once_withr r! mock_initrs r%test_from_info_full_options+TestCredentials.test_from_info_full_optionss#//99$&8&"05V2JD1Q&!.$4%)%@%@   +}'@'@AAAA))1).O3KT2R'"99#'-(,3 * r(c$[RR[[[ UR S.5n[U[R5(deUR[[[ SS0SSUR SSS[S9 g)Nrrr|rr) rrrrrrrrUrr rs r%$test_from_info_required_options_only4TestCredentials.test_from_info_required_options_onlys#//99$&8&%)%@%@   +}'@'@AAAA))1.224"99#'!(,3 * r(c[5n[RR[[ [ US.5n[U[R5(deUR[[ [ SS0SSSUSS[S9 g)N)rrr|rr) rrrrrrrrUrr )r!rsupplierrs r%test_from_info_supplier'TestCredentials.test_from_info_suppliers+-#//99$&8&*2   +}'@'@AAAA))1.224"#+!(,3 * r(c6[RR[[[ UR [S.5n[U[R5(deUR[[[ SS0SSUR SS[[S9 g)Nrrr|rrr) rrrWORKFORCE_AUDIENCEWORKFORCE_SUBJECT_TOKEN_TYPErrWORKFORCE_POOL_USER_PROJECTrUrr rs r%test_from_info_workforce_pool-TestCredentials.test_from_info_workforce_pool9s#//99.&B&%)%@%@/J   +}'@'@AAAA))';.224"99#'!(C3 * r(c [[[[[SS0[ [ [URS. nURS5nUR[R"U55 [RR[!U55n[#U[R5(deUR%[[[[[SS0[ [ URS[S[&S9 g)Nrrr config.jsonr)rrrrrrrr rrwriter8rWrr from_filestrrUrr r!rtmpdirinfo config_filers r%test_from_file_full_options+TestCredentials.test_from_file_full_optionsWs!"4",1R.F-M"* 0!%!"!%!test_constructor_nonworkforce_with_workforce_pool_user_projectNTestCredentials.test_constructor_nonworkforce_with_workforce_pool_user_projectsY ]]: &'  ! !!,G " ' }}     ' &s A A#cSS0n[R"[5nURUS9 SSS5 WR S5(deg!,(df  N'=f)N unsupportedvaluerzMissing credential_sourcerrrrrr!rrs r% test_constructor_invalid_options0TestCredentials.test_constructor_invalid_optionssS*G4 ]]: &'  ! !4E ! F'}}9::::' &s A AcUR[S.n[R"[5nUR US9 SSS5 WR S5(deg!,(df  N'=f)N)r>r7rAmbiguous credential_source)CREDENTIAL_URLSUBJECT_TOKEN_TEXT_FILErrrrrrs r%-test_constructor_invalid_options_url_and_file=TestCredentials.test_constructor_invalid_options_url_and_files^&&+  ]]: &'  ! !4E ! F'}};<<<<' & A A-cURSSS00S.n[R"[5nUR US9 SSS5 WR S5(deg!,(df  N'=f)Nr@rAT)r>r@rr r!rrrrrrs r%4test_constructor_invalid_options_url_and_certificateDTestCredentials.test_constructor_invalid_options_url_and_certificatesi&&),Ld+ST  ]]: &'  ! !4E ! F'}};<<<<' &r%c[SSS00S.n[R"[5nUR US9 SSS5 WR S5(deg!,(df  N'=f)Nr@use_default_certificateT)r7r@rr )r"rrrrrrs r%5test_constructor_invalid_options_file_and_certificateETestCredentials.test_constructor_invalid_options_file_and_certificatesc+),Et+LM  ]]: &'  ! !4E ! F'}};<<<<' &s A A'c[URSSS00S.n[R"[5nUR US9 SSS5 WR S5(deg!,(df  N'=f)Nr@r+T)r7r>r@rr )r"r!rrrrrrs r%9test_constructor_invalid_options_url_file_and_certificateITestCredentials.test_constructor_invalid_options_url_file_and_certificatesl+&&),Et+LM  ]]: &'  ! !4E ! F'}};<<<<' &s A$$ A2cURSS.n[R"[5nUR US9 SSS5 WR S5(deg!,(df  N'=f)Naws1)r>environment_idrz>Invalid Identity Pool credential_source field 'environment_id'r'rs r%/test_constructor_invalid_options_environment_id?TestCredentials.test_constructor_invalid_options_environment_idsa$($7$76R ]]: &'  ! !4E ! F'}} M    ' &s A A)c[R"[5nURSS9 SSS5 WR S5(deg!,(df  N'=f)Nznon-dictrz?Invalid credential_source. The credential_source is not a dict.rrs r%*test_constructor_invalid_credential_source:TestCredentials.test_constructor_invalid_credential_sourcesO ]]: &'  ! !J ! ?'}} N    ' &s A  Ac[R"[5nUR5 SSS5 WR S5(deg!,(df  N'=f)NzGA valid credential source or a subject token supplier must be provided.rrs r%9test_constructor_invalid_no_credential_source_or_supplierITestCredentials.test_constructor_invalid_no_credential_source_or_supplier sJ ]]: &'  ! ! #'}} V    ' &s A  Ac[5n[R"[5nUR UR US9 SSS5 WR S5(deg!,(df  N'=f)N)rrz[Identity pool credential cannot have both a credential source and a subject token supplier.)rrrrrrr)r!rrs r%sY*-Mu,UV ]]: &'  ! !4E ! F'}}ABBBB' &s A A c UR[[URR 5[ S9nUR S[[[[UR[ [S.:Xdeg)N)rrrrr)r:rrr|rrrr) rrrCREDENTIAL_SOURCE_TEXT_URLrrrrrr r!rs r%*test_info_with_workforce_pool_user_project:TestCredentials.test_info_with_workforce_pool_user_projectFso++';"==BBD(C , &*">",!%!@!@+F6 $   r(c URURR5S9nURS[[ [ [UR[S.:XdegNrr)r:rrr|rrr) rrQrrrrrrr rRs r%%test_info_with_file_credential_source5TestCredentials.test_info_with_file_credential_sourceYc++"==BBD, & "4",!%!@!@6$    r(c URURR5S9nURS[[ [ [UR[S.:XdegrV) rCREDENTIAL_SOURCE_JSON_URLrrrrrrr rRs r%$test_info_with_url_credential_source4TestCredentials.test_info_with_url_credential_sourcehrYr(c URURR5S9nURS[[ [ [UR[S.:XdegrV) rCREDENTIAL_SOURCE_CERTIFICATErrrrrrr rRs r%,test_info_with_certificate_credential_source!%!@!@/ $    r(cNURS5nURS5 S[U50nURUS9n[R "[ R5nURS5 SSS5 WRS5(deg!,(df  N'=f)Nz empty.txtr7rz3Missing subject_token in the credential_source file) rrrrrrr RefreshErrorretrieve_subject_tokenr)r!r empty_filerrrs r%1test_retrieve_subject_token_missing_subject_tokenATestCredentials.test_retrieve_subject_token_missing_subject_tokens[[- #S_5++>O+P ]]:22 3w  . .t 44}}STTTT4 3s #B B$cpURURS9nURS5nU[:XdegNr)rrrpTEXT_FILE_SUBJECT_TOKENr!rr"s r%%test_retrieve_subject_token_text_file5TestCredentials.test_retrieve_subject_token_text_fileA++"99, $::4@  7777r(cpURURS9nURS5nU[:Xdegru)rCREDENTIAL_SOURCE_JSONrpJSON_FILE_SUBJECT_TOKENrws r%%test_retrieve_subject_token_json_file5TestCredentials.test_retrieve_subject_token_json_filerzr(zCgoogle.auth.transport._mtls_helper._get_workload_cert_and_key_pathscURURS9nURS5nU[R"[ /5:Xdegru)rr_rpr8rWCERT_FILE_CONTENTr!$mock_get_workload_cert_and_key_pathsrr"s r%/test_retrieve_subject_token_certificate_default?TestCredentials.test_retrieve_subject_token_certificate_defaultsO++"@@, $::4@  ,=+> ????r(cURURS9nURS5nU[R"[ /5:Xdegru)rrcrpr8rWrrs r%8test_retrieve_subject_token_certificate_non_default_pathHTestCredentials.test_retrieve_subject_token_certificate_non_default_pathsO++"LL, $::4@  ,=+> ????r(cURURS9nURS5nU[R"[ [ /5:Xdegru)r3CREDENTIAL_SOURCE_CERTIFICATE_TRUST_CHAIN_WITH_LEAFrpr8rWrOTHER_CERT_FILE_CONTENTrs r%=test_retrieve_subject_token_certificate_trust_chain_with_leafMTestCredentials.test_retrieve_subject_token_certificate_trust_chain_with_leafsR++"VV, $::4@  ,=?V+W XXXXr(cURURS9nURS5nU[R"[ [ /5:Xdegru)r6CREDENTIAL_SOURCE_CERTIFICATE_TRUST_CHAIN_WITHOUT_LEAFrpr8rWrrrs r%@test_retrieve_subject_token_certificate_trust_chain_without_leafPTestCredentials.test_retrieve_subject_token_certificate_trust_chain_without_leafsR++"YY, $::4@  ,=?V+W XXXXr(cURURS9n[R"[R 5nUR S5 SSS5 WRS5(deg!,(df  N'=f)Nrz?The leaf certificate must be at the top of the trust chain file)r5CREDENTIAL_SOURCE_CERTIFICATE_TRUST_CHAIN_WRONG_ORDERrrrrorprr!rrrs r%Atest_retrieve_subject_token_certificate_trust_chain_invalid_orderQTestCredentials.test_retrieve_subject_token_certificate_trust_chain_invalid_orderst++"XX, ]]:22 3w  . .t 44}} M    4 3s A11 A?cURSSSS.0S9n[R"[R5nUR S5 SSS5 WR S5(deg!,(df  N'=f)Nr@rBzfake.pemrDrz*Trust chain file 'fake.pem' was not found.rrrrrorprrs r%Gtest_retrieve_subject_token_certificate_trust_chain_file_does_not_existWTestCredentials.test_retrieve_subject_token_certificate_trust_chain_file_does_not_exist!sv++6<(2 , ]]:22 3w  . .t 44}}IJJJJ4 3s A,, A:cURSS[S.0S9n[R"[R 5nUR S5 SSS5 WRS5(deg!,(df  N'=f)Nr@rBrDrz8Error loading PEM certificates from the trust chain file)rr"rrrrorprrs r%@test_retrieve_subject_token_certificate_invalid_trust_chain_filePTestCredentials.test_retrieve_subject_token_certificate_invalid_trust_chain_file7sv++6<(? , ]]:22 3w  . .t 44}}WXXXX4 3s A00 A>c0[SSS.S.nURUS9n[R"[R 5nUR S5 SSS5 WRSR[S55(deg!,(df  N;=fNr8 not_foundr9r<r@Unable to parse subject_token from JSON file '{}' using key '{}') SUBJECT_TOKEN_JSON_FILErrrrrorprr=r!rrrs r%8test_retrieve_subject_token_json_file_invalid_field_nameHTestCredentials.test_retrieve_subject_token_json_file_invalid_field_nameMs+%;O ++>O+P ]]:22 3w  . .t 44}} N U U'     4 3 B BcURS5nURS5 [U5SSS.S.nURUS9n[R "[ R5nURS5 SSS5 WRSR[U5S55(deg!,(df  N@=f) Nz invalid.json{r8rr9r<rr) rrrrrrrrorprr=)r!rinvalid_json_filerrrs r%(test_retrieve_subject_token_invalid_json8TestCredentials.test_retrieve_subject_token_invalid_json]s"KK7$)*%>R ++>O+P ]]:22 3w  . .t 44}} N U U%&     4 3s 'B33 CcSS0nURUS9n[R"[R5nUR S5 SSS5 WR S5(deg!,(df  N'=f)Nr7z./not_found.txtrz$File './not_found.txt' was not foundrrs r%*test_retrieve_subject_token_file_not_found:TestCredentials.test_retrieve_subject_token_file_not_foundpsj#%67++>O+P ]]:22 3w  . .t 44}}DEEEE4 3s A++ A9cbURURS9nUR[:Xdegru)rr|rrrRs r%test_token_info_url#TestCredentials.test_token_info_urlys6++"99, ))^;;;r(c[HCnURURR5US-S9nURUS-:XaMCe g)Nz /introspectrr)VALID_TOKEN_URLSrr|rrr!r>rs r%test_token_info_url_custom*TestCredentials.test_token_info_url_customsV#C//"&"="="B"B"D #m 30K --}1DD DD $r(czURURR5SS9nUR(aeg)Nr)rr|rrrRs r%test_token_info_url_negative,TestCredentials.test_token_info_url_negatives@++"99>>@QU, -----r(c[HCnURURR5US-S9nURUS-:XaMCe g)Nz/token)rr|)rrr|r _token_urlrs r%test_token_url_custom%TestCredentials.test_token_url_customsT#C//"&"="="B"B"D>0K ))cHn= == $r(c[HKnURURR5U[-S9nUR U[-:XaMKe g)N)rr)(VALID_SERVICE_ACCOUNT_IMPERSONATION_URLSrr|r'SERVICE_ACCOUNT_IMPERSONATION_URL_ROUTErrs r%-test_service_account_impersonation_url_custom=TestCredentials.test_service_account_impersonation_url_customs_;C//"&"="="B"B"DAA0KAA== TestCredentials.test_refresh_with_retrieve_subject_token_errors+%;O ++>O+P ]]:22 3w    %4}} N U U'     4 3rcURURS9nUR[S9nUR U5nU[:XdeUR UR SSS5 gNrrerr^)rrQrhrvrprqrr!rr+r"s r%$test_retrieve_subject_token_from_url4TestCredentials.test_retrieve_subject_token_from_urlsu++"==, ((4K(L#::7C  7777 --g.D.DQ.G.JDQr(cURURSS0S.S9nUR[S9nUR U5nU[:XdeUR UR SSSS05 g)Nfoobar)r>rmrrrr^)rr!rhrvrprqrrs r%1test_retrieve_subject_token_from_url_with_headersATestCredentials.test_retrieve_subject_token_from_url_with_headerss++&*&9&9uenU, ((4K(L#::7C  7777 --  " "1 %a (5%. r(cURURS9nUR[S9nUR U5nU[ :XdeUR URSSS5 gr)rr[rhJSON_FILE_CONTENTrpr}rqrrs r%)test_retrieve_subject_token_from_url_json9TestCredentials.test_retrieve_subject_token_from_url_jsonsu++"==, ((4E(F#::7C  7777 --g.D.DQ.G.JDQr(cURURSSS.SS0S.S9nUR[S9nUR U5nU[ :XdeUR URS S SS05 g) Nr8rr9rr)r>r=rmrrrr^)rr!rhrrpr}rqrrs r%6test_retrieve_subject_token_from_url_json_with_headersFTestCredentials.test_retrieve_subject_token_from_url_json_with_headerss++**#)~V!5>, ((4E(F#::7C  7777 --  " "1 %a (5%. r(c(URURS9n[R"[R 5nUR URS[S95 SSS5 WRS5(deg!,(df  N'=f)Nri)rdrez.Unable to retrieve Identity Pool subject token) rrQrrrrorprhrrr!rrs r%.test_retrieve_subject_token_from_url_not_found>TestCredentials.test_retrieve_subject_token_from_url_not_founds~++"==, ]]:22 3w  . .&&CDU&V 4 }}MNNNN 4 3s $B BcjURSSS.S.nURUS9n[R"[R 5nUR UR[S95 SSS5 WRSRURS55(deg!,(df  NA=fNr8rr9r?rrr) r!rrrrrorprhrrr=rs r%7test_retrieve_subject_token_from_url_json_invalid_fieldGTestCredentials.test_retrieve_subject_token_from_url_json_invalid_fields&&%;O ++>O+P ]]:22 3w  . .&&2C&D 4 }} N U U##[     4 3 #B$$ B2cRURURS9n[R"[R 5nUR URSS95 SSS5 WRSRURS55(deg!,(df  NA=f)Nrrrrr) rr[rrrrorprhrr=r!rs r%8test_retrieve_subject_token_from_url_json_invalid_formatHTestCredentials.test_retrieve_subject_token_from_url_json_invalid_formats++"==, ]]:22 3w  . .t/E/EQT/E/U V4}} N U U##^     4 3s B B&cUR[[UR[S9nUR U[ [[[S[S[[S[S9 gNr rrr"rr|rrrrrrr) rrrrQrrrrvrrrrRs r%8test_refresh_text_file_success_without_impersonation_urlHTestCredentials.test_refresh_text_file_success_without_impersonation_urlsb++'"== ,  22#11.2 3!3 3 r(cURUR[[S9nUR U[ [ [[[SS[[S[ S9 gNrr) rrQrrrrrvrrrRs r%5test_refresh_text_file_success_with_impersonation_urlETestCredentials.test_refresh_text_file_success_with_impersonation_url+s_++"==.O ,  22#11.O $!3 3 r(cUR[[UR[S9nUR U[ [[[S[S[[S[S9 gr) rrrr[rrrr}rrrrrRs r%8test_refresh_json_file_success_without_impersonation_urlHTestCredentials.test_refresh_json_file_success_without_impersonation_urlCsb++'"== ,  22#11.2 3!- 3 r(cURUR[[S9nUR U[ [ [[[SS[[S[S9 gr) rr[rrrrr}rrrrRs r%5test_refresh_json_file_success_with_impersonation_urlETestCredentials.test_refresh_json_file_success_with_impersonation_url[s_++"==.O ,  22#11.O $!- 3 r(cjURSSS.S.nURUS9n[R"[R 5nUR UR[S95 SSS5 WRSRURS55(deg!,(df  NA=fr) r!rrrrrorrhrrr=rs r%2test_refresh_with_retrieve_subject_token_error_urlBTestCredentials.test_refresh_with_retrieve_subject_token_error_urlss&&%;O ++>O+P ]]:22 3w    6 6BS 6 T U4}} N U U##[     4 3r cv[[S9nURUS9nURS5nU[:Xdeg)Nr"r)rr}rrp)r!rrr"s r%$test_retrieve_subject_token_supplier4TestCredentials.test_retrieve_subject_token_suppliers?+:QR++8+L #::4@  7777r(c[[[R"[[ 5S9nUR US9nURS5 g)N)r"r$r#)rr}rSupplierContextrrrrpr!rrs r%4test_retrieve_subject_token_supplier_correct_contextDTestCredentials.test_retrieve_subject_token_supplier_correct_contextsE+1-=="H ++8+L **40r(cP[R"S5n[US9nURUS9n[R "[R5nUR UR[S95 SSS5 WRS5(deg!,(df  N'=f)Nz test error)r#r#r) rrorrrrrrhrr)r!expected_exceptionrrrs r%*test_retrieve_subject_token_supplier_error:TestCredentials.test_retrieve_subject_token_supplier_errors'44\B+DVW++8+L ]]:22 3w    6 6BS 6 T U4}}\****4 3s #B B%c[[S9nURU[[S9nUR U[ [[[[SS[[SS9 g)Nr")rrrr) rr}rrrrrrvrrr(s r%4test_refresh_success_supplier_with_impersonation_urlDTestCredentials.test_refresh_success_supplier_with_impersonation_urlsa+:QR++#+.O, 22#11.O $! 3 r(c [[S9nURU[S9nUR U[ [ [[SS[[SS9 g)Nr")rr) rrr"rr|rrrrr) rr}rrrrrvrrr(s r%7test_refresh_success_supplier_without_impersonation_urlGTestCredentials.test_refresh_success_supplier_without_impersonation_urlsZ+:QR++#+F,  22#11 $! 3 r()certkeycURURR5S9nUR5up4US:XdeUS:Xdeg)Nrr5r6)rr_r_get_mtls_cert_and_key_paths)r!rrr5r6s r%test_get_mtls_certs#TestCredentials.test_get_mtls_certssU ++"@@EEG,  <<> v~~e||r(cURURR5S9n[R"[ R 5nUR5 SSS5 WRS5(deg!,(df  N'=f)NrzThe credential is not configured to use mtls requests. The credential should include a "certificate" section in the credential source.) rrrrrrror8rrs r%test_get_mtls_certs_invalid+TestCredentials.test_get_mtls_certs_invalids|++"99>>@, ]]:22 3w  4 4 64}} U    4 3s A>> B r3)NNNNNNNN)yr.r/r0r1r"rrr|r!rQr[r_rcTRUST_CHAIN_WITH_LEAF_FILErTRUST_CHAIN_WITHOUT_LEAF_FILErTRUST_CHAIN_WRONG_ORDER_FILErrrr classmethodr[rrrhrqrrrrrrrrrrQrobjectrrrrrrrr r rrr#r(r,r/r4r7r:r=rBrFrKrNrSrWr\r`rdrhrkrrrxr~ CERT_FILEKEY_FILErrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r rrrrrr$r)r-r0r3r9r<r2r3r(r%r5r5s$&=>'!~N*N"'!8!~N" 8&A%! 57GH1- .4 : ;7 .4 = >: .4 < =9'L&! %..T(*888>G H H +L ) )+/ $(E<E  6 6 6 6 8 2 2 4 . . R  R O $   0 0 0 0 8 1 + . ( ZZM$   r(r5)Mbase64r http.clientclientrr8osrvrQOpenSSLrr google.authrrrrrr google.auth.credentialsr rrrSERVICE_ACCOUNT_EMAIL&SERVICE_ACCOUNT_IMPERSONATION_URL_BASEr=rrr rpathrdirname__file__DATA_DIRr"rr>r?r@rCrDOTHER_CERT_FILESUBJECT_TOKEN_FIELD_NAMEopenfhreadrvloadrror}f b64encodedump_certificate FILETYPE_ASN1load_certificate FILETYPE_PEMrzrrrrrrrrrrINVALID_TOKEN_URLSr*INVALID_SERVICE_ACCOUNT_IMPERSONATION_URLSSubjectTokenSupplierrrBr5r3r(r%ras!  2"%!;   0K4'+b*h*h+'+-TT"& H  77<<16 :'',,x1MN'',,x1NOWW\\(4OP " X7U V!ww||H6ST GGLL#4 5 77<<"2 3'',,x)9:) !"b ggi# !"b " /334LM# )Ta((  &"9"9&:M:Mqvvx"X  fWo  /4 A$..  &"9"9&:M:Mqvvx"X  fWo ! 2 ;; vX KB < ,(.*@ #}AA # d fd G#"#"! s2L5$L *A&L2!A&M L L/2 M M