dZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl mZddl m Z ddl mZdd l mZdd lmZdd lmZdd lmZGd de j,Zy)zADecrypt an input file using an asymmetric-encryption key version.)absolute_import)division)unicode_literals) exceptions)base)crc32c) e2e_integrity)flags)log) console_io)filesc8eZdZdZedZdZdZdZdZ y)AsymmetricDecrypta*Decrypt an input file using an asymmetric-encryption key version. Decrypts the given ciphertext file using the provided asymmetric-encryption key version and saves the decrypted data to the plaintext file. By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use `--skip-integrity-verification` to disable integrity verification. ## EXAMPLES The following command will read the file '/tmp/my/secret.file.enc', decrypt it using the asymmetric CryptoKey `dont-panic` Version 3 and write the plaintext to '/tmp/my/secret.file.dec'. $ {command} \ --location=us-central1 \ --keyring=hitchhiker \ --key=dont-panic \ --version=3 \ --ciphertext-file=/tmp/my/secret.file.enc \ --plaintext-file=/tmp/my/secret.file.dec ctj|dtj|dtj|dtj|dtj |y)Nz!to use for asymmetric-decryption.z to use for asymmetric-decryptionz to decryptz to output)r AddKeyResourceFlagsAddCryptoKeyVersionFlagAddCiphertextFileFlagAddPlaintextFileFlagAddSkipIntegrityVerification)parsers %lib/surface/kms/asymmetric_decrypt.pyArgszAsymmetricDecrypt.Args:sR f&IJ !!&*LM  5 v{3 &&v.c|j S)N)skip_integrity_verification)selfargss r_PerformIntegrityVerificationz/AsymmetricDecrypt._PerformIntegrityVerificationBs// //rc tj|jd}tj}tj|}|j|j}|j|r/tj |}|j#|||_|S|j#||_|S#tj$r4}t j dj|j|d}~wwxYw)NT)binaryz)Failed to read ciphertext file [{0}]: {1})name) ciphertextciphertextCrc32c)r")r ReadFromFileOrStdinciphertext_filer ErrorrBadFileExceptionformat cloudkms_baseGetMessagesModuler ParseCryptoKeyVersionNameTCloudkmsProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptRequest RelativeNamerrCrc32cAsymmetricDecryptRequestasymmetricDecryptRequest)rrr"emessagescrypto_key_refreqciphertext_crc32cs r_CreateAsymmetricDecryptRequestz1AsymmetricDecrypt._CreateAsymmetricDecryptRequestEs(11   t-j..0H44T:N  g g  ( ( * h ,C ))$/ -- 3%-%F%F2C&G&Ec" J&.%F%F&G&!c" J% ;;(  ' ' 5 < <""A ' (((s!CD /DD c |js'tjtjt j |j |js'tjtjy)z&Verifies integrity fields in response.N) verifiedCiphertextCrc32cr $ClientSideIntegrityVerificationError'GetRequestToServerCorruptedErrorMessager Crc32cMatches plaintextplaintextCrc32c*GetResponseFromServerCorruptedErrorMessage)rr4resps r_VerifyResponseIntegrityFieldsz0AsymmetricDecrypt._VerifyResponseIntegrityFields]sq  ( (  > >  ? ? A CC   0D0D E  > >  B B D FF Frc|j|}tj} |jj |}|j|r|j| tj|jjxsddddy#t j $r}tj|Yd}~d}~wwxYw#tj $r}t#j$|d}~wwxYw)NT) overwriter private)r6r)GetClientInstance8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsrapitools_exceptionsHttpBadRequestErrorr ProcessHttpBadRequestErrorrr@r WriteToFileOrStdoutplaintext_filer<r r&rr')rrr4clientr?errorr1s rRunzAsymmetricDecrypt.Runjs  . .t 4C  , , .F6  I I  S !  ))$/ ))#t4+     .. B   2 26..u556 ;;+  ' ' **+s/B&2CC ,CC C;!C66C;N) __name__ __module__ __qualname____doc__ staticmethodrrr6r@rNrrrr!s00//00 F+rrN)rR __future__rrrapitools.base.pyrrGgooglecloudsdk.api_lib.cloudkmsrr)googlecloudsdk.calliopegooglecloudsdk.command_lib.kmsrr r googlecloudsdk.corer googlecloudsdk.core.consoler googlecloudsdk.core.utilr CommandrrTrrr^sDH&'>A(.180#2*`+ `+r