dZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl mZddl m Z ddl mZdd l mZdd l mZdd lmZdd lmZGd de j*Zy)z7Sign a user input file using an asymmetric-signing key.)absolute_import)division)unicode_literals) exceptions)base)crc32c) e2e_integrity)flags) get_digest)log)filescReZdZdZedZdZdZdZdZ dZ dZ d d Z d Z y ) AsymmetricSignaSign a user input file using an asymmetric-signing key version. Creates a digital signature of the input file using the provided asymmetric-signing key version and saves the base64 encoded signature. The required flag `signature-file` indicates the path to store signature. By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use `--skip-integrity-verification` to disable integrity verification. ## EXAMPLES The following command will read the file '/tmp/my/file.to.sign', digest it with the digest algorithm 'sha256' and sign it using the asymmetric CryptoKey `dont-panic` Version 3, and save the signature in base64 format to '/tmp/my/signature'. $ {command} \ --location=us-central1 \ --keyring=hitchhiker \ --key=dont-panic \ --version=3 \ --digest-algorithm=sha256 \ --input-file=/tmp/my/file.to.sign \ --signature-file=/tmp/my/signature c tj|dtj|dtj|dtj|dtj |dtj |y)Nzto use for signing.zto use for signingz"The algorithm to digest the input.zto signz to output)r AddKeyResourceFlagsAddCryptoKeyVersionFlagAddDigestAlgorithmFlagAddInputFileFlagAddSignatureFileFlagAddSkipIntegrityVerification)parsers "lib/surface/kms/asymmetric_sign.pyArgszAsymmetricSign.Args>sc f&;< !!&*>?   )MN 69- v{3 &&v.c|j SN)skip_integrity_verificationselfargss r_PerformIntegrityVerificationz,AsymmetricSign._PerformIntegrityVerificationGs// //rc|jduSr)digest_algorithmrs r _SignOnDigestzAsymmetricSign._SignOnDigestJs   ,,rctj|}t||kDr%tjdj |||S)Nzr?)rr r,r@rArB data_crc32cs r"_CreateAsymmetricSignRequestOnDataz1AsymmetricSign._CreateAsymmetricSignRequestOnDatajs&M  ! !$//U ! Cd ..0H  d d  , ,T 2 ? ? A e CC ))$/MM$'k"*"@"@ #A#-c J#+"@"@d"@"Kc J ;;M  ' ' 0 7 7 K MMMsB??D/DDch|j|r|j|S|j|Sr)r$rDrIrs r_CreateAsymmetricSignRequestz+AsymmetricSign._CreateAsymmetricSignRequests2 $  6 6t <<  4 4T ::rc"|j|jk7r=tjtj|j|j|r3|jsZtj tj |js'tj tj tj|j|js'tj tjy)z4Verifies integrity fields in AsymmetricSignResponse.N) r1r ResourceNameVerificationError#GetResourceNameMismatchErrorMessageverifiedDigestCrc32c$ClientSideIntegrityVerificationError'GetRequestToServerCorruptedErrorMessageverifiedDataCrc32cr Crc32cMatches signaturesignatureCrc32c*GetResponseFromServerCorruptedErrorMessage)rrBresp use_digests r_VerifyResponseIntegrityFieldsz-AsymmetricSign._VerifyResponseIntegrityFieldss xx499  7 7  ; ;hh  # $$  & &@@  A A CE E $ $@@  A A CE E   0D0D E  > >  B B D FF Frctj}|j|} |jj |}|j|r#|j||j| tj|jjdddy#t j $r}tj|Yd}~d}~wwxYw#t j"$r}t%j&|d}~wwxYw)N)rXT) overwritebinaryprivate)r7GetClientInstancerK8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsrapitools_exceptionsHttpBadRequestErrorr ProcessHttpBadRequestErrorr!rYr$r WriteToFileOrStdoutsignature_filerTr rGrr()rr clientrBrWerrorr@s rRunzAsymmetricSign.Runs  , , .F  + +D 1C6  I I >#   ))$/ )) t 2 24 8*:+     ..   2 26..u556 ;;+  ' ' **+s/B&7.C&C9CCD.DDN)T)__name__ __module__ __qualname____doc__ staticmethodrr!r$r-rDrIrKrYrgrrrr!sE8//0-*%N; F2+rrN)rk __future__rrrapitools.base.pyrr`googlecloudsdk.api_lib.cloudkmsrr7googlecloudsdk.calliopegooglecloudsdk.command_lib.kmsrr r r googlecloudsdk.corer googlecloudsdk.core.utilr CommandrrmrrrvsC>&'>A(.1805#*g+T\\g+r