bdZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl mZddl m Z ddl mZdd l mZdd lmZdd lmZGd d e j(Zy)z5Verify a user signature file using a MAC signing key.)absolute_import)division)unicode_literals) exceptions)base)crc32c) e2e_integrity)flags)log) console_ioc>eZdZdZedZdZdZdZdZ dZ y) MacVerifyaVerify a user signature file using a MAC key version. Verifies a digital signature using the provided MAC signing key version. By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use --skip-integrity-verification to disable integrity verification. ## EXAMPLES The following command will read the file '/tmp/my/file.to.verify', and verify it using the symmetric MAC CryptoKey `dont-panic` Version 3 and the file used previously to generate the MAC tag ('/tmp/my/original.data.file'). $ {command} \ --location=us-central1 \ --keyring=hitchhiker \ --key=dont-panic \ --version=3 \ --input-file=/tmp/my/original.data.file \ --signature-file=/tmp/my/file.to.verify ctj|dtj|dtj|dtj|dtj |y)Nzto use for signing.zto use for signingzto use for verificationzto be verified)r AddKeyResourceFlagsAddCryptoKeyVersionFlagAddInputFileFlagAddSignatureFileFlagAddSkipIntegrityVerification)parsers lib/surface/kms/mac_verify.pyArgszMacVerify.Args8sT f&;< !!&*>? 6#<= v'78 &&v.ctj|d}t||kDr%tjdj |||S)NTbinaryz/D--D25 E2>/E--E2c|j|jk7r=tjtj|j|j|js'tj tj |js'tj tj |j|jk7r'tj tjy)z/Verifies integrity fields in MacVerifyResponse.N) r+r ResourceNameVerificationError#GetResourceNameMismatchErrorMessageverifiedDataCrc32c$ClientSideIntegrityVerificationError'GetRequestToServerCorruptedErrorMessageverifiedMacCrc32csuccessverifiedSuccessIntegrity*GetResponseFromServerCorruptedErrorMessage)r r<resps r_VerifyResponseIntegrityFieldsz(MacVerify._VerifyResponseIntegrityFieldsgs xx499  7 7  ; ;hh  # $$  " "  > >  ? ? A CC  ! !  > >  ? ? A CC ||t444  > >  B B D FF5rcztj}|j|} |jj |}|j|r|j|tjdjdy#t j $r}tj|Yd}~sd}~wwxYw)N-Fr)r2GetClientInstancer?8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsrapitools_exceptionsHttpBadRequestErrorr ProcessHttpBadRequestErrorr(rKr WriteToFileOrStdoutrG)r r'clientr<rJerrors rRunz MacVerify.Runs  , , .F  & &t ,C6  I I 9S>  ))$/ ))#t4    2 26..u556sBB:B55B:N) __name__ __module__ __qualname____doc__ staticmethodrr$r(r?rKrVrrrr s5.//08F0rrN)rZ __future__rrrapitools.base.pyrrPgooglecloudsdk.api_lib.cloudkmsrr2googlecloudsdk.calliopegooglecloudsdk.command_lib.kmsrr r googlecloudsdk.corer googlecloudsdk.core.consoler Commandrr\rrres@<&'>A(.180#2q qr