~)dZddlmZddlmZddlmZddlZddlZddlmZ ddl mZddl m Z ddl m Z dd l mZdd lmZdd lmZGd d ej&Zy)z=Import a provided key from file into KMS using an Import Job.)absolute_import)division)unicode_literalsN)base) exceptions)flags)maps)log)filescJeZdZdZedZdZdZdZdZ dZ dZ d Z y ) ImportaImport a version into an existing crypto key. Imports wrapped key material into a new version within an existing crypto key following the import procedure documented at https://cloud.google.com/kms/docs/importing-a-key. ## EXAMPLES The following command will read the files 'path/to/ephemeral/key' and 'path/to/target/key' and use them to create a new version with algorithm 'google-symmetric-encryption' within the 'frodo' crypto key, 'fellowship' keyring, and 'us-central1' location using import job 'strider' to unwrap the provided key material. $ {command} --location=global \ --keyring=fellowship \ --key=frodo \ --import-job=strider \ --wrapped-key-file=path/to/target/key \ --algorithm=google-symmetric-encryption c^tj|dtj|dtj|dtj|dtj |tj |dtj|tj|y)Nz"The containing key to import into.z8to re-import into. Omit this field for first-time importz to importzto import from) rAddKeyResourceFlagsAddCryptoKeyVersionFlagAddRsaAesWrappedKeyFileFlagAddWrappedKeyFileFlagAddImportedVersionAlgorithmFlagAddRequiredImportJobArgumentAddPublicKeyFileFlagAddTargetKeyFileFlag)parsers 'lib/surface/kms/keys/versions/import.pyArgsz Import.Args8s f&JK !!JL %%fk:  4 ))&1 &&v/?@ v& v&ctj|}t||kDr$tjdj ||S)Nz6The file is larger than the maximum size of {0} bytes.)r ReadBinaryFileContentslenrBadFileExceptionformat)selfpath max_bytesdatas r _ReadFilezImport._ReadFileDsI  ' ' -D 4y9  ' ' B I I   Krc||jjj|jjj|jjj|jjj fvSN) ImportJobImportMethodValueValuesEnumRSA_OAEP_3072_SHA256RSA_OAEP_4096_SHA256RSA_OAEP_3072_SHA256_AES_256RSA_OAEP_4096_SHA256_AES_256r import_methodmessagess r_IsSha2ImportMethodzImport._IsSha2ImportMethodLsj 66KK66KK66 % %x'9'9 $ $%A%A C CCrc||jjj|jjj|jjj|jjj fvSr&)r'r(RSA_OAEP_3072_SHA1_AES_256RSA_OAEP_4096_SHA1_AES_256r+r,r-s r_IsRsaAesWrappingImportMethodz$Import._IsRsaAesWrappingImportMethodTsg X//KK88%//KK88%//KK::%//KK::< <>BBFF  G "#J8--BBIII  + + HOOz//1 22 rc ddlm}ddlm}ddlm}ddlm} ddlm}  j} |j||r| j!} |j#||s||j$j&j(k(rd } n@||j$j&j*k(rd } nt-d j/|| d | j0zz d z } t3|| kDr%t5j6d dj/| d}|}j9|}|j#||r-t;j<d}j?|||}|jA| jC| jE| | d}||zS#t$r8tjjdtjdYwxYw)Nr) serialization)default_backend)keywrap)padding)hasheszCannot load the Pyca cryptography library. Either the library is not installed, or site packages are not enabled for the Google Cloud SDK. Please consult https://cloud.google.com/kms/docs/crypto for further instructions.iizunexpected import method: {0}ztarget-key-filezFThe file is larger than the import method's maximum size of {0} bytes.r)backend )mgf algorithmlabel)#cryptography.hazmat.primitivesrKcryptography.hazmat.backendsrLrM)cryptography.hazmat.primitives.asymmetricrNrO ImportErrorr errPrintsysexitSHA1r0SHA256r4r'r(r)r* ValueErrorr digest_sizerrrload_pem_public_keyosurandomaes_key_wrap_with_paddingencryptOAEPMGF1)r r.public_key_bytestarget_key_bytesrGr/rKrLrMrNrOshamodulus_byte_lengthmax_target_key_sizeaes_wrapped_keyto_be_rsa_wrapped_key public_keyrsa_wrapped_keys r_CkmRsaAesKeyWrapzImport._CkmRsaAesKeyWrapps ?>8C7 ++-C  x8 MMOc  - -mX F     ; ; P P Q(     ; ; P P Q(8?? NOO/1s3FG!K  !4 4))  V/0  O,22/"335J ))-B jjn99 !1?3DFo (( c*c FHO _ ,,_  ggmm$%  hhqk sF%%=G&%G&ctj}tj}tj|j }d}|j r.|j }|jr"tjdd|j}t|t|jk(rtjddd}|r |j|d}|j#||||}|jrd} |j|jd} d} |j$r|j'|} n%|j(j*j-d } |j/|j0| | ||}|j3tj4|j } |j7t8j:j=|j>|| | _ |jBr2tjD|j | j@_#|jHjK| S#tj$r*}tjdj!||d}~wwxYw#tj$r4}tjd j!|j|d}~wwxYw) N)z--wrapped-key-filez--rsa-aes-wrapped-key-filezGEither wrapped-key-file or rsa-aes-wrapped-key-file should be provided.)z--target-key-filez---wrapped-key-file/--rsa-aes-wrapped-key-filezAEither a pre-wrapped key or a key to be wrapped must be provided.r6r7z*Failed to read wrapped key file [{0}]: {1}i z)Failed to read target key file [{0}]: {1}ascii)parent)rU importJob wrappedKey)& cloudkms_baseGetClientInstanceGetMessagesModulerParseImportJobName RelativeNamewrapped_key_filersa_aes_wrapped_key_filerOneOfArgumentsRequiredExceptionbooltarget_key_filer$r r9rrrIr8r< publicKeypemencoders importMethodICloudkmsProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportRequestParseCryptoKeyNameImportCryptoKeyVersionRequestr ALGORITHM_MAPPER_FOR_IMPORTGetEnumForChoicerUimportCryptoKeyVersionRequestversionParseCryptoKeyVersionNamecryptoKeyVersion8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsr ) r r:rGr/rFr~wrapped_key_bytesr;rHrkrjreqs rRunz Import.Runs  , , .F..0H..t4AACO .. & &88 @ UW W66 d&:&:!;;  6 6 P M OO& NN+;uNM %%dOVXNJ *>>$*>*>$>O  33D9%//33::7C001H1H1A1A619;  \ \''-::< ] >C(0(N(N22CC NN!$ )O)&C%  ||;@;Z;Z <  ''8  J J Q Q   S[[&)) 8 ? ? ! %& &&[[*)) 7 > >$$a )* **s0IJJ&%J  JK&/KKN) __name__ __module__ __qualname____doc__ staticmethodrr$r0r4r<rIrsrrrr r !sA, ' 'C<(<-|D rr )r __future__rrrrdr]googlecloudsdk.api_lib.cloudkmsrrygooglecloudsdk.calliopergooglecloudsdk.command_lib.kmsrr googlecloudsdk.corer googlecloudsdk.core.utilr Commandr rrrrsAD&' A(.0/#*Q T\\Q r