~i%ddlmZddlZddlZddlZddlmZd dZ d!d"dZd#dZ d!d$dZ d%dZ dZ d&dZ d%dZd'dZd(dZGddZdS))) annotationsN)Tuplecert_pemstrreturnTuple[str, str, float]cTddlm}ddlm}|||} |j|jj |j }|rt|dkrntjd|drStjd|dr8|ddd|ddd|jfSn#t"$rYnwxYwd d |jfS) Nrx509)default_backend ^ring\..*$ ^key\..*$) cryptographyr cryptography.hazmat.backendsr load_pem_x509_certificateencode extensionsget_extension_for_classSubjectAlternativeNamevalueget_values_for_typeDNSNamelenrematchnot_valid_after_utc timestamp Exception)rr r certdnss v/root/.openclaw/workspace/.venvs/ark-sdk/lib/python3.11/site-packages/volcenginesdkarkruntime/_utils/_key_agreement.py get_cert_infor&sB!!!!!!<<<<<<  ) )(//*;*;__=N=N O OD  o55  '  ##DL11   PC1 A//s1v..q6!"":s1vabbz4+C+M+M+O+OO O      r4+5577 77sB>C>> D  D keybytesiv plain_bytesassociated_datac0ddlm}m}m}|||||}||||| z}||j zS)NrCipher algorithmsmodes) &cryptography.hazmat.primitives.ciphersr/r0r1AESGCM encryptorauthenticate_additional_dataupdatefinalizetag) r(r*r+r,r/r0r1r5 ciphertexts r%aes_gcm_encrypt_bytesr;)sQPPPPPPPPPs " ikk **?;;;!!+..1C1C1E1EEJ  %%r'nonce plaintextc|}t|||}tj|S)zXaes_gcm_encrypt_base64_string Encrypt message from base64 string to string using AES-GCM)rr;base64 b64encodedecode)r(r<r=r+cs r%aes_gcm_encrypt_base64_stringrC<sA""$$Kc5+66A  A   % % ' ''r' cipher_bytescNddlm}m}m}d}|d| }|| d} |||||| } | || || zS)zGaes_gcm_decrypt_bytes Decrypt message from bytes to bytes using AES-GCMrr.N) r2r/r0r1r3r4 decryptorr6r7r8) r(r*rDr,r/r0r1 tag_lengthcipherr9rGs r%aes_gcm_decrypt_bytesrJDsQPPPPPPPPPJ ,J;, 'F  {|| $Cs "cikk **?;;;   F # #i&8&8&:&: ::r'r:ctj|}t|||S)N)r? decodebytesrrJrA)r(r<r:rDs r%aes_gcm_decrypt_base64_stringrM[s<%j&7&7&9&9::L e\ : : A A C CCr'zN(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})datac @t|dkrdStdt|dD]i} t|||d|dz}|dzt|kr|cS|t||||dzdzcS#t$rYfwxYwdS)z,decrypt_corner_case Decrypt corner case datarrN)rrangerMdecrypt_corner_caser")r(r<rNi decrypteds r%rSrSfs 4yy2~~r 2s4yy! $ $ 5UD1q5M++I1uD !!    23tAEFF|LLL L L L    D s3B-B BBc  tjt|}g}|D][} |t |||(#t $r'|t |||YXwxYwd|S)Nr)rfindallbase64_patternappendrMr"rSjoin)r(r<r: base64_arrayresultb64s r%aes_gcm_decrypt_base64_listr^us:nj99L F@@ @ MM7UCHH I I I I @ @ @ MM-c5#>> ? ? ? ? ? @ 776??s$A.A87A8boolc|}tj|}t|dz t|dz cxkot|dz dz kncS)Nrr )rr?rLr)r:rDcipher_b64_bytess r%decrypt_validatercs$$&&L),77 LA%5!6!6 "  ' ' ' '    "Q & ' ' ' 'r'ctdg|jddz|jddzS)Nr big)r)xto_bytesy)r(s r%marshal_cryptography_pub_keyrjs< !::r511 1CENN2u4M4M MMr'cVeZdZddZddZdd ZddZddZddZddZ d dZ d!dZ dS)"key_agreement_clientcertificate_pem_stringrrNonecd}ddlm}||kr#td||ddlm}ddlm}|}|||_ |j }|j |j j j|_||j|j|j |_|j j|_t/jdz|_|dS) z Load cert and extract public keyz42.0.0r) __version__zThe cryptography package of Ark SDK only supports versions after {}, please install the cryptography package by using pip install "cryptography>={}"r eci: N)rrpr"formatr )cryptography.hazmat.primitives.asymmetricrrrr_cert public_keypublic_numbers _CURVE_TYPEScurvename_curveEllipticCurvePublicNumbersrgri _public_keyr r!_not_valid_after_utctime _reload_timeinit_cert_ring_key_id)selfrm__fixed_version__rpr rrpem_datacert_pubs r%__init__zkey_agreement_client.__init__s[$,,,,,, * * *bbhbh%'8cc  &%%%%%@@@@@@)002233H== :((**99;;odj&;&;&=&=&C&HI 88 J DK  *,, %)J$B$L$L$N$N! IKK*;; ""$$$$$r'r=Tuple[bytes, bytes, str, str]c`|\}}}t|||}||||fS)z7encrypt_string encrypt plaintext with ECIES DH protocol)generate_ecies_key_pairrC)rr=r(r<tokenr:s r%encrypt_stringz#key_agreement_client.encrypt_strings: 88::UE23yII E5*,,r'r(r)r<c(t|||}|S)z@encrypt_string_with_key encrypt plaintext with ECIES DH protocol)rC)rr(r<r=r:s r%encrypt_string_with_keyz,key_agreement_client.encrypt_string_with_keys33yII r'r:c$t|||S)zAdecrypt_string_with_key decrypt ciphertext with ECIES DH protocol)rM)rr(r<r:s r%decrypt_string_with_keyz,key_agreement_client.decrypt_string_with_keys-S%DDDr'Tuple[bytes, bytes, str]cddlm}ddlm}ddlm}||j}|| |j }| }d}|| |dd|}|dd} |d|} t|} | | t!j| fS) z/generate_ecies_key_pair generate ECIES key pairr)hashes)HKDFrq,N) algorithmlengthsaltinfore)cryptography.hazmat.primitivesr'cryptography.hazmat.primitives.kdf.hkdfrrtrrgenerate_private_keyr{exchangeECDHr}rvrwSHA256deriverjr?r@rA) rrrrrpeer_private_keydhRrbufr(r<rs r%rz,key_agreement_client.generate_ecies_key_pairs999999@@@@@@@@@@@@224;??  & &rwwyy$2B C C  ' ' ) ) 8 8 : :dmmoo    &** #2#hBvI,Q//E6+E2299;;;;r'r_c:tj|jkS)z)need_reload check if the cert need reload)rrrs r% need_reloadz key_agreement_client.need_reloadsy{{T...r'c ddlm}|jj|jj|j}|rut|dkrbtj d|drGtj d|dr,|ddd|_ |ddd|_ dSd |_ d |_ dS#t$rYdSwxYw) z7init_cert_ring_key_id init ring id and key id from certrr r rrrNrr)rr rurrrrrrrrr_ring_id_key_idr")rr r$s r%rz*key_agreement_client.init_cert_ring_key_ids  ) ) ) ) ) )*'??+'' 55  "HHqLLH]CF33!H\3q622!!$Aqrr  "1vabbz " !     DD sBrsa#""""" 8888,IL&&&&&&((((JM;;;;;.DDDDV        NNNN e)e)e)e)e)e)e)e)e)e)r'