o e}E@sdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddl mZddl mZddlZeeZGd d d eZdS) z. This module provides a client class for KMS. N) BceBaseClient)required) bce_v1_signer)bce_http_client)handler) http_methodsc@s eZdZdZd7ddZd7ddZ  d8ddZeee fee fee fe d  d9d d Z ee dd:ddZ ee efe efdd7ddZ ee efe efdd7ddZee efe efdd;ddZee efe dd7ddZee efdd7d d!Zee efdd7d"d#Zee efe d$d7d%d&Zee efdd7d'd(Zee efdd7d)d*Zee efd + d KmsClientz sdk client NcCst||dSN)r__init__)selfconfigr PD:\Projects\ConvertPro\env\Lib\site-packages\baidubce/services/kms/kms_client.pyr &szKmsClient.__init__cCs(|dur|jSt|j}|||Sr )r copyZmerge_non_none_values)r r Z new_configr r r _merge_config)s   zKmsClient._merge_configc CsJ||}|dur tj}|durddd}t|tjtj|g|||||S)Ns*/*sapplication/json;charset=utf-8)sAccepts Content-Type)rrZ parse_jsonr send_requestrsignZ parse_error)r Z http_methodpathbodyheadersparamsr Z body_parserr r r _send_request1s  zKmsClient._send_request) protectedBykeySpecorigin rotateCycleENCRYPT_DECRYPTrc Csdd}i} d| d<i} |r|| d<|| d<|| d<|| d<|| d<|| d <|jtj|t| | |d S) a. create a master key with the specified options. :type description: string :param description: a description about the master key :type protectedBy: constants.ProtectedBy :param protectedBy: the protect level about the master key, you can choose HSM or SOFTWARE :type keySpec: constants.KeySpec :param keySpec: key specification about the master key. now you can choose the BAIDU_AES_256, AES_128, AES_256, RSA_1024, RSA_2048, RSA_4096 :type keyUsage: string :param keyUsage: default "ENCRYPT_DECRYPT" :type origin: constants.Origin :param origin: origin of the master key. you can choose BAIDU_KMS or EXTERNAL :type rotateCycle: int :param rotateCycle: rotateCycle of the master key. /s CreateKeyaction descriptionrrrkeyUsagerrr rrPOSTjsondumps) r rrrrr rr rrrr r rcreate_masterKey?szKmsClient.create_masterKey)limitcC@d}i}d|d<i}||d<||d<|jtj|t|||dS)z list your masterkey :type limit: int :param limit: the number of masterKey you want list :type marker: string :param marker: the marker keyid , kms will search from the marker, default "" rsListKeysrr'markerr!r")r r'r*r rrrr r rlist_masterKeyes zKmsClient.list_masterKey)keyId plaintextcCfd}i}d|d<i}||d<||d<zt|Wn ty$tdw|jtj|t|||dS)z encrypt the plaintext :type keyId: string :param keyId: indicate kms will use which masterkey to encrypt :type plaintext: string :param plaintext: the plaintext need encrypted by kms rsEncryptrr,r-please input base64 stringr!base64 b64decode TypeErrorrrr#r$r%)r r,r-r rrrr r rencryptx  zKmsClient.encrypt)r, ciphertextcCr.)z decrypt the ciphertext :type keyId: string :param keyId: indicate kms will use which masterkey to decrypt :type ciphertext: string :param ciphertext: the ciphertext need decrypted by kms rsDecryptrr,r6r/r!r0)r r,r6r rrrr r rdecryptr5zKmsClient.decrypt)r,rcCs`d}i}d|d<i}||d<|dkr|dkrtd||d<||d <|jtj|t|||d S) aA generate a data key by master key :type keyId: string :param keyId: indicate kms will use which masterkey to generate data key :type keySpec: string :param keySpec: AES_128 or AES_256 :type numberOfBytes: int :param numberOfBytes: The length of data key rsGenerateDataKeyrr,ZAES_128ZAES_256z only support AES_128 and AES_256r numberOfBytesr! ValueErrorrrr#r$r%)r r,rr9r rrrr r rgenerate_dataKeys zKmsClient.generate_dataKey)r,rcCr))z update your master key rptation :type keyId: string :type rotateCycle: int :param keyId: the keyId of masterkey will be enable :param rotateCycle: the rotatecycle of masterkey rsEnableRotationrr,rr!r")r r,rr rrrr r rupdaterotation_masterKeys z"KmsClient.updaterotation_masterKey)r,cC8d}i}d|d<i}||d<|jtj|t|||dS)z enable your master key :type keyId: string :param keyId: the keyId of masterkey will be enable rs EnableKeyrr,r!r"r r,r rrrr r renable_masterKeyzKmsClient.enable_masterKeycCr>)z disable your master key :type keyId: string :param keyId: the keyId of masterkey will be diable rs DisableKeyrr,r!r"r?r r rdisable_masterKeyrAzKmsClient.disable_masterKey)r,pendingWindowInDayscCsXd}i}d|d<i}||d<|dks|dkrtd||d<|jtj|t|||d S) a  schedule delete master key :type keyId: string :param keyId: the keyId of masterkey will be deleted :type pendingWindowInDays: int :pram pendingWindowInDays: kms will wait pendingWindowInDays day then delete the key rsScheduleKeyDeletionrr,z-please input pendingWindowInDays >=7 and <=30rCr!r:)r r,rCr rrrr r rscheduleDelete_masterKeys z"KmsClient.scheduleDelete_masterKeycCr>)z cancel delete master key :type keyId: string :param keyId: the keyId of masterkey will cancel delete rsCancelKeyDeletionrr,r!r"r?r r rcancelDelete_masterKeyrAz KmsClient.cancelDelete_masterKeycCr>)zs descript the master key :type keyId: string :param keyId: the keyId of masterkey rs DescribeKeyrr,r!r"r?r r rdescribe_masterKeyrAzKmsClient.describe_masterKeyRSAES_PKCS1_V1_5RSA_2048c Csd}i}d|d<i}||d<|dkrtd||d<|dkr"td ||d <|d kr6|d kr6|d kr6td||d<|jtj|t|||dS)aY get parameters for import :type keyId: string :param keyId: the keyId of masterkey :type wrappingAlgorithm: string :param wrappingAlgorithm: the algorithm for user encrypt local key :type wrappingKeySpec:string :param wrappingKeySpec: the pubkey spec for user encrypt local key rsGetParametersForImportrr,rIzonly support RSAES_PKCS1_V1_5wrappingAlgorithmrJzonly support RSA_2048wrappingKeySpecZRAW_HEXBASE64ZPEMz%only support RAW_HEX or BASE64 or PEMpublicKeyEncodingr!)r3r;rrr#r$r%) r r,rNrKrLr rrrr r rget_parameters_for_import"s"z#KmsClient.get_parameters_for_import)r, importToken encryptedKeyrc CsXd}i}d|d<i} || d<|| d<|| d<|| d<|| d<|jtj|t| ||d S) a import symmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type encryptedKey: string :param encryptedKey: the symmetric key encrypted by pubkey :type keySpec: string :param keySpec: the import key spec :type keyUsage: string :param keyUsage: default "ENCRYPT_DECRYPT" rs ImportKeyrr,rPrQrr r!r") r r,rPrQrr r rrrr r rimport_symmetricMasterKeyAsz#KmsClient.import_symmetricMasterKey)r,rPasymmetricKeySpecasymmetricKeyUsageencryptedKeyEncryptionKeyZ asymmetricKeyc Ks\d}i} d| d<i} || d<|| d<|| d<|| d<|| d<i| d <|d d ur,td |d | d d <|d d ur>td|d | d d <|dd urPtd|d| d d<|dd urbtd|d| d d<|dd urttd|d| d d<|dd urtd|d| d d<|dd urtd|d| d d<|jtj|t| | |dS)a2 import asymmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type asymmetricKeySpec: string :param asymmetricKeySpec: the import key spec :type encryptedKeyEncryptionKey: string :param encryptedKeyEncryptionKey: EncryptionKey :type asymmetricKey: **args :param asymmetricKey: include publicKeyDer encryptedD encryptedP encryptedQ encryptedDp encryptedDq encryptedQinv rImportAsymmetricKeyrr,rPrSrTrUZencryptedRsaKey publicKeyDerN%arg "publicKeyDer" should not be NoneZ encryptedDz#arg "encryptedD" should not be NoneZ encryptedPz#arg "encryptedP" should not be NoneZ encryptedQz#arg "encryptedQ" should not be NoneZ encryptedDpz$arg "encryptedDp" should not be NoneZ encryptedDqz$arg "encryptedDq" should not be NoneZ encryptedQinvz&arg "encryptedQinv" should not be Noner!r: r r,rPrSrUrTr kwargsrrrr r rimport_asymmetricMasterKeyasD       z$KmsClient.import_asymmetricMasterKeyc Ksd}i} d| d<i} || d<|| d<|| d<|| d<|| d<i| d <|d d ur,td |d | d d <|d d ur>td|d | d d <|jtj|t| | |dS)a import asymmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type asymmetricKeySpec: string :param asymmetricKeySpec: the import key spec :type encryptedKeyEncryptionKey: string :param encryptedKeyEncryptionKey: EncryptionKey :type asymmetricKey: **args :param asymmetricKey: include publicKeyDer encryptedPrivateKey rrVrr,rPrSrTrUZencryptedSm2KeyrWNrXZencryptedPrivateKeyz,arg "encryptedPrivateKey" should not be Noner!r:rYr r rimport_asymmetricSM2MasterKeys&  z'KmsClient.import_asymmetricSM2MasterKeyr )NNNNN)rrN)r(N)r8N)rIrJN)rN)__name__ __module__ __qualname____doc__r rrrbytesstrintr&r+r4r7r<r=r@rBrFrGrHrOrRobjectr[r\r r r rr"sn     %                  5r)r`rr$loggingrandomstringuuidZbaidubce.bce_base_clientrZbaidubce.utilsrZ baidubce.authrZ baidubce.httprrrr1 getLoggerr]Z_loggerrr r r rs