MxSrSSKrSSKrSSKrSSKrSSKrSSKJr SSKJr SSKJ r SSK J r SSK J r SSK Jr \R"S 5rS r"S S \R$5r\R("S /SQ5r"SS5r\"5rSrSr\R4"SS9S5rSrSrSSjrSSjrSSjr g)z1Utilities that support customer encryption flows.N)errors) hash_util)user_request_args_factory) properties)yaml)function_result_cachezqprojects/([^/]+)/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})$AES256c\rSrSrSrSrSrg)KeyType'CMEKCSEKN)__name__ __module__ __qualname____firstlineno__r r__static_attributes__r9lib/googlecloudsdk/command_lib/storage/encryption_util.pyr r 's $ $rr EncryptionKey)keytypesha256c.\rSrSrSrSSjrSrSrg) _KeyStore5auHolds encryption key information. Attributes: encryption_key (Optional[EncryptionKey]): The key for encryption. decryption_key_index (Dict[EncryptionKey.sha256, EncryptionKey]): Indexes keys that can be used for decryption. initialized (bool): True if encryption_key and decryption_key_index reflect the values they should based on flag and key file values. Nc<XlU=(d 0UlX0lgN)encryption_keydecryption_key_index initialized)selfr r!r"s r__init___KeyStore.__init__@s) 4 :D"rc[XR5(d[$URUR:H=(a9 URUR:H=(a UR UR :H$r) isinstance __class__NotImplementedr r!r")r#others r__eq___KeyStore.__eq__Hsb e^^ , ,  u333 . !!U%?%?? . E---r)r!r r")NNF)rrrr__doc__r$r+rrrrrr5s#$( #rrcU(d[R"S5eURS5(a[R"SU-5e[R U5(d%[R"SR U55eg)Nz Key is empty./z1KMS key should not start with leading slash (/): zInvalid KMS key name: {}. KMS keys should follow the format "projects//locations//keyRings//cryptoKeys/")rError startswith _CMEK_REGEXmatchformat)raw_keys r validate_cmekr6Usx  ,, ''  ,,J     7 # # ,, !!' 22 $rcdURS5n[U5 [RnSn[XUS9$![R aa [ U5S:wae[Rn[R"[R"[R"U555nN~f=f)zAReturns an EncryptionKey populated with information from raw_key.asciiN,)rrr)encoder6r r rr0lenrrget_base64_hash_digest_stringhashlibrbase64 b64decoder)r5 raw_key_byteskey_typers r parse_keyrBds..)- 9'||H F 7 AA 9 7|r ||H  4 4v'' 679F 9s:A2B/.B/)maxsizecU=(d2 [RRRR 5nU(d0$[ R "U5$)zReads the key store file, if it exists. Args: key_path: str | None, only provided for unit tests. Returns: The contents of the key store file, or an empty dict if the file does not exist. )rVALUESstoragekey_store_pathGetr load_path)key_pathrHs r_read_key_store_filerLts@Mz0088GGKKM.  I  ''rcX[XS5nUbU$[U5RU5$)aSearches for key values in flags, falling back to a file if necessary. Args: args: An object containing flag values from the command surface. key_field_name (str): Corresponds to a flag name or field name in the key file. key_store_path (str | None): The path to the key store file. Only provided if testing. Returns: The flag value associated with key_field_name, or the value contained in the key file. N)getattrrLget)argskey_field_namerHflag_keys r _get_raw_keyrSs1T4 0(  O n - 1 1. AArc0nU(aKUHEnU(dM [U5nUR[R:XdM7X1UR'MG U$)zParses and indexes raw keys. Args: raw_keys (list[str]): The keys to index. Returns: A dict mapping key hashes to keys in raw_keys. Falsy elements of raw_keys and non-CSEKs are skipped. )rBrr rr)raw_keysindexr5rs r_index_decryption_keysrWsI %   g c W\\ !cjj  ,rcL[R(ag[USU5n[USS5(a[R [lOU(a[U5[lU/n[USU5nU(aX4- n[U5[l S[lg)aLoads appropriate encryption and decryption keys into memory. Prefers values from flags over those from the user's key file. If _key_store is not already initialized, creates a _KeyStore instance and stores it in a global variable. Args: args: An object containing flag values from the command surface. key_store_path (str | None): The path to the key store file. Only provided if testing. Nr clear_encryption_keydecryption_keysT) _key_storer"rSrNrCLEARr rBrWr!)rPrHraw_encryption_keyrUraw_decryption_keyss rinitialize_key_storer_s #D*:NK T)400 9 ? ?J )*< =J !($T+ collectionsenumr=re"googlecloudsdk.command_lib.storagerrrgooglecloudsdk.corerrgooglecloudsdk.core.cachercompiler2ENCRYPTION_ALGORITHMEnumr namedtuplerrr[r6rBlrurLrSrWr_rdrfrrrrrs8  58H*$;jj=>  dii && :[  2 B 1% (& ( B(* < %r