oci 2.136.0__py3-none-any.whl → 2.137.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- oci/_vendor/jwt/__init__.py +65 -26
- oci/_vendor/jwt/algorithms.py +404 -130
- oci/_vendor/jwt/api_jwk.py +108 -0
- oci/_vendor/jwt/api_jws.py +153 -106
- oci/_vendor/jwt/api_jwt.py +146 -137
- oci/_vendor/jwt/exceptions.py +13 -6
- oci/_vendor/jwt/help.py +16 -15
- oci/_vendor/jwt/jwks_client.py +64 -0
- oci/_vendor/jwt/utils.py +101 -54
- oci/access_governance_cp/access_governance_cp_client.py +8 -8
- oci/adm/application_dependency_management_client.py +36 -36
- oci/ai_anomaly_detection/anomaly_detection_client.py +36 -36
- oci/ai_document/ai_service_document_client.py +26 -26
- oci/ai_language/ai_service_language_client.py +44 -44
- oci/ai_speech/ai_service_speech_client.py +19 -19
- oci/ai_vision/ai_service_vision_client.py +25 -25
- oci/analytics/analytics_client.py +24 -24
- oci/announcements_service/announcement_client.py +5 -5
- oci/announcements_service/announcement_subscription_client.py +9 -9
- oci/announcements_service/announcements_preferences_client.py +4 -4
- oci/announcements_service/service_client.py +1 -1
- oci/apigateway/api_gateway_client.py +21 -21
- oci/apigateway/deployment_client.py +6 -6
- oci/apigateway/gateway_client.py +6 -6
- oci/apigateway/subscribers_client.py +6 -6
- oci/apigateway/usage_plans_client.py +6 -6
- oci/apigateway/work_requests_client.py +5 -5
- oci/apm_config/config_client.py +9 -9
- oci/apm_control_plane/apm_domain_client.py +14 -14
- oci/apm_synthetics/apm_synthetic_client.py +28 -28
- oci/apm_traces/attributes_client.py +8 -8
- oci/apm_traces/query_client.py +2 -2
- oci/apm_traces/trace_client.py +4 -4
- oci/appmgmt_control/appmgmt_control_client.py +8 -8
- oci/artifacts/artifacts_client.py +32 -32
- oci/audit/audit_client.py +3 -3
- oci/auth/security_token_container.py +1 -1
- oci/autoscaling/auto_scaling_client.py +11 -11
- oci/bastion/bastion_client.py +15 -15
- oci/bds/bds_client.py +72 -72
- oci/blockchain/blockchain_platform_client.py +27 -27
- oci/budget/budget_client.py +10 -10
- oci/capacity_management/capacity_management_client.py +32 -32
- oci/certificates/certificates_client.py +5 -5
- oci/certificates_management/certificates_management_client.py +32 -32
- oci/cims/incident_client.py +8 -8
- oci/cloud_bridge/common_client.py +5 -5
- oci/cloud_bridge/discovery_client.py +160 -14
- oci/cloud_bridge/inventory_client.py +20 -20
- oci/cloud_bridge/models/__init__.py +48 -2
- oci/cloud_bridge/models/asset.py +19 -3
- oci/cloud_bridge/models/asset_source.py +11 -3
- oci/cloud_bridge/models/asset_source_credentials.py +17 -7
- oci/cloud_bridge/models/asset_source_summary.py +11 -3
- oci/cloud_bridge/models/asset_summary.py +11 -3
- oci/cloud_bridge/models/aws_asset_source.py +359 -0
- oci/cloud_bridge/models/aws_asset_source_summary.py +205 -0
- oci/cloud_bridge/models/aws_ebs_asset.py +170 -0
- oci/cloud_bridge/models/aws_ebs_properties.py +382 -0
- oci/cloud_bridge/models/aws_ec2_asset.py +278 -0
- oci/cloud_bridge/models/aws_ec2_properties.py +1056 -0
- oci/cloud_bridge/models/create_asset_details.py +19 -3
- oci/cloud_bridge/models/create_asset_source_details.py +11 -3
- oci/cloud_bridge/models/create_aws_asset_source_details.py +323 -0
- oci/cloud_bridge/models/create_aws_ebs_asset_details.py +134 -0
- oci/cloud_bridge/models/create_aws_ec2_asset_details.py +242 -0
- oci/cloud_bridge/models/create_vm_ware_asset_source_details.py +2 -2
- oci/cloud_bridge/models/create_vmware_vm_asset_details.py +5 -5
- oci/cloud_bridge/models/group_identifier.py +103 -0
- oci/cloud_bridge/models/import_inventory_via_assets_details.py +13 -5
- oci/cloud_bridge/models/instance_network_interface.py +498 -0
- oci/cloud_bridge/models/instance_network_interface_association.py +196 -0
- oci/cloud_bridge/models/instance_network_interface_attachment.py +227 -0
- oci/cloud_bridge/models/instance_private_ip_address.py +161 -0
- oci/cloud_bridge/models/instance_state.py +103 -0
- oci/cloud_bridge/models/monthly_cost_summary.py +103 -0
- oci/cloud_bridge/models/placement.py +289 -0
- oci/cloud_bridge/models/supported_cloud_region_collection.py +72 -0
- oci/cloud_bridge/models/supported_cloud_region_summary.py +244 -0
- oci/cloud_bridge/models/tag.py +103 -0
- oci/cloud_bridge/models/update_asset_details.py +19 -3
- oci/cloud_bridge/models/update_asset_source_details.py +47 -4
- oci/cloud_bridge/models/update_aws_asset_source_details.py +240 -0
- oci/cloud_bridge/models/update_aws_ebs_asset_details.py +106 -0
- oci/cloud_bridge/models/update_aws_ec2_asset_details.py +214 -0
- oci/cloud_bridge/models/update_vm_asset_details.py +1 -1
- oci/cloud_bridge/models/update_vm_ware_asset_source_details.py +11 -39
- oci/cloud_bridge/models/update_vmware_vm_asset_details.py +1 -1
- oci/cloud_bridge/models/vm_asset.py +3 -3
- oci/cloud_bridge/models/vm_ware_asset_source.py +2 -2
- oci/cloud_bridge/models/vm_ware_asset_source_summary.py +2 -2
- oci/cloud_bridge/models/vmware_vm_asset.py +5 -5
- oci/cloud_bridge/models/volume_attachment.py +196 -0
- oci/cloud_bridge/models/work_request.py +15 -3
- oci/cloud_bridge/models/work_request_summary.py +15 -3
- oci/cloud_bridge/ocb_agent_svc_client.py +22 -138
- oci/cloud_bridge/ocb_agent_svc_client_composite_operations.py +0 -48
- oci/cloud_guard/cloud_guard_client.py +155 -155
- oci/cloud_migrations/migration_client.py +43 -43
- oci/cluster_placement_groups/cluster_placement_groups_cp_client.py +13 -13
- oci/compute_cloud_at_customer/compute_cloud_at_customer_client.py +12 -12
- oci/compute_instance_agent/compute_instance_agent_client.py +6 -6
- oci/compute_instance_agent/plugin_client.py +2 -2
- oci/compute_instance_agent/pluginconfig_client.py +1 -1
- oci/container_engine/container_engine_client.py +88 -88
- oci/container_engine/models/install_addon_details.py +33 -2
- oci/container_instances/container_instance_client.py +18 -18
- oci/core/blockstorage_client.py +60 -60
- oci/core/compute_client.py +102 -102
- oci/core/compute_management_client.py +32 -32
- oci/core/models/__init__.py +2 -0
- oci/core/models/virtual_circuit.py +29 -2
- oci/core/models/virtual_circuit_redundancy_metadata.py +202 -0
- oci/core/virtual_network_client.py +247 -247
- oci/dashboard_service/dashboard_client.py +6 -6
- oci/dashboard_service/dashboard_group_client.py +6 -6
- oci/data_catalog/data_catalog_client.py +149 -149
- oci/data_flow/data_flow_client.py +42 -42
- oci/data_integration/data_integration_client.py +163 -163
- oci/data_labeling_service/data_labeling_management_client.py +17 -17
- oci/data_labeling_service_dataplane/data_labeling_client.py +15 -15
- oci/data_safe/data_safe_client.py +292 -292
- oci/data_science/data_science_client.py +217 -93
- oci/data_science/data_science_client_composite_operations.py +41 -0
- oci/data_science/models/__init__.py +8 -0
- oci/data_science/models/backup_operation_details.py +154 -0
- oci/data_science/models/backup_setting.py +158 -0
- oci/data_science/models/create_model_details.py +56 -2
- oci/data_science/models/model.py +141 -2
- oci/data_science/models/model_summary.py +31 -0
- oci/data_science/models/retention_operation_details.py +267 -0
- oci/data_science/models/retention_setting.py +158 -0
- oci/data_science/models/update_model_details.py +56 -2
- oci/data_science/models/work_request.py +7 -3
- oci/data_science/models/work_request_summary.py +7 -3
- oci/database/database_client.py +396 -396
- oci/database/models/__init__.py +14 -0
- oci/database/models/autonomous_database.py +58 -0
- oci/database/models/autonomous_database_encryption_key_details.py +133 -0
- oci/database/models/autonomous_database_encryption_key_history_entry.py +99 -0
- oci/database/models/autonomous_database_summary.py +58 -0
- oci/database/models/aws_key_details.py +175 -0
- oci/database/models/azure_key_details.py +113 -0
- oci/database/models/create_autonomous_database_base.py +27 -0
- oci/database/models/create_autonomous_database_clone_details.py +7 -0
- oci/database/models/create_autonomous_database_details.py +7 -0
- oci/database/models/create_autonomous_database_from_backup_details.py +7 -0
- oci/database/models/create_autonomous_database_from_backup_timestamp_details.py +7 -0
- oci/database/models/create_cross_region_autonomous_database_data_guard_details.py +7 -0
- oci/database/models/create_cross_region_disaster_recovery_details.py +7 -0
- oci/database/models/create_cross_tenancy_disaster_recovery_details.py +7 -0
- oci/database/models/create_refreshable_autonomous_database_clone_details.py +7 -0
- oci/database/models/oci_key_details.py +119 -0
- oci/database/models/okv_key_details.py +206 -0
- oci/database/models/oracle_managed_key_details.py +51 -0
- oci/database/models/undelete_autonomous_database_details.py +7 -0
- oci/database/models/update_autonomous_database_details.py +29 -2
- oci/database_management/db_management_client.py +211 -211
- oci/database_management/diagnosability_client.py +4 -4
- oci/database_management/managed_my_sql_databases_client.py +7 -7
- oci/database_management/perfhub_client.py +1 -1
- oci/database_management/sql_tuning_client.py +17 -17
- oci/database_migration/database_migration_client.py +42 -42
- oci/database_tools/database_tools_client.py +23 -23
- oci/delegate_access_control/delegate_access_control_client.py +26 -26
- oci/delegate_access_control/work_request_client.py +4 -4
- oci/demand_signal/occ_demand_signal_client.py +7 -7
- oci/desktops/desktop_service_client.py +21 -21
- oci/devops/devops_client.py +141 -141
- oci/disaster_recovery/disaster_recovery_client.py +29 -29
- oci/dns/dns_client.py +54 -54
- oci/dts/appliance_export_job_client.py +6 -6
- oci/dts/shipping_vendors_client.py +1 -1
- oci/dts/transfer_appliance_client.py +8 -8
- oci/dts/transfer_appliance_entitlement_client.py +3 -3
- oci/dts/transfer_device_client.py +5 -5
- oci/dts/transfer_job_client.py +6 -6
- oci/dts/transfer_package_client.py +7 -7
- oci/em_warehouse/em_warehouse_client.py +13 -13
- oci/email/email_client.py +31 -31
- oci/email_data_plane/email_dp_client.py +1 -1
- oci/events/events_client.py +6 -6
- oci/file_storage/file_storage_client.py +3599 -1776
- oci/file_storage/file_storage_client_composite_operations.py +881 -223
- oci/file_storage/models/__init__.py +2 -0
- oci/file_storage/models/create_export_details.py +31 -0
- oci/file_storage/models/create_file_system_details.py +31 -0
- oci/file_storage/models/create_filesystem_snapshot_policy_details.py +33 -2
- oci/file_storage/models/create_ldap_bind_account_details.py +7 -0
- oci/file_storage/models/create_mount_target_details.py +31 -0
- oci/file_storage/models/create_outbound_connector_details.py +33 -2
- oci/file_storage/models/create_replication_details.py +33 -2
- oci/file_storage/models/create_snapshot_details.py +33 -2
- oci/file_storage/models/export.py +33 -2
- oci/file_storage/models/export_summary.py +33 -2
- oci/file_storage/models/file_system.py +31 -0
- oci/file_storage/models/file_system_summary.py +31 -0
- oci/file_storage/models/filesystem_snapshot_policy.py +31 -0
- oci/file_storage/models/filesystem_snapshot_policy_summary.py +31 -0
- oci/file_storage/models/ldap_bind_account.py +7 -0
- oci/file_storage/models/ldap_bind_account_summary.py +7 -0
- oci/file_storage/models/mount_target.py +31 -0
- oci/file_storage/models/mount_target_summary.py +31 -0
- oci/file_storage/models/outbound_connector.py +31 -0
- oci/file_storage/models/outbound_connector_summary.py +31 -0
- oci/file_storage/models/replication.py +31 -0
- oci/file_storage/models/replication_summary.py +31 -0
- oci/file_storage/models/resource_lock.py +185 -0
- oci/file_storage/models/snapshot.py +31 -0
- oci/file_storage/models/snapshot_summary.py +31 -0
- oci/fleet_apps_management/fleet_apps_management_admin_client.py +2261 -294
- oci/fleet_apps_management/fleet_apps_management_admin_client_composite_operations.py +349 -1
- oci/fleet_apps_management/fleet_apps_management_client.py +141 -127
- oci/fleet_apps_management/fleet_apps_management_client_composite_operations.py +19 -19
- oci/fleet_apps_management/fleet_apps_management_maintenance_window_client.py +19 -15
- oci/fleet_apps_management/fleet_apps_management_maintenance_window_client_composite_operations.py +1 -1
- oci/fleet_apps_management/fleet_apps_management_operations_client.py +2058 -363
- oci/fleet_apps_management/fleet_apps_management_operations_client_composite_operations.py +173 -0
- oci/fleet_apps_management/fleet_apps_management_runbooks_client.py +1097 -260
- oci/fleet_apps_management/fleet_apps_management_runbooks_client_composite_operations.py +298 -0
- oci/fleet_apps_management/models/__init__.py +168 -0
- oci/fleet_apps_management/models/action_group.py +2 -2
- oci/fleet_apps_management/models/action_group_based_user_action_details.py +90 -0
- oci/fleet_apps_management/models/action_group_details.py +20 -16
- oci/fleet_apps_management/models/activity_resource_target.py +44 -7
- oci/fleet_apps_management/models/announcement_collection.py +1 -1
- oci/fleet_apps_management/models/announcement_summary.py +13 -13
- oci/fleet_apps_management/models/api_based_execution_details.py +1 -1
- oci/fleet_apps_management/models/artifact_details.py +109 -0
- oci/fleet_apps_management/models/associated_fleet_credential_details.py +1 -1
- oci/fleet_apps_management/models/associated_fleet_property_details.py +5 -5
- oci/fleet_apps_management/models/associated_fleet_resource_details.py +6 -6
- oci/fleet_apps_management/models/associated_local_task_details.py +64 -1
- oci/fleet_apps_management/models/associated_scheduler_definition.py +3 -3
- oci/fleet_apps_management/models/associated_shared_task_details.py +2 -1
- oci/fleet_apps_management/models/associations.py +32 -5
- oci/fleet_apps_management/models/check_resource_tagging_details.py +5 -5
- oci/fleet_apps_management/models/compliance_detail_policy.py +223 -0
- oci/fleet_apps_management/models/compliance_detail_product.py +134 -0
- oci/fleet_apps_management/models/compliance_detail_resource.py +196 -0
- oci/fleet_apps_management/models/compliance_detail_target.py +134 -0
- oci/fleet_apps_management/models/compliance_patch_detail.py +278 -0
- oci/fleet_apps_management/models/compliance_policy.py +439 -0
- oci/fleet_apps_management/models/compliance_policy_collection.py +72 -0
- oci/fleet_apps_management/models/compliance_policy_rule.py +618 -0
- oci/fleet_apps_management/models/compliance_policy_rule_collection.py +72 -0
- oci/fleet_apps_management/models/compliance_policy_rule_summary.py +585 -0
- oci/fleet_apps_management/models/compliance_policy_summary.py +406 -0
- oci/fleet_apps_management/models/compliance_record.py +457 -0
- oci/fleet_apps_management/models/compliance_record_aggregation.py +99 -0
- oci/fleet_apps_management/models/compliance_record_aggregation_collection.py +72 -0
- oci/fleet_apps_management/models/compliance_record_collection.py +72 -0
- oci/fleet_apps_management/models/compliance_record_dimension.py +143 -0
- oci/fleet_apps_management/models/compliance_record_summary.py +437 -0
- oci/fleet_apps_management/models/compliance_report.py +5 -5
- oci/fleet_apps_management/models/compliance_report_patch_detail.py +9 -9
- oci/fleet_apps_management/models/compliance_report_product.py +3 -3
- oci/fleet_apps_management/models/compliance_report_resource.py +8 -6
- oci/fleet_apps_management/models/compliance_report_target.py +7 -7
- oci/fleet_apps_management/models/component_properties.py +69 -9
- oci/fleet_apps_management/models/condition.py +12 -6
- oci/fleet_apps_management/models/config_association_details.py +109 -0
- oci/fleet_apps_management/models/config_category_details.py +133 -0
- oci/fleet_apps_management/models/confirm_targets_details.py +1 -1
- oci/fleet_apps_management/models/content_details.py +3 -3
- oci/fleet_apps_management/models/create_compliance_policy_rule_details.py +382 -0
- oci/fleet_apps_management/models/create_fleet_details.py +63 -16
- oci/fleet_apps_management/models/create_fleet_property_details.py +5 -5
- oci/fleet_apps_management/models/create_fleet_resource_details.py +1 -1
- oci/fleet_apps_management/models/create_maintenance_window_details.py +19 -11
- oci/fleet_apps_management/models/create_onboarding_details.py +8 -4
- oci/fleet_apps_management/models/create_patch_details.py +402 -0
- oci/fleet_apps_management/models/create_platform_configuration_details.py +169 -0
- oci/fleet_apps_management/models/create_property_details.py +6 -6
- oci/fleet_apps_management/models/create_runbook_details.py +441 -0
- oci/fleet_apps_management/models/create_task_record_details.py +235 -0
- oci/fleet_apps_management/models/credential_config_category_details.py +52 -0
- oci/fleet_apps_management/models/credential_details.py +3 -3
- oci/fleet_apps_management/models/credential_entity_specific_details.py +22 -6
- oci/{cloud_bridge/models/update_plugin_details.py → fleet_apps_management/models/dependent_patch_details.py} +21 -21
- oci/fleet_apps_management/models/details.py +67 -3
- oci/fleet_apps_management/models/discovered_target.py +6 -6
- oci/fleet_apps_management/models/enable_latest_policy_details.py +72 -0
- oci/fleet_apps_management/models/entity_execution_details.py +22 -16
- oci/fleet_apps_management/models/environment_config_category_details.py +53 -0
- oci/fleet_apps_management/models/execution.py +122 -21
- oci/fleet_apps_management/models/execution_collection.py +1 -1
- oci/fleet_apps_management/models/execution_details.py +1 -1
- oci/fleet_apps_management/models/execution_summary.py +123 -22
- oci/fleet_apps_management/models/execution_workflow_details.py +1 -1
- oci/fleet_apps_management/models/export_compliance_report_details.py +251 -0
- oci/fleet_apps_management/models/fleet.py +37 -19
- oci/fleet_apps_management/models/fleet_credential.py +1 -1
- oci/fleet_apps_management/models/fleet_credential_entity_specific_details.py +82 -0
- oci/fleet_apps_management/models/fleet_product_summary.py +3 -3
- oci/fleet_apps_management/models/fleet_property.py +11 -11
- oci/fleet_apps_management/models/fleet_property_collection.py +3 -3
- oci/fleet_apps_management/models/fleet_property_summary.py +6 -6
- oci/fleet_apps_management/models/fleet_resource.py +21 -15
- oci/fleet_apps_management/models/fleet_resource_collection.py +1 -1
- oci/fleet_apps_management/models/fleet_resource_summary.py +20 -14
- oci/fleet_apps_management/models/fleet_summary.py +15 -5
- oci/fleet_apps_management/models/fleet_target.py +98 -5
- oci/fleet_apps_management/models/fleet_target_summary.py +98 -5
- oci/fleet_apps_management/models/generate_compliance_report_details.py +5 -3
- oci/fleet_apps_management/models/generic_artifact.py +68 -0
- oci/fleet_apps_management/models/generic_artifact_details.py +78 -0
- oci/fleet_apps_management/models/group.py +11 -5
- oci/fleet_apps_management/models/input_argument.py +2 -2
- oci/fleet_apps_management/models/inventory_resource_summary.py +6 -6
- oci/fleet_apps_management/models/job_activity.py +57 -18
- oci/fleet_apps_management/models/key_encryption_credential_details.py +5 -5
- oci/fleet_apps_management/models/maintenance_window.py +19 -11
- oci/fleet_apps_management/models/maintenance_window_collection.py +1 -1
- oci/fleet_apps_management/models/maintenance_window_summary.py +18 -10
- oci/fleet_apps_management/models/manage_job_execution_details.py +68 -0
- oci/fleet_apps_management/models/manage_settings_details.py +72 -0
- oci/fleet_apps_management/models/managed_entity_aggregation.py +99 -0
- oci/fleet_apps_management/models/managed_entity_aggregation_collection.py +72 -0
- oci/fleet_apps_management/models/managed_entity_dimension.py +88 -0
- oci/fleet_apps_management/models/model_property.py +9 -9
- oci/fleet_apps_management/models/notification_preferences.py +7 -5
- oci/fleet_apps_management/models/object_storage_bucket_content_details.py +3 -3
- oci/fleet_apps_management/models/onboarding.py +70 -7
- oci/fleet_apps_management/models/onboarding_collection.py +3 -3
- oci/fleet_apps_management/models/onboarding_policy_collection.py +3 -3
- oci/fleet_apps_management/models/onboarding_policy_summary.py +1 -1
- oci/fleet_apps_management/models/onboarding_summary.py +69 -7
- oci/fleet_apps_management/models/outcome.py +7 -7
- oci/fleet_apps_management/models/output_variable_details.py +2 -2
- oci/fleet_apps_management/models/output_variable_input_argument.py +1 -1
- oci/fleet_apps_management/models/output_variable_mapping.py +4 -3
- oci/fleet_apps_management/models/patch.py +704 -0
- oci/fleet_apps_management/models/patch_collection.py +72 -0
- oci/fleet_apps_management/models/patch_level_selection_details.py +106 -0
- oci/fleet_apps_management/models/patch_name_selection_details.py +83 -0
- oci/fleet_apps_management/models/patch_product.py +103 -0
- oci/fleet_apps_management/models/patch_release_date_selection_details.py +83 -0
- oci/fleet_apps_management/models/patch_selection_details.py +117 -0
- oci/fleet_apps_management/models/patch_summary.py +625 -0
- oci/fleet_apps_management/models/patch_type.py +72 -0
- oci/fleet_apps_management/models/patch_type_config_category_details.py +52 -0
- oci/fleet_apps_management/models/pause_details.py +109 -0
- oci/fleet_apps_management/models/plain_text_credential_details.py +2 -2
- oci/fleet_apps_management/models/platform_configuration.py +529 -0
- oci/fleet_apps_management/models/platform_configuration_collection.py +72 -0
- oci/fleet_apps_management/models/platform_configuration_summary.py +485 -0
- oci/fleet_apps_management/models/platform_specific_artifact.py +162 -0
- oci/fleet_apps_management/models/platform_specific_artifact_details.py +82 -0
- oci/fleet_apps_management/models/preferences.py +3 -3
- oci/fleet_apps_management/models/product_config_category_details.py +215 -0
- oci/fleet_apps_management/models/product_stack_as_product_sub_category_details.py +182 -0
- oci/fleet_apps_management/models/product_stack_config_category_details.py +112 -0
- oci/fleet_apps_management/models/product_stack_generic_sub_category_details.py +51 -0
- oci/fleet_apps_management/models/product_stack_sub_category_details.py +109 -0
- oci/fleet_apps_management/models/product_version_details.py +105 -0
- oci/fleet_apps_management/models/property_collection.py +3 -3
- oci/fleet_apps_management/models/property_summary.py +8 -8
- oci/fleet_apps_management/models/publish_runbook_details.py +72 -0
- oci/fleet_apps_management/models/request_resource_validation_details.py +5 -5
- oci/fleet_apps_management/models/request_target_discovery_details.py +5 -5
- oci/fleet_apps_management/models/resource_collection.py +72 -0
- oci/fleet_apps_management/models/resource_credential_entity_specific_details.py +82 -0
- oci/fleet_apps_management/models/resource_summary.py +347 -0
- oci/fleet_apps_management/models/resource_tag_check_details.py +3 -3
- oci/fleet_apps_management/models/resource_tag_enablement_info.py +3 -3
- oci/fleet_apps_management/models/rollback_workflow_details.py +119 -0
- oci/fleet_apps_management/models/rule.py +15 -7
- oci/fleet_apps_management/models/runbook.py +28 -9
- oci/fleet_apps_management/models/runbook_collection.py +1 -1
- oci/fleet_apps_management/models/runbook_summary.py +6 -4
- oci/fleet_apps_management/models/scheduler_definition.py +16 -16
- oci/fleet_apps_management/models/scheduler_job.py +24 -20
- oci/fleet_apps_management/models/scheduler_job_aggregation.py +99 -0
- oci/fleet_apps_management/models/scheduler_job_aggregation_collection.py +72 -0
- oci/fleet_apps_management/models/scheduler_job_collection.py +1 -1
- oci/fleet_apps_management/models/scheduler_job_dimension.py +72 -0
- oci/fleet_apps_management/models/scheduler_job_summary.py +20 -16
- oci/fleet_apps_management/models/script_based_execution_details.py +38 -5
- oci/fleet_apps_management/models/selection_criteria.py +6 -3
- oci/fleet_apps_management/models/set_default_runbook_details.py +72 -0
- oci/fleet_apps_management/models/step_based_user_action_details.py +183 -0
- oci/fleet_apps_management/models/step_collection.py +72 -0
- oci/fleet_apps_management/models/step_summary.py +378 -0
- oci/fleet_apps_management/models/target_credential_entity_specific_details.py +6 -6
- oci/fleet_apps_management/models/target_resource.py +1 -1
- oci/fleet_apps_management/models/task_notification_preferences.py +134 -0
- oci/fleet_apps_management/models/task_record.py +1 -1
- oci/fleet_apps_management/models/task_variable.py +2 -1
- oci/fleet_apps_management/models/time_based_pause_details.py +82 -0
- oci/fleet_apps_management/models/update_compliance_policy_rule_details.py +283 -0
- oci/fleet_apps_management/models/update_fleet_details.py +4 -2
- oci/fleet_apps_management/models/update_fleet_property_details.py +3 -3
- oci/fleet_apps_management/models/update_fleet_resource_details.py +1 -1
- oci/fleet_apps_management/models/update_maintenance_window_details.py +18 -10
- oci/fleet_apps_management/models/update_onboarding_details.py +103 -0
- oci/fleet_apps_management/models/update_patch_details.py +369 -0
- oci/fleet_apps_management/models/update_platform_configuration_details.py +138 -0
- oci/fleet_apps_management/models/update_property_details.py +6 -6
- oci/fleet_apps_management/models/update_runbook_details.py +410 -0
- oci/fleet_apps_management/models/update_scheduler_job_details.py +3 -3
- oci/fleet_apps_management/models/update_task_record_details.py +204 -0
- oci/fleet_apps_management/models/user_action_based_pause_details.py +51 -0
- oci/fleet_apps_management/models/user_action_details.py +157 -0
- oci/fleet_apps_management/models/variable.py +103 -0
- oci/fleet_apps_management/models/work_request.py +67 -3
- oci/fleet_apps_management/models/work_request_summary.py +67 -3
- oci/fleet_apps_management/models/workflow_group.py +2 -2
- oci/fleet_apps_management/models/workflow_group_component.py +4 -4
- oci/fleet_software_update/fleet_software_update_client.py +46 -46
- oci/functions/functions_invoke_client.py +1 -1
- oci/functions/functions_management_client.py +16 -16
- oci/fusion_apps/fusion_applications_client.py +41 -41
- oci/generative_ai/generative_ai_client.py +22 -22
- oci/generative_ai_agent/generative_ai_agent_client.py +33 -33
- oci/generative_ai_agent_runtime/generative_ai_agent_runtime_client.py +5 -5
- oci/generative_ai_inference/generative_ai_inference_client.py +4 -4
- oci/generic_artifacts_content/generic_artifacts_content_client.py +3 -3
- oci/globally_distributed_database/sharded_database_service_client.py +30 -30
- oci/golden_gate/golden_gate_client.py +69 -69
- oci/governance_rules_control_plane/governance_rule_client.py +15 -15
- oci/governance_rules_control_plane/work_request_client.py +5 -5
- oci/healthchecks/health_checks_client.py +17 -17
- oci/identity/identity_client.py +145 -145
- oci/identity_data_plane/dataplane_client.py +2 -2
- oci/identity_domains/identity_domains_client.py +307 -307
- oci/identity_domains/models/auth_token.py +51 -0
- oci/identity_domains/models/customer_secret_key.py +45 -0
- oci/identity_domains/models/o_auth2_client_credential.py +49 -0
- oci/identity_domains/models/smtp_credential.py +47 -0
- oci/integration/integration_instance_client.py +19 -19
- oci/jms/java_management_service_client.py +75 -75
- oci/jms_java_downloads/java_download_client.py +25 -25
- oci/key_management/ekm_client.py +5 -5
- oci/key_management/kms_crypto_client.py +6 -6
- oci/key_management/kms_hsm_cluster_client.py +12 -12
- oci/key_management/kms_management_client.py +21 -21
- oci/key_management/kms_vault_client.py +14 -14
- oci/license_manager/license_manager_client.py +18 -18
- oci/limits/limits_client.py +4 -4
- oci/limits/quotas_client.py +7 -7
- oci/load_balancer/load_balancer_client.py +61 -61
- oci/load_balancer/models/create_listener_details.py +4 -6
- oci/load_balancer/models/listener.py +4 -6
- oci/load_balancer/models/listener_details.py +4 -6
- oci/load_balancer/models/update_listener_details.py +4 -6
- oci/lockbox/lockbox_client.py +24 -24
- oci/log_analytics/log_analytics_client.py +193 -193
- oci/logging/logging_management_client.py +30 -30
- oci/loggingingestion/logging_client.py +1 -1
- oci/loggingsearch/log_search_client.py +1 -1
- oci/management_agent/management_agent_client.py +28 -28
- oci/management_dashboard/dashx_apis_client.py +14 -14
- oci/marketplace/account_client.py +2 -2
- oci/marketplace/marketplace_client.py +30 -30
- oci/marketplace_private_offer/attachment_client.py +5 -5
- oci/marketplace_private_offer/offer_client.py +6 -6
- oci/marketplace_publisher/attachment_client.py +5 -5
- oci/marketplace_publisher/marketplace_publisher_client.py +71 -71
- oci/marketplace_publisher/offer_client.py +6 -6
- oci/media_services/media_services_client.py +60 -60
- oci/media_services/media_stream_client.py +2 -2
- oci/monitoring/monitoring_client.py +18 -18
- oci/mysql/channels_client.py +7 -7
- oci/mysql/db_backups_client.py +7 -7
- oci/mysql/db_system_client.py +17 -17
- oci/mysql/mysqlaas_client.py +7 -7
- oci/mysql/replicas_client.py +5 -5
- oci/mysql/work_requests_client.py +4 -4
- oci/network_firewall/network_firewall_client.py +86 -86
- oci/network_load_balancer/models/backend_set.py +0 -4
- oci/network_load_balancer/models/backend_set_details.py +0 -4
- oci/network_load_balancer/models/backend_set_summary.py +7 -5
- oci/network_load_balancer/models/create_listener_details.py +42 -5
- oci/network_load_balancer/models/listener.py +42 -5
- oci/network_load_balancer/models/listener_details.py +42 -5
- oci/network_load_balancer/models/listener_summary.py +42 -5
- oci/network_load_balancer/models/update_listener_details.py +42 -5
- oci/network_load_balancer/network_load_balancer_client.py +34 -34
- oci/nosql/nosql_client.py +24 -24
- oci/object_storage/object_storage_client.py +55 -55
- oci/oce/oce_instance_client.py +10 -10
- oci/oci_control_center/occ_metrics_client.py +3 -3
- oci/ocvp/cluster_client.py +5 -5
- oci/ocvp/esxi_host_client.py +8 -8
- oci/ocvp/sddc_client.py +14 -14
- oci/ocvp/work_request_client.py +4 -4
- oci/oda/management_client.py +59 -59
- oci/oda/oda_client.py +17 -17
- oci/oda/odapackage_client.py +7 -7
- oci/onesubscription/billing_schedule_client.py +1 -1
- oci/onesubscription/commitment_client.py +2 -2
- oci/onesubscription/computed_usage_client.py +3 -3
- oci/onesubscription/invoice_summary_client.py +2 -2
- oci/onesubscription/organization_subscription_client.py +1 -1
- oci/onesubscription/ratecard_client.py +1 -1
- oci/onesubscription/subscribed_service_client.py +2 -2
- oci/onesubscription/subscription_client.py +1 -1
- oci/ons/notification_control_plane_client.py +6 -6
- oci/ons/notification_data_plane_client.py +10 -10
- oci/opa/opa_instance_client.py +13 -13
- oci/opensearch/opensearch_cluster_backup_client.py +4 -4
- oci/opensearch/opensearch_cluster_client.py +14 -14
- oci/operator_access_control/access_requests_client.py +20 -20
- oci/operator_access_control/operator_actions_client.py +4 -4
- oci/operator_access_control/operator_control_assignment_client.py +16 -16
- oci/operator_access_control/operator_control_client.py +12 -12
- oci/opsi/models/__init__.py +8 -0
- oci/opsi/models/host_configuration_metric_group.py +11 -3
- oci/opsi/models/host_containers.py +65 -3
- oci/opsi/models/host_cpu_hardware_configuration.py +1 -1
- oci/opsi/models/host_cpu_statistics.py +1 -1
- oci/opsi/models/host_cpu_usage.py +1 -1
- oci/opsi/models/host_entities.py +1 -1
- oci/opsi/models/host_filesystem_configuration.py +1 -1
- oci/opsi/models/host_filesystem_usage.py +1 -1
- oci/opsi/models/host_gpu_configuration.py +1 -1
- oci/opsi/models/host_gpu_processes.py +1 -1
- oci/opsi/models/host_gpu_usage.py +1 -1
- oci/opsi/models/host_hardware_configuration.py +1 -1
- oci/opsi/models/host_io_statistics.py +160 -0
- oci/opsi/models/host_io_usage.py +1 -1
- oci/opsi/models/host_memory_configuration.py +1 -1
- oci/opsi/models/host_memory_statistics.py +1 -1
- oci/opsi/models/host_memory_usage.py +1 -1
- oci/opsi/models/host_network_activity_summary.py +1 -1
- oci/opsi/models/host_network_configuration.py +1 -1
- oci/opsi/models/host_network_statistics.py +1 -1
- oci/opsi/models/host_performance_metric_group.py +3 -11
- oci/opsi/models/host_product.py +1 -1
- oci/opsi/models/host_resource_allocation.py +1 -1
- oci/opsi/models/host_resource_statistics.py +11 -3
- oci/opsi/models/host_storage_statistics.py +1 -1
- oci/opsi/models/host_top_processes.py +1 -1
- oci/opsi/models/io_usage_trend.py +227 -0
- oci/opsi/models/io_usage_trend_aggregation.py +103 -0
- oci/opsi/models/summarize_host_insight_host_recommendation_aggregation.py +7 -3
- oci/opsi/models/summarize_host_insight_io_usage_trend_aggregation_collection.py +165 -0
- oci/opsi/models/summarize_host_insight_resource_capacity_trend_aggregation_collection.py +7 -3
- oci/opsi/models/summarize_host_insight_resource_forecast_trend_aggregation.py +7 -3
- oci/opsi/models/summarize_host_insight_resource_statistics_aggregation_collection.py +7 -3
- oci/opsi/models/summarize_host_insight_resource_usage_aggregation.py +7 -3
- oci/opsi/models/summarize_host_insight_resource_usage_trend_aggregation_collection.py +7 -3
- oci/opsi/models/summarize_host_insight_resource_utilization_insight_aggregation.py +7 -3
- oci/opsi/operations_insights_client.py +362 -179
- oci/optimizer/optimizer_client.py +26 -26
- oci/os_management/event_client.py +8 -8
- oci/os_management/os_management_client.py +69 -69
- oci/os_management_hub/event_client.py +8 -8
- oci/os_management_hub/lifecycle_environment_client.py +12 -12
- oci/os_management_hub/managed_instance_client.py +31 -31
- oci/os_management_hub/managed_instance_group_client.py +25 -25
- oci/os_management_hub/management_station_client.py +10 -10
- oci/os_management_hub/onboarding_client.py +6 -6
- oci/os_management_hub/reporting_managed_instance_client.py +3 -3
- oci/os_management_hub/scheduled_job_client.py +7 -7
- oci/os_management_hub/software_source_client.py +27 -27
- oci/os_management_hub/work_request_client.py +4 -4
- oci/osp_gateway/address_rule_service_client.py +1 -1
- oci/osp_gateway/address_service_client.py +2 -2
- oci/osp_gateway/invoice_service_client.py +5 -5
- oci/osp_gateway/subscription_service_client.py +5 -5
- oci/osub_billing_schedule/billing_schedule_client.py +1 -1
- oci/osub_organization_subscription/organization_subscription_client.py +1 -1
- oci/osub_subscription/commitment_client.py +2 -2
- oci/osub_subscription/ratecard_client.py +1 -1
- oci/osub_subscription/subscription_client.py +1 -1
- oci/osub_usage/computed_usage_client.py +3 -3
- oci/psql/postgresql_client.py +33 -33
- oci/queue/queue_admin_client.py +11 -11
- oci/queue/queue_client.py +8 -8
- oci/recovery/database_recovery_client.py +26 -26
- oci/redis/redis_cluster_client.py +12 -12
- oci/resource_manager/resource_manager_client.py +52 -52
- oci/resource_scheduler/schedule_client.py +13 -13
- oci/resource_search/resource_search_client.py +3 -3
- oci/rover/rover_bundle_client.py +8 -8
- oci/rover/rover_cluster_client.py +8 -8
- oci/rover/rover_entitlement_client.py +6 -6
- oci/rover/rover_node_client.py +15 -15
- oci/rover/shape_client.py +1 -1
- oci/rover/work_requests_client.py +5 -5
- oci/sch/connector_plugins_client.py +2 -2
- oci/sch/service_connector_client.py +12 -12
- oci/secrets/secrets_client.py +3 -3
- oci/security_attribute/security_attribute_client.py +18 -18
- oci/service_catalog/service_catalog_client.py +26 -26
- oci/service_manager_proxy/service_manager_proxy_client.py +2 -2
- oci/service_mesh/service_mesh_client.py +48 -48
- oci/stack_monitoring/stack_monitoring_client.py +71 -71
- oci/streaming/stream_admin_client.py +18 -18
- oci/streaming/stream_client.py +8 -8
- oci/tenant_manager_control_plane/domain_client.py +5 -5
- oci/tenant_manager_control_plane/domain_governance_client.py +5 -5
- oci/tenant_manager_control_plane/governance_client.py +2 -2
- oci/tenant_manager_control_plane/link_client.py +3 -3
- oci/tenant_manager_control_plane/orders_client.py +2 -2
- oci/tenant_manager_control_plane/organization_client.py +10 -10
- oci/tenant_manager_control_plane/recipient_invitation_client.py +5 -5
- oci/tenant_manager_control_plane/sender_invitation_client.py +5 -5
- oci/tenant_manager_control_plane/subscription_client.py +11 -11
- oci/tenant_manager_control_plane/work_request_client.py +4 -4
- oci/threat_intelligence/threatintel_client.py +5 -5
- oci/usage/resources_client.py +2 -2
- oci/usage/rewards_client.py +6 -6
- oci/usage/usagelimits_client.py +1 -1
- oci/usage_api/usageapi_client.py +33 -33
- oci/vault/vaults_client.py +13 -13
- oci/vbs_inst/vbs_instance_client.py +10 -10
- oci/version.py +1 -1
- oci/visual_builder/vb_instance_client.py +13 -13
- oci/vn_monitoring/vn_monitoring_client.py +12 -12
- oci/vulnerability_scanning/vulnerability_scanning_client.py +58 -58
- oci/waa/waa_client.py +13 -13
- oci/waa/work_request_client.py +4 -4
- oci/waas/redirect_client.py +6 -6
- oci/waas/waas_client.py +66 -66
- oci/waf/waf_client.py +24 -24
- oci/work_requests/work_request_client.py +4 -4
- oci/zpr/zpr_client.py +15 -15
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/METADATA +1 -1
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/RECORD +626 -506
- oci/_vendor/jwt/__main__.py +0 -173
- oci/_vendor/jwt/compat.py +0 -73
- oci/_vendor/jwt/contrib/__init__.py +0 -0
- oci/_vendor/jwt/contrib/algorithms/__init__.py +0 -0
- oci/_vendor/jwt/contrib/algorithms/py_ecdsa.py +0 -60
- oci/_vendor/jwt/contrib/algorithms/pycrypto.py +0 -46
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/LICENSE.txt +0 -0
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/THIRD_PARTY_LICENSES.txt +0 -0
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/WHEEL +0 -0
- {oci-2.136.0.dist-info → oci-2.137.1.dist-info}/top_level.txt +0 -0
oci/_vendor/jwt/algorithms.py
CHANGED
|
@@ -1,43 +1,80 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
# Modified Work: Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
|
|
3
3
|
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
|
|
4
|
-
# Original Work: Copyright (c) 2015 José Padilla
|
|
4
|
+
# Original Work: Copyright (c) 2015-2022 José Padilla
|
|
5
5
|
|
|
6
6
|
import hashlib
|
|
7
7
|
import hmac
|
|
8
8
|
import json
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
from .compat import constant_time_compare, string_types
|
|
12
10
|
from .exceptions import InvalidKeyError
|
|
13
11
|
from .utils import (
|
|
14
|
-
base64url_decode,
|
|
15
|
-
|
|
16
|
-
|
|
12
|
+
base64url_decode,
|
|
13
|
+
base64url_encode,
|
|
14
|
+
der_to_raw_signature,
|
|
15
|
+
force_bytes,
|
|
16
|
+
from_base64url_uint,
|
|
17
|
+
is_pem_format,
|
|
18
|
+
is_ssh_key,
|
|
19
|
+
raw_to_der_signature,
|
|
20
|
+
to_base64url_uint,
|
|
17
21
|
)
|
|
18
22
|
|
|
19
23
|
try:
|
|
24
|
+
import cryptography.exceptions
|
|
25
|
+
from cryptography.exceptions import InvalidSignature
|
|
20
26
|
from cryptography.hazmat.primitives import hashes
|
|
21
|
-
from cryptography.hazmat.primitives.
|
|
22
|
-
|
|
27
|
+
from cryptography.hazmat.primitives.asymmetric import ec, padding
|
|
28
|
+
from cryptography.hazmat.primitives.asymmetric.ec import (
|
|
29
|
+
EllipticCurvePrivateKey,
|
|
30
|
+
EllipticCurvePublicKey,
|
|
31
|
+
)
|
|
32
|
+
from cryptography.hazmat.primitives.asymmetric.ed448 import (
|
|
33
|
+
Ed448PrivateKey,
|
|
34
|
+
Ed448PublicKey,
|
|
35
|
+
)
|
|
36
|
+
from cryptography.hazmat.primitives.asymmetric.ed25519 import (
|
|
37
|
+
Ed25519PrivateKey,
|
|
38
|
+
Ed25519PublicKey,
|
|
23
39
|
)
|
|
24
40
|
from cryptography.hazmat.primitives.asymmetric.rsa import (
|
|
25
|
-
RSAPrivateKey,
|
|
26
|
-
|
|
41
|
+
RSAPrivateKey,
|
|
42
|
+
RSAPrivateNumbers,
|
|
43
|
+
RSAPublicKey,
|
|
44
|
+
RSAPublicNumbers,
|
|
45
|
+
rsa_crt_dmp1,
|
|
46
|
+
rsa_crt_dmq1,
|
|
47
|
+
rsa_crt_iqmp,
|
|
48
|
+
rsa_recover_prime_factors,
|
|
27
49
|
)
|
|
28
|
-
from cryptography.hazmat.primitives.
|
|
29
|
-
|
|
50
|
+
from cryptography.hazmat.primitives.serialization import (
|
|
51
|
+
Encoding,
|
|
52
|
+
NoEncryption,
|
|
53
|
+
PrivateFormat,
|
|
54
|
+
PublicFormat,
|
|
55
|
+
load_pem_private_key,
|
|
56
|
+
load_pem_public_key,
|
|
57
|
+
load_ssh_public_key,
|
|
30
58
|
)
|
|
31
|
-
from cryptography.hazmat.primitives.asymmetric import ec, padding
|
|
32
|
-
from cryptography.hazmat.backends import default_backend
|
|
33
|
-
from cryptography.exceptions import InvalidSignature
|
|
34
59
|
|
|
35
60
|
has_crypto = True
|
|
36
|
-
except
|
|
61
|
+
except ModuleNotFoundError:
|
|
37
62
|
has_crypto = False
|
|
38
63
|
|
|
39
|
-
requires_cryptography =
|
|
40
|
-
|
|
64
|
+
requires_cryptography = {
|
|
65
|
+
"RS256",
|
|
66
|
+
"RS384",
|
|
67
|
+
"RS512",
|
|
68
|
+
"ES256",
|
|
69
|
+
"ES256K",
|
|
70
|
+
"ES384",
|
|
71
|
+
"ES521",
|
|
72
|
+
"ES512",
|
|
73
|
+
"PS256",
|
|
74
|
+
"PS384",
|
|
75
|
+
"PS512",
|
|
76
|
+
"EdDSA",
|
|
77
|
+
}
|
|
41
78
|
|
|
42
79
|
|
|
43
80
|
def get_default_algorithms():
|
|
@@ -45,33 +82,40 @@ def get_default_algorithms():
|
|
|
45
82
|
Returns the algorithms that are implemented by the library.
|
|
46
83
|
"""
|
|
47
84
|
default_algorithms = {
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
85
|
+
"none": NoneAlgorithm(),
|
|
86
|
+
"HS256": HMACAlgorithm(HMACAlgorithm.SHA256),
|
|
87
|
+
"HS384": HMACAlgorithm(HMACAlgorithm.SHA384),
|
|
88
|
+
"HS512": HMACAlgorithm(HMACAlgorithm.SHA512),
|
|
52
89
|
}
|
|
53
90
|
|
|
54
91
|
if has_crypto:
|
|
55
|
-
default_algorithms.update(
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
92
|
+
default_algorithms.update(
|
|
93
|
+
{
|
|
94
|
+
"RS256": RSAAlgorithm(RSAAlgorithm.SHA256),
|
|
95
|
+
"RS384": RSAAlgorithm(RSAAlgorithm.SHA384),
|
|
96
|
+
"RS512": RSAAlgorithm(RSAAlgorithm.SHA512),
|
|
97
|
+
"ES256": ECAlgorithm(ECAlgorithm.SHA256),
|
|
98
|
+
"ES256K": ECAlgorithm(ECAlgorithm.SHA256),
|
|
99
|
+
"ES384": ECAlgorithm(ECAlgorithm.SHA384),
|
|
100
|
+
"ES521": ECAlgorithm(ECAlgorithm.SHA512),
|
|
101
|
+
"ES512": ECAlgorithm(
|
|
102
|
+
ECAlgorithm.SHA512
|
|
103
|
+
), # Backward compat for #219 fix
|
|
104
|
+
"PS256": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
|
|
105
|
+
"PS384": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
|
|
106
|
+
"PS512": RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512),
|
|
107
|
+
"EdDSA": OKPAlgorithm(),
|
|
108
|
+
}
|
|
109
|
+
)
|
|
67
110
|
|
|
68
111
|
return default_algorithms
|
|
69
112
|
|
|
70
113
|
|
|
71
|
-
class Algorithm
|
|
114
|
+
class Algorithm:
|
|
72
115
|
"""
|
|
73
116
|
The interface for an algorithm used to sign and verify tokens.
|
|
74
117
|
"""
|
|
118
|
+
|
|
75
119
|
def prepare_key(self, key):
|
|
76
120
|
"""
|
|
77
121
|
Performs necessary validation and conversions on the key and returns
|
|
@@ -113,8 +157,9 @@ class NoneAlgorithm(Algorithm):
|
|
|
113
157
|
Placeholder for use when no signing or verification
|
|
114
158
|
operations are required.
|
|
115
159
|
"""
|
|
160
|
+
|
|
116
161
|
def prepare_key(self, key):
|
|
117
|
-
if key ==
|
|
162
|
+
if key == "":
|
|
118
163
|
key = None
|
|
119
164
|
|
|
120
165
|
if key is not None:
|
|
@@ -123,7 +168,7 @@ class NoneAlgorithm(Algorithm):
|
|
|
123
168
|
return key
|
|
124
169
|
|
|
125
170
|
def sign(self, msg, key):
|
|
126
|
-
return b
|
|
171
|
+
return b""
|
|
127
172
|
|
|
128
173
|
def verify(self, msg, key, sig):
|
|
129
174
|
return False
|
|
@@ -134,6 +179,7 @@ class HMACAlgorithm(Algorithm):
|
|
|
134
179
|
Performs signing and verification operations using HMAC
|
|
135
180
|
and the specified hash function.
|
|
136
181
|
"""
|
|
182
|
+
|
|
137
183
|
SHA256 = hashlib.sha256
|
|
138
184
|
SHA384 = hashlib.sha384
|
|
139
185
|
SHA512 = hashlib.sha512
|
|
@@ -144,41 +190,45 @@ class HMACAlgorithm(Algorithm):
|
|
|
144
190
|
def prepare_key(self, key):
|
|
145
191
|
key = force_bytes(key)
|
|
146
192
|
|
|
147
|
-
|
|
148
|
-
b'-----BEGIN PUBLIC KEY-----',
|
|
149
|
-
b'-----BEGIN CERTIFICATE-----',
|
|
150
|
-
b'-----BEGIN RSA PUBLIC KEY-----',
|
|
151
|
-
b'ssh-rsa'
|
|
152
|
-
]
|
|
153
|
-
|
|
154
|
-
if any([string_value in key for string_value in invalid_strings]):
|
|
193
|
+
if is_pem_format(key) or is_ssh_key(key):
|
|
155
194
|
raise InvalidKeyError(
|
|
156
|
-
|
|
157
|
-
|
|
195
|
+
"The specified key is an asymmetric key or x509 certificate and"
|
|
196
|
+
" should not be used as an HMAC secret."
|
|
197
|
+
)
|
|
158
198
|
|
|
159
199
|
return key
|
|
160
200
|
|
|
161
201
|
@staticmethod
|
|
162
202
|
def to_jwk(key_obj):
|
|
163
|
-
return json.dumps(
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
203
|
+
return json.dumps(
|
|
204
|
+
{
|
|
205
|
+
"k": base64url_encode(force_bytes(key_obj)).decode(),
|
|
206
|
+
"kty": "oct",
|
|
207
|
+
}
|
|
208
|
+
)
|
|
167
209
|
|
|
168
210
|
@staticmethod
|
|
169
211
|
def from_jwk(jwk):
|
|
170
|
-
|
|
212
|
+
try:
|
|
213
|
+
if isinstance(jwk, str):
|
|
214
|
+
obj = json.loads(jwk)
|
|
215
|
+
elif isinstance(jwk, dict):
|
|
216
|
+
obj = jwk
|
|
217
|
+
else:
|
|
218
|
+
raise ValueError
|
|
219
|
+
except ValueError:
|
|
220
|
+
raise InvalidKeyError("Key is not valid JSON")
|
|
171
221
|
|
|
172
|
-
if obj.get(
|
|
173
|
-
raise InvalidKeyError(
|
|
222
|
+
if obj.get("kty") != "oct":
|
|
223
|
+
raise InvalidKeyError("Not an HMAC key")
|
|
174
224
|
|
|
175
|
-
return base64url_decode(obj[
|
|
225
|
+
return base64url_decode(obj["k"])
|
|
176
226
|
|
|
177
227
|
def sign(self, msg, key):
|
|
178
228
|
return hmac.new(key, msg, self.hash_alg).digest()
|
|
179
229
|
|
|
180
230
|
def verify(self, msg, key, sig):
|
|
181
|
-
return
|
|
231
|
+
return hmac.compare_digest(sig, self.sign(msg, key))
|
|
182
232
|
|
|
183
233
|
|
|
184
234
|
if has_crypto:
|
|
@@ -188,6 +238,7 @@ if has_crypto:
|
|
|
188
238
|
Performs signing and verification operations using
|
|
189
239
|
RSASSA-PKCS-v1_5 and the specified hash function.
|
|
190
240
|
"""
|
|
241
|
+
|
|
191
242
|
SHA256 = hashes.SHA256
|
|
192
243
|
SHA384 = hashes.SHA384
|
|
193
244
|
SHA512 = hashes.SHA512
|
|
@@ -196,99 +247,107 @@ if has_crypto:
|
|
|
196
247
|
self.hash_alg = hash_alg
|
|
197
248
|
|
|
198
249
|
def prepare_key(self, key):
|
|
199
|
-
if isinstance(key, RSAPrivateKey)
|
|
200
|
-
isinstance(key, RSAPublicKey):
|
|
250
|
+
if isinstance(key, (RSAPrivateKey, RSAPublicKey)):
|
|
201
251
|
return key
|
|
202
252
|
|
|
203
|
-
if isinstance(key,
|
|
204
|
-
|
|
253
|
+
if not isinstance(key, (bytes, str)):
|
|
254
|
+
raise TypeError("Expecting a PEM-formatted key.")
|
|
205
255
|
|
|
206
|
-
|
|
207
|
-
if key.startswith(b'ssh-rsa'):
|
|
208
|
-
key = load_ssh_public_key(key, backend=default_backend())
|
|
209
|
-
else:
|
|
210
|
-
key = load_pem_private_key(key, password=None, backend=default_backend())
|
|
211
|
-
except ValueError:
|
|
212
|
-
key = load_pem_public_key(key, backend=default_backend())
|
|
213
|
-
else:
|
|
214
|
-
raise TypeError('Expecting a PEM-formatted key.')
|
|
256
|
+
key = force_bytes(key)
|
|
215
257
|
|
|
258
|
+
try:
|
|
259
|
+
if key.startswith(b"ssh-rsa"):
|
|
260
|
+
key = load_ssh_public_key(key)
|
|
261
|
+
else:
|
|
262
|
+
key = load_pem_private_key(key, password=None)
|
|
263
|
+
except ValueError:
|
|
264
|
+
key = load_pem_public_key(key)
|
|
216
265
|
return key
|
|
217
266
|
|
|
218
267
|
@staticmethod
|
|
219
268
|
def to_jwk(key_obj):
|
|
220
269
|
obj = None
|
|
221
270
|
|
|
222
|
-
if getattr(key_obj,
|
|
271
|
+
if getattr(key_obj, "private_numbers", None):
|
|
223
272
|
# Private key
|
|
224
273
|
numbers = key_obj.private_numbers()
|
|
225
274
|
|
|
226
275
|
obj = {
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
276
|
+
"kty": "RSA",
|
|
277
|
+
"key_ops": ["sign"],
|
|
278
|
+
"n": to_base64url_uint(numbers.public_numbers.n).decode(),
|
|
279
|
+
"e": to_base64url_uint(numbers.public_numbers.e).decode(),
|
|
280
|
+
"d": to_base64url_uint(numbers.d).decode(),
|
|
281
|
+
"p": to_base64url_uint(numbers.p).decode(),
|
|
282
|
+
"q": to_base64url_uint(numbers.q).decode(),
|
|
283
|
+
"dp": to_base64url_uint(numbers.dmp1).decode(),
|
|
284
|
+
"dq": to_base64url_uint(numbers.dmq1).decode(),
|
|
285
|
+
"qi": to_base64url_uint(numbers.iqmp).decode(),
|
|
237
286
|
}
|
|
238
287
|
|
|
239
|
-
elif getattr(key_obj,
|
|
288
|
+
elif getattr(key_obj, "verify", None):
|
|
240
289
|
# Public key
|
|
241
290
|
numbers = key_obj.public_numbers()
|
|
242
291
|
|
|
243
292
|
obj = {
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
293
|
+
"kty": "RSA",
|
|
294
|
+
"key_ops": ["verify"],
|
|
295
|
+
"n": to_base64url_uint(numbers.n).decode(),
|
|
296
|
+
"e": to_base64url_uint(numbers.e).decode(),
|
|
248
297
|
}
|
|
249
298
|
else:
|
|
250
|
-
raise InvalidKeyError(
|
|
299
|
+
raise InvalidKeyError("Not a public or private key")
|
|
251
300
|
|
|
252
301
|
return json.dumps(obj)
|
|
253
302
|
|
|
254
303
|
@staticmethod
|
|
255
304
|
def from_jwk(jwk):
|
|
256
305
|
try:
|
|
257
|
-
|
|
306
|
+
if isinstance(jwk, str):
|
|
307
|
+
obj = json.loads(jwk)
|
|
308
|
+
elif isinstance(jwk, dict):
|
|
309
|
+
obj = jwk
|
|
310
|
+
else:
|
|
311
|
+
raise ValueError
|
|
258
312
|
except ValueError:
|
|
259
|
-
raise InvalidKeyError(
|
|
313
|
+
raise InvalidKeyError("Key is not valid JSON")
|
|
260
314
|
|
|
261
|
-
if obj.get(
|
|
262
|
-
raise InvalidKeyError(
|
|
315
|
+
if obj.get("kty") != "RSA":
|
|
316
|
+
raise InvalidKeyError("Not an RSA key")
|
|
263
317
|
|
|
264
|
-
if
|
|
318
|
+
if "d" in obj and "e" in obj and "n" in obj:
|
|
265
319
|
# Private key
|
|
266
|
-
if
|
|
267
|
-
raise InvalidKeyError(
|
|
320
|
+
if "oth" in obj:
|
|
321
|
+
raise InvalidKeyError(
|
|
322
|
+
"Unsupported RSA private key: > 2 primes not supported"
|
|
323
|
+
)
|
|
268
324
|
|
|
269
|
-
other_props = [
|
|
325
|
+
other_props = ["p", "q", "dp", "dq", "qi"]
|
|
270
326
|
props_found = [prop in obj for prop in other_props]
|
|
271
327
|
any_props_found = any(props_found)
|
|
272
328
|
|
|
273
329
|
if any_props_found and not all(props_found):
|
|
274
|
-
raise InvalidKeyError(
|
|
330
|
+
raise InvalidKeyError(
|
|
331
|
+
"RSA key must include all parameters if any are present besides d"
|
|
332
|
+
)
|
|
275
333
|
|
|
276
334
|
public_numbers = RSAPublicNumbers(
|
|
277
|
-
from_base64url_uint(obj[
|
|
335
|
+
from_base64url_uint(obj["e"]),
|
|
336
|
+
from_base64url_uint(obj["n"]),
|
|
278
337
|
)
|
|
279
338
|
|
|
280
339
|
if any_props_found:
|
|
281
340
|
numbers = RSAPrivateNumbers(
|
|
282
|
-
d=from_base64url_uint(obj[
|
|
283
|
-
p=from_base64url_uint(obj[
|
|
284
|
-
q=from_base64url_uint(obj[
|
|
285
|
-
dmp1=from_base64url_uint(obj[
|
|
286
|
-
dmq1=from_base64url_uint(obj[
|
|
287
|
-
iqmp=from_base64url_uint(obj[
|
|
288
|
-
public_numbers=public_numbers
|
|
341
|
+
d=from_base64url_uint(obj["d"]),
|
|
342
|
+
p=from_base64url_uint(obj["p"]),
|
|
343
|
+
q=from_base64url_uint(obj["q"]),
|
|
344
|
+
dmp1=from_base64url_uint(obj["dp"]),
|
|
345
|
+
dmq1=from_base64url_uint(obj["dq"]),
|
|
346
|
+
iqmp=from_base64url_uint(obj["qi"]),
|
|
347
|
+
public_numbers=public_numbers,
|
|
289
348
|
)
|
|
290
349
|
else:
|
|
291
|
-
d = from_base64url_uint(obj[
|
|
350
|
+
d = from_base64url_uint(obj["d"])
|
|
292
351
|
p, q = rsa_recover_prime_factors(
|
|
293
352
|
public_numbers.n, d, public_numbers.e
|
|
294
353
|
)
|
|
@@ -300,19 +359,20 @@ if has_crypto:
|
|
|
300
359
|
dmp1=rsa_crt_dmp1(d, p),
|
|
301
360
|
dmq1=rsa_crt_dmq1(d, q),
|
|
302
361
|
iqmp=rsa_crt_iqmp(p, q),
|
|
303
|
-
public_numbers=public_numbers
|
|
362
|
+
public_numbers=public_numbers,
|
|
304
363
|
)
|
|
305
364
|
|
|
306
|
-
return numbers.private_key(
|
|
307
|
-
elif
|
|
365
|
+
return numbers.private_key()
|
|
366
|
+
elif "n" in obj and "e" in obj:
|
|
308
367
|
# Public key
|
|
309
368
|
numbers = RSAPublicNumbers(
|
|
310
|
-
from_base64url_uint(obj[
|
|
369
|
+
from_base64url_uint(obj["e"]),
|
|
370
|
+
from_base64url_uint(obj["n"]),
|
|
311
371
|
)
|
|
312
372
|
|
|
313
|
-
return numbers.public_key(
|
|
373
|
+
return numbers.public_key()
|
|
314
374
|
else:
|
|
315
|
-
raise InvalidKeyError(
|
|
375
|
+
raise InvalidKeyError("Not a public or private key")
|
|
316
376
|
|
|
317
377
|
def sign(self, msg, key):
|
|
318
378
|
return key.sign(msg, padding.PKCS1v15(), self.hash_alg())
|
|
@@ -329,6 +389,7 @@ if has_crypto:
|
|
|
329
389
|
Performs signing and verification operations using
|
|
330
390
|
ECDSA and the specified hash function
|
|
331
391
|
"""
|
|
392
|
+
|
|
332
393
|
SHA256 = hashes.SHA256
|
|
333
394
|
SHA384 = hashes.SHA384
|
|
334
395
|
SHA512 = hashes.SHA512
|
|
@@ -337,26 +398,30 @@ if has_crypto:
|
|
|
337
398
|
self.hash_alg = hash_alg
|
|
338
399
|
|
|
339
400
|
def prepare_key(self, key):
|
|
340
|
-
if isinstance(key, EllipticCurvePrivateKey)
|
|
341
|
-
isinstance(key, EllipticCurvePublicKey):
|
|
401
|
+
if isinstance(key, (EllipticCurvePrivateKey, EllipticCurvePublicKey)):
|
|
342
402
|
return key
|
|
343
403
|
|
|
344
|
-
if isinstance(key,
|
|
345
|
-
|
|
404
|
+
if not isinstance(key, (bytes, str)):
|
|
405
|
+
raise TypeError("Expecting a PEM-formatted key.")
|
|
346
406
|
|
|
347
|
-
|
|
348
|
-
# a Signing Key or a Verifying Key, so we try
|
|
349
|
-
# the Verifying Key first.
|
|
350
|
-
try:
|
|
351
|
-
if key.startswith(b'ecdsa-sha2-'):
|
|
352
|
-
key = load_ssh_public_key(key, backend=default_backend())
|
|
353
|
-
else:
|
|
354
|
-
key = load_pem_public_key(key, backend=default_backend())
|
|
355
|
-
except ValueError:
|
|
356
|
-
key = load_pem_private_key(key, password=None, backend=default_backend())
|
|
407
|
+
key = force_bytes(key)
|
|
357
408
|
|
|
358
|
-
|
|
359
|
-
|
|
409
|
+
# Attempt to load key. We don't know if it's
|
|
410
|
+
# a Signing Key or a Verifying Key, so we try
|
|
411
|
+
# the Verifying Key first.
|
|
412
|
+
try:
|
|
413
|
+
if key.startswith(b"ecdsa-sha2-"):
|
|
414
|
+
key = load_ssh_public_key(key)
|
|
415
|
+
else:
|
|
416
|
+
key = load_pem_public_key(key)
|
|
417
|
+
except ValueError:
|
|
418
|
+
key = load_pem_private_key(key, password=None)
|
|
419
|
+
|
|
420
|
+
# Explicit check the key to prevent confusing errors from cryptography
|
|
421
|
+
if not isinstance(key, (EllipticCurvePrivateKey, EllipticCurvePublicKey)):
|
|
422
|
+
raise InvalidKeyError(
|
|
423
|
+
"Expecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms"
|
|
424
|
+
)
|
|
360
425
|
|
|
361
426
|
return key
|
|
362
427
|
|
|
@@ -372,11 +437,79 @@ if has_crypto:
|
|
|
372
437
|
return False
|
|
373
438
|
|
|
374
439
|
try:
|
|
440
|
+
if isinstance(key, EllipticCurvePrivateKey):
|
|
441
|
+
key = key.public_key()
|
|
375
442
|
key.verify(der_sig, msg, ec.ECDSA(self.hash_alg()))
|
|
376
443
|
return True
|
|
377
444
|
except InvalidSignature:
|
|
378
445
|
return False
|
|
379
446
|
|
|
447
|
+
@staticmethod
|
|
448
|
+
def from_jwk(jwk):
|
|
449
|
+
try:
|
|
450
|
+
if isinstance(jwk, str):
|
|
451
|
+
obj = json.loads(jwk)
|
|
452
|
+
elif isinstance(jwk, dict):
|
|
453
|
+
obj = jwk
|
|
454
|
+
else:
|
|
455
|
+
raise ValueError
|
|
456
|
+
except ValueError:
|
|
457
|
+
raise InvalidKeyError("Key is not valid JSON")
|
|
458
|
+
|
|
459
|
+
if obj.get("kty") != "EC":
|
|
460
|
+
raise InvalidKeyError("Not an Elliptic curve key")
|
|
461
|
+
|
|
462
|
+
if "x" not in obj or "y" not in obj:
|
|
463
|
+
raise InvalidKeyError("Not an Elliptic curve key")
|
|
464
|
+
|
|
465
|
+
x = base64url_decode(obj.get("x"))
|
|
466
|
+
y = base64url_decode(obj.get("y"))
|
|
467
|
+
|
|
468
|
+
curve = obj.get("crv")
|
|
469
|
+
if curve == "P-256":
|
|
470
|
+
if len(x) == len(y) == 32:
|
|
471
|
+
curve_obj = ec.SECP256R1()
|
|
472
|
+
else:
|
|
473
|
+
raise InvalidKeyError("Coords should be 32 bytes for curve P-256")
|
|
474
|
+
elif curve == "P-384":
|
|
475
|
+
if len(x) == len(y) == 48:
|
|
476
|
+
curve_obj = ec.SECP384R1()
|
|
477
|
+
else:
|
|
478
|
+
raise InvalidKeyError("Coords should be 48 bytes for curve P-384")
|
|
479
|
+
elif curve == "P-521":
|
|
480
|
+
if len(x) == len(y) == 66:
|
|
481
|
+
curve_obj = ec.SECP521R1()
|
|
482
|
+
else:
|
|
483
|
+
raise InvalidKeyError("Coords should be 66 bytes for curve P-521")
|
|
484
|
+
elif curve == "secp256k1":
|
|
485
|
+
if len(x) == len(y) == 32:
|
|
486
|
+
curve_obj = ec.SECP256K1()
|
|
487
|
+
else:
|
|
488
|
+
raise InvalidKeyError(
|
|
489
|
+
"Coords should be 32 bytes for curve secp256k1"
|
|
490
|
+
)
|
|
491
|
+
else:
|
|
492
|
+
raise InvalidKeyError(f"Invalid curve: {curve}")
|
|
493
|
+
|
|
494
|
+
public_numbers = ec.EllipticCurvePublicNumbers(
|
|
495
|
+
x=int.from_bytes(x, byteorder="big"),
|
|
496
|
+
y=int.from_bytes(y, byteorder="big"),
|
|
497
|
+
curve=curve_obj,
|
|
498
|
+
)
|
|
499
|
+
|
|
500
|
+
if "d" not in obj:
|
|
501
|
+
return public_numbers.public_key()
|
|
502
|
+
|
|
503
|
+
d = base64url_decode(obj.get("d"))
|
|
504
|
+
if len(d) != len(x):
|
|
505
|
+
raise InvalidKeyError(
|
|
506
|
+
"D should be {} bytes for curve {}", len(x), curve
|
|
507
|
+
)
|
|
508
|
+
|
|
509
|
+
return ec.EllipticCurvePrivateNumbers(
|
|
510
|
+
int.from_bytes(d, byteorder="big"), public_numbers
|
|
511
|
+
).private_key()
|
|
512
|
+
|
|
380
513
|
class RSAPSSAlgorithm(RSAAlgorithm):
|
|
381
514
|
"""
|
|
382
515
|
Performs a signature using RSASSA-PSS with MGF1
|
|
@@ -387,9 +520,9 @@ if has_crypto:
|
|
|
387
520
|
msg,
|
|
388
521
|
padding.PSS(
|
|
389
522
|
mgf=padding.MGF1(self.hash_alg()),
|
|
390
|
-
salt_length=self.hash_alg.digest_size
|
|
523
|
+
salt_length=self.hash_alg.digest_size,
|
|
391
524
|
),
|
|
392
|
-
self.hash_alg()
|
|
525
|
+
self.hash_alg(),
|
|
393
526
|
)
|
|
394
527
|
|
|
395
528
|
def verify(self, msg, key, sig):
|
|
@@ -399,10 +532,151 @@ if has_crypto:
|
|
|
399
532
|
msg,
|
|
400
533
|
padding.PSS(
|
|
401
534
|
mgf=padding.MGF1(self.hash_alg()),
|
|
402
|
-
salt_length=self.hash_alg.digest_size
|
|
535
|
+
salt_length=self.hash_alg.digest_size,
|
|
403
536
|
),
|
|
404
|
-
self.hash_alg()
|
|
537
|
+
self.hash_alg(),
|
|
405
538
|
)
|
|
406
539
|
return True
|
|
407
540
|
except InvalidSignature:
|
|
408
541
|
return False
|
|
542
|
+
|
|
543
|
+
class OKPAlgorithm(Algorithm):
|
|
544
|
+
"""
|
|
545
|
+
Performs signing and verification operations using EdDSA
|
|
546
|
+
|
|
547
|
+
This class requires ``cryptography>=2.6`` to be installed.
|
|
548
|
+
"""
|
|
549
|
+
|
|
550
|
+
def __init__(self, **kwargs):
|
|
551
|
+
pass
|
|
552
|
+
|
|
553
|
+
def prepare_key(self, key):
|
|
554
|
+
if isinstance(key, (bytes, str)):
|
|
555
|
+
if isinstance(key, str):
|
|
556
|
+
key = key.encode("utf-8")
|
|
557
|
+
str_key = key.decode("utf-8")
|
|
558
|
+
|
|
559
|
+
if "-----BEGIN PUBLIC" in str_key:
|
|
560
|
+
key = load_pem_public_key(key)
|
|
561
|
+
elif "-----BEGIN PRIVATE" in str_key:
|
|
562
|
+
key = load_pem_private_key(key, password=None)
|
|
563
|
+
elif str_key[0:4] == "ssh-":
|
|
564
|
+
key = load_ssh_public_key(key)
|
|
565
|
+
|
|
566
|
+
# Explicit check the key to prevent confusing errors from cryptography
|
|
567
|
+
if not isinstance(
|
|
568
|
+
key,
|
|
569
|
+
(Ed25519PrivateKey, Ed25519PublicKey, Ed448PrivateKey, Ed448PublicKey),
|
|
570
|
+
):
|
|
571
|
+
raise InvalidKeyError(
|
|
572
|
+
"Expecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms"
|
|
573
|
+
)
|
|
574
|
+
|
|
575
|
+
return key
|
|
576
|
+
|
|
577
|
+
def sign(self, msg, key):
|
|
578
|
+
"""
|
|
579
|
+
Sign a message ``msg`` using the EdDSA private key ``key``
|
|
580
|
+
:param str|bytes msg: Message to sign
|
|
581
|
+
:param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey`
|
|
582
|
+
or :class:`.Ed448PrivateKey` iinstance
|
|
583
|
+
:return bytes signature: The signature, as bytes
|
|
584
|
+
"""
|
|
585
|
+
msg = bytes(msg, "utf-8") if type(msg) is not bytes else msg
|
|
586
|
+
return key.sign(msg)
|
|
587
|
+
|
|
588
|
+
def verify(self, msg, key, sig):
|
|
589
|
+
"""
|
|
590
|
+
Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key``
|
|
591
|
+
|
|
592
|
+
:param str|bytes sig: EdDSA signature to check ``msg`` against
|
|
593
|
+
:param str|bytes msg: Message to sign
|
|
594
|
+
:param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key:
|
|
595
|
+
A private or public EdDSA key instance
|
|
596
|
+
:return bool verified: True if signature is valid, False if not.
|
|
597
|
+
"""
|
|
598
|
+
try:
|
|
599
|
+
msg = bytes(msg, "utf-8") if type(msg) is not bytes else msg
|
|
600
|
+
sig = bytes(sig, "utf-8") if type(sig) is not bytes else sig
|
|
601
|
+
|
|
602
|
+
if isinstance(key, (Ed25519PrivateKey, Ed448PrivateKey)):
|
|
603
|
+
key = key.public_key()
|
|
604
|
+
key.verify(sig, msg)
|
|
605
|
+
return True # If no exception was raised, the signature is valid.
|
|
606
|
+
except cryptography.exceptions.InvalidSignature:
|
|
607
|
+
return False
|
|
608
|
+
|
|
609
|
+
@staticmethod
|
|
610
|
+
def to_jwk(key):
|
|
611
|
+
if isinstance(key, (Ed25519PublicKey, Ed448PublicKey)):
|
|
612
|
+
x = key.public_bytes(
|
|
613
|
+
encoding=Encoding.Raw,
|
|
614
|
+
format=PublicFormat.Raw,
|
|
615
|
+
)
|
|
616
|
+
crv = "Ed25519" if isinstance(key, Ed25519PublicKey) else "Ed448"
|
|
617
|
+
return json.dumps(
|
|
618
|
+
{
|
|
619
|
+
"x": base64url_encode(force_bytes(x)).decode(),
|
|
620
|
+
"kty": "OKP",
|
|
621
|
+
"crv": crv,
|
|
622
|
+
}
|
|
623
|
+
)
|
|
624
|
+
|
|
625
|
+
if isinstance(key, (Ed25519PrivateKey, Ed448PrivateKey)):
|
|
626
|
+
d = key.private_bytes(
|
|
627
|
+
encoding=Encoding.Raw,
|
|
628
|
+
format=PrivateFormat.Raw,
|
|
629
|
+
encryption_algorithm=NoEncryption(),
|
|
630
|
+
)
|
|
631
|
+
|
|
632
|
+
x = key.public_key().public_bytes(
|
|
633
|
+
encoding=Encoding.Raw,
|
|
634
|
+
format=PublicFormat.Raw,
|
|
635
|
+
)
|
|
636
|
+
|
|
637
|
+
crv = "Ed25519" if isinstance(key, Ed25519PrivateKey) else "Ed448"
|
|
638
|
+
return json.dumps(
|
|
639
|
+
{
|
|
640
|
+
"x": base64url_encode(force_bytes(x)).decode(),
|
|
641
|
+
"d": base64url_encode(force_bytes(d)).decode(),
|
|
642
|
+
"kty": "OKP",
|
|
643
|
+
"crv": crv,
|
|
644
|
+
}
|
|
645
|
+
)
|
|
646
|
+
|
|
647
|
+
raise InvalidKeyError("Not a public or private key")
|
|
648
|
+
|
|
649
|
+
@staticmethod
|
|
650
|
+
def from_jwk(jwk):
|
|
651
|
+
try:
|
|
652
|
+
if isinstance(jwk, str):
|
|
653
|
+
obj = json.loads(jwk)
|
|
654
|
+
elif isinstance(jwk, dict):
|
|
655
|
+
obj = jwk
|
|
656
|
+
else:
|
|
657
|
+
raise ValueError
|
|
658
|
+
except ValueError:
|
|
659
|
+
raise InvalidKeyError("Key is not valid JSON")
|
|
660
|
+
|
|
661
|
+
if obj.get("kty") != "OKP":
|
|
662
|
+
raise InvalidKeyError("Not an Octet Key Pair")
|
|
663
|
+
|
|
664
|
+
curve = obj.get("crv")
|
|
665
|
+
if curve != "Ed25519" and curve != "Ed448":
|
|
666
|
+
raise InvalidKeyError(f"Invalid curve: {curve}")
|
|
667
|
+
|
|
668
|
+
if "x" not in obj:
|
|
669
|
+
raise InvalidKeyError('OKP should have "x" parameter')
|
|
670
|
+
x = base64url_decode(obj.get("x"))
|
|
671
|
+
|
|
672
|
+
try:
|
|
673
|
+
if "d" not in obj:
|
|
674
|
+
if curve == "Ed25519":
|
|
675
|
+
return Ed25519PublicKey.from_public_bytes(x)
|
|
676
|
+
return Ed448PublicKey.from_public_bytes(x)
|
|
677
|
+
d = base64url_decode(obj.get("d"))
|
|
678
|
+
if curve == "Ed25519":
|
|
679
|
+
return Ed25519PrivateKey.from_private_bytes(d)
|
|
680
|
+
return Ed448PrivateKey.from_private_bytes(d)
|
|
681
|
+
except ValueError as err:
|
|
682
|
+
raise InvalidKeyError("Invalid key parameter") from err
|