Vh:pdZddlmZddlZddlZddlZddlZddlZddlZ ddl m Z m Z ddl mZmZddlmZmZddlmZmZmZmZmZmZGd d eZGd d ej6 ZeddZGddej6 ZGddeej6 ZGddeej6 Z y)z!Support code for CI environments.) annotationsN)to_bytesto_text)read_text_filewrite_text_file) CommonConfig TestConfig)ApplicationErrordisplayget_subclassesimport_plugins raw_commandcacheceZdZdZy)ChangeDetectionNotSupportedzz!get_ci_provider..\s(J[J[]e]n]nIor)keyzDetected CI provider: %s) rsortedr rrr"r infor$)provider candidates candidates rget_ci_providerrIUslH4z28opJ  ! ! # {H  }} /(--?@ OrceZdZdZddZd dZejd dZejd dZ ejd dZ y) AuthHelperz;Public key based authentication helper for Ansible Core CI.cttj|d}|j|}t t j |}|j|y)z>Sign the given auth request and make the public key available.T) sort_keys) signatureN)rjsondumps sign_bytesrbase64 b64encodeupdate)r!request payload_bytessignature_raw_bytesrNs r sign_requestzAuthHelper.sign_requestlsJ Gt!DE "oom<F,,-@AB +rctjjd}tjjt |r t |}|S|j }t|||S)z Initialize and publish a new key pair (if needed) and return the private key. The private key is cached across ansible-test invocations, so it is only generated and published once per CI job. z~/.ansible-core-ci-private.key)ospath expanduserexistsrrgenerate_private_keyr)r!r[private_key_pems rinitialize_private_keyz!AuthHelper.initialize_private_keyts_ ww!!"BC 77>>(4. ),T2O #779O D/ 2rcy)YSign the given payload and return the signature, initializing a new key pair if required.Nr)r!rVs rrQzAuthHelper.sign_bytesrrcy)zPublish the given public key.Nr)r!public_key_pems rpublish_public_keyzAuthHelper.publish_public_keyrrcy)QGenerate a new key pair, publishing the public key and returning the private key.Nrr s rr^zAuthHelper.generate_private_keyrrN)rUr7r3Noner5rVbytesr3rj)rdr6r3rh) rrrrrXr`r:r;rQrer^rrrrKrKisaE,  hh ,, ``rrKc eZdZdZddZddZy)CryptographyAuthHelperzNCryptography based public key based authentication helper for Ansible Core CI.cddlm}ddlm}ddlm}ddlm}|j}|t|d|}t||jsJ|j||j|j}|S)rbrdefault_backend)hashesec)load_pem_private_keyN)cryptography.hazmat.backendsrocryptography.hazmat.primitivesrp)cryptography.hazmat.primitives.asymmetricrr,cryptography.hazmat.primitives.serializationrsr`r isinstanceEllipticCurvePrivateKeysignECDSASHA256) r!rVrorprrrsr_ private_keyrWs rrQz!CryptographyAuthHelper.sign_bytesss A9@U557*8O+DdOL]^ +r'A'ABBB)..}bhhv}}>WX""rcddlm}ddlm}ddlm}|j |j|}|j}t|j|jj|jj|j}t|j!|jj|j"j$}|j'||S)rgrrn) serializationrq)encodingformatencryption_algorithm)rr)rtrorurrvrrr^ SECP384R1 public_keyr private_bytesEncodingPEM PrivateFormatPKCS8 NoEncryption public_bytes PublicFormatSubjectPublicKeyInfore)r!rorrrr}rr_rds rr^z+CryptographyAuthHelper.generate_private_keys A@@--bllno>OP  ++- !+";";"++// ..44!.!;!;!=#<#   !!8!8"++// --BB"9"   /rNrir5rrrrrQr^rrrrlrlsX#"rrlc eZdZdZddZddZy)OpenSSLAuthHelperzIOpenSSL based public key based authentication helper for Ansible Core CI.c :|j}tj5}|jt ||j tj5}|j||j tj5}t dddd|jd|j|jgd|j}dddddddddS#1swYxYw#1swYxYw#1swYSxYw) rbopenssldgstz-sha256z-signz-outTcaptureN) r`tempfileNamedTemporaryFilewriterflushrr$read)r!rVr_private_key_file payload_filesignature_filerWs rrQzOpenSSLAuthHelper.sign_bytess 557  ( ( * @.>  " "8O#< =  " " $,,. @,""=1""$002@nFIwHXH]H]_egugzgz}I}N}N!OY]^*8*=*=*?'@  @ @#" @@  @ @ @#"s<?D$6DAC8D&D8D =DD DDcrtgddd}tgd|dd}|j||S)rg)recparamz-genkeyz-name secp384r1z-nooutTrr)rrrz-pubout)datar)rre)r!r_rds rr^z&OpenSSLAuthHelper.generate_private_keys@%&gquvwxy$%Aaefghi /rNrir5rrrrrrsS#$rr)r3r)!r __future__rr:rRrOrZrtypingtrrriorrconfigr r utilr r r rrrrABCMetarrIrKrlrrrrrs'"    G"2G*C3;;*CZ&$`3;;$`N+Z3;;+\ ckkr