o
    ˷eK*                     @   s  d dl Z d dlZd dlZd dlZd dlmZmZ d dlmZmZ d dl	Z
d dlmZ d dlmZ d dlmZ d dlmZ d dlmZ d d	lmZmZmZ d d
lmZmZ eeZdd Zdd Z dd Z!dd Z"G dd deZ#G dd dZ$G dd dZ%G dd dZ&dS )    N)datetime	timedelta)
NamedTupleOptional)tzutc)UNSIGNED)total_seconds)Config)JSONFileCache)ClientErrorInvalidConfigErrorTokenRetrievalError)CachedPropertySSOTokenLoaderc                   C   s   t t S N)r   nowr    r   r   F/var/www/ideatree/venv/lib/python3.10/site-packages/botocore/tokens.py_utc_now%   s   r   c                 C   s   t | g}t|dS )N)	providers)SSOTokenProviderTokenProviderChain)sessionr   r   r   r   create_token_resolver)   s   
r   c                 C   s   t | tr
| dS | S )Nz%Y-%m-%dT%H:%M:%SZ)
isinstancer   strftimeobjr   r   r   _serialize_utc_timestamp0   s   

r   c                 C   s   t j| tdS )N)default)jsondumpsr   r   r   r   r   _sso_json_dumps6   s   r"   c                   @   s&   e Zd ZU eed< dZee ed< dS )FrozenAuthTokentokenN
expiration)__name__
__module____qualname__str__annotations__r%   r   r   r   r   r   r   r#   :   s   
 r#   c                   @   sL   e Zd ZdZdZdZefddZdd Zdd	 Z	d
d Z
dd Zdd ZdS )DeferredRefreshableToken  iX  <   c                 C   s,   || _ || _|| _t | _d | _d | _d S r   )_time_fetcher_refresh_usingmethod	threadingLock_refresh_lock_frozen_token_next_refresh)selfr0   refresh_usingtime_fetcherr   r   r   __init__H   s   

z!DeferredRefreshableToken.__init__c                 C   s   |    | jS r   )_refreshr4   r6   r   r   r   get_frozen_tokenR   s   z)DeferredRefreshableToken.get_frozen_tokenc                 C   sN   |   }|sd S |dk}| j|r%z|   W | j  d S | j  w d S )N	mandatory)_should_refreshr3   acquire_protected_refreshrelease)r6   refresh_typeblock_for_refreshr   r   r   r:   V   s   
z!DeferredRefreshableToken._refreshc                 C   s   |   }|sd S z|  }|t| jd | _|  | _W n ty2   tj	d|dd |dkr0 Y nw | 
 r>t| jddd S )Nsecondsz5Refreshing token failed during the %s refresh period.Texc_infor=   z$Token has expired and refresh failed)provider	error_msg)r>   r.   r   _attempt_timeoutr5   r/   r4   	Exceptionloggerwarning_is_expiredr   r0   )r6   rB   r   r   r   r   r@   d   s.   
z+DeferredRefreshableToken._protected_refreshc                 C   s.   | j d u rdS | j j}t||   }|dkS )NFr   )r4   r%   r   r.   )r6   r%   	remainingr   r   r   rN      s
   
z$DeferredRefreshableToken._is_expiredc                 C   sd   | j d u rdS | j j}|d u rd S |  }|| jk rd S t|| }|| jk r)dS || jk r0dS d S )Nr=   advisory)r4   r%   r.   r5   r   _mandatory_refresh_timeout_advisory_refresh_timeout)r6   r%   r   rO   r   r   r   r>      s   



z(DeferredRefreshableToken._should_refreshN)r&   r'   r(   rR   rQ   rJ   r   r9   r<   r:   r@   rN   r>   r   r   r   r   r+   ?   s    
r+   c                   @   s   e Zd ZdddZdd ZdS )r   Nc                 C   s   |d u rg }|| _ d S r   )
_providers)r6   r   r   r   r   r9      s   
zTokenProviderChain.__init__c                 C   s(   | j D ]}| }|d ur|  S qd S r   )rS   
load_token)r6   rH   r$   r   r   r   rT      s   
zTokenProviderChain.load_tokenr   )r&   r'   r(   r9   rT   r   r   r   r   r      s    
r   c                   @   s   e Zd ZdZdZejejddddZ	ddgZ
dZd	efd
dZdd Zedd Zedd Zdd Zdd Zdd Zdd Zd	S )r   ssor,   ~z.awscachesso_start_url
sso_regionrefresh_tokenNc                 C   s:   || _ |d u rt| jtd}|| _|| _t| jd| _d S )N)
dumps_func)rW   )_sessionr
   _SSO_TOKEN_CACHE_DIRr"   _now_cacher   _token_loader)r6   r   rW   r8   r   r   r   r9      s   zSSOTokenProvider.__init__c                 C   s   | j j}|di }|di }| j d}|sd}||i }d|vr&d S |d }||d }|s@d| d| d}t|d	g }	| jD ]}
|
|vrP|	|
 qE|	rad| d
|	 d}t|d	||d |d dS )Nprofilessso_sessionsprofiler   sso_sessionzThe profile "z7" is configured to use the SSO token provider but the "z+" sso_session configuration does not exist.)rI   zZ" is configured to use the SSO token provider but is missing the following configuration: .rY   rX   )session_namerY   rX   )r\   full_configgetget_config_variabler   _SSO_CONFIG_VARSappend)r6   loaded_configra   rb   profile_nameprofile_configsso_session_name
sso_configrI   missing_configsvarr   r   r   _load_sso_config   s@   



z!SSOTokenProvider._load_sso_configc                 C   s   |   S r   )rs   r;   r   r   r   _sso_config   s   zSSOTokenProvider._sso_configc                 C   s"   t | jd td}| jjd|dS )NrY   )region_namesignature_versionzsso-oidc)config)r	   rt   r   r\   create_client)r6   rw   r   r   r   _client   s
   zSSOTokenProvider._clientc                 C   s   | j j| j|d |d |d d}t|d d}| jd | jd |d	 |  | |d |d |d
 d}d|v r>|d |d< td |S )NclientIdclientSecretrefreshToken)	grantTyperz   r{   r|   	expiresInrD   rX   rY   accessTokenregistrationExpiresAt)startUrlregionr   	expiresAtrz   r{   r   zSSO Token refresh succeeded)ry   create_token_GRANT_TYPEr   rt   r^   rL   info)r6   r$   response
expires_in	new_tokenr   r   r   _attempt_create_token   s&   


z&SSOTokenProvider._attempt_create_tokenc                    s   d} fdd|D }|rd| }t | d S tj d }t||   dkr5t d|  d S z|  W S  tyL   t j	dd	d
 Y d S w )N)r|   rz   r{   r   c                    s   g | ]}| vr|qS r   r   ).0kr$   r   r   
<listcomp>  s    z:SSOTokenProvider._refresh_access_token.<locals>.<listcomp>z+Unable to refresh SSO token: missing keys: r   r   z"SSO token registration expired at z SSO token refresh attempt failedTrF   )
rL   r   dateutilparserparser   r^   r   r   rM   )r6   r$   keysmissing_keysmsgexpiryr   r   r   _refresh_access_token  s    

z&SSOTokenProvider._refresh_access_tokenc                 C   s   | j d }| j d }td|  | j||d}tj|d }td|  t|| 	  }|| j
k rN| |}|d urN|}|d }| jj|||d t|d |dS )	NrX   rf   zLoading cached SSO token for )rf   r   zCached SSO token expires at r   )r%   )rt   rL   r   r`   r   r   r   debugr   r^   _REFRESH_WINDOWr   
save_tokenr#   )r6   	start_urlrf   
token_dictr%   rO   new_token_dictr   r   r   
_refresher*  s$   



zSSOTokenProvider._refresherc                 C   s"   | j d u rd S t| j| j| jdS )N)r8   )rt   r+   METHODr   r^   r;   r   r   r   rT   @  s
   
zSSOTokenProvider.load_token)r&   r'   r(   r   r   ospath
expanduserjoinr]   rj   r   r   r9   rs   r   rt   ry   r   r   r   rT   r   r   r   r   r      s(    *

r   )'r    loggingr   r1   r   r   typingr   r   dateutil.parserr   dateutil.tzr   botocorer   botocore.compatr   botocore.configr	   botocore.credentialsr
   botocore.exceptionsr   r   r   botocore.utilsr   r   	getLoggerr&   rL   r   r   r   r"   r#   r+   r   r   r   r   r   r   <module>   s.   
a