o RDi@sddlmZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl mZmZmZddlmZmZmZdd lmZmZmZmZdd lmZdd lmZeejj d Z e rfdd l!m"Z"ee#Z$dddZ%GdddZ&dS)) annotationsN) getLogger)IO TYPE_CHECKING)default_backend)Cipher algorithmsmodes) PKCS5_OFFSET PKCS5_PAD PKCS5_UNPAD)UTF8EncryptionMetadataMaterialDescriptorkilobyte)owner_rw_opener) random_string)SnowflakeFileEncryptionMaterialmatdescrreturnstrcCs(ttj|jt|jt|jdddS)z.Convert Material Descriptor to Unicode String.)queryIdsmkIdkeySize),:) separators)rjsondumpsquery_idsmk_idkey_size)rr$\/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/encryption_util.pymatdesc_to_unicodesr&c@sxeZdZed"ddZedefd#ddZededfd$ddZedefd%ddZededdfd&d d!Z dS)'SnowflakeEncryptionUtil byte_lengthintrbytescCs t|S)N)osurandom)r(r$r$r%get_secure_random*s z)SnowflakeEncryptionUtil.get_secure_random@encryption_materialrsrc IO[bytes]out chunk_sizercCs^tt}t|j}t|}|d|tt }t|}t } t t |t|| d} | } d} ||} t| dkrAnt| t dkrPt| t } d} || | q5| sj|| t tt t|| t t |t| d} | } | t|t | }t|j|j|dd}tt|dt|dt |d }|S) aReads content from src and write the encrypted content into out. This function is sensitive to current position of src and out. It does not seek to position 0 in neither stream objects before or after the encryption. Args: encryption_material: The encryption material for file. src: The input stream. out: The output stream. chunk_size: The size of read chunks (Default value = block_size * 4 * 1024 Returns: The encryption metadata. z key_size = %sbackendFTrr)r"r!r#zutf-8)keyivr)!r__name__base64standard_b64decodequery_stage_master_keylendebugr'r- block_sizerrrAESr CBC encryptorreadr writeupdatechrencoderfinalizeECBrr"r!r b64encodedecoder&)r/r0r2r3logger decoded_keyr#iv_datafile_keyr5cipherrApaddedchunkenc_kekmat_descmetadatar$r$r%encrypt_stream.sN      z&SnowflakeEncryptionUtil.encrypt_streamN in_filenamertmp_dir str | Nonetuple[EncryptionMetadata, str]c Cstt}tjd|tj|dd\}}|d|||t|d3}t |d}t ||||} Wdn1s;wYWd| |fSWd| |fS1sWwY| |fS)aEncrypts a file in a temporary directory. Args: encryption_material: The encryption material for file. in_filename: The input file's name. chunk_size: The size of read chunks (Default value = block_size * 4 * 1024). tmp_dir: Temporary directory to use, optional (Default value = None). Returns: The encryption metadata and the encrypted file's location. F#)textdirprefixz0unencrypted file: %s, temp file: %s, tmp_dir: %srbwbN) rr8tempfilemkstempr+pathbasenamer=openfdopenr'rU) r/rVr3rWrKtemp_output_fdtemp_output_fileinfileoutfilerTr$r$r% encrypt_fileqs.    z$SnowflakeEncryptionUtil.encrypt_filerTNonecCs|j}|j}t|j}t|}t|} t} tt|t | d} | } t | || } tt| t | | d} | } d}||}t|dkrm|dur[||| |}|}||}t|dksR|durt|}||d| || dS)z7To read from `src` stream then decrypt to `out` stream.r4Nr)r6r7r9r:r;rrrr?r rH decryptorr rDrGr@rBr<rCr )rTr/r0r2r3 key_base64 iv_base64rL key_bytesiv_bytesr5rOrlrNlast_decrypted_chunkrQdoffsetr$r$r%decrypt_streams4         z&SnowflakeEncryptionUtil.decrypt_streamFunsafe_file_writeboolc Cstj|dt}|rtj||}td|||r dnt}t|d1}t|d|d} t |||| |Wdn1sCwYWd|SWd|S1s[wY|S)aDecrypts a file and stores the output in the temporary directory. Args: metadata: The file's metadata input. encryption_material: The file's encryption material. in_filename: The name of the input file. chunk_size: The size of read chunks (Default value = block_size * 4 * 1024). tmp_dir: Temporary directory to use, optional (Default value = None). Returns: The decrypted file's location. rZz encrypted file: %s, tmp file: %sNr^r_)opener) r+rbrcrjoinrKr=rrdr'rt) rTr/rVr3rWrurg file_openerrhrir$r$r% decrypt_files$     z$SnowflakeEncryptionUtil.decrypt_file)r(r)rr*) r/rr0r1r2r1r3r)rr) r/rrVrr3r)rWrXrrY) rTrr/rr0r1r2r1r3r)rrk)rTrr/rrVrr3r)rWrXrurvrr) r8 __module__ __qualname__ staticmethodr-rrUrjrtrzr$r$r$r%r')s$ B"&r')rrrr)' __future__rr9rr+r`loggingrtypingrrcryptography.hazmat.backendsr&cryptography.hazmat.primitives.ciphersrrr compatr r r constantsrrrr file_utilr util_textrr)r?r>storage_clientrr8rKr&r'r$r$r$r%s&