ɯeiP>NddlmZddlZddlZddlZddlZddlZddlZddlZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZdd lmZmZmZdd lmZmZdd lmZmZej>e Z!ed Z"Gd deZ#Gdde$Z%e GddZ&d,dZ'Gdde Z(Gdde$Z)Gdde)Z*Gdde)Z+Gdde)Z,Gdde)Z-Gd d!e)Z.Gd"d#e)Z/Gd$d%e)Z0Gd&d'e(Z1Gd(d)e(Z2Gd*d+e(Z3y)-) annotationsN)ABCabstractmethod) dataclass)Enum)Path)AnyTypeVar)IS_LINUXIS_MACOS IS_WINDOWS)FileLock FileLockError)installed_keyringkeyringTc eZdZdZdZdZdZdZy) TokenTypeajTypes of credentials that can be cached to avoid repeated authentication. - ID_TOKEN: SSO identity token from external browser/Okta authentication - MFA_TOKEN: Multi-factor authentication token to skip MFA prompts - OAUTH_ACCESS_TOKEN: Short-lived OAuth access token - OAUTH_REFRESH_TOKEN: Long-lived OAuth token to obtain new access tokens ID_TOKEN MFA_TOKENOAUTH_ACCESS_TOKENOAUTH_REFRESH_TOKENN)__name__ __module__ __qualname____doc__rrrra/var/www/html/glpi_dashboard/venv/lib/python3.12/site-packages/snowflake/connector/token_cache.pyrrsHI-/rrc eZdZy)_InvalidTokenKeyErrorNrrrrrr r"r"'rr"c<eZdZUded<ded<ded<d dZd dZy) TokenKeystruserhostr tokenTypec*t|jdk(r tdt|jdk(r td|jj d|jj d|j j S)NrzInvalid key, host is emptyzInvalid key, user is empty:)lenr)r"r(upperr*valueselfs r string_keyzTokenKey.string_key1st tyy>Q '(DE E tyy>Q '(DE E))//#$Adiioo&7%8$..:N:N9OPPrctj}|j|jj d|j S)Nutf-8)encoding)hashlibsha256updater2encode hexdigest)r1ms r hash_keyzTokenKey.hash_key8s; NN  "))7);<{{}rN)returnr')rrr__annotations__r2r<rrr r&r&+s I IQrr&cjtj|td|ztjy)Nz Warning: )file)loggerwarningprintsysstderr)rBs r _warnrF>s! NN7 + cjj1rcZeZdZdZedddZed dZed dZed dZ y) TokenCacheaSecure storage for authentication credentials to avoid repeated login prompts. Platform-specific implementations: - macOS/Windows: Uses OS keyring (Keychain/Credential Manager) via 'keyring' library - Linux: Uses encrypted JSON file in ~/.cache/snowflake/ with 0o600 permissions - Fallback: NoopTokenCache (no caching) if secure storage unavailable Tokens are keyed by (host, user, token_type) to support multiple accounts. ctstr%tstdt St St r.tj|}|r|Stdt Sy)Na.Dependency 'keyring' is not installed, cannot cache id token. You might experience multiple authentication pop ups while using ExternalBrowser/OAuth/MFA Authenticator. To avoid this please install keyring module using the following command: pip install snowflake-connector-python[secure-local-storage]zFailed to initialize file based token cache. You might experience multiple authentication pop ups while using ExternalBrowser/OAuth/MFA Authenticator.) r rrrFNoopTokenCacheKeyringTokenCacher FileTokenCachemake)skip_file_permissions_checkcaches r rMzTokenCache.makeNsf z$T &''$& & "''(CDE k&'' rcyNrr1keytokens r storezTokenCache.storef rcyrQrr1rSs r retrievezTokenCache.retrievejrVrcyrQrrXs r removezTokenCache.removenrVrNF)rNboolr=rHrSr&rTr'r=NonerSr&r=z str | NonerSr&r=r_) rrrr staticmethodrMrrUrYr[rrr rHrHCsW((.      rrHc eZdZy)_FileTokenCacheErrorNr#rrr rdrdsr$rrdc eZdZy)_OwnershipErrorNr#rrr rfrfwr$rrfc eZdZy)_PermissionsTooWideErrorNr#rrr rhrh{r$rrhc eZdZy)_CacheDirNotFoundErrorNr#rrr rjrjr$rrjc eZdZy)_InvalidCacheDirErrorNr#rrr rlrlr$rrlc eZdZy)_MalformedCacheFileErrorNr#rrr rnrnr$rrnc eZdZy)_CacheFileReadErrorNr#rrr rprpr$rrpc eZdZy)_CacheFileWriteErrorNr#rrr rrrrr$rrrceZdZdZedddZ d ddZddZddZddZ ddZ ddZ dd Z dd Z eddd Ze d dd Zdd Zy)rLaLinux implementation: stores tokens in JSON file with strict security. Cache location (in priority order): 1. $SF_TEMPORARY_CREDENTIAL_CACHE_DIR/credential_cache_v1.json 2. $XDG_CACHE_HOME/snowflake/credential_cache_v1.json 3. $HOME/.cache/snowflake/credential_cache_v1.json Security: File must have 0o600 permissions and be owned by current user. Uses file locks to prevent concurrent access corruption. ctj|}|)tjtj dyt||S)NzfFailed to find suitable cache directory for token cache. File based token cache initialization failed.)rN)rLfind_cache_dirlogging getLoggerrdebug)rN cache_dirs r rMzFileTokenCache.makesM"112MN     h ' - -x !7R rc\tjt|_||_||_yrQ)rvrwrrAry_skip_file_permissions_check)r1ryrNs r __init__zFileTokenCache.__init__s%''1 (,G)rcH tj|j|jt |j 5|j }||d|j<|j|dddy#1swYyxYw#t$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wwxYw)NtokenszFailed to store token: e=Unable to lock file lock: e=Failed to produce token key e=)rLvalidate_cache_dirryr{r lock_file_read_cache_filer<_write_cache_filerdrAerrorrr")r1rSrTrOes r rUzFileTokenCache.stores C  - - A A $..*+ .--/27h /&&u- . . .$ > KK   :t< = = A KK   =1$? @ @$ C KK   ?QDA B B CsNAB8B=BB BB D!B>> D! C-- D!9DD!cx tj|j|jt |j 5|j }|dj|jd}t|tr |cdddS dddy#1swYyxYw#t$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wwxYw)Nr~zFailed to retrieve token: e=rr)rLrryr{rrrgetr< isinstancer'rdrArrr")r1rSrOrTrs r rYzFileTokenCache.retrieves    - - A A $..*+ --/h++CLLNDAeS)       $  KK   =1$? @  KK   =1$? @$  KK   ?QDA B s[AB*AB B*BB*B'#B*'B** D93C D9"D D9D44D9cb tj|j|jt |j 5|j }|dj|jd|j|dddy#1swYyxYw#t$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wt$r(}|jjd|Yd}~yd}~wwxYw)Nr~zFailed to remove token: e=rr)rLrryr{rrrpopr<rrdrArrr")r1rSrOrs r r[zFileTokenCache.removes C  - - A A $..*+ .--/h##CLLND9&&u- . . .$ ? KK   ;= > > A KK   =1$? @ @$ C KK   ?QDA B B CsOABAB BBBB D.(C  D.C:: D.D))D.c |jdz S)Nzcredential_cache_v1.jsonryr0s r cache_filezFileTokenCache.cache_files~~ :::rc |jdz S)Nzcredential_cache_v1.json.lckrr0s r rzFileTokenCache.lock_files~~ >>>rcd}dii} tj|jtj}|js|j |dtj |dtj}tj |dtjtj||}tjtj|d}|dkDrtj0| d|vst3|dt4si|d<|S#t$r/|jj!|jdYptj"j$$rM}|jj'd|jd|j(j*Yd}~d}~wt,$rN}|jj'd |jd|j(j*Yd}~)d}~wt.$r:}|jj'd |jd|Yd}~jd}~wwxYw#|dkDrtj0|wwxYw) Nr~rr4z not foundz+Failed to decode json read from cache file z: z,Failed to decode utf-8 read from cache file zFailed to read cache file )osopenrO_RDONLYr{_ensure_permissionslseekSEEK_ENDSEEK_SETreadjsonloadscodecsdecodeFileNotFoundErrorrArxdecoderJSONDecodeErrorrB __class__r UnicodeErrorOSErrorcloserdict)r1fd json_datasizedatars r rzFileTokenCache._read_cache_files rN  *BKK8B44((U388B2;;/D HHRBKK (772t$D 6==w#?@IAv 9 $Jy7JD,Q"$Ih '! @ KK  !2 3:> ?||++  KK  =doo>O=PPRSTS^S^SgSgRhi    KK  >t?P>QQSTUT_T_ThThSij   W KK  ".lookup_env_dir"sZii(G +G94deW I#$q( '')LLI//fg  '')LLI//jk /4?G )G 3IOOTO>?&(8(<< E: 11:! ' z/FileTokenCache.find_cache_dir..LsN#FKrcddgS)NXDG_CACHE_HOME snowflakerrsr rz/FileTokenCache.find_cache_dir..MsN#3k]CrcdddgS)NHOMEz.cacherrrsr rz/FileTokenCache.find_cache_dir..NsN6Hk+BCr)rr'rz list[str]r= Path | Noner)rNlookup_functionslfryrs` @r ruzFileTokenCache.find_cache_dir sC' T L C C  # !BI   ! rc |j}| tdtj|jst d|d|sytj |j}|dk7rt d|d|ddtj}|j|k7rtd|d|d |jyy#t$rtd|d wxYw) NzCache dir was not foundz Cache dir z is not a directoryr has incorrect permissions. oz != 0700 has incorrect owner.  != z was not found. Failed to stat.) statrjS_ISDIRst_moderlS_IMODErhrgeteuidst_uidrfr)ryrNstatinfo permissionseuids r rz!FileTokenCache.validate_cache_dirXs   ~~'H ,-FGG<< 0 01+j CV,WXX."ll8+;+;< %'2$YK/KKXY?Zbczz|??d*)$YK/EdV4PXP_P_O`a+/! (YK'FG  s CC C"c | tj|}tj|j}||k7r$t d|j d|dd|dtj}|j|k7r,td|j d|d|jy#t$rYywxYw)Nz Cache file rrrr) rfstatrrrrhrrrrfr)r1rrractual_permissionsrs r rz"FileTokenCache._ensure_permissionsws xx|H!%h.>.>!? ![0.!$//"3!44PQ\]^P__cdvwxcyz::C)AB(( C)4+C$$C)cZ tj|j|jj y#t $r5}|j jd|jd|Yd}~yd}~wt$r&}|j jd|Yd}~yd}~wwxYw)Nrrz4Failed to delete credential in the keyring: err=[%s]) rdelete_passwordr2r(r.r"rArr* Exception)r1rSrexs r r[zKeyringTokenCache.removes   # #    % X KK   3CMM?BTRSQUV W W   KK  F    s!rs%"   #!22./   8 $ CL 0 0 I   $2 - - ` 9  *  3  1  0  3  .  / uZup3 3 lZr