9iVSrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK J r SSK J r SSKJr SSKJr SSKJr SSKr\R&"\5r"S S \ 5rg) z. This module provides a client class for KMS. N) BceBaseClient)required) bce_v1_signer)bce_http_client)handler) http_methodsc \rSrSrSrS%SjrS%SjrS&Sjr\"\ \ 4\ \ 4\ \ 4\ S9S'Sj5r \"\ S 9S(S j5r \"\ \ 4\ \ 4S 9S%S j5r\"\ \ 4\ \ 4S 9S%Sj5r\"\ \ 4\ \ 4\ \ 4S9S)Sj5r\"\ \ 4\ \ 4\ \ 4\ \ 4S9S)Sj5r\"\ \ 4\ \ 4S9S*Sj5r\"\ \ 4\ S9S%Sj5r\"\ \ 4S9S%Sj5r\"\ \ 4S9S%Sj5r\"\ \ 4\ S9S%Sj5r\"\ \ 4S9S%Sj5r\"\ \ 4S9S%Sj5r\"\ \ 4S9S+Sj5r\"\ \ 4\ \ 4\ \ 4\ \ 4S9S,S j5r\"\ \ 4\ \ 4\ \ 4\ \ 4\ \ 4\S!9S,S"j5r\"\ \ 4\ \ 4\ \ 4\ \ 4\ \ 4\S!9S,S#j5rS$rg)- KmsClient#z sdk client Nc0[R"X5 gN)r__init__)selfconfigs `/var/www/html/land-doc-ocr/venv/lib/python3.13/site-packages/baidubce/services/kms/kms_client.pyrKmsClient.__init__'st,cUc UR$[R"UR5nURU5 U$r )rcopymerge_non_none_values)rr new_configs r _merge_configKmsClient._merge_config*s7 >;; 4;;/J  , ,V 4 rc URU5nUc[RnUcSSS.n[R"U[ R [RU/XX4U5$)Ns*/*sapplication/json;charset=utf-8)sAccepts Content-Type)rr parse_jsonr send_requestrsign parse_error)r http_methodpathbodyheadersparamsr body_parsers r _send_requestKmsClient._send_request2sk##F+  !,,K ?"((IKG++FM4F4F-4-@-@+,N,7t,24 4r) protectedBykeySpecorigin rotateCyclecSn0n SU S'0n U(aXS'X*S'X:S'XJS'XZS'XjS 'UR[RU[R"U 5XS 9$) a create a master key with the specified options. :type description: string :param description: a description about the master key :type protectedBy: constants.ProtectedBy :param protectedBy: the protect level about the master key, you can choose HSM or SOFTWARE :type keySpec: constants.KeySpec :param keySpec: key specification about the master key. now you can choose the BAIDU_AES_256, AES_128, AES_256, RSA_1024, RSA_2048, RSA_4096 :type keyUsage: string :param keyUsage: default "ENCRYPT_DECRYPT" :type origin: constants.Origin :param origin: origin of the master key. you can choose BAIDU_KMS or EXTERNAL :type rotateCycle: int :param rotateCycle: rotateCycle of the master key. /s CreateKeyaction descriptionr'r(r)keyUsager*r#rr%rPOSTjsondumps) rr.r'r(r)r/r*rr r#r!s rcreate_masterKeyKmsClient.create_masterKey@s0'x  "- )]!YX#Z)]!!,"3"3T4::d;K)/"@ @r)limitcSn0nSUS'0nXS'X&S'UR[RU[R"U5XSS9$)z list your masterkey :type limit: int :param limit: the number of masterKey you want list :type marker: string :param marker: the marker keyid , kms will search from the marker, default "" r,sListKeysr-r7markerr0r1)rr7r9rr r#r!s rlist_masterKeyKmsClient.list_masterKeyfs]&x W X!!,"3"3T4::d;K)/"@ @r)keyId plaintextcSn0nSUS'0nXS'X&S'[R"U5 UR[R U[ R"U5XSS9$![a [S5ef=f)z encrypt the plaintext :type keyId: string :param keyId: indicate kms will use which masterkey to encrypt :type plaintext: string :param plaintext: the plaintext need encrypted by kms r,sEncryptr-r<r=please input base64 stringr0base64 b64decode TypeErrorr%rr2r3r4)rr<r=rr r#r!s rencryptKmsClient.encryptys%x W %[ :   Y '!!,"3"3T4::d;K)/"@ @ :89 9 : AA5)r< ciphertextcSn0nSUS'0nXS'X&S'[R"U5 UR[R U[ R"U5XSS9$![a [S5ef=f)z decrypt the ciphertext :type keyId: string :param keyId: indicate kms will use which masterkey to decrypt :type ciphertext: string :param ciphertext: the ciphertext need decrypted by kms r,sDecryptr-r<rGr?r0r@)rr<rGrr r#r!s rdecryptKmsClient.decrypts%x W '\ :   Z (!!,"3"3T4::d;K)/"@ @ :89 9 :rF)r< algorithmmessagecUS;a [S5eUS:Xa[U5S:a [S5eO8US:Xa2[R"U5n[U5S:wa [S5eS n0n S U S 'UUUUS .n U(aXJS'UR[RU[R"U 5XS9$![R [ 4a [S 5ef=f)a Sign the message using asymmetric key :type keyId: string :param keyId: indicate which masterkey to use for signing :type algorithm: string :param algorithm: signing algorithm (RSA_PKCS1_SHA_256/SM2DSA) :type message: string :param message: message to sign (Base64 encoded) :type keyVersion: string :param keyVersion: key version (optional) :type messageType: string :param messageType: message type (RAW/DIGEST, default RAW) :raises: ValueError if message length or format is invalid RAWDIGEST,messageType must be either 'RAW' or 'DIGEST'rO7Base64 encoded RAW message length must be <= 4096 bytesrP 4Digest length must be 32 bytes after base64 decodingmessage must be base64 encodedr,sSignr-)r<rKrL messageType keyVersionr0 ValueErrorlenrArBbinasciiErrorrCr%rr2r3r4) rr<rKrLrXrWrdecodedr r#r!s rrKmsClient.signs ( / /KL L % G t# !Z[[$ H $ C **73w<2%$%[\\&"x"&   !+ !!,"3"3T4::d;K)/"@ @NNI. C !ABB Cs 0B::&C )r<rK signaturerLcUS;a [S5eUS:Xa[U5S:a [S5eO8US:Xa2[R"U5n[U5S:wa [S5e[R"U5 S n 0n S U S 'UUUUUS.n U(aX[S'[R"U5 [R"U5 UR[RU [R"U 5XS9$![R [ 4a [S 5ef=f![R [ 4a [S 5ef=f![R [ 4a [S5ef=f)a  Verify the signature using asymmetric key :type keyId: string :param keyId: indicate which masterkey to use for verification :type algorithm: string :param algorithm: signing algorithm (RSA_PKCS1_SHA_256/SM2DSA) :type signature: string :param signature: signature to verify (Base64 encoded) :type message: string :param message: original message (Base64 encoded) :type keyVersion: string :param keyVersion: key version (optional) :type messageType: string :param messageType: message type (RAW/DIGEST, default RAW) rNrQrOrRrSrPrTrUrVz signature must be base64 encodedr,sVerifyr-)r<rKr`rLrWrXz,message and signature must be base64 encodedr0rY) rr<rKr`rLrXrWrr^r r#r!s rverifyKmsClient.verifys. / /KL L % 7|d" !Z[[# H $ C **73w<2%$%[\\&  A   Y '$x""&   !+  M   W %   Y '!!,"3"3T4::d;K)/"@ @9NNI. C !ABB C  * A?@ @ A& * MKL L Ms#0C?,D(,E?&D%(&E&E7)r<r(cSn0nSUS'0nXS'US:waUS:wa [S5eX'S'X7S 'UR[RU[R "U5XdS 9$) a generate a data key by master key :type keyId: string :param keyId: indicate kms will use which masterkey to generate data key :type keySpec: string :param keySpec: AES_128 or AES_256 :type numberOfBytes: int :param numberOfBytes: The length of data key r,sGenerateDataKeyr-r<AES_128AES_256z only support AES_128 and AES_256r( numberOfBytesr0rZr%rr2r3r4)rr<r(rgrr r#r!s rgenerate_dataKeyKmsClient.generate_dataKeys-x W i Gy$8?@ @!Y -_!!,"3"3T4::d;K)/"@ @r)r<r*cSn0nSUS'0nXS'X&S'UR[RU[R"U5XSS9$)z update your master key rptation :type keyId: string :type rotateCycle: int :param keyId: the keyId of masterkey will be enable :param rotateCycle: the rotatecycle of masterkey r,sEnableRotationr-r<r*r0r1)rr<r*rr r#r!s rupdaterotation_masterKey"KmsClient.updaterotation_masterKey3s^,x W )]!!,"3"3T4::d;K)/"@ @r)r<cSn0nSUS'0nXS'UR[RU[R"U5XBS9$)z` enable your master key :type keyId: string :param keyId: the keyId of masterkey will be enable r,s EnableKeyr-r<r0r1rr<rr r#r!s renable_masterKeyKmsClient.enable_masterKeyEsV'x W !!,"3"3T4::d;K)/"@ @rcSn0nSUS'0nXS'UR[RU[R"U5XBS9$)za disable your master key :type keyId: string :param keyId: the keyId of masterkey will be diable r,s DisableKeyr-r<r0r1ros rdisable_masterKeyKmsClient.disable_masterKeyTsV(x W !!,"3"3T4::d;K)/"@ @r)r<pendingWindowInDayscSn0nSUS'0nXS'US:dUS:a [S5eX&S'UR[RU[R "U5XSS 9$) z schedule delete master key :type keyId: string :param keyId: the keyId of masterkey will be deleted :type pendingWindowInDays: int :pram pendingWindowInDays: kms will wait pendingWindowInDays day then delete the key r,sScheduleKeyDeletionr-r<z-please input pendingWindowInDays >=7 and <=30rur0rh)rr<rurr r#r!s rscheduleDelete_masterKey"KmsClient.scheduleDelete_masterKeycs{1x W  #':Q'>LM M&9 "#!!,"3"3T4::d;K)/"@ @rcSn0nSUS'0nXS'UR[RU[R"U5XBS9$)zf cancel delete master key :type keyId: string :param keyId: the keyId of masterkey will cancel delete r,sCancelKeyDeletionr-r<r0r1ros rcancelDelete_masterKey KmsClient.cancelDelete_masterKeyxsV/x W !!,"3"3T4::d;K)/"@ @rcSn0nSUS'0nXS'UR[RU[R"U5XBS9$)zS descript the master key :type keyId: string :param keyId: the keyId of masterkey r,s DescribeKeyr-r<r0r1ros rdescribe_masterKeyKmsClient.describe_masterKeysV)x W !!,"3"3T4::d;K)/"@ @rcSn0nSUS'0nXS'US:wa [S5eX8S'US:wa [S 5eXHS 'US :waUS :waUS :wa [S5eX(S'UR[RU[ R "U5XuS9$)a get parameters for import :type keyId: string :param keyId: the keyId of masterkey :type wrappingAlgorithm: string :param wrappingAlgorithm: the algorithm for user encrypt local key :type wrappingKeySpec:string :param wrappingKeySpec: the pubkey spec for user encrypt local key r,sGetParametersForImportr-r<RSAES_PKCS1_V1_5zonly support RSAES_PKCS1_V1_5wrappingAlgorithmRSA_2048zonly support RSA_2048wrappingKeySpecRAW_HEXBASE64PEMz%only support RAW_HEX or BASE64 or PEMpublicKeyEncodingr0)rCrZr%rr2r3r4) rr<rrrrr r#r!s rget_parameters_for_import#KmsClient.get_parameters_for_imports4x W  2 2;< <$5 ! j (34 4"1   ).?8.KPaejPjDE E$5 !!!,"3"3T4::d;K)/"@ @r)r< importToken encryptedKeyr(cSn0nSUS'0n XS'X)S'X9S'XIS'XYS'UR[RU[R"U 5XS 9$) ao import symmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type encryptedKey: string :param encryptedKey: the symmetric key encrypted by pubkey :type keySpec: string :param keySpec: the import key spec :type keyUsage: string :param keyUsage: default "ENCRYPT_DECRYPT" r,s ImportKeyr-r<rrr(r/r0r1) rr<rrr(r/rr r#r!s rimport_symmetricMasterKey#KmsClient.import_symmetricMasterKeysu('x W )]+^!Y#Z!!,"3"3T4::d;K)/"@ @r)r<rasymmetricKeySpecasymmetricKeyUsageencryptedKeyEncryptionKey asymmetricKeyc :Sn0n SU S'0n XS'X*S'X:S'XZS'XJS'0U S 'US c [S 5eUS U S S 'US c [S 5eUS U S S 'USc [S5eUSU S S'USc [S5eUSU S S'USc [S5eUSU S S'USc [S5eUSU S S'USc [S5eUSU S S'UR[RU[R "U 5XS9$)a import asymmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type asymmetricKeySpec: string :param asymmetricKeySpec: the import key spec :type encryptedKeyEncryptionKey: string :param encryptedKeyEncryptionKey: EncryptionKey :type asymmetricKey: **args :param asymmetricKey: include publicKeyDer encryptedD encryptedP encryptedQ encryptedDp encryptedDq encryptedQinv r,ImportAsymmetricKeyr-r<rrrrencryptedRsaKey publicKeyDer%arg "publicKeyDer" should not be None encryptedDz#arg "encryptedD" should not be None encryptedPz#arg "encryptedP" should not be None encryptedQz#arg "encryptedQ" should not be None encryptedDpz$arg "encryptedDp" should not be None encryptedDqz$arg "encryptedDq" should not be None encryptedQinvz&arg "encryptedQinv" should not be Noner0rh rr<rrrrrkwargsr r#r!s rimport_asymmetricMasterKey$KmsClient.import_asymmetricMasterKeys21x W )]$5 !%7 !",E ()"$  . ! )DE E282H / ,  'BC C06|0D  - ,  'BC C06|0D  - ,  'BC C06|0D  - - (CD D17 1F  . - (CD D17 1F  . / " *EF F39/3J 0!!,"3"3T4::d;K)/"@ @rc "Sn0n SU S'0n XS'X*S'X:S'XZS'XJS'0U S 'US c [S 5eUS U S S 'US c [S 5eUS U S S 'UR[RU[R "U 5XS9$)a import asymmetric key :type keyId: string :param keyId: the keyId of masterkey :type importToken: string :param importToken: token from import parameter :type asymmetricKeySpec: string :param asymmetricKeySpec: the import key spec :type encryptedKeyEncryptionKey: string :param encryptedKeyEncryptionKey: EncryptionKey :type asymmetricKey: **args :param asymmetricKey: include publicKeyDer encryptedPrivateKey r,rr-r<rrrrencryptedSm2KeyrrencryptedPrivateKeyz,arg "encryptedPrivateKey" should not be Noner0rhrs rimport_asymmetricSM2MasterKey'KmsClient.import_asymmetricSM2MasterKeys21x W )]$5 !%7 !",E ()"$  . ! )DE E282H / ' ( 0KL L9?@U9V  56!!,"3"3T4::d;K)/"@ @rr )NNNNN)ENCRYPT_DECRYPTrN)N)NrON)N)rrN)rN)__name__ __module__ __qualname____firstlineno____doc__rrr%rbytesstrintr5r:rDrIrrbrirlrprsryr|rrrobjectrr__static_attributes__rrrr r #s-59/3 45#, eS\`ceRV#@f#@JC@@$S%LS%L9@:@,S%Lc5\:@;@,S%LS%L3,O.@P.@`S%LS%LS%L[^`eZfg?@h?@BS%L3,7@8@0S%Ls4@5@"S%L! @" @S%L! @" @S%Lc:@;@(S%L! @" @S%L! @" @S%L!TfCG@"@<S%LsEl#u`cej_klCG@m@>S%Le "El #U|'*El "NR3@ " 3@jS%Le "El #U|'*El "NR$@ " $@rr )rrr3loggingrandomstringuuidr\baidubce.bce_base_clientrbaidubce.utilsr baidubce.authr baidubce.httprrrrA getLoggerr_loggerr rrrrsV  2#')!&   H %W@ W@r