o i@sddlZddlZddlZddlmZmZddlmZmZer"ddl Z e e Z GdddZ dde d ed d fd d Zdededed dfddZdS)N) TYPE_CHECKINGAny)CACHE_CAE_SUFFIXCACHE_NON_CAE_SUFFIXc @s2eZdZdZddddedededd fd d Zd S) TokenCachePersistenceOptionsaOptions for persistent token caching. Most credentials accept an instance of this class to configure persistent token caching. The default values configure a credential to use a cache shared with Microsoft developer tools and :class:`~azure.identity.SharedTokenCacheCredential`. To isolate a credential's data from other applications, specify a `name` for the cache. By default, the cache is encrypted with the current platform's user data protection API, and will raise an error when this is not available. To configure the cache to fall back to an unencrypted file instead of raising an error, specify `allow_unencrypted_storage=True`. .. warning:: The cache contains authentication secrets. If the cache is not encrypted, protecting it is the application's responsibility. A breach of its contents will fully compromise accounts. .. admonition:: Example: .. literalinclude:: ../tests/test_persistent_cache.py :start-after: [START snippet] :end-before: [END snippet] :language: python :caption: Configuring a credential for persistent caching :dedent: 8 :keyword str name: prefix name of the cache, used to isolate its data from other applications. Defaults to the name of the cache shared by Microsoft dev tools and :class:`~azure.identity.SharedTokenCacheCredential`. Additional strings may be appended to the name for further isolation. :keyword bool allow_unencrypted_storage: whether the cache should fall back to storing its data in plain text when encryption isn't possible. False by default. Setting this to True does not disable encryption. The cache will always try to encrypt its data. Fz msal.cacheallow_unencrypted_storagenamer r kwargsreturnNcKs||_||_dS)Nr)selfr r r rW/home/app/Keep/.python/lib/python3.10/site-packages/azure/identity/_persistent_cache.py__init__2s z%TokenCachePersistenceOptions.__init__)__name__ __module__ __qualname____doc__boolstrrrrrrrrs&rFoptionsis_caer z#msal_extensions.PersistedTokenCachecCs4ddl}|rtnt}t|jd|j|d}||S)NrZ MSALCache)allow_unencrypted account_name cache_name)msal_extensionsrr_get_persistencer r ZPersistedTokenCache)rrrZ cache_suffixZ persistencerrr_load_persistent_cache8s  rrrrz+msal_extensions.persistence.BasePersistencec Csddl}tjdrdtjvrtjtjdd|}||Stjdr8tj tjdd|}| |d|Stjd rtj tjdd|}z |j ||d di|d WSt yy}zt jd |d d|sotd}||WYd}~nd}~ww||Std)aGet an msal_extensions persistence instance for the current platform. On Windows the cache is a file protected by the Data Protection API. On Linux and macOS the cache is stored by libsecret and Keychain, respectively. On those platforms the cache uses the modified timestamp of a file on disk to decide whether to reload the cache. :param bool allow_unencrypted: when True, the cache will be kept in plaintext should encryption be impossible in the current environment :param str account_name: the name of the account for which the cache is storing tokens :param str cache_name: the name of the cache :return: an msal_extensions persistence instance :rtype: ~msal_extensions.persistence.BasePersistence rNwin LOCALAPPDATAz.IdentityServicedarwin~z#Microsoft.Developer.IdentityServicelinuxZ MsalClientID)labelz=msal-extensions is unable to encrypt a persistent cache: "%s"T)exc_infoa;Cache encryption is impossible because libsecret dependencies are not installed or are unusable, for example because no display is available (as in an SSH session). The chained exception has more information. Specify "allow_unencrypted_storage=True" to store the cache unencrypted instead of raising this exception.z8A persistent cache is not available in this environment.)rsysplatform startswithosenvironpathjoinZ!FilePersistenceWithDataProtection expanduserZKeychainPersistenceZLibsecretPersistence Exception_LOGGERdebug ValueErrorZFilePersistenceNotImplementedError)rrrrZcache_location file_pathexerrorrrrrFs2      r)F)loggingr)r&typingrr _constantsrrr getLoggerrr/rrrrrrrrrs4 '