def configure_mtls_channel(self, client_cert_callback=None): """Configures mutual TLS channel using the given client_cert_callback or application default SSL credentials. The behavior is controlled by `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable. (1) If the environment variable value is `true`, the function returns True if the channel is mutual TLS and False otherwise. The `http` provided in the constructor will be overwritten. (2) If the environment variable is not set or `false`, the function does nothing and it always return False. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): The optional callback returns the client certificate and private key bytes both in PEM format. If the callback is None, application default SSL credentials will be used. Returns: True if the channel is mutual TLS and False otherwise. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel creation failed for any reason. """ use_client_cert = os.getenv( environment_vars.GOOGLE_API_USE_CLIENT_CERTIFICATE, "false" ) if use_client_cert != "true": return False try: import OpenSSL except ImportError as caught_exc: new_exc = exceptions.MutualTLSChannelError(caught_exc) six.raise_from(new_exc, caught_exc) try: found_cert_key, cert, key = transport._mtls_helper.get_client_cert_and_key( client_cert_callback ) if found_cert_key: self.http = _make_mutual_tls_http(cert, key) else: self.http = _make_default_http() except ( exceptions.ClientCertError, ImportError, OpenSSL.crypto.Error, ) as caught_exc: new_exc = exceptions.MutualTLSChannelError(caught_exc) six.raise_from(new_exc, caught_exc) if self._has_user_provided_http: self._has_user_provided_http = False warnings.warn( "`http` provided in the constructor is overwritten", UserWarning ) return found_cert_key
def configure_mtls_channel(self, client_cert_callback=None): """Configures mutual TLS channel using the given client_cert_callback or application default SSL credentials. Returns True if the channel is mutual TLS and False otherwise. Note that the `http` provided in the constructor will be overwritten. Args: client_cert_callback (Optional[Callable[[], (bytes, bytes)]]): The optional callback returns the client certificate and private key bytes both in PEM format. If the callback is None, application default SSL credentials will be used. Returns: True if the channel is mutual TLS and False otherwise. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS channel creation failed for any reason. """ try: import OpenSSL except ImportError as caught_exc: new_exc = exceptions.MutualTLSChannelError(caught_exc) six.raise_from(new_exc, caught_exc) try: found_cert_key, cert, key = transport._mtls_helper.get_client_cert_and_key( client_cert_callback ) if found_cert_key: self.http = _make_mutual_tls_http(cert, key) else: self.http = _make_default_http() except ( ImportError, OpenSSL.crypto.Error, OSError, RuntimeError, ValueError, ) as caught_exc: new_exc = exceptions.MutualTLSChannelError(caught_exc) six.raise_from(new_exc, caught_exc) if self._has_user_provided_http: self._has_user_provided_http = False warnings.warn( "`http` provided in the constructor is overwritten", UserWarning ) return found_cert_key